def check_id(ca_namespace, ca, username): """ Args: ca_namespace (str): K8S namespace where CA is located. ca (str): K8S release name of CA. username (str): Username for identity. Returns: bool: Does the ID exist? """ # Get CA ca_exec = get_helm_pod(namespace=ca_namespace, release=ca, app="hlf-ca") # Check if Orderer is registered with the relevant CA got_id = False while not got_id: ord_id, err = ca_exec.execute( f"fabric-ca-client identity list --id {username}") if err: # Expected error (identity does not exist) if "no rows in result set" in err: got_id = True # Otherwise, unexpected error, we are having issues connecting to CA else: sleep(15) else: got_id = True return ord_id
def setup_ca(opts, upgrade=False): """Setup CA. Setup involves enrolling the CA admin, checking the Ingress is responsive. Args: opts (dict): Nephos options dict. upgrade (bool): Do we upgrade the deployment? False by default. """ for ca_name, ca_values in opts["cas"].items(): ca_namespace = get_namespace(opts, ca=ca_name) # Install Charts ca_chart(opts=opts, release=ca_name, upgrade=upgrade) # Obtain CA pod and Enroll pod_exec = get_helm_pod(namespace=ca_namespace, release=ca_name, app="hlf-ca") ca_enroll(pod_exec) # Get CA Ingress and check it is running try: # Get ingress of CA ingress_urls = ingress_read(ca_name + "-hlf-ca", namespace=ca_namespace) except ApiException: logging.warning("No ingress found for CA") continue # Check the CA is running check_ca(ingress_host=ingress_urls[0], cacert=ca_values.get("tls_cert"))
def register_id(ca_namespace, ca, username, password, node_type="client", admin=False): """Register an ID with a Fabric Certificate Authority Args: ca_namespace (str): K8S namespace where CA is located. ca (str): K8S release name of CA. username (str): Username for identity. password (str): Password for identity. node_type (str): Node type for identity. "client" by default. admin (bool): Whether the identity is an admin. False by default. """ # Get CA ord_id = check_id(ca_namespace, ca, username) # Registered if needed ca_exec = get_helm_pod(namespace=ca_namespace, release=ca, app="hlf-ca") if not ord_id: command = ( "fabric-ca-client register --id.name {id} --id.secret {pw} --id.type {type}" ) if admin: command += " --id.attrs 'admin=true:ecert'" registered_id = False while not registered_id: res, err = ca_exec.execute( command.format(id=username, pw=password, type=node_type)) if not err: registered_id = True # Otherwise, unexpected error, we are having issues connecting to CA else: sleep(15)
def setup_card(opts, msp_path, user_name, roles, network=None, verbose=False): """Setup the Card for Hyperledger Composer. Args: opts (dict): Nephos options dict. msp_path (str): Path to the MSP on the Composer CLI. user_name (str): Name of user for identity card. network (str): Name of network for identity card. roles (Iterable): Roles to assign to identity card. verbose (bool): Verbosity. False by default. """ peer_namespace = get_namespace(opts, opts["peers"]["msp"]) hlc_cli_ex = get_helm_pod(peer_namespace, opts["composer"]["name"], "hl-composer") # Set up the PeerAdmin card ls_res, _ = hlc_cli_ex.execute( f"composer card list --card {user_name}@{network}") if roles: roles_string = "-r " + " -r ".join(roles) + " " else: roles_string = "" if not ls_res: hlc_cli_ex.execute( ("composer card create " + (f"-n {network} " if network else "") + "-p /hl_config/hlc-connection/connection.json " + f"-u {user_name} -c {msp_path}/signcerts/cert.pem " + f"-k {msp_path}/keystore/key.pem " + f"{roles_string}" + f"--file /home/composer/{user_name}@{network}")) hlc_cli_ex.execute("composer card import " + f"--file /home/composer/{user_name}@{network}.card")
def install_network(opts, verbose=False): """Install Hyperledger Composer network. Args: opts (dict): Nephos options dict. verbose (bool): Verbosity. False by default. """ peer_namespace = get_namespace(opts, opts["peers"]["msp"]) hlc_cli_ex = get_helm_pod(peer_namespace, opts["composer"]["name"], "hl-composer", verbose=verbose) # Install network # TODO: Getting BNA could be a helper function bna, _ = hlc_cli_ex.execute("ls /hl_config/blockchain_network") bna_name, bna_rem = bna.split("_") bna_version, _ = bna_rem.split(".bna") # TODO: This could be a single function peer_msp = opts["peers"]["msp"] bna_admin = opts["msps"][peer_msp]["org_admin"] admin_creds(opts, peer_msp, verbose=verbose) bna_pw = opts["msps"][peer_msp]["org_adminpw"] ls_res, _ = hlc_cli_ex.execute( "composer card list --card {bna_admin}@{bna_name}".format( bna_admin=bna_admin, bna_name=bna_name)) if not ls_res: hlc_cli_ex.execute( ("composer network install --card PeerAdmin@hlfv1 " + "--archiveFile /hl_config/blockchain_network/{bna}").format( bna=bna)) hlc_cli_ex.execute( ("composer network start " + "--card PeerAdmin@hlfv1 " + "--networkName {bna_name} --networkVersion {bna_version} " + "--networkAdmin {bna_admin} --networkAdminEnrollSecret {bna_pw}" ).format( bna_name=bna_name, bna_version=bna_version, bna_admin=bna_admin, bna_pw=bna_pw, )) hlc_cli_ex.execute( "composer card import --file {bna_admin}@{bna_name}.card".format( bna_admin=bna_admin, bna_name=bna_name)) hlc_cli_ex.execute( "composer network ping --card {bna_admin}@{bna_name}".format( bna_admin=bna_admin, bna_name=bna_name))
def upgrade_network(opts, verbose=False): """Upgrade Hyperledger Composer network. Args: opts (dict): Nephos options dict. verbose (bool): Verbosity. False by default. """ peer_namespace = get_namespace(opts, opts["peers"]["msp"]) secret_from_file( secret=opts["composer"]["secret_bna"], namespace=peer_namespace, verbose=verbose ) # Set up the PeerAdmin card hlc_cli_ex = get_helm_pod(peer_namespace, "hlc", "hl-composer", verbose=verbose) bna, _ = hlc_cli_ex.execute("ls /hl_config/blockchain_network") bna_name, bna_rem = bna.split("_") bna_version, _ = bna_rem.split(".bna") peer_msp = opts["peers"]["msp"] bna_admin = opts["msps"][peer_msp]["org_admin"] res, _ = hlc_cli_ex.execute( "composer network ping --card {bna_admin}@{bna_name}".format( bna_admin=bna_admin, bna_name=bna_name ) ) curr_version = (res.split("Business network version: ")[1]).split()[0] print(curr_version) if curr_version != bna_version: hlc_cli_ex.execute( ( "composer network install --card PeerAdmin@hlfv1 " + "--archiveFile /hl_config/blockchain_network/{bna}" ).format(bna=bna) ) hlc_cli_ex.execute( ( "composer network upgrade " + "--card PeerAdmin@hlfv1 " + "--networkName {bna_name} --networkVersion {bna_version}" ).format(bna_name=bna_name, bna_version=bna_version) ) res, _ = hlc_cli_ex.execute( "composer network ping --card {bna_admin}@{bna_name}".format( bna_admin=bna_admin, bna_name=bna_name ) ) curr_version = (res.split("Business network version: ")[1]).split()[0] print("Upgraded to {version}".format(version=curr_version))
def create_channel(opts): """Create Channel for Peer. Args: opts (dict): Nephos options dict. """ ord_msp = get_an_orderer_msp(opts=opts) ord_namespace = get_namespace(opts, msp=ord_msp) ord_name = random.choice(list(get_orderers(opts=opts, msp=ord_msp))) cmd_suffix = peer_channel_suffix(opts, ord_msp, ord_name) for msp in get_msps(opts=opts): peer_namespace = get_namespace(opts, msp=msp) for channel in get_channels(opts=opts): channel_name = opts["channels"][channel]["channel_name"] secret_channel = opts["channels"][channel]["secret_channel"] if msp not in opts["channels"][channel]["msps"]: continue for index, release in enumerate(get_peers(opts=opts, msp=msp)): # Get peer pod pod_ex = get_helm_pod(peer_namespace, release, "hlf-peer") # Check if the file exists has_channel = False while not has_channel: has_channel = get_channel_block( pod_ex, ord_name, ord_namespace, channel_name, cmd_suffix ) if not has_channel: pod_ex.execute( ( "bash -c 'peer channel create " + f"-o {ord_name}-hlf-ord.{ord_namespace}.svc.cluster.local:7050 " + f"-c {channel_name} -f /hl_config/channel/{secret_channel}/{channel_name}.tx {cmd_suffix}'" ) ) res, _ = pod_ex.execute("peer channel list") channels = (res.split("Channels peers has joined: ")[1]).split() if channel_name not in channels: pod_ex.execute( ( "bash -c " + "'CORE_PEER_MSPCONFIGPATH=$ADMIN_MSP_PATH " + f"peer channel join -b /var/hyperledger/{channel_name}.block {cmd_suffix}'" ) )
def create_channel(opts, verbose=False): """Create Channel for Peer. Args: opts (dict): Nephos options dict. verbose (bool): Verbosity. False by default. """ peer_namespace = get_namespace(opts, opts["peers"]["msp"]) ord_namespace = get_namespace(opts, opts["orderers"]["msp"]) channel = opts["peers"]["channel_name"] # Get orderer TLS status ord_name = random.choice(opts["orderers"]["names"]) # TODO: This should be a function cmd_suffix = peer_channel_suffix(opts, ord_name, verbose=verbose) for index, release in enumerate(opts["peers"]["names"]): # Get peer pod pod_ex = get_helm_pod(peer_namespace, release, "hlf-peer", verbose=verbose) # Check if the file exists has_channel = False while not has_channel: has_channel = get_channel_block(pod_ex, ord_name, ord_namespace, channel, cmd_suffix) if not has_channel: pod_ex.execute(( "bash -c 'peer channel create " + "-o {orderer}-hlf-ord.{ns}.svc.cluster.local:7050 " + "-c {channel} -f /hl_config/channel/{channel}.tx {cmd_suffix}'" ).format( orderer=ord_name, ns=ord_namespace, channel=opts["peers"]["channel_name"], cmd_suffix=cmd_suffix, )) res, _ = pod_ex.execute("peer channel list") channels = (res.split("Channels peers has joined: ")[1]).split() if opts["peers"]["channel_name"] not in channels: pod_ex.execute(( "bash -c " + "'CORE_PEER_MSPCONFIGPATH=$ADMIN_MSP_PATH " + "peer channel join -b /var/hyperledger/{channel}.block {cmd_suffix}'" ).format(channel=opts["peers"]["channel_name"], cmd_suffix=cmd_suffix))
def check_ord(namespace, release): """Check if Orderer is running. Args: namespace (str): Namespace where Orderer is located. release (str): Name of Orderer Helm release. Returns: bool: True once Orderer is correctly running. """ pod_exec = get_helm_pod(namespace=namespace, release=release, app="hlf-ord") res = pod_exec.logs(1000) if "fetching metadata for all topics from broker" in res: return True while True: if "Starting orderer" in res: return True else: sleep(15) res = pod_exec.logs(1000)
def check_peer(namespace, release): """Check if Peer is running. Args: namespace: Namespace where Peer is located. release: Name of Peer Helm release. Returns: bool: True once Peer is correctly running. """ pod_exec = get_helm_pod(namespace=namespace, release=release, app="hlf-peer") res = pod_exec.logs(1000) if "Received block" in res: return True while True: if "Starting peer" in res or "Sleeping" in res: return True else: sleep(15) res = pod_exec.logs(1000)
def upgrade_network(opts, verbose=False): """Upgrade Hyperledger Composer network. Args: opts (dict): Nephos options dict. verbose (bool): Verbosity. False by default. """ peer_namespace = get_namespace(opts, opts["peers"]["msp"]) secret_data = input_files((None, ), clean_key=True) secret_create(secret_data, opts["composer"]["secret_bna"], peer_namespace) # Set up the PeerAdmin card hlc_cli_ex = get_helm_pod(peer_namespace, "hlc", "hl-composer", verbose=verbose) bna, _ = hlc_cli_ex.execute("ls /hl_config/blockchain_network") bna_name, bna_rem = bna.split("_") bna_version, _ = bna_rem.split(".bna") peer_msp = opts["peers"]["msp"] bna_admin = opts["msps"][peer_msp]["org_admin"] res, _ = hlc_cli_ex.execute( f"composer network ping --card {bna_admin}@{bna_name}") curr_version = (res.split("Business network version: ")[1]).split()[0] logging.info(curr_version) if curr_version != bna_version: hlc_cli_ex.execute( ("composer network install --card PeerAdmin@hlfv1 " + f"--archiveFile /hl_config/blockchain_network/{bna}")) hlc_cli_ex.execute( ("composer network upgrade " + "--card PeerAdmin@hlfv1 " + f"--networkName {bna_name} --networkVersion {bna_version}")) res, _ = hlc_cli_ex.execute( f"composer network ping --card {bna_admin}@{bna_name}") curr_version = (res.split("Business network version: ")[1]).split()[0] logging.info(f"Upgraded to {curr_version}")
def test_get_helm_pod(self, mock_get_pod): get_helm_pod("a-namespace", "a-release", "an-app", item=7) mock_get_pod.assert_called_once_with( "a-namespace", '-l "app=an-app,release=a-release"', item=7)