Skip to content

Latest commit

 

History

History
 
 

sample-network-multi-org

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Hyperledger Fabric Kubernetes Test Network

Create a Hyperledger Fabric test-network on KIND with fabric-operator.

Objective: provide crystal clarity to Fabric's MSP and certificate structures, focusing on the inductive construction of a multi-organization network.

Dark Side of the Moon

The Dark Side of the Moon - Pink Floyd (From Wikipedia, the free encyclopedia )

The Venue:

To run this sample locally, clone the git repo and follow the dependency checklist:

./scripts/check.sh

This scenario is slow but predictable. The focus in this example is not efficiency, but to demonstrate the construction of a multi-org network, highlighting a production-realistic scenario of running a Fabric network spanning multiple Kubernetes clusters, namespaces, or cloud-vendors.

In typical examples of constructing a fabric test network, the use of cryptogen is highlighted as an efficient and convenient mechanism to avoid complexities of CA bootstrap, node enrollments, and the exchange of consortium MSP certificates as part of the channel configuration.

By contrast, this scenario sets up a multi-org Fabric network, illustrating a correct ordering of CA initialization, node / admin enrollments, MSP certificate exchange, and channel construction without the assumption of a central file system or volume mount. With minor modifications, this example can be extended to use rsync or an SSH protocol to exchange channel MSP for a network spanning multiple, independent Kubernetes clusters. For convenience, this example allocates a dedicated k8s namespace for each organization, running on a shared virtual KIND cluster.

For best results, start a new terminal for each organization in the consortium. (Imagine that each shell is running commands on behalf of the org's Fabric administrator.)

The Stage:

git clone https://github.com/hyperledger-labs/fabric-operator.git
cd sample-network-multi-org

Create a KIND kubernetes cluster, *.localho.st ingress, and local container registry:

just kind 

Act I: Launch CAs, peers, and orderers

Start the nodes in the network:

just start org0
just start org1
just start org2

Enroll admin, rcaadmin, and gateway users at the org CAs:

just enroll org0
just enroll org1
just enroll org2
just check-network

Act II: Build a Consortium

just export-msp org0
just export-msp org1
just export-msp org2
just create-genesis-block

just inspect-genesis-block
just join org0
just join org1
just join org2

Act III: Chaincode and Gateway Application

Install asset-transfer version 0.1.4 with the Kubernetes chaincode builder:

just install-cc org1
just install-cc org2

Ad Hoc peer CLI:

org1:

export ORG=org1
export MSP_ID=Org1MSP 

export $(just show-context $MSP_ID $ORG peer1)

peer chaincode query \
  -n asset-transfer \
  -C mychannel \
  -c '{"Args":["org.hyperledger.fabric:GetMetadata"]}'  

org2:

export ORG=org2
export MSP_ID=Org2MSP 

export $(just show-context $MSP_ID $ORG peer1) 

peer chaincode query \
  -n asset-transfer \
  -C mychannel \
  -c '{"Args":["org.hyperledger.fabric:GetMetadata"]}' 

Gateway Client

When the org1 and org2 CAs are created, they include a bootstrap registration and enrollment of a client identity for use in gateway application development.

If the just show-context commands (above) have been loaded into the terminal, the peer, orderer, and CA certificate paths have been loaded into the environment.

In an org admin shell, load the gateway client environment for trader-typescript:

# local MSP enrollment folder for the org client user
export USER_MSP_DIR=$PWD/organizations/$ORG/enrollments/${ORG}user/msp

# Path to private key file 
export PRIVATE_KEY=$USER_MSP_DIR/keystore/key.pem

# Path to user certificate file
export CERTIFICATE=$USER_MSP_DIR/signcerts/cert.pem

# Path to CA certificate
export TLS_CERT=$CORE_PEER_TLS_ROOTCERT_FILE

# Connect client applications to the load-balancing gateway peer alias:
export ENDPOINT=${ORG}-peer-gateway.${ORG}.localho.st:443
  • Compile the trader-typescript application:
git clone https://github.com/hyperledger/fabric-samples.git /tmp/fabric-samples
pushd /tmp/fabric-samples/full-stack-asset-transfer-guide/applications/trader-typescript

npm install
# Create a yellow banana token
npm start create banana bananaman yellow

npm start getAllAssets

# Transfer the banana among users / orgs 
npm start transfer banana appleman Org1MSP

npm start getAllAssets

# Transfer the banana among users / orgs 
npm start transfer banana bananaman Org2MSP

# Error! Which org owns the banana? 
npm start transfer banana bananaman Org1MSP

Teardown

# Tear down the network 
just destroy

or

# Tear down the kubernetes cluster
just unkind