Fabric Configurations
In Hyperledger Bevel project, ansible is used to automate the certificate generation, putting them in vault and generate value files, which are then pushed to the repository for deployment, using GitOps. This is achieved using Ansible playbooks. Ansible playbooks contains a series of roles and tasks which run in sequential order to achieve the automation.
/hyperledger-fabric
|-- charts
| |-- fabric-ca-server
| |-- fabric-catools
| |-- zkkafka
| |-- fabric-orderernode
| |-- fabric-peernode
| |-- fabric-channel-create
| |-- fabric-channel-join
| |-- fabric-chaincode-install
| |-- fabric-chaincode-instantiate
| |-- fabric-chaincode-upgrade
|-- images
|-- configuration
| |-- roles/
| |-- samples/
| |-- playbook(s)
| |-- openssl.conf
|-- releases
| |-- dev/
|-- scripts
For Hyperledger-Fabric, the ansible roles and playbooks are located at /platforms/hyperledger-fabric/configuration/
Some of the common roles and playbooks between Hyperledger-Fabric, Hyperledger-Indy, Hyperledger-Besu, R3 Corda and Quorum are located at /platforms/shared/configurations/
Roles for setting up Fabric Network
Roles in ansible are a combination of logically inter-related tasks.
Below is the single playbook that you need to execute to setup complete fabric network.
create/anchorpeer
Call nested_anchorpeer for each organization
Check join channel job is done
Creating value file of anchor peer for {{ channel_name }}
Git Push
Follow Readme for detailed information.
create/ca_server
Check if CA certs already created
Ensures crypto dir exists
Get CA certs and key
Generate the CA certificate
Copy the crypto material to Vault
Check if CA admin credentials are already created
Write the CA server admin credentials to Vault
Check Ambassador cred exists
Create the Ambassador credentials
Create CA server values for Orderer
Create CA server values for Organisations
Git Push
Follow Readme for detailed information.
create/ca_tools
Check CA-server is available
Create CA-tools Values file
Git Push
Follow Readme for detailed information.
create/chaincode/install
Create value file for chaincode installation
Check/Wait for anchorpeer update job
Check for install-chaincode job
Write the git credentials to Vault
Create value file for chaincode installation ( nested )
Git Push
Follow Readme for detailed information.
create/chaincode/instantiate
Create value file for chaincode instantiation
Check/Wait for install-chaincode job
Check for instantiate-chaincode job
Create value file for chaincode instantiaiton (nested)
Git Push
Follow Readme for detailed information.
create/chaincode/invoke
Create value file for chaincode invocation
Check/Wait for install-chaincode job
Create value file for chaincode invocation (nested)
Git Push
Follow Readme for detailed information.
create/chaincode/upgrade
Check/Wait for install-chaincode job
Create value file for chaincode upgrade
Git Push
Follow Readme for detailed information.
create/channel_artifacts
Check configtxgen
Geting the configtxgen binary tar
Unzipping the downloaded file
Moving the configtxgen from the extracted folder and place in it path
Creating channel-artifacts folder
Write BASE64 encoded genesis block to Vault
Remove old channel block
Creating channels
Creating Anchor artifacts
Creating JSON configration for new organization
Follow Readme for detailed information.
create/genesis
Remove old genesis block
Creating genesis block
Write genesis block to Vault
Follow README for more information.
create/channels
Call valuefile when participant is creator
Check orderer pod is up
Check peer pod is up
Create value file for channel creation
Git Push
Follow Readme for detailed information.
create/channels_join
Call nested_channel_join for each peer
Check create channel job is done
“join channel {{ channel_name }}”
Git Push
Call check for each peer
Check join channel job is done
Follow Readme for detailed information.
create/configtx
Remove old configtx file
Create configtx file
Adding init patch to configtx.yaml
Adding organization patch to configtx.yaml
Adding orderer patch to configtx.yaml
Adding profile patch to configtx.yaml
Follow Readme for detailed information.
create/crypto/orderer
Call orderercheck.yaml for orderer
Check if CA-tools is running
Ensure CA directory exists
Check if CA certs already created
Check if CA key already created
Call orderer.yaml for each orderer
Check if orderer msp already created
Get MSP info
Check if orderer tls already created
Ensure tls directory exists
Get Orderer tls crt
Create directory path on CA Tools
Copy generate-usercrypto.sh to destination directory
Changing the permission of msp files
Copy the generate_crypto.sh file into the CA Tools
Generate crypto material for organization orderers
Copy the crypto config folder from the CA tools
Copy the crypto material for orderer
Check Ambassador cred exists
Check if orderer ambassador secrets already created
Get Orderer ambassador info
Generate the orderer certificate
Create the Ambassador credentials
Copy the crypto material to Vault
Follow Readme for detailed information.
create/crypto/peer
Check if CA-tools is running
Ensure CA directory exists
Check if CA certs already created
Check if CA key already created
Call peercheck.yaml for each peer
Check if peer msp already created
Get MSP info
Call common.yaml for each peer
Create directory path on CA Tools
Copy generate-usercrypto.sh to destination directory
Changing the permission of msp files
Copy the generate_crypto.sh file into the CA Tools
Generate crypto material for organization peers
Copy the crypto config folder from the CA tools
Check that orderer-certificate file exists
Ensure orderer tls cert directory exists
Copy tls ca.crt from auto-generated path to given path
Check if Orderer certs exist in Vault
Save Orderer certs if not in Vault
Copy organization level certificates for orderers
Check if admin msp already created
Copy organization level certificates for orgs
Check if user msp already created
Copy user certificates for orgs
Follow Readme for detailed information.
create/crypto_script
Create generate_crypto script file for orderers
Create generate_crypto script file for organizations
Follow Readme for detailed information.
create/namespace_vaultauth
Check namespace is created
Create namespaces
Create vault reviewer service account for Organizations
Create vault auth service account for Organizations
Create clusterrolebinding for Orderers
Git Push
Follow Readme for detailed information.
create/new_organisation/create_block
Call nested_create_json for each peer
Ensure channel-artifacts dir exists
Remove old anchor file
Creating new anchor file
adding new org peers anchor peer information
Create create-block-{{ channel_name }}.sh script file for new organisations
Follow Readme for detailed information.
create/orderers
create kafka clusters
create orderers
Git push
Follow Readme for detailed information.
create/peers
Write the couchdb credentials to Vault
Create Value files for Organization Peers
Git Push
Follow Readme for detailed information.
create/storageclass
Check if storage class created
Ensures “component_type” dir exists
Create Storage class for Orderer
Create Storage class for Organizations
Git push
Follow Readme for detailed information.
delete/flux_releases
Deletes all the helmreleases CRD
Remove all Helm releases
Deletes namespaces
Follow Readme for detailed information.
delete/gitops_files
Delete release files
Git push
Follow Readme for detailed information.
delete/vault_secrets
Delete docker creds
Delete Ambassador creds
Delete vault-auth path
Delete Crypto for orderers
Delete Crypto for peers
Delete policy
Follow Readme for detailed information.
helm_component
Ensures value directory exist
Create value file
Helm lint
Follow Readme for detailed information.
k8_component
Ensures value directory exist
Create value file
Follow Readme for detailed information.
setup/config_block/fetch
Call nested_create_cli for the peer
create valuefile for cli {{ peer.name }}-{{ participant.name }}-{{ channel_name }}
Call nested_fetch_role for the peer
start cli
fetch and copy the configuration block from the blockchain
delete cli
Follow Readme for detailed information.
setup/config_block/sign_and_update
Call valuefile when participant is new
Check peer pod is up
Call nested_sign_and_update for each peer
create cli value files for {{peer.name}}-{{ org.name }} for signing the modified configuration block
start cli {{peer.name}}-{{ org.name }}
Check if fabric cli is present
signing from the admin of {{ org.name }}
delete cli {{ peer.name }}-{{ participant.name }}-cli
Call nested_update_channel for the peer
start cli for {{ peer.name }}-{{ org.name }} for updating the channel
Check if fabric cli is present
updating the channel with the new configuration block
delete cli {{ peer.name }}-{{ participant.name }}-cli
Follow Readme for detailed information.
setup/get_ambassador_crypto
Ensure ambassador secrets directory exists
Save keys
Save certs
Ensure ambassador secrets directory exists
Save keys
Save certs
signing from the admin of {{ org.name }}
delete cli {{ peer.name }}-{{ participant.name }}-cli
Call nested_update_channel for the peer
start cli for {{ peer.name }}-{{ org.name }} for updating the channel
Check if fabric cli is present
updating the channel with the new configuration block
delete cli {{ peer.name }}-{{ participant.name }}-cli
setup/get_crypto
Ensure admincerts directory exists
Save admincerts
Ensure cacerts directory exists
Save cacerts
Ensure tlscacerts directory exists
Save tlscacerts
Follow Readme for detailed information.
setup/vault_kubernetes
Check if namespace is created
Ensures build dir exists
Check if Kubernetes-auth already created for Organization
Enable and configure Kubernetes-auth for Organization
Get Kubernetes cert files for organizations
Write reviewer token for Organisations
Check if policy exists
Create policy for Orderer Access Control
Create policy for Organisations Access Control
Write policy for vault
Create Vault auth role
Check docker cred exists
Create the docker pull credentials
Follow Readme for detailed information.