def extract_crypto(opts, node_type, verbose=False):
# Get chart type
chart = NODE_MAPPER[node_type]
node_namespace = get_namespace(opts, opts[node_type + 's']['msp'])
for release in opts[node_type + 's']['names']:
pod_ex = get_pod(node_namespace, release, chart)
# Secrets
crypto_info = [
CryptoInfo('idcert', 'signcerts', 'cert.pem', True),
CryptoInfo('idkey', 'keystore', 'key.pem', True),
CryptoInfo('cacert', 'cacerts', 'cacert.pem', True),
CryptoInfo('caintcert', 'intermediatecerts', 'intermediatecacert.pem', False)
]
for item in crypto_info:
secret_name = 'hlf--{}-{}'.format(release, item.secret_type)
try:
secret_read(secret_name, node_namespace)
if verbose:
print('{} secret already exists'.format(secret_name))
except ApiException:
command = "bash -c 'ls /var/hyperledger/msp/{}' | wc -l".format(item.subfolder)
file_num = pod_ex.execute(command)
if file_num.strip() != '1':
if item.required:
raise ValueError('We should only have 1 file in each of these folders')
else:
print('Wrong number of files in {} directory'.format(item.subfolder))
else:
command = "bash -c 'cat /var/hyperledger/msp/{}/*'".format(item.subfolder)
content = pod_ex.execute(command)
secret_data = {
item.key: content
}
secret_create(secret_data, secret_name, node_namespace, verbose=verbose)
def credentials_secret(secret_name,
namespace,
username,
password=None,
verbose=False):
"""Create a CA credentials secret.
Args:
secret_name (str): Name of secret.
namespace (str): Namespace for secret to be located.
username (str): Username for credentials secret.
password (str): Password for credentials secret.
verbose (bool): Verbosity. False by default.
Returns:
dict: Secret data including "CA_USERNAME" and "CA_PASSWORD"
"""
try:
secret_data = secret_read(secret_name, namespace, verbose=verbose)
# Check that the ID stored is the same as Orderer name
assert username == secret_data["CA_USERNAME"]
if password:
assert password == secret_data["CA_PASSWORD"]
except ApiException:
# Get relevant variables
if not password:
password = rand_string(24)
secret_data = {"CA_USERNAME": username, "CA_PASSWORD": password}
secret_create(secret_data, secret_name, namespace)
return secret_data
def test_secret_create_verbose(self, mock_api, mock_print):
secret_create({'a_key': 'a_value'},
'a_secret',
'a-namespace',
verbose=True)
mock_api.create_namespaced_secret.assert_called_once()
mock_print.assert_called_once_with(
'Created secret a_secret in namespace a-namespace')
def test_secret_create_verbose(self, mock_api, mock_print):
secret_create({"a_key": "a_value"},
"a_secret",
"a-namespace",
verbose=True)
mock_api.create_namespaced_secret.assert_called_once()
mock_print.assert_called_once_with(
"Created Secret a_secret in namespace a-namespace")
def deploy_composer(opts, upgrade=False, verbose=False):
"""Deploy Hyperledger Composer on K8S.
We use the hl-composer Helm chart as a basis to deploying Composer
on K8S. Please note that Composer is unmaintained and may eventually
be deprecated from this repository as we migrate to raw Fabric.
Args:
opts (dict): Nephos options dict.
upgrade (bool): Do we upgrade the deployment? False by default.
verbose (bool): Verbosity. False by default.
"""
peer_namespace = get_namespace(opts, opts["peers"]["msp"])
# Ensure BNA exists
secret_data = input_files((None, ), clean_key=True)
secret_create(secret_data, opts["composer"]["secret_bna"], peer_namespace)
composer_connection(opts, verbose=verbose)
# Start Composer
version = get_version(opts, "hl-composer")
config_yaml = (
f'{opts["core"]["dir_values"]}/hl-composer/{opts["composer"]["name"]}.yaml'
)
if not upgrade:
extra_vars = helm_extra_vars(version=version, config_yaml=config_yaml)
helm_install(
opts["core"]["chart_repo"],
"hl-composer",
opts["composer"]["name"],
peer_namespace,
extra_vars=extra_vars,
)
else:
preserve = (HelmPreserve(
peer_namespace,
f"{opts['composer']['name']}-hl-composer-rest",
"COMPOSER_APIKEY",
"rest.config.apiKey",
), )
extra_vars = helm_extra_vars(version=version,
config_yaml=config_yaml,
preserve=preserve)
helm_upgrade(
opts["core"]["chart_repo"],
"hl-composer",
opts["composer"]["name"],
extra_vars=extra_vars,
)
helm_check("hl-composer",
opts["composer"]["name"],
peer_namespace,
pod_num=3)
def credentials_secret(secret_name,
namespace,
username,
password=None,
verbose=False):
try:
secret_data = secret_read(secret_name, namespace, verbose=verbose)
# Check that the ID stored is the same as Orderer name
assert username == secret_data['CA_USERNAME']
if password:
assert password == secret_data['CA_PASSWORD']
except ApiException:
# Get relevant variables
if not password:
password = rand_string(24)
secret_data = {'CA_USERNAME': username, 'CA_PASSWORD': password}
secret_create(secret_data, secret_name, namespace)
return secret_data
def extract_credentials(opts, node_type, verbose=False):
chart = NODE_MAPPER[node_type]
node_namespace = get_namespace(opts, opts[node_type + 's']['msp'])
# Loop over the nodes
for release in opts[node_type + 's']['names']:
secret_name = 'hlf--{}-cred'.format(release)
try:
secret_read(secret_name, node_namespace)
if verbose:
print('{} secret already exists'.format(secret_name))
except ApiException:
# Obtain secret data from original chart secret
original_data = secret_read('{}-{}'.format(release, chart), node_namespace)
# Create secret with Orderer credentials
secret_data = {
'CA_USERNAME': original_data['CA_USERNAME'],
'CA_PASSWORD': original_data['CA_PASSWORD']
}
secret_create(secret_data, secret_name, node_namespace, verbose=verbose)
def upgrade_network(opts, verbose=False):
"""Upgrade Hyperledger Composer network.
Args:
opts (dict): Nephos options dict.
verbose (bool): Verbosity. False by default.
"""
peer_namespace = get_namespace(opts, opts["peers"]["msp"])
secret_data = input_files((None, ), clean_key=True)
secret_create(secret_data, opts["composer"]["secret_bna"], peer_namespace)
# Set up the PeerAdmin card
hlc_cli_ex = get_helm_pod(peer_namespace,
"hlc",
"hl-composer",
verbose=verbose)
bna, _ = hlc_cli_ex.execute("ls /hl_config/blockchain_network")
bna_name, bna_rem = bna.split("_")
bna_version, _ = bna_rem.split(".bna")
peer_msp = opts["peers"]["msp"]
bna_admin = opts["msps"][peer_msp]["org_admin"]
res, _ = hlc_cli_ex.execute(
f"composer network ping --card {bna_admin}@{bna_name}")
curr_version = (res.split("Business network version: ")[1]).split()[0]
logging.info(curr_version)
if curr_version != bna_version:
hlc_cli_ex.execute(
("composer network install --card PeerAdmin@hlfv1 " +
f"--archiveFile /hl_config/blockchain_network/{bna}"))
hlc_cli_ex.execute(
("composer network upgrade " + "--card PeerAdmin@hlfv1 " +
f"--networkName {bna_name} --networkVersion {bna_version}"))
res, _ = hlc_cli_ex.execute(
f"composer network ping --card {bna_admin}@{bna_name}")
curr_version = (res.split("Business network version: ")[1]).split()[0]
logging.info(f"Upgraded to {curr_version}")
def test_secret_create(selfself, mock_api, mock_print):
secret_create({"a_key": "a_value"}, "a_secret", "a-namespace")
mock_api.create_namespaced_secret.assert_called_once()
mock_print.assert_not_called()
def test_secret_create(self, mock_api, mock_log):
secret_create({"a_key": "a_value"}, "a_secret", "a-namespace")
mock_api.create_namespaced_secret.assert_called_once()
mock_log.info.assert_called_once_with(
"Created Secret a_secret in namespace a-namespace")
def test_secret_create(selfself, mock_api, mock_print):
secret_create({'a_key': 'a_value'}, 'a_secret', 'a-namespace')
mock_api.create_namespaced_secret.assert_called_once()
mock_print.assert_not_called()
