github.com/IBM-Blockchain/fabric-operator@v1.0.4/sample-network/scripts/test_network.sh (about) 1 #!/bin/bash 2 # 3 # Copyright contributors to the Hyperledger Fabric Operator project 4 # 5 # SPDX-License-Identifier: Apache-2.0 6 # 7 # Licensed under the Apache License, Version 2.0 (the "License"); 8 # you may not use this file except in compliance with the License. 9 # You may obtain a copy of the License at: 10 # 11 # http://www.apache.org/licenses/LICENSE-2.0 12 # 13 # Unless required by applicable law or agreed to in writing, software 14 # distributed under the License is distributed on an "AS IS" BASIS, 15 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 # See the License for the specific language governing permissions and 17 # limitations under the License. 18 # 19 20 function apply_operator() { 21 apply_kustomization config/rbac 22 apply_kustomization config/manager 23 24 sleep 2 25 } 26 27 function launch_operator() { 28 init_namespace 29 apply_operator 30 wait_for_deployment fabric-operator 31 } 32 33 function network_up() { 34 35 launch_operator 36 37 launch_network_CAs 38 39 apply_network_peers 40 apply_network_orderers 41 42 wait_for ibppeer org1-peer1 43 wait_for ibppeer org1-peer2 44 wait_for ibppeer org2-peer1 45 wait_for ibppeer org2-peer2 46 47 wait_for ibporderer org0-orderersnode1 48 wait_for ibporderer org0-orderersnode2 49 wait_for ibporderer org0-orderersnode3 50 } 51 52 function init_namespace() { 53 push_fn "Creating namespace \"$NS\"" 54 55 cat << EOF | kubectl apply -f - 56 apiVersion: v1 57 kind: Namespace 58 metadata: 59 name: test-network 60 EOF 61 62 # https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/ 63 kubectl label --overwrite namespace $NS pod-security.kubernetes.io/enforce=baseline 64 65 pop_fn 66 } 67 68 function delete_namespace() { 69 push_fn "Deleting namespace \"$NS\"" 70 71 kubectl delete namespace $NS --ignore-not-found 72 73 pop_fn 74 } 75 76 function wait_for() { 77 local type=$1 78 local name=$2 79 80 # wait for the operator to reconcile the CRD with a Deployment 81 kubectl -n $NS wait $type $name --for jsonpath='{.status.type}'=Deployed --timeout=60s 82 83 # wait for the deployment to reach Ready 84 kubectl -n $NS rollout status deploy $name 85 } 86 87 function launch_network_CAs() { 88 push_fn "Launching Fabric CAs" 89 90 apply_kustomization config/cas 91 92 # give the operator a chance to run the first reconciliation on the new resource 93 sleep 10 94 95 wait_for ibpca org0-ca 96 wait_for ibpca org1-ca 97 wait_for ibpca org2-ca 98 99 # load CA TLS certificates into the env, for substitution into the peer and orderer CRDs 100 export ORG0_CA_CERT=$(kubectl -n $NS get cm/org0-ca-connection-profile -o json | jq -r .binaryData.\"profile.json\" | base64 -d | jq -r .tls.cert) 101 export ORG1_CA_CERT=$(kubectl -n $NS get cm/org1-ca-connection-profile -o json | jq -r .binaryData.\"profile.json\" | base64 -d | jq -r .tls.cert) 102 export ORG2_CA_CERT=$(kubectl -n $NS get cm/org2-ca-connection-profile -o json | jq -r .binaryData.\"profile.json\" | base64 -d | jq -r .tls.cert) 103 104 enroll_bootstrap_rcaadmin org0 rcaadmin rcaadminpw 105 enroll_bootstrap_rcaadmin org1 rcaadmin rcaadminpw 106 enroll_bootstrap_rcaadmin org2 rcaadmin rcaadminpw 107 108 pop_fn 109 } 110 111 function enroll_bootstrap_rcaadmin() { 112 local org=$1 113 local username=$2 114 local password=$3 115 116 echo "Enrolling $org root CA admin $username" 117 118 ENROLLMENTS_DIR=${TEMP_DIR}/enrollments 119 ORG_ADMIN_DIR=${ENROLLMENTS_DIR}/${org}/users/${username} 120 121 # skip the enrollment if the admin certificate is available. 122 if [ -f "${ORG_ADMIN_DIR}/msp/keystore/key.pem" ]; then 123 echo "Found an existing admin enrollment at ${ORG_ADMIN_DIR}" 124 return 125 fi 126 127 # Retrieve the CA information from Kubernetes 128 CA_NAME=${org}-ca 129 CA_DIR=${TEMP_DIR}/cas/${CA_NAME} 130 CONNECTION_PROFILE=${CA_DIR}/connection-profile.json 131 132 get_connection_profile $CA_NAME $CONNECTION_PROFILE 133 134 # extract the CA enrollment URL and tls cert from the org connection profile 135 CA_AUTH=${username}:${password} 136 CA_ENDPOINT=$(jq -r .endpoints.api $CONNECTION_PROFILE) 137 CA_HOST=$(echo ${CA_ENDPOINT} | cut -d/ -f3 | tr ':' '\n' | head -1) 138 CA_PORT=$(echo ${CA_ENDPOINT} | cut -d/ -f3 | tr ':' '\n' | tail -1) 139 CA_URL=https://${CA_AUTH}@${CA_HOST}:${CA_PORT} 140 141 jq -r .tls.cert $CONNECTION_PROFILE | base64 -d >& $CA_DIR/tls-cert.pem 142 143 # enroll the admin user 144 FABRIC_CA_CLIENT_HOME=${ORG_ADMIN_DIR} fabric-ca-client enroll --url ${CA_URL} --tls.certfiles ${CA_DIR}/tls-cert.pem 145 } 146 147 function apply_network_peers() { 148 push_fn "Launching Fabric Peers" 149 150 apply_kustomization config/peers 151 152 # give the operator a chance to run the first reconciliation on the new resource 153 sleep 1 154 155 pop_fn 156 } 157 158 function apply_network_orderers() { 159 push_fn "Launching Fabric Orderers" 160 161 apply_kustomization config/orderers 162 163 # give the operator a chance to run the first reconciliation on the new resource 164 sleep 1 165 166 pop_fn 167 } 168 169 function stop_services() { 170 push_fn "Stopping Fabric Services" 171 172 undo_kustomization config/console 173 undo_kustomization config/cas 174 undo_kustomization config/peers 175 undo_kustomization config/orderers 176 177 # give the operator a chance to reconcile the deletion and then shut down the operator. 178 sleep 10 179 180 undo_kustomization config/manager 181 182 # scrub any residual bits 183 kubectl -n $NS delete deployment --all 184 kubectl -n $NS delete pod --all 185 kubectl -n $NS delete service --all 186 kubectl -n $NS delete configmap --all 187 kubectl -n $NS delete ingress --all 188 kubectl -n $NS delete secret --all 189 190 pop_fn 191 } 192 193 function network_down() { 194 stop_services 195 delete_namespace 196 197 rm -rf $PWD/temp 198 }