Skip to content
This repository has been archived by the owner on Jan 19, 2022. It is now read-only.

Commit

Permalink
Initial Quorum k8s resource generation complete.
Browse files Browse the repository at this point in the history 
* generates the necessary quorum config:
  permissioned-nodes.json
  genesis.json
* generates the required keys:
  nodekey
  keystore
  transaction manager keys (constellation)
* currently create deployment resources for
  quorum running raft consensus and using
  constellation.
* see the README.md for more details.
  • Loading branch information
@libby
libby committed Nov 27, 2018
0 parents commit df00447
Show file tree
Hide file tree
Showing 21 changed files with 1,064 additions and 0 deletions.
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
gen-node-keys.sh
out/*.yaml
out/
71 changes: 71 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
## Qubernetes

A project for deployng [Quorum](https://github.com/jpmorganchase/quorum) on [Kubernetes](https://github.com/kubernetes/kubernetes).

Thanks to https://medium.com/@cryptoctl which provided
and awesome starting point.

## Quick Start
* Set up the intial config in `qubernetes.yaml`

1. Genearte the kubernetes resource yaml files required
for a Quorum deployment.
```
# Generate the keys, permissioned-nodes.json file
# genesis.json for the configured nodes
$> ./quorum-init
# Generate the kubernetes resources
# necessary to support a Quorum deploy
# this will be written to the `out` dir.
$> ./qubernetes
```
2. Deploy to kubernetes

* see helper scripts `deploy.sh`

```
kubectl apply -f out/quorum-shared-config.yaml
kubectl apply -f out/quorum-services.yaml
kubectl apply -f out/quorum-keyconfigs.yaml
kubectl apply -f out/quorum-deployments.yaml
```


3. Accessing your nodes

```
local $> kubectl get pods --namespace=$YOUR_NAMESPACE
local $> kubect exec -it $POD_ID -c quorum /bin/ash
quorum-qubernetes $> cd /etc/quorum/qdata
quorum-qubernetes $> ls
quorum-qubernetes $> geth attach dd/geth.ipc
> eth.blockNumber
> 0
> exit
quorum-qubernetes $> cd /etc/quorum/qdata/contracts
quorum-qubernetes $>./runscript.js public_contract.js
# you should know see the tx go through
quorum-qubernetes $> geth attach /etc/quorum/qdata/dd/geth.ipc
> eth.blockNumber
> 1
# show connected peers
> admin.peers
```


3. Deleting the deployment

* see helper scripts `deploy.sh`

```
kubectl delete -f out/quorum-shared-config.yaml
kubectl delete -f out/quorum-services.yaml
kubectl delete -f out/quorum-keyconfigs.yaml
kubectl delete -f out/quorum-deployments.yaml
```
164 changes: 164 additions & 0 deletions config/qubernetes-7.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,164 @@
namespace:
name: quorum-test

# here you can add as many nodes as you like, name and configure them
# Note:
# 1. need to be in the list of permissioned nodes and static nodes.
# 2. keys should be set locally.
nodes:
- member:
Node_UserIdent: quorum-node01
Key_Dir: key1
# create a private key and add it to the keystore folder
# ... or just use the example one for testing
keystore:
name: key1
# true: upload secret first via 'kubectl create secret generic geth-key --from-file /path/to/keyfile'
# false: use the key in keystore folder
#secret: false
# quorum transaction manager keys
tm_key:
name: tm1
nodekey:
name: nodekey1

# keep adding nodes
# - member:
# ...
- member:
Node_UserIdent: quorum-node02
Key_Dir: key2
# create a private key and add it to the keystore folder
# ... or just use the example one for testing
keystore:
name: key2
# true: upload secret first via 'kubectl create secret generic geth-key --from-file /path/to/keyfile'
# false: use the key in keystore folder
secret: false
# quorum transaction manager keys
tm_key:
name: tm2
nodekey:
name: nodekey2
- member:
Node_UserIdent: quorum-node03
Key_Dir: key3
# create a private key and add it to the keystore folder
# ... or just use the example one for testing
keystore:
name: key3
# true: upload secret first via 'kubectl create secret generic geth-key --from-file /path/to/keyfile'
# false: use the key in keystore folder
secret: false
# quorum transaction manager keys
tm_key:
name: tm3
nodekey:
name: nodekey3
- member:
Node_UserIdent: quorum-node04
Key_Dir: key4
# create a private key and add it to the keystore folder
# ... or just use the example one for testing
keystore:
name: key4
# true: upload secret first via 'kubectl create secret generic geth-key --from-file /path/to/keyfile'
# false: use the key in keystore folder
secret: false
# quorum transaction manager keys
tm_key:
name: tm4
nodekey:
name: nodekey4
- member:
Node_UserIdent: quorum-node05
Key_Dir: key5
# create a private key and add it to the keystore folder
# ... or just use the example one for testing
keystore:
name: key5
# true: upload secret first via 'kubectl create secret generic geth-key --from-file /path/to/keyfile'
# false: use the key in keystore folder
secret: false
# quorum transaction manager keys
tm_key:
name: tm5
nodekey:
name: nodekey5
- member:
Node_UserIdent: quorum-node06
Key_Dir: key6
# create a private key and add it to the keystore folder
# ... or just use the example one for testing
keystore:
name: key6
# true: upload secret first via 'kubectl create secret generic geth-key --from-file /path/to/keyfile'
# false: use the key in keystore folder
secret: false
# quorum transaction manager keys
tm_key:
name: tm6
nodekey:
name: nodekey6
- member:
Node_UserIdent: quorum-node07
Key_Dir: key7
# create a private key and add it to the keystore folder
# ... or just use the example one for testing
keystore:
name: key7
# true: upload secret first via 'kubectl create secret generic geth-key --from-file /path/to/keyfile'
# false: use the key in keystore folder
secret: false
# quorum transaction manager keys
tm_key:
name: tm7
nodekey:
name: nodekey7
- member:
Node_UserIdent: quorum-node08
Key_Dir: key8
# create a private key and add it to the keystore folder
# ... or just use the example one for testing
keystore:
name: key8
# true: upload secret first via 'kubectl create secret generic geth-key --from-file /path/to/keyfile'
# false: use the key in keystore folder
secret: false
# quorum transaction manager keys
tm_key:
name: tm8
nodekey:
name: nodekey8
quorum:
# base quorum data dir as set inside each container.
Node_DataDir: /etc/quorum/qdata
# This is where all the keys are store, and/or where they are generated, as in the case of quorum-keygen.
# Either full or relative paths on the machine generating the config
Key_Dir_Base: out/config
Permissioned_Nodes_File: out/config/permissioned-nodes.json
Genesis_File: out/config/genesis.json
# related to quorum containers
quorum:
Raft_Port: 50401
# container images at https://hub.docker.com/u/quorumengineering/
Quorum_Version: 2.1.1
# related to transaction manager containers
tm:
# container images at https://hub.docker.com/u/quorumengineering/
# TODO: add support for tessera, this should hold the full container name
# in that case.
Tm_Version: 0.3.2
Port: 9001

# generic geth related options
geth:
Node_WSPort: 8546
NodeP2P_ListenAddr: 21000
network:
# network id (1: mainnet, 3: ropsten, 4: rinkeby ... )
id: 1101
# public (true|false) is it a public network?
public: false
# general verbosity of geth [1..5]
verbosity: 9
68 changes: 68 additions & 0 deletions config/qubernetes-keyonly.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
namespace:
name: quorum-test

quorum:
# base quorum data dir as set inside each container.
Node_DataDir: /etc/quorum/qdata
# This is where all the keys are store, and/or where they are generated, as in the case of quorum-keygen.
# Either full or relative paths on the machine generating the config
Key_Dir_Base: out/config
Permissioned_Nodes_File: out/config/permissioned-nodes.json
Genesis_File: out/config/genesis.json
# related to quorum containers
quorum:
Raft_Port: 50401
# container images at https://hub.docker.com/u/quorumengineering/
Quorum_Version: 2.1.1
# related to transaction manager containers
tm:
# container images at https://hub.docker.com/u/quorumengineering/
# TODO: add support for tessera, this should hold the full container name
# in that case.
Tm_Version: 0.3.2
Port: 9001

# generic geth related options
geth:
Node_WSPort: 8546
NodeP2P_ListenAddr: 21000
network:
# network id (1: mainnet, 3: ropsten, 4: rinkeby ... )
id: 1101
# public (true|false) is it a public network?
public: false
# general verbosity of geth [1..5]
verbosity: 9

# here you can add as many nodes as you like, name and configure them
# Note:
# 1. need to be in the list of permissioned nodes and static nodes.
# 2. keys should be set locally.
nodes:
- member:
Node_UserIdent: quorum-node01
Key_Dir: key1
# keep adding nodes
# - member:
# ...
- member:
Node_UserIdent: quorum-node02
Key_Dir: key2
- member:
Node_UserIdent: quorum-node03
Key_Dir: key3
- member:
Node_UserIdent: quorum-node04
Key_Dir: key4
- member:
Node_UserIdent: quorum-node05
Key_Dir: key5
- member:
Node_UserIdent: quorum-node06
Key_Dir: key6
- member:
Node_UserIdent: quorum-node07
Key_Dir: key7
- member:
Node_UserIdent: quorum-node08
Key_Dir: key8
22 changes: 22 additions & 0 deletions contracts/private_contract.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
a = eth.accounts[0]
web3.eth.defaultAccount = a;

// abi and bytecode generated from simplestorage.sol:
// > solcjs --bin --abi simplestorage.sol
var abi = [{"constant":true,"inputs":[],"name":"storedData","outputs":[{"name":"","type":"uint256"}],"payable":false,"type":"function"},{"constant":false,"inputs":[{"name":"x","type":"uint256"}],"name":"set","outputs":[],"payable":false,"type":"function"},{"constant":true,"inputs":[],"name":"get","outputs":[{"name":"retVal","type":"uint256"}],"payable":false,"type":"function"},{"inputs":[{"name":"initVal","type":"uint256"}],"payable":false,"type":"constructor"}];

var bytecode = "0x6060604052341561000f57600080fd5b604051602080610149833981016040528080519060200190919050505b806000819055505b505b610104806100456000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632a1afcd914605157806360fe47b11460775780636d4ce63c146097575b600080fd5b3415605b57600080fd5b606160bd565b6040518082815260200191505060405180910390f35b3415608157600080fd5b6095600480803590602001909190505060c3565b005b341560a157600080fd5b60a760ce565b6040518082815260200191505060405180910390f35b60005481565b806000819055505b50565b6000805490505b905600a165627a7a72305820d5851baab720bba574474de3d09dbeaabc674a15f4dd93b974908476542c23f00029";

var simpleContract = web3.eth.contract(abi);
var simple = simpleContract.new(42, {from:web3.eth.accounts[0], data: bytecode, gas: 0x47b760, privateFor: ["ROAZBWtSacxXQrOe3FGAqJDyJjFePR5ce4TSIzmJ0Bc="]}, function(e, contract) {
if (e) {
console.log("err creating contract", e);
} else {
if (!contract.address) {
console.log("Contract transaction send: TransactionHash: " + contract.transactionHash + " waiting to be mined...");
} else {
console.log("Contract mined! Address: " + contract.address);
console.log(contract);
}
}
});
22 changes: 22 additions & 0 deletions contracts/public_contract.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
a = eth.accounts[0]
web3.eth.defaultAccount = a;

// abi and bytecode generated from simplestorage.sol:
// > solcjs --bin --abi simplestorage.sol
var abi = [{"constant":true,"inputs":[],"name":"storedData","outputs":[{"name":"","type":"uint256"}],"payable":false,"type":"function"},{"constant":false,"inputs":[{"name":"x","type":"uint256"}],"name":"set","outputs":[],"payable":false,"type":"function"},{"constant":true,"inputs":[],"name":"get","outputs":[{"name":"retVal","type":"uint256"}],"payable":false,"type":"function"},{"inputs":[{"name":"initVal","type":"uint256"}],"payable":false,"type":"constructor"}];

var bytecode = "0x6060604052341561000f57600080fd5b604051602080610149833981016040528080519060200190919050505b806000819055505b505b610104806100456000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632a1afcd914605157806360fe47b11460775780636d4ce63c146097575b600080fd5b3415605b57600080fd5b606160bd565b6040518082815260200191505060405180910390f35b3415608157600080fd5b6095600480803590602001909190505060c3565b005b341560a157600080fd5b60a760ce565b6040518082815260200191505060405180910390f35b60005481565b806000819055505b50565b6000805490505b905600a165627a7a72305820d5851baab720bba574474de3d09dbeaabc674a15f4dd93b974908476542c23f00029";

var simpleContract = web3.eth.contract(abi);
var simple = simpleContract.new(42, {from:web3.eth.accounts[0], data: bytecode, gas: 0x47b760}, function(e, contract) {
if (e) {
console.log("err creating contract", e);
} else {
if (!contract.address) {
console.log("Contract transaction send: TransactionHash: " + contract.transactionHash + " waiting to be mined...");
} else {
console.log("Contract mined! Address: " + contract.address);
console.log(contract);
}
}
});
2 changes: 2 additions & 0 deletions contracts/runscript.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
#!/bin/ash
PRIVATE_CONFIG=$TM_HOME/tm.ipc geth --exec "loadScript(\"$1\")" attach ipc:$QUORUM_HOME/dd/geth.ipc
8 changes: 8 additions & 0 deletions delete.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

qctl="kubectl --namespace=quorum-test --kubeconfig=/home/libby/.go/src/github.com/ethereum/k8-quorum/k8_config --insecure-skip-tls-verify "

$qctl delete -f out/quorum-shared-config.yaml
$qctl delete -f out/quorum-services.yaml
$qctl delete -f out/quorum-deployments.yaml
$qctl delete -f out/quorum-keyconfigs.yaml
8 changes: 8 additions & 0 deletions deploy.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
#!/bin/bash

qctl="kubectl --namespace=quorum-test --kubeconfig=/home/libby/.go/src/github.com/ethereum/k8-quorum/k8_config --insecure-skip-tls-verify "

$qctl create -f out/quorum-shared-config.yaml
$qctl create -f out/quorum-services.yaml
$qctl create -f out/quorum-keyconfigs.yaml
$qctl create -f out/quorum-deployments.yaml
Loading

0 comments on commit df00447

Please sign in to comment.