{"id":27959015,"url":"https://github.com/yxuco/fabric-operation","last_synced_at":"2025-05-07T18:27:37.948Z","repository":{"id":96633958,"uuid":"212610981","full_name":"yxuco/fabric-operation","owner":"yxuco","description":"Scripts to configure and deploy Hyperledger Fabric applications locally or in cloud by using Kubernetes or docker-compose","archived":false,"fork":false,"pushed_at":"2023-02-25T00:00:08.000Z","size":14304,"stargazers_count":16,"open_issues_count":2,"forks_count":13,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-03-04T20:01:47.609Z","etag":null,"topics":["aws","azure","docker-compose","etcd-raft","fabric-ca","fabric-sdk-go","google-cloud","hyperledger-fabric","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yxuco.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-10-03T15:15:16.000Z","updated_at":"2023-03-29T07:05:21.000Z","dependencies_parsed_at":null,"dependency_job_id":"3e40ab31-ad4e-404e-ad34-83441d83800d","html_url":"https://github.com/yxuco/fabric-operation","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yxuco%2Ffabric-operation","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yxuco%2Ffabric-operation/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yxuco%2Ffabric-operation/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yxuco%2Ffabric-operation/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yxuco","download_url":"https://codeload.github.com/yxuco/fabric-operation/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252933207,"owners_count":21827473,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","azure","docker-compose","etcd-raft","fabric-ca","fabric-sdk-go","google-cloud","hyperledger-fabric","kubernetes"],"created_at":"2025-05-07T18:27:37.344Z","updated_at":"2025-05-07T18:27:37.919Z","avatar_url":"https://github.com/yxuco.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# fabric-operation\n\nThis project contains scripts that let you define, create, and test a Hyperledger Fabric network in Kubernetes locally or in a cloud.  Supported cloud services include AWS, Azure, and Google Cloud.  The fabric network parameters can be specified by a property file, such as the sample network, [netop1.env](./config/netop1.env).\n\nThe scripts support both `docker-compose` and `kubernetes`.  All steps are done in docker containers, and thus you can get a Fabric network running without pre-downloading any artifact of Hyperledger Fabric.\n\nThis utility is implemented using bash scripts, and thus it does not depend on any other scripting tool or framework, either.\n\n## Prerequisites\n* Your workstation must support `bash` shell scripts.\n* If you want to create and test a Fabric network on local host, you need to install docker-compose and/or kubernetes locally, i.e.,\n  * Install Docker and Docker Compose as described [here](https://docs.docker.com/compose/install/).\n  * Mac user can enable kubernetes as described [here](https://docs.docker.com/docker-for-mac/#kubernetes).\n  * I have not tested the scripts with [Minikube](https://kubernetes.io/docs/tasks/tools/install-minikube/), although I would expect it to work without much change.\n* If you want to create and test a Fabric network in a cloud, you would not need to download anything except a `CLI` required to access the corresponding cloud service.  We currently support Amazon EKS, Azure AKS, and Google GKE.  Other cloud services may be supported in the future. \n  * For AWS, refer the scripts and instructions in the [aws folder](./aws).\n  * For Azure, refer the scripts and instructions in the [az folder](./az).\n  * For Google cloud, refer the scripts and instructions in the [gcp folder](./gcp)\n\n## Prepare Kubernetes namespace\nThis step is necessary only if you use Kubernetes.  So, skip it when `docker-compose` is used.\n```\ncd ./namespace\n./k8s-namespace.sh create\n```\nThis command creates a namespace for the default Fabric operator company, `netop1`. It also sets `netop1` as the default namespace, so you won't have to specify the namespace in the following `kubectl` commands.\n\nTo revoke to the default namespace for `docker-desktop`, you can use the following command:\n```\nkubectl config use-context docker-desktop\n```\n## Start CA server and generate crypto data\nFollowing steps use `docker-desktop` Kubernetes on Mac to start `fabric-ca` PODs and generate crypto data required by the sample network, `netop1`.\n```\ncd ../ca\n# cleanup old ca-server data\nrm -R ../netop1.com/canet\n./ca-server.sh start\n# wait until the 3 PODs for ca server and client are in running state\n./ca-crypto.sh bootstrap\n```\nYou can edit the network specification [netop1.env](./config/netop1.env) if you want to use a different operating company name, or make it run more orderer or peer nodes.  The generated crypto data will be stored in the folder [netop1.com](./netop1.com) on localhost, or in a cloud file system, such as Amazon EFS, or Azure Files. \n\nThese scripts take 2 additional parameters, e.g.,\n```\n./ca-server.sh start -p \u003cconfig_file\u003e -t \u003cenv_type\u003e\n./ca-crypto.sh bootstrap -p \u003cconfig_file\u003e -t \u003cenv_type\u003e\n```\nwhere `config_file` is file in the [config](./config) folder with a suffix `.env` that contains the fabric network specification; `env_type` can be `k8s`, `docker`, `aws`, or `az`.  When no parameter is specified, it uses default `-p netop1 -t k8s`.  Refer [ca](./ca) folder for more detailed description of these scripts.\n* `k8s` uses the local `docker-desktop` kubernetes on Mac.  Non-Mac users may use `docker` option below, or try Minikube (which has not been tested).\n* `docker` uses `docker-compose`.\n* `aws` uses AWS EKS when executed on a `bastion` host of an EC2 instance.  Refer the folder [aws](./aws) for more details on AWS.\n* `az` uses Azure AKS when executed on a `bastion` VM instance in Azure.  Refer the folder [az](./az) for more details on Azure.\nMore cloud support will be added in the future.\n* `gcp` uses Google GKE when executed on a `bastion` host in Google Cloud.  Refer the folder [gcp](./gcp) for more details on Google Cloud.\n\n## Sample crypto data\nWhen the above steps are executed on localhost, the crypto data will be stored in [netop1.com](./netop1.com/), which is specified by `FABRIC_ORG` in the network definition file [netop1.env](./config/netop1.env).  The resulting crypto data is similar to that generated by the fabric `cryptogen` tool as demonstrated by [fabric-samples](https://github.com/hyperledger/fabric-samples). However, by using a fabric CA server in the above step, the generated certificates will include a few extra attributes that would make them usable for cloud deployment using kubernetes, as well as attribute-based-access-control (ABAC).  Besides, CA server is also more flexible for generating certificates for more nodes and users in production environment as the network grows.  Although the CA servers use a self-signed root CA for simplicity, you may supply your real root CA for production deployment.\n\nYou may verify the generated crypto data by using a preconfigured sample network as described in [docker-netop1](./docker-netop1).  However, if you do not have a local hyperledger fabric environment, you can skip the test and read on.  The following steps will show you how to start a fabric network by using a few simple scripts even if you do not have a fabric development environment.\n\n## Generate MSP definition and genesis block\nThe following script generates a genesis block for the sample network in Kubernetes using 2 peers and 3 orderers with `etcd raft` consensus.\n```\ncd ../msp\n./msp-util.sh start\n# wait until the too POD is running\n./msp-util.sh bootstrap\n```\nIt also generates transactions for creating a test channel, `mychannel`, for smoke testing.  Similar to other scripts, this command also accepts 2 parameters, e.g.,\n```\n./msp-util.sh start -p \u003cconfig_file\u003e -t \u003cenv_type\u003e\n./msp-util.sh bootstrap -p \u003cconfig_file\u003e -t \u003cenv_type\u003e\n```\nso you can specify a different network definition file, or generate artifacts for other deployment environment, e.g., `docker`, `aws`, `az`, or `gcp`. Refer [msp](./msp) folder for more detailed description of these scripts.\n\n## Start and smoke test the Fabric network\nThe following script will start and test the sample fabric network by using the `docker-desktop` Kubernetes on a Mac:\n```\ncd ./network\n./network.sh start\n# wait until 3 orderer and 2 peer nodes are running, Raft leader is elected in orderers\n./network.sh test\n./network.sh shutdown\n```\nAfter the network startup, use `kubectl logs orderer-2` to check RAFT leader election result.  When RAFT leader is elected, the log should show\n```\nINFO 101 Raft leader changed: 0 -\u003e 2 channel=netop1-channel node=2\n```\nBefore you shutdown the network, you can verify the running fabric containers by using `kubectl`, e.g.,\n```\nkubectl get pod,svc -n netop1\n```\nNote that the scripts use the operating company name `netop1`, as a Kubernetes namespace, and so they can support multiple member organizations.\n\nAfter the smoke test succeeds, you should see a test result of `90` printed on the screen. If you used `docker-compose` for this excersize (as described below), you can look at the blockchain state via the `CouchDB` futon UI at `http://localhost:7056/_utils`, which is exposed for `docker-compose` only because it is not recommended to expose `CouchDB` in production configuration using Kubernetes.\n\n## Start gateway service and use REST APIs to test chaincode\nRefer [gateway](./service/README.md) for more details on how to build and start a REST API service for applications to interact with one or more Fabric networks. The following commands will start a gateway service that exposes a Swagger-UI at `http://localhost:30081/swagger`.\n```\ncd ../service\n./gateway.sh start\n```\n## Operations for managing the Fabric network\nThe above bootstrap network is for a single operating company to start a Fabric network with its own orderer and peer nodes of pre-configured size.  A network in production will need to scale up and let more organizations to join and co-operate.  Organizations may create their own Kubernetes networks using the same or different cloud service providers. We provide scripts to support such network activities.\n\nThe currently supported operations include\n* Create and join new channel;\n* Install and instantiate new chaincode;\n* Add new peer nodes of the same bootstrap org;\n* Add new orderer nodes of the same bootstrap org;\n* Add new peer org to the same Kubernetes cluster;\n\nRefer [operations](./operations.md) for description of these activities. More operations (as described in `TODO` bellow) will be supported in the future.\n\n## Non-Mac users\nIf you are not using a Mac, you can run these scripts using `docker-compose`, `Amazon EKS`, `Azure AKS`, or `Google GKE`. Simply add a corresponding `env_type` in all the commands, e.g.,\n* `./ca-server.sh start -t docker` to use `docker-composer`, or\n* `./ca-server.sh start -t aws` to use AWS as described in the folder [aws](./aws), or\n* `./ca-server.sh start -t az` to use Azure as described in the folder [az](./az), or\n* `./ca-server.sh start -t gcp` to use Google Cloud as described in the folder [gcp](./gcp), or\n* try to verify if the scripts would work on [Minikube](https://kubernetes.io/docs/tasks/tools/install-minikube/).\n\nWhen `docker-compose` is used, start and test the Fabric network using the following commands:\n```\ncd ./network\n./network.sh start -t docker\n./network.sh test -t docker\n./network.sh shutdown -t docker\n```\n## TODO\nStay tuned for more updates on the following items:\n* Add new orderer org to the same bootstrap Kubernetes cluster for etcd raft consensus;\n* Add new orderer org to a new Kubernetes cluster;\n* Add new peer org to a new Kubernetes cluster;\n* Test multiple org multiple Kubernetes clusters across multiple cloud providers.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyxuco%2Ffabric-operation","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyxuco%2Ffabric-operation","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyxuco%2Ffabric-operation/lists"}