def check_id(ca_namespace, ca, username):
"""
Args:
ca_namespace (str): K8S namespace where CA is located.
ca (str): K8S release name of CA.
username (str): Username for identity.
Returns:
bool: Does the ID exist?
"""
# Get CA
ca_exec = get_helm_pod(namespace=ca_namespace, release=ca, app="hlf-ca")
# Check if Orderer is registered with the relevant CA
got_id = False
while not got_id:
ord_id, err = ca_exec.execute(
f"fabric-ca-client identity list --id {username}")
if err:
# Expected error (identity does not exist)
if "no rows in result set" in err:
got_id = True
# Otherwise, unexpected error, we are having issues connecting to CA
else:
sleep(15)
else:
got_id = True
return ord_id
def setup_ca(opts, upgrade=False):
"""Setup CA.
Setup involves enrolling the CA admin, checking the Ingress
is responsive.
Args:
opts (dict): Nephos options dict.
upgrade (bool): Do we upgrade the deployment? False by default.
"""
for ca_name, ca_values in opts["cas"].items():
ca_namespace = get_namespace(opts, ca=ca_name)
# Install Charts
ca_chart(opts=opts, release=ca_name, upgrade=upgrade)
# Obtain CA pod and Enroll
pod_exec = get_helm_pod(namespace=ca_namespace,
release=ca_name,
app="hlf-ca")
ca_enroll(pod_exec)
# Get CA Ingress and check it is running
try:
# Get ingress of CA
ingress_urls = ingress_read(ca_name + "-hlf-ca",
namespace=ca_namespace)
except ApiException:
logging.warning("No ingress found for CA")
continue
# Check the CA is running
check_ca(ingress_host=ingress_urls[0],
cacert=ca_values.get("tls_cert"))
def register_id(ca_namespace,
ca,
username,
password,
node_type="client",
admin=False):
"""Register an ID with a Fabric Certificate Authority
Args:
ca_namespace (str): K8S namespace where CA is located.
ca (str): K8S release name of CA.
username (str): Username for identity.
password (str): Password for identity.
node_type (str): Node type for identity. "client" by default.
admin (bool): Whether the identity is an admin. False by default.
"""
# Get CA
ord_id = check_id(ca_namespace, ca, username)
# Registered if needed
ca_exec = get_helm_pod(namespace=ca_namespace, release=ca, app="hlf-ca")
if not ord_id:
command = (
"fabric-ca-client register --id.name {id} --id.secret {pw} --id.type {type}"
)
if admin:
command += " --id.attrs 'admin=true:ecert'"
registered_id = False
while not registered_id:
res, err = ca_exec.execute(
command.format(id=username, pw=password, type=node_type))
if not err:
registered_id = True
# Otherwise, unexpected error, we are having issues connecting to CA
else:
sleep(15)
def setup_card(opts, msp_path, user_name, roles, network=None, verbose=False):
"""Setup the Card for Hyperledger Composer.
Args:
opts (dict): Nephos options dict.
msp_path (str): Path to the MSP on the Composer CLI.
user_name (str): Name of user for identity card.
network (str): Name of network for identity card.
roles (Iterable): Roles to assign to identity card.
verbose (bool): Verbosity. False by default.
"""
peer_namespace = get_namespace(opts, opts["peers"]["msp"])
hlc_cli_ex = get_helm_pod(peer_namespace, opts["composer"]["name"],
"hl-composer")
# Set up the PeerAdmin card
ls_res, _ = hlc_cli_ex.execute(
f"composer card list --card {user_name}@{network}")
if roles:
roles_string = "-r " + " -r ".join(roles) + " "
else:
roles_string = ""
if not ls_res:
hlc_cli_ex.execute(
("composer card create " + (f"-n {network} " if network else "") +
"-p /hl_config/hlc-connection/connection.json " +
f"-u {user_name} -c {msp_path}/signcerts/cert.pem " +
f"-k {msp_path}/keystore/key.pem " + f"{roles_string}" +
f"--file /home/composer/{user_name}@{network}"))
hlc_cli_ex.execute("composer card import " +
f"--file /home/composer/{user_name}@{network}.card")
def install_network(opts, verbose=False):
"""Install Hyperledger Composer network.
Args:
opts (dict): Nephos options dict.
verbose (bool): Verbosity. False by default.
"""
peer_namespace = get_namespace(opts, opts["peers"]["msp"])
hlc_cli_ex = get_helm_pod(peer_namespace,
opts["composer"]["name"],
"hl-composer",
verbose=verbose)
# Install network
# TODO: Getting BNA could be a helper function
bna, _ = hlc_cli_ex.execute("ls /hl_config/blockchain_network")
bna_name, bna_rem = bna.split("_")
bna_version, _ = bna_rem.split(".bna")
# TODO: This could be a single function
peer_msp = opts["peers"]["msp"]
bna_admin = opts["msps"][peer_msp]["org_admin"]
admin_creds(opts, peer_msp, verbose=verbose)
bna_pw = opts["msps"][peer_msp]["org_adminpw"]
ls_res, _ = hlc_cli_ex.execute(
"composer card list --card {bna_admin}@{bna_name}".format(
bna_admin=bna_admin, bna_name=bna_name))
if not ls_res:
hlc_cli_ex.execute(
("composer network install --card PeerAdmin@hlfv1 " +
"--archiveFile /hl_config/blockchain_network/{bna}").format(
bna=bna))
hlc_cli_ex.execute(
("composer network start " + "--card PeerAdmin@hlfv1 " +
"--networkName {bna_name} --networkVersion {bna_version} " +
"--networkAdmin {bna_admin} --networkAdminEnrollSecret {bna_pw}"
).format(
bna_name=bna_name,
bna_version=bna_version,
bna_admin=bna_admin,
bna_pw=bna_pw,
))
hlc_cli_ex.execute(
"composer card import --file {bna_admin}@{bna_name}.card".format(
bna_admin=bna_admin, bna_name=bna_name))
hlc_cli_ex.execute(
"composer network ping --card {bna_admin}@{bna_name}".format(
bna_admin=bna_admin, bna_name=bna_name))
def upgrade_network(opts, verbose=False):
"""Upgrade Hyperledger Composer network.
Args:
opts (dict): Nephos options dict.
verbose (bool): Verbosity. False by default.
"""
peer_namespace = get_namespace(opts, opts["peers"]["msp"])
secret_from_file(
secret=opts["composer"]["secret_bna"], namespace=peer_namespace, verbose=verbose
)
# Set up the PeerAdmin card
hlc_cli_ex = get_helm_pod(peer_namespace, "hlc", "hl-composer", verbose=verbose)
bna, _ = hlc_cli_ex.execute("ls /hl_config/blockchain_network")
bna_name, bna_rem = bna.split("_")
bna_version, _ = bna_rem.split(".bna")
peer_msp = opts["peers"]["msp"]
bna_admin = opts["msps"][peer_msp]["org_admin"]
res, _ = hlc_cli_ex.execute(
"composer network ping --card {bna_admin}@{bna_name}".format(
bna_admin=bna_admin, bna_name=bna_name
)
)
curr_version = (res.split("Business network version: ")[1]).split()[0]
print(curr_version)
if curr_version != bna_version:
hlc_cli_ex.execute(
(
"composer network install --card PeerAdmin@hlfv1 "
+ "--archiveFile /hl_config/blockchain_network/{bna}"
).format(bna=bna)
)
hlc_cli_ex.execute(
(
"composer network upgrade "
+ "--card PeerAdmin@hlfv1 "
+ "--networkName {bna_name} --networkVersion {bna_version}"
).format(bna_name=bna_name, bna_version=bna_version)
)
res, _ = hlc_cli_ex.execute(
"composer network ping --card {bna_admin}@{bna_name}".format(
bna_admin=bna_admin, bna_name=bna_name
)
)
curr_version = (res.split("Business network version: ")[1]).split()[0]
print("Upgraded to {version}".format(version=curr_version))
def create_channel(opts):
"""Create Channel for Peer.
Args:
opts (dict): Nephos options dict.
"""
ord_msp = get_an_orderer_msp(opts=opts)
ord_namespace = get_namespace(opts, msp=ord_msp)
ord_name = random.choice(list(get_orderers(opts=opts, msp=ord_msp)))
cmd_suffix = peer_channel_suffix(opts, ord_msp, ord_name)
for msp in get_msps(opts=opts):
peer_namespace = get_namespace(opts, msp=msp)
for channel in get_channels(opts=opts):
channel_name = opts["channels"][channel]["channel_name"]
secret_channel = opts["channels"][channel]["secret_channel"]
if msp not in opts["channels"][channel]["msps"]:
continue
for index, release in enumerate(get_peers(opts=opts, msp=msp)):
# Get peer pod
pod_ex = get_helm_pod(peer_namespace, release, "hlf-peer")
# Check if the file exists
has_channel = False
while not has_channel:
has_channel = get_channel_block(
pod_ex, ord_name, ord_namespace, channel_name, cmd_suffix
)
if not has_channel:
pod_ex.execute(
(
"bash -c 'peer channel create "
+ f"-o {ord_name}-hlf-ord.{ord_namespace}.svc.cluster.local:7050 "
+ f"-c {channel_name} -f /hl_config/channel/{secret_channel}/{channel_name}.tx {cmd_suffix}'"
)
)
res, _ = pod_ex.execute("peer channel list")
channels = (res.split("Channels peers has joined: ")[1]).split()
if channel_name not in channels:
pod_ex.execute(
(
"bash -c "
+ "'CORE_PEER_MSPCONFIGPATH=$ADMIN_MSP_PATH "
+ f"peer channel join -b /var/hyperledger/{channel_name}.block {cmd_suffix}'"
)
)
def create_channel(opts, verbose=False):
"""Create Channel for Peer.
Args:
opts (dict): Nephos options dict.
verbose (bool): Verbosity. False by default.
"""
peer_namespace = get_namespace(opts, opts["peers"]["msp"])
ord_namespace = get_namespace(opts, opts["orderers"]["msp"])
channel = opts["peers"]["channel_name"]
# Get orderer TLS status
ord_name = random.choice(opts["orderers"]["names"])
# TODO: This should be a function
cmd_suffix = peer_channel_suffix(opts, ord_name, verbose=verbose)
for index, release in enumerate(opts["peers"]["names"]):
# Get peer pod
pod_ex = get_helm_pod(peer_namespace,
release,
"hlf-peer",
verbose=verbose)
# Check if the file exists
has_channel = False
while not has_channel:
has_channel = get_channel_block(pod_ex, ord_name, ord_namespace,
channel, cmd_suffix)
if not has_channel:
pod_ex.execute((
"bash -c 'peer channel create " +
"-o {orderer}-hlf-ord.{ns}.svc.cluster.local:7050 " +
"-c {channel} -f /hl_config/channel/{channel}.tx {cmd_suffix}'"
).format(
orderer=ord_name,
ns=ord_namespace,
channel=opts["peers"]["channel_name"],
cmd_suffix=cmd_suffix,
))
res, _ = pod_ex.execute("peer channel list")
channels = (res.split("Channels peers has joined: ")[1]).split()
if opts["peers"]["channel_name"] not in channels:
pod_ex.execute((
"bash -c " + "'CORE_PEER_MSPCONFIGPATH=$ADMIN_MSP_PATH " +
"peer channel join -b /var/hyperledger/{channel}.block {cmd_suffix}'"
).format(channel=opts["peers"]["channel_name"],
cmd_suffix=cmd_suffix))
def check_ord(namespace, release):
"""Check if Orderer is running.
Args:
namespace (str): Namespace where Orderer is located.
release (str): Name of Orderer Helm release.
Returns:
bool: True once Orderer is correctly running.
"""
pod_exec = get_helm_pod(namespace=namespace, release=release, app="hlf-ord")
res = pod_exec.logs(1000)
if "fetching metadata for all topics from broker" in res:
return True
while True:
if "Starting orderer" in res:
return True
else:
sleep(15)
res = pod_exec.logs(1000)
def check_peer(namespace, release):
"""Check if Peer is running.
Args:
namespace: Namespace where Peer is located.
release: Name of Peer Helm release.
Returns:
bool: True once Peer is correctly running.
"""
pod_exec = get_helm_pod(namespace=namespace, release=release, app="hlf-peer")
res = pod_exec.logs(1000)
if "Received block" in res:
return True
while True:
if "Starting peer" in res or "Sleeping" in res:
return True
else:
sleep(15)
res = pod_exec.logs(1000)
def upgrade_network(opts, verbose=False):
"""Upgrade Hyperledger Composer network.
Args:
opts (dict): Nephos options dict.
verbose (bool): Verbosity. False by default.
"""
peer_namespace = get_namespace(opts, opts["peers"]["msp"])
secret_data = input_files((None, ), clean_key=True)
secret_create(secret_data, opts["composer"]["secret_bna"], peer_namespace)
# Set up the PeerAdmin card
hlc_cli_ex = get_helm_pod(peer_namespace,
"hlc",
"hl-composer",
verbose=verbose)
bna, _ = hlc_cli_ex.execute("ls /hl_config/blockchain_network")
bna_name, bna_rem = bna.split("_")
bna_version, _ = bna_rem.split(".bna")
peer_msp = opts["peers"]["msp"]
bna_admin = opts["msps"][peer_msp]["org_admin"]
res, _ = hlc_cli_ex.execute(
f"composer network ping --card {bna_admin}@{bna_name}")
curr_version = (res.split("Business network version: ")[1]).split()[0]
logging.info(curr_version)
if curr_version != bna_version:
hlc_cli_ex.execute(
("composer network install --card PeerAdmin@hlfv1 " +
f"--archiveFile /hl_config/blockchain_network/{bna}"))
hlc_cli_ex.execute(
("composer network upgrade " + "--card PeerAdmin@hlfv1 " +
f"--networkName {bna_name} --networkVersion {bna_version}"))
res, _ = hlc_cli_ex.execute(
f"composer network ping --card {bna_admin}@{bna_name}")
curr_version = (res.split("Business network version: ")[1]).split()[0]
logging.info(f"Upgraded to {curr_version}")
def test_get_helm_pod(self, mock_get_pod):
get_helm_pod("a-namespace", "a-release", "an-app", item=7)
mock_get_pod.assert_called_once_with(
"a-namespace", '-l "app=an-app,release=a-release"', item=7)
