#!/bin/bash # # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # # # This script does the following: # 1) registers orderer and peer identities with intermediate fabric-ca-servers # 2) Builds the channel artifacts (e.g. genesis block, etc) # function main { log "Beginning building channel artifacts ..." registerIdentities enrollIdentities #makeConfigTxYaml generateChannelArtifacts log "Finished building channel artifacts" touch /$SETUP_SUCCESS_FILE } # Enroll the CA administrator function enrollCAAdmin { waitPort "$CA_NAME to start" 90 $CA_LOGFILE $CA_HOST 7054 log "Enrolling with $CA_NAME as bootstrap identity ..." export FABRIC_CA_CLIENT_HOME=$HOME/cas/$CA_NAME export FABRIC_CA_CLIENT_TLS_CERTFILES=$CA_CHAINFILE fabric-ca-client enroll -d -u https://admin:adminpw@$CA_HOST:7054 } function registerIdentities { log "Registering identities ..." registerOrdererIdentities registerPeerIdentities } function enrollIdentities { log "Registering identities ..." enrollOrdererIdentities enrollPeerIdentities } # Register any identities associated with the orderer function registerOrdererIdentities { initOrdererOrgVars $ORDERER_ORGS enrollCAAdmin initOrdererVars $ORDERER_ORGS log "Registering $ORDERER_NAME with $CA_NAME" fabric-ca-client register -d --id.name $ORDERER_NAME --id.secret $ORDERER_PASS --id.type orderer log "Registering admin identity with $CA_NAME" # The admin identity has the "admin" attribute which is added to ECert by default fabric-ca-client register -d --id.name $ADMIN_NAME --id.secret $ADMIN_PASS --id.attrs "admin=true:ecert" } # Register any identities associated with a peer function registerPeerIdentities { for ORG in $PEER_ORGS; do initPeerOrgVars $ORG enrollCAAdmin local COUNT=1 while [[ "$COUNT" -le $NUM_PEERS ]]; do initPeerVars $ORG $((COUNT-1)) log "Registering $PEER_NAME with $CA_NAME" fabric-ca-client register -d --id.name $PEER_NAME --id.secret $PEER_PASS --id.type peer COUNT=$((COUNT+1)) done log "Registering admin identity with $CA_NAME" # The admin identity has the "admin" attribute which is added to ECert by default fabric-ca-client register -d --id.name $ADMIN_NAME --id.secret $ADMIN_PASS --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" log "Registering user identity with $CA_NAME" fabric-ca-client register -d --id.name $USER_NAME --id.secret $USER_PASS done } function enrollOrdererIdentities { log "Getting CA certificates ..." for ORG in $ORDERER_ORGS; do initOrdererOrgVars $ORG log "Getting CA certs for organization $ORG and storing in $ORG_MSP_DIR" export FABRIC_CA_CLIENT_TLS_CERTFILES=$CA_CHAINFILE fabric-ca-client getcacert -d -u https://$CA_HOST:7054 -M $ORG_MSP_DIR mv $ORG_MSP_DIR/cacerts/* $ORG_MSP_DIR/cacerts/${CA_HOST}-cert.pem finishMSPSetup $ORG_MSP_DIR # If ADMINCERTS is true, we need to enroll the admin now to populate the admincerts directory if [ $ADMINCERTS ]; then switchToAdminIdentity fi done } function enrollPeerIdentities { log "Getting CA certificates ..." for ORG in $PEER_ORGS; do initPeerOrgVars $ORG log "Getting CA certs for organization $ORG and storing in $ORG_MSP_DIR" export FABRIC_CA_CLIENT_TLS_CERTFILES=$CA_CHAINFILE fabric-ca-client getcacert -d -u https://$CA_HOST:7054 -M $ORG_MSP_DIR mv $ORG_MSP_DIR/cacerts/* $ORG_MSP_DIR/cacerts/${CA_HOST}-cert.pem finishMSPSetup $ORG_MSP_DIR # If ADMINCERTS is true, we need to enroll the admin now to populate the admincerts directory if [ $ADMINCERTS ]; then switchToAdminIdentity switchToUserIdentity fi done } # printOrg function printOrg { echo " - &$ORG_CONTAINER_NAME Name: $ORG # ID to load the MSP definition as ID: $ORG_MSP_ID # MSPDir is the filesystem path which contains the MSP configuration MSPDir: $ORG_MSP_DIR" } # printOrdererOrg function printOrdererOrg { initOrdererOrgVars $1 printOrg } # printPeerOrg function printPeerOrg { initPeerVars $1 $2 printOrg echo " AnchorPeers: # AnchorPeers defines the location of peers which can be used # for cross org gossip communication. Note, this value is only # encoded in the genesis block in the Application section context - Host: $PEER_HOST Port: 7051" } function makeConfigTxYaml { { echo " ################################################################################ # # Section: Organizations # # - This section defines the different organizational identities which will # be referenced later in the configuration. # ################################################################################ Organizations:" for ORG in $ORDERER_ORGS; do printOrdererOrg $ORG done for ORG in $PEER_ORGS; do printPeerOrg $ORG 1 done echo " ################################################################################ # # SECTION: Application # # This section defines the values to encode into a config transaction or # genesis block for application related parameters # ################################################################################ Application: &ApplicationDefaults # Organizations is the list of orgs which are defined as participants on # the application side of the network Organizations: " echo " ################################################################################ # # Profile # # - Different configuration profiles may be encoded here to be specified # as parameters to the configtxgen tool # ################################################################################ Profiles: OrgsOrdererGenesis: Orderer: # Orderer Type: The orderer implementation to start # Available types are \"solo\" and \"kafka\" OrdererType: solo Addresses:" for ORG in $ORDERER_ORGS; do local COUNT=1 while [[ "$COUNT" -le $NUM_ORDERERS ]]; do initOrdererVars $ORG echo " - $ORDERER_HOST:7050" COUNT=$((COUNT+1)) done done echo " # Batch Timeout: The amount of time to wait before creating a batch BatchTimeout: 2s # Batch Size: Controls the number of messages batched into a block BatchSize: # Max Message Count: The maximum number of messages to permit in a batch MaxMessageCount: 10 # Absolute Max Bytes: The absolute maximum number of bytes allowed for # the serialized messages in a batch. AbsoluteMaxBytes: 99 MB # Preferred Max Bytes: The preferred maximum number of bytes allowed for # the serialized messages in a batch. A message larger than the preferred # max bytes will result in a batch larger than preferred max bytes. PreferredMaxBytes: 512 KB Kafka: # Brokers: A list of Kafka brokers to which the orderer connects # NOTE: Use IP:port notation Brokers: - 127.0.0.1:9092 # Organizations is the list of orgs which are defined as participants on # the orderer side of the network Organizations:" for ORG in $ORDERER_ORGS; do initOrdererOrgVars $ORG echo " - *${ORG_CONTAINER_NAME}" done echo " Consortiums: SampleConsortium: Organizations:" for ORG in $PEER_ORGS; do initPeerOrgVars $ORG echo " - *${ORG_CONTAINER_NAME}" done echo " OrgsChannel: Consortium: SampleConsortium Application: <<: *ApplicationDefaults Organizations:" for ORG in $PEER_ORGS; do initPeerOrgVars $ORG echo " - *${ORG_CONTAINER_NAME}" done } > /etc/hyperledger/fabric/configtx.yaml # Copy it to the data directory to make debugging easier cp /etc/hyperledger/fabric/configtx.yaml /$DATA } function generateChannelArtifacts() { which configtxgen if [ "$?" -ne 0 ]; then fatal "configtxgen tool not found. exiting" fi log "Generating orderer genesis block at $GENESIS_BLOCK_FILE" # Note: For some unknown reason (at least for now) the block file can't be # named orderer.genesis.block or the orderer will fail to launch! configtxgen -configPath /data -profile TwoOrgsOrdererGenesis -outputBlock $GENESIS_BLOCK_FILE if [ "$?" -ne 0 ]; then fatal "Failed to generate orderer genesis block" fi } set -e SDIR=$(dirname "$0") source $SDIR/env.sh main