diff --git a/Dockerfile b/Dockerfile
index 5041ac0ab6b..9ad06a5e63f 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -63,6 +63,11 @@ RUN (set -x; cd "$(mktemp -d)" && \
tar zxvf "${KREW}.tar.gz" && \
./"${KREW}" install krew)
+# Create local user ubuntu
+ARG USER_ID=1000
+ARG GROUP_ID=1000
+RUN groupadd -g ${GROUP_ID} ubuntu \
+ && useradd -m -u ${USER_ID} -g ubuntu -s /bin/bash ubuntu
# Copy the provisional script to build container
COPY ./run.sh /home
COPY ./reset.sh /home
@@ -70,7 +75,7 @@ RUN chmod 755 /home/run.sh
RUN chmod 755 /home/reset.sh
ENV JAVA_HOME=/home/jdk-14
-ENV PATH=~/.krew/bin:/home/jdk-14/bin:/root/bin:/root/.local/bin/:$PATH
+ENV PATH=~/.krew/bin:/home/jdk-14/bin:/root/bin:/root/.local/bin/:/home/ubuntu/bin:$PATH
# The mounted repo should contain a build folder with the following files
# 1) K8s config file as config
@@ -79,4 +84,5 @@ ENV PATH=~/.krew/bin:/home/jdk-14/bin:/root/bin:/root/.local/bin/:$PATH
#path to mount the repo
VOLUME /home/bevel/
+USER ubuntu
CMD ["/home/run.sh"]
diff --git a/Dockerfile.jdk8 b/Dockerfile.jdk8
index 0520a4797de..3ab367872d4 100644
--- a/Dockerfile.jdk8
+++ b/Dockerfile.jdk8
@@ -46,12 +46,17 @@ RUN curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.27.0/b
RUN chmod +x ./kubectl
RUN mv ./kubectl /usr/local/bin
+# Create local user ubuntu
+ARG USER_ID=1000
+ARG GROUP_ID=1000
+RUN groupadd -g ${GROUP_ID} ubuntu \
+ && useradd -m -u ${USER_ID} -g ubuntu -s /bin/bash ubuntu
# Copy the provisional script to build container
COPY ./run.sh /home
COPY ./reset.sh /home
RUN chmod 755 /home/run.sh
RUN chmod 755 /home/reset.sh
-ENV PATH=/root/bin:/root/.local/bin/:$PATH
+ENV PATH=/root/bin:/root/.local/bin/:/home/ubuntu/bin:$PATH
# The mounted repo should contain a build folder with the following files
# 1) K8s config file as config
@@ -60,4 +65,5 @@ ENV PATH=/root/bin:/root/.local/bin/:$PATH
#path to mount the repo
VOLUME /home/bevel/
+USER ubuntu
CMD ["/home/run.sh"]
diff --git a/README.md b/README.md
index dbaaf8faaf9..3efc0b109bf 100644
--- a/README.md
+++ b/README.md
@@ -120,10 +120,16 @@ Please review [contributing](./CONTRIBUTING.md) guidelines to get started.
If you are not using the provided Jenkins automation scripts, you can run the provisioning scripts within a docker runtime independent of your target Kubernetes cluster.
```
# Build provisioning image
-docker build . -t ghcr.io/hyperledger/bevel-build
+docker build . -t ghcr.io/hyperledger/bevel-build:latest
# Run the provisioning scripts
-docker run -it -v $(pwd):/home/bevel/ ghcr.io/hyperledger/bevel-build
+docker run -it -v $(pwd):/home/bevel/ --user ubuntu ghcr.io/hyperledger/bevel-build:latest
+
+# If you want to run a long running container
+docker run --name bevel-build -d -v "$(pwd)":/home/bevel/ --user ubuntu bevel-build:latest tail -f /dev/null
+docker exec -it bevel-build bash
+cd bevel
+# And then run the ansible scripts from /home/bevel
```
## Initial Committers
diff --git a/docs/source/concepts/sequence-diagram.md b/docs/source/concepts/sequence-diagram.md
index a17745aa9ca..0fb3e4938e2 100644
--- a/docs/source/concepts/sequence-diagram.md
+++ b/docs/source/concepts/sequence-diagram.md
@@ -1,6 +1,6 @@
# Bevel Sequence Diagram
-When using Ansible automation in Bevel, it is important to understand the sequence and flow as this will determine how you configure your networking.
+When using Ansible automation in Bevel, it is important to understand the sequence and flow as this will determine how you confgure your networking.
!!! tip
diff --git a/docs/source/guides/fabric/add-new-channel.md b/docs/source/guides/fabric/add-new-channel.md
index 05eb0ec7141..8f8832c5b67 100644
--- a/docs/source/guides/fabric/add-new-channel.md
+++ b/docs/source/guides/fabric/add-new-channel.md
@@ -74,7 +74,7 @@ This guide explains how to add a new channel in a Hyperledger Fabric network usi
Execute the following command to run the `add-new-channel.yaml` playbook:
```
- ansible-playbook platforms/hyperledger-fabric/configuration/add-new-channel.yaml --extra-vars "@path-to-network.yaml" -e genererate_configtx=true
+ ansible-playbook platforms/hyperledger-fabric/configuration/add-new-channel.yaml --extra-vars "@path-to-network.yaml" -e generate_configtx=true
```
Replace `path-to-network.yaml` with the actual path to your updated `network.yaml` file.
diff --git a/docs/source/guides/fabric/external-chaincode-operations.md b/docs/source/guides/fabric/external-chaincode-operations.md
index 67c90a1042c..0fe9459d084 100644
--- a/docs/source/guides/fabric/external-chaincode-operations.md
+++ b/docs/source/guides/fabric/external-chaincode-operations.md
@@ -20,7 +20,7 @@ Once a Hyperledger Fabric network is up using Bevel, Bevel users might want to d
- `CHAINCODE_TLS_DISABLED`: Boolean flag for if TLS is disabled
- `CHAINCODE_TLS_KEY`: If TLS is enabled, path to the Client key
- `CHAINCODE_TLS_CERT`: If TLS is enabled, path to the Client certificate
- - `CHAINCODE_CLIENT_CA_CERT`: If TLS is enabled, path to the Root CA certificate
+ - `CHAINCODE_CLIENT_CA_CERT`: If TLS is enabled, path to the Root CA cetificate
A sample chaincode server snippet in GOLANG is below, details can be found [here](https://github.com/hyperledger/fabric-samples/blob/main/asset-transfer-basic/chaincode-external/assetTransfer.go):
```go
diff --git a/platforms/hyperledger-fabric/charts/fabric-ca-server/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-ca-server/Chart.yaml
index 9c53ad9c83a..4f57c01b48d 100644
--- a/platforms/hyperledger-fabric/charts/fabric-ca-server/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-ca-server/Chart.yaml
@@ -7,7 +7,7 @@
apiVersion: v1
name: fabric-ca-server
description: "Hyperledger Fabric: Deploys Fabric CA server"
-version: 1.1.0
+version: 1.3.1
appVersion: latest
keywords:
- bevel
@@ -20,8 +20,8 @@ keywords:
- accenture
home: https://hyperledger-bevel.readthedocs.io/en/latest/
sources:
- - https://github.com/hyperledger/bevel
+ - https://github.com/hyperledger-bevel/bevel
maintainers:
- name: Hyperledger Bevel maintainers
- email: bevel@lists.hyperledger.org
+ email: bevel@lists.lfdecentralizedtrust.org
diff --git a/platforms/hyperledger-fabric/charts/fabric-ca-server/requirements.yaml b/platforms/hyperledger-fabric/charts/fabric-ca-server/requirements.yaml
index a5b2e417d4d..cea4925822c 100644
--- a/platforms/hyperledger-fabric/charts/fabric-ca-server/requirements.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-ca-server/requirements.yaml
@@ -14,4 +14,5 @@ dependencies:
repository: "file://../../../shared/charts/bevel-storageclass"
tags:
- storage
- version: ~1.0.0
+ version: ~1.3.1
+ condition: storage.enabled
diff --git a/platforms/hyperledger-fabric/charts/fabric-ca-server/templates/statefulset.yaml b/platforms/hyperledger-fabric/charts/fabric-ca-server/templates/statefulset.yaml
index 6a507e85596..291ae5902cc 100644
--- a/platforms/hyperledger-fabric/charts/fabric-ca-server/templates/statefulset.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-ca-server/templates/statefulset.yaml
@@ -286,7 +286,7 @@ spec:
{{- include "labels.pvc" . | nindent 8 }}
spec:
accessModes: ["ReadWriteOnce"]
- storageClassName: storage-{{ .Release.Name }}
+ storageClassName: {{ .Values.storage.nameOverride }}
resources:
requests:
storage: "{{ .Values.storage.size }}"
diff --git a/platforms/hyperledger-fabric/charts/fabric-ca-server/values.yaml b/platforms/hyperledger-fabric/charts/fabric-ca-server/values.yaml
index ade6983421f..b98f73ce9ca 100644
--- a/platforms/hyperledger-fabric/charts/fabric-ca-server/values.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-ca-server/values.yaml
@@ -48,6 +48,11 @@ global:
externalUrlSuffix: test.blockchaincloudpoc.com
storage:
+ #Flag to create new storage class for organization. Set to false for existing storage class.
+ #Eg. enabled: true
+ enabled: true
+ # Name override for storageclass
+ nameOverride: aws-storageclass
#Provide the size for CA
#Eg. size: 512Mi
size: 512Mi
diff --git a/platforms/hyperledger-fabric/charts/fabric-cacti-connector/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-cacti-connector/Chart.yaml
index c1c546f8e35..b0c5325c9db 100644
--- a/platforms/hyperledger-fabric/charts/fabric-cacti-connector/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-cacti-connector/Chart.yaml
@@ -7,6 +7,6 @@ apiVersion: v2
name: fabric-cacti-connector
description: "Hyperledger Fabric: Deploys Cactus Fabric Connector."
type: application
-version: 1.0.0
+version: 1.3.1
# For Cactus release 1.1.3
appVersion: "1.1.3"
diff --git a/platforms/hyperledger-fabric/charts/fabric-cacti-connector/README.md b/platforms/hyperledger-fabric/charts/fabric-cacti-connector/README.md
index 393dbbd371c..3f614323348 100644
--- a/platforms/hyperledger-fabric/charts/fabric-cacti-connector/README.md
+++ b/platforms/hyperledger-fabric/charts/fabric-cacti-connector/README.md
@@ -21,7 +21,7 @@
## Fabric Connector Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric_connector) for Cactus Fabric Connector.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric_connector) for Cactus Fabric Connector.
@@ -68,7 +68,7 @@ fabric_connector/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric_connector/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric_connector/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
### Metadata
@@ -160,7 +160,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the fabric_connector Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric_connector/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric_connector/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -186,7 +186,7 @@ Replace `` with the actual namespace where the deployment was created
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric_connector/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric_connector/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./fabric_connector
```
@@ -207,7 +207,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [Fabric Connector Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric_connector), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [Fabric Connector Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric_connector), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
diff --git a/platforms/hyperledger-fabric/charts/fabric-catools/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-catools/Chart.yaml
index 8a692565134..982eb5025e5 100644
--- a/platforms/hyperledger-fabric/charts/fabric-catools/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-catools/Chart.yaml
@@ -7,7 +7,7 @@
apiVersion: v1
name: fabric-catools
description: "Hyperledger Fabric: Generates Fabric Certificates and Keys"
-version: 1.1.0
+version: 1.3.1
appVersion: latest
keywords:
- bevel
@@ -20,7 +20,7 @@ keywords:
- accenture
home: https://hyperledger-bevel.readthedocs.io/en/latest/
sources:
- - https://github.com/hyperledger/bevel
+ - https://github.com/hyperledger-bevel/bevel
maintainers:
- name: Hyperledger Bevel maintainers
- email: bevel@lists.hyperledger.org
+ email: bevel@lists.lfdecentralizedtrust.org
diff --git a/platforms/hyperledger-fabric/charts/fabric-catools/templates/job-cleanup.yaml b/platforms/hyperledger-fabric/charts/fabric-catools/templates/job-cleanup.yaml
index 4689847725b..1a758e2033f 100644
--- a/platforms/hyperledger-fabric/charts/fabric-catools/templates/job-cleanup.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-catools/templates/job-cleanup.yaml
@@ -33,7 +33,7 @@ spec:
app.kubernetes.io/release: {{ .Release.Name }}
app.kubernetes.io/managed-by: helm
spec:
- serviceAccountName: {{ .Values.global.serviceAccountName }}
+ serviceAccountName: {{ .Values.global.serviceAccountName }}
restartPolicy: "Never"
{{- if .Values.image.pullSecret }}
imagePullSecrets:
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/Chart.yaml
index b0af93069df..b4a0a145014 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
appVersion: "2.0"
description: "Hyperledger Fabric: Approves the chaincode."
name: fabric-chaincode-approve
-version: 1.0.0
+version: 1.3.1
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/README.md b/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/README.md
index d48d5894e16..cb1e03816c0 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/README.md
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/README.md
@@ -21,7 +21,7 @@
## Approve Chaincode Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-approve) to approve the chaincode.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-approve) to approve the chaincode.
## Prerequisites
@@ -62,7 +62,7 @@ fabric-chaincode-approve/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
## Parameters
---
@@ -119,7 +119,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
| endorsementpolicies | Endorsement policies for the chaincode | "" |
| repository.hostname | Hostname of the chaincode repository | github.com |
| repository.git_username | Git username for the chaincode repository | user |
-| repository.url | URL of the chaincode repository | github.com/hyperledger/bevel-samples.git |
+| repository.url | URL of the chaincode repository | github.com/hyperledger-bevel/bevel-samples.git |
| repository.branch | Branch of the chaincode repository | main |
| repository.path | Path to the chaincode within the repository | . |
| repository.collectionsconfig | Collections configuration for the chaincode | "" |
@@ -139,7 +139,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the fabric-chaincode-approve Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -165,7 +165,7 @@ Replace `` with the actual namespace where the Job was created. This
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./fabric-chaincode-approve
```
@@ -185,7 +185,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [Approve Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-approve), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [Approve Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-approve), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
## License
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml
index 82b676ba095..40f2413f5d6 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml
@@ -102,7 +102,7 @@ chaincode:
# Git username for the chaincode repository
git_username: "user"
# URL of the chaincode repository
- url: "github.com/hyperledger/bevel-samples.git"
+ url: "github.com/hyperledger-bevel/bevel-samples.git"
# Branch of the chaincode repository
branch: "main"
# Path to the chaincode within the repository
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/Chart.yaml
index 9e797b03549..8fb14aeecb2 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
appVersion: "2.0"
description: "Hyperledger Fabric: Commits a chaincode to a channel."
name: fabric-chaincode-commit
-version: 1.0.0
+version: 1.3.1
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/README.md b/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/README.md
index b75d70d3b28..37dcf352c0b 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/README.md
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/README.md
@@ -21,7 +21,7 @@
## Commit Chaincode Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-commit) commits a chaincode to a channel.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-commit) commits a chaincode to a channel.
@@ -63,7 +63,7 @@ fabric-chaincode-commit/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
### Metadata
@@ -118,7 +118,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
| endorsementpolicies | Endorsement policies for the chaincode | "" |
| repository.hostname | Git repository hostname | github.com |
| repository.git_username | Git repository username | user |
-| repository.url | Git repository URL | github.com/hyperledger/bevel-samples.git |
+| repository.url | Git repository URL | github.com/hyperledger-bevel/bevel-samples.git |
| repository.branch | Git repository branch | main |
| repository.path | Path to the chaincode in the repository | . |
| repository.collectionsconfig | Collections configuration for the chaincode | "" |
@@ -147,7 +147,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the fabric-chaincode-commit Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -173,7 +173,7 @@ Replace `` with the actual namespace where the Job was created. This
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./fabric-chaincode-commit
```
@@ -194,7 +194,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [Commit Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-commit), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [Commit Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-commit), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/values.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/values.yaml
index 4ca3594834d..1f0f2f1cb90 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/values.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-commit/values.yaml
@@ -103,7 +103,7 @@ chaincode:
repository:
hostname: "github.com"
git_username: "user"
- url: "github.com/hyperledger/bevel-samples.git"
+ url: "github.com/hyperledger-bevel/bevel-samples.git"
branch: "main"
path: "."
collectionsconfig: ""
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-install/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-install/Chart.yaml
index 0ac7ec3adba..3c33c26daae 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-install/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-install/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
appVersion: "2.0"
description: "Hyperledger Fabric: Installs chaincode on a peer."
name: fabric-chaincode-install
-version: 1.0.0
+version: 1.3.1
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-install/README.md b/platforms/hyperledger-fabric/charts/fabric-chaincode-install/README.md
index b70dced7150..0ca440c3a1b 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-install/README.md
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-install/README.md
@@ -21,7 +21,7 @@
## Install Chaincode Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-install) for chaincode installation on a peer.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-install) for chaincode installation on a peer.
@@ -61,7 +61,7 @@ fabric-chaincode-install/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-install/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-install/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
### Metadata
@@ -114,7 +114,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
| language | Language of the chaincode | golang |
| maindirectory | Path to the main.go package if different from chaincode directory | cmd |
| repository.hostname | Chaincode remote Git repository hostname | github.com |
-| repository.URL | Chaincode remote Git repository URL | github.com/hyperledger/bevel-samples.git |
+| repository.URL | Chaincode remote Git repository URL | github.com/hyperledger-bevel/bevel-samples.git |
| repository.branch | Chaincode remote Git repository branch to be cloned for chaincode | main |
| repository.path | Git repository path containing chaincodes | "." |
| repository.git_username | Username for the Git repository | user |
@@ -126,7 +126,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the fabric-chaincode-install Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-install/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-install/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -152,7 +152,7 @@ Replace `` with the actual namespace where the Job was created. This
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-install/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-install/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./fabric-chaincode-install
```
@@ -173,7 +173,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [Install Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-install), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [Install Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-install), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-install/values.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-install/values.yaml
index 6356b9eec88..a886d52682d 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-install/values.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-install/values.yaml
@@ -104,7 +104,7 @@ chaincode:
hostname: "github.com"
#Provide the chaincode remote git repository URL
#Eg. url: ssh://git@innersource.accenture.com/dlta/dlt-ansible.git
- url: "github.com/hyperledger/bevel-samples.git"
+ url: "github.com/hyperledger-bevel/bevel-samples.git"
#Provide the chaincode remote git repo branch to be cloned for chaincode
#Eg. branch: develop
branch: main
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/Chart.yaml
index 3274fe1c5fd..4f2b56b6fde 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
appVersion: "2.0"
description: "Hyperledger Fabric: Instantiates chaincode on a peer."
name: fabric-chaincode-instantiate
-version: 1.0.0
+version: 1.3.1
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/README.md b/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/README.md
index f9ab2c03ea8..bf91f11d1f5 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/README.md
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/README.md
@@ -21,7 +21,7 @@
## Instantiate Chaincode Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate) for chaincode instantiation on a peer.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate) for chaincode instantiation on a peer.
@@ -61,7 +61,7 @@ fabric-chaincode-instantiate/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
### Metadata
@@ -127,7 +127,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the fabric-chaincode-instantiate Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -153,7 +153,7 @@ Replace `` with the actual namespace where the Job was created. This
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./fabric-chaincode-instantiate
```
@@ -174,7 +174,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [Instantiate Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [Instantiate Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-instantiate), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/Chart.yaml
index 73e6bfd0cd2..d4f6fff00b8 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
appVersion: "2.0"
description: "Hyperledger Fabric: Invokes chaincode on a peer."
name: fabric-chaincode-invoke
-version: 1.0.0
+version: 1.3.1
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/README.md b/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/README.md
index f0d8b4b0c87..1a2093b4e1f 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/README.md
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/README.md
@@ -21,7 +21,7 @@
## Invoke Chaincode Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke) for chaincode invocation on a peer.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke) for chaincode invocation on a peer.
@@ -61,7 +61,7 @@ fabric-chaincode-invoke/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
### Metadata
@@ -130,7 +130,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the fabric-chaincode-invoke Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -156,7 +156,7 @@ Replace `` with the actual namespace where the Job was created. This
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./fabric-chaincode-invoke
```
@@ -177,7 +177,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [Invoke Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [Invoke Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-invoke), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/Chart.yaml
new file mode 100644
index 00000000000..37cefdf4a2d
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/Chart.yaml
@@ -0,0 +1,25 @@
+##############################################################################################
+# Copyright Sownak Roy. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+apiVersion: v1
+description: "A Helm chart for Hyperledger Fabric chaincode lifecycle operations (approve, commit, invoke)."
+name: fabric-chaincode-lifecycle
+version: 1.3.2
+appVersion: latest
+keywords:
+ - bevel
+ - hlf
+ - fabric
+ - hyperledger
+ - enterprise
+ - blockchain
+ - deployment
+home: https://hyperledger-bevel.readthedocs.io/en/latest/
+sources:
+ - https://github.com/hyperledger-bevel/bevel
+maintainers:
+ - name: Hyperledger Bevel maintainers
+ email: bevel@lists.lfdecentralizedtrust.org
\ No newline at end of file
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/README.md b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/README.md
new file mode 100644
index 00000000000..4c61121eb93
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/README.md
@@ -0,0 +1,213 @@
+[//]: # (##############################################################################################)
+[//]: # (Copyright Accenture. All Rights Reserved.)
+[//]: # (SPDX-License-Identifier: Apache-2.0)
+[//]: # (##############################################################################################)
+
+
+# Approve Chaincode Hyperledger Fabric Deployment
+
+- [Approve Chaincode Hyperledger Fabric Deployment Helm Chart](#approve-chaincode-hyperledger-fabric-deployment-helm-chart)
+- [Prerequisites](#prerequisites)
+- [Chart Structure](#chart-structure)
+- [Configuration](#configuration)
+- [Deployment](#deployment)
+- [Verification](#verification)
+- [Updating the Deployment](#updating-the-deployment)
+- [Deletion](#deletion)
+- [Contributing](#contributing)
+- [License](#license)
+
+
+
+## Approve Chaincode Hyperledger Fabric Deployment Helm Chart
+---
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-approve) to approve the chaincode.
+
+
+## Prerequisites
+---
+Before deploying the Helm chart, make sure to have the following prerequisites:
+
+- Kubernetes cluster up and running.
+- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication.
+- The Vault is unsealed and initialized.
+- Helm installed.
+
+
+
+## Chart Structure
+---
+The structure of the Helm chart is as follows:
+
+```
+fabric-chaincode-approve/
+ |- templates/
+ |- _helpers.yaml
+ |- approve_chaincode.yaml
+ |- configmap.yaml
+ |- Chart.yaml
+ |- README.md
+ |- values.yaml
+```
+
+- `templates/`: Contains the Kubernetes manifest templates that define the resources to be deployed.
+- `helpers.tpl`: Contains custom label definitions used in other templates.
+- `approve_chaincode.yaml`: Retrieves necessary certificates from Vault, checks if the chaincode is already approved. If it is, the job exits. If the chaincode is not approved, the job extracts the package ID of the chaincode and creates a command to approve the chaincode for the organization. The job then evaluates the endorsement policy, if any, and adds it to the command. Finally, the job runs the command to approve the chaincode.
+- `configmap.yaml`: stores the private data collection configuration for a chaincode. The ConfigMap is optional, and it is only used if the chaincode.pdc.enabled value is set. Otherwise, the default configuration for the Fabric CA server will be used.
+- `Chart.yaml`: Contains the metadata for the Helm chart, such as the name, version, and description.
+- `README.md`: Provides information and instructions about the Helm chart.
+- `values.yaml`: Contains the default configuration values for the Helm chart.
+
+
+
+## Configuration
+---
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+
+## Parameters
+---
+
+### Metadata
+
+| Name | Description | Default Value |
+| ----------------------| ----------------------------------------------------------------------------------| -------------------------------------------------|
+| namespace | Provide the namespace for organization's peer | org1-net |
+| images.fabrictools | Provide the valid image name and version | ghcr.io/hyperledger/bevel-fabric-tools:2.2.2 |
+| images.alpineutils | Provide the valid image name and version to read certificates from vault server | ghcr.io/hyperledger/bevel-alpine:latest |
+| labels | Provide the custom labels | "" |
+
+### Peer
+
+| Name | Description | Default Value |
+| --------------| --------------------------------------------------------------------------------------------------------| -----------------------------|
+| name | Provide the name of the peer as per deployment yaml | peer0 |
+| address | Provide the address of the peer which will update the channel about the anchor peer of the organization | peer0.org1-net:7051 |
+| localMspId | Provide the localMspId for organization | Org1MSP |
+| logLevel | Provide the logLevel for organization's peer | debug |
+| tlsStatus | Provide the value for tlsStatus to be true or false for organization's peer | true |
+
+### Vault
+
+| Name | Description | Default Value |
+| ---------------------| -------------------------------------------------------------------------- | -----------------------------|
+| role | Provide the vaultrole for an organization | vault-role |
+| address | Provide the vault server address | "" |
+| authpath | Provide the kubernetes auth backed configured in vault for an organization | devorg1-net-auth |
+| adminsecretprefix | Provide the value for vault secretprefix | secretsv2/data/crypto/peerOrganizations/org1-net/users/admin |
+| orderersecretprefix | Provide the value for vault secretprefix | secretsv2/data/crypto/peerOrganizations/org1-nets/orderer |
+| serviceaccountname | Provide the serviceaccount name for vault | vault-auth |
+| type | Provide the type of vault | hashicorp |
+| imagesecretname | Provide the imagesecretname for vault | "" |
+| tls | Enable or disable TLS for vault communication | "" |
+
+### Orderer
+
+| Name | Description | Default Value |
+| -------------| -----------------------------------| ------------------------------|
+| address | Provide the address for orderer | orderer1.org1proxy.blockchaincloudpoc.com:443 |
+
+### Chaincode
+
+| Name | Description | Default Value |
+| ------------------------------| ----------------------------------------------------------| ------------------------------------------|
+| builder | Chaincode builder image for Fabric | hyperledger/fabric-ccenv:2.2.2 |
+| name | Name of the chaincode to be committed | example |
+| version | Version of the chaincode to be committed | 1 |
+| sequence | Chaincode sequence (applies to Fabric 2.2.x) | 1 |
+| lang | Language of the chaincode | golang |
+| commitarguments | Commit arguments for the chaincode | "" |
+| endorsementPolicies | Endorsement policies for the chaincode | "" |
+| repository.hostname | Hostname of the chaincode repository | github.com |
+| repository.git_username | Git username for the chaincode repository | user |
+| repository.url | URL of the chaincode repository | github.com/hyperledger-bevel/bevel-samples.git |
+| repository.branch | Branch of the chaincode repository | main |
+| repository.path | Path to the chaincode within the repository | . |
+| repository.collectionsConfig | Collections configuration for the chaincode | "" |
+| pdc.enabled | Enable private data collections for the chaincode | false |
+| pdc.collectionsConfig | Collections configuration for private data collections | "" |
+
+### Channel
+
+| Name | Description | Default Value |
+| --------| -----------------------| ------------- |
+| name | Name of the channel | mychannel |
+
+
+
+## Deployment
+---
+
+To deploy the fabric-chaincode-approve Helm chart, follow these steps:
+
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml) file to set the desired configuration values.
+2. Run the following Helm command to install the chart:
+ ```
+ $ helm repo add bevel https://hyperledger.github.io/bevel/
+ $ helm install ./fabric-chaincode-approve
+ ```
+Replace `` with the desired name for the release.
+
+This will deploy the fabric-chaincode-approve job to the Kubernetes cluster based on the provided configurations.
+
+
+
+## Verification
+---
+
+To verify the deployment, we can use the following command:
+```
+$ kubectl get jobs -n
+```
+Replace `` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods.
+
+
+
+## Updating the Deployment
+---
+
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-approve/values.yaml) file with the desired changes and run the following Helm command:
+```
+$ helm upgrade ./fabric-chaincode-approve
+```
+Replace `` with the name of the release. This command will apply the changes to the deployment, ensuring the fabric-chaincode-approve node is up to date.
+
+
+
+## Deletion
+---
+
+To delete the deployment and associated resources, run the following Helm command:
+```
+$ helm uninstall
+```
+Replace `` with the name of the release. This command will remove all the resources created by the Helm chart.
+
+
+## Contributing
+---
+If you encounter any bugs, have suggestions, or would like to contribute to the [Approve Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-approve), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
+
+
+## License
+
+This chart is licensed under the Apache v2.0 license.
+
+Copyright © 2023 Accenture
+
+### Attribution
+
+This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here:
+
+```
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/_helpers.tpl b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/_helpers.tpl
new file mode 100644
index 00000000000..76cf951fdfb
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/_helpers.tpl
@@ -0,0 +1,74 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "fabric-chaincode-lifecycle.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+*/}}
+{{- define "fabric-chaincode-lifecycle.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "fabric-chaincode-lifecycle.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Endorser names for commit operation
+*/}}
+{{- define "endorser.names" -}}
+{{- $names := list -}}
+{{- range .Values.endorsers -}}
+{{- $names = append $names .name -}}
+{{- end -}}
+{{- join " " $names -}}
+{{- end }}
+
+{{/*
+Endorser addresses for commit operation
+*/}}
+{{- define "endorser.addresses" -}}
+{{- $addresses := list -}}
+{{- range .Values.endorsers -}}
+{{- $addresses = append $addresses .corePeerAddress -}}
+{{- end -}}
+{{- join " " $addresses -}}
+{{- end }}
+
+{{- define "labels.custom" -}}
+{{- range $value := .Values.labels.custom }}
+{{ toYaml $value }}
+{{- end }}
+{{- end }}
+
+{{/*
+Get the orderer TLS cacert ConfigMap name
+Tries multiple possible names in order of preference
+*/}}
+{{- define "ordererConfigMap" -}}
+{{- $namespace := .Release.Namespace -}}
+{{- $kubectlCmd := printf "kubectl get configmap -n %s" $namespace -}}
+{{- if (lookup "v1" "ConfigMap" $namespace "orderer-tls-cacert") -}}
+orderer-tls-cacert
+{{- else if (lookup "v1" "ConfigMap" $namespace "peer0-orderer-tls-cacert") -}}
+peer0-orderer-tls-cacert
+{{- else -}}
+orderer-tls-cacert
+{{- end -}}
+{{- end -}}
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/approve_job.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/approve_job.yaml
new file mode 100644
index 00000000000..740e1c6d360
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/approve_job.yaml
@@ -0,0 +1,344 @@
+##############################################################################################
+# Copyright Sownak Roy. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+{{- if .Values.lifecycle.approve.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ .Release.Name }}-approve
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ .Release.Name }}-approve
+ app.kubernetes.io/name: {{ include "fabric-chaincode-lifecycle.name" . }}-approve
+ app.kubernetes.io/component: approve
+ app.kubernetes.io/part-of: {{ include "fabric-chaincode-lifecycle.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ {{- include "labels.custom" . | nindent 4 }}
+ annotations:
+ helm.sh/hook-weight: "-5"
+ helm.sh/hook: "pre-install,pre-upgrade"
+ helm.sh/hook-delete-policy: "before-hook-creation"
+spec:
+ backoffLimit: 6
+ template:
+ metadata:
+ labels:
+ app: {{ .Release.Name }}-approve
+ app.kubernetes.io/name: {{ include "fabric-chaincode-lifecycle.name" . }}-approve
+ app.kubernetes.io/component: approve
+ app.kubernetes.io/part-of: {{ include "fabric-chaincode-lifecycle.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ spec:
+ restartPolicy: OnFailure
+ serviceAccountName: {{ .Values.global.serviceAccountName }}
+ {{- if .Values.image.pullSecret }}
+ imagePullSecrets:
+ - name: {{ .Values.image.pullSecret }}
+ {{- end }}
+ volumes:
+ {{- if .Values.global.vault.tls }}
+ - name: vaultca
+ secret:
+ secretName: {{ .Values.global.vault.tls }}
+ items:
+ - key: ca.crt.pem
+ path: ca-certificates.crt
+ {{- end }}
+ - name: certificates
+ emptyDir:
+ medium: Memory
+ {{ if .Values.chaincode.pdc.enabled }}
+ - name: pdcconfig
+ configMap:
+ defaultMode: 420
+ name: {{ .Release.Name }}-collections-config
+ {{ end }}
+ - name: scripts-volume
+ configMap:
+ name: bevel-vault-script
+ - name: orderer-tls-cacert
+ configMap:
+ name: {{ include "ordererConfigMap" . }}
+ defaultMode: 0775
+ items:
+ - key: cacert
+ path: orderer.crt
+ initContainers:
+ - name: certificates-init
+ image: {{ .Values.image.alpineutils }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: VAULT_ADDR
+ value: {{ .Values.global.vault.address }}
+ - name: VAULT_SECRET_ENGINE
+ value: "{{ .Values.global.vault.secretEngine }}"
+ - name: VAULT_SECRET_PREFIX
+ value: "{{ .Values.global.vault.secretPrefix }}"
+ - name: KUBERNETES_AUTH_PATH
+ value: {{ .Values.global.vault.authPath }}
+ - name: VAULT_APP_ROLE
+ value: {{ .Values.global.vault.role }}
+ - name: MOUNT_PATH
+ value: /secret
+ - name: VAULT_TYPE
+ value: "{{ .Values.global.vault.type }}"
+ command: ["sh", "-c"]
+ args:
+ - |-
+ #!/usr/bin/env sh
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ . /scripts/bevel-vault.sh
+
+ # Calling a function to retrieve the vault token.
+ vaultBevelFunc "init"
+
+ # Function to get Admin MSP Secret
+ function getAdminMspSecret {
+ KEY=$1
+ echo "Getting Admin MSP certificates from Vault."
+ vaultBevelFunc "readJson" "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/users/${KEY}"
+ if [ "$SECRETS_AVAILABLE" == "yes" ]
+ then
+ ADMINCERT=$(echo ${VAULT_SECRET} | jq -r '.["admincerts"]')
+ CACERTS=$(echo ${VAULT_SECRET} | jq -r '.["cacerts"]')
+ KEYSTORE=$(echo ${VAULT_SECRET} | jq -r '.["keystore"]')
+ SIGNCERTS=$(echo ${VAULT_SECRET} | jq -r '.["signcerts"]')
+ TLSCACERTS=$(echo ${VAULT_SECRET} | jq -r '.["tlscacerts"]')
+
+ OUTPUT_PATH="${MOUNT_PATH}/admin/msp"
+
+ echo "${ADMINCERT}" > ${OUTPUT_PATH}/admincerts/admin.crt
+ echo "${CACERTS}" > ${OUTPUT_PATH}/cacerts/ca.crt
+ echo "${KEYSTORE}" > ${OUTPUT_PATH}/keystore/server.key
+ echo "${SIGNCERTS}" > ${OUTPUT_PATH}/signcerts/server.crt
+ echo "${TLSCACERTS}" > ${OUTPUT_PATH}/tlscacerts/tlsca.crt
+ ADMIN_MSP_SECRET="true"
+ else
+ ADMIN_MSP_SECRET="false"
+ fi
+ }
+ {{- else }}
+ function getAdminMspSecret {
+ KEY=$1
+ KUBENETES_SECRET=$(kubectl get secret ${KEY} --namespace {{ .Release.Namespace }} -o json)
+ if [ "$KUBENETES_SECRET" = "" ]; then
+ ADMIN_MSP_SECRET="false"
+ else
+ ADMINCERT=$(echo ${KUBENETES_SECRET} | jq -r '.data.admincerts' | base64 -d)
+ CACERTS=$(echo ${KUBENETES_SECRET} | jq -r '.data.cacerts' | base64 -d)
+ KEYSTORE=$(echo ${KUBENETES_SECRET} | jq -r '.data.keystore' | base64 -d)
+ SIGNCERTS=$(echo ${KUBENETES_SECRET} | jq -r '.data.signcerts' | base64 -d)
+ TLSCACERTS=$(echo ${KUBENETES_SECRET} | jq -r '.data.tlscacerts' | base64 -d)
+
+ echo "${ADMINCERT}" > ${OUTPUT_PATH}/admincerts/admin.crt
+ echo "${CACERTS}" > ${OUTPUT_PATH}/cacerts/ca.crt
+ echo "${KEYSTORE}" > ${OUTPUT_PATH}/keystore/server.key
+ echo "${SIGNCERTS}" > ${OUTPUT_PATH}/signcerts/server.crt
+ echo "${TLSCACERTS}" > ${OUTPUT_PATH}/tlscacerts/tlsca.crt
+ ADMIN_MSP_SECRET="true"
+ fi
+ }
+
+ {{- end }}
+ echo "Getting MSP certificates from Vault."
+
+ OUTPUT_PATH="${MOUNT_PATH}/admin/msp"
+ mkdir -p ${OUTPUT_PATH}/admincerts
+ mkdir -p ${OUTPUT_PATH}/cacerts
+ mkdir -p ${OUTPUT_PATH}/keystore
+ mkdir -p ${OUTPUT_PATH}/signcerts
+ mkdir -p ${OUTPUT_PATH}/tlscacerts
+ COUNTER=1
+ while [ "$COUNTER" -le 20 ]
+ do
+ getAdminMspSecret admin-msp
+ if [ "$ADMIN_MSP_SECRET" = "true" ]
+ then
+ echo "Admin certificates have been obtained correctly"
+ break
+ else
+ echo "Admin certificates have not been obtained, sleeping for 15 seconds"
+ sleep 15
+ COUNTER=`expr "$COUNTER" + 1`
+ fi
+ done
+
+ if [ "$COUNTER" -gt 20 ]
+ then
+ echo "Retry attempted `expr $COUNTER - 1` times, Admin certificates have not been obtained."
+ exit 1
+ fi
+
+ volumeMounts:
+ {{- if .Values.global.vault.tls }}
+ - name: vaultca
+ mountPath: "/etc/ssl/certs/"
+ readOnly: true
+ {{- end }}
+ - name: certificates
+ mountPath: /secret
+ - name: scripts-volume
+ mountPath: /scripts/bevel-vault.sh
+ subPath: bevel-vault.sh
+ containers:
+ - name: approve-chaincode
+ image: {{ .Values.image.fabrictools }}:{{ .Values.global.version }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: CORE_VM_ENDPOINT
+ value: unix:///host/var/run/docker.sock
+ - name: FABRIC_LOGGING_SPEC
+ value: "{{ .Values.peer.logLevel }}"
+ - name: CORE_PEER_ID
+ value: {{ .Values.peer.name }}.{{ .Release.Namespace }}
+ - name: CORE_PEER_ADDRESS
+ value: {{ .Values.peer.address }}
+ - name: CORE_PEER_LOCALMSPID
+ value: {{ .Values.peer.localMspId }}
+ - name: CORE_PEER_TLS_ENABLED
+ value: "{{ .Values.peer.tlsStatus }}"
+ - name: CORE_PEER_TLS_ROOTCERT_FILE
+ value: "/opt/gopath/src/github.com/hyperledger/fabric/crypto/admin/msp/tlscacerts/tlsca.crt"
+ - name: ORDERER_CA
+ value: "/opt/gopath/src/github.com/hyperledger/fabric/orderer/tls/orderer.crt"
+ - name: CORE_PEER_MSPCONFIGPATH
+ value: "/opt/gopath/src/github.com/hyperledger/fabric/crypto/admin/msp"
+ - name: ORDERER_URL
+ value: {{ .Values.peer.ordererAddress }}
+ - name: CHANNEL_NAME
+ value: "{{ .Values.chaincode.channel }}"
+ - name: CHAINCODE_NAME
+ value: "{{ .Values.chaincode.name }}"
+ - name: CHAINCODE_VERSION
+ value: "{{ .Values.chaincode.version }}"
+ - name: CHAINCODE_SEQUENCE
+ value: "{{ .Values.chaincode.sequence }}"
+ - name: INIT_REQUIRED
+ value: "{{ .Values.chaincode.initRequired }}"
+ - name: CORE_CHAINCODE_BUILDER
+ value: "{{ .Values.chaincode.builder }}"
+ - name: ENDORSEMENT_POLICIES
+ value: "{{ .Values.chaincode.endorsementPolicies }}"
+ - name: PDC_ENABLED
+ value: "{{ .Values.chaincode.pdc.enabled }}"
+ stdin: true
+ tty: true
+ command: ["sh", "-c"]
+ args:
+ - |-
+ #!/bin/bash sh
+
+ # Set up logging function for better visibility
+ log_info() { echo "[INFO] $(date '+%Y-%m-%d %H:%M:%S') - $1"; }
+ log_error() { echo "[ERROR] $(date '+%Y-%m-%d %H:%M:%S') - $1" >&2; }
+ log_success() { echo "[SUCCESS] $(date '+%Y-%m-%d %H:%M:%S') - $1"; }
+
+ # Function to execute a command with retries
+ execute_with_retry() {
+ local cmd="$1"
+ local desc="$2"
+ local max_attempts=5
+ local delay=10
+
+ for attempt in $(seq 1 $max_attempts); do
+ log_info "Attempt $attempt of $max_attempts: $desc"
+ if eval "$cmd"; then
+ log_success "$desc completed successfully"
+ return 0
+ else
+ if [ $attempt -lt $max_attempts ]; then
+ log_info "Attempt $attempt failed, retrying in ${delay}s..."
+ sleep $delay
+ else
+ log_error "$desc failed after $max_attempts attempts"
+ return 1
+ fi
+ fi
+ done
+ }
+
+ log_info "======== Starting chaincode approval process ========"
+ {{- if .Values.lifecycle.approve.waitForInstall }}
+ # Wait for chaincode installation to be completed
+ log_info "Waiting for chaincode installation to complete..."
+ max_wait=600
+ wait_time=0
+ while [ $wait_time -lt $max_wait ]; do
+ if peer lifecycle chaincode queryinstalled --output json | jq -r '.installed_chaincodes[] | select(.label=="'${CHAINCODE_NAME}'-'${CHAINCODE_VERSION}'") | .package_id' | grep -q "."; then
+ log_success "Chaincode installation detected"
+ break
+ fi
+ log_info "Waiting for chaincode installation... ($wait_time/$max_wait seconds)"
+ sleep 10
+ wait_time=$((wait_time + 10))
+ done
+
+ if [ $wait_time -ge $max_wait ]; then
+ log_error "Timeout waiting for chaincode installation"
+ exit 1
+ fi
+ {{- end }}
+
+ # Extract package ID
+ log_info "Extracting chaincode package ID..."
+ PACKAGE_ID=$(peer lifecycle chaincode queryinstalled --output json | jq -r '.installed_chaincodes[] | select(.label=="'${CHAINCODE_NAME}'-'${CHAINCODE_VERSION}'") | .package_id')
+
+ if [ -z "$PACKAGE_ID" ]; then
+ log_error "Failed to extract package ID for chaincode ${CHAINCODE_NAME}-${CHAINCODE_VERSION}"
+ exit 1
+ fi
+ log_info "Package ID: $PACKAGE_ID"
+
+ # Check if already approved
+ log_info "Checking if chaincode is already approved..."
+ if peer lifecycle chaincode queryapproved -C ${CHANNEL_NAME} -n ${CHAINCODE_NAME} --sequence ${CHAINCODE_SEQUENCE} >/dev/null 2>&1; then
+ log_info "Chaincode ${CHAINCODE_NAME} v${CHAINCODE_VERSION} is already approved"
+ exit 0
+ fi
+
+ # Build approve command
+ APPROVE_CMD="peer lifecycle chaincode approveformyorg -o ${ORDERER_URL} --tls ${CORE_PEER_TLS_ENABLED} --cafile ${ORDERER_CA} --channelID ${CHANNEL_NAME} --name ${CHAINCODE_NAME} --version ${CHAINCODE_VERSION} --package-id ${PACKAGE_ID} --sequence ${CHAINCODE_SEQUENCE}"
+
+ if [ "${INIT_REQUIRED}" = "true" ]; then
+ APPROVE_CMD="${APPROVE_CMD} --init-required"
+ fi
+
+ # Handle Private Data Collections
+ if [ "${PDC_ENABLED}" = "true" ]; then
+ log_info "PDC is enabled. private data collections configuration"
+ APPROVE_CMD="${APPROVE_CMD} --collections-config /opt/pdc/collections_config.json"
+ fi
+
+ if [ -n ${ENDORSEMENT_POLICIES} ]; then
+ log_info "Adding endorsement policy: ${ENDORSEMENT_POLICIES}"
+ # Write the policy to a temporary file to avoid shell escaping issues
+ echo "${ENDORSEMENT_POLICIES}" > /tmp/endorsement_policy.txt
+ POLICY_FROM_FILE=$(cat /tmp/endorsement_policy.txt)
+ APPROVE_CMD="${APPROVE_CMD} --signature-policy"
+ APPROVE_CMD="${APPROVE_CMD} \"${POLICY_FROM_FILE}\""
+ fi
+
+ log_info "Final approve command: ${APPROVE_CMD}"
+
+ execute_with_retry "${APPROVE_CMD}" "Approve chaincode"
+ log_success "Chaincode approval completed successfully!"
+ log_success "Channel: ${CHANNEL_NAME}"
+ log_success "Chaincode: ${CHAINCODE_NAME}"
+ log_success "Version: ${CHAINCODE_VERSION}"
+ log_success "Sequence: ${CHAINCODE_SEQUENCE}"
+ log_info "======== Chaincode approval process complete ========"
+ volumeMounts:
+ - name: certificates
+ mountPath: /opt/gopath/src/github.com/hyperledger/fabric/crypto
+ readOnly: true
+ - name: orderer-tls-cacert
+ mountPath: /opt/gopath/src/github.com/hyperledger/fabric/orderer/tls/orderer.crt
+ subPath: orderer.crt
+ {{ if .Values.chaincode.pdc.enabled }}
+ - name: pdcconfig
+ mountPath: /opt/pdc
+ {{ end }}
+{{- end }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/commit_invoke_job.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/commit_invoke_job.yaml
new file mode 100644
index 00000000000..89295fc8d53
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/commit_invoke_job.yaml
@@ -0,0 +1,463 @@
+##############################################################################################
+# Copyright Sownak Roy. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+{{- if or .Values.lifecycle.commit.enabled .Values.lifecycle.invoke.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ .Release.Name }}-commit-invoke
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ .Release.Name }}-commit-invoke
+ app.kubernetes.io/name: {{ include "fabric-chaincode-lifecycle.name" . }}-commit-invoke
+ app.kubernetes.io/component: commit
+ app.kubernetes.io/part-of: {{ include "fabric-chaincode-lifecycle.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ {{- include "labels.custom" . | nindent 4 }}
+ annotations:
+ helm.sh/hook-weight: "0"
+spec:
+ backoffLimit: 6
+ template:
+ metadata:
+ labels:
+ app: {{ .Release.Name }}-commit-invoke
+ app.kubernetes.io/name: {{ include "fabric-chaincode-lifecycle.name" . }}-commit-invoke
+ app.kubernetes.io/component: commit
+ app.kubernetes.io/part-of: {{ include "fabric-chaincode-lifecycle.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ spec:
+ restartPolicy: OnFailure
+ serviceAccountName: {{ .Values.global.serviceAccountName }}
+ {{- if .Values.image.pullSecret }}
+ imagePullSecrets:
+ - name: {{ .Values.image.pullSecret }}
+ {{- end }}
+ volumes:
+ {{- if .Values.global.vault.tls }}
+ - name: vaultca
+ secret:
+ secretName: {{ .Values.global.vault.tls }}
+ items:
+ - key: ca.crt.pem
+ path: ca-certificates.crt
+ {{- end }}
+ - name: certificates
+ emptyDir:
+ medium: Memory
+ {{ if .Values.chaincode.pdc.enabled }}
+ - name: pdcconfig
+ configMap:
+ defaultMode: 420
+ name: {{ .Release.Name }}-collections-config
+ {{ end }}
+ - name: scripts-volume
+ configMap:
+ name: bevel-vault-script
+ defaultMode: 0777
+ - name: orderer-tls-cacert
+ configMap:
+ name: {{ include "ordererConfigMap" . }}
+ defaultMode: 0775
+ items:
+ - key: cacert
+ path: orderer.crt
+ initContainers:
+ - name: certificates-init
+ image: {{ .Values.image.alpineutils }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: VAULT_ADDR
+ value: {{ .Values.global.vault.address }}
+ - name: VAULT_SECRET_ENGINE
+ value: "{{ .Values.global.vault.secretEngine }}"
+ - name: VAULT_SECRET_PREFIX
+ value: "{{ .Values.global.vault.secretPrefix }}"
+ - name: KUBERNETES_AUTH_PATH
+ value: {{ .Values.global.vault.authPath }}
+ - name: VAULT_APP_ROLE
+ value: {{ .Values.global.vault.role }}
+ - name: MOUNT_PATH
+ value: /secret
+ - name: VAULT_TYPE
+ value: "{{ .Values.global.vault.type }}"
+ - name: ENDORSER_NAMES
+ value: {{ include "endorser.names" . | quote }}
+ command: ["sh", "-c"]
+ args:
+ - |-
+ #!/usr/bin/env sh
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ . /scripts/bevel-vault.sh
+
+ # Calling a function to retrieve the vault token.
+ vaultBevelFunc "init"
+
+ # Function to get Admin MSP Secret
+ function getAdminMspSecret {
+ KEY=$1
+ echo "Getting Admin MSP certificates from Vault."
+ vaultBevelFunc "readJson" "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/users/${KEY}"
+ if [ "$SECRETS_AVAILABLE" == "yes" ]
+ then
+ ADMINCERT=$(echo ${VAULT_SECRET} | jq -r '.["admincerts"]')
+ CACERTS=$(echo ${VAULT_SECRET} | jq -r '.["cacerts"]')
+ KEYSTORE=$(echo ${VAULT_SECRET} | jq -r '.["keystore"]')
+ SIGNCERTS=$(echo ${VAULT_SECRET} | jq -r '.["signcerts"]')
+ TLSCACERTS=$(echo ${VAULT_SECRET} | jq -r '.["tlscacerts"]')
+
+ OUTPUT_PATH="${MOUNT_PATH}/admin/msp"
+
+ echo "${ADMINCERT}" > ${OUTPUT_PATH}/admincerts/admin.crt
+ echo "${CACERTS}" > ${OUTPUT_PATH}/cacerts/ca.crt
+ echo "${KEYSTORE}" > ${OUTPUT_PATH}/keystore/server.key
+ echo "${SIGNCERTS}" > ${OUTPUT_PATH}/signcerts/server.crt
+ echo "${TLSCACERTS}" > ${OUTPUT_PATH}/tlscacerts/tlsca.crt
+ ADMIN_MSP_SECRET="true"
+ else
+ ADMIN_MSP_SECRET="false"
+ fi
+ }
+ {{- else }}
+ function getAdminMspSecret {
+ KEY=$1
+ KUBENETES_SECRET=$(kubectl get secret ${KEY} --namespace {{ .Release.Namespace }} -o json)
+ if [ "$KUBENETES_SECRET" = "" ]; then
+ ADMIN_MSP_SECRET="false"
+ else
+ ADMINCERT=$(echo ${KUBENETES_SECRET} | jq -r '.data.admincerts' | base64 -d)
+ CACERTS=$(echo ${KUBENETES_SECRET} | jq -r '.data.cacerts' | base64 -d)
+ KEYSTORE=$(echo ${KUBENETES_SECRET} | jq -r '.data.keystore' | base64 -d)
+ SIGNCERTS=$(echo ${KUBENETES_SECRET} | jq -r '.data.signcerts' | base64 -d)
+ TLSCACERTS=$(echo ${KUBENETES_SECRET} | jq -r '.data.tlscacerts' | base64 -d)
+
+ echo "${ADMINCERT}" > ${OUTPUT_PATH}/admincerts/admin.crt
+ echo "${CACERTS}" > ${OUTPUT_PATH}/cacerts/ca.crt
+ echo "${KEYSTORE}" > ${OUTPUT_PATH}/keystore/server.key
+ echo "${SIGNCERTS}" > ${OUTPUT_PATH}/signcerts/server.crt
+ echo "${TLSCACERTS}" > ${OUTPUT_PATH}/tlscacerts/tlsca.crt
+ ADMIN_MSP_SECRET="true"
+ fi
+ }
+
+ {{- end }}
+ function getEndorserSecret {
+ ORG_NAME=$1
+ {{- range .Values.endorsers }}
+ if [ "${ORG_NAME}" = "{{ .name }}" ]; then
+ ENDORSER_CACERT=$(echo "{{ .certificate }}" | base64 -d)
+ mkdir -p ${MOUNT_PATH}/endorsers/${ORG_NAME}/msp/cacerts
+ echo "${ENDORSER_CACERT}" > ${MOUNT_PATH}/endorsers/${ORG_NAME}/msp/cacerts/ca.crt
+ return 0
+ fi
+ {{- end }}
+ echo "Error: Endorser org '${ORG_NAME}' not found"
+ return 1
+ }
+ OUTPUT_PATH="${MOUNT_PATH}/admin/msp"
+ mkdir -p ${OUTPUT_PATH}/admincerts
+ mkdir -p ${OUTPUT_PATH}/cacerts
+ mkdir -p ${OUTPUT_PATH}/keystore
+ mkdir -p ${OUTPUT_PATH}/signcerts
+ mkdir -p ${OUTPUT_PATH}/tlscacerts
+ mkdir -p ${MOUNT_PATH}/endorsers
+ COUNTER=1
+ while [ "$COUNTER" -le 20 ]
+ do
+
+ getAdminMspSecret admin-msp
+ # Get endorser certificates
+ ENDORSER_SECRETS_SUCCESS=true
+ for name in $ENDORSER_NAMES; do
+ if ! getEndorserSecret "$name"; then
+ echo "Failed to get endorser certificates for $name"
+ ENDORSER_SECRETS_SUCCESS=false
+ break
+ fi
+ done
+ if [ "$ADMIN_MSP_SECRET" = "true" ] && [ "$ENDORSER_SECRETS_SUCCESS" = "true" ]
+ then
+ echo "All certificates have been obtained correctly for commit operation"
+ break
+ else
+ echo "Certificates have not been obtained, sleeping for 15"
+ sleep 15
+ COUNTER=`expr "$COUNTER" + 1`
+ fi
+ done
+ if [ "$COUNTER" -gt 20 ]
+ then
+ echo "Retry attempted `expr $COUNTER - 1` times, certificates have not been obtained."
+ exit 1
+ fi
+
+ echo "All certificates fetched successfully for commit-invoke operation"
+ volumeMounts:
+ {{- if .Values.global.vault.tls }}
+ - name: vaultca
+ mountPath: "/etc/ssl/certs/"
+ readOnly: true
+ {{- end }}
+ - name: certificates
+ mountPath: /secret
+ - name: scripts-volume
+ mountPath: /scripts/bevel-vault.sh
+ subPath: bevel-vault.sh
+ containers:
+ - name: commit-invoke
+ image: {{ .Values.image.fabrictools }}:{{ .Values.global.version }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: CORE_VM_ENDPOINT
+ value: unix:///host/var/run/docker.sock
+ - name: FABRIC_LOGGING_SPEC
+ value: "{{ .Values.peer.logLevel }}"
+ - name: CORE_PEER_ID
+ value: {{ .Values.peer.name }}.{{ .Release.Namespace }}
+ - name: CORE_PEER_ADDRESS
+ value: {{ .Values.peer.address }}
+ - name: CORE_PEER_LOCALMSPID
+ value: {{ .Values.peer.localMspId }}
+ - name: CORE_PEER_TLS_ENABLED
+ value: "{{ .Values.peer.tlsStatus }}"
+ - name: CORE_PEER_TLS_ROOTCERT_FILE
+ value: "/opt/gopath/src/github.com/hyperledger/fabric/crypto/admin/msp/tlscacerts/tlsca.crt"
+ - name: ORDERER_CA
+ value: "/opt/gopath/src/github.com/hyperledger/fabric/orderer/tls/orderer.crt"
+ - name: CORE_PEER_MSPCONFIGPATH
+ value: /opt/gopath/src/github.com/hyperledger/fabric/crypto/admin/msp
+ - name: ORDERER_URL
+ value: {{ .Values.peer.ordererAddress }}
+ - name: CHANNEL_NAME
+ value: "{{ .Values.chaincode.channel }}"
+ - name: CHAINCODE_NAME
+ value: "{{ .Values.chaincode.name }}"
+ - name: CHAINCODE_VERSION
+ value: "{{ .Values.chaincode.version }}"
+ - name: CHAINCODE_SEQUENCE
+ value: "{{ .Values.chaincode.sequence }}"
+ - name: CORE_CHAINCODE_BUILDER
+ value: "{{ .Values.chaincode.builder }}"
+ - name: INIT_REQUIRED
+ value: "{{ .Values.chaincode.initRequired }}"
+ - name: INVOKE_ARGUMENTS
+ value: {{ .Values.chaincode.arguments | quote }}
+ - name: ENDORSEMENT_POLICIES
+ value: "{{ .Values.chaincode.endorsementPolicies }}"
+ - name: ENDORSER_NAMES
+ value: {{ include "endorser.names" . | quote }}
+ - name: ENDORSER_ADDRESSES
+ value: {{ include "endorser.addresses" . | quote }}
+ - name: PDC_ENABLED
+ value: "{{ .Values.chaincode.pdc.enabled }}"
+ stdin: true
+ tty: true
+ command: ["sh", "-c"]
+ args:
+ - |-
+ #!/bin/bash sh
+
+ # Logging functions
+ log_info() { echo "[INFO] $(date '+%Y-%m-%d %H:%M:%S') - $1"; }
+ log_error() { echo "[ERROR] $(date '+%Y-%m-%d %H:%M:%S') - $1" >&2; }
+ log_success() { echo "[SUCCESS] $(date '+%Y-%m-%d %H:%M:%S') - $1"; }
+
+ # Function to execute a command with retries
+ execute_with_retry() {
+ local cmd="$1"
+ local desc="$2"
+ local max_attempts=5
+ local delay=10
+
+ for attempt in $(seq 1 $max_attempts); do
+ log_info "Attempt $attempt of $max_attempts: $desc"
+ if eval "$cmd"; then
+ log_success "$desc completed successfully"
+ return 0
+ else
+ if [ $attempt -lt $max_attempts ]; then
+ log_info "Attempt $attempt failed, retrying in ${delay}s..."
+ sleep $delay
+ else
+ log_error "$desc failed after $max_attempts attempts"
+ return 1
+ fi
+ fi
+ done
+ }
+
+ # Variables to track which operations to perform
+ COMMIT_ENABLED="{{ .Values.lifecycle.commit.enabled }}"
+ INVOKE_ENABLED="{{ .Values.lifecycle.invoke.enabled }}"
+ ##############################################
+ # COMMIT OPERATION
+ ##############################################
+ if [ "$COMMIT_ENABLED" = "true" ]; then
+ log_info "======== Starting chaincode commit process ========"
+ # Check if already committed
+ log_info "Checking if chaincode is already committed..."
+ if peer lifecycle chaincode querycommitted -C ${CHANNEL_NAME} -n ${CHAINCODE_NAME} --sequence ${CHAINCODE_SEQUENCE} >/dev/null 2>&1; then
+ log_info "Chaincode ${CHAINCODE_NAME} v${CHAINCODE_VERSION} is already committed"
+ COMMIT_ALREADY_DONE=true
+ else
+ COMMIT_ALREADY_DONE=false
+ fi
+
+ if [ "$COMMIT_ALREADY_DONE" = "false" ]; then
+ # Build commit command
+ COMMIT_CMD="peer lifecycle chaincode commit -o ${ORDERER_URL} --tls ${CORE_PEER_TLS_ENABLED} --cafile ${ORDERER_CA} --channelID ${CHANNEL_NAME} --name ${CHAINCODE_NAME} --version ${CHAINCODE_VERSION} --sequence ${CHAINCODE_SEQUENCE}"
+ COMMITREADINESS_CMD="peer lifecycle chaincode checkcommitreadiness --channelID ${CHANNEL_NAME} --name ${CHAINCODE_NAME} --version ${CHAINCODE_VERSION} --sequence ${CHAINCODE_SEQUENCE} --output json"
+
+ # Add endorser peer addresses and TLS certificates
+ for addr in $ENDORSER_ADDRESSES; do
+ COMMIT_CMD="${COMMIT_CMD} --peerAddresses ${addr}"
+ done
+
+ for name in $ENDORSER_NAMES; do
+ COMMIT_CMD="${COMMIT_CMD} --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/crypto/endorsers/${name}/msp/cacerts/ca.crt"
+ done
+
+ # Add init required flag
+ if [ "${INIT_REQUIRED}" = "true" ]; then
+ COMMIT_CMD="${COMMIT_CMD} --init-required"
+ COMMITREADINESS_CMD="${COMMITREADINESS_CMD} --init-required"
+ fi
+ # Handle Private Data Collections
+ if [ "${PDC_ENABLED}" = "true" ]; then
+ pdc_config=" --collections-config /opt/pdc/collections_config.json"
+ COMMIT_CMD=${COMMIT_CMD}${pdc_config}
+ COMMITREADINESS_CMD=${COMMITREADINESS_CMD}${pdc_config}
+ fi
+
+ # Add endorsement policy if specified
+ if [ -n "${ENDORSEMENT_POLICIES}" ]; then
+ log_info "Adding endorsement policy: ${ENDORSEMENT_POLICIES}"
+ COMMIT_CMD="${COMMIT_CMD} --signature-policy \"${ENDORSEMENT_POLICIES}\""
+ COMMITREADINESS_CMD="${COMMITREADINESS_CMD} --signature-policy \"${ENDORSEMENT_POLICIES}\""
+ fi
+
+ {{- if .Values.lifecycle.commit.waitForApprove }}
+ # Wait for approvals from all required organizations
+ log_info "Waiting for chaincode approvals from majority of organizations..."
+ max_wait=1200 # 20 minutes
+ wait_time=0
+ # Count how many orgs are required for majority
+ READINESS_OUTPUT=$(eval ${COMMITREADINESS_CMD})
+ TOTAL_ORGS=$(echo "${READINESS_OUTPUT}" | jq '.approvals | length')
+ REQUIRED=$(( (TOTAL_ORGS / 2) + 1 ))
+ log_info "Total orgs: $TOTAL_ORGS, majority required: $REQUIRED"
+
+ while [ $wait_time -lt $max_wait ]; do
+ READINESS_OUTPUT=$(eval ${COMMITREADINESS_CMD})
+ APPROVED_COUNT=$(echo "${READINESS_OUTPUT}" | jq '[.approvals | to_entries[] | select(.value == true)] | length')
+
+ if [ "$APPROVED_COUNT" -ge "$REQUIRED" ]; then
+ log_success "Majority approvals reached ($APPROVED_COUNT/$TOTAL_ORGS) - ready to commit"
+ log_info "Current approvals:"
+ echo "${READINESS_OUTPUT}" | jq -r '.approvals'
+ break
+ fi
+ log_info "Majority not yet reached ($APPROVED_COUNT/$TOTAL_ORGS), waiting... ($wait_time/$max_wait seconds)"
+ echo "${READINESS_OUTPUT}" | jq -r '.approvals'
+ sleep 15
+ wait_time=$((wait_time + 15))
+ done
+
+ if [ $wait_time -ge $max_wait ]; then
+ log_error "Timeout waiting for chaincode approvals"
+ peer lifecycle chaincode checkcommitreadiness -C ${CHANNEL_NAME} -n ${CHAINCODE_NAME} --version ${CHAINCODE_VERSION} --sequence ${CHAINCODE_SEQUENCE}
+ exit 1
+ fi
+ {{- end }}
+
+ log_info "Final commit command: ${COMMIT_CMD}"
+
+ # Execute commit command with retry
+ execute_with_retry "${COMMIT_CMD}" "Commit chaincode"
+
+ log_success "Chaincode commit completed successfully!"
+ else
+ log_info "Skipping commit as chaincode is already committed"
+ fi
+ log_info "======== COMMIT operation complete ========"
+ else
+ log_info "Commit operation disabled, skipping..."
+ fi
+ ##############################################
+ # INVOKE OPERATION
+ ##############################################
+ if [ "$INVOKE_ENABLED" = "true" ]; then
+ log_info "======== Starting INVOKE operation ========"
+ {{- if .Values.lifecycle.invoke.waitForCommit }}
+ # Wait for chaincode to be committed (either by us or previously)
+ log_info "Waiting for chaincode to be committed..."
+ max_wait=600
+ wait_time=0
+ while [ $wait_time -lt $max_wait ]; do
+ if peer lifecycle chaincode querycommitted -C ${CHANNEL_NAME} -n ${CHAINCODE_NAME} >/dev/null 2>&1; then
+ log_success "Chaincode commit detected"
+ break
+ fi
+ log_info "Waiting for chaincode commit... ($wait_time/$max_wait seconds)"
+ sleep 10
+ wait_time=$((wait_time + 10))
+ done
+
+ if [ $wait_time -ge $max_wait ]; then
+ log_error "Timeout waiting for chaincode commit"
+ exit 1
+ fi
+ {{- end }}
+
+ # Prepare invoke arguments
+ if [ -n "${INVOKE_ARGUMENTS}" ]; then
+ # Split arguments by comma, trim spaces, and create JSON array using jq
+ ARGS=$(echo "${INVOKE_ARGUMENTS}" | jq -R 'split(",") | map(gsub("^[[:space:]]+|[[:space:]]+$"; "")) | {Args: .}' -c)
+ else
+ ARGS='{"Args":["InitLedger","[]"]}' # Default function for testing
+ fi
+ qARGS="'${ARGS}'"
+
+ log_info "Invoke arguments: ${ARGS}"
+
+ # Build invoke command
+ INVOKE_CMD="peer chaincode invoke -o ${ORDERER_URL} --tls ${CORE_PEER_TLS_ENABLED} --cafile ${ORDERER_CA} --channelID ${CHANNEL_NAME} --name ${CHAINCODE_NAME} -c ${qARGS}"
+
+ if [ "${INIT_REQUIRED}" = "true" ]; then
+ INVOKE_CMD="${INVOKE_CMD} --isInit"
+ fi
+
+ log_info "Final invoke command: ${INVOKE_CMD}"
+
+ # Execute invoke command with retry
+ execute_with_retry "${INVOKE_CMD}" "Invoke chaincode"
+
+ log_success "Chaincode invoke completed successfully!"
+ log_info "======== INVOKE operation complete ========"
+ else
+ log_info "Invoke operation disabled, skipping..."
+ fi
+ log_success "Channel: ${CHANNEL_NAME}"
+ log_success "Chaincode: ${CHAINCODE_NAME}"
+ log_success "Version: ${CHAINCODE_VERSION}"
+ log_success "Sequence: ${CHAINCODE_SEQUENCE}"
+ if [ "$INVOKE_ENABLED" = "true" ]; then
+ log_success "Function Invoked: ${INVOKE_ARGUMENTS:-InitLedger}"
+ fi
+
+ volumeMounts:
+ - name: certificates
+ mountPath: /opt/gopath/src/github.com/hyperledger/fabric/crypto
+ readOnly: true
+ - name: orderer-tls-cacert
+ mountPath: /opt/gopath/src/github.com/hyperledger/fabric/orderer/tls/orderer.crt
+ subPath: orderer.crt
+ {{ if .Values.chaincode.pdc.enabled }}
+ - name: pdcconfig
+ mountPath: /opt/pdc
+ {{ end }}
+{{- end }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/configmap.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/configmap.yaml
new file mode 100644
index 00000000000..42d3382d230
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/templates/configmap.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.chaincode.pdc.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-collections-config
+ labels:
+ app.kubernetes.io/part-of: {{ include "fabric-chaincode-lifecycle.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ annotations:
+ helm.sh/hook-weight: "-10"
+ helm.sh/hook: "pre-install,pre-upgrade"
+ helm.sh/hook-delete-policy: "before-hook-creation"
+data:
+ collections_config.json: |
+ {{ .Values.chaincode.pdc.collectionsConfig | b64dec | nindent 4 }}
+{{- end }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/values.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/values.yaml
new file mode 100644
index 00000000000..a9515c4d9c5
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-lifecycle/values.yaml
@@ -0,0 +1,133 @@
+##############################################################################################
+# Copyright Sownak Roy. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+global:
+ # HLF Network Version
+ #Eg. version: 2.5.4
+ version: 2.5.4
+ #Provide the service account name which will be created.
+ serviceAccountName: vault-auth
+ cluster:
+ provider: aws # choose from: minikube | aws | azure | gcp
+ cloudNativeServices: false # only 'false' is implemented
+ vault:
+ #Provide the type of vault
+ #Eg. type: hashicorp
+ type: hashicorp
+ #Provide the vaultrole for an organization
+ #Eg. vaultrole: org1-vault-role
+ role: vault-role
+ #Provide the vault server address
+ #Eg. vaultaddress: http://Vault-884963190.eu-west-1.elb.amazonaws.com
+ address:
+ #Provide the kubernetes auth backed configured in vault for an organization
+ #Eg. authpath: manufacturer
+ authPath: manufacturer
+ #Provide the secret engine.
+ secretEngine: secretsv2
+ #Provide the vault path where the secrets will be stored
+ secretPrefix: "data/manufacturer"
+ #Kuberenetes secret for vault ca.cert
+ #Enable or disable TLS for vault communication if value present or not
+ #Eg. tls: vaultca
+ tls:
+
+ proxy:
+ #This will be the proxy/ingress provider. Can have values "none" or "haproxy"
+ #Eg. provider: "haproxy"
+ provider: "haproxy"
+ #This field contains the external URL of the organization
+ #Eg. externalUrlSuffix: test.blockchaincloudpoc.com
+ externalUrlSuffix: test.blockchaincloudpoc.com
+ #This field contains the external port on haproxy
+ #Eg. port: 443
+ port: 443
+
+image:
+ #Provide the valid image name for fabric tools, version will be matched with global.version
+ #Eg. fabrictools: hyperledger/fabric-tools
+ fabrictools: ghcr.io/hyperledger/bevel-fabric-tools
+ #Provide the valid image name and version to read certificates from vault server
+ #Eg. alpineutils: ghcr.io/hyperledger/bevel-alpine:latest
+ alpineutils: ghcr.io/hyperledger/bevel-alpine:latest
+ #Provide the secret to use if private repository
+ #Eg. pullSecret: regcred
+ pullSecret:
+
+peer:
+ #Provide the name of the peer as per deployment yaml.
+ #Eg. name: peer0
+ name: peer0
+ #Provide the address of the peer who creates the channel and port to be mentioned is grpc cluster IP port
+ #Eg. address: peer0.org1-net:7051
+ address: peer0.org1-net:7051
+ #Provide the localMspId for organization
+ #Eg. localMspId: Org1MSP
+ localMspId: Org1MSP
+ #Provide the logLevel for organization's peer
+ #Eg. logLevel: info
+ logLevel: debug
+ #Provide the value for tlsStatus to be true or false for organization's peer
+ #Eg. tlsStatus: true
+ tlsStatus: true
+ #Provide the address for orderer; optional is cliEnabled: false
+ #Eg. ordererAddress: orderer1.test.blockchaincloudpoc.com:443
+ ordererAddress: orderer1.supplychain-net:7050
+
+chaincode:
+ #Provide the name of the channel on which chaincode is to be committed
+ #Eg. channel: mychannel
+ channel: mychannel
+ #Provide the name of the chaincode to be commmitted
+ #Eg. name: cc
+ name: example
+ #Provide the chaincode version to be committed
+ #Eg. version: 1
+ version: 1
+ #Provide the chaincode sequence to be committed, applies to Fabric 2.2.x
+ #Eg. sequence: 1
+ sequence: 1
+ #Provide the commit arguments
+ #Eg. arguments: '"init","a","200","b","400"'
+ arguments: ""
+ #Provide the endorsement policies for the chaincode
+ #Eg.endorsementPolicies: "OR('Org1MSP.peer', 'Org2MSP.peer')"
+ endorsementPolicies: ""
+ #Provide a valid chaincode builder image for Fabric
+ #Eg. builder: hyperledger/fabric-ccenv:1.4.8
+ builder: hyperledger/fabric-ccenv:2.2.2
+ initRequired: false
+ pdc:
+ # Enable private data collections for the chaincode
+ enabled: false
+ # Collections configuration for private data collections base64 -w 0 encoded
+ collectionsConfig: ""
+
+# Endorsers configuration (for commit and invoke operation)
+endorsers:
+ - name: org1
+ corePeerAddress: peer0.org1-net:7051
+ certificate: awdadads # base64 encoded tlsca certificate
+ - name: org2
+ corePeerAddress: peer0.org2-net:7051
+ certificate: awdadads # base64 encoded tlsca certificate
+
+# Lifecycle configuration
+# Control which operations to perform
+lifecycle:
+ approve:
+ enabled: true
+ waitForInstall: true
+ commit:
+ enabled: false
+ waitForApprove: false
+ invoke:
+ enabled: false
+ waitForCommit: false
+
+# Custom labels
+labels:
+ custom: []
\ No newline at end of file
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/Chart.yaml
index 163221efaeb..5fec635d3f3 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
appVersion: "2.0"
description: "Hyperledger Fabric: Upgrades chaincode on a peer."
name: fabric-chaincode-upgrade
-version: 1.0.0
+version: 1.3.1
diff --git a/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/README.md b/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/README.md
index d2276818573..3efd3320be1 100644
--- a/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/README.md
+++ b/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/README.md
@@ -21,7 +21,7 @@
## Upgrade Chaincode Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade) for chaincode upgrade on a peer.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade) for chaincode upgrade on a peer.
@@ -61,7 +61,7 @@ fabric-chaincode-upgrade/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
### Metadata
@@ -125,7 +125,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the fabric-chaincode-upgrade Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -151,7 +151,7 @@ Replace `` with the actual namespace where the Job was created. This
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./fabric-chaincode-upgrade
```
@@ -172,7 +172,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [Upgrade Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [Upgrade Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-chaincode-upgrade), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
diff --git a/platforms/hyperledger-fabric/charts/fabric-channel-create/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-channel-create/Chart.yaml
index 46a9ce16dd2..20aa941dbcc 100644
--- a/platforms/hyperledger-fabric/charts/fabric-channel-create/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-channel-create/Chart.yaml
@@ -7,7 +7,7 @@
apiVersion: v1
name: fabric-channel-create
description: "Hyperledger Fabric: Creates channel"
-version: 1.1.0
+version: 1.3.1
appVersion: latest
keywords:
- bevel
@@ -20,7 +20,7 @@ keywords:
- accenture
home: https://hyperledger-bevel.readthedocs.io/en/latest/
sources:
- - https://github.com/hyperledger/bevel
+ - https://github.com/hyperledger-bevel/bevel
maintainers:
- name: Hyperledger Bevel maintainers
- email: bevel@lists.hyperledger.org
+ email: bevel@lists.lfdecentralizedtrust.org
diff --git a/platforms/hyperledger-fabric/charts/fabric-channel-join/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-channel-join/Chart.yaml
index 4b659443cc8..bedba111f74 100644
--- a/platforms/hyperledger-fabric/charts/fabric-channel-join/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-channel-join/Chart.yaml
@@ -7,7 +7,7 @@
apiVersion: v1
name: fabric-channel-join
description: "Hyperledger Fabric: Joins the peer to the channel."
-version: 1.1.0
+version: 1.3.1
appVersion: latest
keywords:
- bevel
@@ -20,7 +20,7 @@ keywords:
- accenture
home: https://hyperledger-bevel.readthedocs.io/en/latest/
sources:
- - https://github.com/hyperledger/bevel
+ - https://github.com/hyperledger-bevel/bevel
maintainers:
- name: Hyperledger Bevel maintainers
- email: bevel@lists.hyperledger.org
+ email: bevel@lists.lfdecentralizedtrust.org
diff --git a/platforms/hyperledger-fabric/charts/fabric-channel-join/templates/anchorpeer.yaml b/platforms/hyperledger-fabric/charts/fabric-channel-join/templates/anchorpeer.yaml
index fc00cfb7863..2d0b1738027 100644
--- a/platforms/hyperledger-fabric/charts/fabric-channel-join/templates/anchorpeer.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-channel-join/templates/anchorpeer.yaml
@@ -176,24 +176,24 @@ spec:
configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
jq .data.data[0].payload.data.config config_block.json >"${CORE_PEER_LOCALMSPID}config.json"
- CHECK_ANCHOR=$(jq '.channel_group.groups.Application.groups.'${CORE_PEER_LOCALMSPID}'.values.AnchorPeers.value.anchor_peers' ${CORE_PEER_LOCALMSPID}config.json)
+ CHECK_ANCHOR=$(jq '.channel_group.groups.Application.groups."'${CORE_PEER_LOCALMSPID}'".values.AnchorPeers.value.anchor_peers' ${CORE_PEER_LOCALMSPID}config.json)
PORT="${CORE_PEER_ADDRESS##*:}"
HOST="${CORE_PEER_ADDRESS%%:*}"
if echo "$CHECK_ANCHOR" | grep -q "$HOST"; then
echo "The anchopeer has already been created"
else
- jq '.channel_group.groups.Application.groups.'${CORE_PEER_LOCALMSPID}'.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "'$HOST'","port": '$PORT'}]},"version": "0"}}' ${CORE_PEER_LOCALMSPID}config.json > ${CORE_PEER_LOCALMSPID}modified_config.json
+ jq '.channel_group.groups.Application.groups."'${CORE_PEER_LOCALMSPID}'".values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "'$HOST'","port": '$PORT'}]},"version": "0"}}' ${CORE_PEER_LOCALMSPID}config.json > ${CORE_PEER_LOCALMSPID}modified_config.json
configtxlator proto_encode --input "${CORE_PEER_LOCALMSPID}config.json" --type common.Config --output original_config.pb
configtxlator proto_encode --input "${CORE_PEER_LOCALMSPID}modified_config.json" --type common.Config --output modified_config.pb
configtxlator compute_update --channel_id "${CHANNEL_NAME}" --original original_config.pb --updated modified_config.pb --output config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
- echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
+ echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output "${CORE_PEER_LOCALMSPID}anchors.tx"
peer channel update -o ${ORDERER_URL} -c ${CHANNEL_NAME} -f ${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile ${ORDERER_CA}
- fi
+ fi
else
echo "Updating anchor peer for the channel ${CHANNEL_NAME}"
tls_status=${CORE_PEER_TLS_ENABLED}
diff --git a/platforms/hyperledger-fabric/charts/fabric-cli/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-cli/Chart.yaml
index 0bc0fd2ec8b..b87890ec5e9 100644
--- a/platforms/hyperledger-fabric/charts/fabric-cli/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-cli/Chart.yaml
@@ -7,7 +7,7 @@
apiVersion: v1
name: fabric-cli
description: "Hyperledger Fabric: Deploys Fabric CLI"
-version: 1.1.0
+version: 1.3.1
appVersion: latest
keywords:
- bevel
@@ -20,8 +20,8 @@ keywords:
- accenture
home: https://hyperledger-bevel.readthedocs.io/en/latest/
sources:
- - https://github.com/hyperledger/bevel
+ - https://github.com/hyperledger-bevel/bevel
maintainers:
- name: Hyperledger Bevel maintainers
- email: bevel@lists.hyperledger.org
+ email: bevel@lists.lfdecentralizedtrust.org
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/Chart.yaml
index 8e3d116f235..ffc81e6a66f 100644
--- a/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
appVersion: "2.0"
description: "Hyperledger Fabric: Installs external chaincode."
name: fabric-external-chaincode-install
-version: 1.0.0
+version: 1.3.1
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/README.md b/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/README.md
index da4aae8531d..20ebb2e630c 100644
--- a/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/README.md
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/README.md
@@ -21,7 +21,7 @@
## Install External Chaincode Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install) for external chaincode installation.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install) for external chaincode installation.
@@ -61,7 +61,7 @@ fabric-external-chaincode-install/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
### Metadata
@@ -117,7 +117,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the fabric-external-chaincode-install Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -143,7 +143,7 @@ Replace `` with the actual namespace where the Job was created. This
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./fabric-external-chaincode-install
```
@@ -164,7 +164,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [Install External Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [Install External Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode-install), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/.helmignore b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/.helmignore
new file mode 100644
index 00000000000..014fa775608
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+generated_config/
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/Chart.yaml
index d107457f590..11741a7ccf9 100644
--- a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/Chart.yaml
@@ -5,7 +5,21 @@
##############################################################################################
apiVersion: v1
-appVersion: "2.0"
-description: "Hyperledger Fabric: Deploys external chaincode server."
name: fabric-external-chaincode
-version: 1.0.0
+description: "A Helm chart for Hyperledger Fabric external chaincode installation and deployment."
+version: 1.3.4
+appVersion: latest
+keywords:
+ - bevel
+ - hlf
+ - fabric
+ - hyperledger
+ - enterprise
+ - blockchain
+ - deployment
+home: https://hyperledger-bevel.readthedocs.io/en/latest/
+sources:
+ - https://github.com/hyperledger-bevel/bevel
+maintainers:
+ - name: Hyperledger Bevel maintainers
+ email: bevel@lists.lfdecentralizedtrust.org
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/README.md b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/README.md
index e3835378bd1..9d985fd2624 100644
--- a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/README.md
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/README.md
@@ -21,7 +21,7 @@
## External Chaincode Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-external-chaincode) for external chaincode server deployment.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-external-chaincode) for external chaincode server deployment.
@@ -63,7 +63,7 @@ fabric-external-chaincode/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-external-chaincode/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/fabric-external-chaincode/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
### Metadata
@@ -118,7 +118,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the fabric-external-chaincode Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -144,7 +144,7 @@ Replace `` with the actual namespace where the deployment was created
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./fabric-external-chaincode
```
@@ -165,7 +165,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [External Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [External Chaincode Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/fabric-external-chaincode), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/_helpers.tpl b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/_helpers.tpl
index 390a404650d..fd06aecd447 100644
--- a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/_helpers.tpl
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/_helpers.tpl
@@ -1,35 +1,62 @@
-{{- define "labels.custom" }}
- {{ range $key, $val := $.Values.metadata.labels }}
- {{ $key }}: {{ $val }}
- {{ end }}
-{{- end }}
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "fabric-external-chaincode.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "fabric-external-chaincode.fullname" -}}
+{{- $name := default .Chart.Name -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" $name .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "fabric-external-chaincode.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Get the orderer TLS cacert ConfigMap name
+Tries multiple possible names in order of preference
+*/}}
+{{- define "ordererConfigMap" -}}
+{{- $namespace := .Release.Namespace -}}
+{{- $kubectlCmd := printf "kubectl get configmap -n %s" $namespace -}}
+{{- if (lookup "v1" "ConfigMap" $namespace "orderer-tls-cacert") -}}
+orderer-tls-cacert
+{{- else if (lookup "v1" "ConfigMap" $namespace "peer0-orderer-tls-cacert") -}}
+peer0-orderer-tls-cacert
+{{- else -}}
+orderer-tls-cacert
+{{- end -}}
+{{- end -}}
{{- define "labels.deployment" -}}
-{{- if $.Values.labels }}
-{{- range $key, $value := $.Values.labels.deployment }}
-{{- range $k, $v := $value }}
- {{ $k }}: {{ $v | quote }}
-{{- end }}
-{{- end }}
+{{- range $value := .Values.labels.deployment }}
+{{ toYaml $value }}
{{- end }}
{{- end }}
{{- define "labels.service" -}}
-{{- if $.Values.labels }}
-{{- range $key, $value := $.Values.labels.service }}
-{{- range $k, $v := $value }}
- {{ $k }}: {{ $v | quote }}
-{{- end }}
-{{- end }}
+{{- range $value := .Values.labels.service }}
+{{ toYaml $value }}
{{- end }}
{{- end }}
{{- define "labels.pvc" -}}
-{{- if $.Values.labels }}
-{{- range $key, $value := $.Values.labels.pvc }}
-{{- range $k, $v := $value }}
- {{ $k }}: {{ $v | quote }}
-{{- end }}
+{{- range $value := .Values.labels.pvc }}
+{{ toYaml $value }}
{{- end }}
{{- end }}
-{{- end }}
\ No newline at end of file
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/configmap.yaml b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/configmap.yaml
new file mode 100644
index 00000000000..cd44bde93b9
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/configmap.yaml
@@ -0,0 +1,485 @@
+{{- if .Values.chaincode.tls }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-scripts
+ labels:
+ app.kubernetes.io/name: chaincode-crypto-scripts
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/part-of: {{ include "fabric-external-chaincode.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ annotations:
+ helm.sh/hook-weight: "-10"
+ helm.sh/hook: "pre-install,pre-upgrade"
+ helm.sh/hook-delete-policy: "before-hook-creation"
+data:
+ generate-crypto-chaincode-peer.sh: |
+ #!/bin/bash
+ echo "Generating TLS certificates for external chaincode $CHAINCODE_NAME"
+ set -x
+
+ CURRENT_DIR=${PWD}
+ FULLY_QUALIFIED_ORG_NAME="{{ .Release.Namespace }}"
+ ID_NAME="{{ .Values.certs.orgData.orgName }}-{{ .Values.chaincode.name }}"
+ REFRESH_CERT_VALUE="{{ .Values.certs.refreshCertValue }}"
+ AFFILIATION="{{ .Values.certs.orgData.orgName }}"
+ SUBJECT="{{ .Values.certs.orgData.componentSubject }}"
+ CA="{{ .Values.certs.orgData.caAddress }}"
+ CA_ADMIN_USER="{{ .Values.certs.orgData.caAdminUser }}"
+ CA_ADMIN_PASS="{{ .Values.certs.orgData.caAdminPassword }}"
+
+ # Local variables
+ ORG_CYPTO_FOLDER="/crypto-config/peerOrganizations/${FULLY_QUALIFIED_ORG_NAME}"
+ ROOT_TLS_CERT="/crypto-config/ca/ca.${FULLY_QUALIFIED_ORG_NAME}-cert.pem"
+
+ CAS_FOLDER="${HOME}/ca-tools/cas/ca"
+ ORG_HOME="${HOME}/ca-tools/org"
+
+ ## Register and enroll chaincode cert for peer
+ # Get the user identity
+ ORG_USER="${ID_NAME}@${FULLY_QUALIFIED_ORG_NAME}"
+ ORG_USERPASS="${ID_NAME}@${FULLY_QUALIFIED_ORG_NAME}-pw"
+ ADMIN_USER="Admin@${FULLY_QUALIFIED_ORG_NAME}"
+ ADMIN_USERPASS="Admin@${FULLY_QUALIFIED_ORG_NAME}-pw"
+
+ fabric-ca-client enroll -d -u https://${CA_ADMIN_USER}:${CA_ADMIN_PASS}@${CA} --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER}
+
+ # Checking if the user msp folder exists in the CA server
+ if [ ${REFRESH_CERT_VALUE} = "false" ]; then
+ ## Register and enroll User for Org
+ fabric-ca-client register -d --id.name ${ORG_USER} --id.secret ${ORG_USERPASS} --id.type app --csr.names "${SUBJECT}" --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER}
+
+ # Enroll the registered user to generate enrollment certificate
+ fabric-ca-client enroll -d -u https://${ORG_USER}:${ORG_USERPASS}@${CA} --tls.certfiles ${ROOT_TLS_CERT} --home ${ORG_HOME}/client${ID_NAME}
+
+ mkdir ${ORG_HOME}/client${ID_NAME}/msp/admincerts
+ cp ${ORG_HOME}/client${ID_NAME}/msp/signcerts/* ${ORG_HOME}/client${ID_NAME}/msp/admincerts/${ORG_USER}-cert.pem
+
+ mkdir -p ${ORG_CYPTO_FOLDER}/users/${ORG_USER}
+ cp -R ${ORG_HOME}/client${ID_NAME}/msp ${ORG_CYPTO_FOLDER}/users/${ORG_USER}
+
+ # Get TLS cert for user and copy to appropriate location
+ fabric-ca-client enroll -d --enrollment.profile tls -u https://${ORG_USER}:${ORG_USERPASS}@${CA} -M ${ORG_HOME}/client${ID_NAME}/tls --tls.certfiles ${ROOT_TLS_CERT}
+
+ # Copy the TLS key and cert to the appropriate place
+ mkdir -p ${ORG_CYPTO_FOLDER}/users/${ORG_USER}/tls
+ cp ${ORG_HOME}/client${ID_NAME}/tls/keystore/* ${ORG_CYPTO_FOLDER}/users/${ORG_USER}/tls/client.key
+ cp ${ORG_HOME}/client${ID_NAME}/tls/signcerts/* ${ORG_CYPTO_FOLDER}/users/${ORG_USER}/tls/client.crt
+ cp ${ORG_HOME}/client${ID_NAME}/tls/tlscacerts/* ${ORG_CYPTO_FOLDER}/users/${ORG_USER}/tls/ca.crt
+
+ else # If User certificate exists, recreate
+
+ # Current datetime + 5 minutes | e.g. 20210302182036
+ CUR_DATETIME=$(date -d "$(echo $(date)' + 5 minutes')" +'%Y%m%d%H%M%S')
+
+ # Extracting "notAfter" datetime from the existing user certificate | e.g. 20210302182036
+ CERT_DATETIME=$(date -d "$(echo $(openssl x509 -noout -enddate < ${ORG_HOME}/client${ID_NAME}/msp/signcerts/cert.pem) | sed 's/notAfter=//g')" +'%Y%m%d%H%M%S')
+
+ # In case the certificate is expired or attrs key and value pairs do not match completly, generate a new certificate for the user
+ if [ "${CUR_DATETIME}" -ge "$CERT_DATETIME" ]; then
+
+ # Generate a new enrollment certificate
+ fabric-ca-client enroll -d -u https://${ORG_USER}:${ORG_USERPASS}@${CA} --tls.certfiles ${ROOT_TLS_CERT} --home ${ORG_HOME}/client${ID_NAME}
+
+ cp ${ORG_HOME}/client${ID_NAME}/msp/signcerts/* ${ORG_HOME}/client${ID_NAME}/msp/admincerts/${ORG_USER}-cert.pem
+ cp -R ${ORG_HOME}/client${ID_NAME}/msp ${ORG_CYPTO_FOLDER}/users/${ORG_USER}
+
+ # Get TLS cert for user and copy to appropriate location
+ fabric-ca-client enroll -d --enrollment.profile tls -u https://${ORG_USER}:${ORG_USERPASS}@${CA} -M ${ORG_HOME}/client${ID_NAME}/tls --tls.certfiles ${ROOT_TLS_CERT}
+
+ # Copy the TLS key and cert to the appropriate place
+ cp ${ORG_HOME}/client${ID_NAME}/tls/keystore/* ${ORG_CYPTO_FOLDER}/users/${ORG_USER}/tls/client.key
+ cp ${ORG_HOME}/client${ID_NAME}/tls/signcerts/* ${ORG_CYPTO_FOLDER}/users/${ORG_USER}/tls/client.crt
+ cp ${ORG_HOME}/client${ID_NAME}/tls/tlscacerts/* ${ORG_CYPTO_FOLDER}/users/${ORG_USER}/tls/ca.crt
+ fi
+ fi
+
+ # Create marker file to indicate certificates are generated
+ touch /crypto-config/${ID_NAME}-certs-generated
+ cd ${CURRENT_DIR}
+
+ generate-crypto-chaincode-server.sh: |-
+ #!/bin/bash
+ set -x
+
+ REFRESH_CERT_VALUE="{{ .Values.certs.refreshCertValue }}"
+ FULLY_QUALIFIED_ORG_NAME="{{ .Release.Namespace }}"
+ # chaincode_name
+ CHAINCODE_NAME={{ .Values.chaincode.name }}
+ # chaincode hostname
+ HOST="{{ .Release.Name }}.{{ .Release.Namespace }}"
+ # chaincode version
+ VERSION={{ .Values.chaincode.version }}
+ # CA Server url
+ AFFILIATION="{{ .Values.certs.orgData.orgName }}"
+ SUBJECT="{{ .Values.certs.orgData.componentSubject }}"
+ CA="{{ .Values.certs.orgData.caAddress }}"
+ CA_ADMIN_USER="{{ .Values.certs.orgData.caAdminUser }}"
+ CA_ADMIN_PASS="{{ .Values.certs.orgData.caAdminPassword }}"
+
+ # Local variables
+ CURRENT_DIR=${PWD}
+ ORG_CYPTO_FOLDER="/crypto-config/peerOrganizations/${FULLY_QUALIFIED_ORG_NAME}"
+ ROOT_TLS_CERT="/crypto-config/ca/ca.${FULLY_QUALIFIED_ORG_NAME}-cert.pem"
+ CAS_FOLDER="${HOME}/ca-tools/cas/ca"
+ ORG_HOME="${HOME}/ca-tools/org"
+
+ ## Register and enroll chaincode cert for peer
+ # Get the user identity
+ ORG_USER="${CHAINCODE_NAME}-${VERSION}@${FULLY_QUALIFIED_ORG_NAME}"
+ ORG_USERPASS="${CHAINCODE_NAME}-${VERSION}@${FULLY_QUALIFIED_ORG_NAME}-pw"
+
+ fabric-ca-client enroll -d -u https://${CA_ADMIN_USER}:${CA_ADMIN_PASS}@${CA} --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER}
+
+ # Checking if the user msp folder exists in the CA server
+ if [ ${REFRESH_CERT_VALUE} = "false" ]; then
+
+ ## Register and enroll User for Org
+ fabric-ca-client register -d --id.name ${ORG_USER} --id.secret ${ORG_USERPASS} --id.type chaincode --csr.names "${SUBJECT}" --tls.certfiles ${ROOT_TLS_CERT} --home ${CAS_FOLDER}
+
+ # Enroll the registered user to generate enrollment certificate
+ fabric-ca-client enroll -d -u https://${ORG_USER}:${ORG_USERPASS}@${CA} --csr.names "${SUBJECT}" --tls.certfiles ${ROOT_TLS_CERT} --home ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}
+
+ mkdir ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/msp/admincerts
+ cp ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/msp/signcerts/* ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/msp/admincerts/${ORG_USER}-cert.pem
+
+ mkdir -p ${ORG_CYPTO_FOLDER}/chaincodes/${ORG_USER}
+ cp -R ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/msp ${ORG_CYPTO_FOLDER}/chaincodes/${ORG_USER}
+
+ # Get TLS cert for user and copy to appropriate location
+ fabric-ca-client enroll -d --enrollment.profile tls -u https://${ORG_USER}:${ORG_USERPASS}@${CA} -M ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/tls --tls.certfiles ${ROOT_TLS_CERT} --csr.hosts "${HOST}"
+
+ # Copy the TLS key and cert to the appropriate place
+ mkdir -p ${ORG_CYPTO_FOLDER}/chaincodes/${ORG_USER}/tls
+ cp ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/tls/keystore/* ${ORG_CYPTO_FOLDER}/chaincodes/${ORG_USER}/tls/client.key
+ cp ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/tls/signcerts/* ${ORG_CYPTO_FOLDER}/chaincodes/${ORG_USER}/tls/client.crt
+ cp ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/tls/tlscacerts/* ${ORG_CYPTO_FOLDER}/chaincodes/${ORG_USER}/tls/ca.crt
+
+ else # If User certificate exists, renew
+
+ # Current datetime + 5 minutes | e.g. 20210302182036
+ CUR_DATETIME=$(date -d "$(echo $(date)' + 5 minutes')" +'%Y%m%d%H%M%S')
+
+ # Extracting "notAfter" datetime from the existing user certificate | e.g. 20210302182036
+ CERT_DATETIME=$(date -d "$(echo $(openssl x509 -noout -enddate < ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/msp/signcerts/cert.pem) | sed 's/notAfter=//g')" +'%Y%m%d%H%M%S')
+
+ # In case the certificate is expired or attrs key and value pairs do not match completly, generate a new certificate for the user
+ if [ "${CUR_DATETIME}" -ge "$CERT_DATETIME" ]; then
+
+ # Generate a new enrollment certificate
+ fabric-ca-client enroll -d -u https://${ORG_USER}:${ORG_USERPASS}@${CA} --csr.names "${SUBJECT}" --tls.certfiles ${ROOT_TLS_CERT} --home ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}
+
+ cp ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/msp/signcerts/* ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/msp/admincerts/${ORG_USER}-cert.pem
+ cp -R ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/msp ${ORG_CYPTO_FOLDER}/chaincodes/${ORG_USER}
+
+ # Get TLS cert for user and copy to appropriate location
+ fabric-ca-client enroll -d --enrollment.profile tls -u https://${ORG_USER}:${ORG_USERPASS}@${CA} -M ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/tls --tls.certfiles ${ROOT_TLS_CERT} --csr.hosts "${HOST}"
+
+ # Copy the TLS key and cert to the appropriate place
+ cp ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/tls/keystore/* ${ORG_CYPTO_FOLDER}/chaincodes/${ORG_USER}/tls/client.key
+ cp ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/tls/signcerts/* ${ORG_CYPTO_FOLDER}/chaincodes/${ORG_USER}/tls/client.crt
+ cp ${ORG_HOME}/chaincodes/${CHAINCODE_NAME}/v${VERSION}/tls/tlscacerts/* ${ORG_CYPTO_FOLDER}/chaincodes/${ORG_USER}/tls/ca.crt
+ fi
+ fi
+
+ # Create marker file to indicate certificates are generated
+ touch /crypto-config/${CHAINCODE_NAME}-${VERSION}-certs-generated
+ cd ${CURRENT_DIR}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Release.Name }}-savecerts
+ labels:
+ app.kubernetes.io/name: store-keys-vault-script
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ app.kubernetes.io/part-of: {{ include "fabric-external-chaincode.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ annotations:
+ helm.sh/hook-weight: "-10"
+ helm.sh/hook: "pre-install,pre-upgrade"
+ helm.sh/hook-delete-policy: "before-hook-creation"
+data:
+ store-vault-server.sh: |-
+ #!/bin/bash
+
+ # Environment variables
+ COMPONENT_NAME="{{ .Release.Namespace }}"
+ CHAINCODE_NAME="{{ .Values.chaincode.name }}"
+ VERSION="{{ .Values.chaincode.version }}"
+ REFRESH_CERT_VALUE="{{ .Values.certs.refreshCertValue }}"
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ VAULT_SECRET_ENGINE="{{ .Values.global.vault.secretEngine }}"
+ VAULT_SECRET_PREFIX="{{ .Values.global.vault.secretPrefix }}"
+ {{- end }}
+
+ formatCertificate () {
+ NAME="${1##*/}"
+ base64 -w 0 "${1}" > "${2}/${NAME}.txt"
+ }
+
+ function saveServerSecrets {
+ USER=$1
+ K8S_USER=$(echo ${USER} | cut -d'@' -f1)
+ TLS_KEY=${K8S_USER}-tls
+ MSP_KEY=${K8S_USER}-msp
+
+ ORG_CYPTO_CC_FOLDER="/crypto-config/peerOrganizations/${COMPONENT_NAME}/chaincodes"
+
+ echo "Storing secrets for server user: ${USER}"
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ . ../bevel-vault.sh
+ # Calling a function to retrieve the vault token.
+ vaultBevelFunc "init"
+
+ FORMAT_CERTIFICATE_PATH="/formatcertificate"
+
+ mkdir -p ${FORMAT_CERTIFICATE_PATH}/${USER}/tls
+ mkdir -p ${FORMAT_CERTIFICATE_PATH}/${USER}/msp
+ mkdir -p ${FORMAT_CERTIFICATE_PATH}/${USER}/msp/cacerts
+ mkdir -p ${FORMAT_CERTIFICATE_PATH}/${USER}/msp/tlscacerts
+
+ # Store TLS certificates in Vault and K8s
+ if [ ! -e /crypto-config/${TLS_KEY}-exists ] || [ "$REFRESH_CERT_VALUE" = "true" ]; then
+ echo "Processing TLS certificates for ${USER}"
+
+ # This commands put the certificates with correct format for the curl command
+ formatCertificate "${ORG_CYPTO_CC_FOLDER}/${USER}/tls/ca.crt" "${FORMAT_CERTIFICATE_PATH}/${USER}/tls"
+ formatCertificate "${ORG_CYPTO_CC_FOLDER}/${USER}/tls/client.crt" "${FORMAT_CERTIFICATE_PATH}/${USER}/tls"
+ formatCertificate "${ORG_CYPTO_CC_FOLDER}/${USER}/tls/client.key" "${FORMAT_CERTIFICATE_PATH}/${USER}/tls"
+
+ CA_CRT=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/tls/ca.crt.txt)
+ CLIENT_CRT=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/tls/client.crt.txt)
+ CLIENT_KEY=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/tls/client.key.txt)
+
+ echo "
+ {
+ \"data\":
+ {
+ \"ca_crt\": \"${CA_CRT}\",
+ \"client_crt\": \"${CLIENT_CRT}\",
+ \"client_key\": \"${CLIENT_KEY}\"
+ }
+ }" > payload.json
+
+ # This command copy the crypto material for users (tls)
+ vaultBevelFunc 'write' "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/chaincodes/${TLS_KEY}" 'payload.json'
+ rm payload.json
+
+ # Mark TLS as stored
+ touch /crypto-config/${TLS_KEY}-exists
+ fi
+
+ # Store MSP certificates in Vault and K8s
+ if [ ! -e /crypto-config/${MSP_KEY}-exists ] || [ "$REFRESH_CERT_VALUE" = "true" ]; then
+ echo "Processing MSP certificates for ${USER}"
+
+ # This commands put the certificates with correct format for the curl command
+ SK_NAME=$(find ${ORG_CYPTO_CC_FOLDER}/${USER}/msp/keystore/ -name "*_sk")
+ formatCertificate "${ORG_CYPTO_CC_FOLDER}/${USER}/msp/admincerts/${USER}-cert.pem" "${FORMAT_CERTIFICATE_PATH}/${USER}/msp"
+ formatCertificate "${SK_NAME}" "${FORMAT_CERTIFICATE_PATH}/${USER}/msp"
+ formatCertificate "${ORG_CYPTO_CC_FOLDER}/${USER}/msp/signcerts/cert.pem" "${FORMAT_CERTIFICATE_PATH}/${USER}/msp"
+
+ ADMINCERTS=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/msp/${USER}-cert.pem.txt)
+ KEYSTORE=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/msp/*_sk.txt)
+ SIGNCERTS=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/msp/cert.pem.txt)
+
+ echo "
+ {
+ \"data\":
+ {
+ \"admincerts\": \"${ADMINCERTS}\",
+ \"keystore\": \"${KEYSTORE}\",
+ \"signcerts\": \"${SIGNCERTS}\"
+ }
+ }" > payload.json
+
+ #This command copy the msp certificates to the Vault
+ vaultBevelFunc 'write' "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/chaincodes/${MSP_KEY}" 'payload.json'
+ rm payload.json
+
+ # Mark MSP as stored
+ touch /crypto-config/${MSP_KEY}-exists
+ fi
+ {{- end }}
+
+ # Store TLS certificates in Kubernetes secrets
+ if [ ! -e /crypto-config/${TLS_KEY}-k8s-exists ] || [ "$REFRESH_CERT_VALUE" = "true" ]; then
+ kubectl get secret --namespace ${COMPONENT_NAME} ${TLS_KEY} >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ # Delete the secret if exists
+ kubectl delete secret --namespace ${COMPONENT_NAME} ${TLS_KEY}
+ fi
+
+ kubectl create secret generic ${TLS_KEY} --namespace ${COMPONENT_NAME} \
+ --from-file=cacrt=${ORG_CYPTO_CC_FOLDER}/${USER}/tls/ca.crt \
+ --from-file=clientcrt=${ORG_CYPTO_CC_FOLDER}/${USER}/tls/client.crt \
+ --from-file=clientkey=${ORG_CYPTO_CC_FOLDER}/${USER}/tls/client.key
+
+ touch /crypto-config/${TLS_KEY}-k8s-exists
+ fi
+
+ # Store MSP certificates in Kubernetes secrets
+ if [ ! -e /crypto-config/${MSP_KEY}-k8s-exists ] || [ "$REFRESH_CERT_VALUE" = "true" ]; then
+ SK_NAME=$(find ${ORG_CYPTO_CC_FOLDER}/${USER}/msp/keystore/ -name "*_sk")
+ kubectl get secret --namespace ${COMPONENT_NAME} ${MSP_KEY} >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ # Delete the secret if exists
+ kubectl delete secret --namespace ${COMPONENT_NAME} ${MSP_KEY}
+ fi
+ kubectl create secret generic ${MSP_KEY} --namespace ${COMPONENT_NAME} \
+ --from-file=admincerts=${ORG_CYPTO_CC_FOLDER}/${USER}/msp/admincerts/${USER}-cert.pem \
+ --from-file=keystore=${SK_NAME} \
+ --from-file=signcerts=${ORG_CYPTO_CC_FOLDER}/${USER}/msp/signcerts/cert.pem
+
+ touch /crypto-config/${MSP_KEY}-k8s-exists
+ fi
+ echo "${USER} certificates are successfully stored in both Vault and Kubernetes."
+ }
+
+ echo "Proceeding with storage of certificates..."
+ saveServerSecrets "${CHAINCODE_NAME}-${VERSION}@${COMPONENT_NAME}"
+
+ store-vault-chaincode.sh: |-
+ #!/bin/bash
+
+ # Environment variables
+ COMPONENT_NAME="{{ .Release.Namespace }}"
+ ID_NAME="{{ .Values.certs.orgData.orgName }}-{{ .Values.chaincode.name }}"
+ REFRESH_CERT_VALUE="{{ .Values.certs.refreshCertValue }}"
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ VAULT_SECRET_ENGINE="{{ .Values.global.vault.secretEngine }}"
+ VAULT_SECRET_PREFIX="{{ .Values.global.vault.secretPrefix }}"
+ {{- end }}
+
+ formatCertificate () {
+ NAME="${1##*/}"
+ base64 -w 0 "${1}" > "${2}/${NAME}.txt"
+ }
+
+ function saveChaincodeSecrets {
+ USER=$1
+ K8S_USER=$(echo ${USER} | cut -d'@' -f1)
+ TLS_KEY=${K8S_USER}-tls
+ MSP_KEY=${K8S_USER}-msp
+
+ ORG_CYPTO_USERS_FOLDER="/crypto-config/peerOrganizations/${COMPONENT_NAME}/users"
+
+ echo "Storing secrets for chaincode user: ${USER}"
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ . ../bevel-vault.sh
+ # Calling a function to retrieve the vault token.
+ vaultBevelFunc "init"
+
+ FORMAT_CERTIFICATE_PATH="/formatcertificate"
+
+ mkdir -p ${FORMAT_CERTIFICATE_PATH}/${USER}/tls
+ mkdir -p ${FORMAT_CERTIFICATE_PATH}/${USER}/msp
+ mkdir -p ${FORMAT_CERTIFICATE_PATH}/${USER}/msp/cacerts
+ mkdir -p ${FORMAT_CERTIFICATE_PATH}/${USER}/msp/tlscacerts
+
+ # Store TLS certificates in Vault
+ if [ ! -e /crypto-config/${TLS_KEY}-exists ] || [ "$REFRESH_CERT_VALUE" = "true" ]; then
+ echo "Processing TLS certificates for ${USER}"
+
+ # This commands put the certificates with correct format for the curl command
+ formatCertificate "${ORG_CYPTO_USERS_FOLDER}/${USER}/tls/ca.crt" "${FORMAT_CERTIFICATE_PATH}/${USER}/tls"
+ formatCertificate "${ORG_CYPTO_USERS_FOLDER}/${USER}/tls/client.crt" "${FORMAT_CERTIFICATE_PATH}/${USER}/tls"
+ formatCertificate "${ORG_CYPTO_USERS_FOLDER}/${USER}/tls/client.key" "${FORMAT_CERTIFICATE_PATH}/${USER}/tls"
+
+ CA_CRT=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/tls/ca.crt.txt)
+ CLIENT_CRT=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/tls/client.crt.txt)
+ CLIENT_KEY=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/tls/client.key.txt)
+
+ echo "
+ {
+ \"data\":
+ {
+ \"ca_crt\": \"${CA_CRT}\",
+ \"client_crt\": \"${CLIENT_CRT}\",
+ \"client_key\": \"${CLIENT_KEY}\"
+ }
+ }" > payload.json
+
+ # This command copy the crypto material for users (tls)
+ vaultBevelFunc 'write' "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/users/${TLS_KEY}" 'payload.json'
+ rm payload.json
+
+ # Mark TLS as stored
+ touch /crypto-config/${TLS_KEY}-exists
+ fi
+
+ # Store MSP certificates in Vault
+ if [ ! -e /crypto-config/${MSP_KEY}-exists ] || [ "$REFRESH_CERT_VALUE" = "true" ]; then
+ echo "Processing MSP certificates for ${USER}"
+
+ # This commands put the certificates with correct format for the curl command
+ SK_NAME=$(find ${ORG_CYPTO_USERS_FOLDER}/${USER}/msp/keystore/ -name "*_sk")
+ formatCertificate "${ORG_CYPTO_USERS_FOLDER}/${USER}/msp/admincerts/${USER}-cert.pem" "${FORMAT_CERTIFICATE_PATH}/${USER}/msp"
+ formatCertificate "${SK_NAME}" "${FORMAT_CERTIFICATE_PATH}/${USER}/msp"
+ formatCertificate "${ORG_CYPTO_USERS_FOLDER}/${USER}/msp/signcerts/cert.pem" "${FORMAT_CERTIFICATE_PATH}/${USER}/msp"
+
+ ADMINCERTS=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/msp/${USER}-cert.pem.txt)
+ KEYSTORE=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/msp/*_sk.txt)
+ SIGNCERTS=$(cat ${FORMAT_CERTIFICATE_PATH}/${USER}/msp/cert.pem.txt)
+
+ echo "
+ {
+ \"data\":
+ {
+ \"admincerts\": \"${ADMINCERTS}\",
+ \"keystore\": \"${KEYSTORE}\",
+ \"signcerts\": \"${SIGNCERTS}\"
+ }
+ }" > payload.json
+
+ #This command copy the msp certificates to the Vault
+ vaultBevelFunc 'write' "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/users/${MSP_KEY}" 'payload.json'
+ rm payload.json
+
+ # Mark MSP as stored
+ touch /crypto-config/${MSP_KEY}-exists
+ fi
+ {{- end }}
+
+ # Store TLS certificates in Kubernetes secrets
+ if [ ! -e /crypto-config/${TLS_KEY}-k8s-exists ] || [ "$REFRESH_CERT_VALUE" = "true" ]; then
+ kubectl get secret --namespace ${COMPONENT_NAME} ${TLS_KEY} >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ # Delete the secret if exists
+ kubectl delete secret --namespace ${COMPONENT_NAME} ${TLS_KEY}
+ fi
+
+ kubectl create secret generic ${TLS_KEY} --namespace ${COMPONENT_NAME} \
+ --from-file=cacrt=${ORG_CYPTO_USERS_FOLDER}/${USER}/tls/ca.crt \
+ --from-file=clientcrt=${ORG_CYPTO_USERS_FOLDER}/${USER}/tls/client.crt \
+ --from-file=clientkey=${ORG_CYPTO_USERS_FOLDER}/${USER}/tls/client.key
+
+ touch /crypto-config/${TLS_KEY}-k8s-exists
+ fi
+
+ # Store MSP certificates in Kubernetes secrets
+ if [ ! -e /crypto-config/${MSP_KEY}-k8s-exists ] || [ "$REFRESH_CERT_VALUE" = "true" ]; then
+ SK_NAME=$(find ${ORG_CYPTO_USERS_FOLDER}/${USER}/msp/keystore/ -name "*_sk")
+ kubectl get secret --namespace ${COMPONENT_NAME} ${MSP_KEY} >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ # Delete the secret if exists
+ kubectl delete secret --namespace ${COMPONENT_NAME} ${MSP_KEY}
+ fi
+ kubectl create secret generic ${MSP_KEY} --namespace ${COMPONENT_NAME} \
+ --from-file=admincerts=${ORG_CYPTO_USERS_FOLDER}/${USER}/msp/admincerts/${USER}-cert.pem \
+ --from-file=keystore=${SK_NAME} \
+ --from-file=signcerts=${ORG_CYPTO_USERS_FOLDER}/${USER}/msp/signcerts/cert.pem
+
+ touch /crypto-config/${MSP_KEY}-k8s-exists
+ fi
+ echo "${USER} certificates are successfully stored in both Vault and Kubernetes."
+ }
+
+ echo "Proceeding with storage of certificates..."
+ saveChaincodeSecrets "${ID_NAME}@${COMPONENT_NAME}"
+{{- end }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/deployment.yaml b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/deployment.yaml
index bf44cac9996..b59ea8571d3 100644
--- a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/deployment.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/deployment.yaml
@@ -3,138 +3,224 @@
#
# SPDX-License-Identifier: Apache-2.0
##############################################################################################
-
+{{- if empty .Values.chaincode.address }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
- name: cc-{{ $.Values.chaincode.name }}
- namespace: {{ $.Values.metadata.namespace }}
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
labels:
- name: cc-{{ $.Values.chaincode.name }}
- app.kubernetes.io/name: cc-{{ $.Values.chaincode.name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- {{- include "labels.custom" . | nindent 2 }}
- {{- include "labels.deployment" . | nindent 2 }}
+ name: {{ .Release.Name }}
+ app.kubernetes.io/name: {{ .Release.Name }}
+ app.kubernetes.io/component: fabric
+ app.kubernetes.io/part-of: {{ template "fabric-external-chaincode.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ {{- include "labels.deployment" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
- app: cc-{{ $.Values.chaincode.name }}
- app.kubernetes.io/name: cc-{{ $.Values.chaincode.name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/instance: {{ .Release.Name }}
+ app: {{ .Release.Name }}
+ app.kubernetes.io/name: {{ .Release.Name }}
+ app.kubernetes.io/component: fabric
+ app.kubernetes.io/part-of: {{ template "fabric-external-chaincode.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
template:
metadata:
labels:
- app: cc-{{ $.Values.chaincode.name }}
- app.kubernetes.io/name: cc-{{ $.Values.chaincode.name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- {{- include "labels.deployment" . | nindent 6 }}
+ app: {{ .Release.Name }}
+ app.kubernetes.io/name: {{ .Release.Name }}
+ app.kubernetes.io/component: fabric
+ app.kubernetes.io/part-of: {{ template "fabric-external-chaincode.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ {{- include "labels.deployment" . | nindent 8 }}
spec:
- serviceAccountName: {{ $.Values.vault.serviceaccountname }}
- {{- if .Values.vault.imagesecretname }}
+ serviceAccountName: {{ .Values.global.serviceAccountName }}
+ {{- if .Values.image.pullSecret }}
imagePullSecrets:
- - name: {{ $.Values.vault.imagesecretname }}
+ - name: {{ .Values.image.pullSecret }}
{{- end }}
- {{ if .Values.chaincode.tls }}
volumes:
- {{ if .Values.vault.tls }}
+ {{- if .Values.global.vault.tls }}
- name: vaultca
secret:
- secretName: {{ $.Values.vault.tls }}
+ secretName: {{ .Values.global.vault.tls }}
items:
- key: ca.crt.pem
path: ca-certificates.crt
- {{ end }}
+ {{- end }}
- name: certificates
emptyDir:
medium: Memory
- name: scripts-volume
configMap:
name: bevel-vault-script
+ - name: package-manager
+ configMap:
+ name: package-manager
initContainers:
+ {{- if .Values.chaincode.tls }}
+ # Init container to retrieve TLS certificates for chaincode server
- name: certificates-init
- image: {{ $.Values.metadata.images.alpineutils }}
+ image: {{ .Values.image.alpineutils }}
imagePullPolicy: IfNotPresent
env:
+ - name: CHAINCODE_NAME
+ value: "{{ .Values.chaincode.name }}"
+ - name: CHAINCODE_VERSION
+ value: "{{ .Values.chaincode.version }}"
+ - name: COMPONENT_NAME
+ value: "{{ .Release.Namespace }}"
+ {{- if eq .Values.global.vault.type "hashicorp" }}
- name: VAULT_ADDR
- value: {{ $.Values.vault.address }}
+ value: {{ .Values.global.vault.address }}
+ - name: VAULT_SECRET_ENGINE
+ value: "{{ .Values.global.vault.secretEngine }}"
+ - name: VAULT_SECRET_PREFIX
+ value: "{{ .Values.global.vault.secretPrefix }}"
- name: KUBERNETES_AUTH_PATH
- value: {{ $.Values.vault.authpath }}
+ value: {{ .Values.global.vault.authPath }}
- name: VAULT_APP_ROLE
- value: {{ $.Values.vault.role }}
- - name: VAULT_CHAINCODE_SECRET_PREFIX
- value: "{{ $.Values.vault.chaincodesecretprefix }}"
+ value: {{ .Values.global.vault.role }}
+ - name: VAULT_TYPE
+ value: "{{ .Values.global.vault.type }}"
+ {{- if .Values.global.vault.tls }}
+ - name: VAULT_CACERT
+ value: /opt/vault/tls/ca-certificates.crt
+ {{- else }}
+ - name: VAULT_SKIP_VERIFY
+ value: "true"
+ {{- end }}
+ {{- end }}
- name: MOUNT_PATH
value: /secret
- - name: NETWORK_VERSION
- value: "{{ $.Values.metadata.network.version }}"
- - name: CHAINCODE_TLS_ENABLED
- value: "{{ $.Values.chaincode.tls }}"
- - name: VAULT_TYPE
- value: "{{ $.Values.vault.type }}"
command: ["sh", "-c"]
args:
- |-
#!/usr/bin/env sh
+ set -e
+
+ {{- if eq .Values.global.vault.type "hashicorp" }}
. /scripts/bevel-vault.sh
-
- # Calling a function to retrieve the vault token.
vaultBevelFunc "init"
-
- if [ "${CHAINCODE_TLS_ENABLED}" == "true" ]; then
- echo "Getting chaincode certificates from Vault using key ${VAULT_CHAINCODE_SECRET_PREFIX}"
- vaultBevelFunc "readJson" "${VAULT_CHAINCODE_SECRET_PREFIX}"
+
+ function getChaincodeTlsSecret {
+ SERVER_USER="${CHAINCODE_NAME}-${CHAINCODE_VERSION}"
+ TLS_KEY="${SERVER_USER}-tls"
- CACERT=$(echo ${VAULT_SECRET} | jq -r '.["ca.crt"]')
- CLIENT_CERT=$(echo ${VAULT_SECRET} | jq -r '.["client.crt"]')
- CLIENT_KEY=$(echo ${VAULT_SECRET} | jq -r '.["client.key"]')
+ echo "Getting chaincode server TLS certificates from Vault for ${TLS_KEY}"
+ vaultBevelFunc "readJson" "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/chaincodes/${TLS_KEY}"
+ if [ "$SECRETS_AVAILABLE" == "yes" ]
+ then
+ CA_CERT=$(echo ${VAULT_SECRET} | jq -r '.["ca_crt"]')
+ CLIENT_CERT=$(echo ${VAULT_SECRET} | jq -r '.["client_crt"]')
+ CLIENT_KEY=$(echo ${VAULT_SECRET} | jq -r '.["client_key"]')
+ echo "${CA_CERT}" | base64 -d > ${MOUNT_PATH}/ca.crt
+ echo "${CLIENT_CERT}" | base64 -d > ${MOUNT_PATH}/client.crt
+ echo "${CLIENT_KEY}" | base64 -d > ${MOUNT_PATH}/client.key
+ CC_TLS_SECRET=true
+ else
+ CC_TLS_SECRET=false
+ fi
+ }
+ {{- else }}
+ function getChaincodeTlsSecret {
+ SERVER_USER="${CHAINCODE_NAME}-${CHAINCODE_VERSION}"
+ TLS_KEY="${SERVER_USER}-tls"
+
+ echo "Getting chaincode server TLS certificates from Kubernetes secret ${TLS_KEY}"
+ if kubectl get secret ${TLS_KEY} --namespace {{ .Release.Namespace }} >/dev/null 2>&1; then
+ TLS_CA_CERT=$(kubectl get secret ${TLS_KEY} --namespace {{ .Release.Namespace }} -o jsonpath='{.data.cacrt}' | base64 -d)
+ TLS_CLIENT_CERT=$(kubectl get secret ${TLS_KEY} --namespace {{ .Release.Namespace }} -o jsonpath='{.data.clientcrt}' | base64 -d)
+ TLS_CLIENT_KEY=$(kubectl get secret ${TLS_KEY} --namespace {{ .Release.Namespace }} -o jsonpath='{.data.clientkey}' | base64 -d)
+
+ echo "${TLS_CA_CERT}" > ${MOUNT_PATH}/ca.crt
+ echo "${TLS_CLIENT_CERT}" > ${MOUNT_PATH}/client.crt
+ echo "${TLS_CLIENT_KEY}" > ${MOUNT_PATH}/client.key
+ CC_TLS_SECRET=true
+ else
+ CC_TLS_SECRET=false
+ fi
+ }
+ {{- end }}
+
+ COUNTER=1
+ while [ "$COUNTER" -le {{ .Values.chaincode.healthCheck.retries | default 5 }} ]
+ do
mkdir -p ${MOUNT_PATH}
- echo "${CACERT}" > ${MOUNT_PATH}/ca.crt
- echo "${CLIENT_CERT}" > ${MOUNT_PATH}/client.crt
- echo "${CLIENT_KEY}" > ${MOUNT_PATH}/client.key
+ getChaincodeTlsSecret
+
+ if [ "$CC_TLS_SECRET" = "true" ]
+ then
+ echo "Chaincode server TLS certificates have been obtained correctly"
+ break
+ else
+ echo "Chaincode server TLS certificates have not been obtained, sleeping for {{ .Values.chaincode.healthCheck.sleepTimeAfterError | default 30 }}"
+ sleep {{ .Values.chaincode.healthCheck.sleepTimeAfterError | default 30 }}
+ COUNTER=`expr "$COUNTER" + 1`
+ fi
+ done
+
+ if [ "$COUNTER" -gt {{ .Values.chaincode.healthCheck.retries | default 5 }} ]
+ then
+ echo "Retry attempted `expr $COUNTER - 1` times, The chaincode server TLS certificates have not been obtained."
+ exit 1
fi
volumeMounts:
- {{ if .Values.vault.tls }}
+ {{- if .Values.global.vault.tls }}
- name: vaultca
mountPath: "/etc/ssl/certs/"
readOnly: true
- {{ end }}
+ {{- end }}
- name: certificates
mountPath: /secret
- name: scripts-volume
mountPath: /scripts/bevel-vault.sh
subPath: bevel-vault.sh
- {{ end }}
+ {{- end }}
+
containers:
- - image: {{ $.Values.metadata.images.external_chaincode }}
- name: "{{ $.Values.chaincode.name }}-{{ $.Values.chaincode.version }}"
+ - name: chaincode
+ image: {{ .Values.image.external_chaincode }}
imagePullPolicy: Always
env:
- name: CHAINCODE_ID
- value: "{{ $.Values.chaincode.ccid }}"
+ valueFrom:
+ secretKeyRef:
+ name: "{{ .Values.chaincode.name }}-{{ .Values.chaincode.version }}-package-id"
+ key: package_id
- name: CHAINCODE_SERVER_ADDRESS
- value: "0.0.0.0:9999"
+ value: "0.0.0.0:7052"
- name: CHAINCODE_TLS_DISABLED
- value: "{{ not $.Values.chaincode.tls }}"
- {{ if .Values.chaincode.tls }}
- - name: CHAINCODE_TLS_KEY
- value: "{{ $.Values.chaincode.crypto_mount_path }}/client.key"
- - name: CHAINCODE_TLS_CERT
- value: "{{ $.Values.chaincode.crypto_mount_path }}/client.crt"
- - name: CHAINCODE_CLIENT_CA_CERT
- value: "{{ $.Values.chaincode.crypto_mount_path }}/ca.crt"
- {{ end }}
+ value: "{{ not .Values.chaincode.tls }}"
+ - name: CORE_PEER_LOCALMSPID
+ value: "{{ .Values.peer.localMspId }}"
+ - name: CORE_PEER_TLS_ENABLED
+ value: "{{ .Values.peer.tlsStatus }}"
+ - name: CORE_PEER_ADDRESS
+ value: "{{ .Values.peer.address }}"
+ {{- if .Values.chaincode.tls }}
+ - name: CORE_CHAINCODE_TLS_KEY_FILE
+ value: "{{ .Values.chaincode.crypto_mount_path | default "/crypto" }}/client.key"
+ - name: CORE_CHAINCODE_TLS_CERT_FILE
+ value: "{{ .Values.chaincode.crypto_mount_path | default "/crypto" }}/client.crt"
+ - name: CORE_CHAINCODE_TLS_CLIENT_CACERT_FILE
+ value: "{{ .Values.chaincode.crypto_mount_path | default "/crypto" }}/ca.crt"
+ {{- end }}
ports:
- - containerPort: 9999
- {{ if .Values.chaincode.tls }}
+ - containerPort: 7052
+ {{- if .Values.chaincode.tls }}
volumeMounts:
- name: certificates
- mountPath: {{ $.Values.chaincode.crypto_mount_path }}
+ mountPath: {{ .Values.chaincode.crypto_mount_path | default "/crypto" }}
readOnly: true
- {{ end }}
+ {{- end }}
+{{- end }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/generate-certs.yaml b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/generate-certs.yaml
new file mode 100644
index 00000000000..f87b75ac7af
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/generate-certs.yaml
@@ -0,0 +1,192 @@
+{{- if .Values.chaincode.tls }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ .Release.Name }}-certs
+ labels:
+ app.kubernetes.io/name: {{ include "fabric-external-chaincode.name" . }}-certs
+ app.kubernetes.io/component: ca-tools
+ app.kubernetes.io/part-of: {{ include "fabric-external-chaincode.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ annotations:
+ helm.sh/hook-weight: "0"
+ helm.sh/hook: "pre-install,pre-upgrade"
+ helm.sh/hook-delete-policy: "before-hook-creation,hook-succeeded"
+spec:
+ backoffLimit: 5
+ completions: 1
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "fabric-external-chaincode.name" . }}
+ app.kubernetes.io/component: ca-tools
+ app.kubernetes.io/part-of: {{ include "fabric-external-chaincode.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ spec:
+ serviceAccountName: {{ .Values.global.serviceAccountName }}
+ restartPolicy: "OnFailure"
+ {{- if .Values.image.pullSecret }}
+ imagePullSecrets:
+ - name: {{ .Values.image.pullSecret }}
+ {{- end }}
+ volumes:
+ - name: certificates
+ emptyDir:
+ medium: Memory
+ - name: scripts-volume
+ configMap:
+ name: bevel-vault-script
+ - name: package-manager
+ configMap:
+ name: package-manager
+ - name: chaincode-scripts
+ configMap:
+ name: {{ .Release.Name }}-scripts
+ defaultMode: 0775
+ - name: store-vault-scripts
+ configMap:
+ name: {{ .Release.Name }}-savecerts
+ defaultMode: 0775
+ containers:
+ - name: generate-certs
+ image: {{ .Values.image.catools }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: COMPONENT_NAME
+ value: {{ .Release.Namespace }}
+ - name: CHAINCODE_NAME
+ value: {{ .Values.chaincode.name }}
+ - name: CHAINCODE_VERSION
+ value: "{{ .Values.chaincode.version }}"
+ - name: REFRESH_CERT_VALUE
+ value: "{{ .Values.certs.refreshCertValue }}"
+ - name: OUTPUT_PATH
+ value: "/crypto-config"
+ - name: ORG_NAME
+ value: "{{ .Values.certs.orgData.orgName }}"
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ - name: VAULT_ADDR
+ value: {{ .Values.global.vault.address }}
+ - name: VAULT_APP_ROLE
+ value: {{ .Values.global.vault.role }}
+ - name: KUBERNETES_AUTH_PATH
+ value: {{ .Values.global.vault.authPath }}
+ - name: VAULT_TYPE
+ value: {{ .Values.global.vault.type }}
+ - name: VAULT_SECRET_ENGINE
+ value: "{{ .Values.global.vault.secretEngine }}"
+ - name: VAULT_SECRET_PREFIX
+ value: "{{ .Values.global.vault.secretPrefix }}"
+ {{- end }}
+ command: ["sh", "-c"]
+ args:
+ - |
+ . /scripts/package-manager.sh
+ # Define the packages to install
+ packages_to_install="curl jq"
+ install_packages "$packages_to_install"
+ # Download kubectl binary
+ curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.27.0/bin/linux/amd64/kubectl;
+ chmod u+x kubectl && mv kubectl /usr/local/bin/kubectl;
+{{- if (eq .Values.global.vault.type "hashicorp") }}
+ . /scripts/bevel-vault.sh
+ echo "Getting vault Token..."
+ vaultBevelFunc "init"
+{{- end }}
+ # Get the CA cert from Kubernetes secret
+ mkdir -p ${OUTPUT_PATH}/ca
+ kubectl get secret --namespace {{ .Release.Namespace }} fabric-ca-server-certs >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ LOOKUP_SECRET_RESPONSE=$(kubectl get secret -n {{ .Release.Namespace }} fabric-ca-server-certs -o jsonpath='{.data}');
+ echo "${LOOKUP_SECRET_RESPONSE}" | jq -j ".\"tls.crt\"" | base64 -d > ${OUTPUT_PATH}/ca/ca.${COMPONENT_NAME}-cert.pem;
+ else
+{{- if (eq .Values.global.vault.type "hashicorp") }}
+ vaultBevelFunc "readJson" "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/ca"
+ if [ "$SECRETS_AVAILABLE" = "yes" ]; then
+ # Get ca cert
+ ca_cert=$(echo ${VAULT_SECRET} | jq -r ".rootca_pem")
+ echo "${ca_cert}" > ${OUTPUT_PATH}/ca/ca.${COMPONENT_NAME}-cert.pem
+ ca_key=$(echo ${VAULT_SECRET} | jq -r ".rootca_key")
+ echo "${ca_key}" > ${OUTPUT_PATH}/ca/ca.${COMPONENT_NAME}.key
+ # Also create the k8s secret
+ kubectl create secret tls ${key} --namespace ${COMPONENT_NAME} \
+ --cert=${OUTPUT_PATH}/ca/ca.${COMPONENT_NAME}-cert.pem \
+ --key=${OUTPUT_PATH}/ca/ca.${COMPONENT_NAME}.key
+ else
+ echo "CA certs not found in Vault"
+ exit 1
+ fi;
+{{- else }}
+ echo "CA certs not found in Kubernetes secret"
+ exit 1
+{{- end }}
+ fi
+ echo "CA certificate saved locally."
+ checkSecrets() {
+ key=$1
+ kubectl get secret --namespace {{ .Release.Namespace }} ${key} >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ # Secret found
+ touch /crypto-config/${key}-exists
+ else
+{{- if (eq .Values.global.vault.type "hashicorp") }}
+ #Read if secret exists in Vault
+ vaultBevelFunc 'readJson' "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/chaincodes/${key}"
+ if [ "$SECRETS_AVAILABLE" = "yes" ]; then
+ touch /crypto-config/${key}-exists
+ fi;
+{{- else }}
+ echo "Secret $key does not exist."
+{{- end }}
+ fi
+ }
+ # Check if secrets already exist
+ checkSecrets ${CHAINCODE_NAME}-${CHAINCODE_VERSION}-tls
+ checkSecrets ${ORG_NAME}-${CHAINCODE_NAME}-tls
+
+ echo "Starting certificate generation."
+ if [ ! -e /crypto-config/${CHAINCODE_NAME}-${CHAINCODE_VERSION}-tls-exists ] || [ "$REFRESH_CERT_VALUE" = "true" ]; then
+ # Generate crypto material for chaincode server
+ echo "Need to execute scripts for chaincode ${CHAINCODE_NAME}"
+ cd /root/ca-tools/org
+ ./generate-crypto-chaincode-server.sh
+ # Save the generated certificates
+ cd /scripts/peer
+ ./store-vault-server.sh
+ fi
+
+ # Generate crypto material for chaincode client
+ cd /root/ca-tools/org
+ if [ ! -e /crypto-config/${ORG_NAME}-${CHAINCODE_NAME}-tls-exists ] || [ "$REFRESH_CERT_VALUE" = "true" ]; then
+ ./generate-crypto-chaincode-peer.sh
+ # Save the generated certificates for peers and users
+ cd /scripts/peer
+ ./store-vault-chaincode.sh
+ fi;
+ echo "Certificate generation complete."
+ volumeMounts:
+ - name: certificates
+ mountPath: /crypto-config
+ - name: chaincode-scripts
+ mountPath: /root/ca-tools/org/generate-crypto-chaincode-peer.sh
+ subPath: generate-crypto-chaincode-peer.sh
+ - name: chaincode-scripts
+ mountPath: /root/ca-tools/org/generate-crypto-chaincode-server.sh
+ subPath: generate-crypto-chaincode-server.sh
+ - name: package-manager
+ mountPath: /scripts/package-manager.sh
+ subPath: package-manager.sh
+ - name: scripts-volume
+ mountPath: /scripts/bevel-vault.sh
+ subPath: bevel-vault.sh
+ - name: store-vault-scripts
+ mountPath: /scripts/peer/store-vault-server.sh
+ subPath: store-vault-server.sh
+ - name: store-vault-scripts
+ mountPath: /scripts/peer/store-vault-chaincode.sh
+ subPath: store-vault-chaincode.sh
+{{- end }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/package-chaincode.yaml b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/package-chaincode.yaml
new file mode 100644
index 00000000000..249955a49ad
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/package-chaincode.yaml
@@ -0,0 +1,496 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ .Release.Name }}-package-install
+ labels:
+ app: {{ .Release.Name }}
+ app.kubernetes.io/name: {{ include "fabric-external-chaincode.name" . }}-package
+ app.kubernetes.io/component: chaincode-package
+ app.kubernetes.io/part-of: {{ include "fabric-external-chaincode.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ annotations:
+ helm.sh/hook-weight: "1"
+ helm.sh/hook: "pre-install,pre-upgrade"
+ helm.sh/hook-delete-policy: "before-hook-creation"
+ helm.sh/hook-depends-on: "{{ .Release.Name }}-certs"
+spec:
+ backoffLimit: 5
+ completions: 1
+ template:
+ metadata:
+ labels:
+ app: {{ .Release.Name }}
+ app.kubernetes.io/name: {{ include "fabric-external-chaincode.name" . }}-package
+ app.kubernetes.io/component: chaincode-package
+ app.kubernetes.io/part-of: {{ include "fabric-external-chaincode.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ app.kubernetes.io/managed-by: helm
+ spec:
+ serviceAccountName: {{ .Values.global.serviceAccountName }}
+ restartPolicy: "OnFailure"
+ {{- if .Values.image.pullSecret }}
+ imagePullSecrets:
+ - name: {{ .Values.image.pullSecret }}
+ {{- end }}
+ volumes:
+ - name: certificates
+ emptyDir:
+ medium: Memory
+ - name: package-temp
+ emptyDir:
+ medium: Memory
+ - name: scripts-volume
+ configMap:
+ name: bevel-vault-script
+ - name: package-manager
+ configMap:
+ name: package-manager
+ - name: orderer-tls-cacert
+ configMap:
+ name: {{ include "ordererConfigMap" . }}
+ defaultMode: 0775
+ items:
+ - key: cacert
+ path: orderer.crt
+ {{- if .Values.global.vault.tls }}
+ - name: vaultca
+ secret:
+ secretName: {{ .Values.global.vault.tls }}
+ items:
+ - key: ca.crt.pem
+ path: ca-certificates.crt
+ {{- end }}
+ initContainers:
+ - name: certificates-init
+ image: {{ .Values.image.alpineutils }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: VAULT_ADDR
+ value: {{ .Values.global.vault.address }}
+ - name: VAULT_SECRET_ENGINE
+ value: "{{ .Values.global.vault.secretEngine }}"
+ - name: VAULT_SECRET_PREFIX
+ value: "{{ .Values.global.vault.secretPrefix }}"
+ - name: KUBERNETES_AUTH_PATH
+ value: {{ .Values.global.vault.authPath }}
+ - name: VAULT_APP_ROLE
+ value: {{ .Values.global.vault.role }}
+ - name: MOUNT_PATH
+ value: "/secret"
+ - name: VAULT_TYPE
+ value: "{{ .Values.global.vault.type }}"
+ - name: CORE_PEER_ADDRESS
+ value: "{{ .Values.peer.address }}"
+ command: ["sh", "-c"]
+ args:
+ - |-
+ #!/usr/bin/env sh
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ . /scripts/bevel-vault.sh
+
+ # Calling a function to retrieve the vault token.
+ vaultBevelFunc "init"
+
+ # Function to get Admin MSP Secret
+ getAdminMspSecret() {
+ KEY=$1
+ echo "Getting Admin MSP certificates from Vault."
+ vaultBevelFunc "readJson" "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/users/${KEY}"
+ if [ "$SECRETS_AVAILABLE" = "yes" ]; then
+ ADMINCERT=$(echo ${VAULT_SECRET} | jq -r '.["admincerts"]')
+ CACERTS=$(echo ${VAULT_SECRET} | jq -r '.["cacerts"]')
+ KEYSTORE=$(echo ${VAULT_SECRET} | jq -r '.["keystore"]')
+ SIGNCERTS=$(echo ${VAULT_SECRET} | jq -r '.["signcerts"]')
+ TLSCACERTS=$(echo ${VAULT_SECRET} | jq -r '.["tlscacerts"]')
+
+ OUTPUT_PATH="${MOUNT_PATH}/admin/msp"
+
+ echo "${ADMINCERT}" >> ${OUTPUT_PATH}/admincerts/admin.crt
+ echo "${CACERTS}" >> ${OUTPUT_PATH}/cacerts/ca.crt
+ echo "${KEYSTORE}" >> ${OUTPUT_PATH}/keystore/server.key
+ echo "${SIGNCERTS}" >> ${OUTPUT_PATH}/signcerts/server.crt
+ echo "${TLSCACERTS}" >> ${OUTPUT_PATH}/tlscacerts/tlsca.crt
+ ADMIN_MSP_SECRET="true"
+ else
+ echo "Admin MSP certificates not found in vault"
+ ADMIN_MSP_SECRET="false"
+ fi
+ }
+
+ {{- else }}
+ function getAdminMspSecret {
+ KEY=$1
+ KUBENETES_SECRET=$(kubectl get secret ${KEY} --namespace {{ .Release.Namespace }} -o json)
+ if [ "$KUBENETES_SECRET" = "" ]; then
+ ADMIN_MSP_SECRET="false"
+ else
+ ADMINCERT=$(echo ${KUBENETES_SECRET} | jq -r '.data.admincerts' | base64 -d)
+ CACERTS=$(echo ${KUBENETES_SECRET} | jq -r '.data.cacerts' | base64 -d)
+ KEYSTORE=$(echo ${KUBENETES_SECRET} | jq -r '.data.keystore' | base64 -d)
+ SIGNCERTS=$(echo ${KUBENETES_SECRET} | jq -r '.data.signcerts' | base64 -d)
+ TLSCACERTS=$(echo ${KUBENETES_SECRET} | jq -r '.data.tlscacerts' | base64 -d)
+
+ echo "${ADMINCERT}" > ${OUTPUT_PATH}/admincerts/admin.crt
+ echo "${CACERTS}" > ${OUTPUT_PATH}/cacerts/ca.crt
+ echo "${KEYSTORE}" > ${OUTPUT_PATH}/keystore/server.key
+ echo "${SIGNCERTS}" > ${OUTPUT_PATH}/signcerts/server.crt
+ echo "${TLSCACERTS}" > ${OUTPUT_PATH}/tlscacerts/tlsca.crt
+ ADMIN_MSP_SECRET="true"
+ fi
+ }
+
+ {{- end }}
+ echo "Getting MSP certificates from Vault."
+
+ OUTPUT_PATH="${MOUNT_PATH}/admin/msp"
+ mkdir -p ${OUTPUT_PATH}/admincerts
+ mkdir -p ${OUTPUT_PATH}/cacerts
+ mkdir -p ${OUTPUT_PATH}/keystore
+ mkdir -p ${OUTPUT_PATH}/signcerts
+ mkdir -p ${OUTPUT_PATH}/tlscacerts
+ COUNTER=1
+ while [ "$COUNTER" -le 20 ]
+ do
+ getAdminMspSecret admin-msp
+
+ if [ "$ADMIN_MSP_SECRET" = "true" ]
+ then
+ echo "Peer certificates have been obtained correctly"
+ break
+ else
+ echo "Peer certificates have not been obtained, sleeping for 15 seconds"
+ sleep 15
+ COUNTER=`expr "$COUNTER" + 1`
+ fi
+ done
+
+ if [ "$COUNTER" -gt 20 ]
+ then
+ echo "Retry attempted `expr $COUNTER - 1` times, The peer certificates have not been obtained."
+ exit 1
+ fi
+ volumeMounts:
+ - name: certificates
+ mountPath: /secret
+ {{- if .Values.global.vault.tls }}
+ - name: vaultca
+ mountPath: "/etc/ssl/certs/"
+ readOnly: true
+ {{- end }}
+ - name: scripts-volume
+ mountPath: /scripts/bevel-vault.sh
+ subPath: bevel-vault.sh
+ - name: package-manager
+ mountPath: /scripts/package-manager.sh
+ subPath: package-manager.sh
+ containers:
+ - name: package-chaincode
+ image: {{ .Values.image.fabrictools }}:{{ .Values.global.version }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: CHAINCODE_NAME
+ value: "{{ .Values.chaincode.name }}"
+ - name: CHAINCODE_VERSION
+ value: "{{ .Values.chaincode.version }}"
+ - name: CHAINCODE_TLS_ENABLED
+ value: "{{ .Values.chaincode.tls | default false }}"
+ - name: CHAINCODE_ADDRESS
+ value: "{{ .Values.chaincode.address | default (printf "%s.%s:7052" .Release.Name .Release.Namespace) }}"
+ - name: COMPONENT_NAME
+ value: "{{ .Release.Namespace }}"
+ - name: ORG_NAME
+ value: "{{ .Values.certs.orgData.orgName }}"
+ - name: FABRIC_LOGGING_SPEC
+ value: "{{ .Values.peer.logLevel }}"
+ - name: CORE_VM_ENDPOINT
+ value: unix:///host/var/run/docker.sock
+ - name: CORE_PEER_ID
+ value: "{{ .Values.peer.name }}.{{ .Release.Namespace }}"
+ - name: CORE_PEER_TLS_ENABLED
+ value: "{{ .Values.peer.tlsStatus }}"
+ - name: CORE_PEER_LOCALMSPID
+ value: "{{ .Values.peer.localMspId }}"
+ - name: CORE_PEER_TLS_ROOTCERT_FILE
+ value: "/opt/gopath/src/github.com/hyperledger/fabric/crypto/admin/msp/tlscacerts/tlsca.crt"
+ - name: CORE_PEER_MSPCONFIGPATH
+ value: "/opt/gopath/src/github.com/hyperledger/fabric/crypto/admin/msp"
+ - name: CORE_PEER_ADDRESS
+ value: "{{ .Values.peer.address }}"
+ - name: ORDERER_CA
+ value: "/opt/gopath/src/github.com/hyperledger/fabric/orderer/tls/orderer.crt"
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ - name: VAULT_ADDR
+ value: {{ .Values.global.vault.address }}
+ - name: VAULT_APP_ROLE
+ value: {{ .Values.global.vault.role }}
+ - name: KUBERNETES_AUTH_PATH
+ value: {{ .Values.global.vault.authPath }}
+ - name: VAULT_TYPE
+ value: {{ .Values.global.vault.type }}
+ - name: VAULT_SECRET_ENGINE
+ value: "{{ .Values.global.vault.secretEngine }}"
+ - name: VAULT_SECRET_PREFIX
+ value: "{{ .Values.global.vault.secretPrefix }}"
+ {{- if .Values.global.vault.tls }}
+ - name: VAULT_CACERT
+ value: /opt/vault/tls/ca-certificates.crt
+ {{- else }}
+ - name: VAULT_SKIP_VERIFY
+ value: "true"
+ {{- end }}
+ {{- end }}
+ command: ["sh", "-c"]
+ args:
+ - |
+ # Install required packages
+ . /scripts/package-manager.sh
+ packages_to_install="curl jq"
+ install_packages "$packages_to_install"
+
+ # Download kubectl binary
+ curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.27.0/bin/linux/amd64/kubectl
+ chmod u+x kubectl && mv kubectl /usr/local/bin/kubectl
+
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ # Initialize vault
+ . /scripts/bevel-vault.sh
+ echo "Getting vault Token..."
+ vaultBevelFunc "init"
+ {{- end }}
+
+ echo "Starting chaincode package and installation process..."
+
+ # Create package directory
+ PACKAGE_DIR="/package-temp"
+ mkdir -p ${PACKAGE_DIR}
+
+ # Check if external chaincode package already exists
+ PACKAGE_NAME="${CHAINCODE_NAME}-${CHAINCODE_VERSION}"
+ echo "Checking if package ${PACKAGE_NAME} already exists..."
+
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ # Check vault for existing package
+ PACKAGE_EXISTS="false"
+ vaultBevelFunc 'readJson' "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/chaincodes/${CHAINCODE_NAME}/v${CHAINCODE_VERSION}/package"
+ if [ "$SECRETS_AVAILABLE" = "yes" ]; then
+ echo "Package already exists in vault"
+ PACKAGE_EXISTS="true"
+ fi
+ {{- else }}
+ # Check Kubernetes secret for existing package
+ PACKAGE_EXISTS="false"
+ if kubectl get secret --namespace {{ .Release.Namespace }} ${PACKAGE_NAME}-package >/dev/null 2>&1; then
+ echo "Package already exists in Kubernetes secret"
+ PACKAGE_EXISTS="true"
+ fi
+ {{- end }}
+
+ if [ "$PACKAGE_EXISTS" = "false" ]; then
+ echo "Creating new chaincode package..."
+
+ # Wait for certificates to be generated if TLS is enabled
+ {{- if .Values.chaincode.tls }}
+ echo "TLS enabled"
+ echo "Retrieving chaincode server certificates for TLS configuration..."
+
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ # Get server certificates from vault
+ CLIENT_USER="${ORG_NAME}-${CHAINCODE_NAME}"
+ vaultBevelFunc 'readJson' "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/users/${CLIENT_USER}-msp"
+ if [ "$SECRETS_AVAILABLE" = "yes" ]; then
+ echo "${VAULT_SECRET}" | jq -r ".admincerts" | base64 -d > ${PACKAGE_DIR}/ca.crt
+ echo "${VAULT_SECRET}" | jq -r ".signcerts" | base64 -d > ${PACKAGE_DIR}/client.crt
+ echo "${VAULT_SECRET}" | jq -r ".keystore" | base64 -d > ${PACKAGE_DIR}/client.key
+ else
+ echo "Error: Server certificates not found in vault"
+ exit 1
+ fi
+ {{- else }}
+ # Get server certificates from Kubernetes secret
+ CLIENT_USER="${ORG_NAME}-${CHAINCODE_NAME}"
+ kubectl get secret --namespace {{ .Release.Namespace }} ${CLIENT_USER}-msp -o jsonpath='{.data.admincerts}' | base64 -d > ${PACKAGE_DIR}/ca.crt
+ kubectl get secret --namespace {{ .Release.Namespace }} ${CLIENT_USER}-msp -o jsonpath='{.data.signcerts}' | base64 -d > ${PACKAGE_DIR}/client.crt
+ kubectl get secret --namespace {{ .Release.Namespace }} ${CLIENT_USER}-msp -o jsonpath='{.data.keystore}' | base64 -d > ${PACKAGE_DIR}/client.key
+ {{- end }}
+
+ # Verify certificate files
+ if [ ! -f ${PACKAGE_DIR}/ca.crt ] || [ ! -f ${PACKAGE_DIR}/client.crt ] || [ ! -f ${PACKAGE_DIR}/client.key ]; then
+ echo "Error: Certificate files are missing"
+ exit 1
+ fi
+
+ # Create connection.json with TLS
+ echo "Creating connection.json with TLS configuration..."
+ cd ${PACKAGE_DIR}
+ jq -n \
+ --arg address "${CHAINCODE_ADDRESS}" \
+ --arg client_key "$(cat client.key)" \
+ --arg client_cert "$(cat client.crt)" \
+ --arg root_cert "$(cat ca.crt)" \
+ '{
+ "address": $address,
+ "dial_timeout": "10s",
+ "tls_required": true,
+ "client_auth_required": true,
+ "client_key": $client_key,
+ "client_cert": $client_cert,
+ "root_cert": $root_cert
+ }' > connection.json
+ {{- else }}
+ # Create connection.json without TLS
+ echo "TLS disabled - Creating connection.json without TLS..."
+ cd ${PACKAGE_DIR}
+ jq -n \
+ --arg address "${CHAINCODE_ADDRESS}" \
+ '{
+ "address": $address,
+ "dial_timeout": "10s",
+ "tls_required": false,
+ "client_auth_required": false,
+ "client_key": "",
+ "client_cert": "",
+ "root_cert": ""
+ }' > connection.json
+ {{- end }}
+
+ # Create metadata.json
+ echo "Creating metadata.json..."
+ echo "{\"type\":\"ccaas\",\"label\":\"${PACKAGE_NAME}\"}" > metadata.json
+
+ # Package the chaincode
+ echo "Packaging chaincode..."
+ tar cfz code.tar.gz connection.json
+ tar cfz ${PACKAGE_NAME}.tgz code.tar.gz metadata.json
+
+ # Verify package was created
+ if [ ! -f "${PACKAGE_NAME}.tgz" ]; then
+ echo "Error: Package file was not created"
+ exit 1
+ fi
+
+ echo "Package created successfully: ${PACKAGE_NAME}.tgz"
+
+ # Store package in vault or Kubernetes secret
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ echo "Storing package in vault..."
+ PACKAGE_VAULT_ADDR="${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/chaincodes/${CHAINCODE_NAME}/v${CHAINCODE_VERSION}/package"
+ PACKAGE_B64=$(cat ${PACKAGE_NAME}.tgz | base64 -w 0)
+ echo "{\"data\":{\"package-base64\":\"${PACKAGE_B64}\"}}" > package_payload.json
+ vaultBevelFunc 'write' "${PACKAGE_VAULT_ADDR}" 'package_payload.json'
+ {{- else }}
+ echo "Storing package in Kubernetes secret..."
+ kubectl create secret generic ${PACKAGE_NAME}-package \
+ --namespace {{ .Release.Namespace }} \
+ --from-file=package=${PACKAGE_NAME}.tgz \
+ --dry-run=client -o yaml | kubectl apply -f -
+ {{- end }}
+
+ echo "Package stored successfully"
+ else
+ echo "Package already exists, skipping creation..."
+ fi
+
+ # Check if chaincode is already installed
+ echo "Checking if chaincode is already installed..."
+
+ # Check installed chaincodes using peer CLI directly
+ INSTALLED_CC=$(peer lifecycle chaincode queryinstalled -O json | jq -r --arg CCLABEL "${PACKAGE_NAME}" '.installed_chaincodes[]? | select(.label==$CCLABEL) | .package_id')
+
+ if [ -n "$INSTALLED_CC" ]; then
+ echo "Chaincode ${PACKAGE_NAME} is already installed with package ID: $INSTALLED_CC"
+
+ # Store/update the package ID for future reference
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ echo "Storing existing package ID in vault..."
+ echo "{\"data\":{\"package_id\":\"${INSTALLED_CC}\"}}" > package_id_payload.json
+ vaultBevelFunc 'write' "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/chaincodes/${CHAINCODE_NAME}/v${CHAINCODE_VERSION}/package_id" 'package_id_payload.json'
+ {{- end }}
+ # Check if package ID secret already exists
+ kubectl get secret --namespace {{ .Release.Namespace }} ${PACKAGE_NAME}-package-id >/dev/null 2>&1
+ if [ $? -eq 0 ]; then
+ # Delete the secret if exists
+ kubectl delete secret --namespace {{ .Release.Namespace }} ${PACKAGE_NAME}-package-id
+ fi
+ echo "Storing existing package ID in Kubernetes secret..."
+ kubectl create secret generic ${PACKAGE_NAME}-package-id \
+ --namespace {{ .Release.Namespace }} \
+ --from-literal=package_id=${INSTALLED_CC}
+ else
+ echo "Installing chaincode package..."
+
+ # Get the package from storage
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ # Get package from vault
+ vaultBevelFunc 'readJson' "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/chaincodes/${CHAINCODE_NAME}/v${CHAINCODE_VERSION}/package"
+ if [ "$SECRETS_AVAILABLE" = "yes" ]; then
+ echo "${VAULT_SECRET}" | jq -r ".\"package-base64\"" | base64 -d > /tmp/${PACKAGE_NAME}.tgz
+ else
+ echo "Error: Package not found in vault"
+ exit 1
+ fi
+ {{- else }}
+ # Get package from Kubernetes secret
+ kubectl get secret --namespace {{ .Release.Namespace }} ${PACKAGE_NAME}-package -o jsonpath='{.data.package}' | base64 -d > /tmp/${PACKAGE_NAME}.tgz
+ {{- end }}
+
+ # Verify package file exists
+ if [ ! -f "/tmp/${PACKAGE_NAME}.tgz" ]; then
+ echo "Error: Package file not found after retrieval"
+ exit 1
+ fi
+
+ # Install the chaincode using peer CLI directly
+ echo "Installing chaincode package: ${PACKAGE_NAME}.tgz"
+ peer lifecycle chaincode install /tmp/${PACKAGE_NAME}.tgz
+
+ # Verify installation
+ echo "Verifying chaincode installation..."
+ INSTALLED_CC=$(peer lifecycle chaincode queryinstalled -O json | jq -r --arg CCLABEL "${PACKAGE_NAME}" '.installed_chaincodes[]? | select(.label==$CCLABEL) | .package_id')
+
+ if [ -n "$INSTALLED_CC" ]; then
+ echo "Chaincode installed successfully with package ID: $INSTALLED_CC"
+
+ # Store the package ID for future reference
+ {{- if eq .Values.global.vault.type "hashicorp" }}
+ echo "Storing package ID in vault..."
+ echo "{\"data\":{\"package_id\":\"${INSTALLED_CC}\"}}" > package_id_payload.json
+ vaultBevelFunc 'write' "${VAULT_SECRET_ENGINE}/${VAULT_SECRET_PREFIX}/chaincodes/${CHAINCODE_NAME}/v${CHAINCODE_VERSION}/package_id" 'package_id_payload.json'
+ {{- end }}
+ echo "Storing package ID in Kubernetes secret..."
+ kubectl create secret generic ${PACKAGE_NAME}-package-id \
+ --namespace {{ .Release.Namespace }} \
+ --from-literal=package_id=${INSTALLED_CC}
+
+ # Display installed chaincodes for verification
+ echo "Current installed chaincodes:"
+ peer lifecycle chaincode queryinstalled
+ else
+ echo "Error: Chaincode installation failed"
+ exit 1
+ fi
+ fi
+
+ echo "Chaincode package and installation completed successfully"
+ volumeMounts:
+ - name: certificates
+ mountPath: /opt/gopath/src/github.com/hyperledger/fabric/crypto
+ readOnly: true
+ - name: package-temp
+ mountPath: /package-temp
+ - name: scripts-volume
+ mountPath: /scripts/bevel-vault.sh
+ subPath: bevel-vault.sh
+ - name: package-manager
+ mountPath: /scripts/package-manager.sh
+ subPath: package-manager.sh
+ - name: orderer-tls-cacert
+ mountPath: /opt/gopath/src/github.com/hyperledger/fabric/orderer/tls/orderer.crt
+ subPath: orderer.crt
+ {{- if .Values.global.vault.tls }}
+ - name: vaultca
+ mountPath: "/etc/ssl/certs/"
+ readOnly: true
+ {{- end }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/service.yaml b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/service.yaml
index 763b5798988..aab6b6bfd12 100644
--- a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/service.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/templates/service.yaml
@@ -3,26 +3,33 @@
#
# SPDX-License-Identifier: Apache-2.0
##############################################################################################
-
----
+{{- if empty .Values.chaincode.address }}
apiVersion: v1
kind: Service
metadata:
- name: cc-{{ $.Values.chaincode.name }}
- namespace: {{ $.Values.metadata.namespace }}
+ name: {{ .Release.Name }}
+ namespace: {{ .Release.Namespace }}
+ {{- if or .Values.global.proxy (and .Values.chaincode.loadBalancerType (eq .Values.chaincode.loadBalancerType "Internal")) }}
+ {{- if and .Values.chaincode.loadBalancerType (eq .Values.chaincode.loadBalancerType "Internal") }}
+ cloud.google.com/load-balancer-type: "Internal"
+ {{- end }}
+ {{- end }}
labels:
- run: cc-{{ $.Values.chaincode.name }}
- app.kubernetes.io/name: cc-{{ $.Values.chaincode.name }}
- helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ run: {{ .Release.Name }}
+ app.kubernetes.io/name: {{ .Release.Name }}
+ app.kubernetes.io/component: fabric
+ app.kubernetes.io/part-of: {{ include "fabric-external-chaincode.fullname" . }}
+ app.kubernetes.io/namespace: {{ .Release.Namespace }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
- app.kubernetes.io/instance: {{ .Release.Name }}
- {{- include "labels.custom" . | nindent 2 }}
- {{- include "labels.service" . | nindent 2 }}
+ app.kubernetes.io/release: {{ .Release.Name }}
+ {{- include "labels.service" . | nindent 4 }}
spec:
- type: {{ $.Values.service.servicetype }}
+ type: {{ .Values.chaincode.serviceType }}
selector:
- app: cc-{{ $.Values.chaincode.name }}
+ app: {{ .Release.Name }}
ports:
- name: grpc
- port: 7052
- targetPort: 9999
+ protocol: TCP
+ port: {{ .Values.chaincode.port }}
+ targetPort: {{ .Values.chaincode.port }}
+{{- end }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/values.yaml b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/values.yaml
index ebc915097b3..4441dec41f7 100644
--- a/platforms/hyperledger-fabric/charts/fabric-external-chaincode/values.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-external-chaincode/values.yaml
@@ -4,76 +4,114 @@
# SPDX-License-Identifier: Apache-2.0
##############################################################################################
-metadata:
- #Provide the namespace for organization's peer
- #Eg. namespace: org1-net
- namespace: org1-net
- network:
- version: 2.2.2
- images:
- #Provide the valid image name and version for chaincode server
- #Eg. /marbles:latest
- external_chaincode: ghcr.io/hyperledger/bevel-samples-example:1.0
- alpineutils: ghcr.io/hyperledger/bevel-alpine:latest
- #Provide the custom labels
- #NOTE: Provide labels other than name, release name , release service, chart version , chart name, run
- #These lables will not be applied to VolumeClaimTemplate of StatefulSet as labels are automatically picked up by Kubernetes
- #Eg. labels:
- # role: peer
- labels:
+global:
+ # HLF Network Version
+ #Eg. version: 2.5.4
+ version: 2.5.4
+ #Provide the service account name which will be created.
+ serviceAccountName: vault-auth
+ cluster:
+ provider: aws # choose from: minikube | aws | azure | gcp
+ cloudNativeServices: false # only 'false' is implemented
+ vault:
+ #Provide the type of vault
+ #Eg. type: hashicorp
+ type: hashicorp
+ #Provide the vaultrole for an organization
+ #Eg. vaultrole: org1-vault-role
+ role: vault-role
+ #Provide the vault server address
+ #Eg. vaultaddress: http://Vault-884963190.eu-west-1.elb.amazonaws.com
+ address:
+ #Provide the kubernetes auth backed configured in vault for an organization
+ #Eg. authpath: manufacturer
+ authPath: manufacturer
+ #Provide the secret engine.
+ secretEngine: secretsv2
+ #Provide the vault path where the secrets will be stored
+ secretPrefix: "data/manufacturer"
+ #Kuberenetes secret for vault ca.cert
+ #Enable or disable TLS for vault communication if value present or not
+ #Eg. tls: vaultca
+ tls:
+
+ proxy:
+ #This will be the proxy/ingress provider. Can have values "none" or "haproxy"
+ #Eg. provider: "haproxy"
+ provider: "haproxy"
+ #This field contains the external URL of the organization
+ #Eg. externalUrlSuffix: test.blockchaincloudpoc.com
+ externalUrlSuffix: test.blockchaincloudpoc.com
+ #This field contains the external port on haproxy
+ #Eg. port: 443
+ port: 443
+
+certs:
+ # Flag indicating the re-creation of certificates.
+ refreshCertValue: false
+ orgData:
+ caAddress: ca.manufacturer-net:7051
+ caAdminUser: manufacturer-admin
+ caAdminPassword: manufacturer-adminpw
+ #Provide organization's name in lowercases
+ #Eg. orgName: manufacturer
+ orgName: manufacturer
+ #Provide organization's type (orderer or peer)
+ #Eg. component_type: orderer
+ type: peer
+ #Provide organization's subject
+ #Eg. "O=Orderer,L=51.50/-0.13/London,C=GB"
+ componentSubject: "O=Orderer,L=51.50/-0.13/London,C=GB"
+
+image:
+ #Provide the valid image name and version for chaincode server
+ #Eg. /marbles:latest
+ external_chaincode: ghcr.io/hyperledger/bevel-samples-example:1.0
+ #Provide the valid image name and version to read certificates from vault server
+ #Eg. alpineUtils: ghcr.io/hyperledger/bevel-alpine:latest
+ alpineutils: ghcr.io/hyperledger/bevel-alpine:latest
+ catools: ghcr.io/hyperledger/bevel-fabric-ca:latest
+ fabrictools: ghcr.io/hyperledger/bevel-fabric-tools
+ #Provide the secret to use if private repository
+ #Eg. pullSecret: regcred
+ pullSecret:
+
+peer:
+ #Provide the name of the peer as per deployment yaml.
+ #Eg. name: peer0
+ name: peer0
+ #Provide the address of the peer who creates the channel and port to be mentioned is grpc cluster IP port
+ #Eg. address: peer0.org1-net:7051
+ address: peer0.org1-net:7051
+ #Provide the localMspId for organization
+ #Eg. localMspId: Org1MSP
+ localMspId: Org1MSP
+ #Provide the logLevel for organization's peer
+ #Eg. logLevel: info
+ logLevel: info
+ #Provide the value for tlsStatus to be true or false for organization's peer
+ #Eg. tlsStatus: true
+ tlsStatus: true
chaincode:
# Chaincode name eg. marbles
name: example
# Chaincode version eg. 1
version: 1
- # Chaincode ID generated after chaincode is installed eg. marbles:e45t6jtkwefweti34itjrefwe
- ccid: ""
# Path in the chaincode server container where the crypto needs to be mounted eg. /crypto
- crypto_mount_path: ""
+ crypto_mount_path: "/secrets"
# if tls is disabled or not | BOOLEAN | eg. true
- tls:
-
-vault:
- #Provide the vaultrole for an organization
- #Eg. vaultrole: org1-vault-role
- role: vault-role
- #Provide the vault server address
- #Eg. vaultaddress: http://Vault-884963190.eu-west-1.elb.amazonaws.com
- address: ""
- #Provide the kubernetes auth backed configured in vault for an organization
- #Eg. authpath: devorg1-net-auth
- authpath: devorg1-net-auth
- #Provide the value for vault secretprefix
- #Eg. chaincodesecretprefix: secretsv2/data/crypto/peerOrganizations/.../chaincodes/.../certificate/v1
- chaincodesecretprefix: secretsv2/data/crypto/peerOrganizations/org1-net/chaincodes/example/certificate/v1
- #Provide the serviceaccountname for vault
- #Eg. serviceaccountname: vault-auth
- serviceaccountname: vault-auth
- #Provide the type of vault
- #Eg. type: hashicorp
- type: hashicorp
- #Provide the imagesecretname for vault
- #Eg. imagesecretname: regcred
- imagesecretname: ""
- #Kuberenetes secret for vault ca.cert
- #Enable or disable TLS for vault communication if value present or not
- #Eg. tls: vaultca
- tls:
-
-service:
- #Provide the servicetype for a peer
- #Eg. servicetype: NodePort
- servicetype: ClusterIP
+ tls: true
+ # Pass chaincode address if already deployed
+ address:
+ #Provide the serviceType for the chaincode
+ #Eg. serviceType: NodePort
+ serviceType: ClusterIP
loadBalancerType: ""
- ports:
- grpc:
- #Provide a nodeport for grpc service in the range of 30000-32767 (optional)
- #Eg. nodeport: 30001
- nodeport:
- #Provide a cluster IP port for grpc service to be exposed
- #Eg. clusteripport: 7051
- clusteripport: 7052
+ port: 7052
+ healthCheck:
+ retries: 20
+ sleepTimeAfterError: 15
labels:
service: []
diff --git a/platforms/hyperledger-fabric/charts/fabric-genesis/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-genesis/Chart.yaml
index 74d721a4785..41abf6b8ca6 100644
--- a/platforms/hyperledger-fabric/charts/fabric-genesis/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-genesis/Chart.yaml
@@ -7,7 +7,7 @@
apiVersion: v1
name: fabric-genesis
description: "Hyperledger Fabric: Generates configtx and genesis files."
-version: 1.1.0
+version: 1.3.1
appVersion: latest
keywords:
- bevel
@@ -20,7 +20,7 @@ keywords:
- accenture
home: https://hyperledger-bevel.readthedocs.io/en/latest/
sources:
- - https://github.com/hyperledger/bevel
+ - https://github.com/hyperledger-bevel/bevel
maintainers:
- name: Hyperledger Bevel maintainers
- email: bevel@lists.hyperledger.org
+ email: bevel@lists.lfdecentralizedtrust.org
diff --git a/platforms/hyperledger-fabric/charts/fabric-operations-console/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-operations-console/Chart.yaml
index d47472a27a5..e9849820daa 100644
--- a/platforms/hyperledger-fabric/charts/fabric-operations-console/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-operations-console/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
appVersion: "2.0"
description: "Hyperledger Fabric: Deploys Fabric Operations Console."
name: fabric-operations-console
-version: 1.0.0
+version: 1.3.1
diff --git a/platforms/hyperledger-fabric/charts/fabric-operations-console/README.md b/platforms/hyperledger-fabric/charts/fabric-operations-console/README.md
index 1ad20d043a0..c39eea2e187 100644
--- a/platforms/hyperledger-fabric/charts/fabric-operations-console/README.md
+++ b/platforms/hyperledger-fabric/charts/fabric-operations-console/README.md
@@ -21,7 +21,7 @@
## Operation Console Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/operation_console) for Fabric Operations Console.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/operation_console) for Fabric Operations Console.
@@ -68,7 +68,7 @@ operation_console/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/operation_console/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/operation_console/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
### Metadata
@@ -129,7 +129,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the operation_console Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/operation_console/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/operation_console/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -155,7 +155,7 @@ Replace `` with the actual namespace where the StatefulSet was create
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/operation_console/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/operation_console/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./operation_console
```
@@ -176,7 +176,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [Operation Console Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/operation_console), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [Operation Console Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/operation_console), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
diff --git a/platforms/hyperledger-fabric/charts/fabric-orderernode/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-orderernode/Chart.yaml
index fcce9ef2506..7db8355ae5a 100644
--- a/platforms/hyperledger-fabric/charts/fabric-orderernode/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-orderernode/Chart.yaml
@@ -7,7 +7,7 @@
apiVersion: v1
name: fabric-orderernode
description: "Hyperledger Fabric: Deploys orderer node."
-version: 1.1.0
+version: 1.3.1
appVersion: latest
keywords:
- bevel
@@ -20,8 +20,8 @@ keywords:
- accenture
home: https://hyperledger-bevel.readthedocs.io/en/latest/
sources:
- - https://github.com/hyperledger/bevel
+ - https://github.com/hyperledger-bevel/bevel
maintainers:
- name: Hyperledger Bevel maintainers
- email: bevel@lists.hyperledger.org
+ email: bevel@lists.lfdecentralizedtrust.org
diff --git a/platforms/hyperledger-fabric/charts/fabric-orderernode/requirements.yaml b/platforms/hyperledger-fabric/charts/fabric-orderernode/requirements.yaml
index 77e9a174a8a..74f2126b6d2 100644
--- a/platforms/hyperledger-fabric/charts/fabric-orderernode/requirements.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-orderernode/requirements.yaml
@@ -4,11 +4,12 @@ dependencies:
repository: "file://../../../shared/charts/bevel-storageclass"
tags:
- storage
- version: ~1.0.0
+ version: ~1.3.1
+ condition: storage.enabled
- name: fabric-catools
alias: certs
repository: "file://../fabric-catools"
tags:
- catools
- version: ~1.1.0
+ version: ~1.3.1
condition: certs.generateCertificates
diff --git a/platforms/hyperledger-fabric/charts/fabric-orderernode/templates/node-statefulset.yaml b/platforms/hyperledger-fabric/charts/fabric-orderernode/templates/node-statefulset.yaml
index cb5e927c8e8..fa493ce740a 100644
--- a/platforms/hyperledger-fabric/charts/fabric-orderernode/templates/node-statefulset.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-orderernode/templates/node-statefulset.yaml
@@ -355,7 +355,7 @@ spec:
{{- include "labels.pvc" . | nindent 8 }}
spec:
accessModes: [ "ReadWriteOnce" ]
- storageClassName: storage-{{ .Release.Name }}
+ storageClassName: {{ .Values.storage.nameOverride }}
resources:
requests:
storage: {{ .Values.storage.size }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-orderernode/values.yaml b/platforms/hyperledger-fabric/charts/fabric-orderernode/values.yaml
index 270207e8376..bd61518b027 100644
--- a/platforms/hyperledger-fabric/charts/fabric-orderernode/values.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-orderernode/values.yaml
@@ -44,6 +44,11 @@ global:
externalUrlSuffix: test.blockchaincloudpoc.com
storage:
+ #Flag to create new storage class for organization. Set to false for existing storage class.
+ #Eg. enabled: true
+ enabled: true
+ # Name override for storageclass
+ nameOverride: aws-storageclass
#Provide storage size for Orderer Volume
#Eg. size: 512Mi
size: 512Mi
diff --git a/platforms/hyperledger-fabric/charts/fabric-osnadmin-channel-create/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-osnadmin-channel-create/Chart.yaml
index adadd4aceca..320f9275ba4 100644
--- a/platforms/hyperledger-fabric/charts/fabric-osnadmin-channel-create/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-osnadmin-channel-create/Chart.yaml
@@ -7,7 +7,7 @@
apiVersion: v1
name: fabric-osnadmin-channel-create
description: "Hyperledger Fabric: Creates channel using OSNAdmin"
-version: 1.1.0
+version: 1.3.1
appVersion: latest
keywords:
- bevel
@@ -20,7 +20,7 @@ keywords:
- accenture
home: https://hyperledger-bevel.readthedocs.io/en/latest/
sources:
- - https://github.com/hyperledger/bevel
+ - https://github.com/hyperledger-bevel/bevel
maintainers:
- name: Hyperledger Bevel maintainers
- email: bevel@lists.hyperledger.org
+ email: bevel@lists.lfdecentralizedtrust.org
diff --git a/platforms/hyperledger-fabric/charts/fabric-osnadmin-channel-create/templates/osn_create_channel.yaml b/platforms/hyperledger-fabric/charts/fabric-osnadmin-channel-create/templates/osn_create_channel.yaml
index 426ce6c520c..7557775372d 100644
--- a/platforms/hyperledger-fabric/charts/fabric-osnadmin-channel-create/templates/osn_create_channel.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-osnadmin-channel-create/templates/osn_create_channel.yaml
@@ -207,10 +207,12 @@ spec:
#!/usr/bin/env sh
echo "Format or fetch genesis file..."
+
if [ $ADD_ORDERER = false ]
then
cat ./genesis/genesis.block.base64 | base64 -d > orderer.genesis.block
- else
+ else
+ echo "Updating orderer configs..."
peer channel fetch config ${CHANNEL_NAME}_config_block.pb -o ${CORE_PEER_ADDRESS} -c ${CHANNEL_NAME} --tls --cafile ${ORDERER_CA}
fi
diff --git a/platforms/hyperledger-fabric/charts/fabric-peernode/Chart.yaml b/platforms/hyperledger-fabric/charts/fabric-peernode/Chart.yaml
index 407c54689c0..1f297fce43d 100644
--- a/platforms/hyperledger-fabric/charts/fabric-peernode/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-peernode/Chart.yaml
@@ -7,7 +7,7 @@
apiVersion: v1
name: fabric-peernode
description: "Hyperledger Fabric: Deploys peer node."
-version: 1.1.0
+version: 1.3.3
appVersion: latest
keywords:
- bevel
@@ -20,7 +20,7 @@ keywords:
- accenture
home: https://hyperledger-bevel.readthedocs.io/en/latest/
sources:
- - https://github.com/hyperledger/bevel
+ - https://github.com/hyperledger-bevel/bevel
maintainers:
- name: Hyperledger Bevel maintainers
- email: bevel@lists.hyperledger.org
+ email: bevel@lists.lfdecentralizedtrust.org
diff --git a/platforms/hyperledger-fabric/charts/fabric-peernode/conf/default_core.yaml b/platforms/hyperledger-fabric/charts/fabric-peernode/conf/default_core.yaml
index 25a94f0eae3..7809b001daa 100644
--- a/platforms/hyperledger-fabric/charts/fabric-peernode/conf/default_core.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-peernode/conf/default_core.yaml
@@ -46,6 +46,21 @@ peer:
# When set to true, will override peer address.
addressAutoDetect: false
+ # Settings for the Peer's gateway server.
+ gateway:
+ # Whether the gateway is enabled for this Peer.
+ enabled: true
+ # endorsementTimeout is the duration the gateway waits for a response
+ # from other endorsing peers before returning a timeout error to the client.
+ endorsementTimeout: 30s
+ # broadcastTimeout is the duration the gateway waits for a response
+ # from ordering nodes before returning a timeout error to the client.
+ broadcastTimeout: 30s
+ # dialTimeout is the duration the gateway waits for a connection
+ # to other network nodes.
+ dialTimeout: 2m
+
+
# Keepalive settings for peer server and clients
keepalive:
# Interval is the duration after which if the server does not see
@@ -166,7 +181,7 @@ peer:
# Message expiration factor for alive messages
msgExpirationFactor: 20
# This is an endpoint that is published to peers outside of the organization.
- # If this isn't set, the peer will not be known to other organizations.
+ # If this isn't set, the peer will not be known to other organizations and will not be exposed via service discovery.
externalEndpoint:
# Leader election service configuration
election:
@@ -259,26 +274,31 @@ peer:
tls:
# Require server-side TLS
enabled: false
- # Require client certificates / mutual TLS.
+ # Require client certificates / mutual TLS for inbound connections.
# Note that clients that are not configured to use a certificate will
# fail to connect to the peer.
clientAuthRequired: false
# X.509 certificate used for TLS server
cert:
file: tls/server.crt
- # Private key used for TLS server (and client if clientAuthEnabled
- # is set to true
+ # Private key used for TLS server
key:
file: tls/server.key
- # Trusted root certificate chain for tls.cert
+ # rootcert.file represents the trusted root certificate chain used for verifying certificates
+ # of other nodes during outbound connections.
+ # It is not required to be set, but can be used to augment the set of TLS CA certificates
+ # available from the MSPs of each channel’s configuration.
rootcert:
file: tls/ca.crt
- # Set of root certificate authorities used to verify client certificates
+ # If mutual TLS is enabled, clientRootCAs.files contains a list of additional root certificates
+ # used for verifying certificates of client connections.
+ # It augments the set of TLS CA certificates available from the MSPs of each channel’s configuration.
+ # Minimally, set your organization's TLS CA root certificate so that the peer can receive join channel requests.
clientRootCAs:
files:
- tls/ca.crt
- # Private key used for TLS when making client connections. If
- # not set, peer.tls.key.file will be used instead
+ # Private key used for TLS when making client connections.
+ # If not set, peer.tls.key.file will be used instead
clientKey:
file:
# X.509 certificate used for TLS when making client connections.
@@ -296,6 +316,7 @@ peer:
# Path on the file system where peer will store data (eg ledger). This
# location must be access control protected to prevent unintended
# modification that might corrupt the peer operations.
+ # The path may be relative to FABRIC_CFG_PATH or an absolute path.
fileSystemPath: /var/hyperledger/production
# BCCSP (Blockchain crypto provider): Select which crypto implementation or
@@ -323,8 +344,13 @@ peer:
Pin:
Hash:
Security:
+ SoftwareVerify:
+ Immutable:
+ AltID:
+ KeyIds:
# Path on the file system where peer will find MSP local configurations
+ # The path may be relative to FABRIC_CFG_PATH or an absolute path.
mspConfigPath: msp
# Identifier of the local MSP
@@ -343,14 +369,21 @@ peer:
# Delivery service related config
deliveryclient:
+ # Enables this peer to disseminate blocks it pulled from the ordering service
+ # via gossip.
+ # Note that 'gossip.state.enabled' controls point to point block replication
+ # of blocks committed in the past.
+ blockGossipEnabled: true
# It sets the total time the delivery service may spend in reconnection
- # attempts until its retry logic gives up and returns an error
+ # attempts until its retry logic gives up and returns an error,
+ # ignored if peer is a static leader
reconnectTotalTimeThreshold: 3600s
# It sets the delivery service <-> ordering service node connection timeout
connTimeout: 3s
- # It sets the delivery service maximal delay between consecutive retries
+ # It sets the delivery service maximal delay between consecutive retries.
+ # Time between retries will have exponential backoff until hitting this threshold.
reConnectBackoffThreshold: 3600s
# A list of orderer endpoint addresses which should be overridden
@@ -457,6 +490,15 @@ peer:
endorserService: 2500
# deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events.
deliverService: 2500
+ # gatewayService limits concurrent requests to gateway service that handles the submission and evaluation of transactions.
+ gatewayService: 500
+
+ # Since all nodes should be consistent it is recommended to keep
+ # the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize
+ # Max message size in bytes GRPC server and client can receive
+ maxRecvMsgSize: 104857600
+ # Max message size in bytes GRPC server and client can send
+ maxSendMsgSize: 104857600
###############################################################################
#
@@ -469,6 +511,8 @@ vm:
# unix:///var/run/docker.sock
# http://localhost:2375
# https://localhost:2376
+ # If you utilize external chaincode builders and don't need the default Docker chaincode builder,
+ # the endpoint should be unconfigured so that the peer's Docker health checker doesn't get registered.
endpoint: unix:///var/run/docker.sock
# settings for docker vms
@@ -552,9 +596,15 @@ chaincode:
# List of directories to treat as external builders and launchers for
# chaincode. The external builder detection processing will iterate over the
# builders in the order specified below.
+ # If you don't need to fallback to the default Docker builder, also unconfigure vm.endpoint above.
+ # To override this property via env variable use CORE_CHAINCODE_EXTERNALBUILDERS: [{name: x, path: dir1}, {name: y, path: dir2}]
+ # The path must be an absolute path.
externalBuilders:
- - path: /var/hyperledger/production/buildpacks/sampleBuilder
- name: sampleBuilder
+ - name: ccaas_builder
+ path: /opt/hyperledger/ccaas_builder
+ propagateEnvironment:
+ - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG
+
# The maximum duration to wait for the chaincode build and install process
# to complete.
@@ -647,14 +697,6 @@ ledger:
internalQueryLimit: 1000
# Limit on the number of records per CouchDB bulk update batch
maxBatchUpdateSize: 1000
- # Warm indexes after every N blocks.
- # This option warms any indexes that have been
- # deployed to CouchDB after every N blocks.
- # A value of 1 will warm indexes after every block commit,
- # to ensure fast selector queries.
- # Increasing the value may improve write efficiency of peer and CouchDB,
- # but may degrade query response time.
- warmIndexesAfterNBlocks: 1
# Create the _global_changes system database
# This is optional. Creating the global changes database will require
# additional system resources to track changes and maintain the database
@@ -689,6 +731,17 @@ ledger:
# deprioritizedDataReconcilerInterval (unit: minutes). Note that the
# interval needs to be greater than the reconcileSleepInterval
deprioritizedDataReconcilerInterval: 60m
+ # The frequency to purge private data (in number of blocks).
+ # Private data is purged from the peer's private data store based on
+ # the collection property blockToLive or an explicit chaincode call to PurgePrivateData().
+ purgeInterval: 100
+ # Whether to log private data keys purged from private data store (INFO level) when explicitly purged via chaincode
+ purgedKeyAuditLogging: true
+
+ snapshots:
+ # Path on the file system where peer will store ledger snapshots
+ # The path must be an absolute path.
+ rootDir: /var/hyperledger/production/snapshots
###############################################################################
#
@@ -705,6 +758,7 @@ operations:
enabled: false
# path to PEM encoded server certificate for the operations server
+ # The paths in this section may be relative to FABRIC_CFG_PATH or an absolute path.
cert:
file:
diff --git a/platforms/hyperledger-fabric/charts/fabric-peernode/requirements.yaml b/platforms/hyperledger-fabric/charts/fabric-peernode/requirements.yaml
index d00f80f0495..bf6d9895a8a 100644
--- a/platforms/hyperledger-fabric/charts/fabric-peernode/requirements.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-peernode/requirements.yaml
@@ -4,19 +4,19 @@ dependencies:
repository: "file://../../../shared/charts/bevel-storageclass"
tags:
- storage
- version: ~1.0.0
+ version: ~1.3.1
condition: storage.enabled
- name: fabric-catools
alias: certs
repository: "file://../fabric-catools"
tags:
- catools
- version: ~1.1.0
+ version: ~1.3.1
condition: certs.generateCertificates
- name: fabric-cli
alias: peer
repository: "file://../fabric-cli"
tags:
- cli
- version: ~1.1.0
+ version: ~1.3.1
condition: peer.cliEnabled
diff --git a/platforms/hyperledger-fabric/charts/fabric-peernode/templates/node-statefulset.yaml b/platforms/hyperledger-fabric/charts/fabric-peernode/templates/node-statefulset.yaml
index 221e18c0d10..caa73c4f092 100755
--- a/platforms/hyperledger-fabric/charts/fabric-peernode/templates/node-statefulset.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-peernode/templates/node-statefulset.yaml
@@ -367,7 +367,7 @@ spec:
{{- include "labels.pvc" . | nindent 8 }}
spec:
accessModes: [ "ReadWriteOnce" ]
- storageClassName: storage-{{ .Release.Name }}
+ storageClassName: {{ .Values.storage.nameOverride }}
resources:
requests:
storage: {{ .Values.storage.peer }}
@@ -377,7 +377,7 @@ spec:
{{- include "labels.pvc" . | nindent 8 }}
spec:
accessModes: [ "ReadWriteOnce" ]
- storageClassName: storage-{{ .Release.Name }}
+ storageClassName: {{ .Values.storage.nameOverride }}
resources:
requests:
storage: {{ .Values.storage.couchdb }}
diff --git a/platforms/hyperledger-fabric/charts/fabric-peernode/values.yaml b/platforms/hyperledger-fabric/charts/fabric-peernode/values.yaml
index 16d943f2d9a..29e233c49c0 100644
--- a/platforms/hyperledger-fabric/charts/fabric-peernode/values.yaml
+++ b/platforms/hyperledger-fabric/charts/fabric-peernode/values.yaml
@@ -50,6 +50,8 @@ storage:
#Flag to create new storage class for organization. Set to false for existing storage class.
#Eg. enabled: true
enabled: true
+ # Name override for storageclass
+ nameOverride: aws-storageclass
#Provide storage size for Peer Volume
#Eg. peer: 512Mi
peer: 512Mi
@@ -113,7 +115,7 @@ image:
couchdb: ghcr.io/hyperledger/bevel-fabric-couchdb
#Provide the valid repository for fabric peer
#Eg. peer: hyperledger/fabric-peer
- peer: ghcr.io/hyperledger/bevel-fabric-peer
+ peer: hyperledger/fabric-peer
#Provide the valid image name and version to read certificates from vault server
#Eg. alpineUtils: ghcr.io/hyperledger/bevel-alpine:latest
alpineUtils: ghcr.io/hyperledger/bevel-alpine:latest
@@ -137,7 +139,7 @@ peer:
#Flag to enable CLI for this peer
#Eg. cliEnabled: true
cliEnabled: false
- #Provide the address for orderer; optional is cliEnabled: false
+ #Provide the address for orderer; optional if cliEnabled: false
#Eg. ordererAddress: orderer1.test.blockchaincloudpoc.com:443
ordererAddress: orderer1.supplychain-net:7050
#Provide a valid chaincode builder image for Fabric
diff --git a/platforms/hyperledger-fabric/charts/values/proxy-and-vault/external-chaincode-commit.yaml b/platforms/hyperledger-fabric/charts/values/proxy-and-vault/external-chaincode-commit.yaml
new file mode 100644
index 00000000000..1936dbb6c54
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/values/proxy-and-vault/external-chaincode-commit.yaml
@@ -0,0 +1,68 @@
+global:
+ version: 2.5.4
+ serviceAccountName: vault-auth
+ cluster:
+ provider: aws
+ cloudNativeServices: false
+ vault:
+ type: hashicorp
+ network: fabric
+ address: http://ab200c0faaff9494e8fdd94cfdab5871-2042771978.eu-west-2.elb.amazonaws.com:8200
+ authPath: e01org4-tf
+ secretEngine: kv
+ secretPrefix: "data/e01org4-tf"
+ role: vault-role
+ tls: false
+ proxy:
+ provider: none
+ externalUrlSuffix: org4proxy.blockchaincloudpoc.com
+
+image:
+ fabrictools: ghcr.io/hyperledger/bevel-fabric-tools
+ alpineUtils: ghcr.io/hyperledger/bevel-alpine:latest
+ pullSecret: ""
+
+peer:
+ name: peer0
+ address: peer0.org4-tf-net:7051
+ localMspId: org4-tfMSP
+ logLevel: info
+ tlsStatus: true
+ ordererAddress: orderer1.orderer-tf-net:7050
+
+chaincode:
+ channel: tfnet-ch1
+ name: efcc
+ version: "1.0"
+ sequence: 1
+ arguments: InitLedger, []
+ endorsementPolicies: "OR('org4-tfMSP.member','org1-tfMSP.member')"
+ builder: hyperledger/fabric-ccenv:2.5.4
+ initRequired: false
+ pdc:
+ # Enable private data collections for the chaincode
+ enabled: true
+ # Collections configuration for private data collections base64 -w 0 encoded
+ collectionsConfig: WwogIHsKICAgICJuYW1lIjogImRhdGFwb2ludENvbGxlY3Rpb24iLAogICAgInBvbGljeSI6ICJPUignb3JnNC10Zk1TUC5tZW1iZXInLCdvcmcxLXRmTVNQLm1lbWJlcicpIiwKICAgICJyZXF1aXJlZFBlZXJDb3VudCI6IDEsCiAgICAibWF4UGVlckNvdW50IjogMSwKICAgICJibG9ja1RvTGl2ZSI6IDAsCiAgICAibWVtYmVyT25seVJlYWQiOiB0cnVlLAogICAgIm1lbWJlck9ubHlXcml0ZSI6IHRydWUsCiAgICAiZW5kb3JzZW1lbnRQb2xpY3kiOiB7CiAgICAgICJzaWduYXR1cmVQb2xpY3kiOiAiT1IoJ29yZzQtdGZNU1AubWVtYmVyJywnb3JnMS10Zk1TUC5tZW1iZXInKSIKICAgIH0KICB9LAogIHsKICAgICJuYW1lIjogIm9yZzQtdGZNU1AtUHJpdmF0ZUNvbGxlY3Rpb24iLAogICAgInBvbGljeSI6ICJPUignb3JnNC10Zk1TUC5tZW1iZXInKSIsCiAgICAicmVxdWlyZWRQZWVyQ291bnQiOiAwLAogICAgIm1heFBlZXJDb3VudCI6IDEsCiAgICAiYmxvY2tUb0xpdmUiOiAwLAogICAgIm1lbWJlck9ubHlSZWFkIjogZmFsc2UsCiAgICAibWVtYmVyT25seVdyaXRlIjogdHJ1ZSwKICAgICJlbmRvcnNlbWVudFBvbGljeSI6IHsKICAgICAgInNpZ25hdHVyZVBvbGljeSI6ICJPUignb3JnNC10Zk1TUC5tZW1iZXInKSIKICAgIH0KICB9LAogIHsKICAgICJuYW1lIjogIm9yZzEtdGZNU1AtUHJpdmF0ZUNvbGxlY3Rpb24iLAogICAgInBvbGljeSI6ICJPUignb3JnMS10Zk1TUC5tZW1iZXInKSIsCiAgICAicmVxdWlyZWRQZWVyQ291bnQiOiAwLAogICAgIm1heFBlZXJDb3VudCI6IDEsCiAgICAiYmxvY2tUb0xpdmUiOiAwLAogICAgIm1lbWJlck9ubHlSZWFkIjogZmFsc2UsCiAgICAibWVtYmVyT25seVdyaXRlIjogdHJ1ZSwKICAgICJlbmRvcnNlbWVudFBvbGljeSI6IHsKICAgICAgInNpZ25hdHVyZVBvbGljeSI6ICJPUignb3JnMS10Zk1TUC5tZW1iZXInKSIKICAgIH0KICB9Cl0=
+
+# Endorsers configuration (for commit operation)
+endorsers:
+ - name: org1-tf
+ corePeerAddress: peer0.org1-tf-net:7051
+ - name: org2-tf
+ corePeerAddress: peer0.org2-tf-net:7051
+ - name: org4-tf
+ corePeerAddress: peer0.org4-tf-net:7051
+
+# Lifecycle configuration
+# Control which operations to perform
+lifecycle:
+ approve:
+ enabled: false
+ waitForInstall: true
+ commit:
+ enabled: true
+ waitForApprove: true
+ invoke:
+ enabled: true
+ waitForCommit: true
diff --git a/platforms/hyperledger-fabric/charts/values/proxy-and-vault/external-chaincode.yaml b/platforms/hyperledger-fabric/charts/values/proxy-and-vault/external-chaincode.yaml
new file mode 100644
index 00000000000..4ddebc944e8
--- /dev/null
+++ b/platforms/hyperledger-fabric/charts/values/proxy-and-vault/external-chaincode.yaml
@@ -0,0 +1,54 @@
+global:
+ version: 2.5.4
+ serviceAccountName: vault-auth
+ cluster:
+ provider: aws
+ cloudNativeServices: false
+ vault:
+ type: hashicorp
+ network: fabric
+ address: http://ab200c0faaff9494e8fdd94cfdab5871-2042771978.eu-west-2.elb.amazonaws.com:8200
+ authPath: e01org4-tf
+ secretEngine: kv
+ secretPrefix: "data/e01org4-tf"
+ role: vault-role
+ tls: false
+ proxy:
+ provider: none
+ externalUrlSuffix: org4proxy.blockchaincloudpoc.com
+
+certs:
+ refreshCertValue: false
+ orgData:
+ caAddress: ca.org4-tf-net:7054
+ caAdminUser: org4-tf-admin
+ caAdminPassword: org4-tf-adminpw
+ orgName: org4-tf
+ type: peer
+ componentSubject: "O=org4-tf,OU=org4-tf,L=New York,C=US"
+
+image:
+ alpineUtils: ghcr.io/hyperledger/bevel-alpine:latest
+ catools: ghcr.io/hyperledger/bevel-fabric-ca:latest
+ fabrictools: ghcr.io/hyperledger/bevel-fabric-tools
+ external_chaincode: 339712881589.dkr.ecr.eu-west-2.amazonaws.com/tf-chaincode:1.0.141
+ pullSecret: ""
+
+peer:
+ name: peer0
+ address: peer0.org4-tf-net:7051
+ localMspId: org4-tfMSP
+ logLevel: info
+ tlsStatus: true
+
+chaincode:
+ name: efcc
+ version: "1.0"
+ crypto_mount_path: "/crypto"
+ tls: true
+ serviceType: ClusterIP
+ port: 7052
+ healthCheck:
+ retries: 20
+ sleepTimeAfterError: 15
+
diff --git a/platforms/hyperledger-fabric/charts/zkkafka/Chart.yaml b/platforms/hyperledger-fabric/charts/zkkafka/Chart.yaml
index 12a27faf1d9..52a0b1f3914 100644
--- a/platforms/hyperledger-fabric/charts/zkkafka/Chart.yaml
+++ b/platforms/hyperledger-fabric/charts/zkkafka/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
appVersion: "2.0"
description: "Hyperledger Fabric: Deploys zookeeper & kafka."
name: zkkafka
-version: 1.0.0
+version: 1.3.1
diff --git a/platforms/hyperledger-fabric/charts/zkkafka/README.md b/platforms/hyperledger-fabric/charts/zkkafka/README.md
index 7039d65b444..8e6bd988cff 100644
--- a/platforms/hyperledger-fabric/charts/zkkafka/README.md
+++ b/platforms/hyperledger-fabric/charts/zkkafka/README.md
@@ -21,7 +21,7 @@
## Zookeeper and Kafka Hyperledger Fabric Deployment Helm Chart
---
-A [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/zkkafka) to deploy zookeeper & kafka.
+A [Helm chart](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/zkkafka) to deploy zookeeper & kafka.
@@ -65,7 +65,7 @@ zkkafka/
## Configuration
---
-The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/zkkafka/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
+The [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/develop/platforms/hyperledger-fabric/charts/zkkafka/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:
### Metadata
@@ -115,7 +115,7 @@ The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hy
To deploy the zkkafka Helm chart, follow these steps:
-1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/zkkafka/values.yaml) file to set the desired configuration values.
+1. Modify the [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/zkkafka/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
@@ -141,7 +141,7 @@ Replace `` with the actual namespace where the StatefulSet was create
## Updating the Deployment
---
-If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/zkkafka/values.yaml) file with the desired changes and run the following Helm command:
+If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/zkkafka/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade ./zkkafka
```
@@ -162,7 +162,7 @@ Replace `` with the name of the release. This command will remove
## Contributing
---
-If you encounter any bugs, have suggestions, or would like to contribute to the [Zookeeper and Kafka Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/zkkafka), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).
+If you encounter any bugs, have suggestions, or would like to contribute to the [Zookeeper and Kafka Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger-bevel/bevel/blob/main/platforms/hyperledger-fabric/charts/zkkafka), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger-bevel/bevel).
diff --git a/platforms/hyperledger-fabric/configuration/README.md b/platforms/hyperledger-fabric/configuration/README.md
index 93edb1fb6a1..abadc77ed48 100644
--- a/platforms/hyperledger-fabric/configuration/README.md
+++ b/platforms/hyperledger-fabric/configuration/README.md
@@ -87,7 +87,7 @@ We are working on a verification document for Hyperledger Fabric.
```
ansible-playbook add-peer.yaml -e "@/path/to/network-fabric.yaml" -e "add_new_org='false'" -e "add_peer='true'"
```
- Follow steps in [README](https://github.com/hyperledger/bevel/docs/source/operations/adding_new_peer_fabric.md).
+ Follow steps in [README](https://github.com/hyperledger-bevel/bevel/docs/source/operations/adding_new_peer_fabric.md).
(Above command assumes that network.yaml is present in current directory with org_status tag and new organization details).
@@ -95,7 +95,7 @@ We are working on a verification document for Hyperledger Fabric.
```
ansible-playbook add-orderer.yaml -e "@/path/to/network-fabric.yaml"
```
- Follow steps in [README](https://github.com/hyperledger/bevel/docs/source/operations/adding_new_orderer_fabric.md).
+ Follow steps in [README](https://github.com/hyperledger-bevel/bevel/docs/source/operations/adding_new_orderer_fabric.md).
(Above command assumes that network.yaml is present in current directory with status tag in orderers under orderer organization and minimum three raft orderers running in the network ).
diff --git a/platforms/hyperledger-fabric/configuration/add-cli.yaml b/platforms/hyperledger-fabric/configuration/add-cli.yaml
index c2391648135..421550d7c5c 100644
--- a/platforms/hyperledger-fabric/configuration/add-cli.yaml
+++ b/platforms/hyperledger-fabric/configuration/add-cli.yaml
@@ -21,7 +21,7 @@
# Create CLI pod for peers with cli option enabled
- name: Create CLI pod for each peer with it enabled
include_role:
- name: "create/new_cli"
+ name: "create/cli_pod"
vars:
peers: "{{ org.services.peers }}"
docker_url: "{{ network.docker.url }}"
diff --git a/platforms/hyperledger-fabric/configuration/add-new-channel.yaml b/platforms/hyperledger-fabric/configuration/add-new-channel.yaml
index c5935d60ae9..17089d7095f 100644
--- a/platforms/hyperledger-fabric/configuration/add-new-channel.yaml
+++ b/platforms/hyperledger-fabric/configuration/add-new-channel.yaml
@@ -31,9 +31,9 @@
vars:
org: "{{ network['organizations'] | first }}"
docker_url: "{{ network.docker.url }}"
- kubernetes: "{{ org.k8s }}"
- generateGenisis: false
- when: genererate_configtx is defined and genererate_configtx == 'true'
+ kubernetes: "{{ org.k8s }}"
+ generateGenesis: false
+ when: generate_configtx is defined and generate_configtx == 'true'
# This role creates the value file for creating channel from creator organization
# to the vault.
diff --git a/platforms/hyperledger-fabric/configuration/add-orderer.yaml b/platforms/hyperledger-fabric/configuration/add-orderer.yaml
index 3285e1f9ad3..214d588d622 100644
--- a/platforms/hyperledger-fabric/configuration/add-orderer.yaml
+++ b/platforms/hyperledger-fabric/configuration/add-orderer.yaml
@@ -38,7 +38,7 @@
loop: "{{ network.organizations }}"
loop_control:
loop_var: org
- when: org.type == 'orderer' and '2.5.' not in network.version
+ when: not network.version.startswith('2.5.')
# This role creates value file new orderer
- name: "create new orderer"
@@ -47,11 +47,12 @@
vars:
build_path: "./build"
namespace: "{{ org.name | lower}}-net"
- component_type: "{{ org.type | lower}}"
org_name: "{{ org.name | lower }}"
+ sc_name: "{{ org_name }}-bevel-storageclass"
component_services: "{{ org.services }}"
kubernetes: "{{ org.k8s }}"
vault: "{{ org.vault }}"
+ sys_channel_name: "syschannel"
git_protocol: "{{ org.gitops.git_protocol }}"
git_url: "{{ org.gitops.git_url }}"
git_branch: "{{ org.gitops.branch }}"
@@ -77,7 +78,7 @@
loop: "{{ network.organizations }}"
loop_control:
loop_var: org
- when: org.type == 'orderer' and '2.5.' not in network.version
+ when: not network.version.startswith('2.5.')
# This role creates the value file for creating channel from creator organization
# to the vault.
@@ -88,7 +89,7 @@
build_path: "./build"
docker_url: "{{ network.docker.url }}"
loop: "{{ network['channels'] }}"
- when: add_new_org == 'false' and '2.5.' in network.version
+ when: add_new_org == 'false' and network.version.startswith('2.5.')
# Generate script to modify the fetched configuration block from application channel
- name: "Modify the application channel with tls and address information of new orderer"
@@ -105,7 +106,7 @@
loop: "{{ network.channels }}"
loop_control:
loop_var: channel
- when: '2.5.' not in network.version
+ when: not network.version.startswith('2.5.')
vars: #These variables can be overriden from the command line
add_new_org: 'false' #Default for this playbook is false
diff --git a/platforms/hyperledger-fabric/configuration/add-organization.yaml b/platforms/hyperledger-fabric/configuration/add-organization.yaml
index 87bea752215..c6c0cea5007 100644
--- a/platforms/hyperledger-fabric/configuration/add-organization.yaml
+++ b/platforms/hyperledger-fabric/configuration/add-organization.yaml
@@ -20,7 +20,7 @@
no_log: "{{ no_ansible_log | default(false) }}"
tasks:
- # delete build directory
+ # # delete build directory
- name: Remove build directory
file:
path: "./build"
@@ -51,6 +51,20 @@
loop_var: org
when:
- org.org_status is not defined or org.org_status == 'new'
+
+ # Create Storageclass for orgs
+ - name: "Create storageclass for each new organization"
+ include_role:
+ name: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/storageclass"
+ vars:
+ org_name: "{{ org.name | lower }}"
+ sc_name: "{{ org_name }}-bevel-storageclass"
+ region: "{{ org.k8s.region | default('eu-west-2') }}"
+ loop: "{{ network['organizations'] }}"
+ loop_control:
+ loop_var: org
+ when:
+ - org.org_status is not defined or org.org_status == 'new'
# Create CA Server helm-value files and check-in
- name: Create CA server for each organization
@@ -59,6 +73,7 @@
vars:
component_ns: "{{ org.name | lower}}-net"
component: "{{ org.name | lower}}"
+ sc_name: "{{ component }}-bevel-storageclass"
component_services: "{{ org.services }}"
kubernetes: "{{ org.k8s }}"
vault: "{{ org.vault }}"
@@ -79,16 +94,6 @@
prompt: "Sleeping... so that the client certificates are valid"
minutes: 6
- # Generate script to modify the fetched configuration block
- - include_role:
- name: "create/new_organization/create_block"
- vars:
- build_path: "./build"
- participants: "{{ channel.participants }}"
- channel_name: "{{ channel.channel_name | lower}}"
- loop: "{{ network['channels'] }}"
- loop_control:
- loop_var: channel
# This role creates the value file for peers of organisations and write couch db credentials
# to the vault.
@@ -97,9 +102,11 @@
name: "create/peers"
vars:
build_path: "./build"
- namespace: "{{ org.name | lower}}-net"
- component_type: "{{ org.type | lower}}"
+ namespace: "{{ org.name | lower }}-net"
+ component_type: "{{ org.type | lower }}"
component_services: "{{ org.services }}"
+ sc_name: "{{ org.name | lower }}-bevel-storageclass"
+ first_orderer: "{{ network.orderers | first }}"
kubernetes: "{{ org.k8s }}"
vault: "{{ org.vault }}"
git_protocol: "{{ org.gitops.git_protocol }}"
@@ -122,36 +129,36 @@
org: "{{ network['organizations'] | first }}"
docker_url: "{{ network.docker.url }}"
kubernetes: "{{ org.k8s }}"
- generateGenisis: false
- when: genererate_configtx is defined and genererate_configtx == 'true'
+ generateGenesis: false
+ when: generate_configtx is defined and generate_configtx == 'true'
- # This role is to start the existing peer cli
- # Fetch the configuration block and modify the block
- - include_role:
- name: "setup/config_block/fetch"
- vars:
- build_path: "./build"
- participants: "{{ item.participants }}"
- docker_url: "{{ network.docker.url }}"
- loop: "{{ network['channels'] }}"
+ # # This role is to start the existing peer cli
+ # # Fetch the configuration block and modify the block
+ # - include_role:
+ # name: "setup/config_block/fetch"
+ # vars:
+ # build_path: "./build"
+ # participants: "{{ item.participants }}"
+ # docker_url: "{{ network.docker.url }}"
+ # loop: "{{ network['channels'] }}"
- # This role fetch the block from the ansible host and get it signed from each existing organization admin
- - include_role:
- name: "setup/config_block/sign_and_update"
- vars:
- build_path: "./build"
- participants: "{{ item.participants }}"
- docker_url: "{{ network.docker.url }}"
- loop: "{{ network['channels'] }}"
+ # # This role fetch the block from the ansible host and get it signed from each existing organization admin
+ # - include_role:
+ # name: "setup/config_block/sign_and_update"
+ # vars:
+ # build_path: "./build"
+ # participants: "{{ item.participants }}"
+ # docker_url: "{{ network.docker.url }}"
+ # loop: "{{ network['channels'] }}"
- # This role fetches block 0 and joins peers of new organizaion to the channel
- - include_role:
- name: "create/channels_join"
- vars:
- build_path: "./build"
- participants: "{{ item.participants }}"
- docker_url: "{{ network.docker.url }}"
- loop: "{{ network['channels'] }}"
+ # # This role fetches block 0 and joins peers of new organizaion to the channel
+ # - include_role:
+ # name: "create/channels_join"
+ # vars:
+ # build_path: "./build"
+ # participants: "{{ item.participants }}"
+ # docker_url: "{{ network.docker.url }}"
+ # loop: "{{ network['channels'] }}"
vars: # These variables can be overriden from the command line
privilege_escalate: false # Default to NOT escalate to root privledges
@@ -159,4 +166,4 @@
install_arch: "amd64" # Default to amd64 architecture
bin_install_dir: "~/bin" # Default to /bin install directory for binaries
add_new_org: "true" # Default to true
- genererate_configtx: "true"
+ generate_configtx: "true"
diff --git a/platforms/hyperledger-fabric/configuration/add-peer.yaml b/platforms/hyperledger-fabric/configuration/add-peer.yaml
index 6b6e4b74d35..a3d8d357a41 100644
--- a/platforms/hyperledger-fabric/configuration/add-peer.yaml
+++ b/platforms/hyperledger-fabric/configuration/add-peer.yaml
@@ -45,6 +45,7 @@
namespace: "{{ org.name | lower}}-net"
component_type: "{{ org.type | lower}}"
component_services: "{{ org.services }}"
+ sc_name: "{{ org.name | lower }}-bevel-storageclass"
kubernetes: "{{ org.k8s }}"
vault: "{{ org.vault }}"
git_protocol: "{{ org.gitops.git_protocol }}"
diff --git a/platforms/hyperledger-fabric/configuration/approve-new-organization.yaml b/platforms/hyperledger-fabric/configuration/approve-new-organization.yaml
new file mode 100644
index 00000000000..21e3921dae6
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/approve-new-organization.yaml
@@ -0,0 +1,58 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+# This playbook adds an organization to a DLT with Fabric network on existing Kubernetes clusters
+# The Kubernetes clusters should already be created and the infomation to connect to the
+# clusters be updated in the network.yaml file that is used as an input to this playbook
+###########################################################################################
+# To Run this playbook from this directory, use the following command (network.yaml also in this directory)
+# ansible-playbook add-organization.yaml -e "@./network.yaml" -e "add_new_org='true'"
+############################################################################################
+# Please ensure that the ../../shared/configuration playbooks have been run and a DLT network exists.
+# Please ensure the orderer certificates are placed on the paths mentioned in orderer.certificate in network.yaml
+---
+ # This will apply to ansible_provisioners. /etc/ansible/hosts should be configured with this group
+- hosts: ansible_provisioners
+ gather_facts: no
+ no_log: "{{ no_ansible_log | default(false) }}"
+ tasks:
+ # Generate script to modify the fetched configuration block
+ - include_role:
+ name: "create/new_organization/create_block"
+ vars:
+ build_path: "./build"
+ participants: "{{ channel.participants }}"
+ channel_name: "{{ channel.channel_name | lower}}"
+ loop: "{{ network['channels'] }}"
+ loop_control:
+ loop_var: channel
+
+ # This role is to start the existing peer cli
+ # Fetch the configuration block and modify the block
+ - include_role:
+ name: "setup/config_block/fetch"
+ vars:
+ build_path: "./build"
+ participants: "{{ item.participants }}"
+ docker_url: "{{ network.docker.url }}"
+ loop: "{{ network['channels'] }}"
+
+ # This role fetch the block from the ansible host and get it signed from each existing organization admin
+ - include_role:
+ name: "setup/config_block/sign_and_update"
+ vars:
+ build_path: "./build"
+ participants: "{{ item.participants }}"
+ docker_url: "{{ network.docker.url }}"
+ loop: "{{ network['channels'] }}"
+
+ vars: # These variables can be overriden from the command line
+ privilege_escalate: false # Default to NOT escalate to root privledges
+ install_os: "linux" # Default to linux OS
+ install_arch: "amd64" # Default to amd64 architecture
+ bin_install_dir: "~/bin" # Default to /bin install directory for binaries
+ add_new_org: "true" # Default to true
+ generate_configtx: "true"
diff --git a/platforms/hyperledger-fabric/configuration/collections/collections_config.json b/platforms/hyperledger-fabric/configuration/collections/collections_config.json
new file mode 100644
index 00000000000..cef4df4e1e7
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/collections/collections_config.json
@@ -0,0 +1,38 @@
+[
+ {
+ "name": "datapointCollection",
+ "policy": "OR('org4-tfMSP.member','org1-tfMSP.member')",
+ "requiredPeerCount": 1,
+ "maxPeerCount": 1,
+ "blockToLive": 0,
+ "memberOnlyRead": true,
+ "memberOnlyWrite": true,
+ "endorsementPolicy": {
+ "signaturePolicy": "OR('org4-tfMSP.member','org1-tfMSP.member')"
+ }
+ },
+ {
+ "name": "org4-tfMSP-PrivateCollection",
+ "policy": "OR('org4-tfMSP.member')",
+ "requiredPeerCount": 0,
+ "maxPeerCount": 1,
+ "blockToLive": 0,
+ "memberOnlyRead": false,
+ "memberOnlyWrite": true,
+ "endorsementPolicy": {
+ "signaturePolicy": "OR('org4-tfMSP.member')"
+ }
+ },
+ {
+ "name": "org1-tfMSP-PrivateCollection",
+ "policy": "OR('org1-tfMSP.member')",
+ "requiredPeerCount": 0,
+ "maxPeerCount": 1,
+ "blockToLive": 0,
+ "memberOnlyRead": false,
+ "memberOnlyWrite": true,
+ "endorsementPolicy": {
+ "signaturePolicy": "OR('org1-tfMSP.member')"
+ }
+ }
+]
\ No newline at end of file
diff --git a/platforms/hyperledger-fabric/configuration/collections/collections_config_at.json b/platforms/hyperledger-fabric/configuration/collections/collections_config_at.json
new file mode 100644
index 00000000000..e08abc595ca
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/collections/collections_config_at.json
@@ -0,0 +1,26 @@
+[
+ {
+ "name": "assetCollection",
+ "policy": "OR('org1-tfMSP.member')",
+ "requiredPeerCount": 0,
+ "maxPeerCount": 1,
+ "blockToLive":1000000,
+ "memberOnlyRead": true,
+ "memberOnlyWrite": true,
+ "endorsementPolicy": {
+ "signaturePolicy":"OR('org1-tfMSP.member')"
+ }
+},
+ {
+ "name": "org1-tfMSPPrivateCollection",
+ "policy": "OR('org1-tfMSP.member')",
+ "requiredPeerCount": 0,
+ "maxPeerCount": 1,
+ "blockToLive":3,
+ "memberOnlyRead": true,
+ "memberOnlyWrite": false,
+ "endorsementPolicy": {
+ "signaturePolicy": "OR('org1-tfMSP.member')"
+ }
+ }
+]
diff --git a/platforms/hyperledger-fabric/configuration/collections/collections_config_at1.json b/platforms/hyperledger-fabric/configuration/collections/collections_config_at1.json
new file mode 100644
index 00000000000..ee68d034059
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/collections/collections_config_at1.json
@@ -0,0 +1,38 @@
+[
+ {
+ "name": "assetCollection",
+ "policy": "OR('org1-tfMSP.member','org2-tfMSP.member')",
+ "requiredPeerCount": 1,
+ "maxPeerCount": 1,
+ "blockToLive":1000000,
+ "memberOnlyRead": true,
+ "memberOnlyWrite": true,
+ "endorsementPolicy": {
+ "signaturePolicy":"OR('org1-tfMSP.member','org2-tfMSP.member')"
+ }
+},
+ {
+ "name": "org1-tfMSPPrivateCollection",
+ "policy": "OR('org1-tfMSP.member')",
+ "requiredPeerCount": 0,
+ "maxPeerCount": 1,
+ "blockToLive":3,
+ "memberOnlyRead": true,
+ "memberOnlyWrite": false,
+ "endorsementPolicy": {
+ "signaturePolicy": "OR('org1-tfMSP.member')"
+ }
+ },
+{
+ "name": "org2-tfMSPPrivateCollection",
+ "policy": "OR('org2-tfMSP.member')",
+ "requiredPeerCount": 0,
+ "maxPeerCount": 1,
+ "blockToLive":3,
+ "memberOnlyRead": true,
+ "memberOnlyWrite": false,
+ "endorsementPolicy": {
+ "signaturePolicy": "OR('org2-tfMSP.member')"
+ }
+}
+]
diff --git a/platforms/hyperledger-fabric/configuration/collections/collections_config_v1.json b/platforms/hyperledger-fabric/configuration/collections/collections_config_v1.json
new file mode 100644
index 00000000000..c5ef393520d
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/collections/collections_config_v1.json
@@ -0,0 +1,14 @@
+[
+ {
+ "name": "org1-tfMSP-PrivateCollection",
+ "policy": "OR('org1-tfMSP.member')",
+ "requiredPeerCount": 0,
+ "maxPeerCount": 1,
+ "blockToLive": 0,
+ "memberOnlyRead": false,
+ "memberOnlyWrite": true,
+ "endorsementPolicy": {
+ "signaturePolicy": "OR('org1-tfMSP.member')"
+ }
+ }
+]
\ No newline at end of file
diff --git a/platforms/hyperledger-fabric/configuration/create-join-channel.yaml b/platforms/hyperledger-fabric/configuration/create-join-channel.yaml
index ffe52647ec3..cd8fb4f7de1 100644
--- a/platforms/hyperledger-fabric/configuration/create-join-channel.yaml
+++ b/platforms/hyperledger-fabric/configuration/create-join-channel.yaml
@@ -16,45 +16,6 @@
gather_facts: no
no_log: "{{ no_ansible_log | default(false) }}"
tasks:
- # Create or get Orderer crypto materials
- - include_role:
- name: "create/crypto/orderer"
- vars:
- component_name: "{{ item.name | lower}}-net"
- component_type: "{{ item.type | lower}}"
- org_name: "{{ item.name }}"
- services: "{{ item.services }}"
- subject: "{{ item.subject }}"
- ca_url: "{{ item.ca_data.url }}"
- kubernetes: "{{ item.k8s }}"
- vault: "{{ item.vault }}"
- loop: "{{ network['organizations'] }}"
- when: item.type == 'orderer'
-
- # Create or get Organization crypto materials
- - include_role:
- name: "create/crypto/peer"
- vars:
- component_name: "{{ item.name | lower}}-net"
- component_type: "{{ item.type | lower}}"
- org_name: "{{ item.name }}"
- services: "{{ item.services }}"
- subject: "{{ item.subject }}"
- ca_url: "{{ item.ca_data.url }}"
- kubernetes: "{{ item.k8s }}"
- vault: "{{ item.vault }}"
- add_new_org: "false"
- loop: "{{ network['organizations'] }}"
- when: item.type == 'peer'
-
- #Creating channel artifacts
- # This role creates configtx.yaml file as the requirements mentioned in network.yaml
- # which is then consumed by configtxgen tool
- - include_role:
- name: "create/configtx"
- vars:
- config_file: "./build/configtx.yaml"
-
# This role generate channeltx
- include_role:
name: "create/channel_artifacts"
@@ -88,7 +49,6 @@
docker_url: "{{ network.docker.url }}"
participants: "{{ item.participants }}"
loop: "{{ network['channels'] }}"
- when: item.channel_status == 'new'
# delete build directory
- name: Remove build directory
diff --git a/platforms/hyperledger-fabric/configuration/deploy-ca-servers.yaml b/platforms/hyperledger-fabric/configuration/deploy-ca-servers.yaml
new file mode 100644
index 00000000000..2b64e4abaa0
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/deploy-ca-servers.yaml
@@ -0,0 +1,85 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+# This playbook deploys a DLT network on existing Kubernetes clusters
+# The Kubernetes clusters should already be created and the information to connect to the
+# clusters be updated in the network.yaml file that is used as an input to this playbook
+###########################################################################################
+# To Run this playbook from this directory, use the following command (network.yaml also in this directory)
+# ansible-playbook deploy-network.yaml -e "@./network.yaml"
+############################################################################################
+# Please ensure that the ../../shared/configuration playbooks have been run using the same network.yaml
+---
+ # This will apply to ansible_provisioners. /etc/ansible/hosts should be configured with this group
+- hosts: ansible_provisioners
+ gather_facts: no
+ no_log: "{{ no_ansible_log | default(false) }}"
+ tasks:
+ # delete build directory
+ - name: Remove build directory
+ file:
+ path: "./build"
+ state: absent
+
+ # Create Namespaces and Vault-rbac kubernetes-value files
+ - name: Create namespace and Vault auth for each organization
+ include_role:
+ name: "create/namespace"
+ vars:
+ component_name: "{{ org.name | lower }}-net"
+ kubernetes: "{{ org.k8s }}"
+ release_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
+ loop: "{{ network['organizations'] }}"
+ loop_control:
+ loop_var: org
+
+ # Create necessary secrets
+ - name: "Create k8s secrets"
+ include_role:
+ name: create/secrets
+ vars:
+ component_ns: "{{ org.name | lower }}-net"
+ kubernetes: "{{ org.k8s }}"
+ vault: "{{ org.vault }}"
+ loop: "{{ network['organizations'] }}"
+ loop_control:
+ loop_var: org
+ when:
+ - org.org_status is not defined or org.org_status == 'new'
+
+ # Create Storageclass for orgs
+ - name: "Create storageclass for each organization"
+ include_role:
+ name: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/storageclass"
+ vars:
+ org_name: "{{ org.name | lower }}"
+ sc_name: "{{ org_name }}-bevel-storageclass"
+ region: "{{ org.k8s.region | default('eu-west-2') }}"
+ loop: "{{ network['organizations'] }}"
+ loop_control:
+ loop_var: org
+ when:
+ - org.org_status is not defined or org.org_status == 'new'
+
+ # Create CA Server helm-value files and check-in
+ - name: Create CA server for each organization
+ include_role:
+ name: "create/ca_server"
+ vars:
+ component_ns: "{{ org.name | lower}}-net"
+ component: "{{ org.name | lower }}"
+ sc_name: "{{ component }}-bevel-storageclass"
+ component_services: "{{ org.services }}"
+ kubernetes: "{{ org.k8s }}"
+ vault: "{{ org.vault }}"
+ ca: "{{ org.services.ca }}"
+ docker_url: "{{ network.docker.url }}"
+ gitops: "{{ org.gitops }}"
+ values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
+ loop: "{{ network['organizations'] }}"
+ loop_control:
+ loop_var: org
+ when: org.services.ca is defined
diff --git a/platforms/hyperledger-fabric/configuration/deploy-network.yaml b/platforms/hyperledger-fabric/configuration/deploy-network.yaml
index 64c9009dea6..55d19e25ea7 100644
--- a/platforms/hyperledger-fabric/configuration/deploy-network.yaml
+++ b/platforms/hyperledger-fabric/configuration/deploy-network.yaml
@@ -49,14 +49,29 @@
loop_var: org
when:
- org.org_status is not defined or org.org_status == 'new'
-
+
+ # Create Storageclass for orgs
+ - name: "Create storageclass for each organization"
+ include_role:
+ name: "{{ playbook_dir }}/../../../platforms/shared/configuration/roles/setup/storageclass"
+ vars:
+ org_name: "{{ org.name | lower }}"
+ sc_name: "{{ org_name }}-bevel-storageclass"
+ region: "{{ org.k8s.region | default('eu-west-2') }}"
+ loop: "{{ network['organizations'] }}"
+ loop_control:
+ loop_var: org
+ when:
+ - org.org_status is not defined or org.org_status == 'new'
+
# Create CA Server helm-value files and check-in
- name: Create CA server for each organization
include_role:
name: "create/ca_server"
vars:
component_ns: "{{ org.name | lower}}-net"
- component: "{{ org.name | lower}}"
+ component: "{{ org.name | lower }}"
+ sc_name: "{{ component }}-bevel-storageclass"
component_services: "{{ org.services }}"
kubernetes: "{{ org.k8s }}"
vault: "{{ org.vault }}"
@@ -83,6 +98,7 @@
build_path: "./build"
namespace: "{{ org.name | lower}}-net"
org_name: "{{ org.name | lower }}"
+ sc_name: "{{ org_name }}-bevel-storageclass"
component_services: "{{ org.services }}"
kubernetes: "{{ org.k8s }}"
vault: "{{ org.vault }}"
@@ -105,9 +121,11 @@
name: "create/peers"
vars:
build_path: "./build"
- namespace: "{{ org.name | lower}}-net"
- component_type: "{{ org.type | lower}}"
+ namespace: "{{ org.name | lower }}-net"
+ component_type: "{{ org.type | lower }}"
component_services: "{{ org.services }}"
+ sc_name: "{{ org.name | lower }}-bevel-storageclass"
+ first_orderer: "{{ network.orderers | first }}"
kubernetes: "{{ org.k8s }}"
vault: "{{ org.vault }}"
git_protocol: "{{ org.gitops.git_protocol }}"
@@ -121,14 +139,14 @@
loop_var: org
when: org.services.peers is defined and org.services.peers | length > 0
- - name: "Create genesis block"
+ - name: "Create genesis block for bootstrap network"
include_role:
name: "create/genesis"
vars:
org: "{{ network['organizations'] | first }}"
docker_url: "{{ network.docker.url }}"
- kubernetes: "{{ org.k8s }}"
- generateGenisis: true
+ kubernetes: "{{ org.k8s }}"
+ generateGenesis: true
vars: #These variables can be overriden from the command line
privilege_escalate: false #Default to NOT escalate to root privledges
diff --git a/platforms/hyperledger-fabric/configuration/external-chaincode-ops.yaml b/platforms/hyperledger-fabric/configuration/external-chaincode-ops.yaml
index 364c1d68bb6..2234a315119 100644
--- a/platforms/hyperledger-fabric/configuration/external-chaincode-ops.yaml
+++ b/platforms/hyperledger-fabric/configuration/external-chaincode-ops.yaml
@@ -17,107 +17,7 @@
file:
path: "./build"
state: absent
- # This role updates the peers with updated core.yaml
- - name: Create all peers with core.yaml
- include_role:
- name: "create/peers"
- vars:
- build_path: "./build"
- namespace: "{{ item.name | lower}}-net"
- component_type: "{{ item.type | lower}}"
- component_services: "{{ item.services }}"
- vault: "{{ item.vault }}"
- git_protocol: "{{ item.gitops.git_protocol }}"
- git_url: "{{ item.gitops.git_url }}"
- git_branch: "{{ item.gitops.branch }}"
- docker_url: "{{ network.docker.url }}"
- charts_dir: "{{ item.gitops.chart_source }}"
- values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
- loop: "{{ network['organizations'] }}"
- when: item.type == 'peer'
-
- ############################################################################################
- # Check if CA server is available
- - name: "Check for the CA server running in {{ item.name | lower }}-net"
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
- vars:
- component_name: "{{ component_services.ca.name }}-tools"
- component: "{{ item.name | lower}}"
- component_type: "Pod"
- component_services: "{{ item.services }}"
- namespace: "{{ item.name | lower }}-net"
- kubernetes: "{{ item.k8s }}"
- label_selectors:
- - name = {{ component_name }}
- vault: "{{ item.vault }}"
- ca: "{{ item.services.ca }}"
- loop: "{{ network['organizations'] }}"
- when:
- - item.type == 'peer'
-
- ############################################################################################
- # Check if CA CLI is available
- - name: "Check for the CA tools to be running in {{ item.name | lower }}-net"
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
- vars:
- component_name: "{{ component_services.ca.name }}-tools"
- component: "{{ item.name | lower}}"
- component_type: "Pod"
- component_services: "{{ item.services }}"
- namespace: "{{ item.name | lower }}-net"
- kubernetes: "{{ item.k8s }}"
- label_selectors:
- - name = {{ component_name }}
- vault: "{{ item.vault }}"
- ca: "{{ item.services.ca }}"
- loop: "{{ network['organizations'] }}"
- when:
- - item.type == 'peer'
-
- ############################################################################################
- # This task generates the crypto material by executing the generate-crypto-peer-chaincode.sh script
- - name: Generate crypto material for peer to interact with external chaincode servers
- include_role:
- name: "create/chaincode/peer_certs"
- vars:
- component_name: "{{ item.name | lower }}-net"
- component_type: "{{ item.type | lower }}"
- org_name: "{{ item.name | lower }}"
- services: "{{ item.services }}"
- subject: "{{ item.subject }}"
- cert_subject: "{{ item.subject | regex_replace('/', ';') | regex_replace(',', '/') | regex_replace(';', ',') }}" # replace , to / and / to , for certpath
- kubernetes: "{{ item.k8s }}"
- vault: "{{ item.vault }}"
- users: "{{ item.users }}"
- ca_server_url: "{{ item.ca_data.url }}"
- setup_user_env: true
- loop: "{{ network['organizations'] }}"
- when:
- - item.type == 'peer'
-
- ############################################################################################
- # This task generates the crypto material by executing the generate-crypto-chaincode-server.sh script
- - name: Generate crypto material for external chaincode servers
- include_role:
- name: "create/chaincode/server_certs"
- vars:
- component_name: "{{ item.name | lower }}-net"
- component_type: "{{ item.type | lower }}"
- org_name: "{{ item.name | lower }}"
- services: "{{ item.services }}"
- subject: "{{ item.subject }}"
- cert_subject: "{{ item.subject | regex_replace('/', ';') | regex_replace(',', '/') | regex_replace(';', ',') }}" # replace , to / and / to , for certpath
- kubernetes: "{{ item.k8s }}"
- vault: "{{ item.vault }}"
- users: "{{ item.users }}"
- ca_server_url: "{{ item.ca_data.url }}"
- setup_user_env: true
- loop: "{{ network['organizations'] }}"
- when:
- - item.type == 'peer'
-
+
############################################################################################
# This task installs the external chaincode on the desired peers
- name: Install external chaincode
@@ -126,84 +26,34 @@
vars:
docker_url: "{{ network.docker.url }}"
envspace: "{{ network.env.type }}"
- name: "{{ item.name | lower}}"
- namespace: "{{ item.name | lower}}-net"
- component_type: "{{ item.type | lower}}"
- component_peers: "{{ item.services.peers }}"
- org_name: "{{ item.name | lower }}"
- org_ns: "{{ item.name | lower }}-net"
- kubernetes: "{{ item.k8s }}"
- vault: "{{ item.vault }}"
- peers: "{{ item.services.peers }}"
- git_url: "{{ item.gitops.git_url }}"
- git_branch: "{{ item.gitops.branch }}"
- charts_dir: "{{ item.gitops.chart_source }}"
- values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
- loop: "{{ network['organizations'] }}"
- when:
- - item.type == 'peer'
- - item.org_status == 'new'
-
- ############################################################################################
- # This task deploys the external chaincode server for desired org
- - name: Deploy external chaincode server
- include_role:
- name: "create/external_chaincode_server"
- vars:
- docker_url: "{{ network.docker.url }}"
- name: "{{ item.name | lower}}"
- namespace: "{{ item.name | lower}}-net"
- component_type: "{{ item.type | lower}}"
- component_peers: "{{ item.services.peers }}"
- org_name: "{{ item.name | lower }}"
- org_ns: "{{ item.name | lower }}-net"
- kubernetes: "{{ item.k8s }}"
- vault: "{{ item.vault }}"
- peers: "{{ item.services.peers }}"
- git_url: "{{ item.gitops.git_url }}"
- git_branch: "{{ item.gitops.branch }}"
- charts_dir: "{{ item.gitops.chart_source }}"
- values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
+ name: "{{ org.name | lower }}"
+ namespace: "{{ org.name | lower }}-net"
+ component_subject: "{{ org.subject }}"
+ component_peers: "{{ org.services.peers }}"
+ kubernetes: "{{ org.k8s }}"
+ vault: "{{ org.vault }}"
+ git_url: "{{ org.gitops.git_url }}"
+ git_branch: "{{ org.gitops.branch }}"
+ charts_dir: "{{ org.gitops.chart_source }}"
+ values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
loop: "{{ network['organizations'] }}"
- when:
- - item.type == 'peer'
- - item.org_status == 'new'
+ loop_control:
+ loop_var: org
+ when:
+ - org.services.peers is defined
############################################################################################
- # This task approves desired installed chaincode on the peers
- - name: "Approve chaincode"
+ # This task completes the lifecyle of installed chaincode on the peers
+ - name: "Complete chaincode lifecycle"
include_role:
- name: "create/chaincode/approve"
+ name: "create/chaincode/lifecycle"
vars:
participants: "{{ item.participants }}"
+ endorsers: "{{ item.endorsers }}"
docker_url: "{{ network.docker.url }}"
loop: "{{ network['channels'] }}"
when: participants is defined and '2.' in network.version
- ############################################################################################
- # This task commits the desired approved chaincode
- - name: Commit chaincode
- include_role:
- name: "create/chaincode/commit"
- vars:
- participants: "{{ item.participants }}"
- docker_url: "{{ network.docker.url }}"
- approvers: "{{ item.endorsers }}"
- loop: "{{ network['channels'] }}"
- when: add_new_org == 'false' and '2.' in network.version
-
- # This task invokes chaincode after the chaincode has been commited in v2 and
- # after chaincode installation for the new organization to be added in existing network
- - name: Invoke chaincode
- include_role:
- name: "create/chaincode/invoke"
- vars:
- participants: "{{ item.participants }}"
- docker_url: "{{ network.docker.url }}"
- approvers: "{{ item.endorsers | default('', true) }}"
- loop: "{{ network['channels'] }}"
- when: add_new_org == 'true' or '2.' in network.version
-
vars: #These variables can be overriden from the command line
privilege_escalate: false #Default to NOT escalate to root privledges
install_os: "linux" #Default to linux OS
diff --git a/platforms/hyperledger-fabric/configuration/manage-user-certificate.yaml b/platforms/hyperledger-fabric/configuration/manage-user-certificate.yaml
index 1901b34b450..c96f7f6cd0c 100644
--- a/platforms/hyperledger-fabric/configuration/manage-user-certificate.yaml
+++ b/platforms/hyperledger-fabric/configuration/manage-user-certificate.yaml
@@ -31,7 +31,7 @@
namespace: "{{ item.name | lower }}-net"
kubernetes: "{{ item.k8s }}"
label_selectors:
- - name = {{ component_name }}
+ - app = {{ component_name }}
vault: "{{ item.vault }}"
ca: "{{ item.services.ca }}"
loop: "{{ network['organizations'] }}"
@@ -48,7 +48,7 @@
namespace: "{{ item.name | lower }}-net"
kubernetes: "{{ item.k8s }}"
label_selectors:
- - name = {{ component_name }}
+ - app = {{ component_name }}
vault: "{{ item.vault }}"
ca: "{{ item.services.ca }}"
loop: "{{ network['organizations'] }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/ca_server/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/ca_server/tasks/main.yaml
index 16cdc3413bf..6ad639cb3ef 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/ca_server/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/ca_server/tasks/main.yaml
@@ -44,3 +44,29 @@
GIT_DIR: "{{ playbook_dir }}/../../../"
gitops: "{{ org.gitops }}"
msg: "[ci skip] Pushing CA Server files"
+
+# Check if CA server is available
+- name: "Waiting for the CA server to be created in {{ org.name | lower }}-net"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
+ vars:
+ component_type: "Pod"
+ namespace: "{{ org.name | lower }}-net"
+ component_name: "{{ ca.name }}"
+ label_selectors:
+ - app = {{ component_name }}
+
+- name: Create certificate directory
+ file:
+ path: "{{ org.ca_data.certificate | dirname }}"
+ state: directory
+ mode: '0755'
+ recurse: yes
+
+# Copy tls server.crt from vault to the build directory
+- name: Fetch the tls server.crt from vault
+ shell: |
+ vault kv get -field=rootca_pem {{ vault.secret_path | default('secretsv2') }}/{{ network.env.type }}{{ org.name | lower }}/ca > {{ org.ca_data.certificate }}
+ environment:
+ VAULT_ADDR: "{{ vault.url }}"
+ VAULT_TOKEN: "{{ vault.root_token }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/main.yaml
index f3724775918..62b5cd146df 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/main.yaml
@@ -1,28 +1,10 @@
###########################################################################################
-# Create package file
-- name: Create package file
- include_tasks: create_package.yaml
- vars:
- first_peer: "{{ peers[0] }}"
- chaincode_name: "{{ chaincode.name | lower }}"
- package_dir: "./build/tmp/package/{{ org_ns }}"
- package_name: "{{ chaincode.name | lower }}_{{ chaincode.version }}"
- loop: "{{ peers[0].chaincodes }}"
- loop_control:
- loop_var: chaincode
- when:
- - peers is defined
- - peers | length > 0
- - peers[0].chaincodes is defined
-
# Install the external chaincode details
-- name: Install the external chaincode details
+- name: Install the external chaincode package and server
include_tasks: nested_main.yaml
vars:
- chaincode_name: "{{ peer.chaincode.name | lower }}"
- chaincode_version: "{{ peer.chaincode.version }}"
- envspace: "{{ envspace }}"
- loop: "{{ peers }}"
+ peer_chaincodes: "{{ peer.chaincodes }}"
+ loop: "{{ component_peers }}"
loop_control:
loop_var: peer
when:
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml
index 33a9b81d401..b7a9216e2d8 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml
@@ -7,10 +7,9 @@
# Create value file for chaincode invokes
- name: "Create value file for chaincode invokes"
include_tasks: valuefile.yaml
- vars:
- component_peers: "{{ item.services.peers }}"
- peer_chaincodes: "{{ peer.chaincodes }}"
loop: "{{ peer_chaincodes }}"
loop_control:
loop_var: chaincode
- when: chaincode.external_chaincode is defined and chaincode.external_chaincode == true
+ when:
+ - chaincode.external_chaincode is defined and chaincode.external_chaincode == true
+ - peer.peerstatus is not defined or peer.peerstatus == 'new'
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/valuefile.yaml b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/valuefile.yaml
index c89b04d8d81..af2327706d9 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/valuefile.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/valuefile.yaml
@@ -1,21 +1,3 @@
-# Check if buildpack_path exists
-- name: Check if buildpack_path exists
- stat:
- path: "{{ chaincode.buildpack_path }}"
- register: buildpack_path_file
- failed_when:
- - buildpack_path_file.stat.exists == false
-
-# Copy buildpack for external chaincode
-- name: Copy buildpack for external chaincode
- shell: |
- KUBECONFIG={{ kubernetes.config_file }} kubectl exec -i -n {{ org_ns }} {{ peer.name }}-0 -c {{ peer.name }} -- mkdir -p /var/hyperledger/production/buildpacks/sampleBuilder/bin
- KUBECONFIG={{ kubernetes.config_file }} kubectl cp {{ chaincode.buildpack_path }}/. {{ org_ns }}/{{ peer.name }}-0:/var/hyperledger/production/buildpacks/sampleBuilder/bin -c {{ peer.name }}
- KUBECONFIG={{ kubernetes.config_file }} kubectl exec -i -n {{ org_ns }} {{ peer.name }}-0 -c {{ peer.name }} -- sh -c "cd /var/hyperledger/production/buildpacks/sampleBuilder/bin && mv */* ./"
- KUBECONFIG={{ kubernetes.config_file }} kubectl exec -i -n {{ org_ns }} {{ peer.name }}-0 -c {{ peer.name }} -- chmod -R 777 /var/hyperledger/production/buildpacks/sampleBuilder/bin/
- when:
- - chaincode.buildpack_path is defined
-
# Create value file for chaincode installation
- name: "Create value file for chaincode installation"
include_role:
@@ -25,7 +7,7 @@
type: "install_external_chaincode_job"
peer_name: "{{ peer.name }}"
peer_address: "{{ peer.name }}.{{ namespace }}:{{ peer.grpc.port }}"
- component_name: "instextcc-{{ peer.name }}-{{ chaincode.name }}-{{ chaincode.version | replace('.','-')}}"
+ component_name: "{{ peer.name }}-{{ chaincode.name }}-{{ chaincode.version | replace('.','-')}}"
component_chaincode: "{{ chaincode }}"
# Git Push : Push the above generated files to git directory
@@ -34,13 +16,5 @@
name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
vars:
GIT_DIR: "{{ playbook_dir }}/../../../"
- gitops: "{{ item.gitops }}"
+ gitops: "{{ org.gitops }}"
msg: "[ci skip] Pushing install external files"
-
-# Check or Wait if install-chaincode is already run
-- name: "Waiting for chaincode to be installed on {{ peer.name }}"
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
- vars:
- component_type: "Job"
- component_name: "{{ 'installchaincode' if chaincode is defined and ( chaincode.external_chaincode is undefined or chaincode.external_chaincode == false ) else 'instextcc' }}-{{ peer.name }}-{{ chaincode.name }}-{{ chaincode.version }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/main.yaml
new file mode 100644
index 00000000000..9f1649c516e
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/main.yaml
@@ -0,0 +1,21 @@
+##############################################################################################
+# Copyright Sownak Roy. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+#############################################################################################
+# This role creates value file for the deployment of chaincode lifecycle
+#############################################################################################
+
+---
+# Create value file for chaincode lifecycle
+- name: "Create value file for chaincode lifecycle"
+ include_tasks: nested_lifecycle.yaml
+ vars:
+ org_query: "organizations[?name=='{{ participant.name }}']"
+ org: "{{ network | json_query(org_query) | first | default({}) }}"
+ loop: "{{ participants }}"
+ loop_control:
+ loop_var: participant
+ when: org != {} and org is not none
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/nested_lifecycle.yaml b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/nested_lifecycle.yaml
new file mode 100644
index 00000000000..90d57f66b0b
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/nested_lifecycle.yaml
@@ -0,0 +1,15 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+---
+# Create value file for chaincode lifecycle
+- name: "Create value file for chaincode lifecycle"
+ include_tasks: nested_valuefile.yaml
+ vars:
+ name: "{{ org.name | lower }}"
+ namespace: "{{ org.name | lower }}-net"
+ component_type: "peer"
+ peer: "{{ org.services.peers | first }}" # Only one peer needed to approve/commit/invoke
+ when: peer.chaincodes is defined
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/nested_valuefile.yaml b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/nested_valuefile.yaml
new file mode 100644
index 00000000000..ac583a60f71
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/nested_valuefile.yaml
@@ -0,0 +1,16 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+---
+# Create value file for chaincode lifecycle
+- name: "Create value file for chaincode approvals"
+ include_tasks: valuefile.yaml
+ vars:
+ component_peers: "{{ org.services.peers }}"
+ peer_chaincodes: "{{ peer.chaincodes }}"
+ loop: "{{ peer_chaincodes }}"
+ loop_control:
+ loop_var: chaincode
+ when: chaincode.name in item.chaincodes
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/valuefile.yaml b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/valuefile.yaml
new file mode 100644
index 00000000000..c99ba32a773
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/lifecycle/tasks/valuefile.yaml
@@ -0,0 +1,67 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+---
+# Check if all endorser certs are present
+- name: "Check if all endorser certs exists"
+ stat:
+ path: "{{ endorser.certificate }}"
+ register: check_cert
+ failed_when: check_cert.stat.exists == false
+ loop: "{{ endorsers }}"
+ loop_control:
+ loop_var: endorser
+ when:
+ - endorsers is defined
+
+# Check if pdc collection config file exists, if provided
+- name: "Check if pdc collections config file exists"
+ stat:
+ path: "{{ chaincode.collections_config }}"
+ register: check_file
+ failed_when: check_file.stat.exists == false
+ when:
+ - chaincode.collections_config is defined
+
+# Log debug message when a PDC collection config file doesn't exist
+- name: "Debug PDC collection config file not found"
+ debug:
+ msg: "PDC collection config file not found at {{ chaincode.collections_config }}. Please verify the path and file contents."
+ when:
+ - chaincode.collections_config is defined
+ - check_file.stat.exists == false
+
+# Create value file for chaincode lifecycle
+- name: "Create value file for chaincode lifecycle"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/create/job_component"
+ vars:
+ name: "{{ org.name | lower }}"
+ type: "lifecycle_chaincode_job"
+ component_name: "{{ item.channel_name|lower }}-{{ peer.name }}{{ chaincode.name}}{{ chaincode.version }}-{{ chaincode.sequence | default('1') }}"
+ component_ns: "{{ org.name |lower }}-net"
+ peer_name: "{{ peer.name }}"
+ peer_address: "{{ peer.name }}.{{ org.name |lower }}-net:{{ peer.grpc.port }}"
+ git_protocol: "{{ org.gitops.git_protocol }}"
+ git_url: "{{ org.gitops.git_url }}"
+ git_branch: "{{ org.gitops.branch }}"
+ charts_dir: "{{ org.gitops.chart_source }}"
+ endorsers_list: "{{ endorsers }}"
+ vault: "{{ org.vault }}"
+ kubernetes: "{{ org.k8s }}"
+ values_dir: "{{ playbook_dir }}/../../../{{ org.gitops.component_dir }}/{{ org.name | lower }}"
+ pdc_config_content: "{{ lookup('file', '{{ chaincode.collections_config }}') | b64encode }}"
+ when:
+ - chaincode is defined
+ - chaincode.external_chaincode
+
+# Git Push : Push the above generated files to git directory
+- name: Git Push
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
+ vars:
+ GIT_DIR: "{{ playbook_dir }}/../../../"
+ gitops: "{{ org.gitops }}"
+ msg: "[ci skip] Pushing chaincode lifecycle files"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/channels/tasks/valuefile.yaml b/platforms/hyperledger-fabric/configuration/roles/create/channels/tasks/valuefile.yaml
index c9c94aa6bce..4dc44a8651c 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/channels/tasks/valuefile.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/channels/tasks/valuefile.yaml
@@ -74,7 +74,7 @@
channel_name: "{{item.channel_name}}"
component_ns: "{{ peer.name | lower}}-net"
peer_name: "{{ peer | json_query('peers[*].name') | first }}"
- peer_adress: "{{ peer | json_query('peers[*].peerAddress') | first }}"
+ peer_address: "{{ peer | json_query('peers[*].peerAddress') | first }}"
git_protocol: "{{ org.gitops.git_protocol }}"
git_url: "{{ org.gitops.git_url }}"
git_branch: "{{ org.gitops.branch }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/channels_join/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/channels_join/tasks/main.yaml
index 0fb48627fe6..2be04be5f93 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/channels_join/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/channels_join/tasks/main.yaml
@@ -16,7 +16,7 @@
loop_control:
loop_var: participant
when:
- - participant.org_status == 'new' or (participant.peerstatus is not defined or participant.peerstatus == 'new')
+ - participant.org_status == 'new' or (participant.org_status == 'existing' and participant.peers[0].peerstatus is defined)
# Call check for each peer
- name: Call check for each peer
@@ -30,4 +30,4 @@
loop_control:
loop_var: participant
when:
- - participant.org_status == 'new' or (participant.peerstatus is not defined or participant.peerstatus == 'new')
+ - participant.org_status == 'new' or (participant.org_status == 'existing' and participant.peers[0].peerstatus is defined)
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/cli_pod/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/cli_pod/tasks/main.yaml
new file mode 100644
index 00000000000..0ffe2e640be
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/cli_pod/tasks/main.yaml
@@ -0,0 +1,24 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+#############################################################################################
+# This role creates value file for Cli pods
+############################################################################################
+# CREATE CLI POD #
+############################################################################################
+#
+############################################################################################
+
+# Create values file for cli
+- name: Create values file for cli
+ include_tasks: valuefile.yaml
+ loop: "{{ peers }}"
+ loop_control:
+ loop_var: peer
+ when:
+ - peer.peerstatus is not defined or peer.peerstatus == 'new'
+ - peer.cli is defined
+ - peer.cli == "enabled"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/cli_pod/tasks/valuefile.yaml b/platforms/hyperledger-fabric/configuration/roles/create/cli_pod/tasks/valuefile.yaml
new file mode 100644
index 00000000000..c4548185e3b
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/create/cli_pod/tasks/valuefile.yaml
@@ -0,0 +1,69 @@
+# Set Variable existing_cli and existing_cli_dependency to empty
+- name: "Set Variables existing_cli and existing_cli_dependency to empty"
+ set_fact:
+ existing_cli: ""
+ existing_cli_dependency: ""
+
+# Check if pods are present or not
+- name: 'checking for job {{ component_name }} in {{ component_ns }}'
+ k8s_info:
+ kind: "Pod"
+ namespace: "{{ component_ns }}"
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ label_selectors:
+ - app = cli
+ - app.kubernetes.io/name={{ peer.name | lower}}
+ vars:
+ name: "cli"
+ kubernetes: "{{ org.k8s }}"
+ component_name: "{{ peer.name | lower}}-{{ org.name | lower }}"
+ component_ns: "{{ org.name | lower}}-net"
+ register: existing_cli_dependency
+
+# Check if pods are present or not
+- name: 'checking for job {{ component_name }} in {{ component_ns }}'
+ k8s_info:
+ kind: "Pod"
+ namespace: "{{ component_ns }}"
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ label_selectors:
+ - app = cli
+ - app.kubernetes.io/name={{ component_name }}
+ vars:
+ name: "cli"
+ kubernetes: "{{ org.k8s }}"
+ component_name: "{{ peer.name | lower}}-{{ org.name | lower }}"
+ component_ns: "{{ org.name | lower}}-net"
+ register: existing_cli
+
+# Create the value file
+- name: "Create Value file for CLI Pod"
+ include_role:
+ name: helm_component
+ vars:
+ name: "cli"
+ component: "{{ org.name | lower}}"
+ component_name: "{{ peer.name | lower}}-{{ org.name | lower}}"
+ orderer: "{{ network.orderers | first }}"
+ sc_name: "{{ component }}-bevel-storageclass"
+ component_ns: "{{ org.name | lower}}-net"
+ git_protocol: "{{ org.gitops.git_protocol }}"
+ git_url: "{{ org.gitops.git_url }}"
+ git_branch: "{{ org.gitops.branch }}"
+ vault: "{{ org.vault }}"
+ charts_dir: "{{ org.gitops.chart_source }}"
+ values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
+ type: "cli"
+ when:
+ - existing_cli.resources | length == 0 and existing_cli_dependency.resources | length == 0
+
+# Git Push : Push the above generated files to git directory
+- name: Git Push
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
+ vars:
+ GIT_DIR: "{{ playbook_dir }}/../../../"
+ gitops: "{{ org.gitops }}"
+ msg: "[ci skip] Pushing CLI value files"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/delete_org_script/templates/organisation_script.tpl b/platforms/hyperledger-fabric/configuration/roles/create/delete_org_script/templates/organisation_script.tpl
index 98a80400db7..7f4eea531fd 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/delete_org_script/templates/organisation_script.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/create/delete_org_script/templates/organisation_script.tpl
@@ -17,7 +17,7 @@ rm -r temp
echo "converting the channel_config_block.pb to channel_config.json using configtxlator and jq"
configtxlator proto_decode --input {{ channel_name }}_config_block.pb --type common.Block | jq .data.data[0].payload.data.config > {{ channel_name }}_config.json
echo "removing org from config.json"
-jq 'del(.channel_group.groups.Application.groups.{{ component_name }}MSP)' {{ channel_name }}_config.json > {{ channel_name }}_modified_config.json
+jq 'del(.channel_group.groups.Application.groups["{{ component_name }}MSP"])' {{ channel_name }}_config.json > {{ channel_name }}_modified_config.json
echo "converting the channel_config.json and channel_modified_config.json to .pb files"
configtxlator proto_encode --input {{ channel_name }}_config.json --type common.Config --output {{ channel_name }}_config.pb
configtxlator proto_encode --input {{ channel_name }}_modified_config.json --type common.Config --output {{ channel_name }}_modified_config.pb
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/external_chaincode_server/tasks/valuefile.yaml b/platforms/hyperledger-fabric/configuration/roles/create/external_chaincode_server/tasks/valuefile.yaml
index ef6cf56f167..2545b3d592b 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/external_chaincode_server/tasks/valuefile.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/external_chaincode_server/tasks/valuefile.yaml
@@ -51,7 +51,7 @@
name: k8_component
vars:
component_type_name: "{{ org.name | lower }}"
- component_type: "existing_peer_cli_job"
+ component_type: "existing_peer_cli_job"
component_name: "cli-{{ chaincode.name }}-{{ org.name }}-{{ peer.name }}"
peer_name: "{{ peer.name }}"
component_ns: "{{ org.name | lower }}-net"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_channel_creator.yaml b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_channel_creator.yaml
index 8047ee8bf28..231bde0d684 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_channel_creator.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/get_channel_creator.yaml
@@ -11,3 +11,7 @@
- name: Set Variable channel_name_value
include_tasks: valuefile.yaml
when: channel.osn_creator_org.name == org.name and '2.5.' in network.version
+
+- name: Set Variable channel_name_value
+ include_tasks: valuefile.yaml
+ when: add_new_org == 'true' and '2.5.' in network.version
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/main.yaml
index 633f6f1fcef..efd8b967869 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/main.yaml
@@ -27,7 +27,7 @@
name: "genesis"
release_namespace: "{{ org.name | lower }}-net"
state: absent
- when: genererate_configtx is defined and genererate_configtx == 'true'
+ when: generate_configtx is defined and generate_configtx == 'true'
# Fetch peers cetificates
- name: Fetch peers cetificates
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/valuefile.yaml b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/valuefile.yaml
index 5f73e8e82f7..cac60c86f98 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/valuefile.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/genesis/tasks/valuefile.yaml
@@ -12,7 +12,6 @@
vault: "{{ org.vault }}"
charts_dir: "{{ org.gitops.chart_source }}"
values_dir: "{{playbook_dir}}/../../../{{org.gitops.component_dir}}/{{ org.name | lower }}"
- generateGenisisBLock: "{{ generateGenisis }}"
add_org: "{{ add_new_org | default(false) }}"
# Git Push: Push the above generated files to git directory
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/new_orderer/create_syschannel_block/templates/syschannel_update_address_script.tpl b/platforms/hyperledger-fabric/configuration/roles/create/new_orderer/create_syschannel_block/templates/syschannel_update_address_script.tpl
index 100eb64d5b1..f1a38c5ad9c 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/new_orderer/create_syschannel_block/templates/syschannel_update_address_script.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/create/new_orderer/create_syschannel_block/templates/syschannel_update_address_script.tpl
@@ -17,7 +17,7 @@ rm -r temp
echo "converting the channel_config_block.pb to channel_config.json using configtxlator and jq"
configtxlator proto_decode --input {{ channel_name }}_config_block.pb --type common.Block | jq .data.data[0].payload.data.config > {{ channel_name }}_config.json
echo "adding new organization crypto material from config.json to the channel_config.json to make channel_modified_config.json"
-jq --argjson a "$(cat ./orderer)" '.channel_group.values.OrdererAddresses.value.addresses += $a' {{ channel_name }}_config.json > {{ channel_name }}_modified_config.json
+jq --argjson a "$(cat ./orderer)" '.channel_group.groups.Orderer.values.OrdererAddresses.value.addresses += $a' {{ channel_name }}_config.json > {{ channel_name }}_modified_config.json
echo "converting the channel_config.json and channel_modified_config.json to .pb files"
configtxlator proto_encode --input {{ channel_name }}_config.json --type common.Config --output {{ channel_name }}_config.pb
configtxlator proto_encode --input {{ channel_name }}_modified_config.json --type common.Config --output {{ channel_name }}_modified_config.pb
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/tasks/create_json.yaml b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/tasks/create_json.yaml
index 6279073dd69..d1e98fb1fd4 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/tasks/create_json.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/tasks/create_json.yaml
@@ -39,7 +39,7 @@
else
echo -n "{\"host\":\"{{ peer.peerAddress.split(":")[0] | to_json }}\",\"port\":{{ peer.peerAddress.split(":")[1] | to_json }}}" >> {{ build_path }}/channel-artifacts/{{ channel_name | lower}}-anchorfile.json
fi
- loop: "{{ org.services.peers }}"
+ loop: "{{ participant.peers }}"
loop_control:
loop_var: peer
when: peer.type == 'anchor'
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/tasks/main.yaml
index c7a2fb18e8b..9550dc8ed11 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/tasks/main.yaml
@@ -13,9 +13,7 @@
include_tasks: create_json.yaml
vars:
channel_name: "{{ channel.channel_name | lower }}"
- org_query: "organizations[?name=='{{participant.name}}']"
- component_ns: "{{ org.name | lower }}-net"
- org: "{{ network | json_query(org_query) | first }}"
+ component_ns: "{{ participant.name | lower }}-net"
loop: "{{ participants }}"
loop_control:
loop_var: participant
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/templates/organisation_script.tpl b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/templates/organisation_script.tpl
index 0558b25e0c2..e189e330c14 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/templates/organisation_script.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/create_block/templates/organisation_script.tpl
@@ -19,7 +19,7 @@ configtxlator proto_decode --input {{ channel_name }}_config_block.pb --type com
echo "adding new organization crypto material from config.json to the channel_config.json to make channel_modified_config.json"
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"{{ component_name }}MSP":.[1]}}}}}' {{ channel_name }}_config.json ./config.json > {{ channel_name }}_modified_config_without_anchorpeer.json
echo "adding anchor peer information to the block"
-jq '.channel_group.groups.Application.groups.{{ component_name }}MSP.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": ['$(cat ./anchorfile.json)']},"version": "0"}}' {{ channel_name }}_modified_config_without_anchorpeer.json > {{ channel_name }}_modified_config.json
+jq '.channel_group.groups.Application.groups["{{ component_name }}MSP"].values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": ['$(cat ./anchorfile.json)']},"version": "0"}}' {{ channel_name }}_modified_config_without_anchorpeer.json > {{ channel_name }}_modified_config.json
echo "converting the channel_config.json and channel_modified_config.json to .pb files"
configtxlator proto_encode --input {{ channel_name }}_config.json --type common.Config --output {{ channel_name }}_config.pb
configtxlator proto_encode --input {{ channel_name }}_modified_config.json --type common.Config --output {{ channel_name }}_modified_config.pb
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/create_block.yaml b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/create_block.yaml
index e058bf5efa3..3aba6e95efc 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/create_block.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/create_block.yaml
@@ -24,7 +24,7 @@
name: k8_component
vars:
component_type_name: "{{ participant.name }}"
- component_type: "existing_peer_cli_job"
+ component_type: "existing_peer_cli_job"
component_name: "cli-{{ channel_name }}-{{ org.name }}-{{ peer.name }}"
peer_name: "{{ peer.name }}"
vault: "{{ org.vault }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/sign_block.yaml b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/sign_block.yaml
index d88934de801..f21c8d3bd6a 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/sign_block.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/sign_block.yaml
@@ -24,7 +24,7 @@
name: k8_component
vars:
component_type_name: "{{ participant.name }}"
- component_type: "existing_peer_cli_job"
+ component_type: "existing_peer_cli_job"
component_name: "cli-{{ channel_name }}-{{ org.name }}-{{ peer.name }}"
peer_name: "{{ peer.name }}"
vault: "{{ org.vault }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/update_block.yaml b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/update_block.yaml
index c1a91034243..86fa71f8db3 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/update_block.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/new_organization/orderer_org/appchannel/tasks/update_block.yaml
@@ -24,7 +24,7 @@
name: k8_component
vars:
component_type_name: "{{ participant.name }}"
- component_type: "existing_peer_cli_job"
+ component_type: "existing_peer_cli_job"
component_name: "cli-{{ channel_name }}-{{ org.name }}-{{ peer.name }}"
peer_name: "{{ peer.name }}"
vault: "{{ org.vault }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/new_peer/update_block/tasks/nested_create_cli.yaml b/platforms/hyperledger-fabric/configuration/roles/create/new_peer/update_block/tasks/nested_create_cli.yaml
index 6c228c61640..ca6602fbba6 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/new_peer/update_block/tasks/nested_create_cli.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/new_peer/update_block/tasks/nested_create_cli.yaml
@@ -14,7 +14,8 @@
name: k8_component
vars:
component: "{{ participant.name | lower }}"
- component_type: "existing_peer_cli_job"
+ component_type: "existing_peer_cli_job"
+ storage_class: "{{ org.name }}-bevel-storageclass"
component_name: "{{ peer.name | lower}}-cli"
orderer: "{{ network.orderers | first }}"
component_ns: "{{ participant.name | lower}}-net"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/new_peer/update_block/templates/add_peer.tpl b/platforms/hyperledger-fabric/configuration/roles/create/new_peer/update_block/templates/add_peer.tpl
index 26184018dd7..cf26fc523cf 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/new_peer/update_block/templates/add_peer.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/create/new_peer/update_block/templates/add_peer.tpl
@@ -17,7 +17,7 @@ rm -r temp
echo "converting the channel_config_block.pb to channel_config.json using configtxlator and jq"
configtxlator proto_decode --input {{ channel_name }}_config_block.pb --type common.Block | jq .data.data[0].payload.data.config > {{ channel_name }}_config.json
echo "adding anchor peer information to the block"
-jq '.channel_group.groups.Application.groups.{{ component_name }}MSP.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": ['$(cat ./anchorfile.json)']},"version": "0"}}' {{ channel_name }}_config.json > {{ channel_name }}_modified_config.json
+jq '.channel_group.groups.Application.groups["{{ component_name }}MSP"].values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": ['$(cat ./anchorfile.json)']},"version": "0"}}' {{ channel_name }}_config.json > {{ channel_name }}_modified_config.json
echo "converting the channel_config.json and channel_modified_config.json to .pb files"
configtxlator proto_encode --input {{ channel_name }}_config.json --type common.Config --output {{ channel_name }}_config.pb
configtxlator proto_encode --input {{ channel_name }}_modified_config.json --type common.Config --output {{ channel_name }}_modified_config.pb
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/main.yaml
index ce97fb2a3a9..952fc903e83 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/orderers/tasks/main.yaml
@@ -8,18 +8,6 @@
# This role creates value file for zkKafka and orderer
#############################################################################################
-# Check if CA server is available
-- name: "waiting for the CA server to be created in {{ org.name | lower }}-net"
- include_role:
- name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
- vars:
- component_type: "Pod"
- namespace: "{{ org.name | lower }}-net"
- component_name: "{{ component_services.ca.name }}"
- label_selectors:
- - app = {{ component_name }}
- when: add_peer is not defined or add_peer != 'true'
-
# Set Variable first_orderer
- name: "Set Variable first_orderer"
set_fact:
@@ -52,8 +40,8 @@
sc_name: "{{ org_name }}-bevel-storageclass"
component_name: "zkkafka"
type: "zkkafka"
- consensus: "{{component_services.consensus}}"
- when: component_services.consensus.name == 'kafka' and component_services.consensus is defined
+ consensus: "{{network.consensus}}"
+ when: network.consensus == 'kafka'
# Create the value file for the Orderers as per requirements mentioned in network.yaml
- name: "create orderers"
@@ -64,14 +52,14 @@
org_name: "{{ org.name | lower }}"
component_name: "{{ orderer.name | lower }}"
type: "orderers"
- consensus: "{{component_services.consensus}}"
+ consensus: "{{network.consensus}}"
component_subject: "{{ org.subject | quote }}"
create_configmaps: "{{ true if first_orderer == orderer.name and (add_orderer is not defined or add_orderer == 'false') else false }}"
loop: "{{ component_services.orderers }}"
loop_control:
loop_var: orderer
when:
- - component_services.orderers is defined and component_services.consensus is defined
+ - component_services.orderers is defined
- orderer.status is not defined or orderer.status == 'new'
# Git Push: Push the above generated files to git directory
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/osnchannels/tasks/valuefile.yaml b/platforms/hyperledger-fabric/configuration/roles/create/osnchannels/tasks/valuefile.yaml
index 1dda43bf5e3..86984a83cd9 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/osnchannels/tasks/valuefile.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/osnchannels/tasks/valuefile.yaml
@@ -77,7 +77,7 @@
existingOrdererAddress: "{{ existing_orderer.uri }}"
orderers_list: "{{ org.services.orderers }}"
first_orderer: "{{ org.services.orderers | first }}"
- values_dir: "{{playbook_dir}}/../../../{{org.gitops.release_dir}}/{{ org.name | lower }}"
+ values_dir: "{{playbook_dir}}/../../../{{org.gitops.component_dir}}/{{ org.name | lower }}"
add_orderer_value: "{{ add_orderer | default('false') }}"
external_url_suffix: "{{ org.external_url_suffix }}"
when: add_orderer is defined and add_orderer == 'true'
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/nested_main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/nested_main.yaml
index 907332b1933..9888e6636d0 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/nested_main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/nested_main.yaml
@@ -2,8 +2,8 @@
- name: Remove existing value file for {{ peer.name }}
shell: |
rm -f {{ values_dir }}/{{ org.name | lower }}/values-{{ peer.name }}.yaml
- when:
- - add_peer is not defined or add_peer == 'false'
+ when:
+ - add_peer is not defined or add_peer == 'false'
# Create the certs directory if it does not exist
- name: Create the certs directory if it does not exist
@@ -16,8 +16,8 @@
shell: |
cat {{ peer.configpath }} > {{playbook_dir}}/../../../{{ charts_dir }}/fabric-peernode/conf/default_core.yaml
register: core_yaml_file
- when:
- - peer.configpath is defined
+ when:
+ - peer.configpath is defined
# Get orderer tls cacert from configmap
- name: check crypto scripts already exists
@@ -29,7 +29,7 @@
register: crypto_scripts_data
# Get orderer tls cacert from configmap
-- name: Get orderer tls cacert from config map
+- name: Get orderer tls cacert from config map
kubernetes.core.k8s_info:
kubeconfig: "{{ kubernetes.config_file }}"
kind: ConfigMap
@@ -49,19 +49,25 @@
namespace: "{{ org.name | lower }}-net"
data:
cacert: "{{ tls_cert_data.resources[0].data['cacert'] }}"
- when: org.orderer_org != org.name
+ when:
+ - org.orderer_org != org.name
+ - tls_cert_data.resources is defined
+ - tls_cert_data.resources | length > 0
-# Set Variable sc_name
-- name: "Set Variable sc_name"
- set_fact:
- sc_name: "storage-{{ peer.name }}"
-
-- name: Get information about StorageClasses
- kubernetes.core.k8s_info:
- kind: StorageClass
- api_version: storage.k8s.io/v1
- namespace: default
- register: storage_classes_info
+- name: Create new ConfigMap with orderer certificate from local folder
+ kubernetes.core.k8s:
+ kubeconfig: "{{ kubernetes.config_file }}"
+ definition:
+ apiVersion: v1
+ kind: ConfigMap
+ metadata:
+ name: "{{ peer.name }}-orderer-tls-cacert"
+ namespace: "{{ org.name | lower }}-net"
+ data:
+ cacert: "{{ lookup('file', '{{ first_orderer.certificate }}')}}"
+ when:
+ - org.orderer_org != org.name
+ - tls_cert_data.failed or tls_cert_data.resources | length == 0
# Create Value files for Organization Peers
- name: Create Value files for Organization Peers
@@ -78,7 +84,6 @@
user_list: "{{ org.users | default('') }}"
add_peer_value: "{{ add_peer | default('false') }}"
enabled_cli: "{{ true if peer.cli == 'enabled' else false }}"
- sc_enabled: "{{ false if storage_classes_info.resources | selectattr('metadata.name', 'equalto', sc_name) | list else true }}"
create_configmaps: "{{ true if (first_peer == peer.name) and (crypto_scripts_data.resources | length == 0) else false }}"
- when:
- - peer.peerstatus is not defined or peer.peerstatus == 'new'
+ when:
+ - peer.peerstatus is not defined or peer.peerstatus == 'new'
diff --git a/platforms/hyperledger-fabric/configuration/roles/delete/vault_secrets/meta/main.yaml b/platforms/hyperledger-fabric/configuration/roles/delete/vault_secrets/meta/main.yaml
index c66bdf6daaa..de2d756af4e 100644
--- a/platforms/hyperledger-fabric/configuration/roles/delete/vault_secrets/meta/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/delete/vault_secrets/meta/main.yaml
@@ -12,12 +12,3 @@ dependencies:
os: "{{ install_os }}"
arch: "{{ install_arch }}"
bin_directory: "{{ bin_install_dir }}"
- - role: "{{playbook_dir}}/../../shared/configuration/roles/setup/aws-auth"
- vars:
- aws_authenticator:
- os: "{{ install_os }}"
- arch: "{{ install_arch }}"
- bin_directory: "{{ bin_install_dir }}"
- kubeconfig_path: "{{ item.k8s.config_file }}"
- kubecontext: "{{ item.k8s.context }}"
- when: "item.cloud_provider == 'aws'"
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-server.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-server.tpl
index c21506f4ce5..32161823ce0 100644
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-server.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/ca-server.tpl
@@ -37,11 +37,9 @@ spec:
externalUrlSuffix: {{ org.external_url_suffix }}
storage:
+ enabled: false
+ nameOverride: {{ sc_name }}
size: 512Mi
- reclaimPolicy: "Delete"
- volumeBindingMode: Immediate
- allowedTopologies:
- enabled: false
image:
alpineUtils: {{ docker_url }}/bevel-alpine:{{ bevel_alpine_version }}
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cli.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cli.tpl
index fd026cdc278..4310dadd87c 100644
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cli.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/cli.tpl
@@ -27,9 +27,9 @@ spec:
type: hashicorp
network: fabric
address: {{ vault.url }}
- authPath: {{ network.env.type }}{{ component }}
+ authPath: {{ network.env.type }}{{ org.name | lower }}
secretEngine: {{ vault.secret_path | default("secretsv2") }}
- secretPrefix: "data/{{ network.env.type }}{{ component }}"
+ secretPrefix: "data/{{ network.env.type }}{{ org.name | lower }}"
role: vault-role
tls: false
@@ -43,7 +43,7 @@ spec:
{% endif %}
peerName: {{ peer.name }}
- storageClass: storage-{{ peer.name }}
+ storageClass: {{ sc_name }}
storageSize: 256Mi
localMspId: {{ org.name | lower}}MSP
tlsStatus: true
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/install_external_chaincode_job.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/install_external_chaincode_job.tpl
index df53012860b..32982b81789 100644
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/install_external_chaincode_job.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/install_external_chaincode_job.tpl
@@ -1,13 +1,13 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
- name: {{ component_name }}
- namespace: {{ name | lower | e }}-net
+ name: {{ component_name | replace('_','-') }}
+ namespace: {{ namespace }}
annotations:
fluxcd.io/automated: "false"
spec:
interval: 1m
- releaseName: {{ component_name }}
+ releaseName: {{ component_name | replace('_','-') }}
chart:
spec:
interval: 1m
@@ -15,40 +15,68 @@ spec:
kind: GitRepository
name: flux-{{ network.env.type }}
namespace: flux-{{ network.env.type }}
- chart: {{ charts_dir }}/fabric-external-chaincode-install
+ chart: {{ charts_dir }}/fabric-external-chaincode
values:
- metadata:
- namespace: {{ namespace }}
- network:
- version: {{ network.version }}
- images:
- fabrictools: {{ docker_url }}/{{ fabric_tools_image[network.version] }}
- alpineutils: {{ docker_url }}/{{ alpine_image }}
+ global:
+ version: {{ network.version }}
+ serviceAccountName: vault-auth
+ cluster:
+ provider: {{ org.cloud_provider }}
+ cloudNativeServices: false
+ vault:
+ type: hashicorp
+ network: fabric
+ address: {{ vault.url }}
+ authPath: {{ network.env.type }}{{ name }}
+ secretEngine: {{ vault.secret_path | default("secretsv2") }}
+ secretPrefix: "data/{{ network.env.type }}{{ name }}"
+ role: vault-role
+ tls: false
+ proxy:
+ provider: {{ network.env.proxy | quote }}
+ externalUrlSuffix: {{ org.external_url_suffix }}
+
+ certs:
+ refreshCertValue: false
+ orgData:
+{% if network.env.proxy == 'none' %}
+ caAddress: ca.{{ namespace }}:7054
+{% else %}
+ caAddress: ca.{{ namespace }}.{{ org.external_url_suffix }}
+{% endif %}
+ caAdminUser: {{ name }}-admin
+ caAdminPassword: {{ name }}-adminpw
+ orgName: {{ name }}
+ type: peer
+ componentSubject: "{{ component_subject | quote }}"
+
+ image:
+ alpineUtils: {{ docker_url }}/bevel-alpine:latest
+ catools: {{ docker_url }}/bevel-fabric-ca:latest
+ fabrictools: {{ docker_url }}/bevel-fabric-tools
+ external_chaincode: {{ component_chaincode.image }}
+{% if network.docker.username is defined and network.docker.password is defined %}
+ pullSecret: regcred
+{% else %}
+ pullSecret: ""
+{% endif %}
peer:
name: {{ peer_name }}
address: {{ peer_address }}
- localmspid: {{ name }}MSP
- loglevel: debug
- tlsstatus: true
- vault:
- role: vault-role
- address: {{ vault.url }}
- authpath: {{ item.k8s.cluster_id | default('')}}{{ network.env.type }}{{ item.name | lower }}
- chaincodesecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/peerOrganizations/{{ namespace }}/peers/{{ peer_name }}.{{ namespace }}/chaincodes
- adminsecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/peerOrganizations/{{ namespace }}/users/admin
- orderersecretprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/peerOrganizations/{{ namespace }}/orderer
- serviceaccountname: vault-auth
- type: {{ vault.type | default("hashicorp") }}
-{% if network.docker.username is defined and network.docker.password is defined %}
- imagesecretname: regcred
-{% else %}
- imagesecretname: ""
-{% endif %}
- secretgitprivatekey: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/credentials/{{ namespace }}/git?git_password
- tls: false
- chaincodepackageprefix: {{ vault.secret_path | default('secretsv2') }}/data/{{ item.name | lower }}/peerOrganizations/{{ namespace }}/chaincodes/{{ component_chaincode.name | lower | e }}/package/v{{ component_chaincode.version }}
+ localMspId: {{ name }}MSP
+ logLevel: info
+ tlsStatus: true
+
chaincode:
- name: {{ component_chaincode.name | lower | e }}
+ name: {{ component_chaincode.name }}
version: {{ component_chaincode.version }}
tls: {{ component_chaincode.tls }}
- address: cc-{{ component_chaincode.name | lower | e }}.{{ namespace }}.svc.cluster.local:7052
+ crypto_mount_path: "/crypto"
+{% if org.services.peers | length > 1 and peer_name != org.services.peers[0].name %}
+ address: {{ org.services.peers[0].name }}-{{ component_chaincode.name }}-{{ chaincode.version | replace('.','-')}}.{{ namespace }}:7052
+{% endif %}
+ serviceType: ClusterIP
+ port: 7052
+ healthCheck:
+ retries: 20
+ sleepTimeAfterError: 15
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/orderernode.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/orderernode.tpl
index d1dffb9f42e..40aa50fb2ba 100644
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/orderernode.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/orderernode.tpl
@@ -37,11 +37,9 @@ spec:
externalUrlSuffix: {{ org.external_url_suffix }}
storage:
+ enabled: false
+ nameOverride: {{ sc_name }}
size: 512Mi
- reclaimPolicy: "Delete"
- volumeBindingMode:
- allowedTopologies:
- enabled: false
certs:
generateCertificates: true
@@ -74,7 +72,7 @@ spec:
{% endif %}
orderer:
- consensus: {{ orderer.consensus }}
+ consensus: {{ network.consensus }}
logLevel: info
localMspId: {{ org_name }}MSP
tlsStatus: true
@@ -96,17 +94,6 @@ spec:
requests:
memory: 512M
cpu: 0.25
-
-{% if orderer.consensus == 'kafka' %}
- kafka:
- readinessCheckInterval: 10
- readinessThresHold: 10
- brokers:
-{% for i in range(consensus.replicas) %}
- - {{ consensus.name }}-{{ i }}.{{ consensus.type }}.{{ namespace }}.svc.cluster.local:{{ consensus.grpc.port }}
-{% endfor %}
-{% endif %}
-
healthCheck:
retries: 10
sleepTimeAfterError: 15
diff --git a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/value_peer.tpl b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/value_peer.tpl
index dcb470f3726..db6ffe9de86 100755
--- a/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/value_peer.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/helm_component/templates/value_peer.tpl
@@ -37,13 +37,10 @@ spec:
externalUrlSuffix: {{ org.external_url_suffix }}
storage:
- enabled: {{ sc_enabled }}
+ enabled: false
+ nameOverride: {{ sc_name }}
peer: 512Mi
couchdb: 512Mi
- reclaimPolicy: "Delete"
- volumeBindingMode: Immediate
- allowedTopologies:
- enabled: false
certs:
generateCertificates: true
@@ -76,7 +73,7 @@ spec:
image:
couchdb: {{ docker_url }}/{{ couchdb_image }}
- peer: {{ docker_url }}/{{ peer_image }}
+ peer: hyperledger/fabric-peer
alpineUtils: {{ docker_url }}/bevel-alpine:{{ bevel_alpine_version }}
{% if network.docker.username is defined and network.docker.password is defined %}
pullSecret: regcred
@@ -90,6 +87,7 @@ spec:
localMspId: {{ name }}MSP
tlsStatus: true
cliEnabled: {{ enabled_cli }}
+ storageClass: {{ sc_name }}
ordererAddress: {{ orderer.uri }}
builder: hyperledger/fabric-ccenv
couchdb:
diff --git a/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/existing_peer_cli.tpl b/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/existing_peer_cli.tpl
index b8f0d60bffe..00b757aaa6f 100644
--- a/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/existing_peer_cli.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/existing_peer_cli.tpl
@@ -8,9 +8,9 @@ global:
type: hashicorp
network: fabric
address: {{ vault.url }}
- authPath: {{ network.env.type }}{{ component }}
+ authPath: {{ network.env.type }}{{ org.name | lower }}
secretEngine: {{ vault.secret_path | default("secretsv2") }}
- secretPrefix: "data/{{ network.env.type }}{{ component }}"
+ secretPrefix: "data/{{ network.env.type }}{{ org.name | lower }}"
role: vault-role
tls: false
@@ -24,14 +24,18 @@ image:
{% endif %}
peerName: {{ peer.name }}
-storageClass: storage-{{ peer.name }}
+storageClass: {{ storage_class }}
storageSize: 256Mi
localMspId: {{ org.name | lower}}MSP
tlsStatus: true
ports:
grpc:
clusterIpPort: {{ peer.grpc.port }}
+{% if orderer is defined %}
ordererAddress: {{ orderer.uri }}
+{% elif participant is defined %}
+ordererAddress: {{ participant.ordererAddress }}
+{% endif %}
{% if network.env.labels is defined %}
labels:
diff --git a/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/orderer_cli.tpl b/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/orderer_cli.tpl
index d245c2fa8ba..d57fe2a32b8 100644
--- a/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/orderer_cli.tpl
+++ b/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/orderer_cli.tpl
@@ -8,9 +8,9 @@ global:
type: hashicorp
network: fabric
address: {{ vault.url }}
- authPath: {{ network.env.type }}{{ component }}
+ authPath: {{ network.env.type }}{{ org.name | lower }}
secretEngine: {{ vault.secret_path | default("secretsv2") }}
- secretPrefix: "data/{{ network.env.type }}{{ component }}"
+ secretPrefix: "data/{{ network.env.type }}{{ org.name | lower }}"
role: vault-role
tls: false
@@ -24,7 +24,7 @@ image:
{% endif %}
peerName: {{ orderer.name }}
-storageClass: storage-{{ orderer.name }}
+storageClass: {{ storage_class }}
storageSize: 256Mi
localMspId: {{ org.name | lower}}MSP
tlsStatus: true
diff --git a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/get_new_org_data_v2.yaml b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/get_new_org_data_v2.yaml
new file mode 100644
index 00000000000..161e57ae94d
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/get_new_org_data_v2.yaml
@@ -0,0 +1,11 @@
+- name: Ensure channel-artifacts directory exists
+ file:
+ path: "{{ build_path }}/channel-artifacts"
+ state: directory
+ mode: '0755'
+- name: Save new org data file locally
+ copy:
+ src: "{{ org_new.new_data }}"
+ dest: "{{ build_path }}/channel-artifacts/{{ channel_name | lower }}.json"
+ mode: '0644'
+ become: false
diff --git a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/main.yaml
index 02d6e431dab..641e9810e7c 100644
--- a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/main.yaml
@@ -20,7 +20,7 @@
loop: "{{ participants }}"
loop_control:
loop_var: participant
- when: participant.type == 'creator'
+ when: participant.org_status == 'existing'
# Start the cli, configure and download the configuration block
- name: Call nested_fetch_role for the peer
@@ -37,4 +37,4 @@
loop: "{{ participants }}"
loop_control:
loop_var: participantx
- when: participantx.type == 'creator'
+ when: participantx.org_status == 'existing'
diff --git a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/nested_create_cli.yaml b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/nested_create_cli.yaml
index 6c228c61640..bde92f39f2d 100644
--- a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/nested_create_cli.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/nested_create_cli.yaml
@@ -14,7 +14,8 @@
name: k8_component
vars:
component: "{{ participant.name | lower }}"
- component_type: "existing_peer_cli_job"
+ component_type: "existing_peer_cli_job"
+ storage_class: "{{ org.name }}-bevel-storageclass"
component_name: "{{ peer.name | lower}}-cli"
orderer: "{{ network.orderers | first }}"
component_ns: "{{ participant.name | lower}}-net"
diff --git a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/nested_fetch_role.yaml b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/nested_fetch_role.yaml
index 83ac054c310..88dd0fbc6c8 100644
--- a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/nested_fetch_role.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/fetch/tasks/nested_fetch_role.yaml
@@ -42,16 +42,22 @@
# Start the cli, configure and download the configuration block
- name: Call nested_fetch_role for the peer
- include_tasks: get_new_org_data.yaml
+ include_tasks: get_new_org_data_v2.yaml
vars:
- org_name: "{{ org.name | lower }}"
- loop: "{{ network['organizations'] }}"
+ org_name: "{{ org_new.name | lower }}"
+ loop: "{{ participants }}"
loop_control:
- loop_var: org
- when: org.org_status == 'new'
+ loop_var: org_new
+ when: org_new.org_status == 'new'
+
+# Check if channel block0 file exists
+- name: Check if the channel_block0_fetched file exists
+ stat:
+ path: "./build/{{ channel_name | lower }}_block0_fetched"
+ register: block0_file
# Fetch the config block from blockchain by executing the create_block.sh script file
-# from first peer of creator cli
+# from the peer of first approving org
- name: Fetch and copy the configuration block from the blockchain
shell: |
export PEER_CLI=$(KUBECONFIG={{ org.k8s.config_file }} kubectl get po -n {{ org.name }}-net | grep "cli" | head -n 1 | awk '{print $1}')
@@ -62,7 +68,9 @@
KUBECONFIG={{ kubernetes.config_file }} kubectl exec -n {{ org.name }}-net ${PEER_CLI} -- chmod 777 ./create_block.sh
KUBECONFIG={{ kubernetes.config_file }} kubectl exec -n {{ org.name }}-net ${PEER_CLI} -- sh ./create_block.sh
KUBECONFIG={{ kubernetes.config_file }} kubectl cp {{ org.name }}-net/${PEER_CLI}:/opt/gopath/src/github.com/hyperledger/fabric/peer/{{ channel_name | lower }}_update_in_envelope.pb ./build/{{ channel_name | lower}}_config_block.pb
+ touch ./build/{{ channel_name | lower }}_block0_fetched
environment:
ORDERER_CA: "/opt/gopath/src/github.com/hyperledger/fabric/orderer/tls/orderer.crt"
vars:
kubernetes: "{{ org.k8s }}"
+ when: not block0_file.stat.exists
diff --git a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/main.yaml
index 271065a01ef..621587ad3f3 100644
--- a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/main.yaml
@@ -37,7 +37,7 @@
channel_name: "{{ item.channel_name | lower }}"
org_query: "organizations[?name=='{{participant.name}}']"
org: "{{ network | json_query(org_query) | first }}"
- peer: "{{ participant.peers | first }}"
+ peer: "{{ org.services.peers | first }}"
config_block: "{{ item.channel_name | lower }}_config_block.pb"
loop: "{{ participants }}"
loop_control:
@@ -55,7 +55,7 @@
channel_name: "{{ item.channel_name | lower }}"
org_query: "organizations[?name=='{{participant.name}}']"
org: "{{ network | json_query(org_query) | first }}"
- peer: "{{ participant.peers | first }}"
+ peer: "{{ org.services.peers | first }}"
config_block: "{{ item.channel_name | lower }}_config_block.pb"
loop: "{{ participants }}"
loop_control:
diff --git a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/nested_sign_and_update.yaml b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/nested_sign_and_update.yaml
index 5612de8e671..4c135bd0235 100644
--- a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/nested_sign_and_update.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/nested_sign_and_update.yaml
@@ -30,15 +30,14 @@
peer_name: "{{ peer.name }}"
component_ns: "{{ participant.name | lower}}-net"
vault: "{{ org.vault }}"
- channel_name: "{{ channel_name }}"
storage_class: "{{ participant.name | lower }}-bevel-storageclass"
- release_dir: "./build"
+ release_dir: "./build/{{ participant.name }}"
when: existing_cli.resources|length == 0
# Start the cli with valuefile generated above
- name: "Start cli {{peer.name}}-{{ org.name }}"
shell: |
- KUBECONFIG={{ org.k8s.config_file }} helm upgrade --install -f ./build/{{ participant.name }}/existing_peer_cli_job.yaml {{ peer.name }}-{{ participant.name }}-cli {{playbook_dir}}/../../../{{org.gitops.chart_source}}/fabric-cli
+ KUBECONFIG={{ org.k8s.config_file }} helm upgrade --install -n {{ participant.name | lower}}-net -f ./build/{{ participant.name }}/existing_peer_cli_job.yaml {{ peer.name }}-{{ participant.name }}-cli {{playbook_dir}}/../../../{{org.gitops.chart_source}}/fabric-cli
when: existing_cli.resources|length == 0
# Wait for fabric cli
@@ -70,5 +69,5 @@
# Delete the cli
- name: "Delete cli {{ peer.name }}-{{ participant.name }}-cli"
shell: |
- KUBECONFIG={{ org.k8s.config_file }} helm uninstall {{ peer.name }}-{{ participant.name }}-cli
+ KUBECONFIG={{ org.k8s.config_file }} helm uninstall {{ peer.name }}-{{ participant.name }}-cli -n {{ participant.name | lower }}-net
when: existing_cli.resources|length == 0
diff --git a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/nested_update_channel.yaml b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/nested_update_channel.yaml
index bb7952ac617..7a3a49ee1ba 100644
--- a/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/nested_update_channel.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/setup/config_block/sign_and_update/tasks/nested_update_channel.yaml
@@ -54,6 +54,13 @@
retries: 5
delay: 10
+# Delete the build folder if channel update is successful
+- name: Delete the build folder
+ ansible.builtin.file:
+ path: ./build
+ state: absent
+ when: update_channel is succeeded
+
# Delete the cli
- name: "Delete cli {{ peer.name }}-{{ participant.name }}-cli"
shell: |
diff --git a/platforms/hyperledger-fabric/configuration/roles/upgrade/orderer-binary/tasks/create_orderer_value.yaml b/platforms/hyperledger-fabric/configuration/roles/upgrade/orderer-binary/tasks/create_orderer_value.yaml
index e8bfbb1d6e7..9355418e3fa 100755
--- a/platforms/hyperledger-fabric/configuration/roles/upgrade/orderer-binary/tasks/create_orderer_value.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/upgrade/orderer-binary/tasks/create_orderer_value.yaml
@@ -17,7 +17,7 @@
org_name: "{{ item.name | lower }}"
component_name: "{{ orderer.name }}-{{ org_name }}"
type: "orderers"
- consensus: "{{ component_services.consensus }}"
+ consensus: "{{ network.consensus }}"
genesis: "{{ lookup('file', '{{ build_path }}/channel-artifacts/{{ channel_name }}.genesis.block.base64') }}"
# Git Status : check if there is any files modified in the directory
diff --git a/platforms/hyperledger-fabric/configuration/roles/upgrade/orderer-binary/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/upgrade/orderer-binary/tasks/main.yaml
index 95c8ddcdf0a..7d1e36c7e14 100755
--- a/platforms/hyperledger-fabric/configuration/roles/upgrade/orderer-binary/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/upgrade/orderer-binary/tasks/main.yaml
@@ -44,4 +44,4 @@
loop_control:
loop_var: orderer
when:
- - component_services.orderers is defined and component_services.consensus is defined
+ - component_services.orderers is defined and network.consensus is defined
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-peer.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-peer.yaml
index e685430c84e..4dc855c75a9 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-peer.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabric-add-peer.yaml
@@ -35,8 +35,7 @@ network:
password: "docker_password"
# Remote connection information for orderer (will be blank or removed for orderer hosting organization)
- consensus:
- name: raft
+ consensus: raft
orderers:
- orderer:
type: orderer
@@ -288,9 +287,6 @@ network:
grpc:
port: 7054
- consensus:
- name: raft
-
orderers:
# This sample has multiple orderers as an example.
# You can use a single orderer for most production implementations.
@@ -298,21 +294,18 @@ network:
- orderer:
name: orderer1
type: orderer
- consensus: raft
grpc:
port: 7050
ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer2
type: orderer
- consensus: raft
grpc:
port: 7050
ordererAddress: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer3
type: orderer
- consensus: raft
grpc:
port: 7050
ordererAddress: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml
index 32ab46dde13..99deea0abe3 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml
@@ -41,8 +41,7 @@ network:
# Remote connection information for orderer (will be blank or removed for orderer hosting organization)
# For RAFT consensus, have odd number (2n+1) of orderers for consensus agreement to have a majority.
- consensus:
- name: raft
+ consensus: raft
orderers:
- orderer:
type: orderer
@@ -65,6 +64,8 @@ network:
consortium: SupplyChainConsortium
channel_name: AllChannel
channel_status: new
+ osn_creator_org: # Organization name, whose orderers will create the channel. This field is only used with version 2.5
+ name: supplychain
chaincodes:
- "assettransfer"
orderers:
@@ -114,25 +115,16 @@ network:
# Only one peer per org required for endorsement
- organization:
name: carrier
- peers:
- - peer:
- name: peer0
- corepeerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443
- certificate: "/home/bevel/build/carrier/server.crt" # certificate path for peer
+ corepeerAddress: peer0.carrier-net.org3proxy.blockchaincloudpoc.com:443
+ certificate: "/home/bevel/build/carrier/server.crt" # certificate path for peer
- organization:
name: warehouse
- peers:
- - peer:
- name: peer0
- corepeerAddress: peer0.warehouse-net.hf.demo.aws.blockchaincloudpoc.com:443
- certificate: "/home/bevel/build/warehouse/server.crt" # certificate path for peer
+ corepeerAddress: peer0.warehouse-net.hf.demo.aws.blockchaincloudpoc.com:443
+ certificate: "/home/bevel/build/warehouse/server.crt" # certificate path for peer
- organization:
name: manufacturer
- peers:
- - peer:
- name: peer0
- corepeerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
- certificate: "/home/bevel/build/manufacturer/server.crt" # certificate path for peer
+ corepeerAddress: peer0.manufacturer-net.org2proxy.blockchaincloudpoc.com:443
+ certificate: "/home/bevel/build/manufacturer/server.crt" # certificate path for peer
# Allows specification of one or many organizations that will be connecting to a network.
# If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
@@ -194,27 +186,22 @@ network:
type: ca
grpc:
port: 7054
- consensus:
- name: raft
orderers:
# This sample has multiple orderers as an example.
# You can use a single orderer for most production implementations.
- orderer:
name: orderer1
type: orderer
- consensus: raft
grpc:
port: 7050
- orderer:
name: orderer2
type: orderer
- consensus: raft
grpc:
port: 7050
- orderer:
name: orderer3
type: orderer
- consensus: raft
grpc:
port: 7050
@@ -308,10 +295,11 @@ network:
init_required: false
tls: true
upgrade_chaincode: false
- buildpack_path: /home/fabric-samples/asset-transfer-basic/chaincode-external/sampleBuilder # The path where buildpacks are locally stored
image: ghcr.io/hyperledger/bevel-samples-example:1.0
- arguments: '\"InitLedger\",\"\"' # Init Arguments to be passed which will mark chaincode as init-required
+ arguments: "InitLedger,[]" # Init Arguments to be passed which will mark chaincode as init-required
crypto_mount_path: /crypto # OPTIONAL | tls: true | Path where crypto shall be mounted for the chaincode server
+ endorsements: "OR('warehouseMSP.member')" #Endorsements (if any) provided along with the chaincode
+ collections_config: "/home/bevel/platforms/hyperledger-fabric/configuration/collections/collections_config_v1.json"
- organization:
name: carrier
@@ -400,10 +388,11 @@ network:
init_required: false
tls: true
upgrade_chaincode: false
- buildpack_path: /home/fabric-samples/asset-transfer-basic/chaincode-external/sampleBuilder # The path where buildpacks are locally stored
image: ghcr.io/hyperledger/bevel-samples-example:1.0
- arguments: '\"InitLedger\",\"\"' # Init Arguments to be passed which will mark chaincode as init-required
+ arguments: "InitLedger,[]" # Init Arguments to be passed which will mark chaincode as init-required
crypto_mount_path: /crypto # OPTIONAL | tls: true | Path where crypto shall be mounted for the chaincode server
+ endorsements: "OR('warehouseMSP.member')" #Endorsements (if any) provided along with the chaincode
+ collections_config: "/home/bevel/platforms/hyperledger-fabric/configuration/collections/collections_config_v1.json"
- organization:
name: store
@@ -492,10 +481,11 @@ network:
init_required: false
tls: true
upgrade_chaincode: false
- buildpack_path: /home/fabric-samples/asset-transfer-basic/chaincode-external/sampleBuilder # The path where buildpacks are locally stored
image: ghcr.io/hyperledger/bevel-samples-example:1.0
- arguments: '\"InitLedger\",\"\"' # Init Arguments to be passed which will mark chaincode as init-required
+ arguments: "InitLedger,[]" # Init Arguments to be passed which will mark chaincode as init-required
crypto_mount_path: /crypto # OPTIONAL | tls: true | Path where crypto shall be mounted for the chaincode server
+ endorsements: "OR('warehouseMSP.member')" #Endorsements (if any) provided along with the chaincode
+ collections_config: "/home/bevel/platforms/hyperledger-fabric/configuration/collections/collections_config_v1.json"
- organization:
name: warehouse
country: US
@@ -577,7 +567,8 @@ network:
init_required: false
tls: true
upgrade_chaincode: false
- buildpack_path: /home/fabric-samples/asset-transfer-basic/chaincode-external/sampleBuilder # The path where buildpacks are locally stored
image: ghcr.io/hyperledger/bevel-samples-example:1.0
- arguments: '\"InitLedger\",\"\"' # Init Arguments to be passed which will mark chaincode as init-required
+ arguments: "InitLedger,[]" # Init Arguments to be passed which will mark chaincode as init-required
crypto_mount_path: /crypto # OPTIONAL | tls: true | Path where crypto shall be mounted for the chaincode server
+ endorsements: "OR('warehouseMSP.member')" #Endorsements (if any) provided along with the chaincode
+ collections_config: "/home/bevel/platforms/hyperledger-fabric/configuration/collections/collections_config_v1.json"
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-raft-add-orderer.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-raft-add-orderer.yaml
index ec89337fc59..9bf4bfac6b1 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-raft-add-orderer.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-raft-add-orderer.yaml
@@ -37,8 +37,7 @@ network:
# Remote connection information for orderer (will be blank or removed for orderer hosting organization)
# For RAFT consensus, have odd number (2n+1) of orderers for consensus agreement to have a majority.
- consensus:
- name: raft
+ consensus: raft
orderers:
- orderer:
type: orderer
@@ -172,9 +171,6 @@ network:
type: ca
grpc:
port: 7054
-
- consensus:
- name: raft
orderers:
# This sample has multiple orderers as an example.
@@ -184,7 +180,6 @@ network:
name: orderer1
status: existing
type: orderer
- consensus: raft
grpc:
port: 7050
ordererAddress: orderer1.supplychain-net.org1proxy.blockchaincloudpoc.com:443
@@ -192,7 +187,6 @@ network:
name: orderer2
status: existing
type: orderer
- consensus: raft
grpc:
port: 7050
ordererAddress: orderer2.supplychain-net.org1proxy.blockchaincloudpoc.com:443
@@ -200,7 +194,6 @@ network:
name: orderer3
status: existing
type: orderer
- consensus: raft
grpc:
port: 7050
ordererAddress: orderer3.supplychain-net.org1proxy.blockchaincloudpoc.com:443
@@ -208,7 +201,6 @@ network:
name: orderer4
status: new
type: orderer
- consensus: raft
grpc:
port: 7050
ordererAddress: orderer4.supplychain-net.org1proxy.blockchaincloudpoc.com:443
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml
index 688b987c19e..a81ec303ad1 100644
--- a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml
+++ b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2.yaml
@@ -41,8 +41,7 @@ network:
# Remote connection information for orderer (will be blank or removed for orderer hosting organization)
# For RAFT consensus, have odd number (2n+1) of orderers for consensus agreement to have a majority.
- consensus:
- name: raft
+ consensus: raft
orderers:
- orderer:
type: orderer
@@ -224,9 +223,6 @@ network:
type: ca
grpc:
port: 7054
-
- consensus:
- name: raft
orderers:
# This sample has multiple orderers as an example.
# You can use a single orderer for most production implementations.
@@ -234,21 +230,18 @@ network:
- orderer:
name: orderer1
type: orderer
- consensus: raft
grpc:
port: 7050
ordererAddress: orderer1.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
- orderer:
name: orderer2
type: orderer
- consensus: raft
grpc:
port: 7050
ordererAddress: orderer2.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
- orderer:
name: orderer3
type: orderer
- consensus: raft
grpc:
port: 7050
ordererAddress: orderer3.supplychain-net.org1proxy.hlf.blockchaincloudpoc-develop.com:443
diff --git a/platforms/hyperledger-fabric/configuration/v1external-chaincode-ops.yaml b/platforms/hyperledger-fabric/configuration/v1external-chaincode-ops.yaml
new file mode 100644
index 00000000000..364c1d68bb6
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/v1external-chaincode-ops.yaml
@@ -0,0 +1,212 @@
+# This playbook executes required tasks to install and instantiate external chaincode
+# on existing Kubernetes clusters. The Kubernetes clusters should already be created and the information
+# to connect to the clusters be updated in the network.yaml file that is used as an input to this playbook
+###########################################################################################
+# To Run this playbook from this directory, use the following command (network.yaml also in this directory)
+# For installing external chaincode:
+# ansible-playbook platforms/hyperledger-fabric/configuration/external-chaincode-ops.yaml -e "@build/network.yaml"
+############################################################################################
+# Please ensure that the ../../shared/configuration playbooks have been run using the same network.yaml
+---
+ # This will apply to ansible_provisioners. /etc/ansible/hosts should be configured with this group
+- hosts: ansible_provisioners
+ gather_facts: no
+ tasks:
+ # delete build directory
+ - name: Remove build directory
+ file:
+ path: "./build"
+ state: absent
+ # This role updates the peers with updated core.yaml
+ - name: Create all peers with core.yaml
+ include_role:
+ name: "create/peers"
+ vars:
+ build_path: "./build"
+ namespace: "{{ item.name | lower}}-net"
+ component_type: "{{ item.type | lower}}"
+ component_services: "{{ item.services }}"
+ vault: "{{ item.vault }}"
+ git_protocol: "{{ item.gitops.git_protocol }}"
+ git_url: "{{ item.gitops.git_url }}"
+ git_branch: "{{ item.gitops.branch }}"
+ docker_url: "{{ network.docker.url }}"
+ charts_dir: "{{ item.gitops.chart_source }}"
+ values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
+ loop: "{{ network['organizations'] }}"
+ when: item.type == 'peer'
+
+ ############################################################################################
+ # Check if CA server is available
+ - name: "Check for the CA server running in {{ item.name | lower }}-net"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
+ vars:
+ component_name: "{{ component_services.ca.name }}-tools"
+ component: "{{ item.name | lower}}"
+ component_type: "Pod"
+ component_services: "{{ item.services }}"
+ namespace: "{{ item.name | lower }}-net"
+ kubernetes: "{{ item.k8s }}"
+ label_selectors:
+ - name = {{ component_name }}
+ vault: "{{ item.vault }}"
+ ca: "{{ item.services.ca }}"
+ loop: "{{ network['organizations'] }}"
+ when:
+ - item.type == 'peer'
+
+ ############################################################################################
+ # Check if CA CLI is available
+ - name: "Check for the CA tools to be running in {{ item.name | lower }}-net"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
+ vars:
+ component_name: "{{ component_services.ca.name }}-tools"
+ component: "{{ item.name | lower}}"
+ component_type: "Pod"
+ component_services: "{{ item.services }}"
+ namespace: "{{ item.name | lower }}-net"
+ kubernetes: "{{ item.k8s }}"
+ label_selectors:
+ - name = {{ component_name }}
+ vault: "{{ item.vault }}"
+ ca: "{{ item.services.ca }}"
+ loop: "{{ network['organizations'] }}"
+ when:
+ - item.type == 'peer'
+
+ ############################################################################################
+ # This task generates the crypto material by executing the generate-crypto-peer-chaincode.sh script
+ - name: Generate crypto material for peer to interact with external chaincode servers
+ include_role:
+ name: "create/chaincode/peer_certs"
+ vars:
+ component_name: "{{ item.name | lower }}-net"
+ component_type: "{{ item.type | lower }}"
+ org_name: "{{ item.name | lower }}"
+ services: "{{ item.services }}"
+ subject: "{{ item.subject }}"
+ cert_subject: "{{ item.subject | regex_replace('/', ';') | regex_replace(',', '/') | regex_replace(';', ',') }}" # replace , to / and / to , for certpath
+ kubernetes: "{{ item.k8s }}"
+ vault: "{{ item.vault }}"
+ users: "{{ item.users }}"
+ ca_server_url: "{{ item.ca_data.url }}"
+ setup_user_env: true
+ loop: "{{ network['organizations'] }}"
+ when:
+ - item.type == 'peer'
+
+ ############################################################################################
+ # This task generates the crypto material by executing the generate-crypto-chaincode-server.sh script
+ - name: Generate crypto material for external chaincode servers
+ include_role:
+ name: "create/chaincode/server_certs"
+ vars:
+ component_name: "{{ item.name | lower }}-net"
+ component_type: "{{ item.type | lower }}"
+ org_name: "{{ item.name | lower }}"
+ services: "{{ item.services }}"
+ subject: "{{ item.subject }}"
+ cert_subject: "{{ item.subject | regex_replace('/', ';') | regex_replace(',', '/') | regex_replace(';', ',') }}" # replace , to / and / to , for certpath
+ kubernetes: "{{ item.k8s }}"
+ vault: "{{ item.vault }}"
+ users: "{{ item.users }}"
+ ca_server_url: "{{ item.ca_data.url }}"
+ setup_user_env: true
+ loop: "{{ network['organizations'] }}"
+ when:
+ - item.type == 'peer'
+
+ ############################################################################################
+ # This task installs the external chaincode on the desired peers
+ - name: Install external chaincode
+ include_role:
+ name: "create/chaincode/install_ext"
+ vars:
+ docker_url: "{{ network.docker.url }}"
+ envspace: "{{ network.env.type }}"
+ name: "{{ item.name | lower}}"
+ namespace: "{{ item.name | lower}}-net"
+ component_type: "{{ item.type | lower}}"
+ component_peers: "{{ item.services.peers }}"
+ org_name: "{{ item.name | lower }}"
+ org_ns: "{{ item.name | lower }}-net"
+ kubernetes: "{{ item.k8s }}"
+ vault: "{{ item.vault }}"
+ peers: "{{ item.services.peers }}"
+ git_url: "{{ item.gitops.git_url }}"
+ git_branch: "{{ item.gitops.branch }}"
+ charts_dir: "{{ item.gitops.chart_source }}"
+ values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
+ loop: "{{ network['organizations'] }}"
+ when:
+ - item.type == 'peer'
+ - item.org_status == 'new'
+
+ ############################################################################################
+ # This task deploys the external chaincode server for desired org
+ - name: Deploy external chaincode server
+ include_role:
+ name: "create/external_chaincode_server"
+ vars:
+ docker_url: "{{ network.docker.url }}"
+ name: "{{ item.name | lower}}"
+ namespace: "{{ item.name | lower}}-net"
+ component_type: "{{ item.type | lower}}"
+ component_peers: "{{ item.services.peers }}"
+ org_name: "{{ item.name | lower }}"
+ org_ns: "{{ item.name | lower }}-net"
+ kubernetes: "{{ item.k8s }}"
+ vault: "{{ item.vault }}"
+ peers: "{{ item.services.peers }}"
+ git_url: "{{ item.gitops.git_url }}"
+ git_branch: "{{ item.gitops.branch }}"
+ charts_dir: "{{ item.gitops.chart_source }}"
+ values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
+ loop: "{{ network['organizations'] }}"
+ when:
+ - item.type == 'peer'
+ - item.org_status == 'new'
+
+ ############################################################################################
+ # This task approves desired installed chaincode on the peers
+ - name: "Approve chaincode"
+ include_role:
+ name: "create/chaincode/approve"
+ vars:
+ participants: "{{ item.participants }}"
+ docker_url: "{{ network.docker.url }}"
+ loop: "{{ network['channels'] }}"
+ when: participants is defined and '2.' in network.version
+
+ ############################################################################################
+ # This task commits the desired approved chaincode
+ - name: Commit chaincode
+ include_role:
+ name: "create/chaincode/commit"
+ vars:
+ participants: "{{ item.participants }}"
+ docker_url: "{{ network.docker.url }}"
+ approvers: "{{ item.endorsers }}"
+ loop: "{{ network['channels'] }}"
+ when: add_new_org == 'false' and '2.' in network.version
+
+ # This task invokes chaincode after the chaincode has been commited in v2 and
+ # after chaincode installation for the new organization to be added in existing network
+ - name: Invoke chaincode
+ include_role:
+ name: "create/chaincode/invoke"
+ vars:
+ participants: "{{ item.participants }}"
+ docker_url: "{{ network.docker.url }}"
+ approvers: "{{ item.endorsers | default('', true) }}"
+ loop: "{{ network['channels'] }}"
+ when: add_new_org == 'true' or '2.' in network.version
+
+ vars: #These variables can be overriden from the command line
+ privilege_escalate: false #Default to NOT escalate to root privledges
+ install_os: "linux" #Default to linux OS
+ install_arch: "amd64" #Default to amd64 architecture
+ bin_install_dir: "~/bin" #Default to /bin install directory for binaries
+ add_new_org: 'false' # Default to false as this is for main network creation
diff --git a/platforms/hyperledger-fabric/scripts/prepare.sh.template b/platforms/hyperledger-fabric/scripts/prepare.sh.template
index 31bb43f7c4b..e6fd8616866 100644
--- a/platforms/hyperledger-fabric/scripts/prepare.sh.template
+++ b/platforms/hyperledger-fabric/scripts/prepare.sh.template
@@ -24,10 +24,10 @@ export RELEASE_BRANCH="$USER-testrun" # your specific branch in $GITOPS_SSH
# ./automation/hyperledger-fabric/Jenkinsfile.
export DOCKER_REGISTRY="hyperledgerlabs"
export DOCKER_USERNAME='ADOPBlockchainCloud0502'
-export GITOPS_SSH="https://github.com/hyperledger/bevel.git"
+export GITOPS_SSH="https://github.com/hyperledger-bevel/bevel.git"
export REL_PATH="platforms/hyperledger-fabric/releases/dev"
export CHART_PATH="platforms/hyperledger-fabric/charts"
-export GITOPS_REPO="github.com/hyperledger/bevel.git"
+export GITOPS_REPO="github.com/hyperledger-bevel/bevel.git"
# Following substitutions are taken from
# ./automation/hyperledger-fabric/Jenkinsfile.
diff --git a/platforms/network-schema.json b/platforms/network-schema.json
index 657039e3d54..2154b8caa6f 100755
--- a/platforms/network-schema.json
+++ b/platforms/network-schema.json
@@ -410,7 +410,7 @@
"type": "string",
"description": "Proxy namespace"
},
- "labels":{
+ "labels": {
"$ref": "#/definitions/shared_env_labels",
"description": "Labels for kubernetes components."
}
@@ -1669,53 +1669,12 @@
"additionalProperties": false
},
"fabric_service_consensus": {
- "type": "object",
- "properties": {
- "name": {
- "type": "string",
- "enum": [
- "kafka",
- "raft"
- ],
- "description": "Name of the Consensus service. Can be raft or kafka."
- }
- },
- "required": [
- "name"
+ "type": "string",
+ "enum": [
+ "kafka",
+ "raft"
],
- "if": {
- "properties": {
- "name": {
- "const": "kafka"
- }
- }
- },
- "then": {
- "properties": {
- "type": {
- "type": "string",
- "enum": [
- "broker"
- ],
- "description": "Only for kafka. Consensus service type, only value supported is broker currently"
- },
- "replicas": {
- "type": "integer",
- "minimum": 1,
- "maximum": 10,
- "description": "Only for kafka. Replica count of the brokers"
- },
- "grpc": {
- "$ref": "#/definitions/shared_port"
- }
- },
- "required": [
- "name",
- "type",
- "replicas",
- "grpc"
- ]
- }
+ "description": "Name of the Consensus service. Can be raft or kafka."
},
"fabric_service_orderer": {
"type": "object",
@@ -1738,13 +1697,6 @@
"pattern": "^[a-z0-9-]{1,30}$",
"description": "Name of the Orderer service"
},
- "consensus": {
- "type": "string",
- "enum": [
- "kafka",
- "raft"
- ]
- },
"grpc": {
"$ref": "#/definitions/shared_port"
},
@@ -1759,7 +1711,6 @@
"required": [
"type",
"name",
- "consensus",
"grpc"
],
"additionalProperties": false
diff --git a/platforms/shared/charts/bevel-storageclass/Chart.yaml b/platforms/shared/charts/bevel-storageclass/Chart.yaml
index a1bde135eb1..ed5db197b5e 100644
--- a/platforms/shared/charts/bevel-storageclass/Chart.yaml
+++ b/platforms/shared/charts/bevel-storageclass/Chart.yaml
@@ -8,4 +8,4 @@ apiVersion: v1
appVersion: "latest"
description: "Shared: Deploys a StorageClass that can be used to provision persistent volumes for nodes."
name: bevel-storageclass
-version: 1.0.0
+version: 1.3.1
diff --git a/platforms/shared/charts/bevel-storageclass/templates/storageclass.yaml b/platforms/shared/charts/bevel-storageclass/templates/storageclass.yaml
index 607335571a2..37af4008e9c 100644
--- a/platforms/shared/charts/bevel-storageclass/templates/storageclass.yaml
+++ b/platforms/shared/charts/bevel-storageclass/templates/storageclass.yaml
@@ -7,7 +7,7 @@
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
- name: {{ include "bevel-storageclass.fullname" . }}
+ name: {{ include "bevel-storageclass.name" . }}
reclaimPolicy: "{{ .Values.reclaimPolicy }}"
volumeBindingMode: "{{ .Values.volumeBindingMode }}"
{{- if .Values.provisioner }}
diff --git a/platforms/shared/configuration/roles/check/helm_component/tasks/main.yaml b/platforms/shared/configuration/roles/check/helm_component/tasks/main.yaml
index b582d8c1bca..32d6e8b5031 100644
--- a/platforms/shared/configuration/roles/check/helm_component/tasks/main.yaml
+++ b/platforms/shared/configuration/roles/check/helm_component/tasks/main.yaml
@@ -23,12 +23,11 @@
context: "{{ kubernetes.context }}"
label_selectors:
- "app = {{ component_name }}"
- register: component_data
+ register: job_data
retries: "{{ network.env.retry_count }}"
delay: 30
- until: component_data.resources|length > 0 and ((component_data.resources[0].status.phase is defined and component_data.resources[0].status.phase == "Succeeded") or (component_data.resources[0].status.succeeded is defined and component_data.resources[0].status.succeeded == 1))
+ until: job_data.resources|length > 0 and ((job_data.resources[0].status.phase is defined and job_data.resources[0].status.phase == "Succeeded") or (job_data.resources[0].status.succeeded is defined and job_data.resources[0].status.succeeded == 1))
when: component_type == "Job"
- register: job_retry_result
# Output debug message if Job creation fails after retries
- name: Debug information for job {{ component_name }} failure
@@ -43,7 +42,7 @@
Run 'kubectl describe job -n {{ namespace }} -l app={{ component_name }}' for more details.
when:
- component_type == "Job"
- - job_retry_result.failed is defined and job_retry_result.failed
+ - job_data.failed is defined and job_data.failed
# one time job check and registers the result variable
- name: "Check for job {{ component_name }} in {{ namespace }}"
@@ -80,7 +79,6 @@
delay: "{{ delay | default(30) }}"
until: component_data.resources|length > 0
when: component_type == "Pod"
- register: pod_retry_result
# Output debug message if Pod creation fails after retries
- name: Debug information for pod {{ component_name }} failure
@@ -95,7 +93,7 @@
Run 'kubectl describe pod -n {{ namespace }} -l {{ label_selectors | join(",") }}' for detailed events.
when:
- component_type == "Pod"
- - pod_retry_result.failed is defined and pod_retry_result.failed
+ - component_data.failed is defined and component_data.failed
# Print a warning message if job is still running/pending after retries but not failed
- name: Status update for job {{ component_name }}
@@ -103,6 +101,6 @@
msg: "Job {{ component_name }} in namespace {{ namespace }} is still running or pending. Consider increasing retry_count or checking for issues in the job configuration."
when:
- component_type == "Job"
- - job_retry_result.failed is not defined or not job_retry_result.failed
- - component_data.resources|length > 0
- - (component_data.resources[0].status.phase is not defined or component_data.resources[0].status.phase != "Succeeded") and (component_data.resources[0].status.succeeded is not defined or component_data.resources[0].status.succeeded != 1)
+ - job_data.failed is not defined or not job_data.failed
+ - job_data.resources|length > 0
+ - (job_data.resources[0].status.phase is not defined or job_data.resources[0].status.phase != "Succeeded") and (job_data.resources[0].status.succeeded is not defined or job_data.resources[0].status.succeeded != 1)
diff --git a/platforms/shared/configuration/roles/check/k8_component/tasks/main.yaml b/platforms/shared/configuration/roles/check/k8_component/tasks/main.yaml
index a0ffa5af4d9..542d88fdca9 100644
--- a/platforms/shared/configuration/roles/check/k8_component/tasks/main.yaml
+++ b/platforms/shared/configuration/roles/check/k8_component/tasks/main.yaml
@@ -43,7 +43,6 @@
when:
- component_type == "Namespace" or component_type == "ClusterRoleBinding" or component_type == "StorageClass"
- type is undefined or type == "retry"
- register: retry_result
# Output debug message if component creation fails after retries
- name: Debug information for {{ component_type }} {{ component_name }} failure
@@ -58,7 +57,7 @@
when:
- component_type == "Namespace" or component_type == "ClusterRoleBinding" or component_type == "StorageClass"
- type is undefined or type == "retry"
- - retry_result.failed is defined and retry_result.failed
+ - component_data.failed is defined and component_data.failed
# Task to check if ServiceAccount is created
# This task will try for a maximum number of iterations defined in env.retry_count of network.yaml with an interval of
@@ -94,7 +93,6 @@
delay: 35
until: component_data.resources|length > 0
when: (component_type == "ServiceAccount" and (type is undefined or type == 'retry'))
- register: sa_retry_result
# Output debug message if ServiceAccount creation fails after retries
- name: Debug information for {{ component_type }} {{ component_name }} failure
@@ -108,4 +106,4 @@
Check the Kubernetes events and logs for more details.
when:
- component_type == "ServiceAccount" and (type is undefined or type == 'retry')
- - sa_retry_result.failed is defined and sa_retry_result.failed
+ - component_data.failed is defined and component_data.failed
diff --git a/platforms/shared/configuration/roles/check/setup/tasks/main.yaml b/platforms/shared/configuration/roles/check/setup/tasks/main.yaml
index ebf34dcdf45..10c77bd9f1a 100644
--- a/platforms/shared/configuration/roles/check/setup/tasks/main.yaml
+++ b/platforms/shared/configuration/roles/check/setup/tasks/main.yaml
@@ -66,7 +66,6 @@
delay: 30
until: vault_result.failed == False
when: check == "crypto_materials"
- register: vault_retry_result
# Output debug message if vault operation fails after retries
- name: Debug information for vault failure
@@ -81,7 +80,7 @@
Verify Vault status with 'vault status' and check that the crypto generation process completed successfully.
when:
- check == "crypto_materials"
- - vault_retry_result.failed is defined and vault_retry_result.failed
+ - vault_result.failed is defined and vault_result.failed
# Log success message when crypto materials are found
- name: Log successful crypto materials check
@@ -89,7 +88,7 @@
msg: "Successfully found crypto materials at {{ vault_path }} in Vault."
when:
- check == "crypto_materials"
- - vault_retry_result.failed is not defined or not vault_retry_result.failed
+ - vault_result.failed is not defined or not vault_result.failed
# This task check if certs exists in vault.
- name: check if certs exists in vault.
diff --git a/platforms/shared/configuration/roles/create/job_component/tasks/main.yaml b/platforms/shared/configuration/roles/create/job_component/tasks/main.yaml
index 3be1a403b78..0286a6a38e7 100644
--- a/platforms/shared/configuration/roles/create/job_component/tasks/main.yaml
+++ b/platforms/shared/configuration/roles/create/job_component/tasks/main.yaml
@@ -45,7 +45,7 @@
- "{{ values_dir }}/{{ component_name }}.yaml"
force: true
wait: true
- update_repo_cache: true
+ update_repo_cache: false
kubeconfig: "{{ kubernetes.config_file }}"
when:
- helm_check.status is not defined
diff --git a/platforms/shared/configuration/roles/create/job_component/templates/create_channel_job.tpl b/platforms/shared/configuration/roles/create/job_component/templates/create_channel_job.tpl
index 985d5e199ed..9d673a243b2 100644
--- a/platforms/shared/configuration/roles/create/job_component/templates/create_channel_job.tpl
+++ b/platforms/shared/configuration/roles/create/job_component/templates/create_channel_job.tpl
@@ -31,7 +31,7 @@ peer:
{% if provider == 'none' %}
address: {{ peer_name }}.{{ component_ns }}:7051
{% else %}
- address: {{ peer_adress }}
+ address: {{ peer_address }}
{% endif %}
localMspId: {{ org.name | lower }}MSP
logLevel: debug
diff --git a/platforms/shared/configuration/roles/create/job_component/templates/fabric_genesis.tpl b/platforms/shared/configuration/roles/create/job_component/templates/fabric_genesis.tpl
index 11bb07f32fd..3f845b8d898 100755
--- a/platforms/shared/configuration/roles/create/job_component/templates/fabric_genesis.tpl
+++ b/platforms/shared/configuration/roles/create/job_component/templates/fabric_genesis.tpl
@@ -63,15 +63,7 @@ organizations:
{% endfor %}
{% endfor %}
-consensus: {{ consensus.name }}
-
-{% if consensus.name == 'kafka' %}
-kafka:
- brokers:
-{% for i in range(consensus.replicas) %}
- - {{ consensus.name }}-{{ i }}.{{ consensus.type }}.{{ component_ns }}.svc.cluster.local:{{ consensus.grpc.port }}
-{% endfor %}
-{% endif %}
+consensus: {{ consensus }}
channels:
{% for channel in network.channels %}
@@ -90,7 +82,7 @@ channels:
{% endfor %}
settings:
- generateGenesis: {{ generateGenisisBLock }}
+ generateGenesis: {{ generateGenesis }}
removeConfigMapOnDelete: false
{% if add_org %}
diff --git a/platforms/shared/configuration/roles/create/job_component/templates/lifecycle_chaincode_job.tpl b/platforms/shared/configuration/roles/create/job_component/templates/lifecycle_chaincode_job.tpl
new file mode 100644
index 00000000000..dfdd4958b65
--- /dev/null
+++ b/platforms/shared/configuration/roles/create/job_component/templates/lifecycle_chaincode_job.tpl
@@ -0,0 +1,77 @@
+global:
+ version: {{ network.version }}
+ serviceAccountName: vault-auth
+ cluster:
+ provider: {{ org.cloud_provider }}
+ cloudNativeServices: false
+ vault:
+ type: hashicorp
+ network: fabric
+ address: {{ vault.url }}
+ authPath: {{ network.env.type }}{{ name }}
+ secretEngine: {{ vault.secret_path | default("secretsv2") }}
+ secretPrefix: "data/{{ network.env.type }}{{ name }}"
+ role: vault-role
+ tls: false
+ proxy:
+ provider: {{ network.env.proxy | quote }}
+ externalUrlSuffix: {{ org.external_url_suffix }}
+
+image:
+ fabrictools: {{ docker_url }}/bevel-fabric-tools
+ alpineUtils: {{ docker_url }}/bevel-alpine:latest
+{% if network.docker.username is defined and network.docker.password is defined %}
+ pullSecret: regcred
+{% else %}
+ pullSecret: ""
+{% endif %}
+
+peer:
+ name: {{ peer_name }}
+{% if network.env.proxy == 'none' %}
+ address: {{ peer_name }}.{{ component_ns }}:7051
+{% else %}
+ address: {{ peer_address }}
+{% endif %}
+ localMspId: {{ name }}MSP
+ logLevel: info
+ tlsStatus: true
+ ordererAddress: {{ participant.ordererAddress }}
+
+chaincode:
+ channel: {{ item.channel_name }}
+ name: {{ chaincode.name }}
+ version: {{ chaincode.version | quote }}
+ sequence: {{ chaincode.sequence | quote }}
+ arguments: {{ chaincode.arguments }}
+ endorsementPolicies: {{ chaincode.endorsements }}
+ builder: hyperledger/fabric-ccenv:{{ network.version }}
+ initRequired: {{ chaincode.init_required }}
+{% if chaincode.collections_config is defined %}
+ pdc:
+ enabled: true
+ collectionsConfig: {{ pdc_config_content }}
+{% endif %}
+
+# Endorsers configuration (for commit operation)
+endorsers:
+{% for endorser in endorsers_list %}
+ - name: {{ endorser.name }}
+ corePeerAddress: {{ endorser.corepeerAddress }}
+ certificate: "{{ lookup('file', endorser.certificate ) | b64encode }}"
+{% endfor %}
+
+# Lifecycle configuration
+# Control which operations to perform
+lifecycle:
+ approve:
+ enabled: true
+ waitForInstall: true
+{% if participant.type == 'creator' %}
+ commit:
+ enabled: true
+ waitForApprove: true
+ invoke:
+ enabled: true
+ waitForCommit: true
+{% endif %}
diff --git a/platforms/shared/configuration/roles/create/job_component/templates/osn_create_channel_job.tpl b/platforms/shared/configuration/roles/create/job_component/templates/osn_create_channel_job.tpl
index 0a43e0fdecc..00718908652 100644
--- a/platforms/shared/configuration/roles/create/job_component/templates/osn_create_channel_job.tpl
+++ b/platforms/shared/configuration/roles/create/job_component/templates/osn_create_channel_job.tpl
@@ -33,14 +33,16 @@ orderers:
- name: {{ value }}
adminAddress: {{ value }}.{{ component_ns }}:7055
{% endif %}
+{% if key == 'ordererAddress' %}
+ ordererAddress: {{ value }}
+{% endif %}
{% endfor %}
{% endfor %}
-addOrderer: {{ add_orderer_value }}
-
-{% if add_orderer_value is defined and add_orderer_value is sameas true %}
+{% if add_orderer_value is defined and add_orderer_value %}
orderer:
+ addOrderer: {{ add_orderer_value }}
name: {{ first_orderer.name }}
localMspId: {{ org.name | lower}}MSP
- address: {{ existingOrdererAddress }}
+ ordererAddress: {{ existingOrdererAddress }}
{% endif %}
diff --git a/platforms/shared/configuration/roles/create/job_component/vars/main.yaml b/platforms/shared/configuration/roles/create/job_component/vars/main.yaml
index e8d207c7f28..e7ec341f04b 100644
--- a/platforms/shared/configuration/roles/create/job_component/vars/main.yaml
+++ b/platforms/shared/configuration/roles/create/job_component/vars/main.yaml
@@ -18,6 +18,7 @@ job_templates:
corda_ent_init: corda_ent_init.tpl
corda_ent_cenm: corda_ent_cenm.tpl
corda_ent_secondary_init: corda_ent_secondary_init.tpl
+ lifecycle_chaincode_job: lifecycle_chaincode_job.tpl
charts:
primary_genesis: "{{ network.type }}-genesis"
secondary_genesis: "{{ network.type }}-genesis"
@@ -27,10 +28,11 @@ charts:
osn_create_channel_job: fabric-osnadmin-channel-create
create_channel_job: fabric-channel-create
join_channel_job: fabric-channel-join
- bevel_alpine_version: latest
- fabric_tools_image: bevel-fabric-tools
indy_genesis: indy-genesis
indy_endorser: indy-register-identity
corda_ent_init: enterprise-init
corda_ent_secondary_init: enterprise-init
corda_ent_cenm: cenm
+ lifecycle_chaincode_job: fabric-chaincode-lifecycle
+bevel_alpine_version: latest
+fabric_tools_image: bevel-fabric-tools
diff --git a/platforms/shared/configuration/roles/create/shared_helm_component/templates/storage_class.tpl b/platforms/shared/configuration/roles/create/shared_helm_component/templates/storage_class.tpl
index 91d028a21fc..131a6ba1426 100644
--- a/platforms/shared/configuration/roles/create/shared_helm_component/templates/storage_class.tpl
+++ b/platforms/shared/configuration/roles/create/shared_helm_component/templates/storage_class.tpl
@@ -1,6 +1,7 @@
global:
cluster:
provider: "{{ cloud_provider }}"
+nameOverride: {{ sc_name }}
reclaimPolicy: Delete
volumeBindingMode: Immediate
{% if cloud_provider == "aws" %}
diff --git a/platforms/shared/configuration/roles/git_push/tasks/main.yaml b/platforms/shared/configuration/roles/git_push/tasks/main.yaml
index e9624b56178..d48d2e17c23 100644
--- a/platforms/shared/configuration/roles/git_push/tasks/main.yaml
+++ b/platforms/shared/configuration/roles/git_push/tasks/main.yaml
@@ -19,11 +19,11 @@
export GIT_SSH_COMMAND='ssh -i {{ gitops.private_key }}'
git config user.email {{ gitops.email }}
git config user.name {{ gitops.username }}
- git --git-dir={{ GIT_DIR }}/.git pull
- git --git-dir={{ GIT_DIR }}/.git add -A .
-
- git --git-dir={{ GIT_DIR }}/.git commit -s -m "{{ msg }}" || true
- git --git-dir={{ GIT_DIR }}/.git push {{ gitops.git_url }} HEAD:{{ gitops.branch }}
+ git add -A .
+ git commit -s -m "{{ msg }}" || true
+
+ git pull
+ git push {{ gitops.git_url }} HEAD:{{ gitops.branch }}
register: GIT_OUTPUT_SSH
when:
- gitops.git_protocol is defined
@@ -36,13 +36,13 @@
shell: |
cd "{{ GIT_DIR }}"
echo "---------------GIT PUSH---------------"
- git config user.email {{ gitops.email }}
- git config user.name {{ gitops.username }}
- git --git-dir={{ GIT_DIR }}/.git pull
- git --git-dir={{ GIT_DIR }}/.git add -A .
-
- git --git-dir={{ GIT_DIR }}/.git commit -s -m "{{ msg }}" || true
- git --git-dir={{ GIT_DIR }}/.git push https://{{ gitops.username }}:{{ gitops.password }}@{{ gitops.git_repo }} HEAD:{{ gitops.branch }}
+ git config --global user.email {{ gitops.email }}
+ git config --global user.name {{ gitops.username }}
+ git add -A .
+ git commit -s -m "{{ msg }}" || true
+
+ git pull https://{{ gitops.username }}:{{ gitops.password }}@{{ gitops.git_repo }} {{ gitops.branch }}
+ git push https://{{ gitops.username }}:{{ gitops.password }}@{{ gitops.git_repo }} HEAD:{{ gitops.branch }}
register: GIT_OUTPUT
when: gitops.git_protocol is not defined or gitops.git_protocol == "https"
diff --git a/platforms/shared/configuration/roles/helm_lint/vars/main.yaml b/platforms/shared/configuration/roles/helm_lint/vars/main.yaml
index 36fdd4e9c0e..f643ca592b5 100644
--- a/platforms/shared/configuration/roles/helm_lint/vars/main.yaml
+++ b/platforms/shared/configuration/roles/helm_lint/vars/main.yaml
@@ -72,4 +72,3 @@ charts:
corda_ent_notary: enterprise-node
corda_ent_network_map: cenm-networkmap
corda_ent_node: enterprise-node
-
diff --git a/platforms/shared/configuration/roles/setup/aws-cli/vars/main.yaml b/platforms/shared/configuration/roles/setup/aws-cli/vars/main.yaml
index fc9557c2962..fa53c58dfe5 100644
--- a/platforms/shared/configuration/roles/setup/aws-cli/vars/main.yaml
+++ b/platforms/shared/configuration/roles/setup/aws-cli/vars/main.yaml
@@ -9,4 +9,4 @@ tmp_directory: "{{ lookup('env', 'TMPDIR') | default('/tmp',true) }}"
aws_cli:
bin_directory: "{{ bin_install_dir | default('~/bin') }}" # Default to ~/bin install directory for binaries
- install_arch: "x86_64" # Use aarch64 for Linux ARM
+ install_arch: "x86_64" # Use aarch64 for Linux ARM, x86_64 for AMD
diff --git a/platforms/shared/configuration/roles/setup/edge-stack/meta/main.yaml b/platforms/shared/configuration/roles/setup/edge-stack/meta/main.yaml
index 0d26800f7b7..60b68a4cb29 100644
--- a/platforms/shared/configuration/roles/setup/edge-stack/meta/main.yaml
+++ b/platforms/shared/configuration/roles/setup/edge-stack/meta/main.yaml
@@ -6,16 +6,6 @@
---
dependencies:
- - role: "aws-auth"
- vars:
- aws_authenticator:
- os: "{{ install_os }}"
- arch: "{{ install_arch }}"
- bin_directory: "{{ bin_install_dir }}"
- checksum: ""
- kubeconfig_path: "{{ item.k8s.config_file }}"
- kubecontext: "{{ item.k8s.context }}"
- when: item.cloud_provider == 'aws'
- role: "helm"
vars:
helm:
diff --git a/platforms/shared/configuration/roles/setup/flux/meta/main.yaml b/platforms/shared/configuration/roles/setup/flux/meta/main.yaml
index 4bd4f4959d4..8290db07927 100644
--- a/platforms/shared/configuration/roles/setup/flux/meta/main.yaml
+++ b/platforms/shared/configuration/roles/setup/flux/meta/main.yaml
@@ -6,16 +6,6 @@
---
dependencies:
- - role: "aws-auth"
- vars:
- aws_authenticator:
- os: "{{ install_os }}"
- arch: "{{ install_arch }}"
- bin_directory: "{{ bin_install_dir }}"
- checksum: ""
- kubeconfig_path: "{{ item.k8s.config_file }}"
- kubecontext: "{{ item.k8s.context }}"
- when: item.cloud_provider == 'aws'
- role: "helm"
vars:
helm:
diff --git a/platforms/shared/configuration/roles/setup/flux/tasks/main.yaml b/platforms/shared/configuration/roles/setup/flux/tasks/main.yaml
index 094db51905a..23d39491dfc 100644
--- a/platforms/shared/configuration/roles/setup/flux/tasks/main.yaml
+++ b/platforms/shared/configuration/roles/setup/flux/tasks/main.yaml
@@ -3,7 +3,6 @@
#
# SPDX-License-Identifier: Apache-2.0
##############################################################################################
-
---
- name: check flux cli
stat:
@@ -12,7 +11,7 @@
- name: Install flux cli
shell: |
- curl -s https://fluxcd.io/install.sh | bash -s {{ bin_install_dir }}
+ curl -s https://fluxcd.io/install.sh --insecure | bash -s {{ bin_install_dir }}
environment:
FLUX_VERSION: "{{ flux_version }}"
when: not flux_cli_stat_result.stat.exists
@@ -41,7 +40,7 @@
environment:
KUBECONFIG: "{{ item.k8s.config_file }}"
tags:
- - flux
+ - flux
- name: Install flux cli and bootstrap flux v2
shell: |
@@ -58,4 +57,4 @@
environment:
KUBECONFIG: "{{ item.k8s.config_file }}"
tags:
- - flux
+ - flux
diff --git a/platforms/shared/configuration/roles/setup/haproxy-ingress/meta/main.yaml b/platforms/shared/configuration/roles/setup/haproxy-ingress/meta/main.yaml
index e9dc9605d38..c456cacee81 100644
--- a/platforms/shared/configuration/roles/setup/haproxy-ingress/meta/main.yaml
+++ b/platforms/shared/configuration/roles/setup/haproxy-ingress/meta/main.yaml
@@ -6,15 +6,6 @@
---
dependencies:
- - role: "setup/aws-auth"
- vars:
- aws_authenticator:
- os: "{{ install_os }}"
- arch: "{{ install_arch }}"
- bin_directory: "{{ bin_install_dir }}"
- kubeconfig_path: "{{ item.k8s.config_file }}"
- kubecontext: "{{ item.k8s.context }}"
- when: item.cloud_provider == 'aws'
- role: "setup/helm"
vars:
helm:
diff --git a/platforms/shared/configuration/roles/setup/istio/meta/main.yaml b/platforms/shared/configuration/roles/setup/istio/meta/main.yaml
index e9dc9605d38..c456cacee81 100644
--- a/platforms/shared/configuration/roles/setup/istio/meta/main.yaml
+++ b/platforms/shared/configuration/roles/setup/istio/meta/main.yaml
@@ -6,15 +6,6 @@
---
dependencies:
- - role: "setup/aws-auth"
- vars:
- aws_authenticator:
- os: "{{ install_os }}"
- arch: "{{ install_arch }}"
- bin_directory: "{{ bin_install_dir }}"
- kubeconfig_path: "{{ item.k8s.config_file }}"
- kubecontext: "{{ item.k8s.context }}"
- when: item.cloud_provider == 'aws'
- role: "setup/helm"
vars:
helm:
diff --git a/platforms/shared/configuration/roles/setup/kubectl/defaults/main.yaml b/platforms/shared/configuration/roles/setup/kubectl/defaults/main.yaml
index d8c1cb96b50..7561395a716 100644
--- a/platforms/shared/configuration/roles/setup/kubectl/defaults/main.yaml
+++ b/platforms/shared/configuration/roles/setup/kubectl/defaults/main.yaml
@@ -8,7 +8,7 @@
tmp_directory: "{{ lookup('env', 'TMPDIR') | default('/tmp',true) }}"
default:
- version: "1.27.0"
+ version: "1.32.0"
os: "linux" # use "darwin" for MacOS X, "windows" for Windows
arch: "amd64" # other possible values: "386","arm64","arm","ppc64le","s390x"
bin_directory: "~/bin"
diff --git a/platforms/shared/configuration/roles/setup/kubectl/tasks/main.yaml b/platforms/shared/configuration/roles/setup/kubectl/tasks/main.yaml
index 3e537b3b16b..897ddf31755 100644
--- a/platforms/shared/configuration/roles/setup/kubectl/tasks/main.yaml
+++ b/platforms/shared/configuration/roles/setup/kubectl/tasks/main.yaml
@@ -19,20 +19,20 @@
- name: Download kubectl binary
get_url:
- url: "https://dl.k8s.io/v{{ kubectl.version | default(default.version) }}/kubernetes-client-{{ kubectl.os | default(default.os) }}-{{ kubectl.arch | default(default.arch)}}.tar.gz"
+ url: "https://dl.k8s.io/release/v{{ kubectl.version | default(default.version) }}/bin/{{ kubectl.os | default(default.os) }}/{{ kubectl.arch | default(default.arch)}}/kubectl"
dest: "{{ tmp_directory.path }}"
checksum: "{{ kubectl.checksum | default(default.checksum)}}"
when: not kubectl_stat_result.stat.exists
tags:
- kubectl
- - name: Unarchive kubernetes-client
- unarchive:
- src: "{{ tmp_directory.path }}/kubernetes-client-{{ kubectl.os | default(default.os) }}-{{ kubectl.arch | default(default.arch)}}.tar.gz"
- dest: "{{ tmp_directory.path }}"
- when: not kubectl_stat_result.stat.exists
- tags:
- - kubectl
+ # - name: Unarchive kubernetes-client
+ # unarchive:
+ # src: "{{ tmp_directory.path }}/kubernetes-client-{{ kubectl.os | default(default.os) }}-{{ kubectl.arch | default(default.arch)}}.tar.gz"
+ # dest: "{{ tmp_directory.path }}"
+ # when: not kubectl_stat_result.stat.exists
+ # tags:
+ # - kubectl
- name: create bin directory
file:
@@ -44,7 +44,7 @@
- name: Copy kubectl binary to destination directory
copy:
- src: "{{ tmp_directory.path }}/kubernetes/client/bin/{{ bin_item }}"
+ src: "{{ tmp_directory.path }}/{{ bin_item }}"
dest: "{{ kubectl.bin_directory | default(default.bin_directory) }}/{{ bin_item }}"
mode: 0755
remote_src: yes
@@ -57,7 +57,7 @@
- kubectl
- name: Test kubectl installation
- command: kubectl version
+ command: kubectl config view
changed_when: false
- name: Changing the current context namespace to default
diff --git a/platforms/shared/configuration/setup-environment.yaml b/platforms/shared/configuration/setup-environment.yaml
index 95a8e7e7ba6..f3a9d5b99a1 100644
--- a/platforms/shared/configuration/setup-environment.yaml
+++ b/platforms/shared/configuration/setup-environment.yaml
@@ -12,6 +12,7 @@
#######################################
- hosts: ansible_provisioners
gather_facts: yes
+ become: false
no_log: "{{ no_ansible_log | default(false) }}"
tasks:
- include_role:
@@ -46,17 +47,6 @@
aws_secret_key: "{{ item.aws.secret_key }}"
with_items: "{{ network.organizations }}"
when: "item.cloud_provider == 'aws' or item.cloud_provider == 'aws-baremetal'"
- - include_role:
- name: setup/aws-auth
- vars:
- aws_authenticator:
- os: "{{ install_os }}"
- arch: "{{ install_arch }}"
- bin_directory: "{{ bin_install_dir }}"
- kubeconfig_path: "{{ item.k8s.config_file }}"
- kubecontext: "{{ item.k8s.context }}"
- with_items: "{{ network.organizations }}"
- when: "item.cloud_provider == 'aws'"
vars: #These variables can be overriden from the command line
privilege_escalate: false #Default to NOT escalate to root privledges
install_os: "linux" #Default to linux OS
diff --git a/platforms/shared/configuration/site.yaml b/platforms/shared/configuration/site.yaml
index c621744d79b..88166c461d5 100755
--- a/platforms/shared/configuration/site.yaml
+++ b/platforms/shared/configuration/site.yaml
@@ -3,21 +3,20 @@
#
# SPDX-License-Identifier: Apache-2.0
##############################################################################################
-
---
##############################################################################
# Main Playbook for the setting up and reseting Hyperledger Bevel DLT network
##############################################################################
# This playbook will validate the network yaml using ajv
-- import_playbook: validate-network-schema.yaml
- when: reset is undefined or reset == 'false'
+# - import_playbook: validate-network-schema.yaml
+# when: reset is undefined or reset == 'false'
# Setup controller environment
-- import_playbook: setup-environment.yaml
+- import_playbook: setup-environment.yaml
# Setup Flux, Proxy and Cert manager on each organization cluster
-- import_playbook: setup-k8s-environment.yaml
+- import_playbook: setup-k8s-environment.yaml
when: reset is undefined or reset == 'false'
############################################
@@ -29,145 +28,43 @@
vars:
add_new_org: 'false'
when:
- - network.type == 'fabric'
- - network.env.type != 'operator'
- - (reset is undefined or reset == 'false')
- - (network.upgrade is not defined or network.upgrade == false)
+ - network.type == 'fabric'
+ - network.env.type != 'operator'
+ - (reset is undefined or reset == 'false')
+ - (network.upgrade is not defined or network.upgrade == false)
+- import_playbook: "{{ playbook_dir }}/../../hyperledger-fabric/configuration/add-new-channel.yaml"
+ vars:
+ add_new_org: 'false'
+ when:
+ - network.type == 'fabric'
+ - network.env.type != 'operator'
+ - (reset is undefined or reset == 'false')
+ - (network.upgrade is not defined or network.upgrade == false)
- import_playbook: "{{ playbook_dir }}/../../hyperledger-fabric/configuration/deploy-operator-network.yaml"
vars:
add_new_org: 'false'
when:
- - network.type == 'fabric'
- - network.env.type == 'operator'
- - (reset is undefined or reset == 'false')
- - (network.upgrade is not defined or network.upgrade == false)
+ - network.type == 'fabric'
+ - network.env.type == 'operator'
+ - (reset is undefined or reset == 'false')
+ - (network.upgrade is not defined or network.upgrade == false)
# Upgrade network
- import_playbook: "{{ playbook_dir }}/../../hyperledger-fabric/configuration/upgrade-network.yaml"
vars:
add_new_org: 'false'
when:
- - network.type == 'fabric'
- - network.env.type != 'operator'
- - (reset is undefined or reset == 'false')
- - (network.upgrade is defined and network.upgrade == true)
-
-############################################
-# Playbook for R3 Corda Operations
-############################################
-
-# Deploy network
-- import_playbook: "{{ playbook_dir }}/../../r3-corda/configuration/deploy-network.yaml"
- when:
- - network.type == 'corda'
- - network.env.type != 'operator'
- - (reset is undefined or reset == 'false')
-
-############################################
-# Playbook for Hyperledger Indy Operations
-############################################
-
-# Deploy network
-- import_playbook: "{{ playbook_dir }}/../../hyperledger-indy/configuration/deploy-network.yaml"
- when:
- - network.type == 'indy'
- - network.env.type != 'operator'
- - (reset is undefined or reset == 'false')
-
-############################################
-# Playbook for GoQuorum Operations
-############################################
-
-# Deploy network
-- import_playbook: "{{ playbook_dir }}/../../quorum/configuration/deploy-network.yaml"
- vars:
- add_new_org: false
- when:
- - network.type == 'quorum'
- - network.env.type != 'operator'
- - (reset is undefined or reset == 'false')
-
-############################################
-# Playbook for Hyperledger Besu Operations
-############################################
-
-# Generate crypto
-- import_playbook: "{{ playbook_dir }}/../../hyperledger-besu/configuration/generate-crypto.yaml"
- vars:
- add_new_org: false
- when:
- - network.type == 'besu'
- - network.env.type != 'operator'
- - (reset is undefined or reset == 'false')
- - (network.crypto_only is defined and network.crypto_only == true)
-
-# Deploy network
-- import_playbook: "{{ playbook_dir }}/../../hyperledger-besu/configuration/deploy-network.yaml"
- vars:
- add_new_org: false
- when:
- - network.type == 'besu'
- - network.env.type != 'operator'
- - (reset is undefined or reset == 'false')
- - (network.crypto_only is undefined or network.crypto_only == false)
-
-#############################################
-# Playbook for R3 corda enterprise Operations
-#############################################
-
-- import_playbook: "{{ playbook_dir }}/../../r3-corda-ent/configuration/deploy-network.yaml"
- when:
- - network.type == 'corda-enterprise'
- - network.env.type != 'operator'
- - (reset is undefined or reset == 'false')
-
-#############################################
-# Playbook for Substrate Operations
-#############################################
-
-- import_playbook: "{{ playbook_dir }}/../../substrate/configuration/deploy-network.yaml"
- when:
- - network.type == 'substrate'
- - network.env.type != 'operator'
- - (reset is undefined or reset == 'false')
-
-# Cleanup platform specific resources
-- import_playbook: "{{ playbook_dir }}/../../hyperledger-indy/configuration/cleanup.yaml"
- when:
- - network.type == 'indy'
- - network.env.type != 'operator'
- - reset is defined and reset == 'true'
-- import_playbook: "{{ playbook_dir }}/../../r3-corda/configuration/cleanup.yaml"
- when:
- - network.type == 'corda'
+ - network.type == 'fabric'
- network.env.type != 'operator'
- - reset is defined and reset == 'true'
+ - (reset is undefined or reset == 'false')
+ - (network.upgrade is defined and network.upgrade == true)
+
- import_playbook: "{{ playbook_dir }}/../../hyperledger-fabric/configuration/cleanup.yaml"
- when:
+ when:
- network.type == 'fabric'
- network.env.type != 'operator'
- reset is defined and reset == 'true'
-- import_playbook: "{{ playbook_dir }}/../../quorum/configuration/cleanup.yaml"
- when:
- - network.type == 'quorum'
- - network.env.type != 'operator'
- - reset is defined and reset == 'true'
-- import_playbook: "{{ playbook_dir }}/../../hyperledger-besu/configuration/cleanup.yaml"
- when:
- - network.type == 'besu'
- - network.env.type != 'operator'
- - reset is defined and reset == 'true'
-- import_playbook: "{{ playbook_dir }}/../../r3-corda-ent/configuration/cleanup.yaml"
- when:
- - network.type == 'corda-enterprise'
- - network.env.type != 'operator'
- - reset is defined and reset == 'true'
-- import_playbook: "{{ playbook_dir }}/../../substrate/configuration/cleanup.yaml"
- when:
- - network.type == 'substrate'
- - network.env.type != 'operator'
- - reset is defined and reset == 'true'
# Delete the generic network resources from kuberentes
- import_playbook: delete-network.yaml
diff --git a/platforms/shared/configuration/validate-network-schema.yaml b/platforms/shared/configuration/validate-network-schema.yaml
index 7f119343b46..6201309e4b6 100644
--- a/platforms/shared/configuration/validate-network-schema.yaml
+++ b/platforms/shared/configuration/validate-network-schema.yaml
@@ -12,7 +12,7 @@
- hosts: ansible_provisioners
gather_facts: yes
no_log: "false"
- become: yes
+ become: no
tasks:
- name: install ajv-cli
npm: