def _enroll_and_register_consortium_(script_manager, ca_node, node): # --- Generate Keys and certificates for (enroll) the CA admin --- consortium_addr = node['addr'] # 'example.com' ca_addr = node['owner'] # 'ca.example.com' ca_name = node['owner'] # FIX_ME 'ca.example.com' ca_port = node['ports'] # '7051' username = '******' password = PasswordManager.decrypt(ca_node['password']) conn = 'localhost' ca_tls_cert = os.getcwd( ) + os.sep + ConfigRepo.FABIC_CA_TARGET_REPO + os.sep + ca_addr + os.sep + 'tls-cert.pem' url = 'https://' + username + ':' + password + '@' + conn + ':' + ca_port environment = { 'FABRIC_CA_CLIENT_HOME': os.getcwd() + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + consortium_addr } script_manager.add([ 'fabric-ca-client', 'enroll', '-u', url, '--caname', ca_name, '--tls.certfiles', ca_tls_cert ], directory=ConfigRepo.NETWORK_NAME, environment=environment)
def _generate_fabric_ca_scripts_(cls, component_dict): bcc_fabric_ca_list = cls._get_list_of_fabric_ca_(component_dict) net_template_processor = NetworkTemplateProcessor() for elem in bcc_fabric_ca_list: bcc_fabric_ca_addr = read_and_strip(elem['addr']) bcc_fabric_ca_organization = read_and_strip(elem['org']) bcc_fabric_ca_country = read_and_strip(elem['country']) bcc_fabric_ca_state = read_and_strip(elem['state']) bcc_fabric_ca_locality = read_and_strip(elem['locality']) bcc_fabric_ca_port = read_and_strip(elem['port']) bcc_fabric_ca_admin = 'admin' # FIX_ME bcc_fabric_ca_password = PasswordManager.decrypt(elem['password']) # Instantiate only if used if bcc_fabric_ca_port: output = net_template_processor.process( 'fabric-ca-server-config.yaml', BCC_FABRIC_CA_NAME=bcc_fabric_ca_organization, BCC_FABRIC_CA_ADMIN=bcc_fabric_ca_admin, BCC_FABRIC_CA_PASSWORD=bcc_fabric_ca_password, BCC_FABRIC_CA_ADDR=bcc_fabric_ca_addr, BCC_FABRIC_CA_PORT=bcc_fabric_ca_port, BCC_FABRIC_CA_ORGANIZATION=bcc_fabric_ca_organization, BCC_FABRIC_CA_COUNTRY=bcc_fabric_ca_country, BCC_FABRIC_CA_STATE=bcc_fabric_ca_state, BCC_FABRIC_CA_LOCALITY=bcc_fabric_ca_locality) target_dir = ConfigRepo.FABIC_CA_TARGET_REPO + os.sep + bcc_fabric_ca_addr os.makedirs(target_dir, exist_ok=True) with open(target_dir + os.sep + 'fabric-ca-server-config.yaml', 'w') as f: f.write(output)
def _enroll_and_register_elem_(script_manager, org_node, target_type, target_node): ca_addr = org_node['owner'] ca_name = org_node['owner'] ca_port = org_node['ports'] org_addr = org_node['addr'] org_type = org_node['type'] target_addr = target_node['addr'] target_name = target_node['name'] target_passwd = PasswordManager.decrypt(target_node['password']) conn = 'localhost' # FIX_ME target_cert = conn + '-' + ca_port + '-' + ca_addr.replace( '.', '-') + '.pem' target_tls_cert = 'tls-' + target_cert if org_type == 'consortium': environment = { 'FABRIC_CA_CLIENT_HOME': os.getcwd() + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr } else: environment = { 'FABRIC_CA_CLIENT_HOME': os.getcwd() + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr } ca_tls_cert = os.getcwd( ) + os.sep + ConfigRepo.FABIC_CA_TARGET_REPO + os.sep + ca_addr + os.sep + 'tls-cert.pem' # --- Register element --- script_manager.add([ 'fabric-ca-client', 'register', '--caname', ca_name, '--id.name', target_name, '--id.secret', target_passwd, '--id.type', target_type, '--tls.certfiles', ca_tls_cert ], directory=ConfigRepo.NETWORK_NAME, environment=environment) # ---- Generate certificates url = 'https://' + target_name + ':' + target_passwd + '@' + conn + ':' + ca_port if target_type == 'peer': target_dir = os.getcwd( ) + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr + os.sep + 'peers' + os.sep + target_addr elif target_type == 'orderer': target_dir = os.getcwd( ) + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr + os.sep + 'orderers' + os.sep + target_addr elif target_type in ('client', 'admin'): if org_type == 'consortium': target_dir = os.getcwd( ) + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr + os.sep + 'users' + os.sep + target_addr else: target_dir = os.getcwd( ) + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr + os.sep + 'users' + os.sep + target_addr else: raise Exception("Unknown type " + target_type) # --- Generate MSP Certificate and key --- script_manager.add([ 'fabric-ca-client', 'enroll', '-u', url, '--caname', ca_name, '-M', target_dir + os.sep + 'msp', '--tls.certfiles', ca_tls_cert ], directory=ConfigRepo.NETWORK_NAME, environment=environment) # --- Copy and rename certificate if target_type in ('peer', 'orderer'): if target_type == 'orderer': dest_dir = os.getcwd( ) + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr + os.sep + 'ca' else: dest_dir = os.getcwd( ) + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr + os.sep + 'ca' script_manager.add(['mkdir', '-p', dest_dir], directory=ConfigRepo.NETWORK_NAME, environment=environment) script_manager.add([ 'cp', target_dir + os.sep + 'msp' + os.sep + 'cacerts' + os.sep + target_cert, dest_dir + os.sep + 'ca.' + org_addr + '-cert.pem' ], directory=ConfigRepo.NETWORK_NAME, environment=environment) # --- Generate TLS Certificate and key --- if target_type in ('orderer', 'peer'): script_manager.add([ 'fabric-ca-client', 'enroll', '-u', url, '--caname', ca_name, '-M', target_dir + os.sep + 'tls', '--enrollment.profile', 'tls', '--csr.hosts', target_addr, '--csr.hosts', conn, '--tls.certfiles', ca_tls_cert ], directory=ConfigRepo.NETWORK_NAME, environment=environment) # Copy and rename certificates script_manager.add([ 'cp', target_dir + os.sep + 'tls' + os.sep + 'tlscacerts' + os.sep + target_tls_cert, target_dir + os.sep + 'tls' + os.sep + 'ca.crt' ], directory=ConfigRepo.NETWORK_NAME, environment=environment) script_manager.add([ 'cp', target_dir + os.sep + 'tls' + os.sep + 'signcerts' + os.sep + 'cert.pem', target_dir + os.sep + 'tls' + os.sep + 'server.crt' ], directory=ConfigRepo.NETWORK_NAME, environment=environment) #script_manager.add(['echo', '"cp ' + target_dir + os.sep + 'tls' + os.sep + 'keystore' + os.sep + '* ' + # target_dir + os.sep + 'tls' + os.sep + 'server.key"', '|', 'bash'], # directory = ConfigRepo.NETWORK_NAME, # environment = environment) if target_type == 'orderer': dest_dir = os.getcwd( ) + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr + os.sep + 'orderers' + os.sep + target_addr + os.sep + 'msp' + os.sep + 'tlscacerts' script_manager.add(['mkdir', '-p', dest_dir], directory=ConfigRepo.NETWORK_NAME, environment=environment) script_manager.add([ 'cp', target_dir + os.sep + 'tls' + os.sep + 'tlscacerts' + os.sep + target_tls_cert, dest_dir + os.sep + 'tlsca.' + org_addr + '-cert.pem' ], directory=ConfigRepo.NETWORK_NAME, environment=environment) dest_dir = os.getcwd( ) + os.sep + ConfigRepo.ORDERER_TARGET_REPO + os.sep + org_addr + os.sep + 'msp' + os.sep + 'tlscacerts' script_manager.add(['mkdir', '-p', dest_dir], directory=ConfigRepo.NETWORK_NAME, environment=environment) script_manager.add([ 'cp', target_dir + os.sep + 'tls' + os.sep + 'tlscacerts' + os.sep + target_tls_cert, dest_dir + os.sep + 'tlsca.' + org_addr + '-cert.pem' ], directory=ConfigRepo.NETWORK_NAME, environment=environment) else: # peer dest_dir = os.getcwd( ) + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr + os.sep + 'msp' + os.sep + 'tlscacerts' script_manager.add(['mkdir', '-p', dest_dir], directory=ConfigRepo.NETWORK_NAME, environment=environment) script_manager.add([ 'cp', target_dir + os.sep + 'tls' + os.sep + 'tlscacerts' + os.sep + target_tls_cert, dest_dir + os.sep + 'ca.crt' ], directory=ConfigRepo.NETWORK_NAME, environment=environment) dest_dir = os.getcwd( ) + os.sep + ConfigRepo.PEER_TARGET_REPO + os.sep + org_addr + os.sep + 'tlsca' script_manager.add(['mkdir', '-p', dest_dir], directory=ConfigRepo.NETWORK_NAME, environment=environment) script_manager.add([ 'cp', target_dir + os.sep + 'tls' + os.sep + 'tlscacerts' + os.sep + target_tls_cert, dest_dir + os.sep + 'tlsca.' + org_addr + '-cert.pem' ], directory=ConfigRepo.NETWORK_NAME, environment=environment)
def _generate_docker_compose_scripts_(cls, component_dict, working_mode): net_template_processor = NetworkTemplateProcessor() bcc_user_id = str(os.getuid()) + ':' + str(os.getgid()) bcc_fabric_ca_list = cls._get_list_of_fabric_ca_(component_dict) bcc_consortium_node, bcc_orderer_list, bcc_org_list, bcc_peer_dict = cls._get_lists_of_nodes_( component_dict) bcc_consortium_addr = read_and_strip(bcc_consortium_node['addr']) bcc_peer_list = [] for org in bcc_org_list: bcc_peer_list += bcc_peer_dict[org['addr']] output = net_template_processor.process( 'docker-compose-prefix.yaml', BCC_NETWORK_DOMAIN=bcc_consortium_addr, BCC_ORDERER_LIST=bcc_orderer_list, BCC_PEER_LIST=bcc_peer_list) for elem in bcc_fabric_ca_list: bcc_ca_addr = read_and_strip(elem['addr']) bcc_ca_public_cert = bcc_ca_addr + OwnerManager.CERT_SUFFIX bcc_ca_private_key = bcc_ca_addr + OwnerManager.KEY_SUFFIX bcc_ca_admin_name = 'admin' # FIX_ME bcc_ca_admin_password = PasswordManager.decrypt(elem['password']) bcc_ca_port = read_and_strip(elem['port']) # Instantiate only if used if bcc_ca_port: output += net_template_processor.process( 'docker-compose-ca.yaml', BCC_USER_ID=bcc_user_id, BCC_NETWORK_DOMAIN=bcc_consortium_addr, BCC_CA_ADDR=bcc_ca_addr, BCC_CA_PORT=bcc_ca_port, BCC_CA_PUBLIC_CERT=bcc_ca_public_cert, BCC_CA_PRIVATE_KEY=bcc_ca_private_key, BCC_CA_ADMIN_NAME=bcc_ca_admin_name, BCC_CA_ADMIN_PASSWORD=bcc_ca_admin_password) # --- Orderers --- if working_mode == 'CreateNetwork': for node in bcc_orderer_list: bcc_orderer_addr = read_and_strip(node['addr']) bcc_orderer_name = read_and_strip(node['name']) bcc_orderer_port = read_and_strip(node['ports']) output += net_template_processor.process( 'docker-compose-orderer.yaml', BCC_NETWORK_DOMAIN=bcc_consortium_addr, BCC_ORDERER_NAME=bcc_orderer_name, BCC_ORDERER_ADDR=bcc_orderer_addr, BCC_ORDERER_PORT=bcc_orderer_port) for org_node in bcc_org_list: bcc_org_addr = read_and_strip(org_node['addr']) bcc_org_name = read_and_strip(org_node['name']) for node in bcc_peer_dict[bcc_org_addr]: bcc_peer_addr = read_and_strip(node['addr']) bcc_couchdb_addr = 'couchdb.' + bcc_peer_addr ports = read_and_strip(node['ports']).split(';') bcc_peer_port = ports[0].strip() bcc_couchdb_port = ports[1].strip() bcc_org_admin_user_addr = None user_list = UserManager.find_all_users(bcc_org_addr) for user in user_list: user_dict = UserManager.get_user_dict(bcc_org_addr, user) if user_dict['admin']: bcc_org_admin_user_addr = user bcc_cli_addr = 'cli.' + bcc_peer_addr output += net_template_processor.process( 'docker-compose-couchdb.yaml', BCC_NETWORK_DOMAIN=bcc_consortium_addr, BCC_COUCHDB_ADDR=bcc_couchdb_addr, BCC_COUCHDB_PORT=bcc_couchdb_port) output += net_template_processor.process( 'docker-compose-peer.yaml', BCC_NETWORK_DOMAIN=bcc_consortium_addr, BCC_ORG_ADDR=bcc_org_addr, BCC_ORG_NAME=bcc_org_name, BCC_PEER_ADDR=bcc_peer_addr, BCC_PEER_PORT=bcc_peer_port, BCC_COUCHDB_ADDR=bcc_couchdb_addr, BCC_COUCHDB_PORT=bcc_couchdb_port) output += net_template_processor.process( 'docker-compose-cli.yaml', BCC_NETWORK_DOMAIN=bcc_consortium_addr, BCC_ORG_ADDR=bcc_org_addr, BCC_ORG_NAME=bcc_org_name, BCC_PEER_ADDR=bcc_peer_addr, BCC_PEER_PORT=bcc_peer_port, BCC_CLI_ADDR=bcc_cli_addr, BCC_ORG_ADMIN_USER_ADDR=bcc_org_admin_user_addr) os.makedirs(ConfigRepo.NETWORK_NAME + os.sep + ConfigRepo.DOCKER_REPO, exist_ok=True) with open( ConfigRepo.NETWORK_NAME + os.sep + ConfigRepo.DOCKER_REPO + os.sep + 'docker-compose.yaml', 'w') as f: f.write(output)