Skip to content

Commit

Permalink
Merge branch 'develop' into develop
Browse files Browse the repository at this point in the history
  • Loading branch information
@sownak
sownak committed Sep 1, 2023
2 parents f1c44c4 + 831de5a commit b568ffa
Show file tree
Hide file tree
Showing 119 changed files with 8,085 additions and 741 deletions.
99 changes: 99 additions & 0 deletions docs/source/operations/setup_onchain_permissioning_besu.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,99 @@
[//]: # (##############################################################################################)
[//]: # (Copyright Accenture. All Rights Reserved.)
[//]: # (SPDX-License-Identifier: Apache-2.0)
[//]: # (##############################################################################################)

<a name = "deploy-besu-onchain-permissioning-network"></a>
# Deploy Besu Onchain Permissioning Network

- [Prerequisites](#prerequisites)
- [Steps to achieve Besu OnChain Permissioning](#steps-to-achieve-besu-onchain-permissioning)

<a name = "prerequisites"></a>
## Prerequisites

- Metamask installed.
- Truffle installed.

<a name = "steps-to-achieve-besu-onchain-permissioning"></a>
## Steps to achieve Besu OnChain Permissioning

**Step 1: Configure Besu network configuration file.**

1. Edit the Besu network configuration file. Refer to the [guide](./besu_networkyaml.md) for detailed instructions on editing the file.

2. To enable and use onchain permissioning, set the `network.permissioning.enabled` parameter to `true` in the Besu network configuration file. Below is a sample configuration for reference:

```yaml
network:
type: besu
version: 21.10.6
permissioning:
enabled: true # Set to false if onchain permissioning is not required
env:...
docker:...
config:...
organizations:...
```

For reference, use sample configuration defined in the [network-besu.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-besu/configuration/samples/network-besu.yaml) file.

**Step 2: Deploy Besu network.**

1. Utilize the [site.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/shared/configuration/site.yaml) playbook to deploy the Besu network:

```bash
ansible-playbook platforms/shared/configuration/site.yaml --extra-vars "@path-to-besu-network-configuration-file.yaml"
```

**Step 3: Clone contracts and install dependencies.**

1. Clone the permissioning-smart-contracts repository:

```bash
git clone https://github.com/ConsenSys/permissioning-smart-contracts.git
```

2. Change the directory to permissioning-smart-contracts:

```bash
cd permissioning-smart-contracts/
```

3. Create a `.env` file to store environment variables with values defined based on your network configuration:

```env
# Address of the Node Ingress contract in the genesis (ibftPermissionGenesisFile) file.
NODE_INGRESS_CONTRACT_ADDRESS=0x0000000000000000000000000000000000009999
# Address of the Account Ingress contract in the genesis (ibftPermissionGenesisFile) file.
ACCOUNT_INGRESS_CONTRACT_ADDRESS=0x0000000000000000000000000000000000008888
# Account used to deploy the permissioning contracts and become the first admin account.
BESU_NODE_PERM_ACCOUNT=<Metamask-Account-Address>
# Private key of the same account defined above, required to deploy the permissioning contracts.
BESU_NODE_PERM_KEY=<Metamask-Account-Private-Key>
# Besu uses the specified node to deploy the contracts, which is the first node in the network.
BESU_NODE_PERM_ENDPOINT=http://<organization-name>.<external-url-suffix>:<rpc-ambassador-port-number>
# The chain ID from the genesis (ibftPermissionGenesisFile) file.
CHAIN_ID=2018
# Enode URLs of permitted nodes. Specify multiple nodes (Node-1, Node-2, Node-3) as a comma-separated list.
INITIAL_ALLOWLISTED_NODES=<Enode-Address-Node-1>,<Enode-Address-Node-2>
# Addresses of initially allowed accounts. Specify multiple accounts as a comma-separated list.
INITIAL_ALLOWLISTED_ACCOUNTS=<Metamask-Account-1-Address>,<Metamask-Account-2-Address>
```

**Step 4: Deploy the contracts.**

Use the following command to deploy the contracts:

```bash
truffle migrate --reset --network besu
```

By following these steps, we will be able to successfully deploy a Besu Onchain Permissioning Network.
4 changes: 2 additions & 2 deletions platforms/hyperledger-fabric/charts/anchorpeer/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,6 @@

apiVersion: v1
appVersion: "2.0"
description: A Helm chart for updating the anchorpeer details
description: "Hyperledger Fabric: Updates the anchorpeer details."
name: anchorpeer
version: '0.14.0'
version: '0.14.1'
198 changes: 198 additions & 0 deletions platforms/hyperledger-fabric/charts/anchorpeer/README.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,198 @@
[//]: # (##############################################################################################)
[//]: # (Copyright Accenture. All Rights Reserved.)
[//]: # (SPDX-License-Identifier: Apache-2.0)
[//]: # (##############################################################################################)

<a name = "anchor-peer-hyperledger-fabric-deployment"></a>
# Anchor Peer Hyperledger Fabric Deployment

- [Anchor Peer Hyperledger Fabric Deployment Helm Chart](#anchor-peer-hyperledger-fabric-deployment-helm-chart)
- [Prerequisites](#prerequisites)
- [Chart Structure](#chart-structure)
- [Configuration](#configuration)
- [Deployment](#deployment)
- [Verification](#verification)
- [Updating the Deployment](#updating-the-deployment)
- [Deletion](#deletion)
- [Contributing](#contributing)
- [License](#license)


<a name = "anchor-peer-hyperledger-fabric-deployment-helm-chart"></a>
## Anchor Peer Hyperledger Fabric Deployment Helm Chart
---
This [Helm chart](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/anchorpeer) updates the anchor peers for the Hyperledger Fabric channel.


<a name = "prerequisites"></a>
## Prerequisites
---
Before deploying the Helm chart, make sure to have the following prerequisites:

- Kubernetes cluster up and running.
- A HashiCorp Vault instance is set up and configured to use Kubernetes service account token-based authentication.
- The Vault is unsealed and initialized.
- Helm installed.


<a name = "chart-structure"></a>
## Chart Structure
---
The structure of the Helm chart is as follows:

```
anchorpeer/
|- templates/
|- _helpers.yaml
|- anchorpeer.yaml
|- configmap.yaml
|- Chart.yaml
|- README.md
|- values.yaml
```

- `templates/`: Contains the Kubernetes manifest templates that define the resources to be deployed.
- `helpers.tpl`: Contains custom label definitions used in other templates.
- `anchorpeer.yaml`: Uses two initContainers to fetch the orderer TLS certificates and the MSP certificates from Vault. The main container then uses the fetched certificates to update the anchor peer for the channel.
- `configmap.yaml`: Stores configuration data for an anchor peer. The file contains two ConfigMaps, one for the configuration data and one for the artifacts. The configuration ConfigMap contains the key-value pairs that are used to configure the peer, and the artifacts ConfigMap contains the base64-encoded transaction that anchors the peer to the channel.
- `Chart.yaml`: Contains the metadata for the Helm chart, such as the name, version, and description.
- `README.md`: Provides information and instructions about the Helm chart.
- `values.yaml`: Contains the default configuration values for the Helm chart.


<a name = "configuration"></a>
## Configuration
---
The [values.yaml](https://github.com/hyperledger/bevel/blob/develop/platforms/hyperledger-fabric/charts/anchorpeer/values.yaml) file contains configurable values for the Helm chart. We can modify these values according to the deployment requirements. Here are some important configuration options:

## Parameters
---

### Metadata

| Name | Description | Default Value |
| ----------------------| ----------------------------------------------------------------------------------| --------------------------------------------------|
| namespace | Provide the namespace for organization's peer | org1-example-com |
| images.fabrictools | Provide the valid image name and version | hyperledger/fabric-tools:2.2.2 |
| images.alpineutils | Provide the valid image name and version to read certificates from vault server | ghcr.io/hyperledger/bevel-alpine:latest |
| labels | Provide the custom labels | anchorpeer |

### Peer

| Name | Description | Default Value |
| --------------| --------------------------------------------------------------------------------------------------------| ------------------------------|
| name | Provide the name of the peer as per deployment yaml | peer0 |
| address | Provide the address of the peer which will update the channel about the anchor peer of the organization | peer0.org1-example-com:7051 |
| localmspid | Provide the localmspid for organization | org1MSP |
| loglevel | Provide the loglevel for organization's peer | debug |
| tlsstatus | Provide the value for tlsstatus to be true or false for organization's peer | true |

### Vault

| Name | Description | Default Value |
| ---------------------| ----------------------------------------------------------------------------| -----------------------------|
| role | Provide the vaultrole for an organization | vault-role |
| address | Provide the vault server address | "" |
| authpath | Provide the kubernetes auth backed configured in vault for an organization | fra-demo-hlkube-cluster-org1 |
| adminsecretprefix | PProvide the value for vault secretprefix | secret/ |
| orderersecretprefix | Provide the value for vault secretprefix | secret/ |
| serviceaccountname | Provide the serviceaccount name for vault | vault-auth |
| imagesecretname | Provide the imagesecretname for vault | "" |
| tls | Enable or disable TLS for vault communication | vaultca |

### Channel

| Name | Description | Default Value |
| ----------| -------------------------------------|---------------|
| name | Provide the name of the channel | mychannel |

### orderer

| Name | Description | Default Value |
| -----------| -----------------------------------|----------------------------|
| address | Provide the address for orderer | orderer.fratest-com:7050 |

### anchorstx

| Name | Description | Default Value |
| ---------------| ---------------------------------------------------------| ------------- |
| anchorstx | Provide the base64 encoded file contents for anchorstx | "" |


<a name = "deployment"></a>
## Deployment
---

To deploy the anchorpeer Helm chart, follow these steps:

1. Modify the [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/anchorpeer/values.yaml) file to set the desired configuration values.
2. Run the following Helm command to install the chart:
```
$ helm repo add bevel https://hyperledger.github.io/bevel/
$ helm install <release-name> ./anchorpeer
```
Replace `<release-name>` with the desired name for the release.

This will deploy the anchorpeer job to the Kubernetes cluster based on the provided configurations.


<a name = "verification"></a>
## Verification
---

To verify the deployment, we can use the following command:
```
$ kubectl get jobs -n <namespace>
```
Replace `<namespace>` with the actual namespace where the Job was created. This command will display information about the Job, including the number of completions and the current status of the Job's pods.


<a name = "updating-the-deployment"></a>
## Updating the Deployment
---

If we need to update the deployment with new configurations or changes, modify the same [values.yaml](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/anchorpeer/values.yaml) file with the desired changes and run the following Helm command:
```
$ helm upgrade <release-name> ./anchorpeer
```
Replace `<release-name>` with the name of the release. This command will apply the changes to the deployment, ensuring the anchorpeer node is up to date.

<a name = "deletion"></a>
## Deletion
---

To delete the deployment and associated resources, run the following Helm command:
```
$ helm uninstall <release-name>
```
Replace `<release-name>` with the name of the release. This command will remove all the resources created by the Helm chart.

<a name = "contributing"></a>
## Contributing
---
If you encounter any bugs, have suggestions, or would like to contribute to the [Anchor Peer Hyperledger Fabric Deployment Helm Chart](https://github.com/hyperledger/bevel/blob/main/platforms/hyperledger-fabric/charts/anchorpeer), please feel free to open an issue or submit a pull request on the [project's GitHub repository](https://github.com/hyperledger/bevel).

<a name = "license"></a>
## License

This chart is licensed under the Apache v2.0 license.

Copyright &copy; 2023 Accenture

### Attribution

This chart is adapted from the [charts](https://hyperledger.github.io/bevel/) which is licensed under the Apache v2.0 License which is reproduced here:

```
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
```
Loading

0 comments on commit b568ffa

Please sign in to comment.