Start ca test

pull/126/head
Baohua Yang 2018-10-10 17:18:00 +08:00
parent 43acba7867
commit 8c92d1c0f1
5 changed files with 286 additions and 0 deletions

View File

@ -0,0 +1,57 @@
version: '2'
services:
ca.org1.example.com:
image: yeasy/hyperledger-fabric-ca
container_name: ca.org1.example.com
hostname: ca.org1.example.com
#environment:
#- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server/org1.example.com/ca
#- FABRIC_CA_SERVER_CSR_CN=ca.org1.example.com
# CA cannot support following fields as env variables now
# - FABRIC_CA_SERVER_CSR_NAMES_L="San Francisco"
# - FABRIC_CA_SERVER_CSR_NAMES_O=org1.example.com
volumes:
- $PWD/scripts:/scripts
- $PWD/crypto-config/peerOrganizations/org1.example.com/:/etc/hyperledger/fabric-ca-server
working_dir: /scripts
command: sh -c "sleep 1; bash ca_server_start.sh org1.example.com ca"
#command: fabric-ca-server start -b admin:adminpw
#--csr.names C=US,ST="California",L="San Francisco",O="org1.example.com"
depends_on:
- tlsca.org1.example.com
tlsca.org1.example.com:
image: yeasy/hyperledger-fabric-ca
container_name: tlsca.org1.example.com
hostname: tlsca.org1.example.com
#environment:
#- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server/org1.example.com/tlsca
#- FABRIC_CA_SERVER_CSR_CN=tlsca.org1.example.com
# CA cannot support following fields as env variables now
# - FABRIC_CA_SERVER_CSR_NAMES_L="San Francisco"
# - FABRIC_CA_SERVER_CSR_NAMES_O=org1.example.com
volumes:
- $PWD/scripts:/scripts
- $PWD/crypto-config/peerOrganizations/org1.example.com/:/etc/hyperledger/fabric-ca-server
working_dir: /scripts
command: sh -c "bash ca_server_start.sh org1.example.com tlsca"
#command: fabric-ca-server start -b admin:adminpw
#--csr.names C=US,ST="California",L="San Francisco",O="org1.example.com"
ca-client:
image: yeasy/hyperledger-fabric-ca
container_name: ca-client
hostname: ca-client
#environment:
# - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-client
volumes:
- $PWD/scripts:/scripts
- $PWD/crypto-config:/etc/hyperledger/fabric-ca-client
working_dir: /scripts
depends_on:
- ca.org1.example.com
- tlsca.org1.example.com
#command: sh -c "while true; do sleep 1; done"
command: sh -c "sleep 2; bash client-test.sh"

View File

@ -0,0 +1,12 @@
#!/usr/bin/env bash
echo $PWD
docker-compose rm -f
rm -rf crypto-config/*
echo "starting ca server"
docker-compose up
docker-compose down

View File

@ -0,0 +1,54 @@
#!/usr/bin/env bash
source env.sh
#TODO: check param number is 2
ORG_NAME=$1 # org1.example.com
TYPE=$2 # ca | tlsca
ORG_PATH=/etc/hyperledger/fabric-ca-server
CA_PATH=${ORG_PATH}/${TYPE} # e.g., /etc/hyperledger/fabric-ca-server/ca
echo $(hostname)
[ -d ${CA_PATH} ] || mkdir -p ${CA_PATH}
cd ${CA_PATH}
echo $PWD # /etc/hyperledger/fabric-ca-server/ca
echo "Generate the credentials for ${TYPE}.${ORG_NAME}"
#fabric-ca-server init --csr.cn=${ORG_NAME} -b admin:pass
#mv ca-cert.pem ${ORG_NAME}-cert.pem
#mv msp/keystore/*_sk ${ORG_NAME}_sk
# generate fabric-ca-server-config.yaml
fabric-ca-server init \
-H ${CA_PATH} \
-b ${DEFAULT_USER}:${DEFAULT_PASS}
rm -rf msp/* ca-cert.pem
# Update config
echo "Update fabric-ca-server-config.yaml"
yq w -i fabric-ca-server-config.yaml ca.name "${TYPE}.${ORG_NAME}"
yq w -i fabric-ca-server-config.yaml ca.certfile "${TYPE}.${ORG_NAME}-cert.pem"
yq w -i fabric-ca-server-config.yaml ca.keyfile "${TYPE}.${ORG_NAME}_sk"
yq w -i fabric-ca-server-config.yaml csr.cn "${TYPE}.${ORG_NAME}"
yq w -i fabric-ca-server-config.yaml csr.names[0].O "${ORG_NAME}"
yq w -i fabric-ca-server-config.yaml csr.names[0].OU "${TYPE}"
yq w -i fabric-ca-server-config.yaml tls.enabled false
#yq w -i fabric-ca-server-config.yaml tls.certfile "${ORG_PATH}/tlsca/tlsca.${ORG_NAME}-cert.pem"
#yq w -i fabric-ca-server-config.yaml tls.keyfile "${ORG_PATH}/tlsca/tlsca.${ORG_NAME}_sk"
# Generate new certs based on updated config
echo "Generate certificates based on config"
fabric-ca-server init -H ${CA_PATH}
cp msp/keystore/*_sk ${TYPE}.${ORG_NAME}_sk
echo "Start ${TYPE}.${ORG_NAME}..."
fabric-ca-server start -H ${CA_PATH}

View File

@ -0,0 +1,158 @@
#!/usr/bin/env bash
source env.sh
CONFIG_PATH=/etc/hyperledger/fabric-ca-client
RegisterUser() {
local URL=$1
local USER_ID=$2
local ORG=$3
local NAME=$4
local PASSWORD=$5
local TYPE=$6
local ATTRS=${7}
local REQUESTER_HOME=${DEFAULT_USER}@${URL}
# Enroll default user
if [ ! -d "${REQUESTER_HOME}" ]; then
EnrollUser ${URL} ${REQUESTER_HOME} ${ORG} ${DEFAULT_USER} ${DEFAULT_PASS}
fi
fabric-ca-client register \
--csr.cn ${USER_ID} \
--home ${REQUESTER_HOME} \
--id.name ${NAME} \
--id.secret ${PASSWORD} \
--id.type ${TYPE} \
--id.attrs "${ATTRS}" \
--id.maxenrollments 1 \
--url http://${DEFAULT_USER}:${DEFAULT_PASS}@${URL}:7054
sleep 0.1
}
EnrollUser() {
local URL=$1
local USER_ID=$2
local ORG=$3
local USER=$4
local PASS=$5
local MSP_PATH=msp
[ -d ${MSP_PATH} ] || mkdir -p ${MSP_PATH}
fabric-ca-client enroll \
--csr.cn ${USER_ID} \
--csr.names C=US,ST="California",L="San Francisco",O=${ORG} \
--home ${USER_ID} \
--mspdir ${MSP_PATH} \
--url http://${USER}:${PASS}@${URL}:7054
}
EnrollCA() {
local URL=$1
local USER_ID=$2
local ORG=$3
local USER=$4
local PASS=$5
local MSP_PATH=msp
[ -d ${MSP_PATH} ] || mkdir -p ${MSP_PATH}
fabric-ca-client enroll \
--csr.cn ${USER_ID} \
--csr.names C=US,ST="California",L="San Francisco",O=${ORG} \
--home ${USER_ID} \
--mspdir ${MSP_PATH} \
--url http://${USER}:${PASS}@${URL}
}
EnrollTLSCA() {
local URL=$1
local USER_ID=$2
local ORG=$3
local USER=$4
local PASS=$5
local MSP_PATH=tls
[ -d ${MSP_PATH} ] || mkdir -p ${MSP_PATH}
fabric-ca-client enroll \
--enrollment.profile tls \
--csr.cn ${USER_ID} \
--csr.hosts ${USER_ID}
--csr.names C=US,ST="California",L="San Francisco",O=${ORG} \
--home ${USER_ID} \
--mspdir ${MSP_PATH} \
--url http://${USER}:${PASS}@${URL}:7054
mv $MSP_PATH/cacerts/*.pem $MSP_PATH/cacerts/${URL}-cert.pem
mv $MSP_PATH/signcerts/*.pem $MSP_PATH/signcerts/${USER_ID}-cert.pem
if [ ${MSP_PATH} == "tls" ]; then
cp $MSP_PATH/signcerts/*.pem $MSP_PATH
cp $MSP_PATH/keystore/*_sk $MSP_PATH
fi
}
# cp -rp ${CONFIG_PATH}/msp/signcerts ${CONFIG_PATH}/msp/admincerts
echo "=== Register User ==="
#set -x
#RegisterUser User1@${ORG} user org Admin@org1.example.com
# Generate cert under org
GetCert() {
local org=$1
local cn=$1
echo "=== Enroll Admin ==="
}
ORGS=( org1.example.com org2.example.com )
PEERS=( peer0 peer1 )
USERS=( Admin User1 )
# Generates peer orgs
for org in "${ORGS[@]}"
do
cd ${CONFIG_PATH}/peerOrganizations/${org}/
mkdir peers users
cd users
# Register all users at ca and tlsca
for user in "${USERS[@]}"
do
if [ "${user}" == "Admin" ]; then
RegisterUser ca.${org} ${user}@${org} ${org} ${user} ${user} "user" "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"
RegisterUser tlsca.${org} ${user}@${org} ${org} ${user} ${user} "user" "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert"
else
RegisterUser ca.${org} ${user}@${org} ${org} ${user} ${user} "user" "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=false:ecert,abac.init=true:ecert"
RegisterUser tlsca.${org} ${user}@${org} ${org} ${user} ${user} "user" "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=false:ecert,abac.init=true:ecert"
fi
done
exit 0
# Enroll all users
cp ../tlsca/*.pem Admin@${org}/tls/ca.crt
EnrollCA ca.${org} Admin@${org} ${org} adminpw
EnrollTLSCA tlsca.${org} Admin@${org} ${org} admin adminpw
# Register all peers
cd peers
for peer in "${PEERS[@]}"
do
mkdir -p ${peer}.${org}/msp
mkdir -p ${peer}.${org}/tls
cp tlsca/*.pem ${peer}.${org}/tls/ca.crt
GetCerts ${org} ${peer}
done
cd ../users
done

View File

@ -0,0 +1,5 @@
#!/usr/bin/env bash
DEFAULT_USER="admin-default"
DEFAULT_PASS="pass-default"