def create_org_secrets(domain): admin = gets( ("find crypto-config/peerOrganizations/%s/users/Admin@%s/msp/keystore " "-type f -name '*_sk'" % (domain, domain))) signed = gets(( "find crypto-config/peerOrganizations/%s/users/Admin@%s/msp/signcerts " "-type f -name '*.pem'" % (domain, domain))) puts("INFO: Creating Secrets for %s" % domain) os.system(( "kubectl create secret generic %s-secret --from-file=admin-sign-cert=%s " "--from-file=tls-cert=%s --namespace=peers" % (domain, admin.strip(), signed.strip()))) # Mapping of key files form which the secret would get created # use this mapping to create org level secret from an external file KEY_PATHS = { 'cert-p12': "keys/%s/cert.p12" % domain, 'id-rsa': "keys/%s/id_rsa" % domain, 'id-rsa-pub': "keys/%s/id_rsa.pub" % domain, 'totp-key': "keys/%s/totp.key" % domain, } from_files = ' '.join( map(lambda x: '--from-file=' + x + '=' + KEY_PATHS[x], KEY_PATHS)) os.system(("kubectl create secret generic %s-keys-secret %s " "--namespace=peers" % (domain, from_files)))
def set_org_peer_pods(namespace, orgPeers, domain, orgName): puts("%s : Creating Fabric Peer Pods.." % namespace) for p in orgPeers: # create secrets for MSP and TLS certs create_cert_secrets(p, namespace, domain) # create actual fabric peer pod create_fabric_peer_pod(p, namespace, domain, orgPeers, orgName) return
def set_extra_pods(namespace, extraPods): puts("%s : Creating Extra Pods.." % namespace) for p in extraPods: env = ' '.join( map(lambda x: "--set %s=%s" % (x['name'], x['value']), p['Values'])) extraPodHelmCmd = "helm install --name=%s %s --namespace=peers %s" % ( p['Name'], p['Chart'], env) puts(extraPodHelmCmd) os.system(extraPodHelmCmd) return
def copy_public_certs(): # Copy certs except private keys from crypto-config # os.system("find ./crypto-config -type f -name '*_sk' -delete") # os.system("find ./crypto-config -type f -name '*.key' -delete") puts("INFO: Copying public certs in ./crypto-config folder..") os.system( "kubectl cp ./crypto-config peers/public-certs-injector-pod:/etc/hyperledger" ) puts("INFO: Public Certs Copied!! Deleting injector pod..") os.system("kubectl delete pod public-certs-injector-pod --namespace=peers") return
def init(): # generate crypto-config folder if not present if (not os.path.isdir('crypto-config')): puts("Generating crypto-config via cryptogen tool") os.system("./bin/cryptogen generate --config=./crypto-config.yaml") # generate channel-artifacts if not present if (not os.path.isdir('channel-artifacts')): puts("Generating channel-artifacts via configtxgen tool") os.system("mkdir channel-artifacts") os.system( "./bin/configtxgen -profile AllOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block" ) os.system( "./bin/configtxgen -profile AllOrgsChannel -outputCreateChannelTx ./channel-artifacts/buyer1seller1channel1.tx -channelID buyer1seller1channel1" ) with open("crypto-config.yaml", 'r') as stream: try: config = yaml.load(stream) for orderer in config['OrdererOrgs']: name = orderer['Name'].lower() puts("%s : Creating Orderer Service.." % name) # TODO: use subprocess.Popen instead of os.system os.system("kubectl create namespace %s" % namespace) domain = orderer['Specs'][0]['CommonName'] set_orderer_pvc(orderer, domain) create_orderer_pod(domain) except yaml.YAMLError as exc: puts(exc) return
def set_nfs_volume(): os.system( "kubectl apply -f ./public-certs-pvc/public-certs-nfs-service.yaml --namespace=peers" ) # wait for NFS server to get the clusterIP time.sleep(2) nfsClusterIP = subprocess.check_output( "kubectl get svc nfs-server --namespace=peers -o=jsonpath={.spec.clusterIP}", shell=True) puts("INFO: Creating PVC for public certificates..") helmCmd = ( "helm install --name=public-certs-pvc ./public-certs-pvc --namespace=peers" " --set nfs.clusterIP=%s" % nfsClusterIP) os.system(helmCmd) exec_when_pod_up( "kubectl exec public-certs-injector-pod --namespace=peers -- ls /etc/hyperledger" ) return
def generate_network_configs(): # Check for the crypto-config folder if (not os.path.isdir('crypto-config')): print( "ERROR: Can't create network config without `crypto-config` folder" ) os.system("mkdir ./network-configs") with open("crypto-config.yaml", 'r') as stream: try: config = yaml.load(stream) for org in config['PeerOrgs']: # Creating a sub directory for org pods' data storing purposes os.system(( "kubectl exec public-certs-injector-pod --namespace=peers -- mkdir -p " "/etc/hyperledger/data/%s/chaincode /etc/hyperledger/data/%s/workingDir" % (org['Domain'], org['Domain']))) # Generating dynamic network-config file for org network_config = create_network_config(org, config) stream = file( "./network-configs/%s-network-config.yaml" % org['Domain'], 'w') puts("INFO: creating network-config for %s" % org['Name']) yaml.dump(network_config, stream) puts( "INFO: Copying network config, File location /etc/hyperledger/data/%s/" % org['Domain']) # Copying network config file to org directory in NFS cmd = ( "kubectl cp ./network-configs/%s-network-config.yaml " "peers/public-certs-injector-pod:/etc/hyperledger/data/%s/" % (org['Domain'], org['Domain'])) os.system(cmd) create_org_secrets(org['Domain']) except yaml.YAMLError as exc: print(exc) return
def init(): # Generate crypto-config folder if not present via cryptogen tool if (not os.path.isdir('crypto-config')): os.system("./bin/cryptogen generate --config=./crypto-config.yaml") puts("Generating crypto-config via cryptogen tool") puts("Creating Namespace for all fabric components") os.system("kubectl create namespace peers") with open("crypto-config.yaml", 'r') as stream: try: config = yaml.load(stream) # Setting the Fabric Peer pods for each organization # as per specified in file crypto-config.yaml for org in config['PeerOrgs']: set_org_peer_pods(org['Name'].lower(), org['Specs'], org['Domain'], org['Name']) for org in config['PeerOrgs']: set_org_cli(org['Name'].lower(), org, config['OrdererOrgs'][0]) except yaml.YAMLError as exc: print(exc) return
#!/usr/bin/env python import yaml import os import time import sys import subprocess from utils import puts filename = './config.yaml' config = yaml.load(open(filename, 'r').read()) project_name = config['project_name'] namespace = config['namespace'] react_app_base_url = config['react_app_base_url'] env = ("--set namespace=%s --set react_app_base_url=%s" %(namespace, react_app_base_url)) puts(env) cmd = "helm install --name=%s-frontend ./frontend %s" %(project_name, env) puts(cmd) os.system(cmd)
def set_org_cli(namespace, org, orderer): domain = org['Domain'] # create persistent volume claims for CLI res = os.system( "helm install --name=cli-%s-pvc ./org-cli-pvc" " --set orgname=%s --set ordDomain=%s --set ordNamespace=%s " "--namespace=peers" % (namespace, namespace, orderer['Specs'][0]['CommonName'], "peers")) if res != 0: return cmd = ( "kubectl exec %s-cli-injector-pod --namespace=peers " "-- mkdir -p /opt/gopath/src/github.com/hyperledger/fabric/orderer/crypto " "/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations " "/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations " % namespace) # copy required files into the volume claim exec_when_pod_up(cmd) remoteBasePath = "/opt/gopath/src/github.com/hyperledger/fabric" pod = "peers/%s-cli-injector-pod" % namespace puts("INFO: Copying channel-artifacts into CLI pvc") os.system("kubectl cp ./channel-artifacts %s:%s/peer" % (pod, remoteBasePath)) puts("INFO: Copying scripts into CLI pvc") os.system("kubectl cp ./scripts %s:%s/peer" % (pod, remoteBasePath)) puts("INFO: Copying chaincode into CLI pvc") os.system("kubectl cp ./chaincode %s:/opt/gopath/src/github.com" % pod) puts("INFO: Copying peers certificates into CLI pvc") os.system(("kubectl cp ./crypto-config/peerOrganizations/%s " "%s:%s/peer/crypto/peerOrganizations" % (domain, pod, remoteBasePath))) puts("INFO: Copying orderer certificates into CLI pvc") os.system( "kubectl cp ./crypto-config/ordererOrganizations/%s/msp/tlscacerts " "%s:%s/peer/crypto/ordererOrganizations/%s" % (orderer['Domain'], pod, remoteBasePath, orderer['Domain'])) puts("INFO: Copyied configs into CLI pvc!! Removing test pod") # delete the temporary injector pod os.system("kubectl delete pod %s-cli-injector-pod --namespace=peers" % namespace) # Setting up actual CLI pod os.system( ("helm install --name=cli-%s ./org-cli --set orgName=%s " "--set orgDomain=%s --set corePeer=peer0 --set peerOrgName=%s " "--namespace=peers" % (namespace, namespace, domain, org['Name']))) return
def create_orderer_pod(domain): puts("INFO: Creating orderer Pod") env = ("--set domain=%s" % domain) cmd = "helm install --name=%s ./orderer --namespace=%s %s" % ( domain, namespace, env) return os.system(cmd)
def set_orderer_pvc(orderer, domain): puts("INFO: Creating Orderer Certificate Secrets") ordererDir = "%s-%s" % (orderer['Specs'][0]['Hostname'], orderer['Domain']) create_cert_secrets(domain, orderer['Domain'], ordererDir) create_genesis_secret(domain, orderer['Specs'][0]['Hostname'])
#!/usr/bin/env python import yaml import os import sys import time from utils import puts namespace = sys.argv[1] if len(sys.argv) > 1 is not None else "orderers" puts("INFO: using %s as namespace ..." % namespace) def set_orderer_pvc(orderer, domain): puts("INFO: Creating Orderer Certificate Secrets") ordererDir = "%s-%s" % (orderer['Specs'][0]['Hostname'], orderer['Domain']) create_cert_secrets(domain, orderer['Domain'], ordererDir) create_genesis_secret(domain, orderer['Specs'][0]['Hostname']) def create_orderer_pod(domain): puts("INFO: Creating orderer Pod") env = ("--set domain=%s" % domain) cmd = "helm install --name=%s ./orderer --namespace=%s %s" % ( domain, namespace, env) return os.system(cmd) def create_cert_secrets(domain, ordDomain, ordererDir): for subPath in ['msp', 'tls']: src = "./crypto-config/ordererOrganizations/%s/orderers/%s/%s" % ( ordDomain, ordererDir, subPath)
def init(): with open("crypto-config.yaml", 'r') as stream: try: config = yaml.load(stream) for org in config['PeerOrgs']: namespace = sys.argv[1] if len( sys.argv) > 1 is not None else "orderers" set_extra_pods(namespace, org['ExtraPods']) except yaml.YAMLError as exc: print(exc) return init() print("""\033[92m _____ / ___| \ `--. _ _ ___ ___ ___ ___ ___ `--. \ | | |/ __/ __/ _ \/ __/ __| /\__/ / |_| | (_| (_| __/\__ \__ \ \____/ \__,_|\___\___\___||___/___/ """) print("==== Hyperledger cluster setup complete on your cluster! ==== \033[0m") puts("* PODS RUNNING:") os.system('kubectl get po --namespace=peers') puts("* SERVICES RUNNING:") os.system('kubectl get svc --namespace=peers')
--nodes-max 3 \ --managed \ ''' % (aws_cluster_name, aws_region) print 'Executing: %s' % (create_cluster_command) os.system(create_cluster_command) print 'Executing: %s' % ('helm init') os.system('helm init') print 'Executing: %s' % ( 'kubectl create serviceaccount --namespace kube-system tiller') os.system('kubectl create serviceaccount --namespace kube-system tiller') create_cluster_role_binding_command = ''' kubectl create clusterrolebinding tiller-cluster-rule \ --clusterrole=cluster-admin \ --serviceaccount=kube-system:tiller \ ''' print 'Executing: %s' % (create_cluster_role_binding_command) os.system(create_cluster_role_binding_command) print 'Executing: %s' % ('helm init --service-account tiller --upgrade') os.system('helm init --service-account tiller --upgrade') create_namespace = "kubectl create namespace %s" % (namespace) puts(create_namespace) os.system(create_namespace) print 'Done!'
import sys import subprocess import uuid import json from utils import puts filename = './config.yaml' config = yaml.load(open(filename, 'r').read()) project_name = config['project_name'] cluster_name = config['Cluster']['cluster_name'] domain = config['domain'] namespace = config['namespace'] env = ("--set namespace=%s --set cluster_name=%s --set domain=%s" % (namespace, cluster_name, domain)) puts(env) os.system( "kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/rbac-role.yaml" ) #create policy extract_arn = None policies = os.popen("aws iam list-policies | jq '.Policies'").read().strip() policies = json.loads(policies) for policy in policies: if policy['PolicyName'] == "ALBIngressControllerIAMPolicy": extract_arn = policy['Arn'] if extract_arn == None: create_policy = "aws iam create-policy --policy-name ALBIngressControllerIAMPolicy --policy-document file://scripts/iam-policy.json | jq -r '.Policy.Arn'"