[fabric] Support upgrade chaincode for the external chaincode

Primary Changes -------------- 1.Support upgrade/update chaincode operation for the external chaincode Modifications ----------------------- docs/source/operations/upgrading_chaincode.md platforms/hyperledger-fabric/configuration/external-chaincode-ops.yaml platforms/hyperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml platforms/hyperledger-fabric/configuration/roles/create/chaincode/peer_certs/tasks/generate_certs.yaml platforms/hyperledger-fabric/configuration/roles/create/external_chaincode_server/tasks/valuefile.yaml platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/main.yaml platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml platforms/network-schema.json fixes #2352 Signed-off-by: mgCepeda <[email protected]>
hyperledger-bevel · Dec 4, 2023 · d354e68 · d354e68
1 parent 6e65419
commit d354e68
Show file tree

Hide file tree

Showing 10 changed files with 94 additions and 17 deletions.
diff --git a/docs/source/operations/upgrading_chaincode.md b/docs/source/operations/upgrading_chaincode.md
@@ -11,6 +11,7 @@
   - [Modifying configuration file](#modifying-configuration-file)
   - [Run playbook for Fabric version 1.4.x](#run-playbook-for-fabric-version-14x)
   - [Run playbook for Fabric version 2.2.x](#run-playbook-for-fabric-version-22x)
+  - [Run playbook for Fabric version 2.2.x with external chaincode](#run-playbook-for-fabric-version-22x-with-external-chaincode)
 
 <a name = "pre_req"></a>
 ## Pre-requisites
@@ -56,6 +57,40 @@ network:
               endorsements: "" #Endorsements (if any) provided along with the chaincode
 ```
 
+When the chaincode is an external service, `network.organizations.services.peers.chaincodes[*].upgrade_chaincode` variable must also be added to change the version. If only the sequence is modified, it isn't necessary to add this field.
+
+The sequence must be incremented in each execution regardless of whether the version has been modified or not.
+
+For reference, following snippet shows that section of `network.yaml`
+
+```
+---
+network:
+  ..
+  ..
+  organizations:
+    - organization:
+      name: manufacturer
+      ..
+      .. 
+      services:
+        peers:
+        - peer:
+          name: peer0          
+          ..
+          chaincodes:
+            - name: "chaincode_name" #This has to be replaced with the name of the chaincode
+              version: "2" #This has to be replaced with the version of the chaincode
+              sequence: "2"
+              external_chaincode: true
+              upgrade_chaincode: true 
+              tls: true
+              buildpack_path: /home/fabric-samples/asset-transfer-basic/chaincode-external/sampleBuilder  # The path where buildpacks are locally stored
+              image: ghcr.io/hyperledger/bevel-samples-example:1.0
+              arguments: '\"InitLedger\",\"\"' # Init Arguments to be passed which will mark chaincode as init-required
+              crypto_mount_path: /crypto  # OPTIONAL | tls: true | Path where crypto shall be mounted for the chaincode server
+```
+
 <a name = "run_network"></a>
 ## Run playbook for Fabric version 1.4.x
 
@@ -74,6 +109,14 @@ This can be done by using the following command
 ```
     ansible-playbook platforms/hyperledger-fabric/configuration/chaincode-ops.yaml --extra-vars "@path-to-network.yaml"
 ```
+## Run playbook for Fabric version 2.2.x with external chaincode
+
+The playbook [external-chaincode-ops.yaml](https://github.com/hyperledger/bevel/tree/main/platforms/hyperledger-fabric/configuration/external-chaincode-ops.yaml) is used to upgrade chaincode to a new version in the existing fabric network with version 2.2.x.
+This can be done by using the following command
+
+```
+    ansible-playbook platforms/hyperledger-fabric/configuration/external-chaincode-ops.yaml --extra-vars "@path-to-network.yaml"
+```
 
 ---
 **NOTE:** The Chaincode should be upgraded for all participants of the channel.
diff --git a/platforms/hyperledger-fabric/configuration/external-chaincode-ops.yaml b/platforms/hyperledger-fabric/configuration/external-chaincode-ops.yaml
@@ -12,6 +12,11 @@
 - hosts: ansible_provisioners
   gather_facts: no
   tasks:
+    # delete build directory
+    - name: Remove build directory
+      file:
+        path: "./build"
+        state: absent
     # This role updates the peers with updated core.yaml
     - name: Create all peers with core.yaml
       include_role:
@@ -30,7 +35,7 @@
         values_dir: "{{playbook_dir}}/../../../{{item.gitops.release_dir}}/{{ item.name | lower }}"
       loop: "{{ network['organizations'] }}"
       when: item.type == 'peer'
-    
+
     ############################################################################################
     # Check if CA server is available
     - name: "Check for the CA server running in {{ item.name | lower }}-net"
@@ -138,7 +143,7 @@
       when: 
         - item.type == 'peer'
         - item.org_status == 'new'
-    
+
     ############################################################################################
     # This task deploys the external chaincode server for desired org
     - name: Deploy external chaincode server

diff --git a/...yperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml b/...yperledger-fabric/configuration/roles/create/chaincode/install_ext/tasks/nested_main.yaml
@@ -8,7 +8,7 @@
 - name: "Create value file for chaincode invokes"
   include_tasks: valuefile.yaml
   vars:
-    component_peers: "{{ org.services.peers }}"
+    component_peers: "{{ item.services.peers }}"
     peer_chaincodes: "{{ peer.chaincodes }}"
   loop: "{{ peer_chaincodes }}"
   loop_control:

diff --git a/...erledger-fabric/configuration/roles/create/chaincode/peer_certs/tasks/generate_certs.yaml b/...erledger-fabric/configuration/roles/create/chaincode/peer_certs/tasks/generate_certs.yaml
@@ -12,11 +12,18 @@
   register: client_cert_result
   ignore_errors: yes
 
-# This task clean up variable for the next org
-# - name: Clean up variable
-#   set_fact:
-#     cert_generated: !!null
-#   when: client_cert_result.failed == True
+# Fetch msp files from Vault 
+- name: Fetch certs files from Vault 
+  shell: |
+    vault kv get -field=client.key {{ vault.secret_path | default('secretsv2') }}/crypto/peerOrganizations/{{ component_name }}/peers/{{ peer.name }}.{{ component_name }}/chaincodes/{{ chaincode.name }} > client.key
+    vault kv get -field=client.crt {{ vault.secret_path | default('secretsv2') }}/crypto/peerOrganizations/{{ component_name }}/peers/{{ peer.name }}.{{ component_name }}/chaincodes/{{ chaincode.name }} > client.crt
+    vault kv get -field=ca.crt {{ vault.secret_path | default('secretsv2') }}/crypto/peerOrganizations/{{ component_name }}/peers/{{ peer.name }}.{{ component_name }}/chaincodes/{{ chaincode.name }} > ca.crt 
+    mkdir -p ./build/crypto-config/peerOrganizations/{{ component_name }}/users/{{peer.name}}-{{chaincode.name}}@{{ component_name }}/tls
+    mv  client.crt client.key ca.crt  ./build/crypto-config/peerOrganizations/{{ component_name }}/users/{{peer.name}}-{{chaincode.name}}@{{ component_name }}/tls
+  environment:
+    VAULT_ADDR: "{{ vault.url }}"
+    VAULT_TOKEN: "{{ vault.root_token }}"
+  when: client_cert_result.failed == false
 
 # Copy generate-crypto-peer-chaincode.sh script from scrips directory
 - name: Copy generate-crypto-peer-chaincode.sh to destination directory

diff --git a/...erledger-fabric/configuration/roles/create/external_chaincode_server/tasks/valuefile.yaml b/...erledger-fabric/configuration/roles/create/external_chaincode_server/tasks/valuefile.yaml
@@ -1,17 +1,32 @@
-##############################################################################################
+############################################################################################
 #  Copyright Accenture. All Rights Reserved.
 #
 #  SPDX-License-Identifier: Apache-2.0
 ##############################################################################################
 
+# This task reset chaincode server pod
+- name: "Reset cc-{{ chaincode.name }} pod"
+  include_role:
+    name: create/refresh_certs/reset_pod
+  vars:
+    pod_name: "cc-{{ chaincode.name }}"
+    name: "{{ org.name | lower }}"
+    file_path: "{{ values_dir }}/{{ name }}/cc-{{ chaincode.name }}.yaml"
+    gitops_value: "{{ org.gitops }}"
+    component_ns: "{{ org.name }}-net"
+    kubernetes: "{{ org.k8s }}"
+    hr_name: "cc-{{ chaincode.name }}"
+  when: chaincode.upgrade_chaincode is defined and chaincode.upgrade_chaincode == true
+
 # Check if external-chaincode-server is already running
 - name: Check external-chaincode-server exists
   k8s_info:
     kind: Pod
-    namespace: "{{ org_ns }}"
-    name: "cc-{{ chaincode.name }}"
-    kubeconfig: "{{ kubernetes.config_file }}"
-    context: "{{ kubernetes.context }}"
+    namespace: "{{ org.name }}-net"
+    kubeconfig: "{{ org.k8s.config_file }}"
+    context: "{{ org.k8s.context }}"
+    label_selectors:
+      - app = cc-{{ chaincode.name }}
     field_selectors:
       - status.phase=Running
   register: ext_chaincode_server

diff --git a/...dger-fabric/configuration/roles/create/new_peer/update_block/tasks/nested_create_cli.yaml b/...dger-fabric/configuration/roles/create/new_peer/update_block/tasks/nested_create_cli.yaml
@@ -22,6 +22,5 @@
     git_branch: "{{ org.gitops.branch }}"
     charts_dir: "{{ org.gitops.chart_source }}"
     vault: "{{ org.vault }}"
-    channel_name: "{{ channel_name }}"
     storage_class: "{{ participant.name | lower }}-{{ org.cloud_provider | lower }}-storageclass"
     release_dir: "./build"
diff --git a/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/main.yaml b/platforms/hyperledger-fabric/configuration/roles/create/peers/tasks/main.yaml
@@ -9,6 +9,13 @@
 # to the vault.
 ##############################################################################################
 
+# This task creates the build directory if it does not exist
+- name: Create build directory if it does not exist
+  file:
+    path: "./build"
+    state: directory
+
+# This task reset peers pods
 # Reset peers pods
 - name: "Reset peers pods"
   include_role:
@@ -24,7 +31,7 @@
   loop: "{{ component_services.peers }}"
   loop_control:
     loop_var: peer 
-  when: refresh_cert is defined and refresh_cert == 'true'
+  when: (refresh_cert is defined and refresh_cert == 'true') or peer.configpath is defined
 
 # Create the value file for peers of organisations 
 - name: This role creates the value file for peers of organisations 
@@ -62,7 +69,7 @@
   loop: "{{ component_services.peers }}"
   loop_control:
     loop_var: peer
-  when: refresh_cert is defined and refresh_cert == 'true'
+  when: (refresh_cert is defined and refresh_cert == 'true') or peer.configpath is defined
 
 # Wait for peer pods to be in the state of running
 - name: "Waiting for peer pod {{ peer.name }} in {{ item.name | lower }}-net"

diff --git a/...erledger-fabric/configuration/roles/setup/config_block/fetch/tasks/nested_create_cli.yaml b/...erledger-fabric/configuration/roles/setup/config_block/fetch/tasks/nested_create_cli.yaml
@@ -22,6 +22,5 @@
     git_branch: "{{ org.gitops.branch }}"
     charts_dir: "{{ org.gitops.chart_source }}"
     vault: "{{ org.vault }}"
-    channel_name: "{{ channel_name }}"
     storage_class: "{{ participant.name | lower }}-{{ org.cloud_provider | lower }}-storageclass"
     release_dir: "./build"
diff --git a/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml b/platforms/hyperledger-fabric/configuration/samples/network-fabricv2-external-chaincode.yaml
@@ -578,6 +578,7 @@ network:
               version: "1"  # This has to be replaced with the version of the chaincode
               external_chaincode: true
               tls: true
+              upgrade_chaincode: true 
               buildpack_path: /home/fabric-samples/asset-transfer-basic/chaincode-external/sampleBuilder  # The path where buildpacks are locally stored
               image: ghcr.io/hyperledger/bevel-samples-example:1.0
               arguments: '\"InitLedger\",\"\"' # Init Arguments to be passed which will mark chaincode as init-required

diff --git a/platforms/network-schema.json b/platforms/network-schema.json
@@ -685,6 +685,7 @@
             "repository": { "$ref":"#/definitions/fabric_chaincode_repository"},
             "external_chaincode": { "type": "boolean","description":"Options are True and False. This denotes that the chaincode is external or not"},
             "tls": { "type": "boolean","description":"Options are True and False. This enables tls check for chaincode"},
+            "upgrade_chaincode": { "type": "boolean","description":"Options are True and False. This enable chaincode upgrade"},
             "buildpack_path": { "type": "string","pattern":"^(\/[^\/ ]*)+[^\/ ]+$","description":"Path for the buildpack files."},
             "crypto_mount_path": { "type": "string","pattern":"^(\/[^\/ ]*)+[^\/ ]+$","description":"Path for the crypto files. Optional if tls: false"},
             "image": { "type": "string","description":"Docker repo for external chaincode image"}