Last active
February 25, 2022 05:18
-
-
Save taking/010c5e3d6422684ffb29b8324a68646b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
RED=`tput setaf 1` | |
GREEN=`tput setaf 2` | |
NC=`tput sgr0` | |
#apt install jq -y | |
get_latest_release() { | |
curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub api | |
grep '"tag_name":' | # Get tag line | |
sed -E 's/.*"([^"]+)".*/\1/' | # Pluck JSON value | |
cut -c 2- | |
} | |
read -r -p "${GREEN}Input Your Organization Name (example. org1, org2) : ${NC}" HLF_ORG | |
# _UUID="$(uuidgen)" | |
_UUID="test" | |
NAMESPACE="hlf-blockchain-${HLF_ORG}-${_UUID}" | |
ORG_NAME="hlf-${HLF_ORG}" | |
CA_RELEASE="${HLF_ORG}-${_UUID}-hlf-ca" | |
CA_PATH="/data/hlf/${NAMESPACE}/${CA_RELEASE}" | |
ORD_RELEASE="${HLF_ORG}-${_UUID}-hlf-ord" | |
PEER_RELEASE="${HLF_ORG}-${_UUID}-hlf-peer" | |
hlf_ver=$(get_latest_release hyperledger/fabric) | |
# # all | |
# _hostname="cluster-1" | |
# kubectl taint nodes --all node-role.kubernetes.io/master- | |
# kubectl get configmaps -n kube-system kubeadm-config -o yaml | sed "s/ clusterName: kubernetes/ clusterName: ${_hostname}/g" | kubectl replace -f - && | |
# kubectl config set-context kubernetes-admin@kubernetes --cluster=${_hostname} | |
# kubectl config set-context kubernetes-admin@kubernetes --user=${_hostname} | |
# kubectl config rename-context kubernetes-admin@kubernetes ${_hostname} | |
# sed -i "s/ name: kubernetes/ name: ${_hostname}/g" ~/.kube/config | |
# sed -i "s/- name: kubernetes-admin/- name: ${_hostname}/g" ~/.kube/config | |
# kubectl get nodes --show-labels | |
# kubectl create serviceaccount ${_hostname} -n kube-system | |
# kubectl create clusterrolebinding ${_hostname} \ | |
# --clusterrole=cluster-admin \ | |
# --serviceaccount=kube-system:${_hostname} | |
CLUSTER_NAME="cluster-1" | |
# APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}') | |
APISERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name==\"$CLUSTER_NAME\")].cluster.server}") | |
# TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode) | |
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='${CLUSTER_NAME}')].data.token}"|base64 --decode) | |
NAMESPACE_CHECK=$(curl -s -o /dev/null -w "%{http_code}" -X GET $APISERVER/api/v1/namespaces/${NAMESPACE} --header "Authorization: Bearer $TOKEN" --insecure) | |
if [[ $NAMESPACE_CHECK == *"404"* ]]; then | |
echo "${RED}--namespace not exist--${NC}" | |
# -f /data/hlf/${NAMESPACE}/${RELEASE} | |
else | |
echo "${RED}--namespace exist...--${NC}" | |
read -r -p "USER EXIST RESET? (name is ${NAMESPACE}) : " input | |
case $input in | |
[yY][eE][sS]|[yY]) | |
echo "Yes" | |
# helm uninstall ${CA_RELEASE} -n ${NAMESPACE} | |
kubectl delete ns ${NAMESPACE} --force | |
kubectl delete pvc --namespace ${NAMESPACE} -l "hlf-release=${CA_RELEASE}" --force | |
kubectl delete pv -l "hlf-release=${CA_RELEASE}" --force | |
kubectl delete pv -l "hlf-release=${ORD_RELEASE}" --force | |
rm -rf /data/hlf/${NAMESPACE} | |
echo "${GREEN} uninstall complete ${NC}" | |
exit 1 | |
;; | |
[nN][oO]|[nN]) | |
echo "No" | |
;; | |
*) | |
echo "Invalid input..." | |
exit 1 | |
;; | |
esac | |
fi | |
echo "${GREEN} StorageClass creating... ${NC}" | |
cat <<EOF | kubectl apply -f - | |
apiVersion: storage.k8s.io/v1 | |
kind: StorageClass | |
metadata: | |
name: local-storage | |
provisioner: kubernetes.io/no-provisioner | |
volumeBindingMode: WaitForFirstConsumer | |
reclaimPolicy: Delete | |
EOF | |
echo -e "${GREEN} StorageClass created ${NC} \n" | |
echo "${GREEN} Namespace creating... ${NC}" | |
cat <<EOF | kubectl apply -f - | |
apiVersion: v1 | |
kind: Namespace | |
metadata: | |
name: ${NAMESPACE} | |
labels: | |
hlf-release: ${CA_RELEASE} | |
EOF | |
echo -e "${GREEN} Namespace created ${NC} \n" | |
# kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml | |
echo "${GREEN} PersistentVolume creating... ${NC}" | |
cat <<EOF | kubectl apply -f - | |
apiVersion: v1 | |
kind: PersistentVolume | |
metadata: | |
name: ${CA_RELEASE} | |
namespace: ${NAMESPACE} | |
labels: | |
hlf-release: ${CA_RELEASE} | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
capacity: | |
storage: 5Gi | |
claimRef: | |
name: ${CA_RELEASE} | |
namespace: ${NAMESPACE} | |
hostPath: | |
path: /data/hlf/${NAMESPACE}/${CA_RELEASE} | |
persistentVolumeReclaimPolicy: Delete | |
storageClassName: local-storage | |
volumeMode: Filesystem | |
--- | |
kind: PersistentVolumeClaim | |
apiVersion: v1 | |
metadata: | |
name: ${CA_RELEASE} | |
namespace: ${NAMESPACE} | |
labels: | |
hlf-release: ${CA_RELEASE} | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 1Gi | |
storageClassName: local-storage | |
EOF | |
echo -e "${GREEN} PersistentVolume created ${NC} \n" | |
# first - Peer Organization 1 | |
# Hyperledger Fabric CA | |
echo "${GREEN} helm HLF-CA install ${NC}" | |
helm repo add owkin https://owkin.github.io/charts | |
helm repo update | |
helm install ${CA_RELEASE} owkin/hlf-ca --version 2.0.1 \ | |
--namespace ${NAMESPACE} \ | |
--set image.repository="hyperledger/fabric-ca" \ | |
--set image.tag="1.5.2" \ | |
--set config.hlfToolsVersion="1.5.2" \ | |
--set caName=${CA_RELEASE} \ | |
--set adminUsername=ca-admin,adminPassword=innogrid \ | |
--set persistence.enabled=true \ | |
--set persistence.existingClaim="${CA_RELEASE}" \ | |
--set persistence.storageClass="local-storage" \ | |
--set nodeSelector."node-role\\.kubernetes\\.io/master"= | |
# --set config.csr.names.c=KR \ | |
# --set config.csr.names.st=Daejeon \ | |
# --set config.csr.names.o=Etri \ | |
# --set config.csr.names.ou=Blockchain \ | |
# --set config.mountTLS=true | |
# --create-namespace | |
# kubectl label ns ${NAMESPACE} hlf-release=${CA_RELEASE} | |
CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}") | |
CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo) | |
CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo) | |
sleep 3s | |
kubectl logs -n ${NAMESPACE} ${CA_POD_NAME} | grep "Listening on" | |
echo -e "${GREEN} helm installed ${NC} \n" | |
echo -e "\n ${GREEN} Data Folder creating... ${NC}" | |
mkdir -p ${CA_PATH} | |
ls -al ${CA_PATH} | |
echo -e "${GREEN} Data Folder created ${NC} \n" | |
while true ; do | |
echo "${GREEN} HLF-CA Preparing... ${NC}" | |
CA_RUNNING_CHECK=$(curl -s -X GET $APISERVER/api/v1/namespaces/${NAMESPACE}/pods/${CA_POD_NAME} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase') | |
CA_PV_CHECK=$(curl -s -X GET $APISERVER/api/v1/persistentvolumes/${CA_RELEASE} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase') | |
CA_PVC_CHECK=$(curl -s -X GET $APISERVER/api/v1/namespaces/${NAMESPACE}/persistentvolumeclaims/${CA_RELEASE} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase') | |
echo " - CA_POD Status phase is : ${CA_RUNNING_CHECK}" | |
echo " - CA_PV Status phase is : ${CA_PV_CHECK}" | |
echo " - CA_PVC Status phase is : ${CA_PVC_CHECK}" | |
if [[ $CA_RUNNING_CHECK == *"Running"* ]]; then | |
echo -e "${GREEN} HLF-CA Installed Got it... ${NC} \n" | |
break | |
fi | |
sleep 5s | |
done | |
read -r -p "simple? : " input | |
case $input in | |
[yY][eE][sS]|[yY]) | |
echo "Yes" | |
exit 1 | |
;; | |
[nN][oO]|[nN]) | |
echo "No" | |
;; | |
*) | |
echo "Invalid input..." | |
exit 1 | |
;; | |
esac | |
SERVICE_DNS="0.0.0.0" | |
# Fabric CA | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${CA_ADMIN}:${CA_PASSWORD}@${SERVICE_DNS}:7054" | |
# Identities | |
# - Organization Admin | |
ORG_ADMIN=admin | |
ORG_PASSWORD=innogrid | |
echo -e "\n${GREEN} ${CA_RELEASE} ordererOrganization Admin Certificate Creating... ${NC}\n" | |
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${CA_ADMIN}:${CA_PASSWORD}@${SERVICE_DNS}:7054 -M /var/hyperledger/fabric-ca/msp" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${ORG_ADMIN}:${ORG_PASSWORD}@${SERVICE_DNS}:7054 -M /var/hyperledger/fabric-ca/ordererOrganizations/innogrid.tech/msp" | |
echo -e "\n${GREEN} ${CA_RELEASE} ordererOrganization Admin Certificate Created... ${NC}\n" | |
# echo "\n${GREEN} ${CA_RELEASE} CA config Exporting... ${NC}\n" | |
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client getcacert -d -u http://${CA_ADMIN}:${CA_PASSWORD}@$SERVICE_DNS:7054" | |
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "cat /var/hyperledger/ca_config/ca.yaml" > ${CA_PATH}/ca_config/ca.yaml | |
echo "${GREEN} ordererOrganization Admin exporting... ${NC}" | |
# kubectl cp ${NAMESPACE}/${CA_POD_NAME}:/var/hyperledger/fabric-ca/msp ${CA_PATH}/ordererOrganizations/innogrid.tech/msp | |
if [ -d ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp ]; then | |
ls -al ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp | |
echo -e "${GREEN} ordererOrganization Admin export ok. ${NC} \n" | |
mkdir -p ${CA_PATH}/ca-certs | |
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/signcerts/cert.pem) | |
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/keystore/*_sk) | |
CA_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/cacerts/*.pem) | |
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/cacerts/*.pem -printf "%f\n") | |
cat <<EOF > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/config.yaml | |
NodeOUs: | |
Enable: true | |
ClientOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: client | |
PeerOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: peer | |
AdminOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: admin | |
OrdererOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: orderer | |
EOF | |
CONFIG=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/config.yaml) | |
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--admin-secret \ | |
--from-literal=cacert.pem="$CA_CERT" \ | |
--from-literal=cert.pem="$ORG_CERT" \ | |
--from-literal=config.yaml="$CONFIG" \ | |
--from-literal=key.pem="$ORG_KEY" | |
# kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--admincert --from-literal=cert.pem="$ORG_CERT" | |
# kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--adminkey --from-literal=key.pem="$ORG_KEY" | |
# kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--ca-cert --from-literal=cacert.pem="$CA_CERT" | |
else | |
echo -e "${GREEN} ordererOrganization export failed. ${NC} \n" | |
fi | |
# Orderer Organisation | |
ORDERER0_NAME="orderer0" | |
ORDERER0_PASSWORD="orderer0_pw" | |
ORDERER1_NAME="orderer1" | |
ORDERER1_PASSWORD="orderer1_pw" | |
ORDERER2_NAME="orderer2" | |
ORDERER2_PASSWORD="orderer2_pw" | |
echo "${GREEN} Orderer 인증서 정보 가입... ${NC}" | |
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${ORDERER0_NAME} --id.secret ${ORDERER0_PASSWORD} --id.type orderer" | |
# kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${ORDERER0_NAME} --id.secret ${ORDERER0_PASSWORD} --id.type orderer --id.attrs 'admin=true:ecert'" | |
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${ORDERER1_NAME} --id.secret ${ORDERER1_PASSWORD} --id.type orderer" | |
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${ORDERER2_NAME} --id.secret ${ORDERER2_PASSWORD} --id.type orderer" | |
echo "\n${GREEN} ${CA_RELEASE} Orderer ord0, ord1, ord2, ord3 msp certificate MSP Certificate Creating... ${NC}\n" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${ORDERER0_NAME}:${ORDERER0_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${ORDERER1_NAME}:${ORDERER1_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${ORDERER2_NAME}:${ORDERER2_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp" | |
# echo "\n${GREEN} ${CA_RELEASE} Orderer TLS Certificate Creating... ${NC}\n" | |
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${ORDERER0_NAME}:${ORDERER0_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/orderer/orderer0/tls --csr.hosts ${ORDERER0_NAME}" | |
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${ORDERER1_NAME}:${ORDERER1_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/orderer/orderer1/tls --csr.hosts ${ORDERER1_NAME}" | |
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${ORDERER2_NAME}:${ORDERER2_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/orderer/orderer2/tls --csr.hosts ${ORDERER2_NAME}" | |
echo "${GREEN} Orderer Orderer0-3 MSP Certificate... ${NC}" | |
CA_USERNAME=${ORDERER0_NAME} | |
CA_PASSWORD=${ORDERER0_PASSWORD} | |
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/signcerts/cert.pem) | |
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/keystore/*_sk) | |
CA_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/cacerts/*.pem) | |
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/cacerts/*.pem -printf "%f\n") | |
mkdir -p ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/tls | |
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/signcerts/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/tls/server.crt | |
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/keystore/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/tls/server.key | |
cat <<EOF > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/config.yaml | |
NodeOUs: | |
Enable: true | |
ClientOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: client | |
PeerOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: peer | |
AdminOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: admin | |
OrdererOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: orderer | |
EOF | |
CONFIG=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/config.yaml) | |
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-ord0--secret \ | |
--from-literal=CA_USERNAME="$CA_USERNAME" \ | |
--from-literal=CA_PASSWORD="$CA_PASSWORD" \ | |
--from-literal=cacert.pem="$CA_CERT" \ | |
--from-literal=cert.pem="$ORG_CERT" \ | |
--from-literal=config.yaml="$CONFIG" \ | |
--from-literal=key.pem="$ORG_KEY" | |
CA_USERNAME=${ORDERER1_NAME} | |
CA_PASSWORD=${ORDERER1_PASSWORD} | |
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/signcerts/cert.pem) | |
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/keystore/*_sk) | |
CA_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/cacerts/*.pem) | |
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/cacerts/*.pem -printf "%f\n") | |
mkdir -p ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/tls | |
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/signcerts/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/tls/server.crt | |
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/keystore/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/tls/server.key | |
cat <<EOF > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/config.yaml | |
NodeOUs: | |
Enable: true | |
ClientOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: client | |
PeerOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: peer | |
AdminOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: admin | |
OrdererOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: orderer | |
EOF | |
CONFIG=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/config.yaml) | |
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-ord1--secret \ | |
--from-literal=CA_USERNAME="$CA_USERNAME" \ | |
--from-literal=CA_PASSWORD="$CA_PASSWORD" \ | |
--from-literal=cacert.pem="$CA_CERT" \ | |
--from-literal=cert.pem="$ORG_CERT" \ | |
--from-literal=config.yaml="$CONFIG" \ | |
--from-literal=key.pem="$ORG_KEY" | |
CA_USERNAME=${ORDERER2_NAME} | |
CA_PASSWORD=${ORDERER2_PASSWORD} | |
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/signcerts/cert.pem) | |
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/keystore/*_sk) | |
CA_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/cacerts/*.pem) | |
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/cacerts/*.pem -printf "%f\n") | |
mkdir -p ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/tls | |
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/signcerts/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/tls/server.crt | |
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/keystore/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/tls/server.key | |
cat <<EOF > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/config.yaml | |
NodeOUs: | |
Enable: true | |
ClientOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: client | |
PeerOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: peer | |
AdminOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: admin | |
OrdererOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: orderer | |
EOF | |
CONFIG=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/config.yaml) | |
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-ord2--secret \ | |
--from-literal=CA_USERNAME="$CA_USERNAME" \ | |
--from-literal=CA_PASSWORD="$CA_PASSWORD" \ | |
--from-literal=cacert.pem="$CA_CERT" \ | |
--from-literal=cert.pem="$ORG_CERT" \ | |
--from-literal=config.yaml="$CONFIG" \ | |
--from-literal=key.pem="$ORG_KEY" | |
#####*** | |
#********************************@@@@@ | |
# | |
# peerOrganization Certificate | |
# | |
#********************************@@@@@ | |
# 인증서 정보 가입을 위한 권한 취득 | |
echo -e "\n${GREEN} ${CA_RELEASE} peerOrganization Certificate Creating... ${NC}\n" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${CA_ADMIN}:${CA_PASSWORD}@${SERVICE_DNS}:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team1.innogrid.tech/msp" | |
echo -e "\n${GREEN} ${CA_RELEASE} peerOrganization Certificate Created... ${NC}\n" | |
echo "${GREEN} peerOrganization exporting... ${NC}" | |
if [ -d ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp ]; then | |
ls -al ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp | |
echo -e "${GREEN} peerOrganization export ok. ${NC} \n" | |
mkdir -p ${CA_PATH}/ca-certs | |
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/signcerts/cert.pem) | |
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/keystore/*_sk) | |
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/cacerts/*.pem) | |
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/cacerts/*.pem -printf "%f\n") | |
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/config.yaml | |
NodeOUs: | |
Enable: true | |
ClientOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: client | |
PeerOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: peer | |
AdminOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: admin | |
OrdererOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: orderer | |
EOF | |
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/config.yaml) | |
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--secret \ | |
--from-literal=cacert.pem="$CA_CERT" \ | |
--from-literal=cert.pem="$ORG_CERT" \ | |
--from-literal=config.yaml="$CONFIG" \ | |
--from-literal=key.pem="$ORG_KEY" | |
else | |
echo -e "${GREEN} peerOrganization export failed. ${NC} \n" | |
fi | |
# # Peer Organisation | |
PEER0_NAME="peer0-team1" | |
PEER0_PASSWORD="peer0_team1pw" | |
PEER1_NAME="peer1-team1" | |
PEER1_PASSWORD="peer1_team1pw" | |
echo "${GREEN} team1 피어 인증서 정보 가입... ${NC}" | |
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${PEER0_NAME} --id.secret ${PEER0_PASSWORD} --id.type peer --id.attrs 'hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert'" | |
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${PEER1_NAME} --id.secret ${PEER1_PASSWORD} --id.type peer" | |
echo "\n${GREEN} ${CA_RELEASE} team1 peer0, peer1 msp certificate MSP Certificate Creating... ${NC}\n" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${PEER0_NAME}:${PEER0_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${PEER1_NAME}:${PEER1_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp" | |
# echo "\n${GREEN} ${CA_RELEASE} aPeer TLS Certificate Creating... ${NC}\n" | |
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${PEER0_NAME}:${PEER0_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/apeer/peer0/tls --csr.hosts ${PEER0_NAME}" | |
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${PEER1_NAME}:${PEER1_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/apeer/peer1/tls --csr.hosts ${PEER1_NAME}" | |
echo "${GREEN} Peer 0-2 MSP Certificate... ${NC}" | |
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/signcerts/cert.pem) | |
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/keystore/*_sk) | |
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/cacerts/*.pem) | |
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/cacerts/*.pem -printf "%f\n") | |
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/config.yaml | |
NodeOUs: | |
Enable: true | |
ClientOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: client | |
PeerOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: peer | |
AdminOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: admin | |
OrdererOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: orderer | |
EOF | |
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/config.yaml) | |
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-peer0--secret \ | |
--from-literal=cacert.pem="$CA_CERT" \ | |
--from-literal=cert.pem="$ORG_CERT" \ | |
--from-literal=config.yaml="$CONFIG" \ | |
--from-literal=key.pem="$ORG_KEY" | |
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/signcerts/cert.pem) | |
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/keystore/*_sk) | |
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/cacerts/*.pem) | |
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/cacerts/*.pem -printf "%f\n") | |
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/config.yaml | |
NodeOUs: | |
Enable: true | |
ClientOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: client | |
PeerOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: peer | |
AdminOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: admin | |
OrdererOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: orderer | |
EOF | |
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/config.yaml) | |
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-peer1--secret \ | |
--from-literal=cacert.pem="$CA_CERT" \ | |
--from-literal=cert.pem="$ORG_CERT" \ | |
--from-literal=config.yaml="$CONFIG" \ | |
--from-literal=key.pem="$ORG_KEY" | |
## | |
echo "${GREEN} Fabric-ca-client identity list ${NC}" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c 'fabric-ca-client identity list' | |
# 인증서 정보 가입을 위한 권한 취득 | |
echo -e "\n${GREEN} ${CA_RELEASE} peerOrganization Certificate Creating... ${NC}\n" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${CA_ADMIN}:${CA_PASSWORD}@${SERVICE_DNS}:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team2.innogrid.tech/msp" | |
echo -e "\n${GREEN} ${CA_RELEASE} peerOrganization Certificate Created... ${NC}\n" | |
echo "${GREEN} peerOrganization exporting... ${NC}" | |
if [ -d ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp ]; then | |
ls -al ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp | |
echo -e "${GREEN} peerOrganization export ok. ${NC} \n" | |
mkdir -p ${CA_PATH}/ca-certs | |
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/signcerts/cert.pem) | |
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/keystore/*_sk) | |
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/cacerts/*.pem) | |
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/cacerts/*.pem -printf "%f\n") | |
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/config.yaml | |
NodeOUs: | |
Enable: true | |
ClientOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: client | |
PeerOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: peer | |
AdminOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: admin | |
OrdererOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: orderer | |
EOF | |
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/config.yaml) | |
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--secret \ | |
--from-literal=cacert.pem="$CA_CERT" \ | |
--from-literal=cert.pem="$ORG_CERT" \ | |
--from-literal=config.yaml="$CONFIG" \ | |
--from-literal=key.pem="$ORG_KEY" | |
else | |
echo -e "${GREEN} peerOrganization export failed. ${NC} \n" | |
fi | |
# # Peer Organisation | |
PEER0_NAME="peer0-team2" | |
PEER0_PASSWORD="peer0_team1pw" | |
PEER1_NAME="peer1-team2" | |
PEER1_PASSWORD="peer1_team1pw" | |
echo "${GREEN} team1 피어 인증서 정보 가입... ${NC}" | |
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${PEER0_NAME} --id.secret ${PEER0_PASSWORD} --id.type peer --id.attrs 'hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert'" | |
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${PEER1_NAME} --id.secret ${PEER1_PASSWORD} --id.type peer" | |
echo "\n${GREEN} ${CA_RELEASE} team1 peer0, peer1 msp certificate MSP Certificate Creating... ${NC}\n" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${PEER0_NAME}:${PEER0_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp" | |
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${PEER1_NAME}:${PEER1_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp" | |
# echo "\n${GREEN} ${CA_RELEASE} aPeer TLS Certificate Creating... ${NC}\n" | |
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${PEER0_NAME}:${PEER0_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/apeer/peer0/tls --csr.hosts ${PEER0_NAME}" | |
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${PEER1_NAME}:${PEER1_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/apeer/peer1/tls --csr.hosts ${PEER1_NAME}" | |
echo "${GREEN} Peer 0-2 MSP Certificate... ${NC}" | |
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/signcerts/cert.pem) | |
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/keystore/*_sk) | |
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/cacerts/*.pem) | |
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/cacerts/*.pem -printf "%f\n") | |
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/config.yaml | |
NodeOUs: | |
Enable: true | |
ClientOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: client | |
PeerOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: peer | |
AdminOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: admin | |
OrdererOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: orderer | |
EOF | |
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/config.yaml) | |
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-peer0--secret \ | |
--from-literal=cacert.pem="$CA_CERT" \ | |
--from-literal=cert.pem="$ORG_CERT" \ | |
--from-literal=config.yaml="$CONFIG" \ | |
--from-literal=key.pem="$ORG_KEY" | |
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/signcerts/cert.pem) | |
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/keystore/*_sk) | |
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/cacerts/*.pem) | |
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/cacerts/*.pem -printf "%f\n") | |
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/config.yaml | |
NodeOUs: | |
Enable: true | |
ClientOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: client | |
PeerOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: peer | |
AdminOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: admin | |
OrdererOUIdentifier: | |
Certificate: cacerts/${CA_CERT_NAME} | |
OrganizationalUnitIdentifier: orderer | |
EOF | |
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/config.yaml) | |
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-peer1--secret \ | |
--from-literal=cacert.pem="$CA_CERT" \ | |
--from-literal=cert.pem="$ORG_CERT" \ | |
--from-literal=config.yaml="$CONFIG" \ | |
--from-literal=key.pem="$ORG_KEY" | |
######################################## | |
######################################## | |
######################################## | |
######################################## | |
echo "${RED}--Hyperledger Fabric Binary Check...--${NC}" | |
if [ -f /usr/local/bin/cryptogen ]; then | |
echo "${RED}--HLF exist.. PASS--${NC}" | |
echo "${GREEN}--cryptogen , configtxgen --${NC}" | |
else | |
echo "${RED}--Hyperledger Fabric Binary downloading...--${NC}" | |
cd ~/ | |
wget https://github.com/hyperledger/fabric/releases/download/v${hlf_ver}/hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz | |
mkdir ./hyperledger-fabric-${hlf_ver} | |
tar -xvzf hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz -C ./hyperledger-fabric-${hlf_ver} | |
cp -r ./hyperledger-fabric-${hlf_ver}/bin/configtxgen /usr/local/bin/ | |
cp -r ./hyperledger-fabric-${hlf_ver}/bin/cryptogen /usr/local/bin/ | |
rm -rf hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz | |
cryptogen version | |
fi | |
echo "${RED}--HLF end--${NC}" | |
echo "${RED}--HLF configtx.yaml generating...--${NC}" | |
#read -r -p "${GREEN}Input Your Organization MSP ID (example. ordererMSP) : ${NC}" HLF_ORD_MSP | |
mkdir ${CA_PATH}/hlf-config | |
cat <<EOF > ${CA_PATH}/hlf-config/configtx.yaml | |
Organizations: # 조직 설정 | |
- &strategy | |
Name: strategyMSP # 조직 이름(오더러) | |
ID: ${HLF_ORD_MSP:-strategyMSP} # 조직 MSP ID | |
# 발급받은 조직 msp 경로 | |
MSPDir: ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp | |
Policies: &OrgPolicies | |
Readers: | |
Type: Signature | |
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')" | |
Writers: | |
Type: Signature | |
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')" | |
Admins: | |
Type: Signature | |
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.admin')" | |
Endorsement: | |
Type: Signature | |
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')" | |
- &strategy1team | |
Name: strategy1teamMSP # 조직 이름(피어) | |
ID: ${HLF_PEER_MSP:-strategy1teamMSP} # 조직 MSP ID | |
# 발급받은 조직 msp 경로 | |
MSPDir: ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp | |
Policies: | |
Readers: | |
Type: Signature | |
Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin', '${HLF_PEER_MSP:-strategy1teamMSP}.peer', '${HLF_PEER_MSP:-strategy1teamMSP}.client')" | |
Writers: | |
Type: Signature | |
Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin', '${HLF_PEER_MSP:-strategy1teamMSP}.client')" | |
Admins: | |
Type: Signature | |
Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin')" | |
# Endorsement: | |
# Type: Signature | |
# Rule: "OR('${HLF_PEER_MSP:-strategyMSP}.member')" | |
AnchorPeers: # 앵커피어 설정 (보통 0번피어를 앵커피어로 지정한다) | |
- Host: peer0-team1${INGRESS_ADDR:-} | |
Port: 7051 | |
- &strategy2team | |
Name: strategy2teamMSP # 조직 이름(피어) | |
ID: ${HLF_PEER_MSP:-strategy2teamMSP} # 조직 MSP ID | |
# 발급받은 조직 msp 경로 | |
MSPDir: ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp | |
Policies: | |
Readers: | |
Type: Signature | |
Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin', '${HLF_PEER_MSP:-strategy2teamMSP}.peer', '${HLF_PEER_MSP:-strategy2teamMSP}.client')" | |
Writers: | |
Type: Signature | |
Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin', '${HLF_PEER_MSP:-strategy2teamMSP}.client')" | |
Admins: | |
Type: Signature | |
Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin')" | |
# Endorsement: | |
# Type: Signature | |
# Rule: "OR('${HLF_PEER_MSP:-strategyMSP}.member')" | |
AnchorPeers: # 앵커피어 설정 (보통 0번피어를 앵커피어로 지정한다) | |
- Host: peer0-team1${INGRESS_ADDR:-} | |
Port: 7051 | |
Capabilities: | |
Channel: &ChannelCapabilities | |
V2_0: true | |
Orderer: &OrdererCapabilities | |
V2_0: true | |
Application: &ApplicationCapabilities | |
V2_0: true | |
Application: &ApplicationDefaults | |
# ACLs: | |
# _lifecycle/CheckCommitReadiness: /Channel/Application/Writers | |
# _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers | |
# _lifecycle/QueryChaincodeDefinition: /Channel/Application/Readers | |
# _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Readers | |
# lscc/ChaincodeExists: /Channel/Application/Readers | |
# lscc/GetDeploymentSpec: /Channel/Application/Readers | |
# lscc/GetChaincodeData: /Channel/Application/Readers | |
# lscc/GetInstantiatedChaincodes: /Channel/Application/Readers | |
# qscc/GetChainInfo: /Channel/Application/Readers | |
# qscc/GetBlockByNumber: /Channel/Application/Readers | |
# qscc/GetBlockByHash: /Channel/Application/Readers | |
# qscc/GetTransactionByID: /Channel/Application/Readers | |
# qscc/GetBlockByTxID: /Channel/Application/Readers | |
# cscc/GetConfigBlock: /Channel/Application/Readers | |
# cscc/GetConfigTree: /Channel/Application/Readers | |
# cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers | |
# peer/Propose: /Channel/Application/Writers | |
# peer/ChaincodeToChaincode: /Channel/Application/Readers | |
# event/Block: /Channel/Application/Readers | |
# event/FilteredBlock: /Channel/Application/Readers | |
Organizations: | |
Policies: &ApplicationDefaultPolicies # Application 정책 설정 | |
LifecycleEndorsement: | |
Type: ImplicitMeta | |
Rule: "ANY Endorsement" | |
Endorsement: | |
Type: ImplicitMeta | |
Rule: "ANY Endorsement" | |
Readers: | |
Type: ImplicitMeta | |
Rule: "ANY Readers" | |
Writers: | |
Type: ImplicitMeta | |
Rule: "ANY Writers" | |
Admins: | |
Type: ImplicitMeta | |
Rule: "MAJORITY Admins" | |
# Admins: | |
# Type: Signature | |
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Application 관련 정책은 apeer조직의 어드인 서명이 필요함 | |
# LifecycleEndorsement: | |
# Type: Signature | |
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.peer')" | |
# Endorsement: | |
# Type: Signature | |
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.peer')" | |
Capabilities: | |
<<: *ApplicationCapabilities | |
Orderer: &OrdererDefaults | |
OrdererType: etcdraft # 오더링 방식(sole, kafka, etcdraft) | |
Addresses: | |
- orderer0:7050 | |
# - orderer1:7050 | |
# - orderer2:7050 | |
BatchTimeout: 2s # 배치 타임아웃 설정 | |
BatchSize: | |
MaxMessageCount: 500 # 블록당 최대 트렌젝션 개수 | |
AbsoluteMaxBytes: 10 MB | |
PreferredMaxBytes: 2 MB # 블록 최대 크기 | |
EtcdRaft: &EtcdRaftDefaults | |
Consenters: | |
- Host: orderer0 # 오더러 정보 호스트(ip) | |
Port: 7050 # 오더러 포트 | |
ClientTLSCert: ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/orderer0/tls/server.crt | |
ServerTLSCert: ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/orderer0/tls/server.key | |
Options: | |
TickInterval: 500ms | |
ElectionTick: 10 | |
MaxInflightBlocks: 5 | |
SnapshotIntervalSize: 20 MB | |
Organizations: | |
# - *OrdererOrg | |
Policies: | |
Readers: | |
Type: ImplicitMeta # 정책 타입 (Signature(서명), ImplicitMeta) | |
Rule: "ANY Readers" | |
Writers: | |
Type: ImplicitMeta | |
Rule: "ANY Writers" | |
Admins: | |
Type: ImplicitMeta | |
Rule: "MAJORITY Admins" | |
# Admins: | |
# Type: Signature | |
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Orderer 관련 정책은 apeer조직의 어드인 서명이 필요함 | |
BlockValidation: | |
Type: ImplicitMeta | |
Rule: "ANY Writers" | |
Capabilities: | |
<<: *ChannelCapabilities | |
Channel: &ChannelDefaults | |
Policies: # Channel 정책 설정 | |
Readers: # 읽기 정책 | |
Type: ImplicitMeta | |
Rule: "ANY Readers" | |
Writers: # 쓰기 정책 | |
Type: ImplicitMeta | |
Rule: "ANY Writers" | |
# Admins: # 어드민 정책 | |
# Type: Signature | |
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Channel 관련 정책은 apeer조직의 어드인 서명이 필요함 | |
Admins: | |
Type: ImplicitMeta | |
Rule: "MAJORITY Admins" | |
Capabilities: | |
<<: *ChannelCapabilities | |
# 실질적인 트렌젝션, Genesis 블록은 아래 설정을 참조하여 생성된다. | |
# configtx.yaml 파일 윗부분에 작성한 것들을 참조하여 최종 프로파일을 만든다. | |
Profiles: | |
OrdererGenesis: | |
<<: *ChannelDefaults | |
Orderer: | |
<<: *OrdererDefaults | |
Organizations: | |
- *strategy | |
Consortiums: | |
HlfConsortium: | |
Organizations: | |
- *strategy1team | |
- *strategy2team | |
# Channel | |
common: | |
Consortium: HlfConsortium | |
<<: *ChannelDefaults | |
Application: | |
<<: *ApplicationDefaults | |
Organizations: | |
- *strategy1team | |
- *strategy2team | |
private-team1-team2: | |
Consortium: HlfConsortium | |
<<: *ChannelDefaults | |
Application: | |
<<: *ApplicationDefaults | |
Organizations: | |
- *strategy1team | |
- *strategy2team | |
EOF | |
echo "${RED}--HLF configtx.yaml generated..--${NC}" | |
echo "${RED}--HLF configtxgen generating..--${NC}" | |
mkdir ${CA_PATH}/hlf-config/channel-artifacts | |
echo "${RED}--(1/3) HLF configtxgen Create Channel Tx generating..--${NC}" | |
# 채널 생성 트렌젝션 생성 (채널명은 testchannel로 한다) | |
configtxgen -configPath ${CA_PATH}/hlf-config/ -profile common -outputCreateChannelTx ${CA_PATH}/hlf-config/channel-artifacts/channel.tx -channelID channel | |
echo "${RED}--(2/3) HLF configtxgen Create AnchorPeers Tx generating..--${NC}" | |
# 앵커피어 설정 트렌젝션 생성 | |
configtxgen -configPath ${CA_PATH}/hlf-config/ -profile common -outputAnchorPeersUpdate ${CA_PATH}/hlf-config/channel-artifacts/strategy1teamMSPanchors.tx -channelID channel -asOrg strategy1team | |
configtxgen -configPath ${CA_PATH}/hlf-config/ -profile common -outputAnchorPeersUpdate ${CA_PATH}/hlf-config/channel-artifacts/strategy2teamMSPanchors.tx -channelID channel -asOrg strategy2team | |
echo "${RED}--(3/3) HLF configtxgen Create Genesis Block generating..--${NC}" | |
# Genesis block 생성 | |
configtxgen -configPath ${CA_PATH}/hlf-config/ -profile OrdererGenesis -outputBlock ${CA_PATH}/hlf-config/channel-artifacts/genesis.block -channelID ordererchannel | |
echo "${RED}--HLF configtxgen generated..--${NC}" | |
ls -al ${CA_PATH}/hlf-config/channel-artifacts/ | |
echo "${RED}--HLF Genesis block and Channel Secret Creating...--${NC}" | |
kubectl create secret generic -n ${NAMESPACE} hlf--genesis --from-file=${CA_PATH}/hlf-config/channel-artifacts/genesis.block | |
kubectl create secret generic -n ${NAMESPACE} hlf--channel --from-file=${CA_PATH}/hlf-config/channel-artifacts/channel.tx | |
echo "${RED}--HLF Genesis block and Channel Secret Created...--${NC}" | |
######################################## | |
######################################## | |
######################################## | |
######################################## | |
######################################## | |
# # second - Hyperledger Fabric Peer | |
# echo "${GREEN} helm HLF-PEER install ${NC}" | |
# MSP_ID="${HLF_ORG}-MSP" | |
# helm install ${CA_RELEASE} owkin/hlf-peer \ | |
# --create-namespace \ | |
# --namespace ${NAMESPACE} \ | |
# --peer.mspID=${MSP_ID} \ | |
# --set persistence.storageClass="local-storage" \ | |
# --set peer.databaseType="CouchDB" \ | |
# --set peer.couchdbSecret="cdb1-hlf-couchdb" | |
# CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}") | |
# CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo) | |
# CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo) | |
# echo -e "${GREEN} helm installed ${NC} \n" | |
# echo -e "\n ${GREEN} Data Folder creating... ${NC}" | |
# mkdir -p ${CA_PATH} | |
# ls -al ${CA_PATH} | |
# echo -e "${GREEN} Data Folder created ${NC} \n" | |
# echo "${GREEN} PersistentVolume creating... ${NC}" | |
# cat <<EOF | kubectl apply -f - | |
# apiVersion: v1 | |
# kind: PersistentVolume | |
# metadata: | |
# name: ${CA_RELEASE} | |
# namespace: ${NAMESPACE} | |
# spec: | |
# accessModes: | |
# - ReadWriteOnce | |
# capacity: | |
# storage: 5Gi | |
# claimRef: | |
# name: ${CA_RELEASE} | |
# namespace: ${NAMESPACE} | |
# hostPath: | |
# path: /data/hlf/${NAMESPACE}/${CA_RELEASE} | |
# persistentVolumeReclaimPolicy: Delete | |
# storageClassName: local-storage | |
# volumeMode: Filesystem | |
# EOF | |
# echo -e "${GREEN} PersistentVolume created ${NC} \n" | |
######################################## | |
# third - Hyperledger Fabric Orderer | |
echo "${GREEN} helm HLF-Orderer install ${NC}" | |
MSP_ID="${HLF_ORG:-ordererMSP}" | |
# read -r -p "how many Orderers are there in total ? : " ORD_CNT | |
for i in $(seq 0 2); | |
do | |
echo "${GREEN} (${i}/2) orderer${i} ${NC}" | |
mkdir -p /data/hlf/${NAMESPACE}/${ORD_RELEASE}${i} | |
echo "${GREEN} PersistentVolume creating... ${NC}" | |
cat <<EOF | kubectl apply -f - | |
apiVersion: v1 | |
kind: PersistentVolume | |
metadata: | |
name: ${ORD_RELEASE}${i} | |
namespace: ${NAMESPACE} | |
labels: | |
hlf-release: ${ORD_RELEASE} | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
capacity: | |
storage: 5Gi | |
claimRef: | |
name: ${ORD_RELEASE}${i} | |
namespace: ${NAMESPACE} | |
hostPath: | |
path: /data/hlf/${NAMESPACE}/${ORD_RELEASE}${i} | |
persistentVolumeReclaimPolicy: Delete | |
storageClassName: local-storage | |
volumeMode: Filesystem | |
--- | |
kind: PersistentVolumeClaim | |
apiVersion: v1 | |
metadata: | |
name: ${ORD_RELEASE}${i} | |
namespace: ${NAMESPACE} | |
labels: | |
hlf-release: ${ORD_RELEASE} | |
spec: | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 1Gi | |
storageClassName: local-storage | |
EOF | |
echo -e "${GREEN} PersistentVolume created ${NC} \n" | |
# --set ord.mspID=${MSP_ID:-ordererMSP} \ | |
echo -e "${GREEN} Helm Installing... ${NC} \n" | |
helm install ${ORD_RELEASE}${i} owkin/hlf-ord \ | |
--namespace ${NAMESPACE} \ | |
--set image.repository="hyperledger/fabric-orderer" \ | |
--set image.tag="2.4" \ | |
--set ord.type="etcdraft" \ | |
--set ord.mspID=${MSP_ID:-strategyMSP} \ | |
--set persistence.enabled=true \ | |
--set persistence.existingClaim="${ORD_RELEASE}${i}" \ | |
--set persistence.storageClass="local-storage" \ | |
--set nodeSelector."node-role\\.kubernetes\\.io/master"= \ | |
--set secrets.ord.cert=${CA_RELEASE}-ord${i}--secret \ | |
--set secrets.ord.key=${CA_RELEASE}-ord${i}--secret \ | |
--set secrets.ord.cred=${CA_RELEASE}-ord${i}--secret \ | |
--set secrets.ord.caCert=${CA_RELEASE}-ord${i}--secret \ | |
--set secrets.adminCert=${CA_RELEASE}-ord0--secret \ | |
--set secrets.genesis=hlf--genesis | |
# --set secrets.ord.tls=${CA_RELEASE}-ord${i}--secret \ | |
# --set secrets.ord.tlsClient=${CA_RELEASE}-ord${i}--secret | |
# --set ord.tls.server.enabled=true \ | |
# --set ord.tls.client.enabled=true \ | |
echo -e "${GREEN} helm installed ${NC} \n" | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Author by Taking | |
# Kubernetes Install + Reset | |
# Flannel CNI | |
# Cluster Name Change (Host명 기준) | |
# MetalLB Install | |
RED=`tput setaf 1` | |
GREEN=`tput setaf 2` | |
NC=`tput sgr0` | |
# Check permission | |
if ! [ $(id -u) = 0 ] | |
then echo "${RED}Please run as root ${NC}" | |
exit | |
fi | |
############ k8s check ############### | |
if [ -f ~/.kube/config ]; then | |
echo "${RED}--Kubernetes reset check--${NC}" | |
echo "kubernetes reset?" | |
read -r -p "Are You Sure? [Y/n] " input | |
case $input in | |
[yY][eE][sS]|[yY]) | |
echo "Yes" | |
kubeadm reset -f && | |
rm -rf /etc/cni /etc/kubernetes /var/lib/dockershim /var/lib/etcd /var/lib/kubelet /var/run/kubernetes ~/.kube/ /run/flannel | |
ip link del cni0 | |
ip link del flannel.1 | |
exit 1 | |
;; | |
[nN][oO]|[nN]) | |
echo "No" | |
;; | |
*) | |
echo "Invalid input..." | |
exit 1 | |
;; | |
esac | |
fi | |
############ hostname change ############### | |
# Hostname 으로, 모든 것이 설정됩니다. | |
echo "${RED}--HOSTNAME CHANGE (IMPORTANT)--${NC}" | |
read -p "hostname Change is (ex k8s-worker) : " uhost | |
hostnamectl set-hostname $uhost | |
echo '[Hostname] Change Success' | |
echo "${RED}--HOSTNAME CHANGE END--${NC}" | |
echo "${RED}--DOCKER INSTALL CHECK--${NC}" | |
if [ -x "$(command -v docker)" ]; then | |
echo "${RED}--DOCKER INSTALLED...PASS--${NC}" | |
else | |
echo "${RED}--DOCKER INSTALLING...--${NC}" | |
apt-get update -y | |
apt-get install vim apt-transport-https gnupg2 curl -y | |
apt-get install docker.io -y | |
cat <<EOF > /etc/docker/daemon.json | |
{ | |
"exec-opts": ["native.cgroupdriver=systemd"], | |
"log-driver": "json-file", | |
"log-opts": { | |
"max-size": "100m" | |
}, | |
"storage-driver": "overlay2" | |
} | |
EOF | |
mkdir -p /etc/systemd/system/docker.service.d | |
systemctl daemon-reload | |
systemctl enable --now docker | |
echo "${RED}--DOCKER INSTALL SUCCESS...--${NC}" | |
fi | |
echo "${RED}--Kubernetes INSTALL CHECK--${NC}" | |
if [ -f /usr/bin/kubectx -a -f /usr/bin/kubeadm -a -f /usr/bin/kubelet ]; then | |
echo "${RED}--Kubernetes INSTALLED...PASS--${NC}" | |
else | |
echo "${RED}--Kubernetes INSTALLING...--${NC}" | |
apt-get update -y | |
apt-get install vim apt-transport-https gnupg2 curl -y | |
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add - | |
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list | |
curl https://helm.baltorepo.com/organization/signing.asc | sudo apt-key add - | |
echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list | |
apt-get update -y | |
apt-get install kubeadm=1.22.2-00 kubelet=1.22.2-00 kubectl=1.22.2-00 helm -y | |
#apt-get install kubelet kubeadm kubectl helm -y | |
#apt-mark hold kubelet kubeadm kubectl | |
echo "${RED}--Kubernetes INSTALL SUCCESS...--${NC}" | |
fi | |
echo "${RED}--System initialize Check...--${NC}" | |
if [ -f /etc/sysctl.d/k8s.conf ]; then | |
echo "${RED}--System initialized...PASS--${NC}" | |
else | |
echo "${RED}--Kubernetes initializing...--${NC}" | |
swapoff -a && sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab | |
echo 1 > /proc/sys/net/ipv4/ip_forward | |
modprobe br_netfilter | |
cat <<EOF > /etc/sysctl.d/k8s.conf | |
net.bridge.bridge-nf-call-iptables = 1 | |
net.bridge.bridge-nf-call-ip6tables = 1 | |
EOF | |
sysctl --system | |
systemctl daemon-reload | |
systemctl restart kubelet | |
systemctl enable kubelet | |
fi | |
echo "${RED}--Kubectx, Kubens Install Check...--${NC}" | |
if [ -f /usr/bin/kubectx ]; then | |
echo "${RED}--kubectx exist...PASS--${NC}" | |
else | |
echo "${RED}--Kubernetetes : kubectx + kubens downloading...--${NC}" | |
git clone https://github.com/ahmetb/kubectx | |
cp -r kubectx/kube* /usr/bin/ | |
rm -rf ./kubectx | |
kubectx | |
kubens | |
fi | |
if [ -f ~/.kube/config ]; then | |
echo "${RED}--Kubernetes initialized...PASS--${NC}" | |
else | |
echo "${RED}--Kubernetes initializing...--${NC}" | |
internal_ip="$(hostname -I | awk {'print $1'})" | |
instance_public_ip="$(curl ifconfig.me --silent)" | |
echo '#### K8s Init ? ####' | |
echo '[Kubernetes Init Select]' | |
echo 'Network Add-on is [Flannel]' | |
echo 'Flannel Applying...' | |
pod_network_cidr="10.244.0.0/16" | |
kubeadm init --pod-network-cidr=${pod_network_cidr} --apiserver-cert-extra-sans "${internal_ip}" | |
mkdir -p $HOME/.kube && | |
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config && | |
chown $(id -u):$(id -g) $HOME/.kube/config | |
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml | |
# all | |
_hostname="$(hostname)" | |
kubectl taint nodes --all node-role.kubernetes.io/master- | |
kubectl get configmaps -n kube-system kubeadm-config -o yaml | sed "s/ clusterName: kubernetes/ clusterName: ${_hostname}/g" | kubectl replace -f - && | |
kubectl config set-context kubernetes-admin@kubernetes --cluster=${_hostname} && | |
kubectl config set-context kubernetes-admin@kubernetes --user=${_hostname} && | |
kubectl config rename-context kubernetes-admin@kubernetes ${_hostname} && | |
sed -i "s/ name: kubernetes/ name: ${_hostname}/g" ~/.kube/config && | |
sed -i "s/- name: kubernetes-admin/- name: ${_hostname}/g" ~/.kube/config && | |
kubectl get nodes | |
kubectl -n kube-system create serviceaccount ${_hostname} && | |
kubectl create clusterrolebinding ${_hostname} \ | |
--clusterrole=cluster-admin \ | |
--serviceaccount=kube-system:${_hostname} | |
echo "metallb install?" | |
read -r -p "Are You Sure? [Y/n] " input2 | |
case $input2 in | |
[yY][eE][sS]|[yY]) | |
echo "Yes" | |
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/namespace.yaml | |
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/metallb.yaml | |
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey='$(openssl rand -base64 128)' | |
cat <<EOF | kubectl apply -f - | |
apiVersion: v1 | |
kind: ConfigMap | |
metadata: | |
namespace: metallb-system | |
name: config | |
data: | |
config: | | |
address-pools: | |
- name: default | |
protocol: layer2 | |
addresses: | |
- ${instance_public_ip}/32 | |
EOF | |
;; | |
[nN][oO]|[nN]) | |
echo "No" | |
;; | |
*) | |
echo "Invalid input..." | |
exit 1 | |
;; | |
esac | |
echo "octant install?" | |
read -r -p "Are You Sure? [Y/n] " input | |
case $input in | |
[yY][eE][sS]|[yY]) | |
echo "Yes" | |
if [ -d ~/octant/ ]; then | |
echo "${RED}--Octant exist...PASS--${NC}" | |
killall -9 octant | |
nohup ~/octant/octant --disable-open-browser --listener-addr 0.0.0.0:8900 & | |
echo "${GREEN}octant ip is 'http://$(curl ifconfig.me --silent):8900'${NC}" | |
else | |
echo "${RED}--Octant downloading...--${NC}" | |
wget https://github.com/vmware-tanzu/octant/releases/download/v0.24.0/octant_0.24.0_Linux-64bit.tar.gz | |
tar xvzf octant_0.24.0_Linux-64bit.tar.gz | |
mv ./octant_0.24.0_Linux-64bit ~/octant | |
nohup ~/octant/octant --disable-open-browser --listener-addr 0.0.0.0:8900 & | |
echo "${GREEN}octant ip is 'http://$(curl ifconfig.me --silent):8900'${NC}" | |
fi | |
;; | |
[nN][oO]|[nN]) | |
echo "No" | |
;; | |
*) | |
echo "Invalid input..." | |
exit 1 | |
;; | |
esac | |
fi | |
echo "${RED}--Script END--${NC}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
read -r -p "${GREEN}Input Your Organization Name (example. org1, org2) : ${NC}" HLF_ORG2 | |
export HLF_ORG="${HLF_ORG2}" | |
export _UUID="test" | |
export NAMESPACE="hlf-blockchain-${HLF_ORG}-${_UUID}" | |
export ORG_NAME="hlf-${HLF_ORG}" | |
export CA_RELEASE="${HLF_ORG}-${_UUID}-hlf-ca" | |
export CA_PATH="/data/hlf/${NAMESPACE}/${CA_RELEASE}" | |
export ORD_RELEASE="${HLF_ORG}-${_UUID}-hlf-ord" | |
export PEER_RELEASE="${HLF_ORG}-${_UUID}-hlf-peer" | |
export CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}") | |
echo "CA_POD_NAME is ${CA_POD_NAME}" | |
export CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo) | |
echo "CA_ADMIN is ${CA_ADMIN}" | |
export CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo) | |
echo "CA_PASSWORD is ${CA_PASSWORD}" | |
echo "env ok." |
다른 버전
#!/bin/bash
RED=`tput setaf 1`
GREEN=`tput setaf 2`
NC=`tput sgr0`
#apt install jq -y
get_latest_release() {
curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub api
grep '"tag_name":' | # Get tag line
sed -E 's/.*"([^"]+)".*/\1/' | # Pluck JSON value
cut -c 2-
}
read -r -p "${GREEN}Input Your Organization Name (example. org1, org2) : ${NC}" HLF_ORG
# _UUID="$(uuidgen)"
_UUID="test"
NAMESPACE="hlf-blockchain-${HLF_ORG}-${_UUID}"
ORG_NAME="hlf-${HLF_ORG}"
CA_RELEASE="${HLF_ORG}-${_UUID}-hlf-ca"
CA_PATH="/data/hlf/${NAMESPACE}"
ORD_RELEASE="${HLF_ORG}-${_UUID}-hlf-ord"
PEER_RELEASE="${HLF_ORG}-${_UUID}-hlf-peer"
hlf_ver=$(get_latest_release hyperledger/fabric)
# # all
# _hostname="cluster-1"
# kubectl taint nodes --all node-role.kubernetes.io/master-
# kubectl get configmaps -n kube-system kubeadm-config -o yaml | sed "s/ clusterName: kubernetes/ clusterName: ${_hostname}/g" | kubectl replace -f - &&
# kubectl config set-context kubernetes-admin@kubernetes --cluster=${_hostname}
# kubectl config set-context kubernetes-admin@kubernetes --user=${_hostname}
# kubectl config rename-context kubernetes-admin@kubernetes ${_hostname}
# sed -i "s/ name: kubernetes/ name: ${_hostname}/g" ~/.kube/config
# sed -i "s/- name: kubernetes-admin/- name: ${_hostname}/g" ~/.kube/config
# kubectl get nodes --show-labels
# kubectl create serviceaccount ${_hostname} -n kube-system
# kubectl create clusterrolebinding ${_hostname} \
# --clusterrole=cluster-admin \
# --serviceaccount=kube-system:${_hostname}
CLUSTER_NAME="hlf-master"
# APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
APISERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name==\"$CLUSTER_NAME\")].cluster.server}")
# TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode)
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='${CLUSTER_NAME}')].data.token}"|base64 --decode)
NAMESPACE_CHECK=$(curl -s -o /dev/null -w "%{http_code}" -X GET $APISERVER/api/v1/namespaces/${NAMESPACE} --header "Authorization: Bearer $TOKEN" --insecure)
if [[ $NAMESPACE_CHECK == *"404"* ]]; then
echo "${RED}--namespace not exist--${NC}"
# -f /data/hlf/${NAMESPACE}/${RELEASE}
else
echo "${RED}--namespace exist...--${NC}"
read -r -p "USER EXIST RESET? (name is ${NAMESPACE}) : " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
# helm uninstall ${CA_RELEASE} -n ${NAMESPACE}
kubectl delete ns ${NAMESPACE} --force
kubectl delete pvc --namespace ${NAMESPACE} -l "hlf-release=${CA_RELEASE}" --force
kubectl delete pv -l "hlf-release=${CA_RELEASE}" --force
kubectl delete pv -l "hlf-release=${ORD_RELEASE}" --force
rm -rf /data/hlf/${NAMESPACE}
echo "${GREEN} uninstall complete ${NC}"
exit 1
;;
[nN][oO]|[nN])
echo "No"
;;
*)
echo "Invalid input..."
exit 1
;;
esac
fi
#########################################################################################################
# Hyperledger Fabric Binary
echo "${RED}--Hyperledger Fabric Binary Check...--${NC}"
if [ -f /usr/local/bin/cryptogen ]; then
echo "${RED}--HLF exist.. PASS--${NC}"
echo "${GREEN}--cryptogen , configtxgen --${NC}"
else
echo "${RED}--Hyperledger Fabric Binary downloading...--${NC}"
cd ~/
wget https://github.com/hyperledger/fabric/releases/download/v${hlf_ver}/hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz
mkdir ./hyperledger-fabric-${hlf_ver}
tar -xvzf hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz -C ./hyperledger-fabric-${hlf_ver}
cp -r ./hyperledger-fabric-${hlf_ver}/bin/configtxgen /usr/local/bin/
cp -r ./hyperledger-fabric-${hlf_ver}/bin/cryptogen /usr/local/bin/
rm -rf hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz
cryptogen version
fi
echo "${RED}--HLF end--${NC}"
echo "${GREEN} Namespace creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: ${NAMESPACE}
labels:
hlf-release: ${CA_RELEASE}
EOF
echo -e "${GREEN} Namespace created ${NC} \n"
echo "${RED}--HLF configtx.yaml generating...--${NC}"
#read -r -p "${GREEN}Input Your Organization MSP ID (example. ordererMSP) : ${NC}" HLF_ORD_MSP
mkdir -p ${CA_PATH}/
# TODO: crypto-config 및 configtx 자동 생성 함수 만들기 (go)
cat <<EOF > ${CA_PATH}/crypto-config.yaml
OrdererOrgs:
- Name: Orderer
Domain: innogrid.tech
# EnableNodeOUs: true
Specs:
- Hostname: orderer0
PeerOrgs:
- Name: strategy1teamMSP
Domain: team1.innogrid.tech
# EnableNodeOUs: true
# 피어 수
Template:
Count: 3
# 사용자 수
Users:
Count: 1
- Name: strategy2teamMSP
Domain: team2.innogrid.tech
# EnableNodeOUs: true
# 피어 수
Template:
Count: 3
# 사용자 수
Users:
Count: 1
EOF
cd ${CA_PATH}/
cryptogen generate --config=${CA_PATH}/crypto-config.yaml
echo "cryptogen success"
ls -al ${CA_PATH}/crypto-config/
# sleep 1
# mv ${CA_PATH}/config/crypto-config/* ${CA_PATH}/crypto-config/
cat <<EOF > ${CA_PATH}/configtx.yaml
Organizations: # 조직 설정
- &strategy
Name: strategyMSP # 조직 이름(오더러)
ID: ${HLF_ORD_MSP:-strategyMSP} # 조직 MSP ID
# 발급받은 조직 msp 경로
MSPDir: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp
Policies: &OrgPolicies
Readers:
Type: Signature
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')"
Writers:
Type: Signature
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')"
Admins:
Type: Signature
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.admin')"
Endorsement:
Type: Signature
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')"
- &strategy1team
Name: strategy1teamMSP # 조직 이름(피어)
ID: ${HLF_PEER_MSP:-strategy1teamMSP} # 조직 MSP ID
# 발급받은 조직 msp 경로
MSPDir: ${CA_PATH}/crypto-config/peerOrganizations/team1.innogrid.tech/msp
Policies:
Readers:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin', '${HLF_PEER_MSP:-strategy1teamMSP}.peer', '${HLF_PEER_MSP:-strategy1teamMSP}.client')"
Writers:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin', '${HLF_PEER_MSP:-strategy1teamMSP}.client')"
Admins:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin')"
# Endorsement:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-strategyMSP}.member')"
AnchorPeers: # 앵커피어 설정 (보통 0번피어를 앵커피어로 지정한다)
- Host: peer0.team1.innogrid.tech
Port: 7051
- &strategy2team
Name: strategy2teamMSP # 조직 이름(피어)
ID: ${HLF_PEER_MSP:-strategy2teamMSP} # 조직 MSP ID
# 발급받은 조직 msp 경로
MSPDir: ${CA_PATH}/crypto-config/peerOrganizations/team2.innogrid.tech/msp
Policies:
Readers:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin', '${HLF_PEER_MSP:-strategy2teamMSP}.peer', '${HLF_PEER_MSP:-strategy2teamMSP}.client')"
Writers:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin', '${HLF_PEER_MSP:-strategy2teamMSP}.client')"
Admins:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin')"
# Endorsement:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-strategyMSP}.member')"
AnchorPeers: # 앵커피어 설정 (보통 0번피어를 앵커피어로 지정한다)
- Host: peer0.team2.innogrid.tech
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
# ACLs:
# _lifecycle/CheckCommitReadiness: /Channel/Application/Writers
# _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
# _lifecycle/QueryChaincodeDefinition: /Channel/Application/Readers
# _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Readers
# lscc/ChaincodeExists: /Channel/Application/Readers
# lscc/GetDeploymentSpec: /Channel/Application/Readers
# lscc/GetChaincodeData: /Channel/Application/Readers
# lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
# qscc/GetChainInfo: /Channel/Application/Readers
# qscc/GetBlockByNumber: /Channel/Application/Readers
# qscc/GetBlockByHash: /Channel/Application/Readers
# qscc/GetTransactionByID: /Channel/Application/Readers
# qscc/GetBlockByTxID: /Channel/Application/Readers
# cscc/GetConfigBlock: /Channel/Application/Readers
# cscc/GetConfigTree: /Channel/Application/Readers
# cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
# peer/Propose: /Channel/Application/Writers
# peer/ChaincodeToChaincode: /Channel/Application/Readers
# event/Block: /Channel/Application/Readers
# event/FilteredBlock: /Channel/Application/Readers
Organizations:
Policies: &ApplicationDefaultPolicies # Application 정책 설정
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Admins:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Application 관련 정책은 apeer조직의 어드인 서명이 필요함
# LifecycleEndorsement:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.peer')"
# Endorsement:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.peer')"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft # 오더링 방식(sole, kafka, etcdraft)
Addresses:
- orderer0:7050
BatchTimeout: 2s # 배치 타임아웃 설정
BatchSize:
MaxMessageCount: 500 # 블록당 최대 트렌젝션 개수
AbsoluteMaxBytes: 10 MB
PreferredMaxBytes: 2 MB # 블록 최대 크기
EtcdRaft: &EtcdRaftDefaults
Consenters:
- Host: orderer0 # 오더러 정보 호스트(ip)
Port: 7050 # 오더러 포트
ClientTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer0.innogrid.tech/tls/server.crt
ServerTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer0.innogrid.tech/tls/server.key
- Host: orderer1 # 오더러 정보 호스트(ip)
Port: 7050 # 오더러 포트
ClientTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer1.innogrid.tech/tls/server.crt
ServerTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer1.innogrid.tech/tls/server.key
- Host: orderer2 # 오더러 정보 호스트(ip)
Port: 7050 # 오더러 포트
ClientTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer2.innogrid.tech/tls/server.crt
ServerTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer2.innogrid.tech/tls/server.key
Options:
TickInterval: 500ms
ElectionTick: 10
MaxInflightBlocks: 5
SnapshotIntervalSize: 20 MB
Organizations:
# - *OrdererOrg
Policies:
Readers:
Type: ImplicitMeta # 정책 타입 (Signature(서명), ImplicitMeta)
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Admins:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Orderer 관련 정책은 apeer조직의 어드인 서명이 필요함
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *ChannelCapabilities
Channel: &ChannelDefaults
Policies: # Channel 정책 설정
Readers: # 읽기 정책
Type: ImplicitMeta
Rule: "ANY Readers"
Writers: # 쓰기 정책
Type: ImplicitMeta
Rule: "ANY Writers"
# Admins: # 어드민 정책
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Channel 관련 정책은 apeer조직의 어드인 서명이 필요함
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
# 실질적인 트렌젝션, Genesis 블록은 아래 설정을 참조하여 생성된다.
# configtx.yaml 파일 윗부분에 작성한 것들을 참조하여 최종 프로파일을 만든다.
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *strategy
Consortiums:
HlfConsortium:
Organizations:
- *strategy1team
- *strategy2team
# Channel
common:
Consortium: HlfConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *strategy1team
- *strategy2team
private-team1-team2:
Consortium: HlfConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *strategy1team
- *strategy2team
EOF
echo "${RED}--HLF configtx.yaml generated..--${NC}"
echo "${RED}--HLF configtxgen generating..--${NC}"
mkdir ${CA_PATH}/channel-artifacts/
echo "${RED}--(1/3) HLF configtxgen Create Genesis Block generating..--${NC}"
# Genesis block 생성
configtxgen -configPath ${CA_PATH}/crypto-config/ -profile OrdererGenesis -outputBlock ${CA_PATH}/channel-artifacts/genesis.block -channelID ordererchannel
echo "${RED}--(2/3) HLF configtxgen Create Channel Tx generating..--${NC}"
# 채널 생성 트렌젝션 생성 (채널명은 testchannel로 한다)
configtxgen -configPath ${CA_PATH}/ -profile common -outputCreateChannelTx ${CA_PATH}/channel-artifacts/channel.tx -channelID mychannel
echo "${RED}--(3/3) HLF configtxgen Create AnchorPeers Tx generating..--${NC}"
# 앵커피어 설정 트렌젝션 생성
configtxgen -configPath ${CA_PATH}/ -profile common -outputAnchorPeersUpdate ${CA_PATH}/channel-artifacts/strategy1teamMSPanchors.tx -channelID mychannel -asOrg strategy1team
configtxgen -configPath ${CA_PATH}/ -profile common -outputAnchorPeersUpdate ${CA_PATH}/channel-artifacts/strategy2teamMSPanchors.tx -channelID mychannel -asOrg strategy2team
echo "${RED}--HLF configtxgen generated..--${NC}"
ls -al ${CA_PATH}/channel-artifacts/
echo "${RED}--HLF Genesis block and Channel Secret Creating...--${NC}"
kubectl create secret generic -n ${NAMESPACE} hlf--genesis --from-file=${CA_PATH}/channel-artifacts/genesis.block
kubectl create secret generic -n ${NAMESPACE} hlf--channel --from-file=${CA_PATH}/channel-artifacts/channel.tx
echo "${RED}--HLF Genesis block and Channel Secret Created...--${NC}"
########################################
########################################
echo "${GREEN} StorageClass creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
EOF
echo -e "${GREEN} StorageClass created ${NC} \n"
# kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml
echo "${GREEN} PersistentVolume creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: ${CA_RELEASE}
namespace: ${NAMESPACE}
labels:
hlf-release: ${CA_RELEASE}
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 5Gi
claimRef:
name: ${CA_RELEASE}
namespace: ${NAMESPACE}
hostPath:
path: /data/hlf/${NAMESPACE}/${CA_RELEASE}
persistentVolumeReclaimPolicy: Delete
storageClassName: local-storage
volumeMode: Filesystem
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: ${CA_RELEASE}
namespace: ${NAMESPACE}
labels:
hlf-release: ${CA_RELEASE}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: local-storage
EOF
echo -e "${GREEN} PersistentVolume created ${NC} \n"
# first - Peer Organization 1
# Hyperledger Fabric CA
echo "${GREEN} helm HLF-CA install ${NC}"
helm repo add owkin https://owkin.github.io/charts
helm repo update
helm install ${CA_RELEASE} owkin/hlf-ca --version 2.0.1 \
--namespace ${NAMESPACE} \
--set image.repository="hyperledger/fabric-ca" \
--set image.tag="1.5.2" \
--set config.hlfToolsVersion="1.5.2" \
--set caName=${CA_RELEASE} \
--set adminUsername=ca-admin,adminPassword=innogrid \
--set persistence.enabled=true \
--set persistence.existingClaim="${CA_RELEASE}" \
--set persistence.storageClass="local-storage" \
--set nodeSelector."node-role\\.kubernetes\\.io/master"=
# --set config.csr.names.c=KR \
# --set config.csr.names.st=Daejeon \
# --set config.csr.names.o=Etri \
# --set config.csr.names.ou=Blockchain \
# --set config.mountTLS=true
# --create-namespace
# kubectl label ns ${NAMESPACE} hlf-release=${CA_RELEASE}
CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}")
CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo)
CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo)
sleep 3s
kubectl logs -n ${NAMESPACE} ${CA_POD_NAME} | grep "Listening on"
echo -e "${GREEN} helm installed ${NC} \n"
echo -e "\n ${GREEN} Data Folder creating... ${NC}"
mkdir -p ${CA_PATH}
ls -al ${CA_PATH}
echo -e "${GREEN} Data Folder created ${NC} \n"
while true ; do
echo "${GREEN} HLF-CA Preparing... ${NC}"
CA_RUNNING_CHECK=$(curl -s -X GET $APISERVER/api/v1/namespaces/${NAMESPACE}/pods/${CA_POD_NAME} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase')
CA_PV_CHECK=$(curl -s -X GET $APISERVER/api/v1/persistentvolumes/${CA_RELEASE} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase')
CA_PVC_CHECK=$(curl -s -X GET $APISERVER/api/v1/namespaces/${NAMESPACE}/persistentvolumeclaims/${CA_RELEASE} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase')
echo " - CA_POD Status phase is : ${CA_RUNNING_CHECK}"
echo " - CA_PV Status phase is : ${CA_PV_CHECK}"
echo " - CA_PVC Status phase is : ${CA_PVC_CHECK}"
if [[ $CA_RUNNING_CHECK == *"Running"* ]]; then
echo -e "${GREEN} HLF-CA Installed Got it... ${NC} \n"
break
fi
sleep 5s
done
read -r -p "simple? : " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
exit 1
;;
[nN][oO]|[nN])
echo "No"
;;
*)
echo "Invalid input..."
exit 1
;;
esac
SERVICE_DNS="0.0.0.0"
#########################################################################################################
# Fabric CA
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${CA_ADMIN}:${CA_PASSWORD}@${SERVICE_DNS}:7054"
#########################################################################################################
SERVER_TLS=$(cat ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp/signcerts/cert.pem)
ca--tls
########################################
########################################
#Orderer CA Secret
echo "${RED}--Fabric CA Cert Secret Generating..--${NC}"
ORG_CERT=$(cat ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp/cacerts/*.pem -printf "%f\n")
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--admin-secret \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
########################################
########################################
########################################
########################################
# # second - Hyperledger Fabric Peer
# echo "${GREEN} helm HLF-PEER install ${NC}"
# MSP_ID="${HLF_ORG}-MSP"
# helm install ${CA_RELEASE} owkin/hlf-peer \
# --create-namespace \
# --namespace ${NAMESPACE} \
# --peer.mspID=${MSP_ID} \
# --set persistence.storageClass="local-storage" \
# --set peer.databaseType="CouchDB" \
# --set peer.couchdbSecret="cdb1-hlf-couchdb"
# CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}")
# CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo)
# CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo)
# echo -e "${GREEN} helm installed ${NC} \n"
# echo -e "\n ${GREEN} Data Folder creating... ${NC}"
# mkdir -p ${CA_PATH}
# ls -al ${CA_PATH}
# echo -e "${GREEN} Data Folder created ${NC} \n"
# echo "${GREEN} PersistentVolume creating... ${NC}"
# cat <<EOF | kubectl apply -f -
# apiVersion: v1
# kind: PersistentVolume
# metadata:
# name: ${CA_RELEASE}
# namespace: ${NAMESPACE}
# spec:
# accessModes:
# - ReadWriteOnce
# capacity:
# storage: 5Gi
# claimRef:
# name: ${CA_RELEASE}
# namespace: ${NAMESPACE}
# hostPath:
# path: /data/hlf/${NAMESPACE}/${CA_RELEASE}
# persistentVolumeReclaimPolicy: Delete
# storageClassName: local-storage
# volumeMode: Filesystem
# EOF
# echo -e "${GREEN} PersistentVolume created ${NC} \n"
########################################
# third - Hyperledger Fabric Orderer
echo "${GREEN} helm HLF-Orderer install ${NC}"
MSP_ID="${HLF_ORG:-ordererMSP}"
# read -r -p "how many Orderers are there in total ? : " ORD_CNT
for i in $(seq 0 2);
do
echo "${GREEN} (${i}/2) orderer${i} ${NC}"
mkdir -p /data/hlf/${NAMESPACE}/${ORD_RELEASE}${i}
echo "${GREEN} PersistentVolume creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: ${ORD_RELEASE}${i}
namespace: ${NAMESPACE}
labels:
hlf-release: ${ORD_RELEASE}
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 5Gi
claimRef:
name: ${ORD_RELEASE}${i}
namespace: ${NAMESPACE}
hostPath:
path: /data/hlf/${NAMESPACE}/${ORD_RELEASE}${i}
persistentVolumeReclaimPolicy: Delete
storageClassName: local-storage
volumeMode: Filesystem
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: ${ORD_RELEASE}${i}
namespace: ${NAMESPACE}
labels:
hlf-release: ${ORD_RELEASE}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: local-storage
EOF
echo -e "${GREEN} PersistentVolume created ${NC} \n"
# --set ord.mspID=${MSP_ID:-ordererMSP} \
echo -e "${GREEN} Helm Installing... ${NC} \n"
helm install ${ORD_RELEASE}${i} owkin/hlf-ord \
--namespace ${NAMESPACE} \
--set image.repository="hyperledger/fabric-orderer" \
--set image.tag="2.4" \
--set ord.type="etcdraft" \
--set ord.mspID=${MSP_ID:-strategyMSP} \
--set persistence.enabled=true \
--set persistence.existingClaim="${ORD_RELEASE}${i}" \
--set persistence.storageClass="local-storage" \
--set nodeSelector."node-role\\.kubernetes\\.io/master"= \
--set secrets.ord.cert=${CA_RELEASE}-ord${i}--secret \
--set secrets.ord.key=${CA_RELEASE}-ord${i}--secret \
--set secrets.ord.cred=${CA_RELEASE}-ord${i}--secret \
--set secrets.ord.caCert=${CA_RELEASE}-ord${i}--secret \
--set secrets.adminCert=${CA_RELEASE}-ord0--secret \
--set secrets.genesis=hlf--genesis
# --set secrets.ord.tls=${CA_RELEASE}-ord${i}--secret \
# --set secrets.ord.tlsClient=${CA_RELEASE}-ord${i}--secret
# --set ord.tls.server.enabled=true \
# --set ord.tls.client.enabled=true \
echo -e "${GREEN} helm installed ${NC} \n"
done
hlf-source-test
#!/usr/bin/env bash
read -r -p "${GREEN}Input Your Organization Name (example. org1, org2) : ${NC}" HLF_ORG2
export HLF_ORG="${HLF_ORG2}"
export _UUID="test"
export NAMESPACE="hlf-blockchain-${HLF_ORG}-${_UUID}"
export ORG_NAME="hlf-${HLF_ORG}"
export CA_RELEASE="${HLF_ORG}-${_UUID}-hlf-ca"
export CA_PATH="/data/hlf/${NAMESPACE}/${CA_RELEASE}"
export ORD_RELEASE="${HLF_ORG}-${_UUID}-hlf-ord"
export PEER_RELEASE="${HLF_ORG}-${_UUID}-hlf-peer"
export CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}")
echo "CA_POD_NAME is ${CA_POD_NAME}"
export CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo)
echo "CA_ADMIN is ${CA_ADMIN}"
export CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo)
echo "CA_PASSWORD is ${CA_PASSWORD}"
echo "env ok."
https://githubmemory.com/repo/JulianD267/Hyperledger-Fabric2-0-configurator
OrdererOrgs:
- Name: Orderer
Domain: innogrid.tech
EnableNodeOUs: true
Specs:
- Hostname: orderer0
# - Hostname: orderer1
# - Hostname: orderer2
# - Hostname: orderer3
# - Hostname: orderer4
- SANS:
- localhost
- 127.0.0.1
PeerOrgs:
- Name: Org1
Domain: org1.dredev.de
EnableNodeOUs: true
Template:
Count: 2
SANS:
- localhost
- 127.0.0.1
Users:
Count: 1
- Name: Org2
Domain: org2.dredev.de
EnableNodeOUs: true
Template:
Count: 2
SANS:
- localhost
- 127.0.0.1
Users:
Count: 1
Sample
git clone https://github.com/harishgupta/fabric-k8s.git
cd fabric-k8s
mkdir -p /data/hlf/
kubectl create configmap kubetest-genesis --from-file=genesis.block
cp -pr fabric-files /data/hlf/fabric-files
cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-fabric
labels:
type: local
name: fabricfiles
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 5Gi
hostPath:
path: /data/hlf/fabric-files
persistentVolumeReclaimPolicy: Delete
storageClassName: local-storage
volumeMode: Filesystem
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc-fabric
spec:
selector:
matchLabels:
name: fabricfiles
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: local-storage
EOF
kubectl create -f kube.yaml
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
helm
metallb
ingress-nginx 설치
(option) multi-ingress-nginx
cert-manager 설치
cert Issuer 생성 (Staging / Production)
(option) hello-world