This will deploy a remote peer in your K8S cluster, connecting to the main blockchain network.
Download binaries for Hyperledger Fabric v1.4.1
curl -sSL http://bit.ly/2ysbOFE | bash -s -- 1.4.1 -d -s
rm -f config/configtx.yaml config/core.yaml config/orderer.yaml
You should have a K8S cluster (obviously). Install Helm in your local machine and Tiller in the K8S
helm init
helm version
If you see Error: could not find a ready tiller pod
, wait for a while and try again
-
Register the remote peer to the Peer Org's CA (enrollment will be done via provided scripts)
-
Register the remote peer to the Peer Org's TLS CA (Note that IBPv2 runs a separate TLS CA)
-
Create a channel (channel1), join a peer to that channel, installed and instantiated a chaincode - Sample Chaincode. IBPv2 accepts .cds chaincode files through its GUI.
-
Download CA TLS cert by following these instructions:
-
In IBPv2 console, go to Certificate Authority settings
-
Copy the contents in TLS Certificate field
-
Issue the commands
export TLS=<paste the contents here> mkdir -p ./tmp echo $TLS > ./tmp/ca-tls base64 --decode ./tmp/ca-tls > ./data/ca-tls-cert/ca-tls.pem
-
-
Download Orderer TLS root cert by following these instructions:
-
In IBPv2 console, go to Orderer settings
-
Copy the contents in TLS Certificate field
-
Issue the commands
export TLS=<paste the contents here> echo $TLS > ./tmp/orderer-ca-tls-root-cert base64 --decode ./tmp/orderer-ca-tls-root-cert > ./data/orderer-ca-tls-root-cert/orderer-ca-tls-root-cert.pem
-
-
Download Org Admin identity by following these instructions:
-
In IBPv2 console, go to Wallet and choose the Org Admin
-
Copy the contents in Certificate field
-
Issue the commands
export CERT=<paste the contents here> echo $CERT > ./tmp/admincert base64 --decode ./tmp/admincert > ./data/users/OrgAdmin/msp/signcerts/cert.pem
-
Copy the contents in Private Key field
-
Issue the commands
export KEY=<paste the contents here> echo $KEY > ./tmp/adminkey base64 --decode ./tmp/adminkey > ./data/users/OrgAdmin/msp/keystore/key
-
If you're running on Minikube, turn on hairpin mode so that the peer can call itself when performing various operations (join channel, etc)
minikube ssh
sudo ip link set docker0 promisc on
In bin folder, check if you have fabric-ca-client
In values.sh
, change/alter the following as necessary. You might want to download Connection Profile to assist in filling up some of the parameters
REMOTE_PEER_NAME
- Same as the peer's enrollment IDCA_USERNAME
- The username of the remote peer registered in the Org's CACA_PASSWORD
- The password of the remote peer registered in the Org's CATLSCA_USERNAME
- The username of the remote peer registered in the Org's TLS CATLSCA_PASSWORD
- The password of the remote peer registered in the Org's TLS CAORGADMIN_NAME
- The name of the org admin (leave it as OrgAdmin)ORGMSP_ID
- Org MSP IDCA_HOSTNAME
- Self explanatoryCA_PORT
- Self explanatoryBOOTSTRAP_PEER
- Peer to connect to receive gossip messagesORDERER
- Orderer AddressCHANNEL
- Channel Name
Provided that you met all the prerequisites above, run:
./enroll.sh
This will create secrets based on the certificates provided and deploy a helm chart
./deploy.sh
Make sure that peer is running:
kubectl get pod
Once deployment is done, get the pod's name:
source values.sh
POD=$(kubectl get pods -l "app=hlf-peer,release=${REMOTE_PEER_NAME}" -o jsonpath="{.items[0].metadata.name}")
kubectl exec -it $POD -c peer bash
Retrieve Channel Genesis Block
peer channel fetch 0 /var/hyperledger/channel_genesis.pb -c $CHANNEL_NAME -o $ORDERER_ADDRESS --tls --cafile /var/hyperledger/tls/ord/cert/orderer-ca-tls-root-cert.pem
Join Channel
CORE_PEER_MSPCONFIGPATH=$ADMIN_MSP_PATH peer channel join -b /var/hyperledger/channel_genesis.pb
Exit
exit
Install and Query Chaincode
kubectl cp ./chaincode/[email protected] ${POD}:/var/hyperledger/ -c peer
kubectl exec -it $POD -c peer bash
CHAINCODE=sample
CORE_PEER_MSPCONFIGPATH=$ADMIN_MSP_PATH peer chaincode install /var/hyperledger/sample\@1.cds
CORE_PEER_MSPCONFIGPATH=$ADMIN_MSP_PATH peer chaincode query -C $CHANNEL_NAME -n $CHAINCODE -c '{"Args":["query","a"]}'
Invoke Chaincode
CHAINCODE=sample
CORE_PEER_MSPCONFIGPATH=$ADMIN_MSP_PATH peer chaincode invoke -o $ORDERER_ADDRESS --tls --cafile /var/hyperledger/tls/ord/cert/orderer-ca-tls-root-cert.pem -C $CHANNEL_NAME -n $CHAINCODE -c '{"Args":["put","a","10"]}'
CORE_PEER_ADDRESS=$CORE_PEER_GOSSIP_BOOTSTRAP CORE_PEER_MSPCONFIGPATH=$ADMIN_MSP_PATH peer chaincode invoke -o $ORDERER_ADDRESS --tls --cafile $ORD_TLS_PATH/orderer-ca-tls-root-cert.pem -C $CHANNEL_NAME -n $CHAINCODE -c '{"Args":["put","a","13"]}'
This will remove the release and destroys all secrets in the default
namespace
./destroy.sh