├── .ansible-lint ├── .dockerignore ├── .flake8 ├── .github ├── scripts │ ├── bump.sh │ ├── get-host-ip.sh │ ├── kind_with_nginx.sh │ ├── purge.sh │ ├── run-integration-tests.sh │ ├── run-tests.sh │ ├── run-tutorial-tests.sh │ └── setup-tests.sh └── workflows │ ├── fvtest.yml │ ├── main.yml │ ├── publish-beta.yml │ ├── publish.yml │ └── purge.yml ├── .gitignore ├── .vscode └── settings.json ├── .yamllint.yml ├── CHANGELOG.md ├── CONTRIBUTING.md ├── Dockerfile ├── LICENSE ├── README.md ├── docker └── docker-entrypoint.sh ├── docs ├── Makefile ├── source │ ├── conf.py │ ├── favicon.ico │ ├── index.rst │ ├── installation.rst │ ├── migrating-v12-v2.rst │ ├── modules.rst │ ├── modules │ │ └── .gitkeep │ ├── roles.rst │ ├── roles │ │ ├── console.rst │ │ ├── crds.rst │ │ ├── endorsing_organization.rst │ │ ├── fabric-console.rst │ │ ├── fabric-operator-crds.rst │ │ ├── hlfsupport_console.rst │ │ ├── hlfsupport_crds.rst │ │ ├── mrha_endorsing_organization.rst │ │ ├── mrha_ordering_organization.rst │ │ ├── mzha_endorsing_organization.rst │ │ ├── mzha_ordering_organization.rst │ │ └── ordering_organization.rst │ ├── support.rst │ ├── tasks │ │ ├── addadmincert.rst │ │ ├── enable-fabricv2-capability.rst │ │ ├── haca.rst │ │ ├── intermediateCA.rst │ │ └── update-channel-parameters.rst │ └── tutorials │ │ ├── building.rst │ │ ├── deploying.rst │ │ ├── hlfsupport-installing.rst │ │ ├── installing-fabric-operator-console.rst │ │ ├── installing.rst │ │ ├── joining.rst │ │ └── oss-installing.rst └── templates │ └── module.rst.j2 ├── examples ├── add-admin-cert │ ├── .gitignore │ ├── 01-update-organization.yml │ ├── 02-update-syschannel-member.yml │ ├── 03-update-syschannel-admin.yml │ ├── 04-update-channels-member.yml │ ├── 05-update-channels-admin.yml │ ├── tasks │ │ ├── 04-update-channel-member.yml │ │ └── 05-update-channel-admin.yml │ └── vars.yml ├── chaincode_info │ └── 00-org1-chaincode-info.yml ├── create-ha-ca │ ├── create-ha-ca.yml │ └── vars.yml ├── create-intermediate-ca │ ├── create-parent-plus-intermediate-ca.yml │ └── vars.yml ├── enable-fabricv2-capability │ ├── 01-enable-fabricv2-systemchannel.yml │ ├── 02-enable-fabricv2-channels.yml │ ├── endorsement-policy.json │ ├── tasks │ │ └── 02-enable-fabricv2-channel.yml │ └── vars.yml ├── opensource-stack │ ├── 01-operator-install.yml │ ├── 02-console-install.yml │ ├── 90-KIND-ingress.yml │ ├── README.md │ ├── templates │ │ ├── coredns │ │ │ └── coredns.yaml.j2 │ │ └── ingress │ │ │ ├── ingress-nginx-controller.yaml │ │ │ └── kustomization.yaml │ └── vars.yml └── update-channel-parameters │ ├── update-channel-parameters.yml │ └── vars.yml ├── galaxy.yml ├── justfile ├── meta └── runtime.yml ├── plugins ├── module_utils │ ├── cert_utils.py │ ├── certificate_authorities.py │ ├── channel_utils.py │ ├── consoles.py │ ├── dict_utils.py │ ├── enrolled_identities.py │ ├── fabric_utils.py │ ├── file_utils.py │ ├── module.py │ ├── msp_utils.py │ ├── ordering_services.py │ ├── organizations.py │ ├── peers.py │ ├── pkcs11 │ │ └── crypto.py │ ├── proto_utils.py │ └── utils.py └── modules │ ├── approved_chaincode.py │ ├── certificate_authority.py │ ├── certificate_authority_info.py │ ├── chaincode_list_info.py │ ├── channel_acl.py │ ├── channel_block.py │ ├── channel_capabilities.py │ ├── channel_config.py │ ├── channel_consenter.py │ ├── channel_consenters.py │ ├── channel_member.py │ ├── channel_member_info.py │ ├── channel_parameters.py │ ├── channel_policy.py │ ├── committed_chaincode.py │ ├── connection_profile.py │ ├── console_user.py │ ├── consortium_member.py │ ├── consortium_member_info.py │ ├── enrolled_identity.py │ ├── enrolled_identity_info.py │ ├── external_certificate_authority.py │ ├── external_ordering_service.py │ ├── external_ordering_service_node.py │ ├── external_organization.py │ ├── external_peer.py │ ├── installed_chaincode.py │ ├── instantiated_chaincode.py │ ├── ordering_service.py │ ├── ordering_service_admin.py │ ├── ordering_service_info.py │ ├── ordering_service_node.py │ ├── ordering_service_node_info.py │ ├── organization.py │ ├── organization_info.py │ ├── peer.py │ ├── peer_channel.py │ ├── peer_info.py │ └── registered_identity.py ├── requirements.txt ├── roles ├── console │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── create.yml │ │ ├── delete.yml │ │ ├── k8s │ │ │ ├── create.yml │ │ │ └── delete.yml │ │ ├── main.yml │ │ └── openshift │ │ │ ├── create.yml │ │ │ └── delete.yml │ └── templates │ │ ├── k8s │ │ ├── cluster_role.yml.j2 │ │ ├── cluster_role_binding.yml.j2 │ │ ├── console.yml.j2 │ │ ├── image_pull_secret.yml.j2 │ │ ├── operator.yml.j2 │ │ ├── pod_security_policy.yml.j2 │ │ └── role_binding.yml.j2 │ │ └── openshift │ │ ├── cluster_role.yml.j2 │ │ ├── cluster_role_binding.yml.j2 │ │ ├── console.yml.j2 │ │ ├── image_pull_secret.yml.j2 │ │ ├── operator.yml.j2 │ │ └── security_context_constraints.yml.j2 ├── crds │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── create.yml │ │ ├── delete.yml │ │ ├── k8s │ │ │ ├── create.yml │ │ │ └── delete.yml │ │ ├── main.yml │ │ └── openshift │ │ │ ├── create.yml │ │ │ └── delete.yml │ └── templates │ │ ├── ca-crd.yml.j2 │ │ ├── console-crd.yml.j2 │ │ ├── k8s │ │ ├── deployment.yml.j2 │ │ ├── image_pull_secret.yml.j2 │ │ ├── role.yml.j2 │ │ ├── role_binding.yml.j2 │ │ └── service.yml.j2 │ │ ├── openshift │ │ ├── deployment.yml.j2 │ │ ├── image_pull_secret.yml.j2 │ │ ├── role.yml.j2 │ │ ├── role_binding.yml.j2 │ │ ├── security_context_constraints.yml.j2 │ │ └── service.yml.j2 │ │ ├── orderer-crd.yml.j2 │ │ └── peer-crd.yml.j2 ├── endorsing_organization │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── create.yml │ │ ├── delete.yml │ │ └── main.yml ├── fabric_console │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── create.yml │ │ ├── delete.yml │ │ ├── k8s │ │ │ ├── create.yml │ │ │ └── delete.yml │ │ ├── main.yml │ │ └── openshift │ │ │ ├── create.yml │ │ │ └── delete.yml │ └── templates │ │ ├── k8s │ │ └── hlf-operations-console.yaml.j2 │ │ └── openshift │ │ └── hlf-operations-console.yaml.j2 ├── fabric_operator_crds │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── create.yml │ │ ├── delete.yml │ │ ├── k8s │ │ │ ├── create.yml │ │ │ └── delete.yml │ │ ├── main.yml │ │ └── openshift │ │ │ ├── create.yml │ │ │ └── delete.yml │ └── templates │ │ ├── k8s │ │ ├── coredns │ │ │ └── coredns.yaml.j2 │ │ ├── ingress │ │ │ ├── ingress-nginx-controller.yaml │ │ │ └── kustomization.yaml │ │ ├── manager │ │ │ └── hlf-operator-manager.yaml.j2 │ │ └── rbac │ │ │ ├── hlf-operator-clusterrole.yaml │ │ │ ├── hlf-operator-clusterrolebinding.yaml.j2 │ │ │ └── hlf-operator-serviceaccount.yaml │ │ └── openshift │ │ ├── deployment.yml.j2 │ │ ├── image_pull_secret.yml.j2 │ │ ├── manager │ │ └── hlf-operator-manager.yaml.j2 │ │ ├── rbac │ │ ├── hlf-operator-clusterrole.yaml │ │ ├── hlf-operator-clusterrolebinding.yaml.j2 │ │ └── hlf-operator-serviceaccount.yaml │ │ ├── role.yml.j2 │ │ ├── role_binding.yml.j2 │ │ ├── security_context_constraints.yml.j2 │ │ └── service.yml.j2 ├── hlfsupport_console │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── create.yml │ │ ├── delete.yml │ │ ├── k8s │ │ │ ├── create.yml │ │ │ └── delete.yml │ │ ├── main.yml │ │ └── openshift │ │ │ ├── create.yml │ │ │ └── delete.yml │ └── templates │ │ ├── k8s │ │ ├── cluster_role.yml.j2 │ │ ├── cluster_role_binding.yml.j2 │ │ ├── console.yml.j2 │ │ ├── image_pull_secret.yml.j2 │ │ ├── operator.yml.j2 │ │ └── role_binding.yml.j2 │ │ └── openshift │ │ ├── cluster_role.yml.j2 │ │ ├── cluster_role_binding.yml.j2 │ │ ├── console.yml.j2 │ │ ├── image_pull_secret.yml.j2 │ │ ├── operator.yml.j2 │ │ └── security_context_constraints.yml.j2 ├── hlfsupport_crds │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── create.yml │ │ ├── delete.yml │ │ ├── k8s │ │ │ ├── create.yml │ │ │ └── delete.yml │ │ ├── main.yml │ │ └── openshift │ │ │ ├── create.yml │ │ │ └── delete.yml │ └── templates │ │ ├── ca-crd.yml.j2 │ │ ├── console-crd.yml.j2 │ │ ├── k8s │ │ ├── deployment.yml.j2 │ │ ├── image_pull_secret.yml.j2 │ │ ├── role.yml.j2 │ │ ├── role_binding.yml.j2 │ │ └── service.yml.j2 │ │ ├── openshift │ │ ├── deployment.yml.j2 │ │ ├── image_pull_secret.yml.j2 │ │ ├── role.yml.j2 │ │ ├── role_binding.yml.j2 │ │ ├── security_context_constraints.yml.j2 │ │ └── service.yml.j2 │ │ ├── orderer-crd.yml.j2 │ │ └── peer-crd.yml.j2 ├── mrha_endorsing_organization │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── create.yml │ │ ├── create │ │ ├── primary-peer.yml │ │ ├── primary-region.yml │ │ ├── secondary-peer.yml │ │ └── secondary-region.yml │ │ ├── delete.yml │ │ ├── delete │ │ ├── primary-peer.yml │ │ ├── primary-region.yml │ │ ├── secondary-peer.yml │ │ └── secondary-region.yml │ │ └── main.yml ├── mrha_ordering_organization │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── create.yml │ │ ├── create │ │ ├── primary-osn.yml │ │ ├── primary-region.yml │ │ ├── secondary-osn.yml │ │ └── secondary-region.yml │ │ ├── delete.yml │ │ ├── delete │ │ ├── primary-osn.yml │ │ ├── primary-region.yml │ │ ├── secondary-osn.yml │ │ └── secondary-region.yml │ │ └── main.yml ├── mzha_endorsing_organization │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── create.yml │ │ ├── delete.yml │ │ └── main.yml ├── mzha_ordering_organization │ ├── README.md │ ├── defaults │ │ └── main.yml │ ├── meta │ │ └── main.yml │ └── tasks │ │ ├── create.yml │ │ ├── delete.yml │ │ └── main.yml └── ordering_organization │ ├── README.md │ ├── defaults │ └── main.yml │ ├── meta │ └── main.yml │ └── tasks │ ├── create.yml │ ├── delete.yml │ └── main.yml ├── tests └── integration │ ├── integration_config.yml │ └── targets │ ├── it_certificate_authority │ └── tasks │ │ ├── assertions.yml │ │ └── main.yml │ ├── it_endorsing_organization │ └── tasks │ │ └── main.yml │ ├── it_external_ordering_service │ ├── tasks │ │ └── main.yml │ └── templates │ │ └── one_node_ordering_service.json.j2 │ └── it_ordering_organization │ └── tasks │ └── main.yml └── tutorial ├── .gitignore ├── 01-create-ordering-organization-components.yml ├── 02-create-endorsing-organization-components.yml ├── 03-export-organization.yml ├── 04-import-organization.yml ├── 05-enable-capabilities.yml ├── 06-add-organization-to-consortium.yml ├── 07-export-ordering-service.yml ├── 08-import-ordering-service.yml ├── 09-admins-policy.json.j2 ├── 09-create-channel.yml ├── 09-endorsement-policy.json.j2 ├── 09-lifecycle-endorsement-policy.json.j2 ├── 09-readers-policy.json.j2 ├── 09-writers-policy.json.j2 ├── 10-join-peer-to-channel.yml ├── 11-add-anchor-peer-to-channel.yml ├── 12-create-endorsing-organization-components.yml ├── 13-export-organization.yml ├── 14-import-organization.yml ├── 15-add-organization-to-channel.yml ├── 15-admins-policy.json.j2 ├── 15-endorsement-policy.json.j2 ├── 15-lifecycle-endorsement-policy.json.j2 ├── 15-readers-policy.json.j2 ├── 15-writers-policy.json.j2 ├── 16-import-ordering-service.yml ├── 17-join-peer-to-channel.yml ├── 18-add-anchor-peer-to-channel.yml ├── 19-install-and-approve-chaincode.yml ├── 20-install-and-approve-chaincode.yml ├── 21-commit-chaincode.yml ├── 22-register-application.yml ├── 23-register-application.yml ├── 97-delete-endorsing-organization-components.yml ├── 98-delete-endorsing-organization-components.yml ├── 99-delete-ordering-organization-components.yml ├── build_network.sh ├── common-vars.yml ├── deploy_smart_contract.sh ├── fabcar@1.0.0.tgz ├── join_network.sh ├── ordering-org-vars.yml ├── org1-vars.yml ├── org2-vars.yml └── v1.x ├── 01-create-ordering-organization-components.yml ├── 02-create-endorsing-organization-components.yml ├── 03-export-organization.yml ├── 04-import-organization.yml ├── 05-add-organization-to-consortium.yml ├── 06-export-ordering-service.yml ├── 07-import-ordering-service.yml ├── 08-admins-policy.json.j2 ├── 08-create-channel.yml ├── 08-readers-policy.json.j2 ├── 08-writers-policy.json.j2 ├── 09-join-peer-to-channel.yml ├── 10-add-anchor-peer-to-channel.yml ├── 11-create-endorsing-organization-components.yml ├── 12-export-organization.yml ├── 13-import-organization.yml ├── 14-add-organization-to-channel.yml ├── 14-admins-policy.json.j2 ├── 14-readers-policy.json.j2 ├── 14-writers-policy.json.j2 ├── 15-import-ordering-service.yml ├── 16-join-peer-to-channel.yml ├── 17-add-anchor-peer-to-channel.yml ├── 18-install-chaincode.yml ├── 19-install-chaincode.yml ├── 20-instantiate-chaincode.yml ├── 21-register-application.yml ├── 22-register-application.yml ├── 97-delete-endorsing-organization-components.yml ├── 98-delete-endorsing-organization-components.yml ├── 99-delete-ordering-organization-components.yml ├── build_network.sh ├── common-vars.yml ├── deploy_smart_contract.sh ├── fabcar@1.0.0.cds ├── join_network.sh ├── ordering-org-vars.yml ├── org1-vars.yml └── org2-vars.yml /.ansible-lint: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | exclude_paths: 6 | - examples 7 | - tutorial 8 | - tests 9 | - .github 10 | - meta 11 | 12 | skip_list: 13 | - risky-file-permissions 14 | - 'fqcn-builtins' 15 | - var-naming[no-role-prefix] 16 | -------------------------------------------------------------------------------- /.flake8: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | [flake8] 5 | ignore = E501,W504 -------------------------------------------------------------------------------- /.github/scripts/bump.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | CURRENT_VERSION=$(yq -r .version galaxy.yml) 4 | cat < /tmp/version.txt 5 | import semantic_version 6 | v = semantic_version.Version('${CURRENT_VERSION}') 7 | v = v.next_patch() 8 | print(str(v)) 9 | EOF 10 | NEXT_VERSION=$(cat /tmp/version.txt) 11 | SED="sed" 12 | if [ "$(uname)" == "Darwin" ]; then 13 | SED="gsed" 14 | fi 15 | ${SED} -i "s|^version:.*|version: ${NEXT_VERSION}|" galaxy.yml -------------------------------------------------------------------------------- /.github/scripts/get-host-ip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cat </dev/null 5 | ip -4 route show default | cut -d' ' -f3 6 | EOF -------------------------------------------------------------------------------- /.github/scripts/purge.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | if [ "${API_AUTHTYPE}" = "basic" ]; then 4 | curl -f -k -XDELETE -u "${API_KEY}:${API_SECRET}" "${API_ENDPOINT}/ak/api/v3/kubernetes/components/purge" 5 | elif [ "${API_AUTHTYPE}" = "ibmcloud" ]; then 6 | ACCESS_TOKEN=$(curl -XPOST -d "apikey=${API_KEY}" -d grant_type=urn:ibm:params:oauth:grant-type:apikey https://iam.cloud.ibm.com/identity/token | jq -r .access_token) 7 | curl -f -XDELETE -H "Authorization: Bearer ${ACCESS_TOKEN}" "${API_ENDPOINT}/ak/api/v3/kubernetes/components/purge" 8 | fi 9 | -------------------------------------------------------------------------------- /.github/scripts/run-integration-tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | cd ~/.ansible/collections/ansible_collections/ibm/blockchain_platform 4 | TEST_RUN_ID=$(dd if=/dev/urandom bs=4096 count=1 2>/dev/null | shasum | awk '{print $1}') 5 | SHORT_TEST_RUN_ID=$(echo "${TEST_RUN_ID}" | awk '{print substr($1,1,8)}') 6 | yq -yi ".api_endpoint=\"${API_ENDPOINT}\"" tests/integration/integration_config.yml 7 | yq -yi ".api_authtype=\"${API_AUTHTYPE}\"" tests/integration/integration_config.yml 8 | yq -yi ".api_key=\"${API_KEY}\"" tests/integration/integration_config.yml 9 | yq -yi ".api_secret=\"${API_SECRET}\"" tests/integration/integration_config.yml 10 | yq -yi ".api_timeout=300" tests/integration/integration_config.yml 11 | yq -yi ".k8s_namespace=\"${K8S_NAMESPACE}\"" tests/integration/integration_config.yml 12 | yq -yi ".test_run_id=\"${TEST_RUN_ID}\"" tests/integration/integration_config.yml 13 | yq -yi ".short_test_run_id=\"${SHORT_TEST_RUN_ID}\"" tests/integration/integration_config.yml 14 | yq -yi ".wait_timeout=1800" tests/integration/integration_config.yml 15 | ansible-test integration 16 | -------------------------------------------------------------------------------- /.github/scripts/run-tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | TYPE=$1 4 | TARGET=$2 5 | IBP_ANSIBLE_LOG_FILENAME=/tmp/${TYPE}-${TARGET}.log 6 | export IBP_ANSIBLE_LOG_FILENAME 7 | echo "${IBP_ANSIBLE_LOG_FILENAME}" >/tmp/ibp-ansible-log-filename.txt 8 | 9 | # 10 | pushd tutorial 11 | function cleanup { 12 | ./join_network.sh destroy 13 | } 14 | trap cleanup EXIT 15 | ./build_network.sh build 16 | ./join_network.sh join 17 | ./deploy_smart_contract.sh 18 | trap - EXIT 19 | ./join_network.sh destroy 20 | -------------------------------------------------------------------------------- /.github/scripts/setup-tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | curl -sSL https://github.com/hyperledger/fabric/releases/download/v2.2.1/hyperledger-fabric-linux-amd64-2.2.1.tar.gz | sudo tar xzf - -C /usr/local 4 | curl -sL https://ibm.biz/idt-installer | bash 5 | ibmcloud config --check-version=false 6 | ibmcloud version 7 | ibmcloud plugin list 8 | curl -sSL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-4.5/openshift-client-linux.tar.gz | sudo tar xzf - -C /usr/local/bin 9 | ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" -c "${IBM_CLOUD_ACCOUNT}" -r "${IBM_CLOUD_REGION}" 10 | ibmcloud oc cluster config -c "${IBM_CLOUD_OPENSHIFT_CLUSTER_ID}" 11 | oc login -u apikey -p "${IBM_CLOUD_API_KEY}" -------------------------------------------------------------------------------- /.github/workflows/purge.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | name: Purge 6 | on: 7 | workflow_dispatch: {} 8 | jobs: 9 | purge: 10 | strategy: 11 | matrix: 12 | include: 13 | - api_endpoint: API_ENDPOINT_SOFTWARE 14 | api_authtype: API_AUTHTYPE_SOFTWARE 15 | api_key: API_KEY_SOFTWARE 16 | api_secret: API_SECRET_SOFTWARE 17 | k8s_namespace: K8S_NAMESPACE_SOFTWARE 18 | target: software 19 | - api_endpoint: API_ENDPOINT_SAAS 20 | api_authtype: API_AUTHTYPE_SAAS 21 | api_key: API_KEY_SAAS 22 | api_secret: API_SECRET_SAAS 23 | k8s_namespace: K8S_NAMESPACE_SAAS 24 | target: SaaS 25 | name: Purge (${{ matrix.target }}) 26 | runs-on: ubuntu-latest 27 | steps: 28 | - name: Checkout 29 | uses: actions/checkout@v2 30 | - name: Purge all components 31 | run: .github/scripts/purge.sh 32 | env: 33 | API_ENDPOINT: ${{ secrets[matrix.api_endpoint] }} 34 | API_AUTHTYPE: ${{ secrets[matrix.api_authtype] }} 35 | API_KEY: ${{ secrets[matrix.api_key] }} 36 | API_SECRET: ${{ secrets[matrix.api_secret] }} 37 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "editor.formatOnSave": true, 3 | "files.trimTrailingWhitespace": true, 4 | "python.formatting.provider": "autopep8", 5 | "python.linting.enabled": true, 6 | "python.linting.flake8Enabled": true, 7 | "esbonio.sphinx.confDir": "" 8 | } -------------------------------------------------------------------------------- /.yamllint.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | extends: default 6 | rules: 7 | comments: disable 8 | comments-indentation: disable 9 | line-length: disable 10 | truthy: 11 | allowed-values: 12 | - "True" 13 | - "true" 14 | - "False" 15 | - "false" 16 | - "Yes" 17 | - "yes" 18 | - "No" 19 | - "no" 20 | check-keys: false 21 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IBM-Blockchain/ansible-collection/461b662668d55d7de1136e991683109fe15f8645/CHANGELOG.md -------------------------------------------------------------------------------- /docker/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | set -euo pipefail 6 | 7 | # If this image is run with -u , as happens on Red Hat OpenShift, then 8 | # the user is not in the /etc/passwd file. This causes Ansible to fail, so we need 9 | # to add the user to /etc/passwd now before Ansible runs. 10 | if ! whoami &> /dev/null; then 11 | sed '/ibp-user/d' /etc/passwd > /tmp/passwd 12 | cat /tmp/passwd > /etc/passwd 13 | rm -f /tmp/passwd 14 | echo "ibp-user:x:$(id -u):0::/home/ibp-user:/bin/bash" >> /etc/passwd 15 | export HOME=/home/ibp-user 16 | fi 17 | 18 | # Run a shell or the specified command. 19 | if [ $# -eq 0 ]; then 20 | exec /bin/bash 21 | else 22 | exec "$@" 23 | fi 24 | -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | 5 | all: 6 | ansible-doc-extractor --template templates/module.rst.j2 source/modules ../plugins/modules/*.py 7 | sphinx-build -b html source build 8 | touch build/.nojekyll 9 | 10 | clean: 11 | rm -rf build 12 | rm -rf source/modules/*.rst -------------------------------------------------------------------------------- /docs/source/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IBM-Blockchain/ansible-collection/461b662668d55d7de1136e991683109fe15f8645/docs/source/favicon.ico -------------------------------------------------------------------------------- /docs/source/migrating-v12-v2.rst: -------------------------------------------------------------------------------- 1 | .. 2 | .. SPDX-License-Identifier: Apache-2.0 3 | .. 4 | 5 | Migrating from v1.2 to version 2 6 | ================================ 7 | 8 | Consistent with a major version upgrade, the following are important changes between v1.2 and v2 9 | 10 | - For the latest ansible(current is 2.13.1), Your python3 version should at least be 3.8. 11 | python3.9 is used for the docker image. And we do not test against python3.11. 12 | - All the dependencies in requirment.txt should be the latest version. 13 | - Note that the versions of Kubernetes supported are up to 1.25 14 | -------------------------------------------------------------------------------- /docs/source/modules.rst: -------------------------------------------------------------------------------- 1 | .. 2 | .. SPDX-License-Identifier: Apache-2.0 3 | .. 4 | 5 | Modules 6 | ======= 7 | 8 | Modules can be used from the command line or in a playbook task. Ansible 9 | executes each module, usually on the remote target node, and collects return 10 | values. 11 | 12 | While different modules perform different tasks, their interfaces and responses 13 | follow similar patterns. 14 | 15 | 16 | Invoking transactions 17 | --------------------- 18 | 19 | Ansible modules should work on the principle that they are idempotent; the same playbook 20 | can be executed more than once safetly. Submmiting a transactions to Fabric would break this concept. 21 | 22 | The modules here are intended for administrative purposes; for this reason and to main the modules 23 | as being idempotent there are no modules for general purpose transaction invoking. 24 | 25 | Module reference 26 | ---------------- 27 | 28 | Reference material for each module contains documentation on what parameters 29 | certain modules accept and what values they expect those parameters to be. 30 | 31 | 32 | .. toctree:: 33 | :maxdepth: 1 34 | :caption: Contents: 35 | :glob: 36 | 37 | modules/* 38 | 39 | 40 | -------------------------------------------------------------------------------- /docs/source/modules/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IBM-Blockchain/ansible-collection/461b662668d55d7de1136e991683109fe15f8645/docs/source/modules/.gitkeep -------------------------------------------------------------------------------- /docs/source/roles.rst: -------------------------------------------------------------------------------- 1 | .. 2 | .. SPDX-License-Identifier: Apache-2.0 3 | .. 4 | 5 | Roles 6 | ======= 7 | 8 | Roles can be used from the command line or in a playbook task. Ansible 9 | executes each role, usually on the remote target node, and collects return 10 | values. 11 | 12 | While different roles perform different tasks, their interfaces and responses 13 | follow similar patterns. 14 | 15 | Role reference 16 | ---------------- 17 | 18 | Reference material for each role contains documentation on what parameters 19 | certain roles accept and what values they expect those parameters to be. 20 | 21 | 22 | .. toctree:: 23 | :maxdepth: 1 24 | :caption: Contents: 25 | :glob: 26 | 27 | roles/* 28 | 29 | 30 | -------------------------------------------------------------------------------- /examples/add-admin-cert/.gitignore: -------------------------------------------------------------------------------- 1 | *.json 2 | *.bin 3 | -------------------------------------------------------------------------------- /examples/add-admin-cert/04-update-channels-member.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Update admin certificates 6 | hosts: localhost 7 | vars_files: 8 | - vars.yml 9 | tasks: 10 | - name: Get the ordering service details 11 | ibm.blockchain_platform.ordering_service_info: 12 | api_endpoint: "{{ api_endpoint }}" 13 | api_authtype: "{{ api_authtype }}" 14 | api_key: "{{ api_key }}" 15 | api_secret: "{{ api_secret | default(omit) }}" 16 | name: "{{ ordering_service_name }}" 17 | register: ordering_service_info 18 | 19 | - name: Fail if the ordering service does not exist 20 | fail: 21 | msg: Ordering service {{ ordering_service_name }} does not exist 22 | when: not ordering_service_info.exists 23 | 24 | - name: Update channel 25 | include_tasks: tasks/04-update-channel-member.yml 26 | loop: "{{ channel_names }}" 27 | loop_control: 28 | loop_var: channel_name 29 | -------------------------------------------------------------------------------- /examples/add-admin-cert/05-update-channels-admin.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Update admin certificates 6 | hosts: localhost 7 | vars_files: 8 | - vars.yml 9 | tasks: 10 | - name: Get the ordering service details 11 | ibm.blockchain_platform.ordering_service_info: 12 | api_endpoint: "{{ api_endpoint }}" 13 | api_authtype: "{{ api_authtype }}" 14 | api_key: "{{ api_key }}" 15 | api_secret: "{{ api_secret | default(omit) }}" 16 | name: "{{ ordering_service_name }}" 17 | register: ordering_service_info 18 | 19 | - name: Fail if the ordering service does not exist 20 | fail: 21 | msg: Ordering service {{ ordering_service_name }} does not exist 22 | when: not ordering_service_info.exists 23 | 24 | - name: Update channel 25 | include_tasks: tasks/05-update-channel-admin.yml 26 | loop: "{{ channel_names }}" 27 | loop_control: 28 | loop_var: channel_name 29 | -------------------------------------------------------------------------------- /examples/add-admin-cert/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ordering_service_name: Ordering Service 10 | ordering_service_admin_identity: Ordering Org Admin.json 11 | ordering_service_admin_msp_id: OrdererMSP 12 | organization_name: Org1 13 | organization_msp_id: Org1MSP 14 | organization_old_admin_identity: Org1 Admin.json 15 | organization_new_admin_identity: New Org1 Admin.json 16 | channel_names: 17 | - channel1 18 | - channel2 19 | - channel3 20 | - channel4 21 | -------------------------------------------------------------------------------- /examples/create-ha-ca/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ha_ca_name: HAOrg1 CA 10 | ca_admin_identity: haadmin 11 | ca_admin_pass: haadminpw 12 | db_datasource: host=mypostgressql.example.com port=999 user=myUsername password=myPassword dbname=mydb sslmode=verify-full 13 | db_certfile1: LS0tLS... 14 | ca_replicas: 2 15 | -------------------------------------------------------------------------------- /examples/create-intermediate-ca/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | parent_ca_name: MGCorp 10 | parent_ca_admin_identity: admin 11 | parent_ca_admin_secret: adminSEC 12 | int_ca_identity: mgcuk 13 | int_ca_secret: mgcukSEC 14 | int_tlsca_identity: mgcuktls 15 | int_tlsca_secret: mgcuktlsSEC 16 | int_ca_name: MGCUK 17 | int_ca_admin_identity: mgcukcaadmin 18 | int_ca_admin_secret: mgcukcaadminSEC 19 | int_tlsca_admin_identity: mgcuktlscaadmin 20 | int_tlsca_admin_secret: mgcuktlscaadminSEC 21 | -------------------------------------------------------------------------------- /examples/enable-fabricv2-capability/02-enable-fabricv2-channels.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Update channels to v2 capability 6 | hosts: localhost 7 | vars_files: 8 | - vars.yml 9 | tasks: 10 | - name: Get the ordering service details 11 | ibm.blockchain_platform.ordering_service_info: 12 | api_endpoint: "{{ api_endpoint }}" 13 | api_authtype: "{{ api_authtype }}" 14 | api_key: "{{ api_key }}" 15 | api_secret: "{{ api_secret | default(omit) }}" 16 | name: "{{ ordering_service_name }}" 17 | register: ordering_service_info 18 | 19 | - name: Fail if the ordering service does not exist 20 | fail: 21 | msg: "Ordering service {{ ordering_service_name }} does not exist" 22 | when: not ordering_service_info.exists 23 | 24 | - name: Update channel 25 | include_tasks: tasks/02-enable-fabricv2-channel.yml 26 | loop: "{{ channel_names }}" 27 | loop_control: 28 | loop_var: channel_name 29 | -------------------------------------------------------------------------------- /examples/enable-fabricv2-capability/endorsement-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ organization_msp }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /examples/enable-fabricv2-capability/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ordering_service_name: Ordering Service 10 | ordering_service_admin_identity: Ordering Org Admin.json 11 | ordering_service_msp: OrdererMSP 12 | organization_name: Org1 13 | organization_admin_identity: Org1 Admin.json 14 | organization_msp: Org1MSP 15 | channel_names: 16 | - channel1 17 | - channel2 18 | - channel3 19 | - channel4 20 | -------------------------------------------------------------------------------- /examples/opensource-stack/01-operator-install.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Deploy Opensource custom resource definitions and operator 6 | hosts: localhost 7 | vars_files: 8 | - vars.yml 9 | vars: 10 | state: present 11 | wait_timeout: 3600 12 | roles: 13 | - ibm.blockchain_platform.fabric_operator_crds 14 | -------------------------------------------------------------------------------- /examples/opensource-stack/02-console-install.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Deploy Fabric Operations Console 6 | hosts: localhost 7 | vars_files: 8 | - vars.yml 9 | vars: 10 | state: present 11 | wait_timeout: 3600 12 | roles: 13 | - ibm.blockchain_platform.fabric_console 14 | -------------------------------------------------------------------------------- /examples/opensource-stack/90-KIND-ingress.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup ingress for KIND for use with Fabric Operator/Console 3 | hosts: localhost 4 | tasks: 5 | - name: Create kubernetes resources for the ingress 6 | k8s: 7 | definition: "{{ lookup('kubernetes.core.kustomize', dir='templates/ingress') }}" 8 | register: resultingress 9 | 10 | - name: Wait for the ingress 11 | command: kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m 12 | changed_when: false 13 | 14 | # Override the cluster DNS with a local override to refer pods to the HOST interface 15 | # when connecting to ingress. 16 | - name: Need the cluster ip address 17 | k8s_info: 18 | api_version: v1 19 | kind: service 20 | namespace: ingress-nginx 21 | name: "ingress-nginx-controller" 22 | register: ingress_info 23 | 24 | - name: Applying CoreDNS overrides for ingress domain 25 | vars: 26 | clusterip: "{{ ingress_info.resources[0].spec.clusterIP }}" 27 | k8s: 28 | state: present 29 | namespace: kube-system 30 | resource_definition: "{{ lookup('template','templates/coredns/coredns.yaml.j2') }}" 31 | apply: yes 32 | 33 | - name: Rollout the CoreDNS 34 | shell: | 35 | kubectl -n kube-system rollout restart deployment/coredns 36 | kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m 37 | changed_when: false 38 | -------------------------------------------------------------------------------- /examples/opensource-stack/templates/coredns/coredns.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: coredns 6 | namespace: kube-system 7 | data: 8 | Corefile: | 9 | .:53 { 10 | errors 11 | health { 12 | lameduck 5s 13 | } 14 | rewrite name regex (.*)\.localho\.st host.ingress.internal 15 | hosts { 16 | {{ clusterip }} host.ingress.internal 17 | fallthrough 18 | } 19 | ready 20 | kubernetes cluster.local in-addr.arpa ip6.arpa { 21 | pods insecure 22 | fallthrough in-addr.arpa ip6.arpa 23 | ttl 30 24 | } 25 | prometheus :9153 26 | forward . /etc/resolv.conf { 27 | max_concurrent 1000 28 | } 29 | cache 30 30 | loop 31 | reload 32 | loadbalance 33 | } -------------------------------------------------------------------------------- /examples/opensource-stack/templates/ingress/ingress-nginx-controller.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | namespace: ingress-nginx 23 | name: ingress-nginx-controller 24 | spec: 25 | template: 26 | spec: 27 | containers: 28 | - name: controller 29 | args: 30 | - /nginx-ingress-controller 31 | - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller 32 | - --election-id=ingress-controller-leader 33 | - --controller-class=k8s.io/ingress-nginx 34 | - --ingress-class=nginx 35 | - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller 36 | - --validating-webhook=:8443 37 | - --validating-webhook-certificate=/usr/local/certificates/cert 38 | - --validating-webhook-key=/usr/local/certificates/key 39 | - --enable-ssl-passthrough 40 | -------------------------------------------------------------------------------- /examples/opensource-stack/templates/ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # Copyright contributors to the Hyperledger Fabric Operator project 4 | # 5 | # SPDX-License-Identifier: Apache-2.0 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at: 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | apiVersion: kustomize.config.k8s.io/v1beta1 20 | kind: Kustomization 21 | 22 | resources: 23 | - https://github.com/kubernetes/ingress-nginx.git/deploy/static/provider/cloud?ref=controller-v1.1.2 24 | 25 | patchesStrategicMerge: 26 | - ingress-nginx-controller.yaml 27 | 28 | # Remove the port `appProtocol` attribute as this is not accepted by all cloud providers 29 | patchesJson6902: 30 | - target: 31 | kind: Service 32 | name: ingress-nginx-controller 33 | version: v1 34 | patch: |- 35 | - op: remove 36 | path: "/spec/ports/0/appProtocol" 37 | - op: remove 38 | path: "/spec/ports/1/appProtocol" 39 | -------------------------------------------------------------------------------- /examples/opensource-stack/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | # The type of K8S cluster this is using 6 | target: k8s 7 | arch: amd64 8 | 9 | # k8s namespace for the operator and console 10 | namespace: fabricinfra 11 | 12 | # Console name/domain 13 | console_name: hlf-console 14 | console_domain: localho.st 15 | 16 | # default configuration for the console 17 | # password reset will be required on first login 18 | console_email: admin 19 | console_default_password: password 20 | 21 | # different k8s clusters will be shipped with differently named default storage providers 22 | # or none at all. KIND for example has one called 'standard' 23 | console_storage_class: standard 24 | -------------------------------------------------------------------------------- /examples/update-channel-parameters/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ordering_service_name: myOrderingOrg 10 | ordering_service_admin_identity: myOrderingAdmin.json 11 | ordering_service_msp: OrderingOrgMSP 12 | organization_name: myBank 13 | organization_admin_identity: myBankAdmin.json 14 | organization_msp: MyBankMSP 15 | target_channel: ch1 16 | ch_max_message_count: 900 17 | ch_absolute_max_bytes: 10481784 18 | ch_preferred_max_bytes: 5243904 19 | ch_batch_timeout: 900ms 20 | -------------------------------------------------------------------------------- /galaxy.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | namespace: ibm 6 | name: blockchain_platform 7 | version: 2.0.0 8 | readme: README.md 9 | authors: 10 | - Simon Stone/Matthew White 11 | description: Ansible collection for building Hyperledger Fabric networks using the IBM Blockchain Platform 12 | license: 13 | - Apache-2.0 14 | tags: 15 | - ibm 16 | - enterprise 17 | - blockchain 18 | - dlt 19 | - hyperledger 20 | - fabric 21 | - blockchain 22 | - infrastructure 23 | - cloud 24 | repository: https://github.com/IBM-Blockchain/ansible-collection 25 | documentation: https://ibm-blockchain.github.io/ansible-collection/ 26 | homepage: https://www.ibm.com/cloud/blockchain-platform 27 | issues: https://github.com/IBM-Blockchain/ansible-collection/issues 28 | -------------------------------------------------------------------------------- /justfile: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | 5 | default: 6 | @just --list 7 | 8 | # Local ansible-galalxy build and install 9 | local: 10 | ansible-galaxy collection build -f 11 | ansible-galaxy collection install $(ls -1 | grep ibm-blockchain_platform) -f 12 | 13 | # Lint the codebase 14 | lint: 15 | #!/bin/bash 16 | set -ex -o pipefail 17 | 18 | flake8 . 19 | ansible-lint 20 | shellcheck tutorial/*.sh 21 | yamllint . 22 | 23 | docker: 24 | docker build -t fabric-ansible . 25 | 26 | # Build the documentation 27 | docs: 28 | #!/bin/bash 29 | set -ex -o pipefail 30 | 31 | cd docs 32 | make clean 33 | make all 34 | 35 | toolcheck: 36 | #!/bin/bash 37 | set -e -o pipefail 38 | 39 | confirm() { 40 | if ! command -v $1 &> /dev/null 41 | then 42 | echo "$1 could not be found" 43 | exit 44 | fi 45 | } 46 | 47 | confirm "shellcheck" 48 | confirm "yamllint" 49 | 50 | -------------------------------------------------------------------------------- /meta/runtime.yml: -------------------------------------------------------------------------------- 1 | --- 2 | requires_ansible: ">=2.9" 3 | -------------------------------------------------------------------------------- /plugins/module_utils/dict_utils.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | 6 | from __future__ import absolute_import, division, print_function 7 | __metaclass__ = type 8 | 9 | from collections.abc import Mapping 10 | import json 11 | 12 | 13 | def copy_dict(source): 14 | return json.loads(json.dumps(source)) 15 | 16 | 17 | def merge_dicts(target, source): 18 | for key, value in source.items(): 19 | if key in target and isinstance(target[key], dict) and isinstance(source[key], Mapping): 20 | merge_dicts(target[key], source[key]) 21 | else: 22 | target[key] = source[key] 23 | 24 | 25 | def diff_dicts(target, source): 26 | result = dict() 27 | for key, value in source.items(): 28 | if key in target and isinstance(target[key], dict) and isinstance(source[key], Mapping): 29 | sub_result = diff_dicts(target[key], source[key]) 30 | if bool(sub_result): 31 | result[key] = sub_result 32 | elif target.get(key, None) != source[key]: 33 | result[key] = source[key] 34 | return result 35 | 36 | 37 | def equal_dicts(source1, source2): 38 | json1 = json.dumps(source1, sort_keys=True) 39 | json2 = json.dumps(source2, sort_keys=True) 40 | return json1 == json2 41 | -------------------------------------------------------------------------------- /plugins/module_utils/file_utils.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | 6 | from __future__ import absolute_import, division, print_function 7 | __metaclass__ = type 8 | 9 | import hashlib 10 | import os 11 | import tempfile 12 | 13 | 14 | def get_temp_file(): 15 | temp = tempfile.mkstemp() 16 | os.close(temp[0]) 17 | return temp[1] 18 | 19 | 20 | def equal_files(file1, file2): 21 | with open(file1, 'rb') as file: 22 | hash1 = hashlib.sha256(file.read()).hexdigest() 23 | with open(file2, 'rb') as file: 24 | hash2 = hashlib.sha256(file.read()).hexdigest() 25 | return hash1 == hash2 26 | -------------------------------------------------------------------------------- /plugins/module_utils/proto_utils.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | 6 | from __future__ import absolute_import, division, print_function 7 | __metaclass__ = type 8 | 9 | from .file_utils import get_temp_file 10 | 11 | import json 12 | import os 13 | import subprocess 14 | 15 | 16 | def proto_to_json(proto_type, proto_input): 17 | temp_file = get_temp_file() 18 | try: 19 | subprocess.run([ 20 | 'configtxlator', 'proto_decode', f'--type={proto_type}', f'--output={temp_file}' 21 | ], input=proto_input, text=False, close_fds=True, check=True, capture_output=True) 22 | with open(temp_file, 'rb') as file: 23 | return json.load(file) 24 | finally: 25 | os.remove(temp_file) 26 | 27 | 28 | def json_to_proto(proto_type, json_input): 29 | json_data = json.dumps(json_input).encode('utf-8') 30 | temp_file = get_temp_file() 31 | try: 32 | subprocess.run([ 33 | 'configtxlator', 'proto_encode', f'--type={proto_type}', f'--output={temp_file}' 34 | ], input=json_data, text=False, close_fds=True, check=True, capture_output=True) 35 | with open(temp_file, 'rb') as file: 36 | return file.read() 37 | finally: 38 | os.remove(temp_file) 39 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | ansible 5 | ansible-doc-extractor 6 | ansible-lint 7 | flake8 8 | fabric-sdk-py 9 | openshift 10 | python-pkcs11 11 | semantic_version 12 | sphinx 13 | sphinx-rtd-theme 14 | yamllint 15 | yq 16 | pytest 17 | -------------------------------------------------------------------------------- /roles/console/README.md: -------------------------------------------------------------------------------- 1 | # console 2 | 3 | The IBM Hyperledger Fabric Support Offering provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Hyperledger Fabric Support Offering, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Hyperledger Fabric Support Offering development team. -------------------------------------------------------------------------------- /roles/console/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # target: k8s | openshift 7 | # arch: amd64 | s390x 8 | # project: my-project 9 | namespace: "" # defined by jinja2 otherwise 10 | 11 | image_pull_secret: docker-key-secret 12 | image_registry: cp.icr.io 13 | image_registry_username: cp 14 | # image_registry_email: user@example.org 15 | # image_registry_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 16 | image_repository: cp 17 | image_registry_url: "{{ image_registry }}/{{ image_repository }}" 18 | 19 | cluster_role: "{{ project | default(namespace) | default('') }}" 20 | cluster_role_binding: "{{ project | default(namespace) | default('') }}" 21 | pod_security_policy: "{{ project | default(namespace) | default('') }}" 22 | role_binding: "{{ project | default(namespace) | default('') }}" 23 | security_context_constraints: "{{ project | default(namespace) | default('') }}" 24 | service_account: default 25 | operator: ibp-operator 26 | console: ibp-console 27 | 28 | # console_domain: example.org 29 | # console_email: user@example.org 30 | # console_default_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 31 | console_storage_class: default 32 | console_storage_size: 10Gi 33 | 34 | wait_timeout: 60 35 | 36 | product_version: "2.5.3" 37 | operator_version: "20220503" 38 | operator_image: "{{ image_registry_url }}/ibp-operator" 39 | operator_tag: "{{ product_version }}-{{ operator_version }}-{{ arch }}" 40 | # console_tls_secret: ibp-tls-secret 41 | # zones: [] 42 | -------------------------------------------------------------------------------- /roles/console/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: Ansible role for deploying the IBM Blockchain Platform console into Kubernetes or Red Hat OpenShift 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/console/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" or "s390x" 8 | when: not arch is defined or not arch in ("amd64", "s390x") 9 | 10 | - name: Fail if image registry email not specified 11 | fail: 12 | msg: image_registry_email not specified or is empty 13 | when: not image_registry_email is defined or not image_registry_email 14 | 15 | - name: Fail if image registry password not specified 16 | fail: 17 | msg: image_registry_password not specified or is empty 18 | when: not image_registry_password is defined or not image_registry_password 19 | 20 | - name: Fail if console domain not specified 21 | fail: 22 | msg: console_domain not specified or is empty 23 | when: not console_domain is defined or not console_domain 24 | 25 | - name: Fail if console email not specified 26 | fail: 27 | msg: console_email not specified or is empty 28 | when: not console_email is defined or not console_email 29 | 30 | - name: Fail if console default password not specified 31 | fail: 32 | msg: console_default_password not specified or is empty 33 | when: not console_default_password is defined or not console_default_password 34 | 35 | - name: Create console 36 | include_tasks: "{{ target }}/create.yml" 37 | -------------------------------------------------------------------------------- /roles/console/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete console 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /roles/console/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" or "openshift" 8 | when: not target is defined or not target in ("k8s", "openshift") 9 | 10 | - name: Create console 11 | include_tasks: "create.yml" 12 | when: state == "present" 13 | 14 | - name: Delete console 15 | include_tasks: "delete.yml" 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/console/templates/k8s/cluster_role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: ClusterRoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ cluster_role_binding }}" 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-ibp" 12 | app.kubernetes.io/name: "ibp" 13 | app.kubernetes.io/instance: "ibp" 14 | app.kubernetes.io/managed-by: "ibp-operator" 15 | subjects: 16 | - kind: ServiceAccount 17 | name: "{{ service_account }}" 18 | namespace: "{{ namespace }}" 19 | roleRef: 20 | kind: ClusterRole 21 | name: "{{ cluster_role }}" 22 | apiGroup: rbac.authorization.k8s.io 23 | -------------------------------------------------------------------------------- /roles/console/templates/k8s/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/console/templates/k8s/pod_security_policy.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: policy/v1beta1 6 | kind: PodSecurityPolicy 7 | metadata: 8 | name: "{{ pod_security_policy }}" 9 | spec: 10 | hostIPC: false 11 | hostNetwork: false 12 | hostPID: false 13 | privileged: true 14 | allowPrivilegeEscalation: true 15 | readOnlyRootFilesystem: false 16 | seLinux: 17 | rule: RunAsAny 18 | supplementalGroups: 19 | rule: RunAsAny 20 | runAsUser: 21 | rule: RunAsAny 22 | fsGroup: 23 | rule: RunAsAny 24 | requiredDropCapabilities: 25 | - ALL 26 | allowedCapabilities: 27 | - NET_BIND_SERVICE 28 | - CHOWN 29 | - DAC_OVERRIDE 30 | - SETGID 31 | - SETUID 32 | - FOWNER 33 | volumes: 34 | - '*' 35 | -------------------------------------------------------------------------------- /roles/console/templates/k8s/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: RoleBinding 7 | metadata: 8 | name: "{{ role_binding }}" 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: "{{ cluster_role }}" 13 | subjects: 14 | - apiGroup: rbac.authorization.k8s.io 15 | kind: Group 16 | name: system:serviceaccounts:{{ namespace }} 17 | -------------------------------------------------------------------------------- /roles/console/templates/openshift/cluster_role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: ClusterRoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ cluster_role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ project }}" 13 | - apiGroup: rbac.authorization.k8s.io 14 | kind: User 15 | name: system:serviceaccounts:{{ project }} 16 | roleRef: 17 | kind: ClusterRole 18 | name: "{{ cluster_role }}" 19 | apiGroup: rbac.authorization.k8s.io 20 | -------------------------------------------------------------------------------- /roles/console/templates/openshift/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/console/templates/openshift/security_context_constraints.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: security.openshift.io/v1 6 | kind: SecurityContextConstraints 7 | metadata: 8 | name: "{{ security_context_constraints }}" 9 | allowHostDirVolumePlugin: false 10 | allowHostIPC: false 11 | allowHostNetwork: false 12 | allowHostPID: false 13 | allowHostPorts: false 14 | allowPrivilegeEscalation: true 15 | allowPrivilegedContainer: true 16 | allowedCapabilities: 17 | - NET_BIND_SERVICE 18 | - CHOWN 19 | - DAC_OVERRIDE 20 | - SETGID 21 | - SETUID 22 | - FOWNER 23 | defaultAddCapabilities: [] 24 | fsGroup: 25 | type: RunAsAny 26 | groups: 27 | - system:serviceaccounts:{{ project }} 28 | readOnlyRootFilesystem: false 29 | requiredDropCapabilities: [] 30 | runAsUser: 31 | type: RunAsAny 32 | seLinuxContext: 33 | type: RunAsAny 34 | supplementalGroups: 35 | type: RunAsAny 36 | users: 37 | - system:serviceaccounts:{{ project }} 38 | volumes: 39 | - "*" 40 | -------------------------------------------------------------------------------- /roles/crds/README.md: -------------------------------------------------------------------------------- 1 | # crds 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/crds/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # target: k8s | openshift 7 | # arch: amd64 | s390x 8 | # project: my-project 9 | namespace: "" # defined by jinja2 otherwise 10 | 11 | image_pull_secret: docker-key-secret 12 | image_registry: cp.icr.io 13 | image_registry_username: cp 14 | # image_registry_email: user@example.org 15 | # image_registry_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 16 | image_repository: cp 17 | image_registry_url: "{{ image_registry }}/{{ image_repository }}" 18 | 19 | role: "{{ project | default(namespace) | default('') }}" 20 | role_binding: "{{ project | default(namespace) | default('') }}" 21 | security_context_constraints: "{{ project | default(namespace) | default('') }}" 22 | service_account: default 23 | webhook: ibp-webhook 24 | 25 | wait_timeout: 60 26 | product_version: "2.5.3" 27 | webhook_version: "20220503" 28 | webhook_image: "{{ image_registry_url }}/ibp-crdwebhook" 29 | webhook_tag: "{{ product_version }}-{{ webhook_version }}-{{ arch }}" 30 | -------------------------------------------------------------------------------- /roles/crds/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: Ansible role for deploying the IBM Blockchain Platform custom resource definitions into Kubernetes or Red Hat OpenShift 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/crds/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" or "s390x" 8 | when: not arch is defined or not arch in ("amd64", "s390x") 9 | 10 | - name: Fail if image registry email not specified 11 | fail: 12 | msg: image_registry_email not specified or is empty 13 | when: not image_registry_email is defined or not image_registry_email 14 | 15 | - name: Fail if image registry password not specified 16 | fail: 17 | msg: image_registry_password not specified or is empty 18 | when: not image_registry_password is defined or not image_registry_password 19 | 20 | - name: Create custom resource definitions 21 | include_tasks: "{{ target }}/create.yml" 22 | -------------------------------------------------------------------------------- /roles/crds/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete custom resource definitions 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /roles/crds/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" or "openshift" 8 | when: not target is defined or not target in ("k8s", "openshift") 9 | 10 | - name: Create custom resource definitions 11 | include_tasks: "create.yml" 12 | when: state == "present" 13 | 14 | - name: Delete custom resource definitions 15 | include_tasks: "delete.yml" 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/crds/templates/console-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibpconsoles.ibp.com 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-ibp" 12 | app.kubernetes.io/name: "ibp" 13 | app.kubernetes.io/instance: "ibpconsole" 14 | app.kubernetes.io/managed-by: "ibp-operator" 15 | spec: 16 | conversion: 17 | strategy: Webhook 18 | webhook: 19 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 20 | clientConfig: 21 | service: 22 | namespace: "{{ project | default(namespace) }}" 23 | name: ibp-webhook 24 | path: /crdconvert 25 | caBundle: "{{ webhook_tls_cert }}" 26 | group: ibp.com 27 | names: 28 | kind: IBPConsole 29 | listKind: IBPConsoleList 30 | plural: ibpconsoles 31 | singular: ibpconsole 32 | scope: Namespaced 33 | versions: 34 | - name: v1beta1 35 | schema: 36 | openAPIV3Schema: 37 | x-kubernetes-preserve-unknown-fields: true 38 | served: true 39 | storage: true 40 | subresources: 41 | status: {} 42 | - name: v1alpha2 43 | schema: 44 | openAPIV3Schema: 45 | x-kubernetes-preserve-unknown-fields: true 46 | served: true 47 | storage: false 48 | subresources: 49 | status: {} 50 | - name: v1alpha1 51 | schema: 52 | openAPIV3Schema: 53 | x-kubernetes-preserve-unknown-fields: true 54 | served: true 55 | storage: false 56 | subresources: 57 | status: {} 58 | status: 59 | acceptedNames: 60 | kind: IBPConsole 61 | listKind: IBPConsoleList 62 | plural: ibpconsoles 63 | singular: ibpconsole 64 | conditions: [] 65 | storedVersions: 66 | - v1beta1 -------------------------------------------------------------------------------- /roles/crds/templates/k8s/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/crds/templates/k8s/role.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "{{ role }}" 9 | rules: 10 | - apiGroups: 11 | - "*" 12 | resources: 13 | - secrets 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /roles/crds/templates/k8s/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ namespace }}" 13 | roleRef: 14 | kind: Role 15 | name: "{{ role }}" 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /roles/crds/templates/k8s/service.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: "{{ webhook }}" 9 | labels: 10 | type: "webhook" 11 | app.kubernetes.io/name: "ibp" 12 | app.kubernetes.io/instance: "ibp-webhook" 13 | helm.sh/chart: "ibm-ibp" 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: server 18 | port: 443 19 | targetPort: server 20 | protocol: TCP 21 | selector: 22 | app.kubernetes.io/instance: "ibp-webhook" 23 | -------------------------------------------------------------------------------- /roles/crds/templates/openshift/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/crds/templates/openshift/role.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "{{ role }}" 9 | rules: 10 | - apiGroups: 11 | - "*" 12 | resources: 13 | - secrets 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /roles/crds/templates/openshift/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ project }}" 13 | roleRef: 14 | kind: Role 15 | name: "{{ role }}" 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /roles/crds/templates/openshift/security_context_constraints.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: security.openshift.io/v1 6 | kind: SecurityContextConstraints 7 | metadata: 8 | name: "{{ security_context_constraints }}" 9 | allowHostDirVolumePlugin: true 10 | allowHostIPC: true 11 | allowHostNetwork: true 12 | allowHostPID: true 13 | allowHostPorts: true 14 | allowPrivilegeEscalation: true 15 | allowPrivilegedContainer: true 16 | allowedCapabilities: 17 | - NET_BIND_SERVICE 18 | - CHOWN 19 | - DAC_OVERRIDE 20 | - SETGID 21 | - SETUID 22 | - FOWNER 23 | defaultAddCapabilities: null 24 | fsGroup: 25 | type: RunAsAny 26 | groups: 27 | - system:cluster-admins 28 | - system:authenticated 29 | - system:serviceaccounts:{{ project }} 30 | readOnlyRootFilesystem: false 31 | requiredDropCapabilities: null 32 | runAsUser: 33 | type: RunAsAny 34 | seLinuxContext: 35 | type: RunAsAny 36 | supplementalGroups: 37 | type: RunAsAny 38 | users: 39 | - system:serviceaccounts:{{ project }} 40 | volumes: 41 | - "*" 42 | -------------------------------------------------------------------------------- /roles/crds/templates/openshift/service.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: "{{ webhook }}" 9 | labels: 10 | type: "webhook" 11 | app.kubernetes.io/name: "ibp" 12 | app.kubernetes.io/instance: "ibp-webhook" 13 | helm.sh/chart: "ibm-ibp" 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: server 18 | port: 443 19 | targetPort: server 20 | protocol: TCP 21 | selector: 22 | app.kubernetes.io/instance: "ibp-webhook" 23 | -------------------------------------------------------------------------------- /roles/crds/templates/orderer-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibporderers.ibp.com 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-ibp" 12 | app.kubernetes.io/name: "ibp" 13 | app.kubernetes.io/instance: "ibporderer" 14 | app.kubernetes.io/managed-by: "ibp-operator" 15 | spec: 16 | conversion: 17 | strategy: Webhook 18 | webhook: 19 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 20 | clientConfig: 21 | service: 22 | namespace: "{{ project | default(namespace) }}" 23 | name: ibp-webhook 24 | path: /crdconvert 25 | caBundle: "{{ webhook_tls_cert }}" 26 | group: ibp.com 27 | names: 28 | kind: IBPOrderer 29 | listKind: IBPOrdererList 30 | plural: ibporderers 31 | singular: ibporderer 32 | scope: Namespaced 33 | versions: 34 | - name: v1beta1 35 | schema: 36 | openAPIV3Schema: 37 | x-kubernetes-preserve-unknown-fields: true 38 | served: true 39 | storage: true 40 | subresources: 41 | status: {} 42 | - name: v1alpha2 43 | schema: 44 | openAPIV3Schema: 45 | x-kubernetes-preserve-unknown-fields: true 46 | served: true 47 | storage: false 48 | subresources: 49 | status: {} 50 | - name: v1alpha1 51 | schema: 52 | openAPIV3Schema: 53 | x-kubernetes-preserve-unknown-fields: true 54 | served: true 55 | storage: false 56 | subresources: 57 | status: {} 58 | status: 59 | acceptedNames: 60 | kind: IBPOrderer 61 | listKind: IBPOrdererList 62 | plural: ibporderers 63 | singular: ibporderer 64 | conditions: [] 65 | storedVersions: 66 | - v1beta1 -------------------------------------------------------------------------------- /roles/crds/templates/peer-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibppeers.ibp.com 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-ibp" 12 | app.kubernetes.io/name: "ibp" 13 | app.kubernetes.io/instance: "ibppeer" 14 | app.kubernetes.io/managed-by: "ibp-operator" 15 | spec: 16 | conversion: 17 | strategy: Webhook 18 | webhook: 19 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 20 | clientConfig: 21 | service: 22 | namespace: "{{ project | default(namespace) }}" 23 | name: ibp-webhook 24 | path: /crdconvert 25 | caBundle: "{{ webhook_tls_cert }}" 26 | group: ibp.com 27 | names: 28 | kind: IBPPeer 29 | listKind: IBPPeerList 30 | plural: ibppeers 31 | singular: ibppeer 32 | scope: Namespaced 33 | versions: 34 | - name: v1beta1 35 | schema: 36 | openAPIV3Schema: 37 | x-kubernetes-preserve-unknown-fields: true 38 | served: true 39 | storage: true 40 | subresources: 41 | status: {} 42 | - name: v1alpha2 43 | schema: 44 | openAPIV3Schema: 45 | x-kubernetes-preserve-unknown-fields: true 46 | served: true 47 | storage: false 48 | subresources: 49 | status: {} 50 | - name: v1alpha1 51 | schema: 52 | openAPIV3Schema: 53 | x-kubernetes-preserve-unknown-fields: true 54 | served: true 55 | storage: false 56 | subresources: 57 | status: {} 58 | status: 59 | acceptedNames: 60 | kind: IBPPeer 61 | listKind: IBPPeerList 62 | plural: ibppeers 63 | singular: ibppeer 64 | conditions: [] 65 | storedVersions: 66 | - v1beta1 -------------------------------------------------------------------------------- /roles/endorsing_organization/README.md: -------------------------------------------------------------------------------- 1 | # endorsing_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/endorsing_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # api_endpoint: 7 | # api_authtype: 8 | # api_key: 9 | # api_secret: 10 | # api_token_endpoint: 11 | # organization_name: 12 | # ca_admin_enrollment_id 13 | # ca_admin_enrollment_secret 14 | # organization_admin_enrollment_id: 15 | # organization_admin_enrollment_secret: 16 | # peer_enrollment_id 17 | # peer_enrollment_secret 18 | ca_name: "{{ organization_name }} CA" 19 | # ca_resources: 20 | # ca_storage: 21 | # ca_version: 22 | peers: 1 23 | peer_name: "{{ organization_name }} Peer" 24 | # peer_resources: 25 | # peer_storage: 26 | peer_state_db: couchdb 27 | # peer_version: 28 | wallet: "{{ playbook_dir }}" 29 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 30 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 31 | -------------------------------------------------------------------------------- /roles/endorsing_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: Ansible role for building Hyperledger Fabric components for an endorsing organization using the IBM Blockchain Platform 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/endorsing_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if API endpoint not specified 6 | fail: 7 | msg: api_endpoint not specified or is empty 8 | when: not api_endpoint is defined or not api_endpoint 9 | 10 | - name: Fail if API authentication type not specified 11 | fail: 12 | msg: api_authtype not specified or is not one of "ibmcloud" or "basic" 13 | when: not api_authtype is defined or not api_authtype in ("ibmcloud", "basic") 14 | 15 | - name: Fail if API key not specified 16 | fail: 17 | msg: api_key not specified or is empty 18 | when: not api_key is defined or not api_key 19 | 20 | - name: Fail if API secret not specified 21 | fail: 22 | msg: api_secret not specified or is empty 23 | when: (api_authtype == "basic") and (not api_secret is defined or not api_secret) 24 | 25 | - name: Fail if organization name not specified 26 | fail: 27 | msg: organization_name not specified or is empty 28 | when: not organization_name is defined or not organization_name 29 | 30 | - name: Create endorsing organization 31 | include_tasks: create.yml 32 | when: state == "present" 33 | 34 | - name: Delete endorsing organization 35 | include_tasks: delete.yml 36 | when: state == "absent" 37 | -------------------------------------------------------------------------------- /roles/fabric_console/README.md: -------------------------------------------------------------------------------- 1 | # console 2 | 3 | This role installs the [Hyperledger Fabric Operations Console](https://github.com/hyperledger-labs/fabric-operations-console) 4 | 5 | ## Documentation 6 | 7 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 8 | 9 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 10 | 11 | ## License 12 | 13 | Apache-2.0 14 | 15 | ## Author Information 16 | 17 | This Ansible collection is maintained by the IBM Hyperledger Fabric Support Offering development team. -------------------------------------------------------------------------------- /roles/fabric_console/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Matthew White 7 | description: Ansible role for deploying the Fabric Labs console into Kubernetes or Red Hat OpenShift 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/fabric_console/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" 8 | when: not arch is defined or not arch in ("amd64") 9 | 10 | - name: Fail if console domain not specified 11 | fail: 12 | msg: console_domain not specified or is empty 13 | when: not console_domain is defined or not console_domain 14 | 15 | - name: Fail if console email not specified 16 | fail: 17 | msg: console_email not specified or is empty 18 | when: not console_email is defined or not console_email 19 | 20 | - name: Fail if console default password not specified 21 | fail: 22 | msg: console_default_password not specified or is empty 23 | when: not console_default_password is defined or not console_default_password 24 | 25 | - name: Create console 26 | include_tasks: "{{ target }}/create.yml" 27 | -------------------------------------------------------------------------------- /roles/fabric_console/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete console 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /roles/fabric_console/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" 8 | when: not target is defined or not target in ("k8s","openshift") 9 | 10 | - name: Create console 11 | include_tasks: "create.yml" 12 | when: state == "present" 13 | 14 | - name: Delete console 15 | include_tasks: "delete.yml" 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/README.md: -------------------------------------------------------------------------------- 1 | # hlfsupport_crds 2 | 3 | The IBM Support for Hyperledger Fabric provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Support for Hyperledger Fabric, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Support for Hyperledger Fabric development team. For more information on the IBM Support for Hyperledger Fabric, visit the following website: https://www.ibm.com/cloud/blockchain-platform/hyperledger-fabric-support -------------------------------------------------------------------------------- /roles/fabric_operator_crds/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Matthew White 7 | description: Ansible role for deploying the Fabric Operator 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" 8 | when: not arch is defined or not arch in ("amd64") 9 | 10 | - name: Create custom resource definitions 11 | include_tasks: "{{ target }}/create.yml" 12 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete custom resource definitions 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" or "openshift" 8 | when: not target is defined or not target in ("k8s","openshift") 9 | 10 | - name: Create custom resource definitions 11 | include_tasks: "create.yml" 12 | when: state == "present" 13 | 14 | - name: Delete custom resource definitions 15 | include_tasks: "delete.yml" 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/k8s/coredns/coredns.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: coredns 6 | namespace: kube-system 7 | data: 8 | Corefile: | 9 | .:53 { 10 | errors 11 | health { 12 | lameduck 5s 13 | } 14 | rewrite name regex (.*)\.localho\.st host.ingress.internal 15 | hosts { 16 | {{ clusterip }} host.ingress.internal 17 | fallthrough 18 | } 19 | ready 20 | kubernetes cluster.local in-addr.arpa ip6.arpa { 21 | pods insecure 22 | fallthrough in-addr.arpa ip6.arpa 23 | ttl 30 24 | } 25 | prometheus :9153 26 | forward . /etc/resolv.conf { 27 | max_concurrent 1000 28 | } 29 | cache 30 30 | loop 31 | reload 32 | loadbalance 33 | } -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/k8s/ingress/ingress-nginx-controller.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | namespace: ingress-nginx 23 | name: ingress-nginx-controller 24 | spec: 25 | template: 26 | spec: 27 | containers: 28 | - name: controller 29 | args: 30 | - /nginx-ingress-controller 31 | - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller 32 | - --election-id=ingress-controller-leader 33 | - --controller-class=k8s.io/ingress-nginx 34 | - --ingress-class=nginx 35 | - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller 36 | - --validating-webhook=:8443 37 | - --validating-webhook-certificate=/usr/local/certificates/cert 38 | - --validating-webhook-key=/usr/local/certificates/key 39 | - --enable-ssl-passthrough 40 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/k8s/ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # 3 | # Copyright contributors to the Hyperledger Fabric Operator project 4 | # 5 | # SPDX-License-Identifier: Apache-2.0 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at: 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | # 19 | apiVersion: kustomize.config.k8s.io/v1beta1 20 | kind: Kustomization 21 | 22 | resources: 23 | - https://github.com/kubernetes/ingress-nginx.git/deploy/static/provider/cloud?ref=controller-v1.1.2 24 | 25 | patchesStrategicMerge: 26 | - ingress-nginx-controller.yaml 27 | 28 | # Remove the port `appProtocol` attribute as this is not accepted by all cloud providers 29 | patchesJson6902: 30 | - target: 31 | kind: Service 32 | name: ingress-nginx-controller 33 | version: v1 34 | patch: |- 35 | - op: remove 36 | path: "/spec/ports/0/appProtocol" 37 | - op: remove 38 | path: "/spec/ports/1/appProtocol" 39 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/k8s/rbac/hlf-operator-clusterrolebinding.yaml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | kind: ClusterRoleBinding 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | metadata: 22 | name: hlf-operator-rolebinding 23 | labels: 24 | release: "operator" 25 | helm.sh/chart: "ibm-hlfsupport" 26 | app.kubernetes.io/name: "ibm-hlfsupport" 27 | app.kubernetes.io/instance: "ibm-hlfsupport" 28 | app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" 29 | subjects: 30 | - kind: ServiceAccount 31 | name: hlf-operator 32 | namespace: "{{namespace}}" 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: ClusterRole 36 | name: hlf-operator-role 37 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/k8s/rbac/hlf-operator-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | metadata: 22 | name: hlf-operator 23 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/rbac/hlf-operator-clusterrolebinding.yaml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | kind: ClusterRoleBinding 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | metadata: 22 | name: hlf-operator-rolebinding 23 | labels: 24 | release: "operator" 25 | helm.sh/chart: "ibm-hlfsupport" 26 | app.kubernetes.io/name: "ibm-hlfsupport" 27 | app.kubernetes.io/instance: "ibm-hlfsupport" 28 | app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" 29 | subjects: 30 | - kind: ServiceAccount 31 | name: hlf-operator 32 | namespace: "{{namespace}}" 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: ClusterRole 36 | name: hlf-operator-role 37 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/rbac/hlf-operator-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | metadata: 22 | name: hlf-operator 23 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/role.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "{{ role }}" 9 | rules: 10 | - apiGroups: 11 | - "*" 12 | resources: 13 | - secrets 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ project }}" 13 | roleRef: 14 | kind: Role 15 | name: "{{ role }}" 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/security_context_constraints.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: security.openshift.io/v1 6 | kind: SecurityContextConstraints 7 | metadata: 8 | name: "{{ security_context_constraints }}" 9 | allowHostDirVolumePlugin: true 10 | allowHostIPC: true 11 | allowHostNetwork: true 12 | allowHostPID: true 13 | allowHostPorts: true 14 | allowPrivilegeEscalation: true 15 | allowPrivilegedContainer: true 16 | allowedCapabilities: 17 | - NET_BIND_SERVICE 18 | - CHOWN 19 | - DAC_OVERRIDE 20 | - SETGID 21 | - SETUID 22 | - FOWNER 23 | defaultAddCapabilities: null 24 | fsGroup: 25 | type: RunAsAny 26 | groups: 27 | - system:cluster-admins 28 | - system:authenticated 29 | - system:serviceaccounts:{{ project }} 30 | readOnlyRootFilesystem: false 31 | requiredDropCapabilities: null 32 | runAsUser: 33 | type: RunAsAny 34 | seLinuxContext: 35 | type: RunAsAny 36 | supplementalGroups: 37 | type: RunAsAny 38 | users: 39 | - system:serviceaccounts:{{ project }} 40 | volumes: 41 | - "*" 42 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/service.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: "{{ webhook }}" 9 | labels: 10 | type: "webhook" 11 | app.kubernetes.io/name: "ibp" 12 | app.kubernetes.io/instance: "ibp-webhook" 13 | helm.sh/chart: "ibm-ibp" 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: server 18 | port: 443 19 | targetPort: server 20 | protocol: TCP 21 | selector: 22 | app.kubernetes.io/instance: "ibp-webhook" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/README.md: -------------------------------------------------------------------------------- 1 | # hlfsupport_console 2 | 3 | The IBM Support for Hyperledger Fabric provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise block, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Support for Hyperledger Fabric development team. For more information on the IBM Support for Hyperledger Fabric, visit the following website: https://www.ibm.com/cloud/blockchain-platform/hyperledger-fabric-support -------------------------------------------------------------------------------- /roles/hlfsupport_console/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | target: openshift 7 | # arch: amd64 | s390x 8 | # project: my-project 9 | namespace: "" 10 | 11 | image_pull_secret: docker-key-secret 12 | image_registry: cp.icr.io 13 | image_registry_username: cp 14 | # image_registry_email: user@example.org 15 | # image_registry_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 16 | image_repository: cp 17 | image_registry_url: "{{ image_registry }}/{{ image_repository }}" 18 | 19 | cluster_role: "{{ project | default(namespace) | default('') }}" 20 | cluster_role_binding: "{{ project | default(namespace) | default('') }}" 21 | pod_security_policy: "{{ project | default(namespace) | default('') }}" 22 | role_binding: "{{ project | default(namespace) | default('') }}" 23 | security_context_constraints: "{{ project | default(namespace) | default('') }}" 24 | service_account: default 25 | operator: ibm-hlfsupport-operator 26 | console: hlf 27 | 28 | # console_domain: example.org 29 | # console_email: user@example.org 30 | # console_default_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 31 | console_storage_class: default 32 | console_storage_size: 10Gi 33 | 34 | wait_timeout: 60 35 | product_version: 1.0.0 36 | operator_version: "20220308" 37 | operator_image: "{{ image_registry_url }}/ibm-hlfsupport-operator" 38 | operator_tag: "{{ product_version }}-{{ operator_version }}-{{ arch }}" 39 | # console_tls_secret: ibp-tls-secret 40 | # zones: [] 41 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone & Matthew White 7 | description: Ansible role for deploying the IBM Hyperledger Fabric Support Offering into Red Hat OpenShift 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" or "s390x" 8 | when: not arch is defined or not arch in ("amd64", "s390x") 9 | 10 | - name: Fail if image registry email not specified 11 | fail: 12 | msg: image_registry_email not specified or is empty 13 | when: not image_registry_email is defined or not image_registry_email 14 | 15 | - name: Fail if image registry password not specified 16 | fail: 17 | msg: image_registry_password not specified or is empty 18 | when: not image_registry_password is defined or not image_registry_password 19 | 20 | - name: Fail if console domain not specified 21 | fail: 22 | msg: console_domain not specified or is empty 23 | when: not console_domain is defined or not console_domain 24 | 25 | - name: Fail if console email not specified 26 | fail: 27 | msg: console_email not specified or is empty 28 | when: not console_email is defined or not console_email 29 | 30 | - name: Fail if console default password not specified 31 | fail: 32 | msg: console_default_password not specified or is empty 33 | when: not console_default_password is defined or not console_default_password 34 | 35 | - name: Create console 36 | include_tasks: "{{ target }}/create.yml" 37 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete console 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" or "openshift" 8 | when: not target is defined or not target in ("k8s", "openshift") 9 | 10 | - name: Create console 11 | include_tasks: "create.yml" 12 | when: state == "present" 13 | 14 | - name: Delete console 15 | include_tasks: "delete.yml" 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/k8s/cluster_role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: ClusterRoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ cluster_role_binding }}" 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-hlfsupport" 12 | app.kubernetes.io/name: "ibm-hlfsupport" 13 | app.kubernetes.io/instance: "ibm-hlfsupport" 14 | app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" 15 | subjects: 16 | - kind: ServiceAccount 17 | name: "{{ service_account }}" 18 | namespace: "{{ namespace }}" 19 | roleRef: 20 | kind: ClusterRole 21 | name: "{{ cluster_role }}" 22 | apiGroup: rbac.authorization.k8s.io 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/k8s/console.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | 6 | apiVersion: ibp.com/v1beta1 7 | kind: IBPConsole 8 | metadata: 9 | name: "{{ console }}" 10 | spec: 11 | arch: 12 | - "{{ arch }}" 13 | license: 14 | accept: true 15 | serviceAccountName: "{{ service_account }}" 16 | email: "{{ console_email }}" 17 | password: "{{ console_default_password }}" 18 | registryURL: "{{ image_registry_url }}" 19 | imagePullSecrets: 20 | - "{{ image_pull_secret }}" 21 | usetags: true 22 | images: 23 | deployerImage: "{{deployer_image}}" 24 | deployerTag: "{{deployer_image_label}}" 25 | consoleInitImage: "{{init_image}}" 26 | consoleInitTag: "{{init_image_label}}" 27 | consoleImage: "{{console_image}}" 28 | consoleTag: "{{console_image_label}}" 29 | configtxlatorImage: "{{tools_image}}" 30 | configtxlatorTag: "{{tools_image_label}}" 31 | couchdbImage: "{{couchdb_image}}" 32 | couchdbTag: "{{couchdb_image_label}}" 33 | networkinfo: 34 | domain: "{{ console_domain }}" 35 | storage: 36 | console: 37 | class: "{{ console_storage_class }}" 38 | size: "{{ console_storage_size }}" 39 | {%+ if console_tls_secret is defined %} 40 | tlsSecretName: "{{ console_tls_secret }}" 41 | {% endif %} 42 | {%+ if zones is defined %} 43 | clusterdata: 44 | zones: 45 | {%+ for zone in zones %} 46 | - "{{ zone }}" 47 | {% endfor %} 48 | {% endif %} 49 | {%+ if console_images is defined %} 50 | images: 51 | {{ console_images | to_nice_yaml(indent=2, width=1024) | indent(4, false) }} 52 | {% endif %} 53 | {%+ if console_versions is defined %} 54 | versions: 55 | {{ console_versions | to_nice_yaml(indent=2, width=1024) | indent(4, false) }} 56 | {% endif %} 57 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/k8s/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/k8s/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: RoleBinding 7 | metadata: 8 | name: "{{ role_binding }}" 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: "{{ cluster_role }}" 13 | subjects: 14 | - apiGroup: rbac.authorization.k8s.io 15 | kind: Group 16 | name: system:serviceaccounts:{{ namespace }} 17 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/openshift/cluster_role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: ClusterRoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ cluster_role_binding }}" 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-hlfsupport" 12 | app.kubernetes.io/name: "ibm-hlfsupport" 13 | app.kubernetes.io/instance: "ibm-hlfsupport" 14 | app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" 15 | subjects: 16 | - kind: ServiceAccount 17 | name: "{{ service_account }}" 18 | namespace: "{{ project }}" 19 | roleRef: 20 | kind: ClusterRole 21 | name: "{{ cluster_role }}" 22 | apiGroup: rbac.authorization.k8s.io 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/openshift/console.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | 6 | apiVersion: ibp.com/v1beta1 7 | kind: IBPConsole 8 | metadata: 9 | name: "{{ console }}" 10 | spec: 11 | arch: 12 | - "{{ arch }}" 13 | license: 14 | accept: true 15 | serviceAccountName: "{{ service_account }}" 16 | email: "{{ console_email }}" 17 | password: "{{ console_default_password }}" 18 | registryURL: "{{ image_registry_url }}" 19 | imagePullSecrets: 20 | - "{{ image_pull_secret }}" 21 | usetags: true 22 | images: 23 | deployerImage: "{{deployer_image}}" 24 | deployerTag: "{{deployer_image_label}}" 25 | consoleInitImage: "{{init_image}}" 26 | consoleInitTag: "{{init_image_label}}" 27 | consoleImage: "{{console_image}}" 28 | consoleTag: "{{console_image_label}}" 29 | configtxlatorImage: "{{tools_image}}" 30 | configtxlatorTag: "{{tools_image_label}}" 31 | couchdbImage: "{{couchdb_image}}" 32 | couchdbTag: "{{couchdb_image_label}}" 33 | networkinfo: 34 | domain: "{{ console_domain }}" 35 | storage: 36 | console: 37 | class: "{{ console_storage_class }}" 38 | size: "{{ console_storage_size }}" 39 | {%+ if console_tls_secret is defined %} 40 | tlsSecretName: "{{ console_tls_secret }}" 41 | {% endif %} 42 | {%+ if zones is defined %} 43 | clusterdata: 44 | zones: 45 | {%+ for zone in zones %} 46 | - "{{ zone }}" 47 | {% endfor %} 48 | {% endif %} 49 | {%+ if console_images is defined %} 50 | images: 51 | {{ console_images | to_nice_yaml(indent=2, width=1024) | indent(4, false) }} 52 | {% endif %} 53 | {%+ if console_versions is defined %} 54 | versions: 55 | {{ console_versions | to_nice_yaml(indent=2, width=1024) | indent(4, false) }} 56 | {% endif %} 57 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/openshift/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/openshift/security_context_constraints.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: security.openshift.io/v1 6 | kind: SecurityContextConstraints 7 | metadata: 8 | name: "{{ security_context_constraints }}" 9 | allowHostDirVolumePlugin: true 10 | allowHostIPC: true 11 | allowHostNetwork: true 12 | allowHostPID: true 13 | allowHostPorts: true 14 | allowPrivilegeEscalation: true 15 | allowPrivilegedContainer: true 16 | allowedCapabilities: 17 | - NET_BIND_SERVICE 18 | - CHOWN 19 | - DAC_OVERRIDE 20 | - SETGID 21 | - SETUID 22 | - FOWNER 23 | defaultAddCapabilities: null 24 | fsGroup: 25 | type: RunAsAny 26 | groups: 27 | - system:cluster-admins 28 | - system:authenticated 29 | - system:serviceaccounts:{{ project }} 30 | readOnlyRootFilesystem: false 31 | requiredDropCapabilities: null 32 | runAsUser: 33 | type: RunAsAny 34 | seLinuxContext: 35 | type: RunAsAny 36 | supplementalGroups: 37 | type: RunAsAny 38 | users: 39 | - system:serviceaccounts:{{ project }} 40 | volumes: 41 | - "*" 42 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/README.md: -------------------------------------------------------------------------------- 1 | # hlfsupport_crds 2 | 3 | The IBM Support for Hyperledger Fabric provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Support for Hyperledger Fabric, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Support for Hyperledger Fabric development team. For more information on the IBM Support for Hyperledger Fabric, visit the following website: https://www.ibm.com/cloud/blockchain-platform/hyperledger-fabric-support -------------------------------------------------------------------------------- /roles/hlfsupport_crds/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | target: openshift 7 | # arch: amd64 | s390x 8 | # project: my-project 9 | namespace: "" 10 | 11 | image_pull_secret: docker-key-secret 12 | image_registry: cp.icr.io 13 | image_registry_username: cp 14 | # image_registry_email: user@example.org 15 | # image_registry_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 16 | image_repository: cp 17 | image_registry_url: "{{ image_registry }}/{{ image_repository }}" 18 | 19 | role: "{{ project | default(namespace) | default('') }}" 20 | role_binding: "{{ project | default(namespace) | default('') }}" 21 | security_context_constraints: "{{ project | default(namespace) | default('') }}" 22 | service_account: default 23 | wait_timeout: 60 24 | 25 | product_version: "1.0.0" 26 | webhook_version: "20220308" 27 | webhook_image: "{{ image_registry_url }}/ibm-hlfsupport-crdwebhook" 28 | webhook_tag: "{{ product_version }}-{{ webhook_version }}-{{ arch }}" 29 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone & Matthew White 7 | description: Ansible role for deploying the IBM Hyperledger Fabric Support Offering into Red Hat OpenShift or Kubernetes 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" or "s390x" 8 | when: not arch is defined or not arch in ("amd64", "s390x") 9 | 10 | - name: Fail if image registry email not specified 11 | fail: 12 | msg: image_registry_email not specified or is empty 13 | when: not image_registry_email is defined or not image_registry_email 14 | 15 | - name: Fail if image registry password not specified 16 | fail: 17 | msg: image_registry_password not specified or is empty 18 | when: not image_registry_password is defined or not image_registry_password 19 | 20 | - name: Create custom resource definitions 21 | include_tasks: "{{ target }}/create.yml" 22 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete custom resource definitions 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" or "openshift" 8 | when: not target is defined or not target in ("k8s", "openshift") 9 | 10 | 11 | - name: Create custom resource definitions 12 | include_tasks: "create.yml" 13 | when: state == "present" 14 | 15 | - name: Delete custom resource definitions 16 | include_tasks: "delete.yml" 17 | when: state == "absent" 18 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/console-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibpconsoles.ibp.com 9 | labels: 10 | app.kubernetes.io/name: "ibm-hlfsupport" 11 | app.kubernetes.io/instance: "ibm-hlfsupport" 12 | app.kubernetes.io/managed-by: "ibm-hlfsupport" 13 | spec: 14 | conversion: 15 | strategy: Webhook 16 | webhook: 17 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 18 | clientConfig: 19 | service: 20 | namespace: "{{ project | default(namespace) }}" 21 | name: ibm-hlfsupport-webhook 22 | path: /crdconvert 23 | caBundle: "{{ webhook_tls_cert }}" 24 | group: ibp.com 25 | names: 26 | kind: IBPConsole 27 | listKind: IBPConsoleList 28 | plural: ibpconsoles 29 | singular: ibpconsole 30 | scope: Namespaced 31 | versions: 32 | - name: v1beta1 33 | schema: 34 | openAPIV3Schema: 35 | x-kubernetes-preserve-unknown-fields: true 36 | served: true 37 | storage: true 38 | subresources: 39 | status: {} 40 | - name: v1alpha2 41 | schema: 42 | openAPIV3Schema: 43 | x-kubernetes-preserve-unknown-fields: true 44 | served: true 45 | storage: false 46 | subresources: 47 | status: {} 48 | - name: v1alpha1 49 | schema: 50 | openAPIV3Schema: 51 | x-kubernetes-preserve-unknown-fields: true 52 | served: true 53 | storage: false 54 | subresources: 55 | status: {} 56 | status: 57 | acceptedNames: 58 | kind: IBPConsole 59 | listKind: IBPConsoleList 60 | plural: ibpconsoles 61 | singular: ibpconsole 62 | conditions: [] 63 | storedVersions: 64 | - v1beta1 -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/k8s/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/k8s/role.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "{{ role }}" 9 | rules: 10 | - apiGroups: 11 | - "*" 12 | resources: 13 | - secrets 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/k8s/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ namespace }}" 13 | roleRef: 14 | kind: Role 15 | name: "{{ role }}" 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/k8s/service.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: "ibm-hlfsupport-webhook" 9 | labels: 10 | type: "webhook" 11 | app.kubernetes.io/name: "ibm-hlfsupport" 12 | app.kubernetes.io/instance: "ibm-hlfsupport-webhook" 13 | helm.sh/chart: "ibm-hlfsupport" 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: server 18 | port: 443 19 | targetPort: server 20 | protocol: TCP 21 | selector: 22 | app.kubernetes.io/instance: "ibm-hlfsupport-webhook" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/openshift/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/openshift/role.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "{{ role }}" 9 | rules: 10 | - apiGroups: 11 | - "*" 12 | resources: 13 | - secrets 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/openshift/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ project }}" 13 | roleRef: 14 | kind: Role 15 | name: "{{ role }}" 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/openshift/security_context_constraints.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: security.openshift.io/v1 6 | kind: SecurityContextConstraints 7 | metadata: 8 | name: "{{ security_context_constraints }}" 9 | allowHostDirVolumePlugin: true 10 | allowHostIPC: true 11 | allowHostNetwork: true 12 | allowHostPID: true 13 | allowHostPorts: true 14 | allowPrivilegeEscalation: true 15 | allowPrivilegedContainer: true 16 | allowedCapabilities: 17 | - NET_BIND_SERVICE 18 | - CHOWN 19 | - DAC_OVERRIDE 20 | - SETGID 21 | - SETUID 22 | - FOWNER 23 | defaultAddCapabilities: null 24 | fsGroup: 25 | type: RunAsAny 26 | groups: 27 | - system:cluster-admins 28 | - system:authenticated 29 | - system:serviceaccounts:{{ project }} 30 | readOnlyRootFilesystem: false 31 | requiredDropCapabilities: null 32 | runAsUser: 33 | type: RunAsAny 34 | seLinuxContext: 35 | type: RunAsAny 36 | supplementalGroups: 37 | type: RunAsAny 38 | users: 39 | - system:serviceaccounts:{{ project }} 40 | volumes: 41 | - "*" 42 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/openshift/service.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: "ibm-hlfsupport-webhook" 9 | labels: 10 | type: "webhook" 11 | app.kubernetes.io/name: "ibm-hlfsupport" 12 | app.kubernetes.io/instance: "ibm-hlfsupport-webhook" 13 | helm.sh/chart: "ibm-hlfsupport" 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: server 18 | port: 443 19 | targetPort: server 20 | protocol: TCP 21 | selector: 22 | app.kubernetes.io/instance: "ibm-hlfsupport-webhook" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/orderer-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibporderers.ibp.com 9 | labels: 10 | app.kubernetes.io/name: "ibm-hlfsupport" 11 | app.kubernetes.io/instance: "ibm-hlfsupport" 12 | app.kubernetes.io/managed-by: "ibm-hlfsupport" 13 | spec: 14 | conversion: 15 | strategy: Webhook 16 | webhook: 17 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 18 | clientConfig: 19 | service: 20 | namespace: "{{ project | default(namespace) }}" 21 | name: ibm-hlfsupport-webhook 22 | path: /crdconvert 23 | caBundle: "{{ webhook_tls_cert }}" 24 | group: ibp.com 25 | names: 26 | kind: IBPOrderer 27 | listKind: IBPOrdererList 28 | plural: ibporderers 29 | singular: ibporderer 30 | scope: Namespaced 31 | versions: 32 | - name: v1beta1 33 | schema: 34 | openAPIV3Schema: 35 | x-kubernetes-preserve-unknown-fields: true 36 | served: true 37 | storage: true 38 | subresources: 39 | status: {} 40 | - name: v1alpha2 41 | schema: 42 | openAPIV3Schema: 43 | x-kubernetes-preserve-unknown-fields: true 44 | served: true 45 | storage: false 46 | subresources: 47 | status: {} 48 | - name: v1alpha1 49 | schema: 50 | openAPIV3Schema: 51 | x-kubernetes-preserve-unknown-fields: true 52 | served: true 53 | storage: false 54 | subresources: 55 | status: {} 56 | status: 57 | acceptedNames: 58 | kind: IBPOrderer 59 | listKind: IBPOrdererList 60 | plural: ibporderers 61 | singular: ibporderer 62 | conditions: [] 63 | storedVersions: 64 | - v1beta1 -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/peer-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibppeers.ibp.com 9 | labels: 10 | app.kubernetes.io/name: "ibm-hlfsupport" 11 | app.kubernetes.io/instance: "ibm-hlfsupport" 12 | app.kubernetes.io/managed-by: "ibm-hlfsupport" 13 | spec: 14 | conversion: 15 | strategy: Webhook 16 | webhook: 17 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 18 | clientConfig: 19 | service: 20 | namespace: "{{ project | default(namespace) }}" 21 | name: ibm-hlfsupport-webhook 22 | path: /crdconvert 23 | caBundle: "{{ webhook_tls_cert }}" 24 | group: ibp.com 25 | names: 26 | kind: IBPPeer 27 | listKind: IBPPeerList 28 | plural: ibppeers 29 | singular: ibppeer 30 | scope: Namespaced 31 | versions: 32 | - name: v1beta1 33 | schema: 34 | openAPIV3Schema: 35 | x-kubernetes-preserve-unknown-fields: true 36 | served: true 37 | storage: true 38 | subresources: 39 | status: {} 40 | - name: v1alpha2 41 | schema: 42 | openAPIV3Schema: 43 | x-kubernetes-preserve-unknown-fields: true 44 | served: true 45 | storage: false 46 | subresources: 47 | status: {} 48 | - name: v1alpha1 49 | schema: 50 | openAPIV3Schema: 51 | x-kubernetes-preserve-unknown-fields: true 52 | served: true 53 | storage: false 54 | subresources: 55 | status: {} 56 | status: 57 | acceptedNames: 58 | kind: IBPPeer 59 | listKind: IBPPeerList 60 | plural: ibppeers 61 | singular: ibppeer 62 | conditions: [] 63 | storedVersions: 64 | - v1beta1 -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/README.md: -------------------------------------------------------------------------------- 1 | # mrha_endorsing_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # regions: 7 | # api_endpoint: 8 | # api_authtype: 9 | # api_key: 10 | # api_secret: 11 | # api_token_endpoint: 12 | #  zones: 13 | # organization_name: 14 | # ca_admin_enrollment_id 15 | # ca_admin_enrollment_secret 16 | # organization_admin_enrollment_id: 17 | # organization_admin_enrollment_secret: 18 | # ordering_service_enrollment_id: 19 | # ordering_service_enrollment_secret: 20 | ca_name: "{{ organization_name }} CA" 21 | ca_db_type: postgres 22 | # ca_db_datasource: 23 | ca_db_tls_enabled: true 24 | # ca_db_tls_certfiles: 25 | ca_replicas: 3 26 | # ca_resources: 27 | # ca_storage: 28 | # ca_version: 29 | peers: 6 30 | peer_name: "{{ organization_name }} Peer" 31 | # peer_resources: 32 | # peer_storage: 33 | peer_state_db: couchdb 34 | # peer_version: 35 | wallet: "{{ playbook_dir }}" 36 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 37 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 38 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: >- 8 | Ansible role for building Hyperledger Fabric components for a multi-region, highly available endorsing organization using the IBM Blockchain Platform 9 | license: Apache-2.0 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | galaxy_tags: [] 15 | min_ansible_version: "2.9" 16 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for primary region 6 | include_tasks: create/primary-region.yml 7 | loop: "{{ regions }}" 8 | loop_control: 9 | index_var: region_index 10 | label: "{{ region.api_endpoint }}" 11 | loop_var: region 12 | when: region_index == 0 13 | 14 | - name: Create components for secondary regions 15 | include_tasks: create/secondary-region.yml 16 | loop: "{{ regions }}" 17 | loop_control: 18 | index_var: region_index 19 | label: "{{ region.api_endpoint }}" 20 | loop_var: region 21 | when: region_index != 0 22 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/create/secondary-region.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Load the organization admin 6 | ibm.blockchain_platform.enrolled_identity_info: 7 | path: "{{ organization_admin_identity }}" 8 | register: org_admin 9 | 10 | - name: Clear peers 11 | set_fact: 12 | peers_in_region: 0 13 | 14 | - name: Determine and set peers 15 | set_fact: 16 | peers_in_region: "{{ (peers_in_region | int) + 1 }}" 17 | loop: "{{ range(0, peers, 1) | list }}" 18 | when: region_index == (item % (regions | length)) 19 | 20 | - name: Clear peer indexes 21 | set_fact: 22 | peer_indexes: [] 23 | 24 | - name: Determine and set peer indexes 25 | set_fact: 26 | peer_indexes: "{{ (peer_indexes | default([])) + [item] }}" 27 | loop: "{{ range(0, peers, 1) | list }}" 28 | when: region_index == (item % (regions | length)) 29 | 30 | - name: Clear peer zones 31 | set_fact: 32 | peer_zones_in_region: [] 33 | 34 | - name: Determine and set peer zones 35 | set_fact: 36 | peer_zones_in_region: "{{ (peer_zones_in_region | default([])) + [zones[item % (zones | length)]] }}" 37 | loop: "{{ range(0, peers_in_region | int, 1) | list }}" 38 | when: zones is defined and zones 39 | 40 | - name: Create peers 41 | include_tasks: secondary-peer.yml 42 | loop: "{{ range(0, peers_in_region | int, 1) | list }}" 43 | loop_control: 44 | index_var: peer_index 45 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for primary region 6 | include_tasks: delete/primary-region.yml 7 | loop: "{{ regions }}" 8 | loop_control: 9 | index_var: region_index 10 | label: "{{ region.api_endpoint }}" 11 | loop_var: region 12 | when: region_index == 0 13 | 14 | - name: Delete components for secondary regions 15 | include_tasks: delete/secondary-region.yml 16 | loop: "{{ regions }}" 17 | loop_control: 18 | index_var: region_index 19 | label: "{{ region.api_endpoint }}" 20 | loop_var: region 21 | when: region_index != 0 22 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/delete/primary-peer.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete peer 6 | ibm.blockchain_platform.peer: 7 | state: "{{ state }}" 8 | api_endpoint: "{{ region.api_endpoint }}" 9 | api_authtype: "{{ region.api_authtype }}" 10 | api_key: "{{ region.api_key }}" 11 | api_secret: "{{ region.api_secret | default(omit) }}" 12 | api_token_endpoint: "{{ region.api_token_endpoint | default(omit) }}" 13 | api_timeout: "{{ region.api_timeout | default(omit) }}" 14 | name: "{{ peer_name }}{{ peer_indexes[peer_index] + 1 }}" 15 | 16 | - name: Remove peer into all other regions 17 | ibm.blockchain_platform.external_peer: 18 | state: "{{ state }}" 19 | api_endpoint: "{{ other_region.api_endpoint }}" 20 | api_authtype: "{{ other_region.api_authtype }}" 21 | api_key: "{{ other_region.api_key }}" 22 | api_secret: "{{ other_region.api_secret | default(omit) }}" 23 | api_token_endpoint: "{{ other_region.api_token_endpoint | default(omit) }}" 24 | api_timeout: "{{ other_region.api_timeout | default(omit) }}" 25 | name: "{{ peer_name }}{{ peer_indexes[peer_index] + 1 }}" 26 | when: region_index != other_region_index 27 | loop: "{{ regions }}" 28 | loop_control: 29 | index_var: other_region_index 30 | label: "{{ other_region.api_endpoint }}" 31 | loop_var: other_region 32 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/delete/secondary-peer.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete peer 6 | ibm.blockchain_platform.peer: 7 | state: "{{ state }}" 8 | api_endpoint: "{{ region.api_endpoint }}" 9 | api_authtype: "{{ region.api_authtype }}" 10 | api_key: "{{ region.api_key }}" 11 | api_secret: "{{ region.api_secret | default(omit) }}" 12 | api_token_endpoint: "{{ region.api_token_endpoint | default(omit) }}" 13 | api_timeout: "{{ region.api_timeout | default(omit) }}" 14 | name: "{{ peer_name }}{{ peer_indexes[peer_index] + 1 }}" 15 | 16 | - name: Remove peer into all other regions 17 | ibm.blockchain_platform.external_peer: 18 | state: "{{ state }}" 19 | api_endpoint: "{{ other_region.api_endpoint }}" 20 | api_authtype: "{{ other_region.api_authtype }}" 21 | api_key: "{{ other_region.api_key }}" 22 | api_secret: "{{ other_region.api_secret | default(omit) }}" 23 | api_token_endpoint: "{{ other_region.api_token_endpoint | default(omit) }}" 24 | api_timeout: "{{ other_region.api_timeout | default(omit) }}" 25 | name: "{{ peer_name }}{{ peer_indexes[peer_index] + 1 }}" 26 | when: region_index != other_region_index 27 | loop: "{{ regions }}" 28 | loop_control: 29 | index_var: other_region_index 30 | label: "{{ other_region.api_endpoint }}" 31 | loop_var: other_region 32 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/delete/secondary-region.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Clear peers 6 | set_fact: 7 | peers_in_region: 0 8 | 9 | - name: Determine and set peers 10 | set_fact: 11 | peers_in_region: "{{ (peers_in_region | int) + 1 }}" 12 | loop: "{{ range(0, peers, 1) | list }}" 13 | when: region_index == (item % (regions | length)) 14 | 15 | - name: Clear peer indexes 16 | set_fact: 17 | peer_indexes: [] 18 | 19 | - name: Determine and set peer indexes 20 | set_fact: 21 | peer_indexes: "{{ (peer_indexes | default([])) + [item] }}" 22 | loop: "{{ range(0, peers, 1) | list }}" 23 | when: region_index == (item % (regions | length)) 24 | 25 | - name: Clear peer zones 26 | set_fact: 27 | peer_zones_in_region: [] 28 | 29 | - name: Determine and set peer zones 30 | set_fact: 31 | peer_zones_in_region: "{{ (peer_zones_in_region | default([])) + [zones[item % (zones | length)]] }}" 32 | loop: "{{ range(0, peers_in_region | int, 1) | list }}" 33 | when: zones is defined and zones 34 | 35 | - name: Delete peers 36 | include_tasks: secondary-peer.yml 37 | loop: "{{ range(0, peers_in_region | int, 1) | list }}" 38 | loop_control: 39 | index_var: peer_index 40 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if organization name not specified 6 | fail: 7 | msg: organization_name not specified or is empty 8 | when: not organization_name is defined or not organization_name 9 | 10 | - name: Create endorsing organization 11 | include_tasks: create.yml 12 | when: state == "present" 13 | 14 | - name: Delete endorsing organization 15 | include_tasks: delete.yml 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/README.md: -------------------------------------------------------------------------------- 1 | # mrha_ordering_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # regions: 7 | # api_endpoint: 8 | # api_authtype: 9 | # api_key: 10 | # api_secret: 11 | # api_token_endpoint: 12 | #  zones: 13 | # organization_name: 14 | # ca_admin_enrollment_id 15 | # ca_admin_enrollment_secret 16 | # organization_admin_enrollment_id: 17 | # organization_admin_enrollment_secret: 18 | # ordering_service_enrollment_id: 19 | # ordering_service_enrollment_secret: 20 | ca_name: "{{ organization_name }} CA" 21 | ca_db_type: postgres 22 | # ca_db_datasource: 23 | ca_db_tls_enabled: true 24 | # ca_db_tls_certfiles: 25 | ca_replicas: 3 26 | # ca_resources: 27 | # ca_storage: 28 | # ca_version: 29 | ordering_service_name: Ordering Service 30 | ordering_service_nodes: 5 31 | # ordering_service_resources: 32 | # ordering_service_storage: 33 | # ordering_service_version: 34 | # ordering_service_zones: 35 | wallet: "{{ playbook_dir }}" 36 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 37 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 38 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: >- 8 | Ansible role for building Hyperledger Fabric components for a multi-region, highly available ordering organization using the IBM Blockchain Platform 9 | license: Apache-2.0 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | galaxy_tags: [] 15 | min_ansible_version: "2.9" 16 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for primary region 6 | include_tasks: create/primary-region.yml 7 | loop: "{{ regions }}" 8 | loop_control: 9 | index_var: region_index 10 | label: "{{ region.api_endpoint }}" 11 | loop_var: region 12 | when: region_index == 0 13 | 14 | - name: Create components for secondary regions 15 | include_tasks: create/secondary-region.yml 16 | loop: "{{ regions }}" 17 | loop_control: 18 | index_var: region_index 19 | label: "{{ region.api_endpoint }}" 20 | loop_var: region 21 | when: region_index != 0 22 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/create/secondary-region.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Load the organization admin 6 | ibm.blockchain_platform.enrolled_identity_info: 7 | path: "{{ organization_admin_identity }}" 8 | register: org_admin 9 | 10 | - name: Clear ordering service nodes 11 | set_fact: 12 | ordering_service_nodes_in_region: 0 13 | 14 | - name: Determine and set ordering service nodes 15 | set_fact: 16 | ordering_service_nodes_in_region: "{{ (ordering_service_nodes_in_region | int) + 1 }}" 17 | loop: "{{ range(0, ordering_service_nodes, 1) | list }}" 18 | when: region_index == (item % (regions | length)) 19 | 20 | - name: Clear ordering service zones 21 | set_fact: 22 | ordering_service_zones_in_region: [] 23 | 24 | - name: Determine and set ordering service zones 25 | set_fact: 26 | ordering_service_zones_in_region: "{{ (ordering_service_zones_in_region | default([])) + [zones[item % (zones | length)]] }}" 27 | loop: "{{ range(0, ordering_service_nodes_in_region | int, 1) | list }}" 28 | when: zones is defined and zones 29 | 30 | - name: Create ordering service nodes 31 | include_tasks: secondary-osn.yml 32 | loop: "{{ range(0, ordering_service_nodes_in_region | int, 1) | list }}" 33 | loop_control: 34 | index_var: node_index 35 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for primary region 6 | include_tasks: delete/primary-region.yml 7 | loop: "{{ regions }}" 8 | loop_control: 9 | index_var: region_index 10 | label: "{{ region.api_endpoint }}" 11 | loop_var: region 12 | when: region_index == 0 13 | 14 | - name: Delete components for secondary regions 15 | include_tasks: delete/secondary-region.yml 16 | loop: "{{ regions }}" 17 | loop_control: 18 | index_var: region_index 19 | label: "{{ region.api_endpoint }}" 20 | loop_var: region 21 | when: region_index != 0 22 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/delete/primary-osn.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete ordering service node 6 | ibm.blockchain_platform.ordering_service_node: 7 | state: "{{ state }}" 8 | api_endpoint: "{{ region.api_endpoint }}" 9 | api_authtype: "{{ region.api_authtype }}" 10 | api_key: "{{ region.api_key }}" 11 | api_secret: "{{ region.api_secret | default(omit) }}" 12 | api_token_endpoint: "{{ region.api_token_endpoint | default(omit) }}" 13 | api_timeout: "{{ region.api_timeout | default(omit) }}" 14 | name: "{{ ordering_service_name }}_{{ node_index + 1 }}" 15 | 16 | - name: Remove ordering service node from all other regions 17 | ibm.blockchain_platform.external_ordering_service_node: 18 | state: "{{ state }}" 19 | api_endpoint: "{{ other_region.api_endpoint }}" 20 | api_authtype: "{{ other_region.api_authtype }}" 21 | api_key: "{{ other_region.api_key }}" 22 | api_secret: "{{ other_region.api_secret | default(omit) }}" 23 | api_token_endpoint: "{{ other_region.api_token_endpoint | default(omit) }}" 24 | api_timeout: "{{ other_region.api_timeout | default(omit) }}" 25 | name: "{{ ordering_service_name }}_{{ node_index + 1 }}" 26 | when: region_index != other_region_index 27 | loop: "{{ regions }}" 28 | loop_control: 29 | index_var: other_region_index 30 | label: "{{ other_region.api_endpoint }}" 31 | loop_var: other_region 32 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/delete/secondary-osn.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete ordering service node 6 | ibm.blockchain_platform.ordering_service_node: 7 | state: "{{ state }}" 8 | api_endpoint: "{{ region.api_endpoint }}" 9 | api_authtype: "{{ region.api_authtype }}" 10 | api_key: "{{ region.api_key }}" 11 | api_secret: "{{ region.api_secret | default(omit) }}" 12 | api_token_endpoint: "{{ region.api_token_endpoint | default(omit) }}" 13 | api_timeout: "{{ region.api_timeout | default(omit) }}" 14 | name: "{{ ordering_service_name }}_r{{ region_index }}n{{ node_index }}" 15 | 16 | - name: Remove ordering service node from all other regions 17 | ibm.blockchain_platform.external_ordering_service_node: 18 | state: "{{ state }}" 19 | api_endpoint: "{{ other_region.api_endpoint }}" 20 | api_authtype: "{{ other_region.api_authtype }}" 21 | api_key: "{{ other_region.api_key }}" 22 | api_secret: "{{ other_region.api_secret | default(omit) }}" 23 | api_token_endpoint: "{{ other_region.api_token_endpoint | default(omit) }}" 24 | api_timeout: "{{ other_region.api_timeout | default(omit) }}" 25 | name: "{{ ordering_service_name }}_r{{ region_index }}n{{ node_index }}" 26 | when: region_index != other_region_index 27 | loop: "{{ regions }}" 28 | loop_control: 29 | index_var: other_region_index 30 | label: "{{ other_region.api_endpoint }}" 31 | loop_var: other_region 32 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/delete/secondary-region.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Clear ordering service nodes 6 | set_fact: 7 | ordering_service_nodes_in_region: 0 8 | 9 | - name: Determine and set ordering service nodes 10 | set_fact: 11 | ordering_service_nodes_in_region: "{{ (ordering_service_nodes_in_region | int) + 1 }}" 12 | loop: "{{ range(0, ordering_service_nodes, 1) | list }}" 13 | when: region_index == (item % (regions | length)) 14 | 15 | - name: Clear ordering service zones 16 | set_fact: 17 | ordering_service_zones_in_region: [] 18 | 19 | - name: Determine and set ordering service zones 20 | set_fact: 21 | ordering_service_zones_in_region: "{{ (ordering_service_zones_in_region | default([])) + [zones[item % (zones | length)]] }}" 22 | loop: "{{ range(0, ordering_service_nodes_in_region | int, 1) | list }}" 23 | when: zones is defined and zones 24 | 25 | - name: Delete ordering service nodes 26 | include_tasks: secondary-osn.yml 27 | loop: "{{ range(0, ordering_service_nodes_in_region | int, 1) | list }}" 28 | loop_control: 29 | index_var: node_index 30 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if organization name not specified 6 | fail: 7 | msg: organization_name not specified or is empty 8 | when: not organization_name is defined or not organization_name 9 | 10 | - name: Create ordering organization 11 | include_tasks: create.yml 12 | when: state == "present" 13 | 14 | - name: Delete ordering organization 15 | include_tasks: delete.yml 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/mzha_endorsing_organization/README.md: -------------------------------------------------------------------------------- 1 | # mzha_endorsing_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/mzha_endorsing_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # api_endpoint: 7 | # api_authtype: 8 | # api_key: 9 | # api_secret: 10 | # api_token_endpoint: 11 | # zones: 12 | # organization_name: 13 | # ca_admin_enrollment_id 14 | # ca_admin_enrollment_secret 15 | # organization_admin_enrollment_id: 16 | # organization_admin_enrollment_secret: 17 | # peer_enrollment_id 18 | # peer_enrollment_secret 19 | ca_name: "{{ organization_name }} CA" 20 | ca_db_type: postgres 21 | # ca_db_datasource: 22 | ca_db_tls_enabled: true 23 | # ca_db_tls_certfiles: 24 | ca_replicas: 3 25 | # ca_resources: 26 | # ca_storage: 27 | # ca_version: 28 | peers: 4 29 | peer_name: "{{ organization_name }} Peer" 30 | # peer_resources: 31 | # peer_storage: 32 | peer_state_db: couchdb 33 | # peer_version: 34 | wallet: "{{ playbook_dir }}" 35 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 36 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 37 | -------------------------------------------------------------------------------- /roles/mzha_endorsing_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: >- 8 | Ansible role for building Hyperledger Fabric components for a multi-zone, highly available endorsing organization using the IBM Blockchain Platform 9 | license: Apache-2.0 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | galaxy_tags: [] 15 | min_ansible_version: "2.9" 16 | -------------------------------------------------------------------------------- /roles/mzha_endorsing_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if API endpoint not specified 6 | fail: 7 | msg: api_endpoint not specified or is empty 8 | when: not api_endpoint is defined or not api_endpoint 9 | 10 | - name: Fail if API authentication type not specified 11 | fail: 12 | msg: api_authtype not specified or is not one of "ibmcloud" or "basic" 13 | when: not api_authtype is defined or not api_authtype in ("ibmcloud", "basic") 14 | 15 | - name: Fail if API key not specified 16 | fail: 17 | msg: api_key not specified or is empty 18 | when: not api_key is defined or not api_key 19 | 20 | - name: Fail if API secret not specified 21 | fail: 22 | msg: api_secret not specified or is empty 23 | when: (api_authtype == "basic") and (not api_secret is defined or not api_secret) 24 | 25 | - name: Fail if organization name not specified 26 | fail: 27 | msg: organization_name not specified or is empty 28 | when: not organization_name is defined or not organization_name 29 | 30 | - name: Create endorsing organization 31 | include_tasks: create.yml 32 | when: state == "present" 33 | 34 | - name: Delete endorsing organization 35 | include_tasks: delete.yml 36 | when: state == "absent" 37 | -------------------------------------------------------------------------------- /roles/mzha_ordering_organization/README.md: -------------------------------------------------------------------------------- 1 | # mzha_ordering_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/mzha_ordering_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # api_endpoint: 7 | # api_authtype: 8 | # api_key: 9 | # api_secret: 10 | # api_token_endpoint: 11 | # zones: 12 | # organization_name: 13 | # ca_admin_enrollment_id 14 | # ca_admin_enrollment_secret 15 | # organization_admin_enrollment_id: 16 | # organization_admin_enrollment_secret: 17 | # ordering_service_enrollment_id: 18 | # ordering_service_enrollment_secret: 19 | ca_name: "{{ organization_name }} CA" 20 | ca_db_type: postgres 21 | # ca_db_datasource: 22 | ca_db_tls_enabled: true 23 | # ca_db_tls_certfiles: 24 | ca_replicas: 3 25 | # ca_resources: 26 | # ca_storage: 27 | # ca_version: 28 | ordering_service_name: Ordering Service 29 | ordering_service_nodes: 5 30 | # ordering_service_resources: 31 | # ordering_service_storage: 32 | # ordering_service_version: 33 | # ordering_service_zones: 34 | wallet: "{{ playbook_dir }}" 35 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 36 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 37 | -------------------------------------------------------------------------------- /roles/mzha_ordering_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: >- 8 | Ansible role for building Hyperledger Fabric components for a multi-zone, highly available ordering organization using the IBM Blockchain Platform 9 | license: Apache-2.0 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | galaxy_tags: [] 15 | min_ansible_version: "2.9" 16 | -------------------------------------------------------------------------------- /roles/mzha_ordering_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if API endpoint not specified 6 | fail: 7 | msg: api_endpoint not specified or is empty 8 | when: not api_endpoint is defined or not api_endpoint 9 | 10 | - name: Fail if API authentication type not specified 11 | fail: 12 | msg: api_authtype not specified or is not one of "ibmcloud" or "basic" 13 | when: not api_authtype is defined or not api_authtype in ("ibmcloud", "basic") 14 | 15 | - name: Fail if API key not specified 16 | fail: 17 | msg: api_key not specified or is empty 18 | when: not api_key is defined or not api_key 19 | 20 | - name: Fail if API secret not specified 21 | fail: 22 | msg: api_secret not specified or is empty 23 | when: (api_authtype == "basic") and (not api_secret is defined or not api_secret) 24 | 25 | - name: Fail if organization name not specified 26 | fail: 27 | msg: organization_name not specified or is empty 28 | when: not organization_name is defined or not organization_name 29 | 30 | - name: Create ordering organization 31 | include_tasks: create.yml 32 | when: state == "present" 33 | 34 | - name: Delete ordering organization 35 | include_tasks: delete.yml 36 | when: state == "absent" 37 | -------------------------------------------------------------------------------- /roles/ordering_organization/README.md: -------------------------------------------------------------------------------- 1 | # ordering_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/ordering_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # api_endpoint: 7 | # api_authtype: 8 | # api_key: 9 | # api_secret: 10 | # api_token_endpoint: 11 | # organization_name: 12 | # ca_admin_enrollment_id 13 | # ca_admin_enrollment_secret 14 | # organization_admin_enrollment_id: 15 | # organization_admin_enrollment_secret: 16 | # ordering_service_enrollment_id: 17 | # ordering_service_enrollment_secret: 18 | ca_name: "{{ organization_name }} CA" 19 | # ca_resources: 20 | # ca_storage: 21 | # ca_version: 22 | ordering_service_name: Ordering Service 23 | ordering_service_nodes: 1 24 | # ordering_service_resources: 25 | # ordering_service_storage: 26 | # ordering_service_version: 27 | wallet: "{{ playbook_dir }}" 28 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 29 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 30 | -------------------------------------------------------------------------------- /roles/ordering_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: Ansible role for building Hyperledger Fabric components for an ordering organization using the IBM Blockchain Platform 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/ordering_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if API endpoint not specified 6 | fail: 7 | msg: api_endpoint not specified or is empty 8 | when: not api_endpoint is defined or not api_endpoint 9 | 10 | - name: Fail if API authentication type not specified 11 | fail: 12 | msg: api_authtype not specified or is not one of "ibmcloud" or "basic" 13 | when: not api_authtype is defined or not api_authtype in ("ibmcloud", "basic") 14 | 15 | - name: Fail if API key not specified 16 | fail: 17 | msg: api_key not specified or is empty 18 | when: not api_key is defined or not api_key 19 | 20 | - name: Fail if API secret not specified 21 | fail: 22 | msg: api_secret not specified or is empty 23 | when: (api_authtype == "basic") and (not api_secret is defined or not api_secret) 24 | 25 | - name: Fail if organization name not specified 26 | fail: 27 | msg: organization_name not specified or is empty 28 | when: not organization_name is defined or not organization_name 29 | 30 | - name: Create ordering organization 31 | include_tasks: create.yml 32 | when: state == "present" 33 | 34 | - name: Delete ordering organization 35 | include_tasks: delete.yml 36 | when: state == "absent" 37 | -------------------------------------------------------------------------------- /tests/integration/integration_config.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | api_timeout: 60 10 | k8s_namespace: ibp 11 | test_run_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 12 | short_test_run_id: xxxxxxxx 13 | wait_timeout: 600 14 | 15 | ca_version: ">=1.4,<2.0" 16 | peer_version: ">=2.2,<3.0" 17 | ordering_service_version: ">=2.2,<3.0" 18 | -------------------------------------------------------------------------------- /tests/integration/targets/it_certificate_authority/tasks/assertions.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Assertions 6 | assert: 7 | that: 8 | - result is success 9 | - "result is {{ 'changed' if expected_change else 'not changed' }}" 10 | - result.certificate_authority.name == ca_name 11 | 12 | - name: Get CA info from CA 13 | uri: 14 | url: "{{ result.certificate_authority.api_url }}/cainfo" 15 | validate_certs: no 16 | until: result.status == 200 17 | retries: 60 18 | delay: 1 19 | register: result 20 | 21 | - name: Assertions 22 | assert: 23 | that: 24 | - result.json.result.CAChain is defined 25 | 26 | - name: Get CA info from Kubernetes 27 | k8s_info: 28 | api_version: ibp.com/v1alpha2 29 | kind: IBPCA 30 | namespace: "{{ k8s_namespace }}" 31 | name: "{{ k8s_name }}" 32 | register: result 33 | 34 | - name: Assertions 35 | assert: 36 | that: 37 | - result is success 38 | - result.resources 39 | - result.resources[0].spec.configoverride.ca.registry.identities[0].name == expected_enrollment_id 40 | - result.resources[0].spec.configoverride.ca.registry.identities[0].pass == expected_enrollment_secret 41 | - result.resources[0].spec.resources.ca.requests.cpu == expected_cpu 42 | - result.resources[0].spec.resources.ca.requests.memory == expected_memory 43 | - result.resources[0].spec.storage.ca.size == expected_storage_size 44 | -------------------------------------------------------------------------------- /tests/integration/targets/it_endorsing_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Set test facts 6 | set_fact: 7 | organization_name: "Test Org {{ short_test_run_id }}" 8 | organization_msp_id: "TestOrg{{ short_test_run_id }}MSP" 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: orgadmin 12 | organization_admin_enrollment_secret: orgadminpw 13 | peer_enrollment_id: peer 14 | peer_enrollment_secret: peerpw 15 | k8s_namespace: "{{ k8s_namespace | mandatory }}" 16 | wait_timeout: "{{ wait_timeout | mandatory }}" 17 | 18 | - name: Run tests 19 | block: 20 | - name: Create endorsing organization 21 | include_role: 22 | name: ibm.blockchain_platform.endorsing_organization 23 | vars: 24 | state: present 25 | register: result 26 | 27 | always: 28 | - name: Delete endorsing organization 29 | include_role: 30 | name: ibm.blockchain_platform.endorsing_organization 31 | vars: 32 | state: absent 33 | -------------------------------------------------------------------------------- /tests/integration/targets/it_ordering_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Set test facts 6 | set_fact: 7 | organization_name: "Test Org {{ short_test_run_id }}" 8 | organization_msp_id: "TestOrg{{ short_test_run_id }}MSP" 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: orgadmin 12 | organization_admin_enrollment_secret: orgadminpw 13 | ordering_service_enrollment_id: orderingservice 14 | ordering_service_enrollment_secret: orderingservicepw 15 | ordering_service_name: "Test Ordering Service {{ short_test_run_id }}" 16 | k8s_namespace: "{{ k8s_namespace | mandatory }}" 17 | wait_timeout: "{{ wait_timeout | mandatory }}" 18 | 19 | - name: Run tests 20 | block: 21 | - name: Create ordering organization 22 | include_role: 23 | name: ibm.blockchain_platform.ordering_organization 24 | vars: 25 | state: present 26 | register: result 27 | 28 | always: 29 | - name: Delete ordering organization 30 | include_role: 31 | name: ibm.blockchain_platform.ordering_organization 32 | vars: 33 | state: absent 34 | -------------------------------------------------------------------------------- /tutorial/.gitignore: -------------------------------------------------------------------------------- 1 | *.json 2 | *.bin 3 | -------------------------------------------------------------------------------- /tutorial/01-create-ordering-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an ordering organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ ordering_org_name }}" 10 | organization_msp_id: "{{ ordering_service_msp }}" 11 | vars_files: 12 | - common-vars.yml 13 | - ordering-org-vars.yml 14 | roles: 15 | - ibm.blockchain_platform.ordering_organization 16 | -------------------------------------------------------------------------------- /tutorial/02-create-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ org1_name }}" 10 | organization_msp_id: "{{ org1_msp_id }}" 11 | ca_name: "{{ org1_ca_name }}" 12 | peer_name: "{{ org1_peer_name }}" 13 | vars_files: 14 | - common-vars.yml 15 | - org1-vars.yml 16 | roles: 17 | - ibm.blockchain_platform.endorsing_organization 18 | -------------------------------------------------------------------------------- /tutorial/03-export-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Get the organization 12 | ibm.blockchain_platform.organization_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ org1_name }}" 19 | register: result 20 | 21 | - name: Fail if the organization does not exist 22 | fail: 23 | msg: "Organization {{ org1_name }} does not exist" 24 | when: not result.exists 25 | 26 | - name: Store the organization in a file 27 | copy: 28 | content: "{{ result.organization | to_nice_json }}" 29 | dest: "{{ org1_name }}.json" 30 | -------------------------------------------------------------------------------- /tutorial/04-import-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - ordering-org-vars.yml 10 | tasks: 11 | - name: Import the organization 12 | ibm.blockchain_platform.external_organization: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | organization: "{{ lookup('file', org1_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/07-export-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - ordering-org-vars.yml 10 | tasks: 11 | - name: Get the ordering service 12 | ibm.blockchain_platform.ordering_service_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ ordering_service_name }}" 19 | register: result 20 | 21 | - name: Fail if the ordering service does not exist 22 | fail: 23 | msg: Ordering service does not exist 24 | when: not result.exists 25 | 26 | - name: Store the ordering service in a file 27 | copy: 28 | content: "{{ result.ordering_service | to_nice_json }}" 29 | dest: "{{ ordering_service_name }}.json" 30 | -------------------------------------------------------------------------------- /tutorial/08-import-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Import the ordering service 12 | ibm.blockchain_platform.external_ordering_service: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | ordering_service: "{{ lookup('file', ordering_service_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/09-admins-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "ADMIN" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/09-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/09-lifecycle-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/09-readers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/09-writers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/10-join-peer-to-channel.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Join the channel 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Fetch the genesis block for the channel 12 | ibm.blockchain_platform.channel_block: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | operation: fetch 19 | ordering_service: "{{ ordering_service_name }}" 20 | identity: "{{ org1_name }} Admin.json" 21 | msp_id: "{{ org1_msp_id }}" 22 | name: "{{ channel_name }}" 23 | target: "0" 24 | path: channel_genesis_block.bin 25 | 26 | - name: Join the peer to the channel 27 | ibm.blockchain_platform.peer_channel: 28 | api_endpoint: "{{ api_endpoint }}" 29 | api_authtype: "{{ api_authtype }}" 30 | api_key: "{{ api_key }}" 31 | api_secret: "{{ api_secret | default(omit) }}" 32 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 33 | operation: join 34 | peer: "{{ org1_peer_name }}" 35 | identity: "{{ org1_name }} Admin.json" 36 | msp_id: "{{ org1_msp_id }}" 37 | path: channel_genesis_block.bin 38 | -------------------------------------------------------------------------------- /tutorial/12-create-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ org2_name }}" 10 | organization_msp_id: "{{ org2_msp_id }}" 11 | ca_name: "{{ org2_ca_name }}" 12 | peer_name: "{{ org2_peer_name }}" 13 | vars_files: 14 | - common-vars.yml 15 | - org2-vars.yml 16 | roles: 17 | - ibm.blockchain_platform.endorsing_organization 18 | -------------------------------------------------------------------------------- /tutorial/13-export-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Get the organization 12 | ibm.blockchain_platform.organization_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ org2_name }}" 19 | register: result 20 | 21 | - name: Fail if the organization does not exist 22 | fail: 23 | msg: "Organization {{ org2_name }} does not exist" 24 | when: not result.exists 25 | 26 | - name: Store the organization in a file 27 | copy: 28 | content: "{{ result.organization | to_nice_json }}" 29 | dest: "{{ org2_name }}.json" 30 | -------------------------------------------------------------------------------- /tutorial/14-import-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Import the organization 12 | ibm.blockchain_platform.external_organization: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | organization: "{{ lookup('file', org2_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/15-admins-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "ADMIN" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "ADMIN" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/15-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/15-lifecycle-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/15-readers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/15-writers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/16-import-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Import the ordering service 12 | ibm.blockchain_platform.external_ordering_service: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | ordering_service: "{{ lookup('file', ordering_service_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/17-join-peer-to-channel.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Join the channel 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Fetch the genesis block for the channel 12 | ibm.blockchain_platform.channel_block: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | operation: fetch 19 | ordering_service: "{{ ordering_service_name }}" 20 | identity: "{{ org2_name }} Admin.json" 21 | msp_id: "{{ org2_msp_id }}" 22 | name: "{{ channel_name }}" 23 | target: "0" 24 | path: channel_genesis_block.bin 25 | 26 | - name: Join the peer to the channel 27 | ibm.blockchain_platform.peer_channel: 28 | api_endpoint: "{{ api_endpoint }}" 29 | api_authtype: "{{ api_authtype }}" 30 | api_key: "{{ api_key }}" 31 | api_secret: "{{ api_secret | default(omit) }}" 32 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 33 | operation: join 34 | peer: "{{ org2_peer_name }}" 35 | identity: "{{ org2_name }} Admin.json" 36 | msp_id: "{{ org2_msp_id }}" 37 | path: channel_genesis_block.bin 38 | -------------------------------------------------------------------------------- /tutorial/19-install-and-approve-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Install and approve chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Install the chaincode on the peer 12 | ibm.blockchain_platform.installed_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org1_peer_name }}" 19 | identity: "{{ org1_name }} Admin.json" 20 | msp_id: "{{ org1_msp_id }}" 21 | path: "{{ smart_contract_package }}" 22 | register: result 23 | 24 | - name: Approve the chaincode on the channel 25 | ibm.blockchain_platform.approved_chaincode: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | peer: "{{ org1_peer_name }}" 32 | identity: "{{ org1_name }} Admin.json" 33 | msp_id: "{{ org1_msp_id }}" 34 | channel: "{{ channel_name }}" 35 | name: "{{ smart_contract_name }}" 36 | version: "{{ smart_contract_version }}" 37 | package_id: "{{ result.installed_chaincode.package_id }}" 38 | sequence: "{{ smart_contract_sequence }}" 39 | endorsement_policy: "{{ smart_contract_endorsement_policy | default(omit) }}" 40 | collections_config: "{{ smart_contract_collections_file | default(omit) }}" 41 | -------------------------------------------------------------------------------- /tutorial/20-install-and-approve-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Install and approve chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Install the chaincode on the peer 12 | ibm.blockchain_platform.installed_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org2_peer_name }}" 19 | identity: "{{ org2_name }} Admin.json" 20 | msp_id: "{{ org2_msp_id }}" 21 | path: "{{ smart_contract_package }}" 22 | register: result 23 | 24 | - name: Approve the chaincode on the channel 25 | ibm.blockchain_platform.approved_chaincode: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | peer: "{{ org2_peer_name }}" 32 | identity: "{{ org2_name }} Admin.json" 33 | msp_id: "{{ org2_msp_id }}" 34 | channel: "{{ channel_name }}" 35 | name: "{{ smart_contract_name }}" 36 | version: "{{ smart_contract_version }}" 37 | package_id: "{{ result.installed_chaincode.package_id }}" 38 | sequence: "{{ smart_contract_sequence }}" 39 | endorsement_policy: "{{ smart_contract_endorsement_policy | default(omit) }}" 40 | collections_config: "{{ smart_contract_collections_file | default(omit) }}" 41 | -------------------------------------------------------------------------------- /tutorial/21-commit-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Commit chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Commit the chaincode on the channel 12 | ibm.blockchain_platform.committed_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org1_peer_name }}" 19 | identity: "{{ org1_name }} Admin.json" 20 | msp_id: "{{ org1_msp_id }}" 21 | channel: "{{ channel_name }}" 22 | organizations: 23 | - "{{ org1_name }}" 24 | - "{{ org2_name }}" 25 | name: "{{ smart_contract_name }}" 26 | version: "{{ smart_contract_version }}" 27 | sequence: "{{ smart_contract_sequence }}" 28 | endorsement_policy: "{{ smart_contract_endorsement_policy | default(omit) }}" 29 | collections_config: "{{ smart_contract_collections_file | default(omit) }}" 30 | -------------------------------------------------------------------------------- /tutorial/22-register-application.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Register application 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Register a new identity 12 | ibm.blockchain_platform.registered_identity: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | certificate_authority: "{{ org1_ca_name }}" 19 | registrar: "{{ org1_ca_name }} Admin.json" 20 | enrollment_id: "{{ application_enrollment_id }}" 21 | enrollment_secret: "{{ application_enrollment_secret }}" 22 | max_enrollments: "{{ application_max_enrollments }}" 23 | type: "{{ application_enrollment_type }}" 24 | attributes: 25 | - name: "{{ smart_contract_name }}.admin" 26 | value: "true" 27 | 28 | - name: Create a connection profile 29 | ibm.blockchain_platform.connection_profile: 30 | api_endpoint: "{{ api_endpoint }}" 31 | api_authtype: "{{ api_authtype }}" 32 | api_key: "{{ api_key }}" 33 | api_secret: "{{ api_secret | default(omit) }}" 34 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 35 | name: "{{ org1_name }} Gateway" 36 | path: "{{ org1_name }} Gateway.json" 37 | organization: "{{ org1_name }}" 38 | certificate_authority: "{{ org1_ca_name }}" 39 | peers: 40 | - "{{ org1_peer_name }}" 41 | -------------------------------------------------------------------------------- /tutorial/23-register-application.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Register application 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Register a new identity 12 | ibm.blockchain_platform.registered_identity: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | certificate_authority: "{{ org2_ca_name }}" 19 | registrar: "{{ org2_ca_name }} Admin.json" 20 | enrollment_id: "{{ application_enrollment_id }}" 21 | enrollment_secret: "{{ application_enrollment_secret }}" 22 | max_enrollments: "{{ application_max_enrollments }}" 23 | type: "{{ application_enrollment_type }}" 24 | attributes: 25 | - name: "{{ smart_contract_name }}.admin" 26 | value: "true" 27 | 28 | - name: Create a connection profile 29 | ibm.blockchain_platform.connection_profile: 30 | api_endpoint: "{{ api_endpoint }}" 31 | api_authtype: "{{ api_authtype }}" 32 | api_key: "{{ api_key }}" 33 | api_secret: "{{ api_secret | default(omit) }}" 34 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 35 | name: "{{ org2_name }} Gateway" 36 | path: "{{ org2_name }} Gateway.json" 37 | organization: "{{ org2_name }}" 38 | certificate_authority: "{{ org2_ca_name }}" 39 | peers: 40 | - "{{ org2_peer_name }}" 41 | -------------------------------------------------------------------------------- /tutorial/97-delete-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ org1_name }}" 10 | ca_name: "{{ org1_ca_name }}" 11 | peer_name: "{{ org1_peer_name }}" 12 | vars_files: 13 | - common-vars.yml 14 | - org1-vars.yml 15 | roles: 16 | - ibm.blockchain_platform.endorsing_organization 17 | 18 | - name: Remove imported components 19 | hosts: localhost 20 | vars_files: 21 | - common-vars.yml 22 | - org1-vars.yml 23 | tasks: 24 | - name: Remove imported ordering service 25 | ibm.blockchain_platform.external_ordering_service: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | state: absent 32 | name: "{{ ordering_service_name }}" 33 | when: import_export_used | default(false) 34 | 35 | - name: Remove imported organization 36 | ibm.blockchain_platform.external_organization: 37 | api_endpoint: "{{ api_endpoint }}" 38 | api_authtype: "{{ api_authtype }}" 39 | api_key: "{{ api_key }}" 40 | api_secret: "{{ api_secret | default(omit) }}" 41 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 42 | state: absent 43 | name: "{{ org2_name }}" 44 | when: import_export_used | default(false) 45 | -------------------------------------------------------------------------------- /tutorial/98-delete-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ org2_name }}" 10 | ca_name: "{{ org2_ca_name }}" 11 | peer_name: "{{ org2_peer_name }}" 12 | vars_files: 13 | - common-vars.yml 14 | - org2-vars.yml 15 | roles: 16 | - ibm.blockchain_platform.endorsing_organization 17 | 18 | - name: Remove imported components 19 | hosts: localhost 20 | vars_files: 21 | - common-vars.yml 22 | - org2-vars.yml 23 | tasks: 24 | - name: Remove imported ordering service 25 | ibm.blockchain_platform.external_ordering_service: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | state: absent 32 | name: "{{ ordering_service_name }}" 33 | when: import_export_used | default(false) 34 | -------------------------------------------------------------------------------- /tutorial/99-delete-ordering-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an ordering organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ ordering_org_name }}" 10 | vars_files: 11 | - common-vars.yml 12 | - ordering-org-vars.yml 13 | roles: 14 | - ibm.blockchain_platform.ordering_organization 15 | 16 | - name: Remove imported components 17 | hosts: localhost 18 | vars_files: 19 | - common-vars.yml 20 | - ordering-org-vars.yml 21 | tasks: 22 | - name: Remove imported organization 23 | ibm.blockchain_platform.external_organization: 24 | api_endpoint: "{{ api_endpoint }}" 25 | api_authtype: "{{ api_authtype }}" 26 | api_key: "{{ api_key }}" 27 | api_secret: "{{ api_secret | default(omit) }}" 28 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 29 | state: absent 30 | name: "{{ org1_name }}" 31 | when: import_export_used | default(false) 32 | -------------------------------------------------------------------------------- /tutorial/common-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | # These vars are used in more than one file, 6 | # i.e. needed by multiple orgs so can't just live in a per org file 7 | ordering_org_name: "Ordering Org" 8 | ordering_service_name: "Ordering Service" 9 | org1_name: "Org1" 10 | org1_msp_id: Org1MSP 11 | org2_name: "Org2" 12 | org2_msp_id: Org2MSP 13 | channel_name: "mychannel" 14 | smart_contract_name: "fabcar" 15 | smart_contract_version: "1.0.0" 16 | smart_contract_sequence: 1 17 | smart_contract_package: "fabcar@1.0.0.tgz" 18 | # smart_contract_constructor: "initLedger" 19 | # smart_contract_endorsement_policy: "" 20 | # smart_contract_collections_file: "" 21 | ca_version: ">=1.4,<2.0" 22 | peer_version: ">=2.2,<3.0" 23 | ordering_service_version: ">=2.2,<3.0" 24 | -------------------------------------------------------------------------------- /tutorial/deploy_smart_contract.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | cd "$(dirname "$0")" 4 | function usage { 5 | echo "Usage: deploy_smart_contract.sh" 1>&2 6 | exit 1 7 | } 8 | while getopts ":" OPT; do 9 | case ${OPT} in 10 | \?) 11 | usage 12 | ;; 13 | esac 14 | done 15 | set -x 16 | ansible-playbook 19-install-and-approve-chaincode.yml 17 | ansible-playbook 20-install-and-approve-chaincode.yml 18 | ansible-playbook 21-commit-chaincode.yml 19 | ansible-playbook 22-register-application.yml 20 | ansible-playbook 23-register-application.yml 21 | set +x -------------------------------------------------------------------------------- /tutorial/fabcar@1.0.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IBM-Blockchain/ansible-collection/461b662668d55d7de1136e991683109fe15f8645/tutorial/fabcar@1.0.0.tgz -------------------------------------------------------------------------------- /tutorial/ordering-org-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: orderingorgadmin 12 | organization_admin_enrollment_secret: orderingorgadminpw 13 | ordering_service_enrollment_id: orderingorgorderer 14 | ordering_service_enrollment_secret: orderingorgordererpw 15 | ordering_service_msp: OrdererMSP 16 | ordering_service_nodes: 1 17 | wait_timeout: 600 18 | -------------------------------------------------------------------------------- /tutorial/org1-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: org1admin 12 | organization_admin_enrollment_secret: org1adminpw 13 | peer_enrollment_id: org1peer 14 | peer_enrollment_secret: org1peerpw 15 | application_enrollment_id: org1app 16 | application_enrollment_secret: org1apppw 17 | application_enrollment_type: client 18 | application_max_enrollments: 10 19 | org1_ca_name: "Org1 CA" 20 | org1_peer_name: "Org1 Peer" 21 | wait_timeout: 600 22 | -------------------------------------------------------------------------------- /tutorial/org2-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: org2admin 12 | organization_admin_enrollment_secret: org2adminpw 13 | peer_enrollment_id: org2peer 14 | peer_enrollment_secret: org2peerpw 15 | application_enrollment_id: org2app 16 | application_enrollment_secret: org2apppw 17 | application_enrollment_type: client 18 | application_max_enrollments: 10 19 | org2_ca_name: "Org2 CA" 20 | org2_peer_name: "Org2 Peer" 21 | wait_timeout: 600 22 | -------------------------------------------------------------------------------- /tutorial/v1.x/01-create-ordering-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an ordering organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ ordering_org_name }}" 10 | organization_msp_id: "{{ ordering_service_msp }}" 11 | vars_files: 12 | - common-vars.yml 13 | - ordering-org-vars.yml 14 | roles: 15 | - ibm.blockchain_platform.ordering_organization 16 | -------------------------------------------------------------------------------- /tutorial/v1.x/02-create-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ org1_name }}" 10 | organization_msp_id: "{{ org1_msp_id }}" 11 | ca_name: "{{ org1_ca_name }}" 12 | peer_name: "{{ org1_peer_name }}" 13 | vars_files: 14 | - common-vars.yml 15 | - org1-vars.yml 16 | roles: 17 | - ibm.blockchain_platform.endorsing_organization 18 | -------------------------------------------------------------------------------- /tutorial/v1.x/03-export-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Get the organization 12 | ibm.blockchain_platform.organization_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ org1_name }}" 19 | register: result 20 | 21 | - name: Fail if the organization does not exist 22 | fail: 23 | msg: "Organization {{ org1_name }} does not exist" 24 | when: not result.exists 25 | 26 | - name: Store the organization in a file 27 | copy: 28 | content: "{{ result.organization | to_nice_json }}" 29 | dest: "{{ org1_name }}.json" 30 | -------------------------------------------------------------------------------- /tutorial/v1.x/04-import-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - ordering-org-vars.yml 10 | tasks: 11 | - name: Import the organization 12 | ibm.blockchain_platform.external_organization: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | organization: "{{ lookup('file', org1_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/v1.x/06-export-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - ordering-org-vars.yml 10 | tasks: 11 | - name: Get the ordering service 12 | ibm.blockchain_platform.ordering_service_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ ordering_service_name }}" 19 | register: result 20 | 21 | - name: Fail if the ordering service does not exist 22 | fail: 23 | msg: Ordering service does not exist 24 | when: not result.exists 25 | 26 | - name: Store the ordering service in a file 27 | copy: 28 | content: "{{ result.ordering_service | to_nice_json }}" 29 | dest: "{{ ordering_service_name }}.json" 30 | -------------------------------------------------------------------------------- /tutorial/v1.x/07-import-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Import the ordering service 12 | ibm.blockchain_platform.external_ordering_service: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | ordering_service: "{{ lookup('file', ordering_service_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/v1.x/08-admins-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "ADMIN" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/v1.x/08-readers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/v1.x/08-writers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/v1.x/09-join-peer-to-channel.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Join the channel 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Fetch the genesis block for the channel 12 | ibm.blockchain_platform.channel_block: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | operation: fetch 19 | ordering_service: "{{ ordering_service_name }}" 20 | identity: "{{ org1_name }} Admin.json" 21 | msp_id: "{{ org1_msp_id }}" 22 | name: "{{ channel_name }}" 23 | target: "0" 24 | path: channel_genesis_block.bin 25 | 26 | - name: Join the peer to the channel 27 | ibm.blockchain_platform.peer_channel: 28 | api_endpoint: "{{ api_endpoint }}" 29 | api_authtype: "{{ api_authtype }}" 30 | api_key: "{{ api_key }}" 31 | api_secret: "{{ api_secret | default(omit) }}" 32 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 33 | operation: join 34 | peer: "{{ org1_peer_name }}" 35 | identity: "{{ org1_name }} Admin.json" 36 | msp_id: "{{ org1_msp_id }}" 37 | path: channel_genesis_block.bin 38 | -------------------------------------------------------------------------------- /tutorial/v1.x/11-create-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ org2_name }}" 10 | organization_msp_id: "{{ org2_msp_id }}" 11 | ca_name: "{{ org2_ca_name }}" 12 | peer_name: "{{ org2_peer_name }}" 13 | vars_files: 14 | - common-vars.yml 15 | - org2-vars.yml 16 | roles: 17 | - ibm.blockchain_platform.endorsing_organization 18 | -------------------------------------------------------------------------------- /tutorial/v1.x/12-export-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Get the organization 12 | ibm.blockchain_platform.organization_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ org2_name }}" 19 | register: result 20 | 21 | - name: Fail if the organization does not exist 22 | fail: 23 | msg: "Organization {{ org2_name }} does not exist" 24 | when: not result.exists 25 | 26 | - name: Store the organization in a file 27 | copy: 28 | content: "{{ result.organization | to_nice_json }}" 29 | dest: "{{ org2_name }}.json" 30 | -------------------------------------------------------------------------------- /tutorial/v1.x/13-import-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Import the organization 12 | ibm.blockchain_platform.external_organization: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | organization: "{{ lookup('file', org2_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/v1.x/14-admins-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "ADMIN" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "ADMIN" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/v1.x/14-readers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/v1.x/14-writers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/v1.x/15-import-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Import the ordering service 12 | ibm.blockchain_platform.external_ordering_service: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | ordering_service: "{{ lookup('file', ordering_service_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/v1.x/16-join-peer-to-channel.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Join the channel 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Fetch the genesis block for the channel 12 | ibm.blockchain_platform.channel_block: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | operation: fetch 19 | ordering_service: "{{ ordering_service_name }}" 20 | identity: "{{ org2_name }} Admin.json" 21 | msp_id: "{{ org2_msp_id }}" 22 | name: "{{ channel_name }}" 23 | target: "0" 24 | path: channel_genesis_block.bin 25 | 26 | - name: Join the peer to the channel 27 | ibm.blockchain_platform.peer_channel: 28 | api_endpoint: "{{ api_endpoint }}" 29 | api_authtype: "{{ api_authtype }}" 30 | api_key: "{{ api_key }}" 31 | api_secret: "{{ api_secret | default(omit) }}" 32 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 33 | operation: join 34 | peer: "{{ org2_peer_name }}" 35 | identity: "{{ org2_name }} Admin.json" 36 | msp_id: "{{ org2_msp_id }}" 37 | path: channel_genesis_block.bin 38 | -------------------------------------------------------------------------------- /tutorial/v1.x/18-install-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Install chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Install the chaincode on the peer 12 | ibm.blockchain_platform.installed_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org1_peer_name }}" 19 | identity: "{{ org1_name }} Admin.json" 20 | msp_id: "{{ org1_msp_id }}" 21 | path: "{{ smart_contract_package }}" 22 | -------------------------------------------------------------------------------- /tutorial/v1.x/19-install-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Install chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Install the chaincode on the peer 12 | ibm.blockchain_platform.installed_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org2_peer_name }}" 19 | identity: "{{ org2_name }} Admin.json" 20 | msp_id: "{{ org2_msp_id }}" 21 | path: "{{ smart_contract_package }}" 22 | -------------------------------------------------------------------------------- /tutorial/v1.x/20-instantiate-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Instantiate chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Instantiate the chaincode on the channel 12 | ibm.blockchain_platform.instantiated_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org1_peer_name }}" 19 | identity: "{{ org1_name }} Admin.json" 20 | msp_id: "{{ org1_msp_id }}" 21 | channel: "{{ channel_name }}" 22 | name: "{{ smart_contract_name }}" 23 | constructor: 24 | function: "{{ smart_contract_constructor | default(omit) }}" 25 | version: "{{ smart_contract_version }}" 26 | endorsement_policy: "{{ smart_contract_endorsement_policy | default(omit) }}" 27 | collections_config: "{{ smart_contract_collections_file | default(omit) }}" 28 | -------------------------------------------------------------------------------- /tutorial/v1.x/21-register-application.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Register application 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Register a new identity 12 | ibm.blockchain_platform.registered_identity: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | certificate_authority: "{{ org1_ca_name }}" 19 | registrar: "{{ org1_ca_name }} Admin.json" 20 | enrollment_id: "{{ application_enrollment_id }}" 21 | enrollment_secret: "{{ application_enrollment_secret }}" 22 | max_enrollments: "{{ application_max_enrollments }}" 23 | type: "{{ application_enrollment_type }}" 24 | attributes: 25 | - name: "{{ smart_contract_name }}.admin" 26 | value: "true" 27 | 28 | - name: Create a connection profile 29 | ibm.blockchain_platform.connection_profile: 30 | api_endpoint: "{{ api_endpoint }}" 31 | api_authtype: "{{ api_authtype }}" 32 | api_key: "{{ api_key }}" 33 | api_secret: "{{ api_secret | default(omit) }}" 34 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 35 | name: "{{ org1_name }} Gateway" 36 | path: "{{ org1_name }} Gateway.json" 37 | organization: "{{ org1_name }}" 38 | certificate_authority: "{{ org1_ca_name }}" 39 | peers: 40 | - "{{ org1_peer_name }}" 41 | -------------------------------------------------------------------------------- /tutorial/v1.x/22-register-application.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Register application 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Register a new identity 12 | ibm.blockchain_platform.registered_identity: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | certificate_authority: "{{ org2_ca_name }}" 19 | registrar: "{{ org2_ca_name }} Admin.json" 20 | enrollment_id: "{{ application_enrollment_id }}" 21 | enrollment_secret: "{{ application_enrollment_secret }}" 22 | max_enrollments: "{{ application_max_enrollments }}" 23 | type: "{{ application_enrollment_type }}" 24 | attributes: 25 | - name: "{{ smart_contract_name }}.admin" 26 | value: "true" 27 | 28 | - name: Create a connection profile 29 | ibm.blockchain_platform.connection_profile: 30 | api_endpoint: "{{ api_endpoint }}" 31 | api_authtype: "{{ api_authtype }}" 32 | api_key: "{{ api_key }}" 33 | api_secret: "{{ api_secret | default(omit) }}" 34 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 35 | name: "{{ org2_name }} Gateway" 36 | path: "{{ org2_name }} Gateway.json" 37 | organization: "{{ org2_name }}" 38 | certificate_authority: "{{ org2_ca_name }}" 39 | peers: 40 | - "{{ org2_peer_name }}" 41 | -------------------------------------------------------------------------------- /tutorial/v1.x/97-delete-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ org1_name }}" 10 | ca_name: "{{ org1_ca_name }}" 11 | peer_name: "{{ org1_peer_name }}" 12 | vars_files: 13 | - common-vars.yml 14 | - org1-vars.yml 15 | roles: 16 | - ibm.blockchain_platform.endorsing_organization 17 | 18 | - name: Remove imported components 19 | hosts: localhost 20 | vars_files: 21 | - common-vars.yml 22 | - org1-vars.yml 23 | tasks: 24 | - name: Remove imported ordering service 25 | ibm.blockchain_platform.external_ordering_service: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | state: absent 32 | name: "{{ ordering_service_name }}" 33 | when: import_export_used | default(false) 34 | 35 | - name: Remove imported organization 36 | ibm.blockchain_platform.external_organization: 37 | api_endpoint: "{{ api_endpoint }}" 38 | api_authtype: "{{ api_authtype }}" 39 | api_key: "{{ api_key }}" 40 | api_secret: "{{ api_secret | default(omit) }}" 41 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 42 | state: absent 43 | name: "{{ org2_name }}" 44 | when: import_export_used | default(false) 45 | -------------------------------------------------------------------------------- /tutorial/v1.x/98-delete-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ org2_name }}" 10 | ca_name: "{{ org2_ca_name }}" 11 | peer_name: "{{ org2_peer_name }}" 12 | vars_files: 13 | - common-vars.yml 14 | - org2-vars.yml 15 | roles: 16 | - ibm.blockchain_platform.endorsing_organization 17 | 18 | - name: Remove imported components 19 | hosts: localhost 20 | vars_files: 21 | - common-vars.yml 22 | - org2-vars.yml 23 | tasks: 24 | - name: Remove imported ordering service 25 | ibm.blockchain_platform.external_ordering_service: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | state: absent 32 | name: "{{ ordering_service_name }}" 33 | when: import_export_used | default(false) 34 | -------------------------------------------------------------------------------- /tutorial/v1.x/99-delete-ordering-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an ordering organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ ordering_org_name }}" 10 | vars_files: 11 | - common-vars.yml 12 | - ordering-org-vars.yml 13 | roles: 14 | - ibm.blockchain_platform.ordering_organization 15 | 16 | - name: Remove imported components 17 | hosts: localhost 18 | vars_files: 19 | - common-vars.yml 20 | - ordering-org-vars.yml 21 | tasks: 22 | - name: Remove imported organization 23 | ibm.blockchain_platform.external_organization: 24 | api_endpoint: "{{ api_endpoint }}" 25 | api_authtype: "{{ api_authtype }}" 26 | api_key: "{{ api_key }}" 27 | api_secret: "{{ api_secret | default(omit) }}" 28 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 29 | state: absent 30 | name: "{{ org1_name }}" 31 | when: import_export_used | default(false) 32 | -------------------------------------------------------------------------------- /tutorial/v1.x/common-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | # These vars are used in more than one file, 6 | # i.e. needed by multiple orgs so can't just live in a per org file 7 | ordering_org_name: "Ordering Org" 8 | ordering_service_name: "Ordering Service" 9 | org1_name: "Org1" 10 | org1_msp_id: Org1MSP 11 | org2_name: "Org2" 12 | org2_msp_id: Org2MSP 13 | channel_name: "mychannel" 14 | smart_contract_name: "fabcar" 15 | smart_contract_version: "1.0.0" 16 | smart_contract_package: "fabcar@1.0.0.cds" 17 | # smart_contract_constructor: "initLedger" 18 | # smart_contract_endorsement_policy: "" 19 | # smart_contract_collections_file: "" 20 | -------------------------------------------------------------------------------- /tutorial/v1.x/deploy_smart_contract.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | cd "$(dirname "$0")" 4 | function usage { 5 | echo "Usage: deploy_smart_contract.sh" 1>&2 6 | exit 1 7 | } 8 | while getopts ":" OPT; do 9 | case ${OPT} in 10 | \?) 11 | usage 12 | ;; 13 | esac 14 | done 15 | set -x 16 | ansible-playbook 18-install-chaincode.yml 17 | ansible-playbook 19-install-chaincode.yml 18 | ansible-playbook 20-instantiate-chaincode.yml 19 | ansible-playbook 21-register-application.yml 20 | ansible-playbook 22-register-application.yml 21 | set +x -------------------------------------------------------------------------------- /tutorial/v1.x/fabcar@1.0.0.cds: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/IBM-Blockchain/ansible-collection/461b662668d55d7de1136e991683109fe15f8645/tutorial/v1.x/fabcar@1.0.0.cds -------------------------------------------------------------------------------- /tutorial/v1.x/ordering-org-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: orderingorgadmin 12 | organization_admin_enrollment_secret: orderingorgadminpw 13 | ordering_service_enrollment_id: orderingorgorderer 14 | ordering_service_enrollment_secret: orderingorgordererpw 15 | ordering_service_msp: OrdererMSP 16 | ordering_service_nodes: 1 17 | wait_timeout: 600 18 | -------------------------------------------------------------------------------- /tutorial/v1.x/org1-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: org1admin 12 | organization_admin_enrollment_secret: org1adminpw 13 | peer_enrollment_id: org1peer 14 | peer_enrollment_secret: org1peerpw 15 | application_enrollment_id: org1app 16 | application_enrollment_secret: org1apppw 17 | application_enrollment_type: client 18 | application_max_enrollments: 10 19 | org1_ca_name: "Org1 CA" 20 | org1_peer_name: "Org1 Peer" 21 | wait_timeout: 600 22 | -------------------------------------------------------------------------------- /tutorial/v1.x/org2-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: org2admin 12 | organization_admin_enrollment_secret: org2adminpw 13 | peer_enrollment_id: org2peer 14 | peer_enrollment_secret: org2peerpw 15 | application_enrollment_id: org2app 16 | application_enrollment_secret: org2apppw 17 | application_enrollment_type: client 18 | application_max_enrollments: 10 19 | org2_ca_name: "Org2 CA" 20 | org2_peer_name: "Org2 Peer" 21 | wait_timeout: 600 22 | --------------------------------------------------------------------------------