Start ca test
parent
43acba7867
commit
8c92d1c0f1
|
@ -0,0 +1,57 @@
|
|||
version: '2'
|
||||
|
||||
services:
|
||||
|
||||
ca.org1.example.com:
|
||||
image: yeasy/hyperledger-fabric-ca
|
||||
container_name: ca.org1.example.com
|
||||
hostname: ca.org1.example.com
|
||||
#environment:
|
||||
#- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server/org1.example.com/ca
|
||||
#- FABRIC_CA_SERVER_CSR_CN=ca.org1.example.com
|
||||
# CA cannot support following fields as env variables now
|
||||
# - FABRIC_CA_SERVER_CSR_NAMES_L="San Francisco"
|
||||
# - FABRIC_CA_SERVER_CSR_NAMES_O=org1.example.com
|
||||
volumes:
|
||||
- $PWD/scripts:/scripts
|
||||
- $PWD/crypto-config/peerOrganizations/org1.example.com/:/etc/hyperledger/fabric-ca-server
|
||||
working_dir: /scripts
|
||||
command: sh -c "sleep 1; bash ca_server_start.sh org1.example.com ca"
|
||||
#command: fabric-ca-server start -b admin:adminpw
|
||||
#--csr.names C=US,ST="California",L="San Francisco",O="org1.example.com"
|
||||
depends_on:
|
||||
- tlsca.org1.example.com
|
||||
|
||||
tlsca.org1.example.com:
|
||||
image: yeasy/hyperledger-fabric-ca
|
||||
container_name: tlsca.org1.example.com
|
||||
hostname: tlsca.org1.example.com
|
||||
#environment:
|
||||
#- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server/org1.example.com/tlsca
|
||||
#- FABRIC_CA_SERVER_CSR_CN=tlsca.org1.example.com
|
||||
# CA cannot support following fields as env variables now
|
||||
# - FABRIC_CA_SERVER_CSR_NAMES_L="San Francisco"
|
||||
# - FABRIC_CA_SERVER_CSR_NAMES_O=org1.example.com
|
||||
volumes:
|
||||
- $PWD/scripts:/scripts
|
||||
- $PWD/crypto-config/peerOrganizations/org1.example.com/:/etc/hyperledger/fabric-ca-server
|
||||
working_dir: /scripts
|
||||
command: sh -c "bash ca_server_start.sh org1.example.com tlsca"
|
||||
#command: fabric-ca-server start -b admin:adminpw
|
||||
#--csr.names C=US,ST="California",L="San Francisco",O="org1.example.com"
|
||||
|
||||
ca-client:
|
||||
image: yeasy/hyperledger-fabric-ca
|
||||
container_name: ca-client
|
||||
hostname: ca-client
|
||||
#environment:
|
||||
# - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-client
|
||||
volumes:
|
||||
- $PWD/scripts:/scripts
|
||||
- $PWD/crypto-config:/etc/hyperledger/fabric-ca-client
|
||||
working_dir: /scripts
|
||||
depends_on:
|
||||
- ca.org1.example.com
|
||||
- tlsca.org1.example.com
|
||||
#command: sh -c "while true; do sleep 1; done"
|
||||
command: sh -c "sleep 2; bash client-test.sh"
|
|
@ -0,0 +1,12 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
echo $PWD
|
||||
|
||||
docker-compose rm -f
|
||||
|
||||
rm -rf crypto-config/*
|
||||
|
||||
echo "starting ca server"
|
||||
docker-compose up
|
||||
|
||||
docker-compose down
|
|
@ -0,0 +1,54 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
source env.sh
|
||||
|
||||
#TODO: check param number is 2
|
||||
|
||||
ORG_NAME=$1 # org1.example.com
|
||||
TYPE=$2 # ca | tlsca
|
||||
|
||||
ORG_PATH=/etc/hyperledger/fabric-ca-server
|
||||
CA_PATH=${ORG_PATH}/${TYPE} # e.g., /etc/hyperledger/fabric-ca-server/ca
|
||||
|
||||
echo $(hostname)
|
||||
|
||||
[ -d ${CA_PATH} ] || mkdir -p ${CA_PATH}
|
||||
|
||||
cd ${CA_PATH}
|
||||
|
||||
echo $PWD # /etc/hyperledger/fabric-ca-server/ca
|
||||
|
||||
echo "Generate the credentials for ${TYPE}.${ORG_NAME}"
|
||||
#fabric-ca-server init --csr.cn=${ORG_NAME} -b admin:pass
|
||||
#mv ca-cert.pem ${ORG_NAME}-cert.pem
|
||||
#mv msp/keystore/*_sk ${ORG_NAME}_sk
|
||||
|
||||
# generate fabric-ca-server-config.yaml
|
||||
fabric-ca-server init \
|
||||
-H ${CA_PATH} \
|
||||
-b ${DEFAULT_USER}:${DEFAULT_PASS}
|
||||
|
||||
rm -rf msp/* ca-cert.pem
|
||||
|
||||
# Update config
|
||||
echo "Update fabric-ca-server-config.yaml"
|
||||
yq w -i fabric-ca-server-config.yaml ca.name "${TYPE}.${ORG_NAME}"
|
||||
yq w -i fabric-ca-server-config.yaml ca.certfile "${TYPE}.${ORG_NAME}-cert.pem"
|
||||
yq w -i fabric-ca-server-config.yaml ca.keyfile "${TYPE}.${ORG_NAME}_sk"
|
||||
|
||||
yq w -i fabric-ca-server-config.yaml csr.cn "${TYPE}.${ORG_NAME}"
|
||||
yq w -i fabric-ca-server-config.yaml csr.names[0].O "${ORG_NAME}"
|
||||
yq w -i fabric-ca-server-config.yaml csr.names[0].OU "${TYPE}"
|
||||
|
||||
yq w -i fabric-ca-server-config.yaml tls.enabled false
|
||||
#yq w -i fabric-ca-server-config.yaml tls.certfile "${ORG_PATH}/tlsca/tlsca.${ORG_NAME}-cert.pem"
|
||||
#yq w -i fabric-ca-server-config.yaml tls.keyfile "${ORG_PATH}/tlsca/tlsca.${ORG_NAME}_sk"
|
||||
|
||||
# Generate new certs based on updated config
|
||||
echo "Generate certificates based on config"
|
||||
fabric-ca-server init -H ${CA_PATH}
|
||||
|
||||
cp msp/keystore/*_sk ${TYPE}.${ORG_NAME}_sk
|
||||
|
||||
echo "Start ${TYPE}.${ORG_NAME}..."
|
||||
fabric-ca-server start -H ${CA_PATH}
|
|
@ -0,0 +1,158 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
source env.sh
|
||||
|
||||
CONFIG_PATH=/etc/hyperledger/fabric-ca-client
|
||||
|
||||
RegisterUser() {
|
||||
local URL=$1
|
||||
local USER_ID=$2
|
||||
local ORG=$3
|
||||
local NAME=$4
|
||||
local PASSWORD=$5
|
||||
local TYPE=$6
|
||||
local ATTRS=${7}
|
||||
|
||||
local REQUESTER_HOME=${DEFAULT_USER}@${URL}
|
||||
|
||||
# Enroll default user
|
||||
if [ ! -d "${REQUESTER_HOME}" ]; then
|
||||
EnrollUser ${URL} ${REQUESTER_HOME} ${ORG} ${DEFAULT_USER} ${DEFAULT_PASS}
|
||||
fi
|
||||
|
||||
fabric-ca-client register \
|
||||
--csr.cn ${USER_ID} \
|
||||
--home ${REQUESTER_HOME} \
|
||||
--id.name ${NAME} \
|
||||
--id.secret ${PASSWORD} \
|
||||
--id.type ${TYPE} \
|
||||
--id.attrs "${ATTRS}" \
|
||||
--id.maxenrollments 1 \
|
||||
--url http://${DEFAULT_USER}:${DEFAULT_PASS}@${URL}:7054
|
||||
|
||||
sleep 0.1
|
||||
}
|
||||
|
||||
EnrollUser() {
|
||||
local URL=$1
|
||||
local USER_ID=$2
|
||||
local ORG=$3
|
||||
local USER=$4
|
||||
local PASS=$5
|
||||
local MSP_PATH=msp
|
||||
|
||||
[ -d ${MSP_PATH} ] || mkdir -p ${MSP_PATH}
|
||||
|
||||
fabric-ca-client enroll \
|
||||
--csr.cn ${USER_ID} \
|
||||
--csr.names C=US,ST="California",L="San Francisco",O=${ORG} \
|
||||
--home ${USER_ID} \
|
||||
--mspdir ${MSP_PATH} \
|
||||
--url http://${USER}:${PASS}@${URL}:7054
|
||||
}
|
||||
|
||||
EnrollCA() {
|
||||
local URL=$1
|
||||
local USER_ID=$2
|
||||
local ORG=$3
|
||||
local USER=$4
|
||||
local PASS=$5
|
||||
local MSP_PATH=msp
|
||||
|
||||
[ -d ${MSP_PATH} ] || mkdir -p ${MSP_PATH}
|
||||
|
||||
fabric-ca-client enroll \
|
||||
--csr.cn ${USER_ID} \
|
||||
--csr.names C=US,ST="California",L="San Francisco",O=${ORG} \
|
||||
--home ${USER_ID} \
|
||||
--mspdir ${MSP_PATH} \
|
||||
--url http://${USER}:${PASS}@${URL}
|
||||
}
|
||||
|
||||
EnrollTLSCA() {
|
||||
local URL=$1
|
||||
local USER_ID=$2
|
||||
local ORG=$3
|
||||
local USER=$4
|
||||
local PASS=$5
|
||||
local MSP_PATH=tls
|
||||
|
||||
[ -d ${MSP_PATH} ] || mkdir -p ${MSP_PATH}
|
||||
|
||||
fabric-ca-client enroll \
|
||||
--enrollment.profile tls \
|
||||
--csr.cn ${USER_ID} \
|
||||
--csr.hosts ${USER_ID}
|
||||
--csr.names C=US,ST="California",L="San Francisco",O=${ORG} \
|
||||
--home ${USER_ID} \
|
||||
--mspdir ${MSP_PATH} \
|
||||
--url http://${USER}:${PASS}@${URL}:7054
|
||||
|
||||
mv $MSP_PATH/cacerts/*.pem $MSP_PATH/cacerts/${URL}-cert.pem
|
||||
mv $MSP_PATH/signcerts/*.pem $MSP_PATH/signcerts/${USER_ID}-cert.pem
|
||||
|
||||
if [ ${MSP_PATH} == "tls" ]; then
|
||||
cp $MSP_PATH/signcerts/*.pem $MSP_PATH
|
||||
cp $MSP_PATH/keystore/*_sk $MSP_PATH
|
||||
fi
|
||||
}
|
||||
|
||||
# cp -rp ${CONFIG_PATH}/msp/signcerts ${CONFIG_PATH}/msp/admincerts
|
||||
|
||||
echo "=== Register User ==="
|
||||
#set -x
|
||||
#RegisterUser User1@${ORG} user org Admin@org1.example.com
|
||||
|
||||
# Generate cert under org
|
||||
GetCert() {
|
||||
local org=$1
|
||||
local cn=$1
|
||||
echo "=== Enroll Admin ==="
|
||||
}
|
||||
|
||||
|
||||
ORGS=( org1.example.com org2.example.com )
|
||||
PEERS=( peer0 peer1 )
|
||||
USERS=( Admin User1 )
|
||||
|
||||
# Generates peer orgs
|
||||
for org in "${ORGS[@]}"
|
||||
do
|
||||
cd ${CONFIG_PATH}/peerOrganizations/${org}/
|
||||
|
||||
mkdir peers users
|
||||
|
||||
cd users
|
||||
# Register all users at ca and tlsca
|
||||
for user in "${USERS[@]}"
|
||||
do
|
||||
if [ "${user}" == "Admin" ]; then
|
||||
RegisterUser ca.${org} ${user}@${org} ${org} ${user} ${user} "user" "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"
|
||||
RegisterUser tlsca.${org} ${user}@${org} ${org} ${user} ${user} "user" "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"
|
||||
else
|
||||
RegisterUser ca.${org} ${user}@${org} ${org} ${user} ${user} "user" "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=false:ecert,abac.init=true:ecert"
|
||||
RegisterUser tlsca.${org} ${user}@${org} ${org} ${user} ${user} "user" "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=false:ecert,abac.init=true:ecert"
|
||||
fi
|
||||
done
|
||||
|
||||
exit 0
|
||||
|
||||
|
||||
# Enroll all users
|
||||
cp ../tlsca/*.pem Admin@${org}/tls/ca.crt
|
||||
|
||||
EnrollCA ca.${org} Admin@${org} ${org} adminpw
|
||||
EnrollTLSCA tlsca.${org} Admin@${org} ${org} admin adminpw
|
||||
|
||||
|
||||
# Register all peers
|
||||
cd peers
|
||||
for peer in "${PEERS[@]}"
|
||||
do
|
||||
mkdir -p ${peer}.${org}/msp
|
||||
mkdir -p ${peer}.${org}/tls
|
||||
cp tlsca/*.pem ${peer}.${org}/tls/ca.crt
|
||||
GetCerts ${org} ${peer}
|
||||
done
|
||||
cd ../users
|
||||
done
|
|
@ -0,0 +1,5 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
|
||||
DEFAULT_USER="admin-default"
|
||||
DEFAULT_PASS="pass-default"
|
Loading…
Reference in New Issue