Skip to content

Instantly share code, notes, and snippets.

@taking

taking/hlf-install-test

Last active February 25, 2022 05:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save taking/010c5e3d6422684ffb29b8324a68646b to your computer and use it in GitHub Desktop.
Save taking/010c5e3d6422684ffb29b8324a68646b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hlf-install-test
#!/bin/bash
RED=`tput setaf 1`
GREEN=`tput setaf 2`
NC=`tput sgr0`
#apt install jq -y
get_latest_release() {
curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub api
grep '"tag_name":' | # Get tag line
sed -E 's/.*"([^"]+)".*/\1/' | # Pluck JSON value
cut -c 2-
}
read -r -p "${GREEN}Input Your Organization Name (example. org1, org2) : ${NC}" HLF_ORG
# _UUID="$(uuidgen)"
_UUID="test"
NAMESPACE="hlf-blockchain-${HLF_ORG}-${_UUID}"
ORG_NAME="hlf-${HLF_ORG}"
CA_RELEASE="${HLF_ORG}-${_UUID}-hlf-ca"
CA_PATH="/data/hlf/${NAMESPACE}/${CA_RELEASE}"
ORD_RELEASE="${HLF_ORG}-${_UUID}-hlf-ord"
PEER_RELEASE="${HLF_ORG}-${_UUID}-hlf-peer"
hlf_ver=$(get_latest_release hyperledger/fabric)
# # all
# _hostname="cluster-1"
# kubectl taint nodes --all node-role.kubernetes.io/master-
# kubectl get configmaps -n kube-system kubeadm-config -o yaml | sed "s/ clusterName: kubernetes/ clusterName: ${_hostname}/g" | kubectl replace -f - &&
# kubectl config set-context kubernetes-admin@kubernetes --cluster=${_hostname}
# kubectl config set-context kubernetes-admin@kubernetes --user=${_hostname}
# kubectl config rename-context kubernetes-admin@kubernetes ${_hostname}
# sed -i "s/ name: kubernetes/ name: ${_hostname}/g" ~/.kube/config
# sed -i "s/- name: kubernetes-admin/- name: ${_hostname}/g" ~/.kube/config
# kubectl get nodes --show-labels
# kubectl create serviceaccount ${_hostname} -n kube-system
# kubectl create clusterrolebinding ${_hostname} \
# --clusterrole=cluster-admin \
# --serviceaccount=kube-system:${_hostname}
CLUSTER_NAME="cluster-1"
# APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
APISERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name==\"$CLUSTER_NAME\")].cluster.server}")
# TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode)
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='${CLUSTER_NAME}')].data.token}"|base64 --decode)
NAMESPACE_CHECK=$(curl -s -o /dev/null -w "%{http_code}" -X GET $APISERVER/api/v1/namespaces/${NAMESPACE} --header "Authorization: Bearer $TOKEN" --insecure)
if [[ $NAMESPACE_CHECK == *"404"* ]]; then
echo "${RED}--namespace not exist--${NC}"
# -f /data/hlf/${NAMESPACE}/${RELEASE}
else
echo "${RED}--namespace exist...--${NC}"
read -r -p "USER EXIST RESET? (name is ${NAMESPACE}) : " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
# helm uninstall ${CA_RELEASE} -n ${NAMESPACE}
kubectl delete ns ${NAMESPACE} --force
kubectl delete pvc --namespace ${NAMESPACE} -l "hlf-release=${CA_RELEASE}" --force
kubectl delete pv -l "hlf-release=${CA_RELEASE}" --force
kubectl delete pv -l "hlf-release=${ORD_RELEASE}" --force
rm -rf /data/hlf/${NAMESPACE}
echo "${GREEN} uninstall complete ${NC}"
exit 1
;;
[nN][oO]|[nN])
echo "No"
;;
*)
echo "Invalid input..."
exit 1
;;
esac
fi
echo "${GREEN} StorageClass creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
EOF
echo -e "${GREEN} StorageClass created ${NC} \n"
echo "${GREEN} Namespace creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: ${NAMESPACE}
labels:
hlf-release: ${CA_RELEASE}
EOF
echo -e "${GREEN} Namespace created ${NC} \n"
# kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml
echo "${GREEN} PersistentVolume creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: ${CA_RELEASE}
namespace: ${NAMESPACE}
labels:
hlf-release: ${CA_RELEASE}
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 5Gi
claimRef:
name: ${CA_RELEASE}
namespace: ${NAMESPACE}
hostPath:
path: /data/hlf/${NAMESPACE}/${CA_RELEASE}
persistentVolumeReclaimPolicy: Delete
storageClassName: local-storage
volumeMode: Filesystem
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: ${CA_RELEASE}
namespace: ${NAMESPACE}
labels:
hlf-release: ${CA_RELEASE}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: local-storage
EOF
echo -e "${GREEN} PersistentVolume created ${NC} \n"
# first - Peer Organization 1
# Hyperledger Fabric CA
echo "${GREEN} helm HLF-CA install ${NC}"
helm repo add owkin https://owkin.github.io/charts
helm repo update
helm install ${CA_RELEASE} owkin/hlf-ca --version 2.0.1 \
--namespace ${NAMESPACE} \
--set image.repository="hyperledger/fabric-ca" \
--set image.tag="1.5.2" \
--set config.hlfToolsVersion="1.5.2" \
--set caName=${CA_RELEASE} \
--set adminUsername=ca-admin,adminPassword=innogrid \
--set persistence.enabled=true \
--set persistence.existingClaim="${CA_RELEASE}" \
--set persistence.storageClass="local-storage" \
--set nodeSelector."node-role\\.kubernetes\\.io/master"=
# --set config.csr.names.c=KR \
# --set config.csr.names.st=Daejeon \
# --set config.csr.names.o=Etri \
# --set config.csr.names.ou=Blockchain \
# --set config.mountTLS=true
# --create-namespace
# kubectl label ns ${NAMESPACE} hlf-release=${CA_RELEASE}
CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}")
CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo)
CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo)
sleep 3s
kubectl logs -n ${NAMESPACE} ${CA_POD_NAME} | grep "Listening on"
echo -e "${GREEN} helm installed ${NC} \n"
echo -e "\n ${GREEN} Data Folder creating... ${NC}"
mkdir -p ${CA_PATH}
ls -al ${CA_PATH}
echo -e "${GREEN} Data Folder created ${NC} \n"
while true ; do
echo "${GREEN} HLF-CA Preparing... ${NC}"
CA_RUNNING_CHECK=$(curl -s -X GET $APISERVER/api/v1/namespaces/${NAMESPACE}/pods/${CA_POD_NAME} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase')
CA_PV_CHECK=$(curl -s -X GET $APISERVER/api/v1/persistentvolumes/${CA_RELEASE} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase')
CA_PVC_CHECK=$(curl -s -X GET $APISERVER/api/v1/namespaces/${NAMESPACE}/persistentvolumeclaims/${CA_RELEASE} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase')
echo " - CA_POD Status phase is : ${CA_RUNNING_CHECK}"
echo " - CA_PV Status phase is : ${CA_PV_CHECK}"
echo " - CA_PVC Status phase is : ${CA_PVC_CHECK}"
if [[ $CA_RUNNING_CHECK == *"Running"* ]]; then
echo -e "${GREEN} HLF-CA Installed Got it... ${NC} \n"
break
fi
sleep 5s
done
read -r -p "simple? : " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
exit 1
;;
[nN][oO]|[nN])
echo "No"
;;
*)
echo "Invalid input..."
exit 1
;;
esac
SERVICE_DNS="0.0.0.0"
# Fabric CA
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${CA_ADMIN}:${CA_PASSWORD}@${SERVICE_DNS}:7054"
# Identities
# - Organization Admin
ORG_ADMIN=admin
ORG_PASSWORD=innogrid
echo -e "\n${GREEN} ${CA_RELEASE} ordererOrganization Admin Certificate Creating... ${NC}\n"
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${CA_ADMIN}:${CA_PASSWORD}@${SERVICE_DNS}:7054 -M /var/hyperledger/fabric-ca/msp"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${ORG_ADMIN}:${ORG_PASSWORD}@${SERVICE_DNS}:7054 -M /var/hyperledger/fabric-ca/ordererOrganizations/innogrid.tech/msp"
echo -e "\n${GREEN} ${CA_RELEASE} ordererOrganization Admin Certificate Created... ${NC}\n"
# echo "\n${GREEN} ${CA_RELEASE} CA config Exporting... ${NC}\n"
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client getcacert -d -u http://${CA_ADMIN}:${CA_PASSWORD}@$SERVICE_DNS:7054"
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "cat /var/hyperledger/ca_config/ca.yaml" > ${CA_PATH}/ca_config/ca.yaml
echo "${GREEN} ordererOrganization Admin exporting... ${NC}"
# kubectl cp ${NAMESPACE}/${CA_POD_NAME}:/var/hyperledger/fabric-ca/msp ${CA_PATH}/ordererOrganizations/innogrid.tech/msp
if [ -d ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp ]; then
ls -al ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp
echo -e "${GREEN} ordererOrganization Admin export ok. ${NC} \n"
mkdir -p ${CA_PATH}/ca-certs
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/cacerts/*.pem -printf "%f\n")
cat <<EOF > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: orderer
EOF
CONFIG=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp/config.yaml)
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--admin-secret \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
# kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--admincert --from-literal=cert.pem="$ORG_CERT"
# kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--adminkey --from-literal=key.pem="$ORG_KEY"
# kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--ca-cert --from-literal=cacert.pem="$CA_CERT"
else
echo -e "${GREEN} ordererOrganization export failed. ${NC} \n"
fi
# Orderer Organisation
ORDERER0_NAME="orderer0"
ORDERER0_PASSWORD="orderer0_pw"
ORDERER1_NAME="orderer1"
ORDERER1_PASSWORD="orderer1_pw"
ORDERER2_NAME="orderer2"
ORDERER2_PASSWORD="orderer2_pw"
echo "${GREEN} Orderer 인증서 정보 가입... ${NC}"
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${ORDERER0_NAME} --id.secret ${ORDERER0_PASSWORD} --id.type orderer"
# kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${ORDERER0_NAME} --id.secret ${ORDERER0_PASSWORD} --id.type orderer --id.attrs 'admin=true:ecert'"
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${ORDERER1_NAME} --id.secret ${ORDERER1_PASSWORD} --id.type orderer"
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${ORDERER2_NAME} --id.secret ${ORDERER2_PASSWORD} --id.type orderer"
echo "\n${GREEN} ${CA_RELEASE} Orderer ord0, ord1, ord2, ord3 msp certificate MSP Certificate Creating... ${NC}\n"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${ORDERER0_NAME}:${ORDERER0_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${ORDERER1_NAME}:${ORDERER1_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${ORDERER2_NAME}:${ORDERER2_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp"
# echo "\n${GREEN} ${CA_RELEASE} Orderer TLS Certificate Creating... ${NC}\n"
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${ORDERER0_NAME}:${ORDERER0_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/orderer/orderer0/tls --csr.hosts ${ORDERER0_NAME}"
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${ORDERER1_NAME}:${ORDERER1_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/orderer/orderer1/tls --csr.hosts ${ORDERER1_NAME}"
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${ORDERER2_NAME}:${ORDERER2_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/orderer/orderer2/tls --csr.hosts ${ORDERER2_NAME}"
echo "${GREEN} Orderer Orderer0-3 MSP Certificate... ${NC}"
CA_USERNAME=${ORDERER0_NAME}
CA_PASSWORD=${ORDERER0_PASSWORD}
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/cacerts/*.pem -printf "%f\n")
mkdir -p ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/tls
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/signcerts/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/tls/server.crt
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/keystore/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/tls/server.key
cat <<EOF > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: orderer
EOF
CONFIG=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER0_NAME}/msp/config.yaml)
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-ord0--secret \
--from-literal=CA_USERNAME="$CA_USERNAME" \
--from-literal=CA_PASSWORD="$CA_PASSWORD" \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
CA_USERNAME=${ORDERER1_NAME}
CA_PASSWORD=${ORDERER1_PASSWORD}
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/cacerts/*.pem -printf "%f\n")
mkdir -p ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/tls
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/signcerts/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/tls/server.crt
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/keystore/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/tls/server.key
cat <<EOF > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: orderer
EOF
CONFIG=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER1_NAME}/msp/config.yaml)
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-ord1--secret \
--from-literal=CA_USERNAME="$CA_USERNAME" \
--from-literal=CA_PASSWORD="$CA_PASSWORD" \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
CA_USERNAME=${ORDERER2_NAME}
CA_PASSWORD=${ORDERER2_PASSWORD}
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/cacerts/*.pem -printf "%f\n")
mkdir -p ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/tls
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/signcerts/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/tls/server.crt
"cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/keystore/*" > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/tls/server.key
cat <<EOF > ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: orderer
EOF
CONFIG=$(cat ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/${ORDERER2_NAME}/msp/config.yaml)
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-ord2--secret \
--from-literal=CA_USERNAME="$CA_USERNAME" \
--from-literal=CA_PASSWORD="$CA_PASSWORD" \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
#####***
#********************************@@@@@
#
# peerOrganization Certificate
#
#********************************@@@@@
# 인증서 정보 가입을 위한 권한 취득
echo -e "\n${GREEN} ${CA_RELEASE} peerOrganization Certificate Creating... ${NC}\n"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${CA_ADMIN}:${CA_PASSWORD}@${SERVICE_DNS}:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team1.innogrid.tech/msp"
echo -e "\n${GREEN} ${CA_RELEASE} peerOrganization Certificate Created... ${NC}\n"
echo "${GREEN} peerOrganization exporting... ${NC}"
if [ -d ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp ]; then
ls -al ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp
echo -e "${GREEN} peerOrganization export ok. ${NC} \n"
mkdir -p ${CA_PATH}/ca-certs
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/cacerts/*.pem -printf "%f\n")
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: orderer
EOF
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp/config.yaml)
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--secret \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
else
echo -e "${GREEN} peerOrganization export failed. ${NC} \n"
fi
# # Peer Organisation
PEER0_NAME="peer0-team1"
PEER0_PASSWORD="peer0_team1pw"
PEER1_NAME="peer1-team1"
PEER1_PASSWORD="peer1_team1pw"
echo "${GREEN} team1 피어 인증서 정보 가입... ${NC}"
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${PEER0_NAME} --id.secret ${PEER0_PASSWORD} --id.type peer --id.attrs 'hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert'"
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${PEER1_NAME} --id.secret ${PEER1_PASSWORD} --id.type peer"
echo "\n${GREEN} ${CA_RELEASE} team1 peer0, peer1 msp certificate MSP Certificate Creating... ${NC}\n"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${PEER0_NAME}:${PEER0_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${PEER1_NAME}:${PEER1_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp"
# echo "\n${GREEN} ${CA_RELEASE} aPeer TLS Certificate Creating... ${NC}\n"
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${PEER0_NAME}:${PEER0_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/apeer/peer0/tls --csr.hosts ${PEER0_NAME}"
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${PEER1_NAME}:${PEER1_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/apeer/peer1/tls --csr.hosts ${PEER1_NAME}"
echo "${GREEN} Peer 0-2 MSP Certificate... ${NC}"
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/cacerts/*.pem -printf "%f\n")
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: orderer
EOF
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER0_NAME}/msp/config.yaml)
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-peer0--secret \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/cacerts/*.pem -printf "%f\n")
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: orderer
EOF
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/peers/${PEER1_NAME}/msp/config.yaml)
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-peer1--secret \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
##
echo "${GREEN} Fabric-ca-client identity list ${NC}"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c 'fabric-ca-client identity list'
# 인증서 정보 가입을 위한 권한 취득
echo -e "\n${GREEN} ${CA_RELEASE} peerOrganization Certificate Creating... ${NC}\n"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${CA_ADMIN}:${CA_PASSWORD}@${SERVICE_DNS}:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team2.innogrid.tech/msp"
echo -e "\n${GREEN} ${CA_RELEASE} peerOrganization Certificate Created... ${NC}\n"
echo "${GREEN} peerOrganization exporting... ${NC}"
if [ -d ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp ]; then
ls -al ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp
echo -e "${GREEN} peerOrganization export ok. ${NC} \n"
mkdir -p ${CA_PATH}/ca-certs
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/cacerts/*.pem -printf "%f\n")
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: orderer
EOF
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp/config.yaml)
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--secret \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
else
echo -e "${GREEN} peerOrganization export failed. ${NC} \n"
fi
# # Peer Organisation
PEER0_NAME="peer0-team2"
PEER0_PASSWORD="peer0_team1pw"
PEER1_NAME="peer1-team2"
PEER1_PASSWORD="peer1_team1pw"
echo "${GREEN} team1 피어 인증서 정보 가입... ${NC}"
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${PEER0_NAME} --id.secret ${PEER0_PASSWORD} --id.type peer --id.attrs 'hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert'"
kubectl exec -n ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client register -d --id.name ${PEER1_NAME} --id.secret ${PEER1_PASSWORD} --id.type peer"
echo "\n${GREEN} ${CA_RELEASE} team1 peer0, peer1 msp certificate MSP Certificate Creating... ${NC}\n"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${PEER0_NAME}:${PEER0_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp"
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${PEER1_NAME}:${PEER1_PASSWORD}@$SERVICE_DNS:7054 -M /var/hyperledger/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp"
# echo "\n${GREEN} ${CA_RELEASE} aPeer TLS Certificate Creating... ${NC}\n"
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${PEER0_NAME}:${PEER0_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/apeer/peer0/tls --csr.hosts ${PEER0_NAME}"
# kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d --enrollment.profile tls -u http://${PEER1_NAME}:${PEER1_PASSWORD}@$SERVICE_DNS:7054 -M /tmp/orgs/apeer/peer1/tls --csr.hosts ${PEER1_NAME}"
echo "${GREEN} Peer 0-2 MSP Certificate... ${NC}"
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/cacerts/*.pem -printf "%f\n")
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: orderer
EOF
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER0_NAME}/msp/config.yaml)
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-peer0--secret \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
ORG_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/cacerts/*.pem -printf "%f\n")
cat <<EOF > ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/${CA_CERT_NAME}
OrganizationalUnitIdentifier: orderer
EOF
CONFIG=$(cat ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/peers/${PEER1_NAME}/msp/config.yaml)
kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}-peer1--secret \
--from-literal=cacert.pem="$CA_CERT" \
--from-literal=cert.pem="$ORG_CERT" \
--from-literal=config.yaml="$CONFIG" \
--from-literal=key.pem="$ORG_KEY"
########################################
########################################
########################################
########################################
echo "${RED}--Hyperledger Fabric Binary Check...--${NC}"
if [ -f /usr/local/bin/cryptogen ]; then
echo "${RED}--HLF exist.. PASS--${NC}"
echo "${GREEN}--cryptogen , configtxgen --${NC}"
else
echo "${RED}--Hyperledger Fabric Binary downloading...--${NC}"
cd ~/
wget https://github.com/hyperledger/fabric/releases/download/v${hlf_ver}/hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz
mkdir ./hyperledger-fabric-${hlf_ver}
tar -xvzf hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz -C ./hyperledger-fabric-${hlf_ver}
cp -r ./hyperledger-fabric-${hlf_ver}/bin/configtxgen /usr/local/bin/
cp -r ./hyperledger-fabric-${hlf_ver}/bin/cryptogen /usr/local/bin/
rm -rf hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz
cryptogen version
fi
echo "${RED}--HLF end--${NC}"
echo "${RED}--HLF configtx.yaml generating...--${NC}"
#read -r -p "${GREEN}Input Your Organization MSP ID (example. ordererMSP) : ${NC}" HLF_ORD_MSP
mkdir ${CA_PATH}/hlf-config
cat <<EOF > ${CA_PATH}/hlf-config/configtx.yaml
Organizations: # 조직 설정
- &strategy
Name: strategyMSP # 조직 이름(오더러)
ID: ${HLF_ORD_MSP:-strategyMSP} # 조직 MSP ID
# 발급받은 조직 msp 경로
MSPDir: ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/msp
Policies: &OrgPolicies
Readers:
Type: Signature
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')"
Writers:
Type: Signature
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')"
Admins:
Type: Signature
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.admin')"
Endorsement:
Type: Signature
Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')"
- &strategy1team
Name: strategy1teamMSP # 조직 이름(피어)
ID: ${HLF_PEER_MSP:-strategy1teamMSP} # 조직 MSP ID
# 발급받은 조직 msp 경로
MSPDir: ${CA_PATH}/fabric-ca/peerOrganizations/team1.innogrid.tech/msp
Policies:
Readers:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin', '${HLF_PEER_MSP:-strategy1teamMSP}.peer', '${HLF_PEER_MSP:-strategy1teamMSP}.client')"
Writers:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin', '${HLF_PEER_MSP:-strategy1teamMSP}.client')"
Admins:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin')"
# Endorsement:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-strategyMSP}.member')"
AnchorPeers: # 앵커피어 설정 (보통 0번피어를 앵커피어로 지정한다)
- Host: peer0-team1${INGRESS_ADDR:-}
Port: 7051
- &strategy2team
Name: strategy2teamMSP # 조직 이름(피어)
ID: ${HLF_PEER_MSP:-strategy2teamMSP} # 조직 MSP ID
# 발급받은 조직 msp 경로
MSPDir: ${CA_PATH}/fabric-ca/peerOrganizations/team2.innogrid.tech/msp
Policies:
Readers:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin', '${HLF_PEER_MSP:-strategy2teamMSP}.peer', '${HLF_PEER_MSP:-strategy2teamMSP}.client')"
Writers:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin', '${HLF_PEER_MSP:-strategy2teamMSP}.client')"
Admins:
Type: Signature
Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin')"
# Endorsement:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-strategyMSP}.member')"
AnchorPeers: # 앵커피어 설정 (보통 0번피어를 앵커피어로 지정한다)
- Host: peer0-team1${INGRESS_ADDR:-}
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
# ACLs:
# _lifecycle/CheckCommitReadiness: /Channel/Application/Writers
# _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
# _lifecycle/QueryChaincodeDefinition: /Channel/Application/Readers
# _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Readers
# lscc/ChaincodeExists: /Channel/Application/Readers
# lscc/GetDeploymentSpec: /Channel/Application/Readers
# lscc/GetChaincodeData: /Channel/Application/Readers
# lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
# qscc/GetChainInfo: /Channel/Application/Readers
# qscc/GetBlockByNumber: /Channel/Application/Readers
# qscc/GetBlockByHash: /Channel/Application/Readers
# qscc/GetTransactionByID: /Channel/Application/Readers
# qscc/GetBlockByTxID: /Channel/Application/Readers
# cscc/GetConfigBlock: /Channel/Application/Readers
# cscc/GetConfigTree: /Channel/Application/Readers
# cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
# peer/Propose: /Channel/Application/Writers
# peer/ChaincodeToChaincode: /Channel/Application/Readers
# event/Block: /Channel/Application/Readers
# event/FilteredBlock: /Channel/Application/Readers
Organizations:
Policies: &ApplicationDefaultPolicies # Application 정책 설정
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "ANY Endorsement"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Admins:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Application 관련 정책은 apeer조직의 어드인 서명이 필요함
# LifecycleEndorsement:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.peer')"
# Endorsement:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.peer')"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft # 오더링 방식(sole, kafka, etcdraft)
Addresses:
- orderer0:7050
# - orderer1:7050
# - orderer2:7050
BatchTimeout: 2s # 배치 타임아웃 설정
BatchSize:
MaxMessageCount: 500 # 블록당 최대 트렌젝션 개수
AbsoluteMaxBytes: 10 MB
PreferredMaxBytes: 2 MB # 블록 최대 크기
EtcdRaft: &EtcdRaftDefaults
Consenters:
- Host: orderer0 # 오더러 정보 호스트(ip)
Port: 7050 # 오더러 포트
ClientTLSCert: ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/orderer0/tls/server.crt
ServerTLSCert: ${CA_PATH}/fabric-ca/ordererOrganizations/innogrid.tech/orderers/orderer0/tls/server.key
Options:
TickInterval: 500ms
ElectionTick: 10
MaxInflightBlocks: 5
SnapshotIntervalSize: 20 MB
Organizations:
# - *OrdererOrg
Policies:
Readers:
Type: ImplicitMeta # 정책 타입 (Signature(서명), ImplicitMeta)
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Admins:
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Orderer 관련 정책은 apeer조직의 어드인 서명이 필요함
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *ChannelCapabilities
Channel: &ChannelDefaults
Policies: # Channel 정책 설정
Readers: # 읽기 정책
Type: ImplicitMeta
Rule: "ANY Readers"
Writers: # 쓰기 정책
Type: ImplicitMeta
Rule: "ANY Writers"
# Admins: # 어드민 정책
# Type: Signature
# Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Channel 관련 정책은 apeer조직의 어드인 서명이 필요함
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
# 실질적인 트렌젝션, Genesis 블록은 아래 설정을 참조하여 생성된다.
# configtx.yaml 파일 윗부분에 작성한 것들을 참조하여 최종 프로파일을 만든다.
Profiles:
OrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *strategy
Consortiums:
HlfConsortium:
Organizations:
- *strategy1team
- *strategy2team
# Channel
common:
Consortium: HlfConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *strategy1team
- *strategy2team
private-team1-team2:
Consortium: HlfConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *strategy1team
- *strategy2team
EOF
echo "${RED}--HLF configtx.yaml generated..--${NC}"
echo "${RED}--HLF configtxgen generating..--${NC}"
mkdir ${CA_PATH}/hlf-config/channel-artifacts
echo "${RED}--(1/3) HLF configtxgen Create Channel Tx generating..--${NC}"
# 채널 생성 트렌젝션 생성 (채널명은 testchannel로 한다)
configtxgen -configPath ${CA_PATH}/hlf-config/ -profile common -outputCreateChannelTx ${CA_PATH}/hlf-config/channel-artifacts/channel.tx -channelID channel
echo "${RED}--(2/3) HLF configtxgen Create AnchorPeers Tx generating..--${NC}"
# 앵커피어 설정 트렌젝션 생성
configtxgen -configPath ${CA_PATH}/hlf-config/ -profile common -outputAnchorPeersUpdate ${CA_PATH}/hlf-config/channel-artifacts/strategy1teamMSPanchors.tx -channelID channel -asOrg strategy1team
configtxgen -configPath ${CA_PATH}/hlf-config/ -profile common -outputAnchorPeersUpdate ${CA_PATH}/hlf-config/channel-artifacts/strategy2teamMSPanchors.tx -channelID channel -asOrg strategy2team
echo "${RED}--(3/3) HLF configtxgen Create Genesis Block generating..--${NC}"
# Genesis block 생성
configtxgen -configPath ${CA_PATH}/hlf-config/ -profile OrdererGenesis -outputBlock ${CA_PATH}/hlf-config/channel-artifacts/genesis.block -channelID ordererchannel
echo "${RED}--HLF configtxgen generated..--${NC}"
ls -al ${CA_PATH}/hlf-config/channel-artifacts/
echo "${RED}--HLF Genesis block and Channel Secret Creating...--${NC}"
kubectl create secret generic -n ${NAMESPACE} hlf--genesis --from-file=${CA_PATH}/hlf-config/channel-artifacts/genesis.block
kubectl create secret generic -n ${NAMESPACE} hlf--channel --from-file=${CA_PATH}/hlf-config/channel-artifacts/channel.tx
echo "${RED}--HLF Genesis block and Channel Secret Created...--${NC}"
########################################
########################################
########################################
########################################
########################################
# # second - Hyperledger Fabric Peer
# echo "${GREEN} helm HLF-PEER install ${NC}"
# MSP_ID="${HLF_ORG}-MSP"
# helm install ${CA_RELEASE} owkin/hlf-peer \
# --create-namespace \
# --namespace ${NAMESPACE} \
# --peer.mspID=${MSP_ID} \
# --set persistence.storageClass="local-storage" \
# --set peer.databaseType="CouchDB" \
# --set peer.couchdbSecret="cdb1-hlf-couchdb"
# CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}")
# CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo)
# CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo)
# echo -e "${GREEN} helm installed ${NC} \n"
# echo -e "\n ${GREEN} Data Folder creating... ${NC}"
# mkdir -p ${CA_PATH}
# ls -al ${CA_PATH}
# echo -e "${GREEN} Data Folder created ${NC} \n"
# echo "${GREEN} PersistentVolume creating... ${NC}"
# cat <<EOF | kubectl apply -f -
# apiVersion: v1
# kind: PersistentVolume
# metadata:
# name: ${CA_RELEASE}
# namespace: ${NAMESPACE}
# spec:
# accessModes:
# - ReadWriteOnce
# capacity:
# storage: 5Gi
# claimRef:
# name: ${CA_RELEASE}
# namespace: ${NAMESPACE}
# hostPath:
# path: /data/hlf/${NAMESPACE}/${CA_RELEASE}
# persistentVolumeReclaimPolicy: Delete
# storageClassName: local-storage
# volumeMode: Filesystem
# EOF
# echo -e "${GREEN} PersistentVolume created ${NC} \n"
########################################
# third - Hyperledger Fabric Orderer
echo "${GREEN} helm HLF-Orderer install ${NC}"
MSP_ID="${HLF_ORG:-ordererMSP}"
# read -r -p "how many Orderers are there in total ? : " ORD_CNT
for i in $(seq 0 2);
do
echo "${GREEN} (${i}/2) orderer${i} ${NC}"
mkdir -p /data/hlf/${NAMESPACE}/${ORD_RELEASE}${i}
echo "${GREEN} PersistentVolume creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
name: ${ORD_RELEASE}${i}
namespace: ${NAMESPACE}
labels:
hlf-release: ${ORD_RELEASE}
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 5Gi
claimRef:
name: ${ORD_RELEASE}${i}
namespace: ${NAMESPACE}
hostPath:
path: /data/hlf/${NAMESPACE}/${ORD_RELEASE}${i}
persistentVolumeReclaimPolicy: Delete
storageClassName: local-storage
volumeMode: Filesystem
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: ${ORD_RELEASE}${i}
namespace: ${NAMESPACE}
labels:
hlf-release: ${ORD_RELEASE}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: local-storage
EOF
echo -e "${GREEN} PersistentVolume created ${NC} \n"
# --set ord.mspID=${MSP_ID:-ordererMSP} \
echo -e "${GREEN} Helm Installing... ${NC} \n"
helm install ${ORD_RELEASE}${i} owkin/hlf-ord \
--namespace ${NAMESPACE} \
--set image.repository="hyperledger/fabric-orderer" \
--set image.tag="2.4" \
--set ord.type="etcdraft" \
--set ord.mspID=${MSP_ID:-strategyMSP} \
--set persistence.enabled=true \
--set persistence.existingClaim="${ORD_RELEASE}${i}" \
--set persistence.storageClass="local-storage" \
--set nodeSelector."node-role\\.kubernetes\\.io/master"= \
--set secrets.ord.cert=${CA_RELEASE}-ord${i}--secret \
--set secrets.ord.key=${CA_RELEASE}-ord${i}--secret \
--set secrets.ord.cred=${CA_RELEASE}-ord${i}--secret \
--set secrets.ord.caCert=${CA_RELEASE}-ord${i}--secret \
--set secrets.adminCert=${CA_RELEASE}-ord0--secret \
--set secrets.genesis=hlf--genesis
# --set secrets.ord.tls=${CA_RELEASE}-ord${i}--secret \
# --set secrets.ord.tlsClient=${CA_RELEASE}-ord${i}--secret
# --set ord.tls.server.enabled=true \
# --set ord.tls.client.enabled=true \
echo -e "${GREEN} helm installed ${NC} \n"
done
Raw
k8s_install.sh
#!/bin/bash
# Author by Taking
# Kubernetes Install + Reset
# Flannel CNI
# Cluster Name Change (Host명 기준)
# MetalLB Install
RED=`tput setaf 1`
GREEN=`tput setaf 2`
NC=`tput sgr0`
# Check permission
if ! [ $(id -u) = 0 ]
then echo "${RED}Please run as root ${NC}"
exit
fi
############ k8s check ###############
if [ -f ~/.kube/config ]; then
echo "${RED}--Kubernetes reset check--${NC}"
echo "kubernetes reset?"
read -r -p "Are You Sure? [Y/n] " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
kubeadm reset -f &&
rm -rf /etc/cni /etc/kubernetes /var/lib/dockershim /var/lib/etcd /var/lib/kubelet /var/run/kubernetes ~/.kube/ /run/flannel
ip link del cni0
ip link del flannel.1
exit 1
;;
[nN][oO]|[nN])
echo "No"
;;
*)
echo "Invalid input..."
exit 1
;;
esac
fi
############ hostname change ###############
# Hostname 으로, 모든 것이 설정됩니다.
echo "${RED}--HOSTNAME CHANGE (IMPORTANT)--${NC}"
read -p "hostname Change is (ex k8s-worker) : " uhost
hostnamectl set-hostname $uhost
echo '[Hostname] Change Success'
echo "${RED}--HOSTNAME CHANGE END--${NC}"
echo "${RED}--DOCKER INSTALL CHECK--${NC}"
if [ -x "$(command -v docker)" ]; then
echo "${RED}--DOCKER INSTALLED...PASS--${NC}"
else
echo "${RED}--DOCKER INSTALLING...--${NC}"
apt-get update -y
apt-get install vim apt-transport-https gnupg2 curl -y
apt-get install docker.io -y
cat <<EOF > /etc/docker/daemon.json
{
"exec-opts": ["native.cgroupdriver=systemd"],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m"
},
"storage-driver": "overlay2"
}
EOF
mkdir -p /etc/systemd/system/docker.service.d
systemctl daemon-reload
systemctl enable --now docker
echo "${RED}--DOCKER INSTALL SUCCESS...--${NC}"
fi
echo "${RED}--Kubernetes INSTALL CHECK--${NC}"
if [ -f /usr/bin/kubectx -a -f /usr/bin/kubeadm -a -f /usr/bin/kubelet ]; then
echo "${RED}--Kubernetes INSTALLED...PASS--${NC}"
else
echo "${RED}--Kubernetes INSTALLING...--${NC}"
apt-get update -y
apt-get install vim apt-transport-https gnupg2 curl -y
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee /etc/apt/sources.list.d/kubernetes.list
curl https://helm.baltorepo.com/organization/signing.asc | sudo apt-key add -
echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
apt-get update -y
apt-get install kubeadm=1.22.2-00 kubelet=1.22.2-00 kubectl=1.22.2-00 helm -y
#apt-get install kubelet kubeadm kubectl helm -y
#apt-mark hold kubelet kubeadm kubectl
echo "${RED}--Kubernetes INSTALL SUCCESS...--${NC}"
fi
echo "${RED}--System initialize Check...--${NC}"
if [ -f /etc/sysctl.d/k8s.conf ]; then
echo "${RED}--System initialized...PASS--${NC}"
else
echo "${RED}--Kubernetes initializing...--${NC}"
swapoff -a && sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe br_netfilter
cat <<EOF > /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
EOF
sysctl --system
systemctl daemon-reload
systemctl restart kubelet
systemctl enable kubelet
fi
echo "${RED}--Kubectx, Kubens Install Check...--${NC}"
if [ -f /usr/bin/kubectx ]; then
echo "${RED}--kubectx exist...PASS--${NC}"
else
echo "${RED}--Kubernetetes : kubectx + kubens downloading...--${NC}"
git clone https://github.com/ahmetb/kubectx
cp -r kubectx/kube* /usr/bin/
rm -rf ./kubectx
kubectx
kubens
fi
if [ -f ~/.kube/config ]; then
echo "${RED}--Kubernetes initialized...PASS--${NC}"
else
echo "${RED}--Kubernetes initializing...--${NC}"
internal_ip="$(hostname -I | awk {'print $1'})"
instance_public_ip="$(curl ifconfig.me --silent)"
echo '#### K8s Init ? ####'
echo '[Kubernetes Init Select]'
echo 'Network Add-on is [Flannel]'
echo 'Flannel Applying...'
pod_network_cidr="10.244.0.0/16"
kubeadm init --pod-network-cidr=${pod_network_cidr} --apiserver-cert-extra-sans "${internal_ip}"
mkdir -p $HOME/.kube &&
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config &&
chown $(id -u):$(id -g) $HOME/.kube/config
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
# all
_hostname="$(hostname)"
kubectl taint nodes --all node-role.kubernetes.io/master-
kubectl get configmaps -n kube-system kubeadm-config -o yaml | sed "s/ clusterName: kubernetes/ clusterName: ${_hostname}/g" | kubectl replace -f - &&
kubectl config set-context kubernetes-admin@kubernetes --cluster=${_hostname} &&
kubectl config set-context kubernetes-admin@kubernetes --user=${_hostname} &&
kubectl config rename-context kubernetes-admin@kubernetes ${_hostname} &&
sed -i "s/ name: kubernetes/ name: ${_hostname}/g" ~/.kube/config &&
sed -i "s/- name: kubernetes-admin/- name: ${_hostname}/g" ~/.kube/config &&
kubectl get nodes
kubectl -n kube-system create serviceaccount ${_hostname} &&
kubectl create clusterrolebinding ${_hostname} \
--clusterrole=cluster-admin \
--serviceaccount=kube-system:${_hostname}
echo "metallb install?"
read -r -p "Are You Sure? [Y/n] " input2
case $input2 in
[yY][eE][sS]|[yY])
echo "Yes"
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/metallb.yaml
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey='$(openssl rand -base64 128)'
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- ${instance_public_ip}/32
EOF
;;
[nN][oO]|[nN])
echo "No"
;;
*)
echo "Invalid input..."
exit 1
;;
esac
echo "octant install?"
read -r -p "Are You Sure? [Y/n] " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
if [ -d ~/octant/ ]; then
echo "${RED}--Octant exist...PASS--${NC}"
killall -9 octant
nohup ~/octant/octant --disable-open-browser --listener-addr 0.0.0.0:8900 &
echo "${GREEN}octant ip is 'http://$(curl ifconfig.me --silent):8900'${NC}"
else
echo "${RED}--Octant downloading...--${NC}"
wget https://github.com/vmware-tanzu/octant/releases/download/v0.24.0/octant_0.24.0_Linux-64bit.tar.gz
tar xvzf octant_0.24.0_Linux-64bit.tar.gz
mv ./octant_0.24.0_Linux-64bit ~/octant
nohup ~/octant/octant --disable-open-browser --listener-addr 0.0.0.0:8900 &
echo "${GREEN}octant ip is 'http://$(curl ifconfig.me --silent):8900'${NC}"
fi
;;
[nN][oO]|[nN])
echo "No"
;;
*)
echo "Invalid input..."
exit 1
;;
esac
fi
echo "${RED}--Script END--${NC}"
Raw
source
#!/usr/bin/env bash
read -r -p "${GREEN}Input Your Organization Name (example. org1, org2) : ${NC}" HLF_ORG2
export HLF_ORG="${HLF_ORG2}"
export _UUID="test"
export NAMESPACE="hlf-blockchain-${HLF_ORG}-${_UUID}"
export ORG_NAME="hlf-${HLF_ORG}"
export CA_RELEASE="${HLF_ORG}-${_UUID}-hlf-ca"
export CA_PATH="/data/hlf/${NAMESPACE}/${CA_RELEASE}"
export ORD_RELEASE="${HLF_ORG}-${_UUID}-hlf-ord"
export PEER_RELEASE="${HLF_ORG}-${_UUID}-hlf-peer"
export CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}")
echo "CA_POD_NAME is ${CA_POD_NAME}"
export CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo)
echo "CA_ADMIN is ${CA_ADMIN}"
export CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo)
echo "CA_PASSWORD is ${CA_PASSWORD}"
echo "env ok."
@taking
Copy link
Author

taking commented Oct 29, 2021
edited

helm

curl https://helm.baltorepo.com/organization/signing.asc | sudo apt-key add -
echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list
apt update
apt install helm -y

metallb

instance_public_ip="$(curl ifconfig.me --silent)"
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/master/manifests/metallb.yaml
kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey='$(openssl rand -base64 128)'
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ConfigMap
metadata:
  namespace: metallb-system
  name: config
data:
  config: |
    address-pools:
    - name: default
      protocol: layer2
      addresses:
      - 10.0.0.111/32
EOF

ingress-nginx 설치

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

helm install ingress-nginx ingress-nginx/ingress-nginx \
  --create-namespace \
  --namespace ingress-nginx

POD_NAME=$(kubectl get pods -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx -o jsonpath='{.items[0].metadata.name}')

sleep .5
kubectl exec -it $POD_NAME -n ingress-nginx -- /nginx-ingress-controller --version

(option) multi-ingress-nginx

helm install ingress-nginx ingress-nginx/ingress-nginx \
  --create-namespace \
  --namespace ingress-nginx-2 \
  --set controller.ingressClassResource.name=nginx-2 \
  --set controller.ingressClassResource.controllerValue="k8s.io/ingress-nginx-2" \
  --set controller.ingressClassResource.enabled=true \
  --set controller.ingressClassByName=true

If you need to install yet another instance, then repeat the procedure to create a new namespace, change the values like names & namespaces (for example from "-2" to "-3"), or anything else that meets your needs.

cert-manager 설치

helm repo add jetstack https://charts.jetstack.io
helm install cert-manager jetstack/cert-manager \
  --create-namespace \
  --namespace cert-manager \
  --version v1.6.0 \
  --set installCRDs=true

cert Issuer 생성 (Staging / Production)

cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-staging
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: my@email.com
    privateKeySecretRef:
      name: letsencrypt-staging
    solvers:
      - http01:
          ingress:
            class: nginx
EOF

cat <<EOF | kubectl apply -f -
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-production
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: my@email.com
    privateKeySecretRef:
      name: letsencrypt-production
    solvers:
      - http01:
          ingress:
            class: nginx
EOF

(option) hello-world

cat <<EOF | kubectl apply -f -
apiVersion: apps/v1
kind: Deployment
metadata:
  name: hello-world
  labels:
    app: hello-world
spec:
  replicas: 1
  selector:
    matchLabels:
      app: hello-world
  template:
    metadata:
      labels:
        app: hello-world
    spec:
      containers:
      - name: hello-world
        image: k8s.gcr.io/echoserver:1.4
        ports:
        - containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
  name: hello-world
spec:
  ports:
  - port: 8080
  selector:
    app: hello-world
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: hello-world-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-staging
spec:
  rules:
  - host: hlfabric.xyz
    http:
      paths:
      - pathType: Prefix
        path: "/"
        backend:
          service:
            name: hello-world
            port:
              number: 8080
  tls:
  - hosts:
    - hlfabric.xyz
EOF

@taking
Copy link
Author

taking commented Nov 16, 2021
edited

다른 버전

#!/bin/bash

RED=`tput setaf 1`
GREEN=`tput setaf 2`
NC=`tput sgr0`

#apt install jq -y


get_latest_release() {
  curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub api
    grep '"tag_name":' |                                            # Get tag line
    sed -E 's/.*"([^"]+)".*/\1/' |                                    # Pluck JSON value
    cut -c 2-
}

read -r -p "${GREEN}Input Your Organization Name (example. org1, org2) : ${NC}" HLF_ORG

# _UUID="$(uuidgen)"
_UUID="test"
NAMESPACE="hlf-blockchain-${HLF_ORG}-${_UUID}"
ORG_NAME="hlf-${HLF_ORG}"

CA_RELEASE="${HLF_ORG}-${_UUID}-hlf-ca"
CA_PATH="/data/hlf/${NAMESPACE}"
ORD_RELEASE="${HLF_ORG}-${_UUID}-hlf-ord"
PEER_RELEASE="${HLF_ORG}-${_UUID}-hlf-peer"
hlf_ver=$(get_latest_release hyperledger/fabric)

# # all
# _hostname="cluster-1"
# kubectl taint nodes --all node-role.kubernetes.io/master-
# kubectl get configmaps -n kube-system kubeadm-config -o yaml | sed "s/    clusterName: kubernetes/    clusterName: ${_hostname}/g" | kubectl replace -f - &&
# kubectl config set-context kubernetes-admin@kubernetes --cluster=${_hostname}
# kubectl config set-context kubernetes-admin@kubernetes --user=${_hostname}
# kubectl config rename-context kubernetes-admin@kubernetes ${_hostname}
# sed -i "s/  name: kubernetes/  name: ${_hostname}/g" ~/.kube/config
# sed -i "s/- name: kubernetes-admin/- name: ${_hostname}/g" ~/.kube/config
# kubectl get nodes --show-labels

# kubectl create serviceaccount ${_hostname} -n kube-system
# kubectl create clusterrolebinding ${_hostname} \
#   --clusterrole=cluster-admin \
#   --serviceaccount=kube-system:${_hostname}

CLUSTER_NAME="hlf-master"
# APISERVER=$(kubectl config view --minify -o jsonpath='{.clusters[0].cluster.server}')
APISERVER=$(kubectl config view -o jsonpath="{.clusters[?(@.name==\"$CLUSTER_NAME\")].cluster.server}")
# TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode)
TOKEN=$(kubectl get secrets -n kube-system -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='${CLUSTER_NAME}')].data.token}"|base64 --decode)
NAMESPACE_CHECK=$(curl -s -o /dev/null -w "%{http_code}" -X GET $APISERVER/api/v1/namespaces/${NAMESPACE} --header "Authorization: Bearer $TOKEN" --insecure)

if [[ $NAMESPACE_CHECK == *"404"* ]]; then
    echo "${RED}--namespace not exist--${NC}"
    # -f /data/hlf/${NAMESPACE}/${RELEASE} 
else
    echo "${RED}--namespace exist...--${NC}"
    
    read -r -p "USER EXIST RESET? (name is ${NAMESPACE}) : " input
    case $input in
        [yY][eE][sS]|[yY])
    		    echo "Yes"
            # helm uninstall ${CA_RELEASE} -n ${NAMESPACE}
            kubectl delete ns ${NAMESPACE} --force
            kubectl delete pvc --namespace ${NAMESPACE} -l "hlf-release=${CA_RELEASE}" --force
            kubectl delete pv -l "hlf-release=${CA_RELEASE}" --force
            kubectl delete pv -l "hlf-release=${ORD_RELEASE}" --force
            rm -rf /data/hlf/${NAMESPACE}
            echo "${GREEN} uninstall complete ${NC}"
        exit 1
		    ;;
        [nN][oO]|[nN])
		    echo "No"
       		    ;;
        *)
	    echo "Invalid input..."
	    exit 1
	    ;;
    esac
fi


#########################################################################################################
# Hyperledger Fabric Binary
echo "${RED}--Hyperledger Fabric Binary Check...--${NC}"

if [ -f /usr/local/bin/cryptogen ]; then
    echo "${RED}--HLF exist.. PASS--${NC}"
    echo "${GREEN}--cryptogen , configtxgen --${NC}"
else
    echo "${RED}--Hyperledger Fabric Binary downloading...--${NC}"
    cd ~/
    wget https://github.com/hyperledger/fabric/releases/download/v${hlf_ver}/hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz
    mkdir ./hyperledger-fabric-${hlf_ver}
    tar -xvzf hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz -C ./hyperledger-fabric-${hlf_ver}
    cp -r ./hyperledger-fabric-${hlf_ver}/bin/configtxgen /usr/local/bin/
    cp -r ./hyperledger-fabric-${hlf_ver}/bin/cryptogen /usr/local/bin/
    rm -rf hyperledger-fabric-linux-amd64-${hlf_ver}.tar.gz
    cryptogen version
fi

echo "${RED}--HLF end--${NC}"


echo "${GREEN} Namespace creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
  name: ${NAMESPACE}
  labels:
    hlf-release: ${CA_RELEASE}
EOF
echo -e "${GREEN} Namespace created ${NC} \n"


echo "${RED}--HLF configtx.yaml generating...--${NC}"
#read -r -p "${GREEN}Input Your Organization MSP ID (example. ordererMSP) : ${NC}" HLF_ORD_MSP
mkdir -p ${CA_PATH}/

# TODO: crypto-config 및 configtx 자동 생성 함수 만들기 (go)
cat <<EOF > ${CA_PATH}/crypto-config.yaml
OrdererOrgs:
- Name: Orderer
  Domain: innogrid.tech
  # EnableNodeOUs: true
  Specs:
  - Hostname: orderer0
PeerOrgs:
- Name: strategy1teamMSP
  Domain: team1.innogrid.tech
  # EnableNodeOUs: true
  # 피어 수
  Template:
    Count: 3
  # 사용자 수
  Users:
    Count: 1
- Name: strategy2teamMSP
  Domain: team2.innogrid.tech
  # EnableNodeOUs: true
  # 피어 수
  Template:
    Count: 3
  # 사용자 수
  Users:
    Count: 1
EOF

cd ${CA_PATH}/
cryptogen generate --config=${CA_PATH}/crypto-config.yaml
echo "cryptogen success"
ls -al ${CA_PATH}/crypto-config/
# sleep 1
# mv ${CA_PATH}/config/crypto-config/* ${CA_PATH}/crypto-config/


cat <<EOF > ${CA_PATH}/configtx.yaml
Organizations: # 조직 설정
  - &strategy
    Name: strategyMSP # 조직 이름(오더러)
    ID: ${HLF_ORD_MSP:-strategyMSP} # 조직 MSP ID
    # 발급받은 조직 msp 경로
    MSPDir: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp 
    Policies: &OrgPolicies
        Readers:
            Type: Signature
            Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')"
        Writers:
            Type: Signature
            Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')"
        Admins:
            Type: Signature
            Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.admin')"
        Endorsement:
            Type: Signature
            Rule: "OR('${HLF_ORD_MSP:-strategyMSP}.member')"
  - &strategy1team
    Name: strategy1teamMSP # 조직 이름(피어)
    ID: ${HLF_PEER_MSP:-strategy1teamMSP} # 조직 MSP ID
    # 발급받은 조직 msp 경로
    MSPDir: ${CA_PATH}/crypto-config/peerOrganizations/team1.innogrid.tech/msp
    Policies:
        Readers:
            Type: Signature
            Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin', '${HLF_PEER_MSP:-strategy1teamMSP}.peer', '${HLF_PEER_MSP:-strategy1teamMSP}.client')"
        Writers:
            Type: Signature
            Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin', '${HLF_PEER_MSP:-strategy1teamMSP}.client')"
        Admins:
            Type: Signature
            Rule: "OR('${HLF_PEER_MSP:-strategy1teamMSP}.admin')"
        # Endorsement:
        #     Type: Signature
        #     Rule: "OR('${HLF_PEER_MSP:-strategyMSP}.member')"
    AnchorPeers: # 앵커피어 설정 (보통 0번피어를 앵커피어로 지정한다)
       - Host: peer0.team1.innogrid.tech
         Port: 7051
  - &strategy2team
    Name: strategy2teamMSP # 조직 이름(피어)
    ID: ${HLF_PEER_MSP:-strategy2teamMSP} # 조직 MSP ID
    # 발급받은 조직 msp 경로
    MSPDir: ${CA_PATH}/crypto-config/peerOrganizations/team2.innogrid.tech/msp
    Policies:
        Readers:
            Type: Signature
            Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin', '${HLF_PEER_MSP:-strategy2teamMSP}.peer', '${HLF_PEER_MSP:-strategy2teamMSP}.client')"
        Writers:
            Type: Signature
            Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin', '${HLF_PEER_MSP:-strategy2teamMSP}.client')"
        Admins:
            Type: Signature
            Rule: "OR('${HLF_PEER_MSP:-strategy2teamMSP}.admin')"
        # Endorsement:
        #     Type: Signature
        #     Rule: "OR('${HLF_PEER_MSP:-strategyMSP}.member')"
    AnchorPeers: # 앵커피어 설정 (보통 0번피어를 앵커피어로 지정한다)
       - Host: peer0.team2.innogrid.tech
         Port: 7051         
Capabilities:
    Channel: &ChannelCapabilities
        V2_0: true
    Orderer: &OrdererCapabilities
        V2_0: true
    Application: &ApplicationCapabilities
        V2_0: true
Application: &ApplicationDefaults
    # ACLs:
    #   _lifecycle/CheckCommitReadiness: /Channel/Application/Writers
    #   _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
    #   _lifecycle/QueryChaincodeDefinition: /Channel/Application/Readers
    #   _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Readers
    #   lscc/ChaincodeExists: /Channel/Application/Readers
    #   lscc/GetDeploymentSpec: /Channel/Application/Readers
    #   lscc/GetChaincodeData: /Channel/Application/Readers
    #   lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
    #   qscc/GetChainInfo: /Channel/Application/Readers
    #   qscc/GetBlockByNumber: /Channel/Application/Readers
    #   qscc/GetBlockByHash: /Channel/Application/Readers
    #   qscc/GetTransactionByID: /Channel/Application/Readers
    #   qscc/GetBlockByTxID: /Channel/Application/Readers
    #   cscc/GetConfigBlock: /Channel/Application/Readers
    #   cscc/GetConfigTree: /Channel/Application/Readers
    #   cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
    #   peer/Propose: /Channel/Application/Writers
    #   peer/ChaincodeToChaincode: /Channel/Application/Readers
    #   event/Block: /Channel/Application/Readers
    #   event/FilteredBlock: /Channel/Application/Readers
    Organizations:
    Policies: &ApplicationDefaultPolicies # Application 정책 설정
        LifecycleEndorsement:
            Type: ImplicitMeta
            Rule: "ANY Endorsement"
        Endorsement:
            Type: ImplicitMeta
            Rule: "ANY Endorsement"
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
          Type: ImplicitMeta
          Rule: "MAJORITY Admins"
        # Admins:
        #     Type: Signature
        #     Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Application 관련 정책은 apeer조직의 어드인 서명이 필요함
        # LifecycleEndorsement:
        #   Type: Signature
        #   Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.peer')"
        # Endorsement:
        #   Type: Signature
        #   Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.peer')"
    Capabilities:
        <<: *ApplicationCapabilities
Orderer: &OrdererDefaults
    OrdererType: etcdraft                               # 오더링 방식(sole, kafka, etcdraft)
    Addresses:
        - orderer0:7050
    BatchTimeout: 2s                                    # 배치 타임아웃 설정
    BatchSize:
        MaxMessageCount: 500                             # 블록당 최대 트렌젝션 개수
        AbsoluteMaxBytes: 10 MB
        PreferredMaxBytes: 2 MB                        # 블록 최대 크기
    EtcdRaft: &EtcdRaftDefaults
        Consenters:
          - Host: orderer0                              # 오더러 정보 호스트(ip)
            Port: 7050                                  # 오더러 포트
            ClientTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer0.innogrid.tech/tls/server.crt
            ServerTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer0.innogrid.tech/tls/server.key
          - Host: orderer1                              # 오더러 정보 호스트(ip)
            Port: 7050                                  # 오더러 포트
            ClientTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer1.innogrid.tech/tls/server.crt
            ServerTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer1.innogrid.tech/tls/server.key
          - Host: orderer2                              # 오더러 정보 호스트(ip)
            Port: 7050                                  # 오더러 포트
            ClientTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer2.innogrid.tech/tls/server.crt
            ServerTLSCert: ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/orderers/orderer2.innogrid.tech/tls/server.key
        Options:
            TickInterval: 500ms
            ElectionTick: 10
            MaxInflightBlocks: 5
            SnapshotIntervalSize: 20 MB
    Organizations:
    # - *OrdererOrg
    Policies:
        Readers:
            Type: ImplicitMeta                          # 정책 타입 (Signature(서명), ImplicitMeta)
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
          Type: ImplicitMeta
          Rule: "MAJORITY Admins"
        # Admins:
        #     Type: Signature
        #     Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Orderer 관련 정책은 apeer조직의 어드인 서명이 필요함
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"
    Capabilities:
        <<: *ChannelCapabilities
Channel: &ChannelDefaults
    Policies:                    # Channel 정책 설정
        Readers:                 # 읽기 정책 
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:                 # 쓰기 정책 
            Type: ImplicitMeta
            Rule: "ANY Writers"
        # Admins:                  # 어드민 정책 
        #     Type: Signature
        #     Rule: "OR('${HLF_PEER_MSP:-apeerMSP}.admin')" # Channel 관련 정책은 apeer조직의 어드인 서명이 필요함
        Admins:
          Type: ImplicitMeta
          Rule: "MAJORITY Admins"
    Capabilities:
        <<: *ChannelCapabilities
# 실질적인 트렌젝션, Genesis 블록은 아래 설정을 참조하여 생성된다.
# configtx.yaml 파일 윗부분에 작성한 것들을 참조하여 최종 프로파일을 만든다.
Profiles:
    OrdererGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *strategy

        Consortiums:
            HlfConsortium:
                Organizations:
                - *strategy1team
                - *strategy2team
# Channel
    common:
      Consortium: HlfConsortium
      <<: *ChannelDefaults
      Application:
          <<: *ApplicationDefaults
          Organizations:
              - *strategy1team
              - *strategy2team

    private-team1-team2:
        Consortium: HlfConsortium
        <<: *ChannelDefaults
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *strategy1team
                - *strategy2team
EOF
echo "${RED}--HLF configtx.yaml generated..--${NC}"



echo "${RED}--HLF configtxgen generating..--${NC}"
mkdir ${CA_PATH}/channel-artifacts/

echo "${RED}--(1/3) HLF configtxgen Create Genesis Block generating..--${NC}"
# Genesis block 생성
configtxgen -configPath ${CA_PATH}/crypto-config/ -profile OrdererGenesis -outputBlock ${CA_PATH}/channel-artifacts/genesis.block -channelID ordererchannel


echo "${RED}--(2/3) HLF configtxgen Create Channel Tx generating..--${NC}"
# 채널 생성 트렌젝션 생성 (채널명은 testchannel로 한다)
configtxgen -configPath ${CA_PATH}/ -profile common -outputCreateChannelTx ${CA_PATH}/channel-artifacts/channel.tx -channelID mychannel

echo "${RED}--(3/3) HLF configtxgen Create AnchorPeers Tx generating..--${NC}"
# 앵커피어 설정 트렌젝션 생성
configtxgen -configPath ${CA_PATH}/ -profile common -outputAnchorPeersUpdate ${CA_PATH}/channel-artifacts/strategy1teamMSPanchors.tx -channelID mychannel -asOrg strategy1team

configtxgen -configPath ${CA_PATH}/ -profile common -outputAnchorPeersUpdate ${CA_PATH}/channel-artifacts/strategy2teamMSPanchors.tx -channelID mychannel -asOrg strategy2team


echo "${RED}--HLF configtxgen generated..--${NC}"
ls -al ${CA_PATH}/channel-artifacts/

echo "${RED}--HLF Genesis block and Channel Secret Creating...--${NC}"
kubectl create secret generic -n ${NAMESPACE} hlf--genesis --from-file=${CA_PATH}/channel-artifacts/genesis.block
kubectl create secret generic -n ${NAMESPACE} hlf--channel --from-file=${CA_PATH}/channel-artifacts/channel.tx
echo "${RED}--HLF Genesis block and Channel Secret Created...--${NC}"
########################################
########################################


echo "${GREEN} StorageClass creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
EOF
echo -e "${GREEN} StorageClass created ${NC} \n"


# kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml

echo "${GREEN} PersistentVolume creating... ${NC}"
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
  name: ${CA_RELEASE}
  namespace: ${NAMESPACE}
  labels:
    hlf-release: ${CA_RELEASE}
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 5Gi
  claimRef:
    name: ${CA_RELEASE}
    namespace: ${NAMESPACE}
  hostPath:
    path: /data/hlf/${NAMESPACE}/${CA_RELEASE}
  persistentVolumeReclaimPolicy: Delete
  storageClassName: local-storage
  volumeMode: Filesystem
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: ${CA_RELEASE}
  namespace: ${NAMESPACE}
  labels:
    hlf-release: ${CA_RELEASE}
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: local-storage
EOF
echo -e "${GREEN} PersistentVolume created ${NC} \n"


# first - Peer Organization 1
# Hyperledger Fabric CA
echo "${GREEN} helm HLF-CA install ${NC}"

helm repo add owkin https://owkin.github.io/charts
helm repo update

helm install ${CA_RELEASE} owkin/hlf-ca --version 2.0.1 \
  --namespace ${NAMESPACE} \
  --set image.repository="hyperledger/fabric-ca" \
  --set image.tag="1.5.2" \
  --set config.hlfToolsVersion="1.5.2" \
  --set caName=${CA_RELEASE} \
  --set adminUsername=ca-admin,adminPassword=innogrid \
  --set persistence.enabled=true \
  --set persistence.existingClaim="${CA_RELEASE}" \
  --set persistence.storageClass="local-storage" \
  --set nodeSelector."node-role\\.kubernetes\\.io/master"=
  # --set config.csr.names.c=KR \
  # --set config.csr.names.st=Daejeon \
  # --set config.csr.names.o=Etri \
  # --set config.csr.names.ou=Blockchain \
#   --set config.mountTLS=true
# --create-namespace

# kubectl label ns ${NAMESPACE} hlf-release=${CA_RELEASE}


CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}")
CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo)
CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo)

sleep 3s

kubectl logs -n ${NAMESPACE} ${CA_POD_NAME} | grep "Listening on"

echo -e "${GREEN} helm installed ${NC} \n"

echo -e "\n ${GREEN} Data Folder creating... ${NC}"
mkdir -p ${CA_PATH}
ls -al ${CA_PATH}
echo -e "${GREEN} Data Folder created ${NC} \n"

while true ; do
    echo "${GREEN} HLF-CA Preparing... ${NC}"
    CA_RUNNING_CHECK=$(curl -s -X GET $APISERVER/api/v1/namespaces/${NAMESPACE}/pods/${CA_POD_NAME} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase')
    CA_PV_CHECK=$(curl -s -X GET $APISERVER/api/v1/persistentvolumes/${CA_RELEASE} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase')
    CA_PVC_CHECK=$(curl -s -X GET $APISERVER/api/v1/namespaces/${NAMESPACE}/persistentvolumeclaims/${CA_RELEASE} --header "Authorization: Bearer $TOKEN" --insecure | jq '.status.phase')
    echo " - CA_POD Status phase is : ${CA_RUNNING_CHECK}"
    echo " - CA_PV Status phase is : ${CA_PV_CHECK}"
    echo " - CA_PVC Status phase is : ${CA_PVC_CHECK}"
    if [[ $CA_RUNNING_CHECK == *"Running"* ]]; then
        echo -e "${GREEN} HLF-CA Installed Got it... ${NC} \n"
        break
    fi
    sleep 5s
done

read -r -p "simple? : " input
case $input in
    [yY][eE][sS]|[yY])
        echo "Yes"
    exit 1
    ;;
    [nN][oO]|[nN])
    echo "No"
          ;;
    *)
  echo "Invalid input..."
  exit 1
  ;;
esac

SERVICE_DNS="0.0.0.0"

#########################################################################################################
# Fabric CA
kubectl exec --namespace ${NAMESPACE} ${CA_POD_NAME} -- sh -c "fabric-ca-client enroll -d -u http://${CA_ADMIN}:${CA_PASSWORD}@${SERVICE_DNS}:7054"
#########################################################################################################
SERVER_TLS=$(cat ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp/signcerts/cert.pem)
ca--tls

########################################
########################################

#Orderer CA Secret

echo "${RED}--Fabric CA Cert Secret Generating..--${NC}"
ORG_CERT=$(cat ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp/signcerts/cert.pem)
ORG_KEY=$(cat ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp/keystore/*_sk)
CA_CERT=$(cat ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp/cacerts/*.pem)
CA_CERT_NAME=$(find ${CA_PATH}/crypto-config/ordererOrganizations/innogrid.tech/msp/cacerts/*.pem  -printf "%f\n")

kubectl create secret generic -n ${NAMESPACE} ${CA_RELEASE}--admin-secret \
  --from-literal=cacert.pem="$CA_CERT" \
  --from-literal=cert.pem="$ORG_CERT" \
  --from-literal=config.yaml="$CONFIG" \
  --from-literal=key.pem="$ORG_KEY"
  


########################################
########################################
########################################
########################################

# # second - Hyperledger Fabric Peer
# echo "${GREEN} helm HLF-PEER install ${NC}"

# MSP_ID="${HLF_ORG}-MSP"

# helm install ${CA_RELEASE} owkin/hlf-peer \
#   --create-namespace \
#   --namespace ${NAMESPACE} \
#   --peer.mspID=${MSP_ID} \
#   --set persistence.storageClass="local-storage" \
#   --set peer.databaseType="CouchDB" \
#   --set peer.couchdbSecret="cdb1-hlf-couchdb"


# CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}")
# CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo)
# CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo)

# echo -e "${GREEN} helm installed ${NC} \n"

# echo -e "\n ${GREEN} Data Folder creating... ${NC}"
# mkdir -p ${CA_PATH}
# ls -al ${CA_PATH}
# echo -e "${GREEN} Data Folder created ${NC} \n"

# echo "${GREEN} PersistentVolume creating... ${NC}"
# cat <<EOF | kubectl apply -f -
# apiVersion: v1
# kind: PersistentVolume
# metadata:
#   name: ${CA_RELEASE}
#   namespace: ${NAMESPACE}
# spec:
#   accessModes:
#   - ReadWriteOnce
#   capacity:
#     storage: 5Gi
#   claimRef:
#     name: ${CA_RELEASE}
#     namespace: ${NAMESPACE}
#   hostPath:
#     path: /data/hlf/${NAMESPACE}/${CA_RELEASE}
#   persistentVolumeReclaimPolicy: Delete
#   storageClassName: local-storage
#   volumeMode: Filesystem
# EOF
# echo -e "${GREEN} PersistentVolume created ${NC} \n"

########################################

# third - Hyperledger Fabric Orderer
echo "${GREEN} helm HLF-Orderer install ${NC}"

MSP_ID="${HLF_ORG:-ordererMSP}"

# read -r -p "how many Orderers are there in total ? : " ORD_CNT

for i in $(seq 0 2);
  do
    echo "${GREEN} (${i}/2) orderer${i} ${NC}"

    mkdir -p /data/hlf/${NAMESPACE}/${ORD_RELEASE}${i}

    echo "${GREEN} PersistentVolume creating... ${NC}"
    cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: PersistentVolume
metadata:
  name: ${ORD_RELEASE}${i}
  namespace: ${NAMESPACE}
  labels:
    hlf-release: ${ORD_RELEASE}
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 5Gi
  claimRef:
    name: ${ORD_RELEASE}${i}
    namespace: ${NAMESPACE}
  hostPath:
    path: /data/hlf/${NAMESPACE}/${ORD_RELEASE}${i}
  persistentVolumeReclaimPolicy: Delete
  storageClassName: local-storage
  volumeMode: Filesystem
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: ${ORD_RELEASE}${i}
  namespace: ${NAMESPACE}
  labels:
    hlf-release: ${ORD_RELEASE}
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: local-storage
EOF
    echo -e "${GREEN} PersistentVolume created ${NC} \n"

# --set ord.mspID=${MSP_ID:-ordererMSP} \
    echo -e "${GREEN} Helm Installing... ${NC} \n"
    helm install ${ORD_RELEASE}${i} owkin/hlf-ord \
      --namespace ${NAMESPACE} \
      --set image.repository="hyperledger/fabric-orderer" \
      --set image.tag="2.4" \
      --set ord.type="etcdraft" \
      --set ord.mspID=${MSP_ID:-strategyMSP} \
      --set persistence.enabled=true \
      --set persistence.existingClaim="${ORD_RELEASE}${i}" \
      --set persistence.storageClass="local-storage" \
      --set nodeSelector."node-role\\.kubernetes\\.io/master"= \
      --set secrets.ord.cert=${CA_RELEASE}-ord${i}--secret \
      --set secrets.ord.key=${CA_RELEASE}-ord${i}--secret \
      --set secrets.ord.cred=${CA_RELEASE}-ord${i}--secret \
      --set secrets.ord.caCert=${CA_RELEASE}-ord${i}--secret \
      --set secrets.adminCert=${CA_RELEASE}-ord0--secret \
      --set secrets.genesis=hlf--genesis
      # --set secrets.ord.tls=${CA_RELEASE}-ord${i}--secret \
      # --set secrets.ord.tlsClient=${CA_RELEASE}-ord${i}--secret
      # --set ord.tls.server.enabled=true \
      # --set ord.tls.client.enabled=true \
      
    echo -e "${GREEN} helm installed ${NC} \n"
    
done

hlf-source-test

#!/usr/bin/env bash

read -r -p "${GREEN}Input Your Organization Name (example. org1, org2) : ${NC}" HLF_ORG2

export HLF_ORG="${HLF_ORG2}"
export _UUID="test"
export NAMESPACE="hlf-blockchain-${HLF_ORG}-${_UUID}"
export ORG_NAME="hlf-${HLF_ORG}"
export CA_RELEASE="${HLF_ORG}-${_UUID}-hlf-ca"
export CA_PATH="/data/hlf/${NAMESPACE}/${CA_RELEASE}"
export ORD_RELEASE="${HLF_ORG}-${_UUID}-hlf-ord"
export PEER_RELEASE="${HLF_ORG}-${_UUID}-hlf-peer"
export CA_POD_NAME=$(kubectl get pods --namespace ${NAMESPACE} -l "app=hlf-ca,release=${CA_RELEASE}" -o jsonpath="{.items[0].metadata.name}")
echo "CA_POD_NAME is ${CA_POD_NAME}"
export CA_ADMIN=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_ADMIN}" | base64 --decode; echo)
echo "CA_ADMIN is ${CA_ADMIN}"
export CA_PASSWORD=$(kubectl get secret --namespace ${NAMESPACE} ${CA_RELEASE}--ca -o jsonpath="{.data.CA_PASSWORD}" | base64 --decode; echo)
echo "CA_PASSWORD is ${CA_PASSWORD}"

echo "env ok."

@taking
Copy link
Author

taking commented Nov 17, 2021
edited

https://githubmemory.com/repo/JulianD267/Hyperledger-Fabric2-0-configurator

OrdererOrgs:
- Name: Orderer
  Domain: innogrid.tech
  EnableNodeOUs: true
  Specs:
  - Hostname: orderer0
  # - Hostname: orderer1
  # - Hostname: orderer2
  # - Hostname: orderer3
  # - Hostname: orderer4
  - SANS:
    - localhost
    - 127.0.0.1
PeerOrgs:
- Name: Org1
  Domain: org1.dredev.de
  EnableNodeOUs: true
  Template:
    Count: 2
    SANS:
    - localhost
    - 127.0.0.1
  Users:
    Count: 1
- Name: Org2
  Domain: org2.dredev.de
  EnableNodeOUs: true
  Template:
    Count: 2
    SANS:
    - localhost
    - 127.0.0.1
  Users:
    Count: 1

@taking
Copy link
Author

taking commented Jan 25, 2022

Sample

git clone https://github.com/harishgupta/fabric-k8s.git
cd fabric-k8s
mkdir -p /data/hlf/
kubectl create configmap kubetest-genesis --from-file=genesis.block
cp -pr fabric-files /data/hlf/fabric-files
cat <<EOF | kubectl apply -f -
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-fabric
  labels:
    type: local
    name: fabricfiles
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 5Gi
  hostPath:
    path: /data/hlf/fabric-files
  persistentVolumeReclaimPolicy: Delete
  storageClassName: local-storage
  volumeMode: Filesystem
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc-fabric
spec:
  selector:
    matchLabels:
      name: fabricfiles
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi
  storageClassName: local-storage
EOF
kubectl create -f kube.yaml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment