Update to latest microfab CLI, enable TLS

Signed-off-by: CaptainIRS <[email protected]>

packages/caliper-tests-integration/fabric_tests/.gitignore

@@ -5,3 +5,4 @@ bin
 config
 report.html
 fabric-samples
+microfab

packages/caliper-tests-integration/fabric_tests/phase2/ccp-org1.yaml

@@ -32,19 +32,25 @@ orderers:
         url: grpc://orderer-api.127-0-0-1.nip.io:8080
         grpcOptions:
             ssl-target-name-override: orderer-api.127-0-0-1.nip.io:8080
+        tlsCACerts:
+            path: '../_cfg/uf/_msp/tls/orderer/tlsca-orderer-cert.pem'
 
 peers:
     org1peer-api.127-0-0-1.nip.io:8080:
         url: grpc://org1peer-api.127-0-0-1.nip.io:8080
         grpcOptions:
             ssl-target-name-override: org1peer-api.127-0-0-1.nip.io
             grpc.keepalive_time_ms: 600000
+        tlsCACerts:
+           path: '../_cfg/uf/_msp/tls/org1peer/tlsca-org1peer-cert.pem'
 
     org2peer-api.127-0-0-1.nip.io:8080:
         url: grpc://org2peer-api.127-0-0-1.nip.io:8080
         grpcOptions:
             ssl-target-name-override: org2peer-api.127-0-0-1.nip.io
             grpc.keepalive_time_ms: 600000
+        tlsCACerts:
+            path: '../_cfg/uf/_msp/tls/org2peer/tlsca-org2peer-cert.pem'
 
 channels:
     mychannel:

packages/caliper-tests-integration/fabric_tests/phase2/ccp-org2.yaml

@@ -32,19 +32,25 @@ orderers:
         url: grpc://orderer-api.127-0-0-1.nip.io:8080
         grpcOptions:
             ssl-target-name-override: orderer-api.127-0-0-1.nip.io:8080
+        tlsCACerts:
+            path: '../_cfg/uf/_msp/tls/orderer/tlsca-orderer-cert.pem'
 
 peers:
     org1peer-api.127-0-0-1.nip.io:8080:
         url: grpc://org1peer-api.127-0-0-1.nip.io:8080
         grpcOptions:
             ssl-target-name-override: org1peer-api.127-0-0-1.nip.io
             grpc.keepalive_time_ms: 600000
+        tlsCACerts:
+           path: '../_cfg/uf/_msp/tls/org1peer/tlsca-org1peer-cert.pem'
 
     org2peer-api.127-0-0-1.nip.io:8080:
         url: grpc://org2peer-api.127-0-0-1.nip.io:8080
         grpcOptions:
             ssl-target-name-override: org2peer-api.127-0-0-1.nip.io
             grpc.keepalive_time_ms: 600000
+        tlsCACerts:
+            path: '../_cfg/uf/_msp/tls/org2peer/tlsca-org2peer-cert.pem'
 
 channels:
     mychannel:

packages/caliper-tests-integration/fabric_tests/phase2/networkconfig.yaml

@@ -36,7 +36,7 @@ organizations:
         clientPrivateKey:
           path: '../_cfg/uf/_msp/Org1/org1admin/msp/keystore/cert_sk'
         clientSignedCert:
-          path: '../_cfg/uf/_msp/Org1/org1admin/msp/signcerts/org1admin.pem'
+          path: '../_cfg/uf/_msp/Org1/org1admin/msp/signcerts/cert.pem'
     connectionProfile:
       path: './ccp-org1.yaml'
       discover: false
@@ -48,7 +48,7 @@ organizations:
         clientPrivateKey:
             path: '../_cfg/uf/_msp/Org2/org2admin/msp/keystore/cert_sk'
         clientSignedCert:
-            path: '../_cfg/uf/_msp/Org2/org2admin/msp/signcerts/org2admin.pem'
+            path: '../_cfg/uf/_msp/Org2/org2admin/msp/signcerts/cert.pem'
     connectionProfile:
       path: './ccp-org2.yaml'
       discover: false

packages/caliper-tests-integration/fabric_tests/phase3/networkconfig.yaml

@@ -36,7 +36,7 @@ organizations:
         clientPrivateKey:
           path: '../_cfg/uf/_msp/Org1/org1admin/msp/keystore/cert_sk'
         clientSignedCert:
-          path: '../_cfg/uf/_msp/Org1/org1admin/msp/signcerts/org1admin.pem'
+          path: '../_cfg/uf/_msp/Org1/org1admin/msp/signcerts/cert.pem'
     connectionProfile:
       path: '../_cfg/uf/_gateways/org1gateway.json'
       discover: true
@@ -48,7 +48,7 @@ organizations:
         clientPrivateKey:
             path: '../_cfg/uf/_msp/Org2/org2admin/msp/keystore/cert_sk'
         clientSignedCert:
-            path: '../_cfg/uf/_msp/Org2/org2admin/msp/signcerts/org2admin.pem'
+            path: '../_cfg/uf/_msp/Org2/org2admin/msp/signcerts/cert.pem'
     connectionProfile:
       path: '../_cfg/uf/_gateways/org2gateway.json'
       discover: true

packages/caliper-tests-integration/fabric_tests/phase4/networkconfig.yaml

@@ -36,7 +36,7 @@ organizations:
         clientPrivateKey:
           path: '../_cfg/uf/_msp/Org1/org1admin/msp/keystore/cert_sk'
         clientSignedCert:
-          path: '../_cfg/uf/_msp/Org1/org1admin/msp/signcerts/org1admin.pem'
+          path: '../_cfg/uf/_msp/Org1/org1admin/msp/signcerts/cert.pem'
     connectionProfile:
       path: '../_cfg/uf/_gateways/org1gateway.json'
       discover: true
@@ -48,7 +48,7 @@ organizations:
         clientPrivateKey:
             path: '../_cfg/uf/_msp/Org2/org2admin/msp/keystore/cert_sk'
         clientSignedCert:
-            path: '../_cfg/uf/_msp/Org2/org2admin/msp/signcerts/org2admin.pem'
+            path: '../_cfg/uf/_msp/Org2/org2admin/msp/signcerts/cert.pem'
     connectionProfile:
       path: '../_cfg/uf/_gateways/org2gateway.json'
       discover: true

packages/caliper-tests-integration/fabric_tests/phase5/networkconfig.yaml

@@ -36,12 +36,14 @@ organizations:
         clientPrivateKey:
           path: '../_cfg/uf/_msp/Org1/org1admin/msp/keystore/cert_sk'
         clientSignedCert:
-          path: '../_cfg/uf/_msp/Org1/org1admin/msp/signcerts/org1admin.pem'
+          path: '../_cfg/uf/_msp/Org1/org1admin/msp/signcerts/cert.pem'
     peers:
       - endpoint: org1peer-api.127-0-0-1.nip.io:8080
         grpcOptions:
           ssl-target-name-override: org1peer-api.127-0-0-1.nip.io
           grpc.keepalive_time_ms: 600000
+        tlsCACerts:
+          path: '../_cfg/uf/_msp/tls/org1peer/tlsca-org1peer-cert.pem'
 
   - mspid: Org2MSP
     identities:
@@ -50,9 +52,11 @@ organizations:
         clientPrivateKey:
             path: '../_cfg/uf/_msp/Org2/org2admin/msp/keystore/cert_sk'
         clientSignedCert:
-            path: '../_cfg/uf/_msp/Org2/org2admin/msp/signcerts/org2admin.pem'
+            path: '../_cfg/uf/_msp/Org2/org2admin/msp/signcerts/cert.pem'
     peers:
-      - endpoint: org1peer-api.127-0-0-1.nip.io:8080
+      - endpoint: org2peer-api.127-0-0-1.nip.io:8080
         grpcOptions:
-          ssl-target-name-override: org1peer-api.127-0-0-1.nip.io
+          ssl-target-name-override: org2peer-api.127-0-0-1.nip.io
           grpc.keepalive_time_ms: 600000
+        tlsCACerts:
+          path: '../_cfg/uf/_msp/tls/org2peer/tlsca-org2peer-cert.pem'

packages/caliper-tests-integration/fabric_tests/run.sh

@@ -21,14 +21,15 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 cd "${DIR}"
 
 if [[ ! -d "bin" || ! -d "config" ]]; then
-  curl -sSL -k https://raw.githubusercontent.com/hyperledger/fabric/main/scripts/bootstrap.sh | bash -s -- 2.4.3 -d -s
+  curl -sSL -k https://raw.githubusercontent.com/hyperledger/fabric/main/scripts/install-fabric.sh | bash -s -- --fabric-version 2.4.3 binary
 fi
 
-npm install -g @hyperledger-labs/weft
-
 export PATH=${DIR}/bin:$PATH
 
 export MICROFAB_CONFIG='{
+    "tls": {
+        "enabled": true
+    },
     "ordering_organizations": {
         "name": "Orderer"
     },
@@ -59,62 +60,151 @@ export MICROFAB_CONFIG='{
 }'
 export CHAINCODE_NAME="marbles"
 
+curl -sSL https://github.com/hyperledger-labs/microfab/releases/download/v0.0.19/microfab-amd64 -o microfab
+
+chmod +x microfab
+
+docker pull ghcr.io/hyperledger-labs/microfab:0.0.19
+${DIR}/microfab start --config $MICROFAB_CONFIG
+sleep 5
+
 export CFG=$DIR/_cfg/uf
 rm -rf $CFG
 mkdir -p $CFG
 
-docker run --name microfab -p 8080:8080 --add-host host.docker.internal:host-gateway --rm -d -e MICROFAB_CONFIG="${MICROFAB_CONFIG}"  ibmcom/ibp-microfab:0.0.16
-sleep 5
+npm install -g @hyperledger-labs/weft
+curl -s https://console.127-0-0-1.nip.io:8080/ak/api/v1/components --insecure | weft microfab -w $CFG/_wallets -p $CFG/_gateways -m $CFG/_msp -f
+
+export FABRIC_CFG_PATH=$DIR/config
 
-curl -s http://console.127-0-0-1.nip.io:8080/ak/api/v1/components | weft microfab -w $CFG/_wallets -p $CFG/_gateways -m $CFG/_msp -f
+export ORDERER_CA=$CFG/_msp/tls/orderer/tlsca-orderer-cert.pem
+export ORDERER_ADDRESS=orderer-api.127-0-0-1.nip.io:8080
+
+export CORE_PEER_CLIENT_CONNTIMEOUT=15s
+export CORE_PEER_DELIVERYCLIENT_CONNTIMEOUT=15s
 
 export CORE_PEER_LOCALMSPID=Org1MSP
 export CORE_PEER_MSPCONFIGPATH=$CFG/_msp/Org1/org1admin/msp
 export CORE_PEER_ADDRESS=org1peer-api.127-0-0-1.nip.io:8080
-export FABRIC_CFG_PATH=$DIR/config
-export CORE_PEER_CLIENT_CONNTIMEOUT=15s
-export CORE_PEER_DELIVERYCLIENT_CONNTIMEOUT=15s
+export CORE_PEER_TLS_ENABLED=true
+export CORE_PEER_TLS_ROOTCERT_FILE=$CFG/_msp/tls/org1peer/tlsca-org1peer-cert.pem
 
 pushd $DIR/src/${CHAINCODE_NAME}/node
 
-peer lifecycle chaincode package ${CHAINCODE_NAME}.tar.gz --path . --lang node --label ${CHAINCODE_NAME}
+peer lifecycle chaincode package ${CHAINCODE_NAME}.tar.gz \
+    --path . \
+    --lang node \
+    --label ${CHAINCODE_NAME}
 
 export CHAINCODE_ID=$(peer lifecycle chaincode calculatepackageid ${CHAINCODE_NAME}.tar.gz)
-echo "Chaincode ID: ${CHAINCODE_ID}"
 
-peer lifecycle chaincode install ${CHAINCODE_NAME}.tar.gz
-
-peer lifecycle chaincode approveformyorg --channelID mychannel --name mymarbles -v v0 --package-id $CHAINCODE_ID --sequence 1 --connTimeout 15s --signature-policy "OR('Org1MSP.member','Org2MSP.member')"
-peer lifecycle chaincode approveformyorg --channelID yourchannel --name yourmarbles -v v0 --package-id $CHAINCODE_ID --sequence 1 --connTimeout 15s --signature-policy "OR('Org1MSP.member','Org2MSP.member')"
+peer lifecycle chaincode install ${CHAINCODE_NAME}.tar.gz \
+    --tls \
+    --cafile $ORDERER_CA \
+    --orderer $ORDERER_ADDRESS
+
+peer lifecycle chaincode approveformyorg \
+    --channelID mychannel \
+    --name mymarbles \
+    -v v0 \
+    --package-id $CHAINCODE_ID \
+    --sequence 1 \
+    --connTimeout 15s \
+    --signature-policy "OR('Org1MSP.member','Org2MSP.member')" \
+    --tls \
+    --cafile $ORDERER_CA \
+    --orderer $ORDERER_ADDRESS
+
+peer lifecycle chaincode approveformyorg \
+    --channelID yourchannel \
+    --name yourmarbles \
+    -v v0 \
+    --package-id $CHAINCODE_ID \
+    --sequence 1 \
+    --connTimeout 15s \
+    --signature-policy "OR('Org1MSP.member','Org2MSP.member')" \
+    --tls \
+    --cafile $ORDERER_CA \
+    --orderer $ORDERER_ADDRESS
 
 export CORE_PEER_LOCALMSPID=Org2MSP
 export CORE_PEER_MSPCONFIGPATH=$CFG/_msp/Org2/org2admin/msp
 export CORE_PEER_ADDRESS=org2peer-api.127-0-0-1.nip.io:8080
+export CORE_PEER_TLS_ENABLED=true
+export CORE_PEER_TLS_ROOTCERT_FILE=$CFG/_msp/tls/org2peer/tlsca-org2peer-cert.pem
 
 peer lifecycle chaincode install ${CHAINCODE_NAME}.tar.gz
 
-peer lifecycle chaincode approveformyorg --channelID mychannel --name mymarbles -v v0 --package-id $CHAINCODE_ID --sequence 1 --connTimeout 15s --signature-policy "OR('Org1MSP.member','Org2MSP.member')"
-peer lifecycle chaincode approveformyorg --channelID yourchannel --name yourmarbles -v v0 --package-id $CHAINCODE_ID --sequence 1 --connTimeout 15s --signature-policy "OR('Org1MSP.member','Org2MSP.member')"
-
-peer lifecycle chaincode commit --channelID mychannel --name mymarbles -v v0 --sequence 1  --connTimeout 15s --signature-policy "OR('Org1MSP.member','Org2MSP.member')"
-peer lifecycle chaincode querycommitted --channelID=mychannel
-
-peer lifecycle chaincode commit --channelID yourchannel --name yourmarbles -v v0 --sequence 1  --connTimeout 15s --signature-policy "OR('Org1MSP.member','Org2MSP.member')"
-peer lifecycle chaincode querycommitted --channelID=yourchannel
+peer lifecycle chaincode approveformyorg \
+    --channelID mychannel \
+    --name mymarbles \
+    -v v0 \
+    --package-id $CHAINCODE_ID \
+    --sequence 1 \
+    --connTimeout 15s \
+    --signature-policy "OR('Org1MSP.member','Org2MSP.member')" \
+    --tls \
+    --cafile $ORDERER_CA \
+    --orderer $ORDERER_ADDRESS
+
+peer lifecycle chaincode approveformyorg \
+    --channelID yourchannel \
+    --name yourmarbles \
+    -v v0 \
+    --package-id $CHAINCODE_ID \
+    --sequence 1 \
+    --connTimeout 15s \
+    --signature-policy "OR('Org1MSP.member','Org2MSP.member')" \
+    --tls \
+    --cafile $ORDERER_CA \
+    --orderer $ORDERER_ADDRESS
+
+peer lifecycle chaincode commit \
+    --channelID mychannel \
+    --name mymarbles \
+    -v v0 \
+    --sequence 1  \
+    --connTimeout 15s \
+    --signature-policy "OR('Org1MSP.member','Org2MSP.member')" \
+    --tls \
+    --cafile $ORDERER_CA \
+    --orderer $ORDERER_ADDRESS
+
+peer lifecycle chaincode querycommitted \
+    --channelID=mychannel \
+    --tls \
+    --cafile $ORDERER_CA \
+    --orderer $ORDERER_ADDRESS
+
+peer lifecycle chaincode commit \
+    --channelID yourchannel \
+    --name yourmarbles \
+    -v v0 \
+    --sequence 1 \
+    --connTimeout 15s \
+    --signature-policy "OR('Org1MSP.member','Org2MSP.member')" \
+    --tls \
+    --cafile $ORDERER_CA \
+    --orderer $ORDERER_ADDRESS
+
+peer lifecycle chaincode querycommitted \
+    --channelID=yourchannel \
+    --tls \
+    --cafile $ORDERER_CA \
+    --orderer $ORDERER_ADDRESS
 
 popd
 
-curl -s http://console.127-0-0-1.nip.io:8080/ak/api/v1/components | weft microfab -w $CFG/_wallets -p $CFG/_gateways -m $CFG/_msp -f
-
 dispose () {
     JOBS=$(jobs -p)
     if [ -n "$JOBS" ]; then
         echo "Killing jobs: $JOBS"
         kill $JOBS
     fi
     docker ps -a
-    docker logs microfab > /tmp/microfab.log
-    docker stop microfab
+    echo "Microfab logs:\n"
+    docker logs microfab
+    ${DIR}/microfab stop
     ${CALL_METHOD} launch manager --caliper-workspace phase6 --caliper-flow-only-end
 }