def create_org_secrets(domain):
admin = gets(
("find crypto-config/peerOrganizations/%s/users/Admin@%s/msp/keystore "
"-type f -name '*_sk'" % (domain, domain)))
signed = gets((
"find crypto-config/peerOrganizations/%s/users/Admin@%s/msp/signcerts "
"-type f -name '*.pem'" % (domain, domain)))
puts("INFO: Creating Secrets for %s" % domain)
os.system((
"kubectl create secret generic %s-secret --from-file=admin-sign-cert=%s "
"--from-file=tls-cert=%s --namespace=peers" %
(domain, admin.strip(), signed.strip())))
# Mapping of key files form which the secret would get created
# use this mapping to create org level secret from an external file
KEY_PATHS = {
'cert-p12': "keys/%s/cert.p12" % domain,
'id-rsa': "keys/%s/id_rsa" % domain,
'id-rsa-pub': "keys/%s/id_rsa.pub" % domain,
'totp-key': "keys/%s/totp.key" % domain,
}
from_files = ' '.join(
map(lambda x: '--from-file=' + x + '=' + KEY_PATHS[x], KEY_PATHS))
os.system(("kubectl create secret generic %s-keys-secret %s "
"--namespace=peers" % (domain, from_files)))
def set_org_peer_pods(namespace, orgPeers, domain, orgName):
puts("%s : Creating Fabric Peer Pods.." % namespace)
for p in orgPeers:
# create secrets for MSP and TLS certs
create_cert_secrets(p, namespace, domain)
# create actual fabric peer pod
create_fabric_peer_pod(p, namespace, domain, orgPeers, orgName)
return
def set_extra_pods(namespace, extraPods):
puts("%s : Creating Extra Pods.." % namespace)
for p in extraPods:
env = ' '.join(
map(lambda x: "--set %s=%s" % (x['name'], x['value']),
p['Values']))
extraPodHelmCmd = "helm install --name=%s %s --namespace=peers %s" % (
p['Name'], p['Chart'], env)
puts(extraPodHelmCmd)
os.system(extraPodHelmCmd)
return
def copy_public_certs():
# Copy certs except private keys from crypto-config
# os.system("find ./crypto-config -type f -name '*_sk' -delete")
# os.system("find ./crypto-config -type f -name '*.key' -delete")
puts("INFO: Copying public certs in ./crypto-config folder..")
os.system(
"kubectl cp ./crypto-config peers/public-certs-injector-pod:/etc/hyperledger"
)
puts("INFO: Public Certs Copied!! Deleting injector pod..")
os.system("kubectl delete pod public-certs-injector-pod --namespace=peers")
return
def init():
# generate crypto-config folder if not present
if (not os.path.isdir('crypto-config')):
puts("Generating crypto-config via cryptogen tool")
os.system("./bin/cryptogen generate --config=./crypto-config.yaml")
# generate channel-artifacts if not present
if (not os.path.isdir('channel-artifacts')):
puts("Generating channel-artifacts via configtxgen tool")
os.system("mkdir channel-artifacts")
os.system(
"./bin/configtxgen -profile AllOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block"
)
os.system(
"./bin/configtxgen -profile AllOrgsChannel -outputCreateChannelTx ./channel-artifacts/buyer1seller1channel1.tx -channelID buyer1seller1channel1"
)
with open("crypto-config.yaml", 'r') as stream:
try:
config = yaml.load(stream)
for orderer in config['OrdererOrgs']:
name = orderer['Name'].lower()
puts("%s : Creating Orderer Service.." % name)
# TODO: use subprocess.Popen instead of os.system
os.system("kubectl create namespace %s" % namespace)
domain = orderer['Specs'][0]['CommonName']
set_orderer_pvc(orderer, domain)
create_orderer_pod(domain)
except yaml.YAMLError as exc:
puts(exc)
return
def set_nfs_volume():
os.system(
"kubectl apply -f ./public-certs-pvc/public-certs-nfs-service.yaml --namespace=peers"
)
# wait for NFS server to get the clusterIP
time.sleep(2)
nfsClusterIP = subprocess.check_output(
"kubectl get svc nfs-server --namespace=peers -o=jsonpath={.spec.clusterIP}",
shell=True)
puts("INFO: Creating PVC for public certificates..")
helmCmd = (
"helm install --name=public-certs-pvc ./public-certs-pvc --namespace=peers"
" --set nfs.clusterIP=%s" % nfsClusterIP)
os.system(helmCmd)
exec_when_pod_up(
"kubectl exec public-certs-injector-pod --namespace=peers -- ls /etc/hyperledger"
)
return
def generate_network_configs():
# Check for the crypto-config folder
if (not os.path.isdir('crypto-config')):
print(
"ERROR: Can't create network config without `crypto-config` folder"
)
os.system("mkdir ./network-configs")
with open("crypto-config.yaml", 'r') as stream:
try:
config = yaml.load(stream)
for org in config['PeerOrgs']:
# Creating a sub directory for org pods' data storing purposes
os.system((
"kubectl exec public-certs-injector-pod --namespace=peers -- mkdir -p "
"/etc/hyperledger/data/%s/chaincode /etc/hyperledger/data/%s/workingDir"
% (org['Domain'], org['Domain'])))
# Generating dynamic network-config file for org
network_config = create_network_config(org, config)
stream = file(
"./network-configs/%s-network-config.yaml" % org['Domain'],
'w')
puts("INFO: creating network-config for %s" % org['Name'])
yaml.dump(network_config, stream)
puts(
"INFO: Copying network config, File location /etc/hyperledger/data/%s/"
% org['Domain'])
# Copying network config file to org directory in NFS
cmd = (
"kubectl cp ./network-configs/%s-network-config.yaml "
"peers/public-certs-injector-pod:/etc/hyperledger/data/%s/"
% (org['Domain'], org['Domain']))
os.system(cmd)
create_org_secrets(org['Domain'])
except yaml.YAMLError as exc:
print(exc)
return
def init():
# Generate crypto-config folder if not present via cryptogen tool
if (not os.path.isdir('crypto-config')):
os.system("./bin/cryptogen generate --config=./crypto-config.yaml")
puts("Generating crypto-config via cryptogen tool")
puts("Creating Namespace for all fabric components")
os.system("kubectl create namespace peers")
with open("crypto-config.yaml", 'r') as stream:
try:
config = yaml.load(stream)
# Setting the Fabric Peer pods for each organization
# as per specified in file crypto-config.yaml
for org in config['PeerOrgs']:
set_org_peer_pods(org['Name'].lower(), org['Specs'],
org['Domain'], org['Name'])
for org in config['PeerOrgs']:
set_org_cli(org['Name'].lower(), org, config['OrdererOrgs'][0])
except yaml.YAMLError as exc:
print(exc)
return
#!/usr/bin/env python
import yaml
import os
import time
import sys
import subprocess
from utils import puts
filename = './config.yaml'
config = yaml.load(open(filename, 'r').read())
project_name = config['project_name']
namespace = config['namespace']
react_app_base_url = config['react_app_base_url']
env = ("--set namespace=%s --set react_app_base_url=%s" %(namespace, react_app_base_url))
puts(env)
cmd = "helm install --name=%s-frontend ./frontend %s" %(project_name, env)
puts(cmd)
os.system(cmd)
def set_org_cli(namespace, org, orderer):
domain = org['Domain']
# create persistent volume claims for CLI
res = os.system(
"helm install --name=cli-%s-pvc ./org-cli-pvc"
" --set orgname=%s --set ordDomain=%s --set ordNamespace=%s "
"--namespace=peers" %
(namespace, namespace, orderer['Specs'][0]['CommonName'], "peers"))
if res != 0:
return
cmd = (
"kubectl exec %s-cli-injector-pod --namespace=peers "
"-- mkdir -p /opt/gopath/src/github.com/hyperledger/fabric/orderer/crypto "
"/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations "
"/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations "
% namespace)
# copy required files into the volume claim
exec_when_pod_up(cmd)
remoteBasePath = "/opt/gopath/src/github.com/hyperledger/fabric"
pod = "peers/%s-cli-injector-pod" % namespace
puts("INFO: Copying channel-artifacts into CLI pvc")
os.system("kubectl cp ./channel-artifacts %s:%s/peer" %
(pod, remoteBasePath))
puts("INFO: Copying scripts into CLI pvc")
os.system("kubectl cp ./scripts %s:%s/peer" % (pod, remoteBasePath))
puts("INFO: Copying chaincode into CLI pvc")
os.system("kubectl cp ./chaincode %s:/opt/gopath/src/github.com" % pod)
puts("INFO: Copying peers certificates into CLI pvc")
os.system(("kubectl cp ./crypto-config/peerOrganizations/%s "
"%s:%s/peer/crypto/peerOrganizations" %
(domain, pod, remoteBasePath)))
puts("INFO: Copying orderer certificates into CLI pvc")
os.system(
"kubectl cp ./crypto-config/ordererOrganizations/%s/msp/tlscacerts "
"%s:%s/peer/crypto/ordererOrganizations/%s" %
(orderer['Domain'], pod, remoteBasePath, orderer['Domain']))
puts("INFO: Copyied configs into CLI pvc!! Removing test pod")
# delete the temporary injector pod
os.system("kubectl delete pod %s-cli-injector-pod --namespace=peers" %
namespace)
# Setting up actual CLI pod
os.system(
("helm install --name=cli-%s ./org-cli --set orgName=%s "
"--set orgDomain=%s --set corePeer=peer0 --set peerOrgName=%s "
"--namespace=peers" % (namespace, namespace, domain, org['Name'])))
return
def create_orderer_pod(domain):
puts("INFO: Creating orderer Pod")
env = ("--set domain=%s" % domain)
cmd = "helm install --name=%s ./orderer --namespace=%s %s" % (
domain, namespace, env)
return os.system(cmd)
def set_orderer_pvc(orderer, domain):
puts("INFO: Creating Orderer Certificate Secrets")
ordererDir = "%s-%s" % (orderer['Specs'][0]['Hostname'], orderer['Domain'])
create_cert_secrets(domain, orderer['Domain'], ordererDir)
create_genesis_secret(domain, orderer['Specs'][0]['Hostname'])
#!/usr/bin/env python
import yaml
import os
import sys
import time
from utils import puts
namespace = sys.argv[1] if len(sys.argv) > 1 is not None else "orderers"
puts("INFO: using %s as namespace ..." % namespace)
def set_orderer_pvc(orderer, domain):
puts("INFO: Creating Orderer Certificate Secrets")
ordererDir = "%s-%s" % (orderer['Specs'][0]['Hostname'], orderer['Domain'])
create_cert_secrets(domain, orderer['Domain'], ordererDir)
create_genesis_secret(domain, orderer['Specs'][0]['Hostname'])
def create_orderer_pod(domain):
puts("INFO: Creating orderer Pod")
env = ("--set domain=%s" % domain)
cmd = "helm install --name=%s ./orderer --namespace=%s %s" % (
domain, namespace, env)
return os.system(cmd)
def create_cert_secrets(domain, ordDomain, ordererDir):
for subPath in ['msp', 'tls']:
src = "./crypto-config/ordererOrganizations/%s/orderers/%s/%s" % (
ordDomain, ordererDir, subPath)
def init():
with open("crypto-config.yaml", 'r') as stream:
try:
config = yaml.load(stream)
for org in config['PeerOrgs']:
namespace = sys.argv[1] if len(
sys.argv) > 1 is not None else "orderers"
set_extra_pods(namespace, org['ExtraPods'])
except yaml.YAMLError as exc:
print(exc)
return
init()
print("""\033[92m
_____
/ ___|
\ `--. _ _ ___ ___ ___ ___ ___
`--. \ | | |/ __/ __/ _ \/ __/ __|
/\__/ / |_| | (_| (_| __/\__ \__ \
\____/ \__,_|\___\___\___||___/___/
""")
print("==== Hyperledger cluster setup complete on your cluster! ==== \033[0m")
puts("* PODS RUNNING:")
os.system('kubectl get po --namespace=peers')
puts("* SERVICES RUNNING:")
os.system('kubectl get svc --namespace=peers')
--nodes-max 3 \
--managed \
''' % (aws_cluster_name, aws_region)
print 'Executing: %s' % (create_cluster_command)
os.system(create_cluster_command)
print 'Executing: %s' % ('helm init')
os.system('helm init')
print 'Executing: %s' % (
'kubectl create serviceaccount --namespace kube-system tiller')
os.system('kubectl create serviceaccount --namespace kube-system tiller')
create_cluster_role_binding_command = '''
kubectl create clusterrolebinding tiller-cluster-rule \
--clusterrole=cluster-admin \
--serviceaccount=kube-system:tiller \
'''
print 'Executing: %s' % (create_cluster_role_binding_command)
os.system(create_cluster_role_binding_command)
print 'Executing: %s' % ('helm init --service-account tiller --upgrade')
os.system('helm init --service-account tiller --upgrade')
create_namespace = "kubectl create namespace %s" % (namespace)
puts(create_namespace)
os.system(create_namespace)
print 'Done!'
import sys
import subprocess
import uuid
import json
from utils import puts
filename = './config.yaml'
config = yaml.load(open(filename, 'r').read())
project_name = config['project_name']
cluster_name = config['Cluster']['cluster_name']
domain = config['domain']
namespace = config['namespace']
env = ("--set namespace=%s --set cluster_name=%s --set domain=%s" %
(namespace, cluster_name, domain))
puts(env)
os.system(
"kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/aws-alb-ingress-controller/v1.1.4/docs/examples/rbac-role.yaml"
)
#create policy
extract_arn = None
policies = os.popen("aws iam list-policies | jq '.Policies'").read().strip()
policies = json.loads(policies)
for policy in policies:
if policy['PolicyName'] == "ALBIngressControllerIAMPolicy":
extract_arn = policy['Arn']
if extract_arn == None:
create_policy = "aws iam create-policy --policy-name ALBIngressControllerIAMPolicy --policy-document file://scripts/iam-policy.json | jq -r '.Policy.Arn'"
