diff --git a/Dockerfile b/Dockerfile
index 90f1a3a2e57..efd13264b1e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,13 +3,11 @@
#
# SPDX-License-Identifier: Apache-2.0
##############################################################################################
-
# USAGE:
# docker build . -t bevel-build
# docker run -v $(pwd):/home/bevel/ bevel-build
FROM ubuntu:20.04
-
# Create working directory
WORKDIR /home/
ENV OPENSHIFT_VERSION='0.13.1'
@@ -32,7 +30,6 @@ RUN wget https://download.java.net/java/GA/jdk14/076bab302c7b4508975440c56f6cc26
&& tar xvf openjdk-14_linux-x64_bin.tar.gz \
&& rm openjdk-14_linux-x64_bin.tar.gz
-
RUN apt-get update && apt-get install -y \
python3-pip && \
pip3 install --no-cache --upgrade pip setuptools wheel && \
@@ -44,7 +41,7 @@ RUN apt-get update && apt-get install -y \
rm -rf /var/lib/apt/lists/*
# base58 is needed in Substrate to encode nodeids
-RUN snap install base58
+RUN pip3 install base58
RUN npm install -g ajv-cli
RUN apt-get update && apt-get install -y python3-venv
@@ -53,14 +50,23 @@ RUN rm /etc/apt/apt.conf.d/docker-clean
RUN mkdir /etc/ansible/
RUN /bin/echo -e "[ansible_provisioners:children]\nlocal\n[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts
+# Install krew for bevel-operator-fabric
+RUN (set -x; cd "$(mktemp -d)" && \
+ OS="$(uname | tr '[:upper:]' '[:lower:]')" && \
+ ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" && \
+ KREW="krew-${OS}_${ARCH}" && \
+ curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" && \
+ tar zxvf "${KREW}.tar.gz" && \
+ ./"${KREW}" install krew)
+
# Copy the provisional script to build container
COPY ./run.sh /home
COPY ./reset.sh /home
RUN chmod 755 /home/run.sh
RUN chmod 755 /home/reset.sh
-ENV PATH=/root/bin:/root/.local/bin/:$PATH
+
ENV JAVA_HOME=/home/jdk-14
-ENV PATH=/home/jdk-14/bin:$PATH
+ENV PATH=~/.krew/bin:/home/jdk-14/bin:/root/bin:/root/.local/bin/:$PATH
# The mounted repo should contain a build folder with the following files
# 1) K8s config file as config
@@ -69,6 +75,4 @@ ENV PATH=/home/jdk-14/bin:$PATH
#path to mount the repo
VOLUME /home/bevel/
-
-
CMD ["/home/run.sh"]
diff --git a/docs/source/operationalguide.rst b/docs/source/operationalguide.rst
index 1c6d74bebac..d292409187b 100644
--- a/docs/source/operationalguide.rst
+++ b/docs/source/operationalguide.rst
@@ -33,6 +33,7 @@ Fabric operations
operations/upgrade_fabricnetwork_1.4.x_2.2.x
operations/setup_cactus_connector_fabric
operations/external_chaincode
+ operations/deploy_operator_fabric
Corda operations
-----------------------
diff --git a/docs/source/operations/deploy_operator_fabric.md b/docs/source/operations/deploy_operator_fabric.md
new file mode 100644
index 00000000000..55fa7f32e75
--- /dev/null
+++ b/docs/source/operations/deploy_operator_fabric.md
@@ -0,0 +1,53 @@
+[//]: # (##############################################################################################)
+[//]: # (Copyright Accenture. All Rights Reserved.)
+[//]: # (SPDX-License-Identifier: Apache-2.0)
+[//]: # (##############################################################################################)
+
+
+# Deploy Fabric Network using Operator
+
+ - [Introduction](#introduction)
+ - [Modifying Configuration File](#modifying-configuration-file)
+ - [Run playbook](#run-playbook)
+
+## Introduction
+The [bevel-operator-fabric](https://github.com/hyperledger/bevel-operator-fabric) provides a different approach to deploying the Fabric Network. It uses
+the kubernetes operator to deploy CAs, Orderers and Peers.
+This release supports bevel-operator-fabric version 1.9.0 and all the Fabric platforms supported by it. Also, chaincode and user/certificate management is not yet supported, there will be separate issues to handle this. Current implementation supports till Channel creation and joining.
+
+Due to open issues with bevel-operator-fabric, it is not recommended for Production workloads yet.
+
+---
+**NOTE**: The bevel-operator-fabric deployment has been tested only for Fabric 2.5.3
+
+---
+
+## Modifying Configuration File
+
+A Sample configuration file for deploying using bevel-operator-fabric is available [here](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/configuration/samples/network-operator-fabric.yaml). Following are the main changes in this file from previous versions:
+
+1. `network.env.type` must be `operator`. This is how Ansible will understand that bevel-operator-fabric will be used.
+1. `network.env.proxy` must be `istio` as no other proxy is supported by bevel-operator-fabric.
+1. Only `443` is supported as external port because that is what bevel-operator-fabric supports.
+1. `vault` and `gitops` sections are removed as they are not applicable.
+
+For generic instructions on the Fabric configuration file, refer [this guide](./fabric_networkyaml.md).
+
+
+## Run playbook
+
+After all the configurations are updated in the `network.yaml`, execute the following to create the DLT network
+```
+# Run the provisioning scripts
+ansible-playbook platforms/shared/configuration/site.yaml -e "@./build/network.yaml"
+
+```
+The `site.yaml` playbook, in turn calls various playbooks depending on the configuration file and sets up your DLT/Blockchain network.
+
+The [deploy-fabric-console.yaml](https://github.com/hyperledger/bevel/tree/main/platforms/hyperledger-fabric/configuration/deploy-operator-network.yaml) playbook can be used as well if the pre-requisites like Istio and krew is already installed. This can be done using the following command
+
+```
+ansible-playbook platforms/hyperledger-fabric/configuration/deploy-operator-network.yaml -e "@/path/to/network.yaml"
+```
+
+Refer to [bevel-operator-fabric docs](https://hyperledger.github.io/bevel-operator-fabric/) for details the operator and latest releases.
diff --git a/platforms/hyperledger-fabric/configuration/cleanup.yaml b/platforms/hyperledger-fabric/configuration/cleanup.yaml
index 1d0e66adcd0..68079c0386a 100644
--- a/platforms/hyperledger-fabric/configuration/cleanup.yaml
+++ b/platforms/hyperledger-fabric/configuration/cleanup.yaml
@@ -27,6 +27,7 @@
services: "{{ item.services }}"
kubernetes: "{{ item.k8s }}"
loop: "{{ network['organizations'] }}"
+ when: network.env.type != 'operator'
# Delete genesis
- include_role:
@@ -34,13 +35,20 @@
vars:
component_name: "{{ item.name | lower }}-net"
loop: "{{ network['organizations'] }}"
- when: item.type == "orderer"
+ when:
+ - item.type == "orderer"
+ - network.env.type != 'operator'
- # delete orderer certs directory
- - name: Remove orderers certs directory
- file:
- path: "{{ playbook_dir }}/../charts/catools/certs"
- state: absent
+ - include_role:
+ name: "delete/operator"
+ vars:
+ component_name: "{{ item.name | lower }}-net"
+ org_name: "{{ item.name | lower }}"
+ component_type: "{{ item.type | lower }}"
+ services: "{{ item.services }}"
+ kubernetes: "{{ item.k8s }}"
+ loop: "{{ network['organizations'] }}"
+ when: network.env.type == 'operator'
# delete build directory
- name: Remove build directory
diff --git a/platforms/hyperledger-fabric/configuration/deploy-operator-network.yaml b/platforms/hyperledger-fabric/configuration/deploy-operator-network.yaml
new file mode 100644
index 00000000000..92f33a15cbf
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/deploy-operator-network.yaml
@@ -0,0 +1,119 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+# This playbook deploys a DLT network on existing Kubernetes clusters
+# The Kubernetes clusters should already be created and the infomation to connect to the
+# clusters be updated in the network.yaml file that is used as an input to this playbook
+###########################################################################################
+# To Run this playbook from this directory, use the following command (network.yaml also in this directory)
+# ansible-playbook deploy-network.yaml -e "@./network.yaml"
+############################################################################################
+# Please ensure that the ../../shared/configuration playbooks have been run using the same network.yaml
+---
+ # This will apply to ansible_provisioners. /etc/ansible/hosts should be configured with this group
+- hosts: ansible_provisioners
+ gather_facts: no
+ no_log: "{{ no_ansible_log | default(false) }}"
+ tasks:
+ # delete build directory
+ - name: Remove build directory
+ file:
+ path: "./build"
+ state: absent
+
+ - name: Create namespace for each organization
+ include_role:
+ name: k8_component
+ vars:
+ component_type: "namespace"
+ component_name: "{{ item.name | lower }}-net"
+ component_type_name: "{{ item.type | lower }}"
+ kubernetes: "{{ item.k8s }}"
+ release_dir: "./build"
+ loop: "{{ network['organizations'] }}"
+
+ - name: Create storageclass for each organization
+ include_role:
+ name: "create/storageclass"
+ vars:
+ sc_name: "{{ item.name | lower}}sc"
+ component_type: "{{ item.type | lower}}"
+ kubernetes: "{{ item.k8s }}"
+ release_dir: "./build"
+ loop: "{{ network['organizations'] }}"
+
+ - name: Create CA server for each organization
+ include_role:
+ name: "operator/create/ca/server"
+ vars:
+ ca: "{{ item.services.ca }}"
+ namespace: "{{ item.name | lower }}-net"
+ component_name: "{{ item.name | lower }}"
+ loop: "{{ network['organizations'] }}"
+ when: item.services.ca is defined
+
+ - name: Register default users for each organization
+ include_role:
+ name: "operator/create/ca/user"
+ vars:
+ user_type: "default"
+ namespace: "{{ item.name | lower }}-net"
+ component_name: "{{ item.name | lower }}"
+ component_type: "{{ item.type | lower }}"
+ loop: "{{ network['organizations'] }}"
+
+ - name: Create orderer nodes
+ include_role:
+ name: "operator/create/orderer"
+ vars:
+ namespace: "{{ item.name | lower }}-net"
+ component_name: "{{ item.name | lower }}"
+ component_type: "{{ item.type | lower }}"
+ kubeconfig_path: "{{ item.k8s.config_file }}"
+ loop: "{{ network['organizations'] }}"
+ when: item.type == 'orderer'
+
+ - name: Create all peers
+ include_role:
+ name: "operator/create/peer"
+ vars:
+ namespace: "{{ item.name | lower }}-net"
+ component_name: "{{ item.name | lower }}"
+ component_type: "{{ item.type | lower }}"
+ loop: "{{ network['organizations'] }}"
+ when: item.type == 'peer'
+
+ - name: Register admin users for each organization
+ include_role:
+ name: "operator/create/ca/user"
+ vars:
+ user_type: "admin"
+ namespace: "{{ item.name | lower }}-net"
+ component_name: "{{ item.name | lower }}"
+ component_type: "{{ item.type | lower }}"
+ loop: "{{ network['organizations'] }}"
+
+ - name: Create the main channels
+ include_role:
+ name: "operator/create/mainchannel"
+ vars:
+ participants: "{{ item.participants }}"
+ loop: "{{ network['channels'] }}"
+
+ - name: Join the main channels
+ include_role:
+ name: "operator/create/followerchannel"
+ vars:
+ build_path: "./build"
+ participants: "{{ item.participants }}"
+ loop: "{{ network['channels'] }}"
+
+ vars: #These variables can be overriden from the command line
+ privilege_escalate: false #Default to NOT escalate to root privledges
+ install_os: "linux" #Default to linux OS
+ install_arch: "amd64" #Default to amd64 architecture
+ bin_install_dir: "~/bin" #Default to /bin install directory for binaries
+ add_new_org: 'false' # Default to false as this is for main network creation
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/create_package.yaml b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/create_package.yaml
index 45425b7e082..96d244eda88 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/create_package.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/create_package.yaml
@@ -32,7 +32,7 @@
when: not chaincode.tls
# This tasks packs the chaincode details file
-- name : Packs the chaicode package file
+- name: Packs the chaicode package file
shell: |
# Packages chaincode details
cd {{ package_dir }}
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml
index 6f492cf09b9..a7ba6d3d05d 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml
@@ -1,4 +1,3 @@
-
##############################################################################################
# Copyright Accenture. All Rights Reserved.
#
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/peer_certs/tasks/nested_main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/peer_certs/tasks/nested_main.yaml
index c27bbd03c24..0c5fd8f31ce 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/chaincode/peer_certs/tasks/nested_main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/chaincode/peer_certs/tasks/nested_main.yaml
@@ -6,4 +6,4 @@
loop_var: chaincode
when:
- chaincode.external_chaincode is defined and chaincode.external_chaincode == true
- - chaincode.tls
\ No newline at end of file
+ - chaincode.tls
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/external_chaincode_server/tasks/nested_main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/external_chaincode_server/tasks/nested_main.yaml
index 19629f018ad..86d39e45770 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/external_chaincode_server/tasks/nested_main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/external_chaincode_server/tasks/nested_main.yaml
@@ -8,4 +8,4 @@
loop: "{{ peer_chaincodes }}"
loop_control:
loop_var: chaincode
- when: chaincode.external_chaincode is defined and chaincode.external_chaincode == true
\ No newline at end of file
+ when: chaincode.external_chaincode is defined and chaincode.external_chaincode == true
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/storageclass/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/storageclass/tasks/main.yaml
index a8406475dd2..6472e328fc1 100644
--- a/platforms/hyperledger-fabric/configuration/roles/create/storageclass/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/create/storageclass/tasks/main.yaml
@@ -52,8 +52,7 @@
values_file: "{{ release_dir }}/{{ component_type }}/{{ sc_name }}.yaml"
when: component_type == 'peer' and get_sc.resources|length == 0
-#Git Push : Pushes the above generated files to git directory
-- name: Git Push
+- name: Git Push when not using operator
include_role:
name: "{{ playbook_dir }}/../../shared/configuration/roles/git_push"
vars:
@@ -61,7 +60,21 @@
gitops: "{{ item.gitops }}"
GIT_RESET_PATH: "platforms/hyperledger-fabric/configuration"
msg: "[ci skip] Pushing Storageclass files"
- when: get_sc.resources|length == 0
+ when:
+ - get_sc.resources|length == 0
+ - network.env.type != 'operator'
+ tags:
+ - notest
+
+- name: Create the storagelass when using operator
+ kubernetes.core.k8s:
+ state: present
+ src: "{{ release_dir }}/{{ component_type }}/{{ sc_name }}.yaml"
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ when:
+ - get_sc.resources|length == 0
+ - network.env.type == 'operator'
tags:
- notest
diff --git a/platforms/hyperledger-fabric/configuration/roles/delete/operator/tasks/delete_channel.yaml b/platforms/hyperledger-fabric/configuration/roles/delete/operator/tasks/delete_channel.yaml
new file mode 100644
index 00000000000..f2fdf4aad16
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/delete/operator/tasks/delete_channel.yaml
@@ -0,0 +1,25 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+- name: Delete follower channel
+ k8s:
+ kind: "FabricFollowerChannel"
+ api_version: "hlf.kungfusoftware.es/v1alpha1"
+ name: "{{ channel_name }}-{{ org_name }}"
+ state: absent
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ ignore_errors: yes
+
+- name: Delete main channel
+ k8s:
+ kind: "FabricMainChannel"
+ api_version: "hlf.kungfusoftware.es/v1alpha1"
+ name: "{{ channel_name }}"
+ state: absent
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ ignore_errors: yes
diff --git a/platforms/hyperledger-fabric/configuration/roles/delete/operator/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/delete/operator/tasks/main.yaml
new file mode 100644
index 00000000000..a6f90e8671e
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/delete/operator/tasks/main.yaml
@@ -0,0 +1,79 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+#############################################################################################
+# This role deletes the bevel-fabric-operator resources created by ansible
+#############################################################################################
+
+#############################################################################################
+- name: Call delete_channel for each peer
+ include_tasks: delete_channel.yaml
+ vars:
+ channel_name: "{{ channel.channel_name | lower }}"
+ loop: "{{ network.channels }}"
+ loop_control:
+ loop_var: channel
+
+- name: Delete user identities
+ k8s:
+ kind: FabricIdentity
+ api_version: "hlf.kungfusoftware.es/v1alpha1"
+ name: "{{ org_name }}-admin"
+ namespace: "{{ component_name }}"
+ state: absent
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ ignore_errors: yes
+
+- name: Delete orderer
+ k8s:
+ kind: FabricOrdererNode
+ api_version: "hlf.kungfusoftware.es/v1alpha1"
+ name: "{{ ord.name }}"
+ namespace: "{{ component_name }}"
+ state: absent
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ loop: "{{ item.services.orderers }}"
+ loop_control:
+ loop_var: ord
+ ignore_errors: yes
+ when: item.type == 'orderer'
+
+- name: Delete peers
+ k8s:
+ kind: FabricPeer
+ api_version: "hlf.kungfusoftware.es/v1alpha1"
+ name: "{{ org_name }}-{{ peer.name }}"
+ namespace: "{{ component_name }}"
+ state: absent
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ loop: "{{ item.services.peers }}"
+ loop_control:
+ loop_var: peer
+ ignore_errors: yes
+ when: item.type == 'peer'
+
+- name: Delete ca server
+ k8s:
+ kind: FabricCA
+ api_version: "hlf.kungfusoftware.es/v1alpha1"
+ name: "{{ org_name }}-{{ item.services.ca.name }}"
+ namespace: "{{ component_name }}"
+ state: absent
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ ignore_errors: yes
+
+- name: Delete namespace
+ k8s:
+ kind: namespace
+ name: "{{ component_name }}"
+ state: absent
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ ignore_errors: yes
diff --git a/platforms/hyperledger-fabric/configuration/roles/k8_component/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/k8_component/tasks/main.yaml
index f6ed64ba017..d63588e5e69 100644
--- a/platforms/hyperledger-fabric/configuration/roles/k8_component/tasks/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/k8_component/tasks/main.yaml
@@ -25,3 +25,12 @@
vars:
values_file: "{{ release_dir }}/{{ component_type_name }}/{{ component_type }}.yaml"
type: "{{ component_type }}"
+
+- name: Create the component in kubernetes cluster directly when using operator
+ kubernetes.core.k8s:
+ state: present
+ src: "{{ release_dir }}/{{ component_type_name }}/{{ component_type }}.yaml"
+ kubeconfig: "{{ kubernetes.config_file }}"
+ context: "{{ kubernetes.context }}"
+ when:
+ - network.env.type == 'operator'
diff --git a/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/operator_followerchannel.tpl b/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/operator_followerchannel.tpl
new file mode 100644
index 00000000000..923e12218de
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/operator_followerchannel.tpl
@@ -0,0 +1,28 @@
+apiVersion: hlf.kungfusoftware.es/v1alpha1
+kind: FabricFollowerChannel
+metadata:
+ name: {{ channel_name }}-{{ org_name }}
+spec:
+ anchorPeers:
+{% for peer in anchor_peers %}
+ - host: {{ peer.peerAddress.split(':')[0] }}
+ port: {{ peer.peerAddress.split(':')[1] }}
+{% endfor %}
+ hlfIdentity:
+ secretKey: user.yaml
+ secretName: {{ org_name }}-admin
+ secretNamespace: {{ org_ns }}
+ mspId: {{ org_name }}MSP
+ name: {{ channel_name }}
+ externalPeersToJoin: []
+ orderers:
+{% for orderer in network.orderers %}
+ - certificate: |-
+ {{ lookup('file', orderer.certificate) | indent(width=8, first=False) }}
+ url: grpcs://{{ orderer.uri }}
+{% endfor %}
+ peersToJoin:
+{% for peer1 in participant.peers %}
+ - name: {{ org_name }}-{{ peer1.name }}
+ namespace: {{ org_ns }}
+{% endfor %}
diff --git a/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/operator_mainchannel.tpl b/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/operator_mainchannel.tpl
new file mode 100644
index 00000000000..082ca44be3c
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/k8_component/templates/operator_mainchannel.tpl
@@ -0,0 +1,75 @@
+apiVersion: hlf.kungfusoftware.es/v1alpha1
+kind: FabricMainChannel
+metadata:
+ name: {{ channel_name }}
+spec:
+ name: {{ channel_name }}
+ adminOrdererOrganizations:
+ - mspID: {{ orderer_msp }}
+ adminPeerOrganizations:
+ - mspID: {{ creator_msp }}
+ channelConfig:
+ application:
+ acls: null
+ capabilities:
+ - V2_0
+ policies: null
+ capabilities:
+ - V2_0
+ orderer:
+ batchSize:
+ absoluteMaxBytes: 1048576
+ maxMessageCount: 120
+ preferredMaxBytes: 524288
+ batchTimeout: 2s
+ capabilities:
+ - V2_0
+ etcdRaft:
+ options:
+ electionTick: 10
+ heartbeatTick: 1
+ maxInflightBlocks: 5
+ snapshotIntervalSize: 16777216
+ tickInterval: 500ms
+ ordererType: etcdraft
+ policies: null
+ state: STATE_NORMAL
+ policies: null
+ externalOrdererOrganizations: []
+ peerOrganizations:
+{% for peer_org in participants %}
+ - mspID: {{ peer_org.name | lower }}MSP
+ caName: "{{ peer_org.name | lower }}-ca"
+ caNamespace: "{{ peer_org.name | lower }}-net"
+{% endfor %}
+ identities:
+ {{ orderer_msp }}:
+ secretKey: user.yaml
+ secretName: "{{ orderer_admin }}"
+ secretNamespace: "{{ orderer_namespace }}"
+ {{ creator_msp }}:
+ secretKey: user.yaml
+ secretName: "{{ creator_admin }}"
+ secretNamespace: "{{ creator_namespace }}"
+ externalPeerOrganizations: []
+ ordererOrganizations:
+ - caName: "{{ orderer_ca }}"
+ caNamespace: "{{ orderer_namespace }}"
+ externalOrderersToJoin:
+{% for orderer in network.orderers %}
+ - host: {{ orderer.name }}.{{ orderer_namespace }}
+ port: 7053
+{% endfor %}
+ mspID: {{ orderer_msp }}
+ ordererEndpoints:
+{% for orderer in network.orderers %}
+ - {{ orderer.uri }}
+{% endfor %}
+ orderersToJoin: []
+ orderers:
+{% for orderer in network.orderers %}
+ - host: {{ orderer.uri.split(':')[0] }}
+ port: {{ orderer.uri.split(':')[1] }}
+ tlsCert: |-
+ {{ lookup('file', orderer.certificate) | indent(width=8, first=False) }}
+{% endfor %}
diff --git a/platforms/hyperledger-fabric/configuration/roles/k8_component/vars/main.yaml b/platforms/hyperledger-fabric/configuration/roles/k8_component/vars/main.yaml
index 2dfabc0133f..5eace308d32 100644
--- a/platforms/hyperledger-fabric/configuration/roles/k8_component/vars/main.yaml
+++ b/platforms/hyperledger-fabric/configuration/roles/k8_component/vars/main.yaml
@@ -11,3 +11,5 @@ k8_templates:
reviewer_rbac: reviewer_rbac.tpl
existing_peer_cli_job: existing_peer_cli.tpl
orderer_cli_job: orderer_cli.tpl
+ operator_mainchannel: operator_mainchannel.tpl
+ operator_followerchannel: operator_followerchannel.tpl
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/ca/server/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/ca/server/tasks/main.yaml
new file mode 100644
index 00000000000..8fe55c48e9c
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/ca/server/tasks/main.yaml
@@ -0,0 +1,23 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+#############################################################################################
+# This role creates the CA Server using bevel-operator-fabric
+#############################################################################################
+
+- name: "Create CA server for org"
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl hlf ca create --image=hyperledger/fabric-ca --version={{ version }} \
+ --storage-class={{ storageclass }} --capacity={{ storage }} --name={{ ca_name }} \
+ --enroll-id=enroll --enroll-pw=enrollpw --hosts={{ ca_url }} \
+ --istio-port=443 --istio-ingressgateway=ingressgateway --namespace={{ namespace }}
+ vars:
+ ca_name: "{{ component_name }}-ca"
+ version: "{{ ca_image_version[network.version] }}"
+ storageclass: "{{ component_name }}sc"
+ storage: "1Gi"
+ ca_url: "{{ item.ca_data.url }}"
+ kubeconfig_path: "{{ item.k8s.config_file }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/ca/server/vars/main.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/ca/server/vars/main.yaml
new file mode 100644
index 00000000000..28a349f2de5
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/ca/server/vars/main.yaml
@@ -0,0 +1,11 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+ca_image_version:
+ 1.4.8: 1.4.4
+ 2.2.0: 1.4.8
+ 2.2.2: 1.4.8
+ 2.5.3: 1.5.6
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/ca/user/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/ca/user/tasks/main.yaml
new file mode 100644
index 00000000000..7bd50b61000
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/ca/user/tasks/main.yaml
@@ -0,0 +1,91 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+#############################################################################################
+# This role registers the users using bevel-operator-fabric
+#############################################################################################
+- name: "Wait for ca server to be reachable"
+ uri:
+ url: "https://{{ item.ca_data.url }}/cainfo"
+ validate_certs: no
+ register: this
+ until: this.status == 200
+ retries: "{{ network.env.retry_count }}"
+ delay: 20
+ ignore_errors: yes
+
+- name: "Create main user for orderer org"
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl hlf ca register --name={{ ca_name }} --namespace={{ namespace }} \
+ --user=orderer --secret=ordererpw --type=orderer \
+ --enroll-id enroll --enroll-secret=enrollpw \
+ --mspid={{ component_name }}MSP --ca-url="https://{{ ca_url }}"
+ vars:
+ ca_name: "{{ component_name }}-ca"
+ ca_url: "{{ item.ca_data.url }}"
+ kubeconfig_path: "{{ item.k8s.config_file }}"
+ when:
+ - component_type == 'orderer'
+ - user_type == 'default'
+ ignore_errors: yes
+
+- name: "Create main user for peer org"
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl hlf ca register --name={{ ca_name }} --namespace={{ namespace }} \
+ --user=peer --secret=peerpw --type=peer \
+ --enroll-id enroll --enroll-secret=enrollpw \
+ --mspid={{ component_name }}MSP --ca-url="https://{{ ca_url }}"
+ vars:
+ ca_name: "{{ component_name }}-ca"
+ ca_url: "{{ item.ca_data.url }}"
+ kubeconfig_path: "{{ item.k8s.config_file }}"
+ when:
+ - component_type == 'peer'
+ - user_type == 'default'
+
+- name: "Create admin user for org"
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl hlf ca register --name={{ ca_name }} --namespace={{ namespace }} \
+ --user=admin --secret=adminpw --type=admin \
+ --enroll-id enroll --enroll-secret=enrollpw \
+ --mspid={{ component_name }}MSP --ca-url="https://{{ ca_url }}"
+ vars:
+ ca_name: "{{ component_name }}-ca"
+ ca_url: "{{ item.ca_data.url }}"
+ kubeconfig_path: "{{ item.k8s.config_file }}"
+ when:
+ - user_type == 'admin'
+ ignore_errors: yes
+
+- name: "Create admin user identity for orderer"
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl hlf identity create --name={{ user_id }} --namespace={{ namespace }} \
+ --ca-name {{ ca_name }} --ca-namespace {{ namespace }} \
+ --ca tlsca --enroll-id admin --enroll-secret adminpw \
+ --mspid={{ component_name }}MSP
+ vars:
+ user_id: "{{ component_name }}-admin"
+ ca_name: "{{ component_name }}-ca"
+ ca_url: "{{ item.ca_data.url }}"
+ kubeconfig_path: "{{ item.k8s.config_file }}"
+ when:
+ - user_type == 'admin'
+ - component_type == 'orderer'
+
+- name: "Create admin user identity for peer"
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl hlf identity create --name={{ user_id }} --namespace={{ namespace }} \
+ --ca-name {{ ca_name }} --ca-namespace {{ namespace }} \
+ --ca ca --enroll-id admin --enroll-secret adminpw \
+ --mspid={{ component_name }}MSP
+ vars:
+ user_id: "{{ component_name }}-admin"
+ ca_name: "{{ component_name }}-ca"
+ ca_url: "{{ item.ca_data.url }}"
+ kubeconfig_path: "{{ item.k8s.config_file }}"
+ when:
+ - user_type == 'admin'
+ - component_type == 'peer'
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/followerchannel/tasks/check.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/followerchannel/tasks/check.yaml
new file mode 100644
index 00000000000..ec3a47e1e68
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/followerchannel/tasks/check.yaml
@@ -0,0 +1,21 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+############################################################################################
+# This task checks the join channel job
+
+# Check or wait for the join channel job to complete
+- name: 'Wait for {{ channel_name }} channel to be in Running state'
+ k8s_info:
+ kind: "FabricFollowerChannel"
+ api_version: "hlf.kungfusoftware.es/v1alpha1"
+ name: "{{ channel_name }}-{{ org.name | lower }}"
+ kubeconfig: "{{ org.k8s.config_file }}"
+ context: "{{ org.k8s.context }}"
+ register: component_data
+ retries: "{{ network.env.retry_count}}"
+ delay: 30
+ until: component_data.resources|length > 0 and (component_data.resources[0].status.status is defined and component_data.resources[0].status.status == "RUNNING")
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/followerchannel/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/followerchannel/tasks/main.yaml
new file mode 100644
index 00000000000..c479ccde94f
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/followerchannel/tasks/main.yaml
@@ -0,0 +1,32 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+###########################################################################################
+# This task calls valuefile to generate the create-channel files
+############################################################################################
+- name: Call nested_channel_join for each peer
+ include_tasks: nested_channel_join.yaml
+ vars:
+ channel_name: "{{ item.channel_name | lower }}"
+ org_query: "organizations[?name=='{{participant.name}}']"
+ org: "{{ network | json_query(org_query) | first }}"
+ loop: "{{ participants }}"
+ loop_control:
+ loop_var: participant
+ when:
+ - participant.org_status == 'new' or (participant.peerstatus is not defined or participant.peerstatus == 'new')
+
+- name: Call check for each peer
+ include_tasks: check.yaml
+ vars:
+ channel_name: "{{ item.channel_name | lower }}"
+ org_query: "organizations[?name=='{{participant.name}}']"
+ org: "{{ network | json_query(org_query) | first }}"
+ loop: "{{ participants }}"
+ loop_control:
+ loop_var: participant
+ when:
+ - participant.org_status == 'new' or (participant.peerstatus is not defined or participant.peerstatus == 'new')
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/followerchannel/tasks/nested_channel_join.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/followerchannel/tasks/nested_channel_join.yaml
new file mode 100644
index 00000000000..81f42657ca5
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/followerchannel/tasks/nested_channel_join.yaml
@@ -0,0 +1,40 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+############################################################################################
+# This task initiates the nested join channel role to internally join the peers in various permutations
+
+# Check or wait for the create channel job to complete
+- name: 'Wait for {{ channel_name }} channel to be in Running state'
+ k8s_info:
+ kind: "FabricMainChannel"
+ api_version: "hlf.kungfusoftware.es/v1alpha1"
+ name: "{{ channel_name }}"
+ kubeconfig: "{{ org.k8s.config_file }}"
+ context: "{{ org.k8s.context }}"
+ register: component_data
+ retries: "{{ network.env.retry_count}}"
+ delay: 30
+ until: component_data.resources|length > 0 and (component_data.resources[0].status.status is defined and component_data.resources[0].status.status == "RUNNING")
+ when:
+ - participant.type == 'creator'
+ - participant.org_status is not defined or participant.org_status == 'new'
+
+
+# This task creates the follower channel
+- name: "Create follower channel via operator"
+ include_role:
+ name: k8_component
+ vars:
+ type: "operator_followerchannel"
+ component_type: "followerchannel"
+ component_type_name: "{{ org.name | lower }}"
+ org_name: "{{ org.name | lower }}"
+ org_ns: "{{ org.name | lower }}-net"
+ release_dir: "./build"
+ kubernetes: "{{ org.k8s }}"
+ peer_query: "peers[?type=='anchor']"
+ anchor_peers: "{{ org.services | json_query(peer_query) }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/createchannel.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/createchannel.yaml
new file mode 100644
index 00000000000..3ef3c46a3ff
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/createchannel.yaml
@@ -0,0 +1,55 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+---
+############################################################################################
+# This task is the nested task for main.yaml which helps to create the channels_join files
+
+# Check or wait for the Orderer pod
+- name: "Check orderer pod is up"
+ include_tasks: orderercheck.yaml
+ vars:
+ orderer_namespace: "{{ ordererorg.name | lower }}-net"
+ orderer_kubeconfig: "{{ ordererorg.k8s.config_file }}"
+ orderer_context: "{{ ordererorg.k8s.context }}"
+ loop: "{{ network['organizations'] }}"
+ loop_control:
+ loop_var: ordererorg
+ when: ordererorg.type == 'orderer'
+
+# Check or wait for the peer
+- name: "Check peer pod is up"
+ include_tasks: peercheck.yaml
+ vars:
+ org_query: "organizations[?type=='peer']"
+ loop: "{{ network | json_query(org_query) }}"
+ loop_control:
+ loop_var: org
+
+- name: Set creator org vars
+ set_fact:
+ creator_msp: "{{ peer.name | lower }}MSP"
+ creator_ca: "{{ peer.name | lower }}-ca"
+ creator_admin: "{{ peer.name | lower }}-admin"
+ creator_namespace: "{{ peer.name | lower }}-net"
+
+# This task creates channel
+- name: "Create channel via operator"
+ include_role:
+ name: k8_component
+ loop: "{{ network | json_query(org_query) }}"
+ loop_control:
+ loop_var: org
+ vars:
+ org_query: "organizations[?name=='{{peer.name}}']"
+ name: "{{ org.name | lower }}"
+ type: "operator_mainchannel"
+ component_type: "channel"
+ channel_name: "{{ item.channel_name | lower }}"
+ component_type_name: "{{ org.name | lower }}"
+ component_ns: "{{ peer.name | lower }}-net"
+ release_dir: "./build"
+ kubernetes: "{{ org.k8s }}"
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/main.yaml
new file mode 100644
index 00000000000..f165cf37ec6
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/main.yaml
@@ -0,0 +1,16 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+############################################################################################
+# This role creates the channels using bevel-operator-fabric
+
+- name: Call createchannel when participant is creator
+ include_tasks: createchannel.yaml
+ vars:
+ channelcreator_query: "participants[?type=='creator']"
+ loop: "{{ item | json_query(channelcreator_query) }}"
+ loop_control:
+ loop_var: peer
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/orderercheck.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/orderercheck.yaml
new file mode 100644
index 00000000000..6719b7c161d
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/orderercheck.yaml
@@ -0,0 +1,27 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+- name: "Waiting for orderer pod {{ orderer.name }} in {{ orderer_namespace }}"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
+ vars:
+ component_type: "Pod"
+ namespace: "{{ orderer_namespace }}"
+ component_name: "{{ orderer.name }}"
+ kubernetes: "{{ ordererorg.k8s }}"
+ label_selectors:
+ - release = {{ component_name }}
+ - app = hlf-ordnode
+ loop: "{{ ordererorg.services.orderers }}"
+ loop_control:
+ loop_var: orderer
+
+- name: Set orderer vars
+ set_fact:
+ orderer_msp: "{{ ordererorg.name | lower }}MSP"
+ orderer_ca: "{{ ordererorg.name | lower }}-ca"
+ orderer_admin: "{{ ordererorg.name | lower }}-admin"
+ orderer_namespace: "{{ ordererorg.name | lower }}-net"
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/peercheck.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/peercheck.yaml
new file mode 100644
index 00000000000..6f353d878be
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/mainchannel/tasks/peercheck.yaml
@@ -0,0 +1,19 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+- name: "Waiting for peer pod {{ peer_name }} in {{ org.name | lower }}-net"
+ include_role:
+ name: "{{ playbook_dir }}/../../shared/configuration/roles/check/helm_component"
+ vars:
+ component_type: "Pod"
+ namespace: "{{ org.name | lower }}-net"
+ component_name: "{{ peer_name.name }}"
+ kubernetes: "{{ org.k8s }}"
+ label_selectors:
+ - app = hlf-peer
+ - release = {{ org.name | lower }}-{{ component_name }}
+ loop: "{{ org.services.peers }}"
+ loop_control:
+ loop_var: peer_name
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/orderer/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/orderer/tasks/main.yaml
new file mode 100644
index 00000000000..e072e0604ad
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/orderer/tasks/main.yaml
@@ -0,0 +1,43 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+#############################################################################################
+# This role creates the orderer nodes using bevel-operator-fabric
+#############################################################################################
+- name: "Wait for ca server to be reachable"
+ uri:
+ url: "https://{{ item.ca_data.url }}/cainfo"
+ validate_certs: no
+ register: this
+ until: this.status == 200
+ retries: "{{ network.env.retry_count }}"
+ delay: 20
+ ignore_errors: yes
+
+- name: "Create orderer node"
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl hlf ordnode create --image=hyperledger/fabric-orderer --version={{ network.version }} \
+ --storage-class={{ storageclass }} --enroll-id=orderer --enroll-pw=ordererpw --mspid={{ component_name }}MSP \
+ --capacity={{ storage }} --name={{ orderer.name }} --ca-name={{ ca_name }}.{{ namespace }} \
+ --hosts={{ orderer.ordererAddress.split(':')[0] }} --istio-port=443 --namespace={{ namespace }}
+ vars:
+ ca_name: "{{ component_name }}-ca"
+ storageclass: "{{ component_name }}sc"
+ storage: "2Gi"
+ loop: "{{ item.services.orderers }}"
+ loop_control:
+ loop_var: orderer
+
+- name: Wait for orderers to start
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl wait --timeout=180s --for=condition=Running fabricorderernodes.hlf.kungfusoftware.es --all --namespace={{ namespace }}
+
+- name: "Save orderer tls certs"
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl get fabricorderernodes {{ orderer.name }} --namespace={{ namespace }} -o=jsonpath='{.status.tlsCert}' > {{ orderer.certificate }}
+ loop: "{{ network.orderers }}"
+ loop_control:
+ loop_var: orderer
diff --git a/platforms/hyperledger-fabric/configuration/roles/operator/create/peer/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/operator/create/peer/tasks/main.yaml
new file mode 100644
index 00000000000..bf951346c1a
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/roles/operator/create/peer/tasks/main.yaml
@@ -0,0 +1,34 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+#############################################################################################
+# This role creates the peer nodes using bevel-operator-fabric
+#############################################################################################
+- name: "Wait for ca server to be reachable"
+ uri:
+ url: "https://{{ item.ca_data.url }}/cainfo"
+ validate_certs: no
+ register: this
+ until: this.status == 200
+ retries: "{{ network.env.retry_count }}"
+ delay: 20
+ ignore_errors: yes
+
+- name: "Create peer node"
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl hlf peer create --statedb=couchdb --image=hyperledger/fabric-peer --version={{ network.version }} \
+ --enroll-id=peer --enroll-pw=peerpw --mspid={{ component_name }}MSP \
+ --storage-class={{ storageclass }} --capacity={{ storage }} --name={{ peer_name }} --ca-name={{ ca_name }}.{{ namespace }} \
+ --hosts={{ peer.peerAddress.split(':')[0] }} --istio-port=443 --namespace={{ namespace }}
+ vars:
+ ca_name: "{{ component_name }}-ca"
+ peer_name: "{{ component_name }}-{{ peer.name }}"
+ storageclass: "{{ component_name }}sc"
+ storage: "2Gi"
+ kubeconfig_path: "{{ item.k8s.config_file }}"
+ loop: "{{ item.services.peers }}"
+ loop_control:
+ loop_var: peer
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-operator-fabric.yaml b/platforms/hyperledger-fabric/configuration/samples/network-operator-fabric.yaml
new file mode 100644
index 00000000000..a748e6dc634
--- /dev/null
+++ b/platforms/hyperledger-fabric/configuration/samples/network-operator-fabric.yaml
@@ -0,0 +1,521 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+---
+# yaml-language-server: $schema=../../../../platforms/network-schema.json
+# This is a sample configuration file for setting up initial Fabric network with 1 RAFT Orderer and 5 Nodes.
+network:
+ # Network level configuration specifies the attributes required for each organization
+ # to join an existing network.
+ type: fabric
+ version: 2.5.3 # currently tested on 2.5.3
+
+ #Environment section for Kubernetes setup
+ env:
+ type: "operator" # Do not change this for using 'bevel-operator-fabric'. Any other value will trigger Flux based deployment
+ proxy: istio # values can be 'istio' only. No other proxy is supported at the moment
+ retry_count: 20 # Retry count for the checks
+ external_dns: enabled # Should be enabled if using external-dns for automatic route configuration
+ annotations: # Additional annotations that can be used for some pods (ca, ca-tools, orderer and peer nodes)
+ service:
+ - example1: example2
+ deployment: {}
+ pvc: {}
+ # For providing Custom Templates to generate configtx.yaml
+ configtx:
+ custom: false # true : when custom tpl(s) are to be provided | false : when the default tpl(s) are to be used
+ folder_path: /absolute/path/to/folder # path to folder where the tpl(s) are placed e.g. /home/bevel/build/configtx_tpl/
+
+ # Docker registry details where images are stored. This will be used to create k8s secrets
+ # Please ensure all required images are built and stored in this registry.
+ # Do not check-in docker_password.
+ docker:
+ url: "ghcr.io/hyperledger"
+ username: "docker_username"
+ password: "docker_password"
+
+ # Remote connection information for orderer (will be blank or removed for orderer hosting organization)
+ # For RAFT consensus, have odd number (2n+1) of orderers for consensus agreement to have a majority.
+ consensus:
+ name: raft
+ orderers:
+ - orderer:
+ type: orderer
+ name: orderer1
+ org_name: supplychain #org_name should match one organization definition below in organizations: key
+ uri: orderer1.org1ambassador.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
+ certificate: /home/bevel/build/orderer1.crt # Ensure that the directory exists
+ - orderer:
+ type: orderer
+ name: orderer2
+ org_name: supplychain #org_name should match one organization definition below in organizations: key
+ uri: orderer2.org1ambassador.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
+ certificate: /home/bevel/build/orderer2.crt # Ensure that the directory exists
+ - orderer:
+ type: orderer
+ name: orderer3
+ org_name: supplychain #org_name should match one organization definition below in organizations: key
+ uri: orderer3.org1ambassador.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
+ certificate: /home/bevel/build/orderer3.crt # Ensure that the directory exists
+
+ # The channels defined for a network with participating peers in each channel
+ channels:
+ - channel:
+ consortium: SupplyChainConsortium
+ channel_name: AllChannel
+ chaincodes:
+ - "not_supported"
+ orderers:
+ - supplychain
+ participants:
+ - organization:
+ name: carrier
+ type: creator # creator organization will create the channel and instantiate chaincode, in addition to joining the channel and install chaincode
+ org_status: new
+ peers:
+ - peer:
+ name: peer0
+ gossipAddress: peer0.carrier-net.org3ambassador.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the gossip peer
+ peerAddress: peer0.carrier-net.org3ambassador.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
+ ordererAddress: orderer1.org1ambassador.blockchaincloudpoc.com:443 # Must include port, External or internal URI of the orderer
+ - organization:
+ name: store
+ type: joiner # joiner organization will only join the channel and install chaincode
+ org_status: new
+ peers:
+ - peer:
+ name: peer0
+ gossipAddress: peer0.store-net.org4ambassador.blockchaincloudpoc.com:443
+ peerAddress: peer0.store-net.org4ambassador.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
+ ordererAddress: orderer1.org1ambassador.blockchaincloudpoc.com:443
+ - organization:
+ name: warehouse
+ type: joiner
+ org_status: new
+ peers:
+ - peer:
+ name: peer0
+ gossipAddress: peer0.warehouse-net.org5ambassador.blockchaincloudpoc.com:443
+ peerAddress: peer0.warehouse-net.org5ambassador.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
+ ordererAddress: orderer1.org1ambassador.blockchaincloudpoc.com:443
+ - organization:
+ name: manufacturer
+ type: joiner
+ org_status: new
+ peers:
+ - peer:
+ name: peer0
+ gossipAddress: peer0.manufacturer-net.org2ambassador.blockchaincloudpoc.com:443
+ peerAddress: peer0.manufacturer-net.org2ambassador.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
+ ordererAddress: orderer1.org1ambassador.blockchaincloudpoc.com:443
+ endorsers:
+ # Only one peer per org required for endorsement
+ - organization:
+ name: carrier
+ peers:
+ - peer:
+ name: peer0
+ corepeerAddress: peer0.carrier-net.org3ambassador.blockchaincloudpoc.com:443
+ certificate: "/path/carrier/server.crt" # certificate path for peer
+ - organization:
+ name: warehouse
+ peers:
+ - peer:
+ name: peer0
+ corepeerAddress: peer0.warehouse-net.org5ambassador.blockchaincloudpoc.com:443
+ certificate: "/path/warehouse/server.crt" # certificate path for peer
+ - organization:
+ name: manufacturer
+ peers:
+ - peer:
+ name: peer0
+ corepeerAddress: peer0.manufacturer-net.org2ambassador.blockchaincloudpoc.com:443
+ certificate: "/path/manufacturer/server.crt" # certificate path for peer
+ - organization:
+ name: store
+ peers:
+ - peer:
+ name: peer0
+ corepeerAddress: peer0.store-net.org4ambassador.blockchaincloudpoc.com:443
+ certificate: "/path/store/server.crt" # certificate path for peer
+ genesis:
+ name: OrdererGenesis
+
+ # Allows specification of one or many organizations that will be connecting to a network.
+ # If an organization is also hosting the root of the network (e.g. doorman, membership service, etc),
+ # then these services should be listed in this section as well.
+ organizations:
+
+ # Specification for the 1st organization. Each organization maps to a VPC and a separate k8s cluster
+ - organization:
+ name: supplychain
+ country: UK
+ state: London
+ location: London
+ subject: "O=Orderer,OU=Orderer,L=51.50/-0.13/London,C=GB"
+ type: orderer
+ external_url_suffix: org1ambassador.blockchaincloudpoc.com
+ org_status: new
+ fabric_console: enabled # To deploy Fabric console for this organization
+ ca_data:
+ url: ca.supplychain-net.org1ambassador.blockchaincloudpoc.com
+ certificate: /path/supplychain/server.crt # Path where ca public cert will be stored (if new) or read from (if existing ca)
+
+ cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
+ aws:
+ access_key: "aws_access_key" # AWS Access key, only used when cloud_provider=aws
+ secret_key: "aws_secret_key" # AWS Secret key, only used when cloud_provider=aws
+
+ # Kubernetes cluster deployment variables. The config file path and name has to be provided in case
+ # the cluster has already been created.
+ k8s:
+ region: "cluster_region"
+ context: "cluster_context"
+ config_file: "cluster_config"
+
+ # Services maps to the pods that will be deployed on the k8s cluster
+ # This sample is an orderer service and includes a raft consensus
+ services:
+ ca:
+ name: ca
+ subject: "/C=GB/ST=London/L=London/O=Orderer/CN=ca.supplychain-net.org1ambassador.blockchaincloudpoc.com"
+ type: ca
+ grpc:
+ port: 7054
+
+ consensus:
+ name: raft
+ orderers:
+ # This sample has multiple orderers as an example.
+ # You can use a single orderer for most production implementations.
+ # For RAFT consensus, have odd number (2n+1) of orderers for consensus agreement to have a majority.
+ - orderer:
+ name: orderer1
+ type: orderer
+ consensus: raft
+ grpc:
+ port: 7050
+ ordererAddress: orderer1.org1ambassador.blockchaincloudpoc.com:443
+ - orderer:
+ name: orderer2
+ type: orderer
+ consensus: raft
+ grpc:
+ port: 7050
+ ordererAddress: orderer2.org1ambassador.blockchaincloudpoc.com:443
+ - orderer:
+ name: orderer3
+ type: orderer
+ consensus: raft
+ grpc:
+ port: 7050
+ ordererAddress: orderer3.org1ambassador.blockchaincloudpoc.com:443
+
+ # Specification for the 2nd organization. Each organization maps to a VPC and a separate k8s cluster
+ - organization:
+ name: manufacturer
+ country: CH
+ state: Zurich
+ location: Zurich
+ subject: "O=Manufacturer,OU=Manufacturer,L=47.38/8.54/Zurich,C=CH"
+ type: peer
+ external_url_suffix: org2ambassador.blockchaincloudpoc.com
+ org_status: new
+ orderer_org: supplychain # Name of the organization that provides the ordering service
+ fabric_console: enabled # To deploy Fabric console for this organization
+ ca_data:
+ url: ca.manufacturer-net.org2ambassador.blockchaincloudpoc.com
+ certificate: /path/manufacturer/server.crt
+
+ cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
+ aws:
+ access_key: "aws_access_key" # AWS Access key, only used when cloud_provider=aws
+ secret_key: "aws_secret_key" # AWS Secret key, only used when cloud_provider=aws
+
+ # Kubernetes cluster deployment variables. The config file path and name has to be provided in case
+ # the cluster has already been created.
+ k8s:
+ region: "cluster_region"
+ context: "cluster_context"
+ config_file: "cluster_config"
+
+ # Generating User Certificates with custom attributes using Fabric CA in Bevel for Peer Organizations
+ users:
+ - user:
+ identity: user1
+ attributes:
+ - key: "hf.Revoker"
+ value: "true"
+ # The participating nodes are peers
+ # This organization hosts it's own CA server
+ services:
+ ca:
+ name: ca
+ subject: "/C=CH/ST=Zurich/L=Zurich/O=Manufacturer/CN=ca.manufacturer-net.org2ambassador.blockchaincloudpoc.com"
+ type: ca
+ grpc:
+ port: 7054
+ peers:
+ - peer:
+ name: peer0
+ type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
+ gossippeeraddress: peer0.manufacturer-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
+ peerAddress: peer0.manufacturer-net.org2ambassador.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
+ certificate: /path/manufacturer/peer0.crt # Path to peer Certificate
+ cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
+ cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
+ grpc:
+ port: 7051
+ events:
+ port: 7053
+ couchdb:
+ port: 5984
+ restserver: # This is for the rest-api server
+ targetPort: 20001
+ port: 20001
+ expressapi: # This is for the express api server
+ targetPort: 3000
+ port: 3000
+ chaincodes:
+ - name: "chaincode_name" #This has to be replaced with the name of the chaincode
+ version: "1" #This has to be replaced with the version of the chaincode
+ maindirectory: "chaincode_main" #The main directory where chaincode is needed to be placed
+ lang: "golang" # The language in which the chaincode is written ( golang/java/node )
+ repository:
+ username: "git_username" # Git Service user who has rights to check-in in all branches
+ password: "git_access_token"
+ url: "github.com//bevel-samples.git"
+ branch: main
+ path: "chaincode_src" #The path to the chaincode
+ arguments: 'chaincode_args' #Arguments to be passed along with the chaincode parameters
+ endorsements: "" #Endorsements (if any) provided along with the chaincode
+
+ - organization:
+ name: carrier
+ country: GB
+ state: London
+ location: London
+ subject: "O=Carrier,OU=Carrier,L=51.50/-0.13/London,C=GB"
+ type: peer
+ external_url_suffix: org3ambassador.blockchaincloudpoc.com
+ org_status: new
+ orderer_org: supplychain # Name of the organization that provides the ordering service
+ fabric_console: disabled # To not deploy Fabric console for this organization
+ ca_data:
+ url: ca.carrier-net.org3ambassador.blockchaincloudpoc.com
+ certificate: /path/carrier/server.crt
+
+ cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
+ aws:
+ access_key: "aws_access_key" # AWS Access key, only used when cloud_provider=aws
+ secret_key: "aws_secret_key" # AWS Secret key, only used when cloud_provider=aws
+
+ # Kubernetes cluster deployment variables. The config file path and name has to be provided in case
+ # the cluster has already been created.
+ k8s:
+ region: "cluster_region"
+ context: "cluster_context"
+ config_file: "cluster_config"
+
+ # Generating User Certificates with custom attributes using Fabric CA in Bevel for Peer Organizations
+ users:
+ - user:
+ identity: user1
+ attributes:
+ - key: "hf.Revoker"
+ value: "true"
+ services:
+ ca:
+ name: ca
+ subject: "/C=GB/ST=London/L=London/O=Carrier/CN=ca.carrier-net.org3ambassador.blockchaincloudpoc.com"
+ type: ca
+ grpc:
+ port: 7054
+ peers:
+ - peer:
+ name: peer0
+ type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
+ gossippeeraddress: peer0.carrier-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
+ peerAddress: peer0.carrier-net.org3ambassador.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
+ certificate: /path/carrier/peer0.crt # Path to peer Certificate
+ cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
+ cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
+ grpc:
+ port: 7051
+ events:
+ port: 7053
+ couchdb:
+ port: 5984
+ restserver:
+ targetPort: 20001
+ port: 20001
+ expressapi:
+ targetPort: 3000
+ port: 3000
+ chaincodes:
+ - name: "chaincode_name" #This has to be replaced with the name of the chaincode
+ version: "1" #This has to be replaced with the version of the chaincode
+ maindirectory: "chaincode_main" #The main directory where chaincode is needed to be placed
+ lang: "golang" # The language in which the chaincode is written ( golang/java/node )
+ repository:
+ username: "git_username" # Git Service user who has rights to check-in in all branches
+ password: "git_access_token"
+ url: "github.com//bevel-samples.git"
+ branch: main
+ path: "chaincode_src" #The path to the chaincode
+ arguments: 'chaincode_args' #Arguments to be passed along with the chaincode parameters
+ endorsements: "" #Endorsements (if any) provided along with the chaincode
+ - organization:
+ name: store
+ country: US
+ state: New York
+ location: New York
+ subject: "O=Store,OU=Store,L=40.73/-74/New York,C=US"
+ type: peer
+ external_url_suffix: org4ambassador.blockchaincloudpoc.com
+ org_status: new
+ orderer_org: supplychain # Name of the organization that provides the ordering service
+ fabric_console: disabled # To not deploy Fabric console for this organization
+ ca_data:
+ url: ca.store-net.org4ambassador.blockchaincloudpoc.com
+ certificate: /path/store/server.crt
+
+ cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
+ aws:
+ access_key: "aws_access_key" # AWS Access key, only used when cloud_provider=aws
+ secret_key: "aws_secret_key" # AWS Secret key, only used when cloud_provider=aws
+
+ # Kubernetes cluster deployment variables. The config file path and name has to be provided in case
+ # the cluster has already been created.
+ k8s:
+ region: "cluster_region"
+ context: "cluster_context"
+ config_file: "cluster_config"
+
+ # Generating User Certificates with custom attributes using Fabric CA in Bevel for Peer Organizations
+ users:
+ - user:
+ identity: user1
+ attributes:
+ - key: "hf.Revoker"
+ value: "true"
+ services:
+ ca:
+ name: ca
+ subject: "/C=US/ST=New York/L=New York/O=Store/CN=ca.store-net.org4ambassador.blockchaincloudpoc.com"
+ type: ca
+ grpc:
+ port: 7054
+ peers:
+ - peer:
+ name: peer0
+ type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
+ gossippeeraddress: peer0.store-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
+ peerAddress: peer0.store-net.org4ambassador.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
+ certificate: /path/store/peer0.crt # Path to peer Certificate
+ cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
+ cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
+ grpc:
+ port: 7051
+ events:
+ port: 7053
+ couchdb:
+ port: 5984
+ restserver:
+ targetPort: 20001
+ port: 20001
+ expressapi:
+ targetPort: 3000
+ port: 3000
+ chaincodes:
+ - name: "chaincode_name" #This has to be replaced with the name of the chaincode
+ version: "1" #This has to be replaced with the version of the chaincode
+ maindirectory: "chaincode_main" #The main directory where chaincode is needed to be placed
+ lang: "golang" # The language in which the chaincode is written ( golang/java/node )
+ repository:
+ username: "git_username" # Git Service user who has rights to check-in in all branches
+ password: "git_access_token"
+ url: "github.com//bevel-samples.git"
+ branch: main
+ path: "chaincode_src" #The path to the chaincode
+ arguments: 'chaincode_args' #Arguments to be passed along with the chaincode parameters
+ endorsements: "" #Endorsements (if any) provided along with the chaincode
+
+ - organization:
+ name: warehouse
+ country: US
+ state: Massachusetts
+ location: Boston
+ subject: "O=Warehouse,OU=Warehouse,L=42.36/-71.06/Boston,C=US"
+ type: peer
+ external_url_suffix: org5ambassador.blockchaincloudpoc.com
+ org_status: new
+ orderer_org: supplychain # Name of the organization that provides the ordering service
+ fabric_console: disabled # To not deploy Fabric console for this organization
+ ca_data:
+ url: ca.warehouse-net.org5ambassador.blockchaincloudpoc.com
+ certificate: /path/warehouse/server.crt
+
+ cloud_provider: aws # Options: aws, azure, gcp, digitalocean, minikube
+ aws:
+ access_key: "aws_access_key" # AWS Access key, only used when cloud_provider=aws
+ secret_key: "aws_secret_key" # AWS Secret key, only used when cloud_provider=aws
+
+ # Kubernetes cluster deployment variables. The config file path and name has to be provided in case
+ # the cluster has already been created.
+ k8s:
+ region: "cluster_region"
+ context: "cluster_context"
+ config_file: "cluster_config"
+
+ # Generating User Certificates with custom attributes using Fabric CA in Bevel for Peer Organizations
+ users:
+ - user:
+ identity: user1
+ attributes:
+ - key: "hf.Revoker"
+ value: "true"
+ services:
+ ca:
+ name: ca
+ subject: "/C=US/ST=Massachusetts/L=Boston/O=Warehouse/CN=ca.warehouse-net.org5ambassador.blockchaincloudpoc.com"
+ type: ca
+ grpc:
+ port: 7054
+ peers:
+ - peer:
+ name: peer0
+ type: anchor # This can be anchor/nonanchor. Atleast one peer should be anchor peer.
+ gossippeeraddress: peer0.warehouse-net:7051 # Internal Address of the other peer in same Org for gossip, same peer if there is only one peer
+ peerAddress: peer0.warehouse-net.org5ambassador.blockchaincloudpoc.com:443 # Must include port, External URI of the peer
+ certificate: /path/warehouse/peer0.crt # Path to peer Certificate
+ cli: disabled # Creates a peer cli pod depending upon the (enabled/disabled) tag.
+ cactus_connector: disabled # set to enabled to create a cactus connector for Fabric
+ grpc:
+ port: 7051
+ events:
+ port: 7053
+ couchdb:
+ port: 5984
+ restserver:
+ targetPort: 20001
+ port: 20001
+ expressapi:
+ targetPort: 3000
+ port: 3000
+ chaincodes:
+ - name: "chaincode_name" #This has to be replaced with the name of the chaincode
+ version: "1" #This has to be replaced with the version of the chaincode
+ maindirectory: "chaincode_main" #The main directory where chaincode is needed to be placed
+ lang: "golang" # The language in which the chaincode is written ( golang/java/node )
+ repository:
+ username: "git_username" # Git Service user who has rights to check-in in all branches
+ password: "git_access_token"
+ url: "github.com//bevel-sample.git"
+ branch: develop
+ path: "chaincode_src" #The path to the chaincode
+ arguments: 'chaincode_args' #Arguments to be passed along with the chaincode parameters
+ endorsements: "" #Endorsements (if any) provided along with the chaincode
diff --git a/platforms/network-schema.json b/platforms/network-schema.json
index 158fb45d344..ac4975ec7b8 100755
--- a/platforms/network-schema.json
+++ b/platforms/network-schema.json
@@ -15,7 +15,7 @@
{"if": {"properties": { "type": { "const": "fabric" } } },
"then": {
"properties":{
- "version":{ "type": "string","enum":["1.4.8","2.2.0","2.2.2"]},
+ "version":{ "type": "string","enum":["1.4.8","2.2.0","2.2.2","2.5.3"]},
"env": { "$ref":"#/definitions/shared_environment"},
"frontend": { "type": "string", "enum": ["enabled","disabled"]},
"consensus":{ "$ref":"#/definitions/fabric_service_consensus"},
@@ -93,19 +93,45 @@
"organizations": { "type":"array","minItems": 1,"items":{"$ref":"#/definitions/substrate_organization"}}
}
}
+ },
+ {
+ "if": {
+ "properties": {
+ "env": {
+ "type": "object",
+ "properties": {
+ "type": { "type": "string", "not": { "const": "operator" } }
+ }
+ }
+ }
+ },
+ "then": {
+ "properties": {
+ "organizations": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "properties": {
+ "vault":{ "$ref":"#/definitions/shared_vault"},
+ "gitops":{ "$ref":"#/definitions/shared_gitops"}
+ },
+ "required": ["vault", "gitops"]
+ }
+ }
+ }
+ }
}
],
"required": [ "type","version","env","docker","organizations" ]
}
},
- "required": [ "network" ] ,
-
+ "required": [ "network" ],
"definitions": {
"shared_environment":{
"type": "object",
"properties": {
"type": { "type": "string","pattern": "^[a-z0-9-]{1,15}$", "description": "Environment type. Can be like dev/test/prod."},
- "proxy": { "type": "string", "enum": ["haproxy", "ambassador","none"], "description": "Choice of the Cluster Ingress controller. 'none' only minikube does not use a proxy"},
+ "proxy": { "type": "string", "enum": ["haproxy","ambassador","none","istio"], "description": "Choice of the Cluster Ingress controller. 'none' only minikube does not use a proxy"},
"retry_count": {"type": "integer", "minimum":5,"maximum":100,"description": "Retry count for the checks. Use a large number if your kubernetes cluster is slow."},
"external_dns": { "type": "string", "enum": ["enabled", "disabled"], "description": "If the cluster has the external DNS service, this has to be set enabled so that the hosted zone is automatically updated."},
"namespace": { "type": "string", "description": "Proxy namespace"}
@@ -202,25 +228,22 @@
"shared_organization":{
"type": "object",
"properties": {
- "organization":{ "description": "deprecated."},
"k8s":{ "$ref":"#/definitions/shared_k8s"},
- "vault":{ "$ref":"#/definitions/shared_vault"},
- "gitops":{ "$ref":"#/definitions/shared_gitops"},
"cloud_provider":{ "type": "string","enum": ["aws","aws-baremetal", "azure","gcp","minikube"]},
"gcp":{},
"azure":{},
"minikube":{},
"name": { "type": "string","pattern": "^[a-z0-9-]{1,30}$"}
- },
+ },
"allOf":[{
"if": {"properties": { "cloud_provider": { "enum": ["aws","aws-baremetal"] } } },"then":{
"properties": {
"aws":{ "$ref":"#/definitions/shared_aws"}
},
- "required": [ "aws"]
+ "required": ["aws"]
}}
],
- "required": [ "name","cloud_provider","k8s","vault","gitops"]
+ "required": [ "name","cloud_provider","k8s"]
},
"shared_metrics":{
"type": "object",
diff --git a/platforms/shared/configuration/roles/setup/istio/meta/main.yaml b/platforms/shared/configuration/roles/setup/istio/meta/main.yaml
new file mode 100644
index 00000000000..e9dc9605d38
--- /dev/null
+++ b/platforms/shared/configuration/roles/setup/istio/meta/main.yaml
@@ -0,0 +1,23 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+---
+dependencies:
+ - role: "setup/aws-auth"
+ vars:
+ aws_authenticator:
+ os: "{{ install_os }}"
+ arch: "{{ install_arch }}"
+ bin_directory: "{{ bin_install_dir }}"
+ kubeconfig_path: "{{ item.k8s.config_file }}"
+ kubecontext: "{{ item.k8s.context }}"
+ when: item.cloud_provider == 'aws'
+ - role: "setup/helm"
+ vars:
+ helm:
+ os: "{{ install_os }}"
+ arch: "{{ install_arch }}"
+ bin_directory: "{{ bin_install_dir }}"
diff --git a/platforms/shared/configuration/roles/setup/istio/tasks/main.yaml b/platforms/shared/configuration/roles/setup/istio/tasks/main.yaml
new file mode 100644
index 00000000000..75c1f930cdf
--- /dev/null
+++ b/platforms/shared/configuration/roles/setup/istio/tasks/main.yaml
@@ -0,0 +1,59 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+---
+# Check if istio is already installed
+- name: "Check if istio is already installed"
+ k8s_info:
+ kind: Pod
+ namespace: "istio-system"
+ kubeconfig: "{{ kubeconfig_path }}"
+ context: "{{ kubecontext }}"
+ label_selectors:
+ - app=istio-ingressgateway
+ field_selectors:
+ - status.phase=Running
+ register: istio_status
+
+# Set istio installed fact
+- name: Set istio installed fact
+ set_fact:
+ istio_installed: "{{ istio_status.resources | length > 0 }}"
+
+# Install istio ingress via helmchart
+- name: Install istio Ingress controller
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} helm repo add istio https://istio-release.storage.googleapis.com/charts --force-update
+ KUBECONFIG={{ kubeconfig_path }} helm repo update
+ KUBECONFIG={{ kubeconfig_path }} helm install istio-base istio/base -n istio-system --create-namespace
+ KUBECONFIG={{ kubeconfig_path }} helm install istiod istio/istiod -n istio-system --wait
+ KUBECONFIG={{ kubeconfig_path }} helm install istio-ingressgateway istio/gateway -n istio-system
+ when: (not istio_installed)
+ tags:
+ - istio
+ - molecule-idempotence-notest
+
+# Update external_dns with correct annotations
+- name: Enable external DNS
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} kubectl annotate service istio-ingressgateway -n istio-system --overwrite "external-dns.alpha.kubernetes.io/hostname=*.{{ item.external_url_suffix }}."
+ tags:
+ - istio
+ - molecule-idempotence-notest
+ when: network.env.external_dns is defined and network.env.external_dns == 'enabled'
+
+# Wait for istio pods to start running
+- name: Wait for pods to come up
+ include_role:
+ name: "check/helm_component"
+ vars:
+ namespace: istio-system
+ kubeconfig: "{{ kubeconfig_path }}"
+ context: "{{ kubecontext }}"
+ component_name: istio
+ component_type: "Pod"
+ label_selectors:
+ - app=istio-ingressgateway
diff --git a/platforms/shared/configuration/roles/setup/operator/tasks/main.yaml b/platforms/shared/configuration/roles/setup/operator/tasks/main.yaml
new file mode 100644
index 00000000000..cbc4f2ab96c
--- /dev/null
+++ b/platforms/shared/configuration/roles/setup/operator/tasks/main.yaml
@@ -0,0 +1,31 @@
+##############################################################################################
+# Copyright Accenture. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+##############################################################################################
+
+- name: "Check if bevel-operator-fabric is already installed"
+ k8s_info:
+ kind: Pod
+ namespace: "default"
+ kubeconfig: "{{ kubeconfig_path }}"
+ context: "{{ kubecontext }}"
+ label_selectors:
+ - app.kubernetes.io/name=hlf-operator
+ field_selectors:
+ - status.phase=Running
+ register: op_status
+
+- name: Set operator installed fact
+ set_fact:
+ operator_installed: "{{ op_status.resources | length > 0 }}"
+
+- name: Install bevel-operator-fabric CRDs on each cluster
+ shell: |
+ KUBECONFIG={{ kubeconfig_path }} helm repo add kfs https://kfsoftware.github.io/hlf-helm-charts --force-update
+ KUBECONFIG={{ kubeconfig_path }} helm upgrade --install hlf-operator --version={{ operator_version }} kfs/hlf-operator
+ when: (not operator_installed)
+
+- name: Install operator plugin via krew locally
+ shell: |
+ kubectl krew install hlf
diff --git a/platforms/shared/configuration/setup-environment.yaml b/platforms/shared/configuration/setup-environment.yaml
index 827c2e5811a..95a8e7e7ba6 100644
--- a/platforms/shared/configuration/setup-environment.yaml
+++ b/platforms/shared/configuration/setup-environment.yaml
@@ -38,6 +38,7 @@
arch: "{{ install_arch }}"
bin_directory: "{{ bin_install_dir }}"
with_items: "{{ network.organizations }}"
+ when: network.env.type != 'operator'
- include_role:
name: setup/aws-cli
vars:
diff --git a/platforms/shared/configuration/setup-k8s-environment.yaml b/platforms/shared/configuration/setup-k8s-environment.yaml
index 4e099936423..1ffdcc84e1a 100644
--- a/platforms/shared/configuration/setup-k8s-environment.yaml
+++ b/platforms/shared/configuration/setup-k8s-environment.yaml
@@ -31,6 +31,7 @@
git_key: "{{ item.gitops.private_key | default() }}"
flux_version: "0.35.0"
with_items: "{{ network.organizations }}"
+ when: network.env.type != 'operator'
- name: Prepare nodes and clients ports for ambassador
vars:
name: "{{ organizationItem.name }}"
@@ -69,6 +70,26 @@
aws: "{{ item.aws }}"
with_items: "{{ network.organizations }}"
when: network.env.proxy == 'haproxy'
+ - include_role:
+ name: setup/istio
+ vars:
+ kubeconfig_path: "{{ item.k8s.config_file }}"
+ kubecontext: "{{ item.k8s.context }}"
+ aws: "{{ item.aws }}"
+ with_items: "{{ network.organizations }}"
+ when: network.env.proxy == 'istio'
+
+ - name: Setup bevel-operator-fabric for each organization
+ include_role:
+ name: "setup/operator"
+ vars:
+ operator_version: "1.9.0"
+ kubeconfig_path: "{{ item.k8s.config_file }}"
+ kubecontext: "{{ item.k8s.context }}"
+ with_items: "{{ network.organizations }}"
+ when:
+ - network.type == 'fabric'
+ - network.env.type == 'operator'
vars: #These variables can be overriden from the command line
privilege_escalate: false #Default to NOT escalate to root privledges
install_os: "linux" #Default to linux OS
diff --git a/platforms/shared/configuration/site.yaml b/platforms/shared/configuration/site.yaml
index c958a2503ef..de875ac09b2 100755
--- a/platforms/shared/configuration/site.yaml
+++ b/platforms/shared/configuration/site.yaml
@@ -23,7 +23,8 @@
# Delete the generic network resources from kuberentes
- import_playbook: delete-network.yaml
when:
- - reset is defined and reset == 'true'
+ - reset is defined and reset == 'true'
+ - network.env.type != 'operator'
############################################
# Playbook for Hypelerger Fabric Operations
@@ -34,17 +35,28 @@
vars:
add_new_org: 'false'
when:
- - network.type == 'fabric'
- - (reset is undefined or reset == 'false')
+ - network.type == 'fabric'
+ - network.env.type != 'operator'
+ - (reset is undefined or reset == 'false')
- (network.upgrade is not defined)
-# Chaincode operatations
+- import_playbook: "{{ playbook_dir }}/../../hyperledger-fabric/configuration/deploy-operator-network.yaml"
+ vars:
+ add_new_org: 'false'
+ when:
+ - network.type == 'fabric'
+ - network.env.type == 'operator'
+ - (reset is undefined or reset == 'false')
+ - (network.upgrade is not defined)
+
+# Chaincode operations
- import_playbook: "{{ playbook_dir }}/../../hyperledger-fabric/configuration/chaincode-ops.yaml"
vars:
add_new_org: 'false'
when:
- - network.type == 'fabric'
- - (reset is undefined or reset == 'false')
+ - network.type == 'fabric'
+ - network.env.type != 'operator'
+ - (reset is undefined or reset == 'false')
- (network.upgrade is not defined)
# Upgrade network
@@ -52,8 +64,9 @@
vars:
add_new_org: 'false'
when:
- - network.type == 'fabric'
- - (reset is undefined or reset == 'false')
+ - network.type == 'fabric'
+ - network.env.type != 'operator'
+ - (reset is undefined or reset == 'false')
- (network.upgrade is defined)
############################################
@@ -63,7 +76,8 @@
# Deploy network
- import_playbook: "{{ playbook_dir }}/../../r3-corda/configuration/deploy-network.yaml"
when:
- - network.type == 'corda'
+ - network.type == 'corda'
+ - network.env.type != 'operator'
- (reset is undefined or reset == 'false')
############################################
@@ -73,7 +87,8 @@
# Deploy network
- import_playbook: "{{ playbook_dir }}/../../hyperledger-indy/configuration/deploy-network.yaml"
when:
- - network.type == 'indy'
+ - network.type == 'indy'
+ - network.env.type != 'operator'
- (reset is undefined or reset == 'false')
############################################
@@ -85,7 +100,8 @@
vars:
add_new_org: false
when:
- - network.type == 'quorum'
+ - network.type == 'quorum'
+ - network.env.type != 'operator'
- (reset is undefined or reset == 'false')
############################################
@@ -97,7 +113,8 @@
vars:
add_new_org: false
when:
- - network.type == 'besu'
+ - network.type == 'besu'
+ - network.env.type != 'operator'
- (reset is undefined or reset == 'false')
- (network.crypto_only is defined and network.crypto_only == true)
@@ -106,7 +123,8 @@
vars:
add_new_org: false
when:
- - network.type == 'besu'
+ - network.type == 'besu'
+ - network.env.type != 'operator'
- (reset is undefined or reset == 'false')
- (network.crypto_only is undefined or network.crypto_only == false)
@@ -116,7 +134,8 @@
- import_playbook: "{{ playbook_dir }}/../../r3-corda-ent/configuration/deploy-network.yaml"
when:
- - network.type == 'corda-enterprise'
+ - network.type == 'corda-enterprise'
+ - network.env.type != 'operator'
- (reset is undefined or reset == 'false')
#############################################
@@ -125,21 +144,43 @@
- import_playbook: "{{ playbook_dir }}/../../substrate/configuration/deploy-network.yaml"
when:
- - network.type == 'substrate'
+ - network.type == 'substrate'
+ - network.env.type != 'operator'
- (reset is undefined or reset == 'false')
# Cleanup platform specific resources
- import_playbook: "{{ playbook_dir }}/../../hyperledger-indy/configuration/cleanup.yaml"
- when: network.type == 'indy' and reset is defined and reset == 'true'
+ when:
+ - network.type == 'indy'
+ - network.env.type != 'operator'
+ - reset is defined and reset == 'true'
- import_playbook: "{{ playbook_dir }}/../../r3-corda/configuration/cleanup.yaml"
- when: network.type == 'corda' and reset is defined and reset == 'true'
+ when:
+ - network.type == 'corda'
+ - network.env.type != 'operator'
+ - reset is defined and reset == 'true'
- import_playbook: "{{ playbook_dir }}/../../hyperledger-fabric/configuration/cleanup.yaml"
- when: network.type == 'fabric' and reset is defined and reset == 'true'
+ when:
+ - network.type == 'fabric'
+ - network.env.type != 'operator'
+ - reset is defined and reset == 'true'
- import_playbook: "{{ playbook_dir }}/../../quorum/configuration/cleanup.yaml"
- when: network.type == 'quorum' and reset is defined and reset == 'true'
+ when:
+ - network.type == 'quorum'
+ - network.env.type != 'operator'
+ - reset is defined and reset == 'true'
- import_playbook: "{{ playbook_dir }}/../../hyperledger-besu/configuration/cleanup.yaml"
- when: network.type == 'besu' and reset is defined and reset == 'true'
+ when:
+ - network.type == 'besu'
+ - network.env.type != 'operator'
+ - reset is defined and reset == 'true'
- import_playbook: "{{ playbook_dir }}/../../r3-corda-ent/configuration/cleanup.yaml"
- when: network.type == 'corda-enterprise' and reset is defined and reset == 'true'
+ when:
+ - network.type == 'corda-enterprise'
+ - network.env.type != 'operator'
+ - reset is defined and reset == 'true'
- import_playbook: "{{ playbook_dir }}/../../substrate/configuration/cleanup.yaml"
- when: network.type == 'substrate' and reset is defined and reset == 'true'
+ when:
+ - network.type == 'substrate'
+ - network.env.type != 'operator'
+ - reset is defined and reset == 'true'