Merge pull request #1 from dzikowski/fix-bft

Fix BFT support

src/setup-docker/templates/fabric-config/configtx-raft-template.yaml.ejs

@@ -27,7 +27,7 @@
           Host: <%= orderer.address %>
           Port: <%= orderer.port %>
           MSPID: <%= orderer.orgMspName %>
-          Identity:  crypto-config/peerOrganizations/<%= orderer.domain %>/peers/<%= orderer.address %>/msp/tlscacerts/tlsca.orderer.example.com-cert.pem
+          Identity: crypto-config/peerOrganizations/<%= orderer.domain %>/peers/<%= orderer.address %>/msp/signcerts/<%= orderer.address %>-cert.pem
           ClientTLSCert: crypto-config/peerOrganizations/<%= orderer.domain %>/peers/<%= orderer.address %>/tls/server.crt
           ServerTLSCert: crypto-config/peerOrganizations/<%= orderer.domain %>/peers/<%= orderer.address %>/tls/server.crt
 <% })} -%>  

src/setup-docker/templates/fabric-docker/commands-generated.sh

@@ -15,10 +15,8 @@ generateArtifacts() {
   <%_ ordererGroups.forEach((ordererGroup) => { _%>
 
   <% if(!global.capabilities.isV3) {%> 
-  printItalics "Generating genesis block for group <%= ordererGroup.name %>" "U1F3E0"
-  genesisBlockCreate "$FABLO_NETWORK_ROOT/fabric-config" "$FABLO_NETWORK_ROOT/fabric-config/config" "<%= ordererGroup.profileName %>"
-  <% } else { %> 
-  echo "System channel not supported for Fabric version 3" 
+    printItalics "Generating genesis block for group <%= ordererGroup.name %>" "U1F3E0"
+    genesisBlockCreate "$FABLO_NETWORK_ROOT/fabric-config" "$FABLO_NETWORK_ROOT/fabric-config/config" "<%= ordererGroup.profileName %>"
   <% } %>
   
   <%_ }) _%>
@@ -44,18 +42,18 @@ generateChannelsArtifacts() {
 }
 
 installChannels() {
-  set -x
   <% if (!channels || !channels.length) { -%>
-   
     echo "No channels"
   <% } else if (global.capabilities.isV3) { -%>
     <% channels.forEach((channel) => { -%>
       <% channel.ordererGroup.orderers.forEach((orderer) => { -%>
         <% const org = orgs.find((org) => org.name === orderer.orgName); -%>
         docker exec -i <%= org.cli.address %> bash -c <% -%>
-          "source scripts/channel_fns.sh; createChannelAndJoinTls '<%= channel.name %>' '<%= orderer.orgMspName %>' 'example.com' 'crypto/users/Admin@test/msp' '<%= orderer.address %>:<%= orderer.adminPort %>';"
+          "source scripts/channel_fns.sh; createChannelAndJoinTls '<%= channel.name %>' '<%= orderer.orgMspName %>' '<%= orderer.address %>:<%= orderer.adminPort %>' 'crypto/users/Admin@<%= orderer.domain %>/tls/client.crt' 'crypto/users/Admin@<%= orderer.domain %>/tls/client.key' 'crypto-orderer/tlsca.<%= orderer.domain %>-cert.pem';"
       <% }) -%>
-      sleep 8
+      <% if (channel.ordererGroup.consensus !== "BFT") { -%>
+        sleep 4  # Wait for Raft cluster to establish consensus
+      <% } -%>
       <% channel.orgs.forEach((org, orgNo) => { -%>
         <% org.peers.forEach((peer, peerNo) => { -%>
           <% if (orgNo == 0 && peerNo == 0) { -%>

src/setup-docker/templates/fabric-docker/docker-compose.yaml

@@ -188,29 +188,39 @@ services:
       - FABRIC_LOGGING_SPEC=${LOGGING_LEVEL}
       - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
       - ORDERER_GENERAL_LISTENPORT=<%= orderer.port %>
-      - ORDERER_GENERAL_GENESISMETHOD=file
-      <%_ if(global.capabilities.isV2) { _%>
-      - ORDERER_GENERAL_BOOTSTRAPFILE=/var/hyperledger/config/<%= ordererGroup.genesisBlockName %>
-      <%_ } else { _%>
-      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/config/<%= ordererGroup.genesisBlockName %>
-      <%_ } _%>
-      - ORDERER_GENERAL_LOCALMSPID=<%= org.mspName %>
+      - ORDERER_GENERAL_LOCALMSPID=<%= orderer.orgMspName %>
       - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
-      - GODEBUG=netdns=go
       <%_ if(global.tls) { _%>
-      # metrics
-      - ORDERER_OPERATIONS_LISTENADDRESS=<%= orderer.address %>:9440
-      - ORDERER_METRICS_PROVIDER=prometheus
-      # enabled TLS
+      # TLS Configuration
       - ORDERER_GENERAL_TLS_ENABLED=true
       - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
       - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
       - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      # Cluster TLS Configuration
       - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
       - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
       - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
-      - ORDERER_ADMIN_LISTENADDRESS=<%= orderer.address %>:7053
       <%_ } _%>
+      <%_ if(global.capabilities.isV2) { _%>
+      # Genesis file configuration (for solo and raft)
+      - ORDERER_GENERAL_GENESISMETHOD=file
+      - ORDERER_GENERAL_BOOTSTRAPFILE=/var/hyperledger/config/<%= ordererGroup.genesisBlockName %>
+      <%_ } _%>
+      <%_ if(global.capabilities.isV3) { _%>
+      # V3 specific settings
+      - ORDERER_GENERAL_BOOTSTRAPMETHOD=none
+      - ORDERER_CHANNELPARTICIPATION_ENABLED=true
+      # Admin endpoint configuration
+      - ORDERER_ADMIN_TLS_ENABLED=true
+      - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:<%= orderer.adminPort %>
+      <%_ } _%>
+      # Metrics configuration
+      - ORDERER_OPERATIONS_LISTENADDRESS=<%= orderer.address %>:9443
+      - ORDERER_METRICS_PROVIDER=prometheus
     working_dir: /var/hyperledger/orderer
     command: orderer
     ports:

src/setup-docker/templates/fabric-docker/scripts/cli/channel_fns-v3.sh

@@ -30,36 +30,34 @@ createChannelAndJoin() {
 
 createChannelAndJoinTls() {
   local CHANNEL_NAME=$1
+  local ORDERER_MSP_NAME=$2
+  local ORDERER_ADMIN_ADDRESS=$3
+  local ADMIN_TLS_SIGN_CERT=$(realpath "$4")
+  local ADMIN_TLS_PRIVATE_KEY=$(realpath "$5")
+  local TLS_CA_CERT_PATH=$(realpath "$6")
 
-  local CORE_PEER_LOCALMSPID=$2
-  local CORE_PEER_ADDRESS=$3
-  # local CORE_PEER_MSPCONFIGPATH=$(realpath "$4")
-  # local CORE_PEER_TLS_MSPCONFIGPATH=$(realpath "$5")
-  # local TLS_CA_CERT_PATH=$(realpath "$6")
-  local ORDERER_URL=$5
-
-  # local CORE_PEER_TLS_CERT_FILE=$CORE_PEER_TLS_MSPCONFIGPATH/client.crt
-  # local CORE_PEER_TLS_KEY_FILE=$CORE_PEER_TLS_MSPCONFIGPATH/client.key
-  # local CORE_PEER_TLS_ROOTCERT_FILE=$CORE_PEER_TLS_MSPCONFIGPATH/ca.crt
-
-  local DIR_NAME=step-createChannelAndJoinTls-$CHANNEL_NAME-$CORE_PEER_LOCALMSPID
+  local DIR_NAME=step-createChannelAndJoinTls-$CHANNEL_NAME-$ORDERER_MSP_NAME
 
   echo "Creating channel with name (TLS): ${CHANNEL_NAME}"
-  echo "   Orderer: $ORDERER_URL"
-  echo "   CORE_PEER_LOCALMSPID: $CORE_PEER_LOCALMSPID"
-  # echo "   CORE_PEER_ADDRESS: $CORE_PEER_ADDRESS"
-  # echo "   CORE_PEER_MSPCONFIGPATH: $CORE_PEER_MSPCONFIGPATH"
-  # echo "   TLS_CA_CERT_PATH is: $TLS_CA_CERT_PATH"
-  # echo "   CORE_PEER_TLS_CERT_FILE: $CORE_PEER_TLS_CERT_FILE"
-  # echo "   CORE_PEER_TLS_KEY_FILE: $CORE_PEER_TLS_KEY_FILE"
-  # echo "   CORE_PEER_TLS_ROOTCERT_FILE: $CORE_PEER_TLS_ROOTCERT_FILE"
+  echo "   ORDERER_MSP_NAME:      $ORDERER_MSP_NAME"
+  echo "   ORDERER_ADMIN_ADDRESS: $ORDERER_ADMIN_ADDRESS"
+  echo "   ADMIN_TLS_SIGN_CERT:   $ADMIN_TLS_SIGN_CERT"
+  echo "   ADMIN_TLS_PRIVATE_KEY: $ADMIN_TLS_PRIVATE_KEY"
+  echo "   TLS_CA_CERT_PATH:      $TLS_CA_CERT_PATH"
+
+  if [ ! -d "$DIR_NAME" ]; then
+    mkdir "$DIR_NAME"
+    cp /var/hyperledger/cli/config/"$CHANNEL_NAME".pb "$DIR_NAME"
+  fi
+
+  osnadmin channel join \
+    --channelID "${CHANNEL_NAME}" \
+    --config-block "$DIR_NAME/$CHANNEL_NAME.pb" \
+    -o "${ORDERER_ADMIN_ADDRESS}" \
+    --client-cert "${ADMIN_TLS_SIGN_CERT}" \
+    --client-key "${ADMIN_TLS_PRIVATE_KEY}" \
+    --ca-file "${TLS_CA_CERT_PATH}"
 
-  mkdir "$DIR_NAME" && cd "$DIR_NAME"
-
-
-  cp /var/hyperledger/cli/config/"$CHANNEL_NAME".pb .
-  osnadmin channel join --channelID "${CHANNEL_NAME}" --config-block ./"$CHANNEL_NAME".pb -o "${ORDERER_URL}" # --ca-file "${TLS_CA_CERT_PATH}" --client-cert "${ADMIN_SIGN_CERT}" --client-key "${ADMIN_PRIVATE_KEY}"
-
   rm -rf "$DIR_NAME"
 }