diff --git a/README.md b/README.md index 6b80fbae..40c4d9eb 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ This workshop provides an in-depth, hands-on discussion and demonstration of usi | | | |-------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| ![galagames logo](https://avatars.githubusercontent.com/u/135145372?s=200&v=4) | Gala Games is a blockchain gaming platform that empowers players to earn cryptocurrencies and NFTs through gameplay. Founded in 2018 by Eric Schiermeyer, co-founder of Zynga, it aims to create a new type of gaming experience. The platform offers limited edition NFTs and allows players to earn Gala tokens s | +| ![galagames logo](https://avatars.githubusercontent.com/u/135145372?s=200&v=4) | Gala Games is a blockchain gaming platform that empowers players to earn cryptocurrencies and NFTs through gameplay. Founded in 2018 by Eric Schiermeyer, co-founder of Zynga, it aims to create a new type of gaming experience. The platform offers limited edition NFTs and allows players to earn Gala tokens | | ![kfs logo](https://avatars.githubusercontent.com/u/74511895?s=200&v=4) | If you want to design and deploy a secure Blockchain network based on the latest version of Hyperledger Fabric, feel free to contact dviejo@kungfusoftware.es or visit [https://kfs.es/blockchain](https://kfs.es/blockchain) | ## Getting started @@ -327,10 +327,6 @@ kubectl hlf peer create --statedb=leveldb --image=$PEER_IMAGE --version=$PEER_VE --hosts=peer0-org1.localho.st --istio-port=443 -kubectl hlf peer create --statedb=leveldb --image=$PEER_IMAGE --version=$PEER_VERSION --storage-class=$SC_NAME --enroll-id=peer --mspid=Org1MSP \ - --enroll-pw=peerpw --capacity=5Gi --name=org1-peer1 --ca-name=org1-ca.default \ - --hosts=peer1-org1.localho.st --istio-port=443 - kubectl wait --timeout=180s --for=condition=Running fabricpeers.hlf.kungfusoftware.es --all ``` @@ -338,7 +334,50 @@ Check that the peer is deployed and works: ```bash openssl s_client -connect peer0-org1.localho.st:443 -openssl s_client -connect peer1-org1.localho.st:443 +``` + + +## Deploy Org2 + +### Deploy a certificate authority + +```bash +kubectl hlf ca create --image=$CA_IMAGE --version=$CA_VERSION --storage-class=$SC_NAME --capacity=1Gi --name=org2-ca \ + --enroll-id=enroll --enroll-pw=enrollpw --hosts=org2-ca.localho.st --istio-port=443 + +kubectl wait --timeout=180s --for=condition=Running fabriccas.hlf.kungfusoftware.es --all +``` + +Check that the certification authority is deployed and works: + +```bash +curl -k https://org2-ca.localho.st:443/cainfo +``` + +Register a user in the certification authority of the peer organization (Org2MSP) + +```bash +# register user in CA for peers +kubectl hlf ca register --name=org2-ca --user=peer --secret=peerpw --type=peer \ + --enroll-id enroll --enroll-secret=enrollpw --mspid Org2MSP + +``` + +### Deploy a peer + +```bash +kubectl hlf peer create --statedb=leveldb --image=$PEER_IMAGE --version=$PEER_VERSION --storage-class=$SC_NAME --enroll-id=peer --mspid=Org2MSP \ + --enroll-pw=peerpw --capacity=5Gi --name=org2-peer0 --ca-name=org2-ca.default \ + --hosts=peer0-org2.localho.st --istio-port=443 + + +kubectl wait --timeout=180s --for=condition=Running fabricpeers.hlf.kungfusoftware.es --all +``` + +Check that the peer is deployed and works: + +```bash +openssl s_client -connect peer0-org2.localho.st:443 ``` ## Deploy an `Orderer` organization @@ -376,6 +415,7 @@ kubectl hlf ca register --name=ord-ca --user=orderer --secret=ordererpw \ ### Deploy orderer ```bash + kubectl hlf ordnode create --image=$ORDERER_IMAGE --version=$ORDERER_VERSION \ --storage-class=$SC_NAME --enroll-id=orderer --mspid=OrdererMSP \ --enroll-pw=ordererpw --capacity=2Gi --name=ord-node1 --ca-name=ord-ca.default \ @@ -394,6 +434,12 @@ kubectl hlf ordnode create --image=$ORDERER_IMAGE --version=$ORDERER_VERSION \ --hosts=orderer2-ord.localho.st --admin-hosts=admin-orderer2-ord.localho.st --istio-port=443 +kubectl hlf ordnode create --image=$ORDERER_IMAGE --version=$ORDERER_VERSION \ + --storage-class=$SC_NAME --enroll-id=orderer --mspid=OrdererMSP \ + --enroll-pw=ordererpw --capacity=2Gi --name=ord-node4 --ca-name=ord-ca.default \ + --hosts=orderer3-ord.localho.st --admin-hosts=admin-orderer3-ord.localho.st --istio-port=443 + + kubectl wait --timeout=180s --for=condition=Running fabricorderernodes.hlf.kungfusoftware.es --all ``` @@ -406,6 +452,9 @@ kubectl get pods ```bash openssl s_client -connect orderer0-ord.localho.st:443 +openssl s_client -connect orderer1-ord.localho.st:443 +openssl s_client -connect orderer2-ord.localho.st:443 +openssl s_client -connect orderer3-ord.localho.st:443 ``` @@ -466,15 +515,36 @@ kubectl hlf identity create --name org1-admin --namespace default \ ``` -### Create the secret + +### Register and enrolling Org2MSP identity ```bash +# register +kubectl hlf ca register --name=org2-ca --namespace=default --user=admin --secret=adminpw \ + --type=admin --enroll-id enroll --enroll-secret=enrollpw --mspid=Org2MSP + +# enroll +kubectl hlf ca enroll --name=org2-ca --namespace=default \ + --user=admin --secret=adminpw --mspid Org2MSP \ + --ca-name ca --output org2msp.yaml + +# enroll +kubectl hlf identity create --name org2-admin --namespace default \ + --ca-name org2-ca --ca-namespace default \ + --ca ca --mspid Org2MSP --enroll-id admin --enroll-secret adminpw + + +``` +### Create the secret + +```bash kubectl create secret generic wallet --namespace=default \ --from-file=org1msp.yaml=$PWD/org1msp.yaml \ --from-file=org2msp.yaml=$PWD/org2msp.yaml \ --from-file=orderermsp.yaml=$PWD/orderermsp.yaml \ --from-file=orderermspsign.yaml=$PWD/orderermspsign.yaml + ``` ### Create main channel @@ -491,6 +561,7 @@ export ORDERER_TLS_CERT=$(kubectl get fabriccas ord-ca -o=jsonpath='{.status.tls export ORDERER0_TLS_CERT=$(kubectl get fabricorderernodes ord-node1 -o=jsonpath='{.status.tlsCert}' | sed -e "s/^/${IDENT_8}/" ) export ORDERER1_TLS_CERT=$(kubectl get fabricorderernodes ord-node2 -o=jsonpath='{.status.tlsCert}' | sed -e "s/^/${IDENT_8}/" ) export ORDERER2_TLS_CERT=$(kubectl get fabricorderernodes ord-node3 -o=jsonpath='{.status.tlsCert}' | sed -e "s/^/${IDENT_8}/" ) +export ORDERER3_TLS_CERT=$(kubectl get fabricorderernodes ord-node4 -o=jsonpath='{.status.tlsCert}' | sed -e "s/^/${IDENT_8}/" ) kubectl apply -f - < github.com/go-kit/kit v0.8.0 replace ( - github.com/hyperledger/fabric-config => github.com/kfsoftware/fabric-config v0.0.0-20240118175815-ef1a1564900a + github.com/hyperledger/fabric-config => github.com/kfsoftware/fabric-config v0.0.0-20240819184344-a0b16ca530c2 github.com/hyperledger/fabric-sdk-go => github.com/kfsoftware/fabric-sdk-go v0.0.0-20240114221414-98466038585d ) diff --git a/go.sum b/go.sum index 399849bc..4a814b07 100644 --- a/go.sum +++ b/go.sum @@ -675,6 +675,8 @@ github.com/karrick/godirwalk v1.16.1 h1:DynhcF+bztK8gooS0+NDJFrdNZjJ3gzVzC545UNA github.com/karrick/godirwalk v1.16.1/go.mod h1:j4mkqPuvaLI8mp1DroR3P6ad7cyYd4c1qeJ3RV7ULlk= github.com/kfsoftware/fabric-config v0.0.0-20240118175815-ef1a1564900a h1:4o9kHzPdSU4Jzj8GpDYxmy3xZ45GEM0DKLtP862gf2c= github.com/kfsoftware/fabric-config v0.0.0-20240118175815-ef1a1564900a/go.mod h1:1ZfjDrsuMoM4IPKezQgTByy2vXUj8bgTXaOXaGXK5O4= +github.com/kfsoftware/fabric-config v0.0.0-20240819184344-a0b16ca530c2 h1:6wb4m/bz/rjQwAwpsOlRtWxwrPwmODVQFh7W9HJiXhc= +github.com/kfsoftware/fabric-config v0.0.0-20240819184344-a0b16ca530c2/go.mod h1:1ZfjDrsuMoM4IPKezQgTByy2vXUj8bgTXaOXaGXK5O4= github.com/kfsoftware/fabric-sdk-go v0.0.0-20240114221414-98466038585d h1:HcMV8Lve3QkZUIWYHP+rVIR4xtTdDPooj7Id0IdBj0o= github.com/kfsoftware/fabric-sdk-go v0.0.0-20240114221414-98466038585d/go.mod h1:JRplpKBeAvXjsBhOCCM/KvMRUbdDyhsAh80qbXzKc10= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= diff --git a/website-docs/docs/chaincode-deployment/install-crd.md b/website-docs/docs/chaincode-deployment/install-crd.md new file mode 100644 index 00000000..edfc2720 --- /dev/null +++ b/website-docs/docs/chaincode-deployment/install-crd.md @@ -0,0 +1,148 @@ +--- +id: install-crd +title: Installing chaincodes with the FabricChaincodeInstall CRD +--- + +Certainly! I'll provide you with the complete, revised documentation page that incorporates all the information and improvements we've discussed. This will be in a format you can easily copy and paste. + +# FabricChaincodeInstall CRD Documentation + +## Overview + +The `FabricChaincodeInstall` Custom Resource Definition (CRD) is used in the bevel-operator-fabric to install chaincodes on specific peers of an organization in a Hyperledger Fabric network. This CRD allows for fine-grained control over chaincode installation, specifying which peers should have the chaincode installed and the details of the chaincode package. + +## Specification + +### API Version and Kind + +```yaml +apiVersion: hlf.kungfusoftware.es/v1alpha1 +kind: FabricChaincodeInstall +``` + +### Metadata + +The metadata section includes standard Kubernetes object metadata: + +- `name`: A unique name for the FabricChaincodeInstall resource +- `namespace`: The Kubernetes namespace where the resource is created + +### Spec + +The `spec` section defines the desired state of the FabricChaincodeInstall resource: + +#### Peers + +- `peers`: A list of peers where the chaincode should be installed + - `name`: The name of the peer + - `namespace`: The namespace where the peer is deployed + +#### External Peers + +- `externalPeers`: A list of external peers (if any) where the chaincode should be installed + +#### MSP ID + +- `mspID`: The Membership Service Provider ID of the organization + +#### HLF Identity + +- `hlfIdentity`: Specifies the identity used for chaincode installation + - `secretName`: Name of the Kubernetes secret containing the identity + - `secretNamespace`: Namespace of the secret + - `secretKey`: Key in the secret that contains the identity information + +#### Chaincode Package + +- `chaincodePackage`: Details of the chaincode to be installed + - `name`: Name of the chaincode + - `address`: Address where the chaincode is hosted + - `type`: Type of the chaincode (e.g., 'ccaas' for Chaincode as a Service) + - `dialTimeout`: Timeout for dialing the chaincode address + - `tls`: TLS configuration for the chaincode + - `required`: Boolean indicating if TLS is required + +## Example Usage + +```yaml +# FabricChaincodeInstall CRD Example with Field Descriptions + +# API version of the CRD +apiVersion: hlf.kungfusoftware.es/v1alpha1 +# Kind specifies that this is a FabricChaincodeInstall resource +kind: FabricChaincodeInstall +metadata: + # Name of this FabricChaincodeInstall resource + name: example-chaincode + # Namespace where this resource will be created + namespace: default +spec: + # List of peers where the chaincode should be installed + peers: + # Each item in the list represents a peer + - name: org1-peer0 # Name of the peer + namespace: default # Namespace where the peer is deployed + # List of external peers (if any) where the chaincode should be installed + # This is empty in this example + externalPeers: [] + # Membership Service Provider ID of the organization + mspID: Org1MSP + # Identity used for chaincode installation + hlfIdentity: + # Name of the Kubernetes secret containing the identity + secretName: org1-admin + # Namespace where the secret is located + secretNamespace: default + # Key in the secret that contains the identity information + secretKey: user.yaml + # Details of the chaincode package to be installed + chaincodePackage: + # Name of the chaincode + name: test + # Address where the chaincode is hosted + # Format: .: + address: 'example-chaincode.default:9999' + # Type of the chaincode (e.g., 'ccaas' for Chaincode as a Service) + type: 'ccaas' + # Timeout for dialing the chaincode address + dialTimeout: "10s" + # TLS configuration for the chaincode + tls: + # Boolean indicating if TLS is required + required: false +``` + +## Installation Process + +When applying this CRD, the bevel-operator-fabric will perform the following steps: + +1. Validate the CRD specification +2. Locate the specified peers within the cluster +3. Retrieve the HLF identity from the specified Kubernetes secret +4. Prepare the chaincode package based on the provided details +5. Connect to each specified peer +6. Install the chaincode package on each peer +7. Verify successful installation +8. Update the status of the FabricChaincodeInstall resource + +## Notes + +- Ensure that the specified peers are operational and accessible within the cluster +- The HLF identity used must have sufficient permissions to install chaincodes +- For external peers, additional configuration may be required to ensure connectivity +- The chaincode package must be available at the specified address before applying this CRD +- Adjust the `dialTimeout` as needed based on your network conditions +- Configure TLS settings appropriately for your environment + +## Troubleshooting + +If the chaincode installation fails, check the following: + +- Peer accessibility and health +- Correct MSP ID +- Valid HLF identity and permissions +- Chaincode package availability and correctness +- Network connectivity to the chaincode address +- TLS configuration (if applicable) + +Consult the bevel-operator-fabric logs for detailed error messages and installation status. \ No newline at end of file diff --git a/website-docs/sidebars.ts b/website-docs/sidebars.ts index a58743cd..111a2967 100644 --- a/website-docs/sidebars.ts +++ b/website-docs/sidebars.ts @@ -42,6 +42,7 @@ const sidebars: SidebarsConfig = { "chaincode-deployment/getting-started", "chaincode-deployment/external-chaincode-as-a-service", "chaincode-deployment/k8s-builder", + "chaincode-deployment/install-crd", ], "Channel management": [ "channel-management/getting-started",