From d88fd4a883e9fd8796fb86bc9de6b7f3b9446de9 Mon Sep 17 00:00:00 2001 From: Latitia M Haskins Date: Tue, 29 Nov 2016 14:38:48 -0500 Subject: [PATCH] FAB-1214: Generates a fabric-cop image for docker This commit includes the Dockerfile used for generating a docker image as well as a docker-compose file for setting up a cop server and 3 separate clients. Change-Id: Id85eb44d7febb7e483c56068b75f727d29126adc Signed-off-by: Latitia M Haskins --- docker/.env | 4 ++ docker/README.md | 52 +++++++++++++++++++++++++ docker/docker-compose-cop.yml | 45 ++++++++++++++++++++++ docker/fabric-cop/Dockerfile | 18 +++++++++ docker/fabric-cop/cop.json | 72 +++++++++++++++++++++++++++++++++++ docker/fabric-cop/csr.json | 19 +++++++++ docker/fabric-cop/ec-key.pem | 5 +++ docker/fabric-cop/ec.pem | 15 ++++++++ 8 files changed, 230 insertions(+) create mode 100644 docker/.env create mode 100644 docker/README.md create mode 100644 docker/docker-compose-cop.yml create mode 100644 docker/fabric-cop/Dockerfile create mode 100644 docker/fabric-cop/cop.json create mode 100644 docker/fabric-cop/csr.json create mode 100644 docker/fabric-cop/ec-key.pem create mode 100644 docker/fabric-cop/ec.pem diff --git a/docker/.env b/docker/.env new file mode 100644 index 000000000..049639e38 --- /dev/null +++ b/docker/.env @@ -0,0 +1,4 @@ +CA_CERTIFICATE=ec.pem +CA_KEY_CERTIFICATE=ec-key.pem +COP_CONFIG=cop.json +CSR_CONFIG=csr.json diff --git a/docker/README.md b/docker/README.md new file mode 100644 index 000000000..ec0650d5c --- /dev/null +++ b/docker/README.md @@ -0,0 +1,52 @@ +# To build a docker image with cop +```sh +$ docker build fabric-cop -t fabric-cop:latest +``` + +# Setup environment variables (optional) +If you want to use your own defined certificates, be sure to save these +certificates in the /var/hyperledger/fabric/.cop directory in your environment. +Then set the following environment variables accordingly. + +## Public key +default value: ec.pem +```sh +$ export CA_CERTIFICATE= +``` +## Private key +default value: ec-key.pem +```sh +$ export CA_KEY_CERTIFICATE= +``` +## COP configuration file +This file contains users, database setup, groups, and signing information) +default value: cop.json +```sh +$ export COP_CONFIG= +``` +## CSR (Certificate Signing Request) config file +default value: csr.json +```sh +$ export CSR_CONFIG= +``` +``` + +# Certificate private and public files +If you are using certificates or config files outside of the default values, +be sure to save the desired files to the developer's local directories. The +certificates should be saved to the `/var/hyperledger/fabric/.cop` directory +and the config files should be saved to the `var/hyperledger/cop_config` +directory. + +You can also generate the certificates by running the following script that +outputs server.pem and server-key.pem files and saves them to your $HOME/.cop +directory. +```sh +$ cop server init /path/to/cop/config/csr.json +``` + +# To execute the cop server and cop clients +```sh +$ docker-compose -f docker-compose-cop-cluster.yml up --force-recreate -d +``` + diff --git a/docker/docker-compose-cop.yml b/docker/docker-compose-cop.yml new file mode 100644 index 000000000..1e6ce456c --- /dev/null +++ b/docker/docker-compose-cop.yml @@ -0,0 +1,45 @@ +cop: + image: fabric-cop:latest + ports: + - "8888:8888" + environment: + - CA_CERTIFICATE=${CA_CERTIFICATE} + - CA_KEY_CERTIFICATE=${CA_KEY_CERTIFICATE} + - COP_CONFIG=${COP_CONFIG} + volumes: + - /config:/var/hyperledger/cop_config + - /root/.cop:/var/hyperledger/fabric/.cop + command: sh -c 'cop server start -ca ~/.cop/$CA_CERTIFICATE -ca-key ~/.cop/$CA_KEY_CERTIFICATE -config /config/$COP_CONFIG -address "0.0.0.0"' + +admin-client: + image: fabric-cop:latest + environment: + - CSR_CONFIG=${CSR_CONFIG} + volumes: + - /config:/var/hyperledger/cop_config + - /root/.cop:/var/hyperledger/fabric/.cop + command: sh -c "sleep 5;cop client enroll admin adminpw http://cop:8888 /config/$CSR_CONFIG" + links: + - cop + +sdk-client: + image: fabric-cop:latest + environment: + - CSR_CONFIG=${CSR_CONFIG} + volumes: + - /config:/var/hyperledger/cop_config + - /root/.cop:/var/hyperledger/fabric/.cop + command: sh -c "sleep 5;cop client enroll sdk sdkpw http://cop:8888 /config/$CSR_CONFIG" + links: + - cop + +bob-client: + image: fabric-cop:latest + environment: + - CSR_CONFIG=${CSR_CONFIG} + volumes: + - /config:/var/hyperledger/cop_config + - /root/.cop:/var/hyperledger/fabric/.cop + command: sh -c "sleep 5;cop client enroll bob bobpw http://cop:8888 /config/$CSR_CONFIG" + links: + - cop diff --git a/docker/fabric-cop/Dockerfile b/docker/fabric-cop/Dockerfile new file mode 100644 index 000000000..255610b84 --- /dev/null +++ b/docker/fabric-cop/Dockerfile @@ -0,0 +1,18 @@ +FROM golang +ENV GOPATH=/opt/gopath +ENV PATH=$GOPATH/bin:$PATH + +RUN go get github.com/hyperledger/fabric-cop/cli +RUN mv $GOPATH/bin/cli $GOPATH/bin/cop + +# Copy the configuration for the cop and certificate setups +WORKDIR /config +COPY cop.json /config/cop.json +COPY csr.json /config/csr.json + +# Copy the same certificates that are currently hardcoded into the peers +WORKDIR /root/.cop +COPY ec-key.pem /root/.cop/ec-key.pem +COPY ec.pem /root/.cop/ec.pem + +EXPOSE 8888 diff --git a/docker/fabric-cop/cop.json b/docker/fabric-cop/cop.json new file mode 100644 index 000000000..c9c82638f --- /dev/null +++ b/docker/fabric-cop/cop.json @@ -0,0 +1,72 @@ +{ + "driver":"sqlite3", + "data_source":"cop.db", + "users": { + "admin": { + "pass": "adminpw", + "type": "client", + "group": "bank_a", + "attrs": [{"name":"hf.Registrar.Roles","value":"client,peer,validator,auditor"}, {"name":"hf.Registrar.DelegateRoles", "value": "client"}] + }, + "sdk": { + "pass": "sdkpw", + "type": "client", + "group": "bank_a", + "attrs": [{"name":"hf.Registrar.Roles","value":"client,peer,validator,auditor"}, {"name":"hf.Registrar.DelegateRoles", "value": "client"}] + }, + "amy": { + "pass": "amypw", + "type": "client", + "group": "bank_a", + "attrs": [{"name":"hf.Registrar.Roles","value":"client,peer,validator,auditor"}, {"name":"hf.Registrar.DelegateRoles", "value": "client"}] + }, + "alice": { + "pass": "alicepw", + "type": "client", + "group": "bank_a", + "attrs": [{"name":"hf.Registrar.Roles","value":"client,peer,validator,auditor"}, {"name":"hf.Registrar.DelegateRoles", "value": "client"}] + }, + "amber": { + "pass": "amberpw", + "type": "client", + "group": "bank_a", + "attrs": [{"name":"hf.Registrar.Roles","value":"client,peer,validator,auditor"}, {"name":"hf.Registrar.DelegateRoles", "value": "client"}] + }, + "bob": { + "pass": "bobpw", + "type": "client", + "group": "bank_a", + "attrs": [{"name":"hf.Registrar.Roles","value":"client,peer,validator,auditor"}, {"name":"hf.Registrar.DelegateRoles", "value": "client"}] + }, + "bill": { + "pass": "billpw", + "type": "client", + "group": "bank_a", + "attrs": [{"name":"hf.Registrar.Roles","value":"client,peer,validator,auditor"}, {"name":"hf.Registrar.DelegateRoles", "value": "client"}] + }, + "dan": { + "pass": "danpw", + "type": "client", + "group": "bank_a", + "attrs": [{"name":"hf.Registrar.Roles","value":"client,peer,validator,auditor"}, {"name":"hf.Registrar.DelegateRoles", "value": "client"}] + }, + "derek": { + "pass": "derekpw", + "type": "client", + "group": "bank_a", + "attrs": [{"name":"hf.Registrar.Roles","value":"client,peer,validator,auditor"}, {"name":"hf.Registrar.DelegateRoles", "value": "client"}] + } + }, + "groups": { + "banks_and_institutions": { + "banks": ["bank_a", "bank_b", "bank_c"], + "institutions": ["institution_a"] + } + }, + "signing": { + "default": { + "usages": ["cert sign"], + "expiry": "8000h" + } + } +} diff --git a/docker/fabric-cop/csr.json b/docker/fabric-cop/csr.json new file mode 100644 index 000000000..5f45d93df --- /dev/null +++ b/docker/fabric-cop/csr.json @@ -0,0 +1,19 @@ +{ + "hosts": [ + "myhost.com", + "www.myhost.com" + ], + "key": { + "algo": "ecdsa", + "size": 256 + }, + "names": [ + { + "O": "Hyperledger Fabric", + "OU": "COP", + "L": "Raleigh", + "ST": "North Carolina", + "C": "US" + } + ] +} diff --git a/docker/fabric-cop/ec-key.pem b/docker/fabric-cop/ec-key.pem new file mode 100644 index 000000000..021f34653 --- /dev/null +++ b/docker/fabric-cop/ec-key.pem @@ -0,0 +1,5 @@ +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEINs5XopZVBEWTsUCCF8mU4H14/UN1alo+j5BzBQZ0PKtoAoGCCqGSM49 +AwEHoUQDQgAEogflvYlpKaqJBcfKoL5yaScgJwWLkB11WOxCLMNXq5ni/qz49aIn +LN8D+tO0y9gA+r/J4QekFQHWPTnebGekyw== +-----END EC PRIVATE KEY----- diff --git a/docker/fabric-cop/ec.pem b/docker/fabric-cop/ec.pem new file mode 100644 index 000000000..8d98dfa59 --- /dev/null +++ b/docker/fabric-cop/ec.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICYjCCAgmgAwIBAgIUB3CTDOU47sUC5K4kn/Caqnh114YwCgYIKoZIzj0EAwIw +fzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNh +biBGcmFuY2lzY28xHzAdBgNVBAoTFkludGVybmV0IFdpZGdldHMsIEluYy4xDDAK +BgNVBAsTA1dXVzEUMBIGA1UEAxMLZXhhbXBsZS5jb20wHhcNMTYxMDEyMTkzMTAw +WhcNMjExMDExMTkzMTAwWjB/MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv +cm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEfMB0GA1UEChMWSW50ZXJuZXQg +V2lkZ2V0cywgSW5jLjEMMAoGA1UECxMDV1dXMRQwEgYDVQQDEwtleGFtcGxlLmNv +bTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKIH5b2JaSmqiQXHyqC+cmknICcF +i5AddVjsQizDV6uZ4v6s+PWiJyzfA/rTtMvYAPq/yeEHpBUB1j053mxnpMujYzBh +MA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQXZ0I9 +qp6CP8TFHZ9bw5nRtZxIEDAfBgNVHSMEGDAWgBQXZ0I9qp6CP8TFHZ9bw5nRtZxI +EDAKBggqhkjOPQQDAgNHADBEAiAHp5Rbp9Em1G/UmKn8WsCbqDfWecVbZPQj3RK4 +oG5kQQIgQAe4OOKYhJdh3f7URaKfGTf492/nmRmtK+ySKjpHSrU= +-----END CERTIFICATE-----