├── CHANGELOG.md ├── docs ├── source │ ├── modules │ │ └── .gitkeep │ ├── favicon.ico │ ├── migrating-v12-v2.rst │ ├── roles.rst │ ├── modules.rst │ └── index.rst └── Makefile ├── tutorial ├── .gitignore ├── fabcar@1.0.0.tgz ├── v1.x │ ├── fabcar@1.0.0.cds │ ├── 01-create-ordering-organization-components.yml │ ├── 02-create-endorsing-organization-components.yml │ ├── 11-create-endorsing-organization-components.yml │ ├── deploy_smart_contract.sh │ ├── ordering-org-vars.yml │ ├── 08-admins-policy.json.j2 │ ├── 08-readers-policy.json.j2 │ ├── 08-writers-policy.json.j2 │ ├── 13-import-organization.yml │ ├── common-vars.yml │ ├── 04-import-organization.yml │ ├── 07-import-ordering-service.yml │ ├── 15-import-ordering-service.yml │ ├── org1-vars.yml │ ├── org2-vars.yml │ ├── 18-install-chaincode.yml │ ├── 19-install-chaincode.yml │ ├── 14-admins-policy.json.j2 │ ├── 14-readers-policy.json.j2 │ ├── 14-writers-policy.json.j2 │ ├── 03-export-organization.yml │ ├── 12-export-organization.yml │ ├── 06-export-ordering-service.yml │ ├── 99-delete-ordering-organization-components.yml │ ├── 98-delete-endorsing-organization-components.yml │ ├── 20-instantiate-chaincode.yml │ ├── 09-join-peer-to-channel.yml │ ├── 16-join-peer-to-channel.yml │ ├── 97-delete-endorsing-organization-components.yml │ ├── 21-register-application.yml │ └── 22-register-application.yml ├── 01-create-ordering-organization-components.yml ├── 02-create-endorsing-organization-components.yml ├── 12-create-endorsing-organization-components.yml ├── deploy_smart_contract.sh ├── ordering-org-vars.yml ├── 09-admins-policy.json.j2 ├── 09-endorsement-policy.json.j2 ├── 09-readers-policy.json.j2 ├── 09-writers-policy.json.j2 ├── 09-lifecycle-endorsement-policy.json.j2 ├── 14-import-organization.yml ├── 04-import-organization.yml ├── 08-import-ordering-service.yml ├── 16-import-ordering-service.yml ├── org1-vars.yml ├── org2-vars.yml ├── common-vars.yml ├── 15-admins-policy.json.j2 ├── 15-endorsement-policy.json.j2 ├── 15-readers-policy.json.j2 ├── 15-writers-policy.json.j2 ├── 03-export-organization.yml ├── 13-export-organization.yml ├── 15-lifecycle-endorsement-policy.json.j2 ├── 07-export-ordering-service.yml ├── 99-delete-ordering-organization-components.yml ├── 98-delete-endorsing-organization-components.yml ├── 21-commit-chaincode.yml ├── 10-join-peer-to-channel.yml ├── 17-join-peer-to-channel.yml ├── 97-delete-endorsing-organization-components.yml ├── 22-register-application.yml ├── 23-register-application.yml ├── 19-install-and-approve-chaincode.yml └── 20-install-and-approve-chaincode.yml ├── examples ├── add-admin-cert │ ├── .gitignore │ ├── vars.yml │ ├── 04-update-channels-member.yml │ └── 05-update-channels-admin.yml ├── opensource-stack │ ├── 02-console-install.yml │ ├── 01-operator-install.yml │ ├── vars.yml │ ├── templates │ │ ├── coredns │ │ │ └── coredns.yaml.j2 │ │ └── ingress │ │ │ ├── kustomization.yaml │ │ │ └── ingress-nginx-controller.yaml │ └── 90-KIND-ingress.yml ├── create-ha-ca │ └── vars.yml ├── enable-fabricv2-capability │ ├── vars.yml │ ├── endorsement-policy.json │ └── 02-enable-fabricv2-channels.yml ├── update-channel-parameters │ └── vars.yml └── create-intermediate-ca │ └── vars.yml ├── meta └── runtime.yml ├── .flake8 ├── roles ├── console │ ├── tasks │ │ ├── delete.yml │ │ ├── main.yml │ │ └── create.yml │ ├── meta │ │ └── main.yml │ ├── templates │ │ ├── k8s │ │ │ ├── role_binding.yml.j2 │ │ │ ├── image_pull_secret.yml.j2 │ │ │ ├── cluster_role_binding.yml.j2 │ │ │ └── pod_security_policy.yml.j2 │ │ └── openshift │ │ │ ├── cluster_role_binding.yml.j2 │ │ │ ├── image_pull_secret.yml.j2 │ │ │ └── security_context_constraints.yml.j2 │ ├── README.md │ └── defaults │ │ └── main.yml ├── fabric_console │ ├── tasks │ │ ├── delete.yml │ │ ├── main.yml │ │ └── create.yml │ ├── meta │ │ └── main.yml │ └── README.md ├── hlfsupport_console │ ├── tasks │ │ ├── delete.yml │ │ ├── main.yml │ │ └── create.yml │ ├── meta │ │ └── main.yml │ ├── templates │ │ ├── k8s │ │ │ ├── role_binding.yml.j2 │ │ │ ├── image_pull_secret.yml.j2 │ │ │ ├── cluster_role_binding.yml.j2 │ │ │ └── console.yml.j2 │ │ └── openshift │ │ │ ├── image_pull_secret.yml.j2 │ │ │ ├── cluster_role_binding.yml.j2 │ │ │ ├── security_context_constraints.yml.j2 │ │ │ └── console.yml.j2 │ ├── README.md │ └── defaults │ │ └── main.yml ├── crds │ ├── tasks │ │ ├── delete.yml │ │ ├── main.yml │ │ └── create.yml │ ├── templates │ │ ├── k8s │ │ │ ├── role.yml.j2 │ │ │ ├── role_binding.yml.j2 │ │ │ ├── service.yml.j2 │ │ │ └── image_pull_secret.yml.j2 │ │ ├── openshift │ │ │ ├── role.yml.j2 │ │ │ ├── role_binding.yml.j2 │ │ │ ├── service.yml.j2 │ │ │ ├── image_pull_secret.yml.j2 │ │ │ └── security_context_constraints.yml.j2 │ │ ├── peer-crd.yml.j2 │ │ ├── console-crd.yml.j2 │ │ └── orderer-crd.yml.j2 │ ├── meta │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ └── README.md ├── hlfsupport_crds │ ├── tasks │ │ ├── delete.yml │ │ ├── main.yml │ │ └── create.yml │ ├── templates │ │ ├── k8s │ │ │ ├── role.yml.j2 │ │ │ ├── role_binding.yml.j2 │ │ │ ├── service.yml.j2 │ │ │ └── image_pull_secret.yml.j2 │ │ ├── openshift │ │ │ ├── role.yml.j2 │ │ │ ├── role_binding.yml.j2 │ │ │ ├── service.yml.j2 │ │ │ ├── image_pull_secret.yml.j2 │ │ │ └── security_context_constraints.yml.j2 │ │ ├── peer-crd.yml.j2 │ │ ├── orderer-crd.yml.j2 │ │ └── console-crd.yml.j2 │ ├── meta │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ └── README.md ├── fabric_operator_crds │ ├── tasks │ │ ├── delete.yml │ │ ├── create.yml │ │ └── main.yml │ ├── templates │ │ ├── openshift │ │ │ ├── role.yml.j2 │ │ │ ├── role_binding.yml.j2 │ │ │ ├── service.yml.j2 │ │ │ ├── image_pull_secret.yml.j2 │ │ │ ├── rbac │ │ │ │ ├── hlf-operator-serviceaccount.yaml │ │ │ │ └── hlf-operator-clusterrolebinding.yaml.j2 │ │ │ └── security_context_constraints.yml.j2 │ │ └── k8s │ │ │ ├── coredns │ │ │ └── coredns.yaml.j2 │ │ │ ├── rbac │ │ │ ├── hlf-operator-serviceaccount.yaml │ │ │ └── hlf-operator-clusterrolebinding.yaml.j2 │ │ │ └── ingress │ │ │ ├── kustomization.yaml │ │ │ └── ingress-nginx-controller.yaml │ ├── meta │ │ └── main.yml │ └── README.md ├── endorsing_organization │ ├── meta │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ ├── README.md │ └── tasks │ │ └── main.yml ├── ordering_organization │ ├── meta │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ ├── README.md │ └── tasks │ │ └── main.yml ├── mrha_endorsing_organization │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── create.yml │ │ ├── delete.yml │ │ ├── delete │ │ │ ├── secondary-region.yml │ │ │ ├── primary-peer.yml │ │ │ └── secondary-peer.yml │ │ └── create │ │ │ └── secondary-region.yml │ ├── defaults │ │ └── main.yml │ └── README.md ├── mrha_ordering_organization │ ├── meta │ │ └── main.yml │ ├── tasks │ │ ├── main.yml │ │ ├── create.yml │ │ ├── delete.yml │ │ ├── delete │ │ │ ├── secondary-region.yml │ │ │ ├── primary-osn.yml │ │ │ └── secondary-osn.yml │ │ └── create │ │ │ └── secondary-region.yml │ ├── defaults │ │ └── main.yml │ └── README.md ├── mzha_endorsing_organization │ ├── meta │ │ └── main.yml │ ├── defaults │ │ └── main.yml │ ├── README.md │ └── tasks │ │ └── main.yml └── mzha_ordering_organization │ ├── meta │ └── main.yml │ ├── defaults │ └── main.yml │ ├── README.md │ └── tasks │ └── main.yml ├── .github ├── scripts │ ├── get-host-ip.sh │ ├── bump.sh │ ├── run-tests.sh │ ├── purge.sh │ ├── setup-tests.sh │ └── run-integration-tests.sh └── workflows │ └── purge.yml ├── .ansible-lint ├── .vscode └── settings.json ├── requirements.txt ├── .yamllint.yml ├── tests └── integration │ ├── integration_config.yml │ └── targets │ ├── it_endorsing_organization │ └── tasks │ │ └── main.yml │ ├── it_ordering_organization │ └── tasks │ │ └── main.yml │ └── it_certificate_authority │ └── tasks │ └── assertions.yml ├── plugins └── module_utils │ ├── file_utils.py │ ├── proto_utils.py │ └── dict_utils.py ├── galaxy.yml ├── docker └── docker-entrypoint.sh └── justfile /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /docs/source/modules/.gitkeep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tutorial/.gitignore: -------------------------------------------------------------------------------- 1 | *.json 2 | *.bin 3 | -------------------------------------------------------------------------------- /examples/add-admin-cert/.gitignore: -------------------------------------------------------------------------------- 1 | *.json 2 | *.bin 3 | -------------------------------------------------------------------------------- /meta/runtime.yml: -------------------------------------------------------------------------------- 1 | --- 2 | requires_ansible: ">=2.9" 3 | -------------------------------------------------------------------------------- /.flake8: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | [flake8] 5 | ignore = E501,W504 -------------------------------------------------------------------------------- /docs/source/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hyperledgendary/fabric-ansible-collection/main/docs/source/favicon.ico -------------------------------------------------------------------------------- /tutorial/fabcar@1.0.0.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hyperledgendary/fabric-ansible-collection/main/tutorial/fabcar@1.0.0.tgz -------------------------------------------------------------------------------- /tutorial/v1.x/fabcar@1.0.0.cds: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hyperledgendary/fabric-ansible-collection/main/tutorial/v1.x/fabcar@1.0.0.cds -------------------------------------------------------------------------------- /roles/console/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete console 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /roles/fabric_console/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete console 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete console 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /roles/crds/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete custom resource definitions 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /.github/scripts/get-host-ip.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cat </dev/null 5 | ip -4 route show default | cut -d' ' -f3 6 | EOF -------------------------------------------------------------------------------- /roles/hlfsupport_crds/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete custom resource definitions 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete custom resource definitions 6 | include_tasks: "{{ target }}/delete.yml" 7 | -------------------------------------------------------------------------------- /.ansible-lint: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | exclude_paths: 6 | - examples 7 | - tutorial 8 | - tests 9 | - .github 10 | - meta 11 | 12 | skip_list: 13 | - risky-file-permissions 14 | - 'fqcn-builtins' 15 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "editor.formatOnSave": true, 3 | "files.trimTrailingWhitespace": true, 4 | "python.formatting.provider": "autopep8", 5 | "python.linting.enabled": true, 6 | "python.linting.flake8Enabled": true, 7 | "esbonio.sphinx.confDir": "" 8 | } -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | ansible 5 | ansible-doc-extractor 6 | ansible-lint 7 | flake8 8 | fabric-sdk-py 9 | openshift 10 | python-pkcs11 11 | semantic_version 12 | sphinx 13 | sphinx-rtd-theme 14 | yamllint 15 | yq 16 | pytest 17 | -------------------------------------------------------------------------------- /docs/Makefile: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | 5 | all: 6 | ansible-doc-extractor --template templates/module.rst.j2 source/modules ../plugins/modules/*.py 7 | sphinx-build -b html source build 8 | touch build/.nojekyll 9 | 10 | clean: 11 | rm -rf build 12 | rm -rf source/modules/*.rst -------------------------------------------------------------------------------- /roles/crds/templates/k8s/role.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "{{ role }}" 9 | rules: 10 | - apiGroups: 11 | - "*" 12 | resources: 13 | - secrets 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /roles/crds/templates/openshift/role.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "{{ role }}" 9 | rules: 10 | - apiGroups: 11 | - "*" 12 | resources: 13 | - secrets 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/k8s/role.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "{{ role }}" 9 | rules: 10 | - apiGroups: 11 | - "*" 12 | resources: 13 | - secrets 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/openshift/role.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "{{ role }}" 9 | rules: 10 | - apiGroups: 11 | - "*" 12 | resources: 13 | - secrets 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /examples/opensource-stack/02-console-install.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Deploy Fabric Operations Console 6 | hosts: localhost 7 | vars_files: 8 | - vars.yml 9 | vars: 10 | state: present 11 | wait_timeout: 3600 12 | roles: 13 | - ibm.blockchain_platform.fabric_console 14 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/role.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: Role 7 | metadata: 8 | name: "{{ role }}" 9 | rules: 10 | - apiGroups: 11 | - "*" 12 | resources: 13 | - secrets 14 | verbs: 15 | - "*" 16 | -------------------------------------------------------------------------------- /examples/opensource-stack/01-operator-install.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Deploy Opensource custom resource definitions and operator 6 | hosts: localhost 7 | vars_files: 8 | - vars.yml 9 | vars: 10 | state: present 11 | wait_timeout: 3600 12 | roles: 13 | - ibm.blockchain_platform.fabric_operator_crds 14 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Matthew White 7 | description: Ansible role for deploying the Fabric Operator 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" 8 | when: not arch is defined or not arch in ("amd64") 9 | 10 | - name: Create custom resource definitions 11 | include_tasks: "{{ target }}/create.yml" 12 | -------------------------------------------------------------------------------- /.yamllint.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | extends: default 6 | rules: 7 | comments: disable 8 | comments-indentation: disable 9 | line-length: disable 10 | truthy: 11 | allowed-values: 12 | - "True" 13 | - "true" 14 | - "False" 15 | - "false" 16 | - "Yes" 17 | - "yes" 18 | - "No" 19 | - "no" 20 | check-keys: false 21 | -------------------------------------------------------------------------------- /roles/fabric_console/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Matthew White 7 | description: Ansible role for deploying the Fabric Labs console into Kubernetes or Red Hat OpenShift 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/console/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: Ansible role for deploying the IBM Blockchain Platform console into Kubernetes or Red Hat OpenShift 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/crds/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: Ansible role for deploying the IBM Blockchain Platform custom resource definitions into Kubernetes or Red Hat OpenShift 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/crds/templates/k8s/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ namespace }}" 13 | roleRef: 14 | kind: Role 15 | name: "{{ role }}" 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone & Matthew White 7 | description: Ansible role for deploying the IBM Hyperledger Fabric Support Offering into Red Hat OpenShift 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/crds/templates/openshift/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ project }}" 13 | roleRef: 14 | kind: Role 15 | name: "{{ role }}" 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone & Matthew White 7 | description: Ansible role for deploying the IBM Hyperledger Fabric Support Offering into Red Hat OpenShift or Kubernetes 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/k8s/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ namespace }}" 13 | roleRef: 14 | kind: Role 15 | name: "{{ role }}" 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /roles/endorsing_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: Ansible role for building Hyperledger Fabric components for an endorsing organization using the IBM Blockchain Platform 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/openshift/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ project }}" 13 | roleRef: 14 | kind: Role 15 | name: "{{ role }}" 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /roles/ordering_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: Ansible role for building Hyperledger Fabric components for an ordering organization using the IBM Blockchain Platform 8 | license: Apache-2.0 9 | platforms: 10 | - name: GenericLinux 11 | versions: 12 | - all 13 | galaxy_tags: [] 14 | min_ansible_version: "2.9" 15 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: RoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ project }}" 13 | roleRef: 14 | kind: Role 15 | name: "{{ role }}" 16 | apiGroup: rbac.authorization.k8s.io 17 | -------------------------------------------------------------------------------- /roles/console/templates/k8s/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: RoleBinding 7 | metadata: 8 | name: "{{ role_binding }}" 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: "{{ cluster_role }}" 13 | subjects: 14 | - apiGroup: rbac.authorization.k8s.io 15 | kind: Group 16 | name: system:serviceaccounts:{{ namespace }} 17 | -------------------------------------------------------------------------------- /roles/fabric_console/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" 8 | when: not target is defined or not target in ("k8s","openshift") 9 | 10 | - name: Create console 11 | include_tasks: "create.yml" 12 | when: state == "present" 13 | 14 | - name: Delete console 15 | include_tasks: "delete.yml" 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /.github/scripts/bump.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | CURRENT_VERSION=$(yq -r .version galaxy.yml) 4 | cat < /tmp/version.txt 5 | import semantic_version 6 | v = semantic_version.Version('${CURRENT_VERSION}') 7 | v = v.next_patch() 8 | print(str(v)) 9 | EOF 10 | NEXT_VERSION=$(cat /tmp/version.txt) 11 | SED="sed" 12 | if [ "$(uname)" == "Darwin" ]; then 13 | SED="gsed" 14 | fi 15 | ${SED} -i "s|^version:.*|version: ${NEXT_VERSION}|" galaxy.yml -------------------------------------------------------------------------------- /roles/console/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" or "openshift" 8 | when: not target is defined or not target in ("k8s", "openshift") 9 | 10 | - name: Create console 11 | include_tasks: "create.yml" 12 | when: state == "present" 13 | 14 | - name: Delete console 15 | include_tasks: "delete.yml" 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/k8s/role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: RoleBinding 7 | metadata: 8 | name: "{{ role_binding }}" 9 | roleRef: 10 | apiGroup: rbac.authorization.k8s.io 11 | kind: ClusterRole 12 | name: "{{ cluster_role }}" 13 | subjects: 14 | - apiGroup: rbac.authorization.k8s.io 15 | kind: Group 16 | name: system:serviceaccounts:{{ namespace }} 17 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" or "openshift" 8 | when: not target is defined or not target in ("k8s", "openshift") 9 | 10 | - name: Create console 11 | include_tasks: "create.yml" 12 | when: state == "present" 13 | 14 | - name: Delete console 15 | include_tasks: "delete.yml" 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /tutorial/01-create-ordering-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an ordering organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ ordering_org_name }}" 10 | organization_msp_id: "{{ ordering_service_msp }}" 11 | vars_files: 12 | - common-vars.yml 13 | - ordering-org-vars.yml 14 | roles: 15 | - ibm.blockchain_platform.ordering_organization 16 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: >- 8 | Ansible role for building Hyperledger Fabric components for a multi-region, highly available endorsing organization using the IBM Blockchain Platform 9 | license: Apache-2.0 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | galaxy_tags: [] 15 | min_ansible_version: "2.9" 16 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: >- 8 | Ansible role for building Hyperledger Fabric components for a multi-region, highly available ordering organization using the IBM Blockchain Platform 9 | license: Apache-2.0 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | galaxy_tags: [] 15 | min_ansible_version: "2.9" 16 | -------------------------------------------------------------------------------- /roles/mzha_endorsing_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: >- 8 | Ansible role for building Hyperledger Fabric components for a multi-zone, highly available endorsing organization using the IBM Blockchain Platform 9 | license: Apache-2.0 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | galaxy_tags: [] 15 | min_ansible_version: "2.9" 16 | -------------------------------------------------------------------------------- /roles/mzha_ordering_organization/meta/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | galaxy_info: 6 | author: Simon Stone 7 | description: >- 8 | Ansible role for building Hyperledger Fabric components for a multi-zone, highly available ordering organization using the IBM Blockchain Platform 9 | license: Apache-2.0 10 | platforms: 11 | - name: GenericLinux 12 | versions: 13 | - all 14 | galaxy_tags: [] 15 | min_ansible_version: "2.9" 16 | -------------------------------------------------------------------------------- /tutorial/v1.x/01-create-ordering-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an ordering organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ ordering_org_name }}" 10 | organization_msp_id: "{{ ordering_service_msp }}" 11 | vars_files: 12 | - common-vars.yml 13 | - ordering-org-vars.yml 14 | roles: 15 | - ibm.blockchain_platform.ordering_organization 16 | -------------------------------------------------------------------------------- /examples/create-ha-ca/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ha_ca_name: HAOrg1 CA 10 | ca_admin_identity: haadmin 11 | ca_admin_pass: haadminpw 12 | db_datasource: host=mypostgressql.example.com port=999 user=myUsername password=myPassword dbname=mydb sslmode=verify-full 13 | db_certfile1: LS0tLS... 14 | ca_replicas: 2 15 | -------------------------------------------------------------------------------- /.github/scripts/run-tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | TYPE=$1 4 | TARGET=$2 5 | IBP_ANSIBLE_LOG_FILENAME=/tmp/${TYPE}-${TARGET}.log 6 | export IBP_ANSIBLE_LOG_FILENAME 7 | echo "${IBP_ANSIBLE_LOG_FILENAME}" >/tmp/ibp-ansible-log-filename.txt 8 | 9 | # 10 | pushd tutorial 11 | function cleanup { 12 | ./join_network.sh destroy 13 | } 14 | trap cleanup EXIT 15 | ./build_network.sh build 16 | ./join_network.sh join 17 | ./deploy_smart_contract.sh 18 | trap - EXIT 19 | ./join_network.sh destroy 20 | -------------------------------------------------------------------------------- /roles/crds/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" or "openshift" 8 | when: not target is defined or not target in ("k8s", "openshift") 9 | 10 | - name: Create custom resource definitions 11 | include_tasks: "create.yml" 12 | when: state == "present" 13 | 14 | - name: Delete custom resource definitions 15 | include_tasks: "delete.yml" 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if organization name not specified 6 | fail: 7 | msg: organization_name not specified or is empty 8 | when: not organization_name is defined or not organization_name 9 | 10 | - name: Create endorsing organization 11 | include_tasks: create.yml 12 | when: state == "present" 13 | 14 | - name: Delete endorsing organization 15 | include_tasks: delete.yml 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if organization name not specified 6 | fail: 7 | msg: organization_name not specified or is empty 8 | when: not organization_name is defined or not organization_name 9 | 10 | - name: Create ordering organization 11 | include_tasks: create.yml 12 | when: state == "present" 13 | 14 | - name: Delete ordering organization 15 | include_tasks: delete.yml 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /tests/integration/integration_config.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | api_timeout: 60 10 | k8s_namespace: ibp 11 | test_run_id: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 12 | short_test_run_id: xxxxxxxx 13 | wait_timeout: 600 14 | 15 | ca_version: ">=1.4,<2.0" 16 | peer_version: ">=2.2,<3.0" 17 | ordering_service_version: ">=2.2,<3.0" 18 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" or "openshift" 8 | when: not target is defined or not target in ("k8s","openshift") 9 | 10 | - name: Create custom resource definitions 11 | include_tasks: "create.yml" 12 | when: state == "present" 13 | 14 | - name: Delete custom resource definitions 15 | include_tasks: "delete.yml" 16 | when: state == "absent" 17 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if target not specified 6 | fail: 7 | msg: target not specified or is not one of "k8s" or "openshift" 8 | when: not target is defined or not target in ("k8s", "openshift") 9 | 10 | 11 | - name: Create custom resource definitions 12 | include_tasks: "create.yml" 13 | when: state == "present" 14 | 15 | - name: Delete custom resource definitions 16 | include_tasks: "delete.yml" 17 | when: state == "absent" 18 | -------------------------------------------------------------------------------- /tutorial/02-create-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ org1_name }}" 10 | organization_msp_id: "{{ org1_msp_id }}" 11 | ca_name: "{{ org1_ca_name }}" 12 | peer_name: "{{ org1_peer_name }}" 13 | vars_files: 14 | - common-vars.yml 15 | - org1-vars.yml 16 | roles: 17 | - ibm.blockchain_platform.endorsing_organization 18 | -------------------------------------------------------------------------------- /tutorial/12-create-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ org2_name }}" 10 | organization_msp_id: "{{ org2_msp_id }}" 11 | ca_name: "{{ org2_ca_name }}" 12 | peer_name: "{{ org2_peer_name }}" 13 | vars_files: 14 | - common-vars.yml 15 | - org2-vars.yml 16 | roles: 17 | - ibm.blockchain_platform.endorsing_organization 18 | -------------------------------------------------------------------------------- /roles/crds/templates/k8s/service.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: "{{ webhook }}" 9 | labels: 10 | type: "webhook" 11 | app.kubernetes.io/name: "ibp" 12 | app.kubernetes.io/instance: "ibp-webhook" 13 | helm.sh/chart: "ibm-ibp" 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: server 18 | port: 443 19 | targetPort: server 20 | protocol: TCP 21 | selector: 22 | app.kubernetes.io/instance: "ibp-webhook" 23 | -------------------------------------------------------------------------------- /tutorial/v1.x/02-create-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ org1_name }}" 10 | organization_msp_id: "{{ org1_msp_id }}" 11 | ca_name: "{{ org1_ca_name }}" 12 | peer_name: "{{ org1_peer_name }}" 13 | vars_files: 14 | - common-vars.yml 15 | - org1-vars.yml 16 | roles: 17 | - ibm.blockchain_platform.endorsing_organization 18 | -------------------------------------------------------------------------------- /tutorial/v1.x/11-create-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: present 9 | organization_name: "{{ org2_name }}" 10 | organization_msp_id: "{{ org2_msp_id }}" 11 | ca_name: "{{ org2_ca_name }}" 12 | peer_name: "{{ org2_peer_name }}" 13 | vars_files: 14 | - common-vars.yml 15 | - org2-vars.yml 16 | roles: 17 | - ibm.blockchain_platform.endorsing_organization 18 | -------------------------------------------------------------------------------- /roles/crds/templates/openshift/service.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: "{{ webhook }}" 9 | labels: 10 | type: "webhook" 11 | app.kubernetes.io/name: "ibp" 12 | app.kubernetes.io/instance: "ibp-webhook" 13 | helm.sh/chart: "ibm-ibp" 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: server 18 | port: 443 19 | targetPort: server 20 | protocol: TCP 21 | selector: 22 | app.kubernetes.io/instance: "ibp-webhook" 23 | -------------------------------------------------------------------------------- /.github/scripts/purge.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | if [ "${API_AUTHTYPE}" = "basic" ]; then 4 | curl -f -k -XDELETE -u "${API_KEY}:${API_SECRET}" "${API_ENDPOINT}/ak/api/v3/kubernetes/components/purge" 5 | elif [ "${API_AUTHTYPE}" = "ibmcloud" ]; then 6 | ACCESS_TOKEN=$(curl -XPOST -d "apikey=${API_KEY}" -d grant_type=urn:ibm:params:oauth:grant-type:apikey https://iam.cloud.ibm.com/identity/token | jq -r .access_token) 7 | curl -f -XDELETE -H "Authorization: Bearer ${ACCESS_TOKEN}" "${API_ENDPOINT}/ak/api/v3/kubernetes/components/purge" 8 | fi 9 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/service.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: "{{ webhook }}" 9 | labels: 10 | type: "webhook" 11 | app.kubernetes.io/name: "ibp" 12 | app.kubernetes.io/instance: "ibp-webhook" 13 | helm.sh/chart: "ibm-ibp" 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: server 18 | port: 443 19 | targetPort: server 20 | protocol: TCP 21 | selector: 22 | app.kubernetes.io/instance: "ibp-webhook" 23 | -------------------------------------------------------------------------------- /roles/console/templates/openshift/cluster_role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: ClusterRoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ cluster_role_binding }}" 9 | subjects: 10 | - kind: ServiceAccount 11 | name: "{{ service_account }}" 12 | namespace: "{{ project }}" 13 | - apiGroup: rbac.authorization.k8s.io 14 | kind: User 15 | name: system:serviceaccounts:{{ project }} 16 | roleRef: 17 | kind: ClusterRole 18 | name: "{{ cluster_role }}" 19 | apiGroup: rbac.authorization.k8s.io 20 | -------------------------------------------------------------------------------- /tutorial/v1.x/deploy_smart_contract.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | cd "$(dirname "$0")" 4 | function usage { 5 | echo "Usage: deploy_smart_contract.sh" 1>&2 6 | exit 1 7 | } 8 | while getopts ":" OPT; do 9 | case ${OPT} in 10 | \?) 11 | usage 12 | ;; 13 | esac 14 | done 15 | set -x 16 | ansible-playbook 18-install-chaincode.yml 17 | ansible-playbook 19-install-chaincode.yml 18 | ansible-playbook 20-instantiate-chaincode.yml 19 | ansible-playbook 21-register-application.yml 20 | ansible-playbook 22-register-application.yml 21 | set +x -------------------------------------------------------------------------------- /examples/enable-fabricv2-capability/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ordering_service_name: Ordering Service 10 | ordering_service_admin_identity: Ordering Org Admin.json 11 | ordering_service_msp: OrdererMSP 12 | organization_name: Org1 13 | organization_admin_identity: Org1 Admin.json 14 | organization_msp: Org1MSP 15 | channel_names: 16 | - channel1 17 | - channel2 18 | - channel3 19 | - channel4 20 | -------------------------------------------------------------------------------- /docs/source/migrating-v12-v2.rst: -------------------------------------------------------------------------------- 1 | .. 2 | .. SPDX-License-Identifier: Apache-2.0 3 | .. 4 | 5 | Migrating from v1.2 to version 2 6 | ================================ 7 | 8 | Consistent with a major version upgrade, the following are important changes between v1.2 and v2 9 | 10 | - For the latest ansible(current is 2.13.1), Your python3 version should at least be 3.8. 11 | python3.9 is used for the docker image. And we do not test against python3.11. 12 | - All the dependencies in requirment.txt should be the latest version. 13 | - Note that the versions of Kubernetes supported are up to 1.25 14 | -------------------------------------------------------------------------------- /tutorial/deploy_smart_contract.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -e 3 | cd "$(dirname "$0")" 4 | function usage { 5 | echo "Usage: deploy_smart_contract.sh" 1>&2 6 | exit 1 7 | } 8 | while getopts ":" OPT; do 9 | case ${OPT} in 10 | \?) 11 | usage 12 | ;; 13 | esac 14 | done 15 | set -x 16 | ansible-playbook 19-install-and-approve-chaincode.yml 17 | ansible-playbook 20-install-and-approve-chaincode.yml 18 | ansible-playbook 21-commit-chaincode.yml 19 | ansible-playbook 22-register-application.yml 20 | ansible-playbook 23-register-application.yml 21 | set +x -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/k8s/service.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: "ibm-hlfsupport-webhook" 9 | labels: 10 | type: "webhook" 11 | app.kubernetes.io/name: "ibm-hlfsupport" 12 | app.kubernetes.io/instance: "ibm-hlfsupport-webhook" 13 | helm.sh/chart: "ibm-hlfsupport" 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: server 18 | port: 443 19 | targetPort: server 20 | protocol: TCP 21 | selector: 22 | app.kubernetes.io/instance: "ibm-hlfsupport-webhook" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/openshift/service.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Service 7 | metadata: 8 | name: "ibm-hlfsupport-webhook" 9 | labels: 10 | type: "webhook" 11 | app.kubernetes.io/name: "ibm-hlfsupport" 12 | app.kubernetes.io/instance: "ibm-hlfsupport-webhook" 13 | helm.sh/chart: "ibm-hlfsupport" 14 | spec: 15 | type: ClusterIP 16 | ports: 17 | - name: server 18 | port: 443 19 | targetPort: server 20 | protocol: TCP 21 | selector: 22 | app.kubernetes.io/instance: "ibm-hlfsupport-webhook" 23 | -------------------------------------------------------------------------------- /tutorial/ordering-org-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: orderingorgadmin 12 | organization_admin_enrollment_secret: orderingorgadminpw 13 | ordering_service_enrollment_id: orderingorgorderer 14 | ordering_service_enrollment_secret: orderingorgordererpw 15 | ordering_service_msp: OrdererMSP 16 | ordering_service_nodes: 1 17 | wait_timeout: 600 18 | -------------------------------------------------------------------------------- /tutorial/v1.x/ordering-org-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: orderingorgadmin 12 | organization_admin_enrollment_secret: orderingorgadminpw 13 | ordering_service_enrollment_id: orderingorgorderer 14 | ordering_service_enrollment_secret: orderingorgordererpw 15 | ordering_service_msp: OrdererMSP 16 | ordering_service_nodes: 1 17 | wait_timeout: 600 18 | -------------------------------------------------------------------------------- /roles/fabric_console/README.md: -------------------------------------------------------------------------------- 1 | # console 2 | 3 | This role installs the [Hyperledger Fabric Operations Console](https://github.com/hyperledger-labs/fabric-operations-console) 4 | 5 | ## Documentation 6 | 7 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 8 | 9 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 10 | 11 | ## License 12 | 13 | Apache-2.0 14 | 15 | ## Author Information 16 | 17 | This Ansible collection is maintained by the IBM Hyperledger Fabric Support Offering development team. -------------------------------------------------------------------------------- /tutorial/09-admins-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "ADMIN" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /roles/console/templates/k8s/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/crds/templates/k8s/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /tutorial/09-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/09-readers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/09-writers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/v1.x/08-admins-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "ADMIN" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /examples/add-admin-cert/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ordering_service_name: Ordering Service 10 | ordering_service_admin_identity: Ordering Org Admin.json 11 | ordering_service_admin_msp_id: OrdererMSP 12 | organization_name: Org1 13 | organization_msp_id: Org1MSP 14 | organization_old_admin_identity: Org1 Admin.json 15 | organization_new_admin_identity: New Org1 Admin.json 16 | channel_names: 17 | - channel1 18 | - channel2 19 | - channel3 20 | - channel4 21 | -------------------------------------------------------------------------------- /roles/crds/templates/openshift/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /tutorial/v1.x/08-readers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tutorial/v1.x/08-writers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /examples/update-channel-parameters/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ordering_service_name: myOrderingOrg 10 | ordering_service_admin_identity: myOrderingAdmin.json 11 | ordering_service_msp: OrderingOrgMSP 12 | organization_name: myBank 13 | organization_admin_identity: myBankAdmin.json 14 | organization_msp: MyBankMSP 15 | target_channel: ch1 16 | ch_max_message_count: 900 17 | ch_absolute_max_bytes: 10481784 18 | ch_preferred_max_bytes: 5243904 19 | ch_batch_timeout: 900ms 20 | -------------------------------------------------------------------------------- /roles/console/templates/openshift/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/k8s/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /tutorial/09-lifecycle-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /plugins/module_utils/file_utils.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | 6 | from __future__ import absolute_import, division, print_function 7 | __metaclass__ = type 8 | 9 | import hashlib 10 | import os 11 | import tempfile 12 | 13 | 14 | def get_temp_file(): 15 | temp = tempfile.mkstemp() 16 | os.close(temp[0]) 17 | return temp[1] 18 | 19 | 20 | def equal_files(file1, file2): 21 | with open(file1, 'rb') as file: 22 | hash1 = hashlib.sha256(file.read()).hexdigest() 23 | with open(file2, 'rb') as file: 24 | hash2 = hashlib.sha256(file.read()).hexdigest() 25 | return hash1 == hash2 26 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/k8s/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/openshift/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /tutorial/14-import-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Import the organization 12 | ibm.blockchain_platform.external_organization: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | organization: "{{ lookup('file', org2_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /examples/create-intermediate-ca/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | parent_ca_name: MGCorp 10 | parent_ca_admin_identity: admin 11 | parent_ca_admin_secret: adminSEC 12 | int_ca_identity: mgcuk 13 | int_ca_secret: mgcukSEC 14 | int_tlsca_identity: mgcuktls 15 | int_tlsca_secret: mgcuktlsSEC 16 | int_ca_name: MGCUK 17 | int_ca_admin_identity: mgcukcaadmin 18 | int_ca_admin_secret: mgcukcaadminSEC 19 | int_tlsca_admin_identity: mgcuktlscaadmin 20 | int_tlsca_admin_secret: mgcuktlscaadminSEC 21 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/openshift/image_pull_secret.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: "{{ image_pull_secret }}" 9 | type: kubernetes.io/dockerconfigjson 10 | data: 11 | .dockerconfigjson: "{{ 12 | { 13 | 'auths': { 14 | image_registry: { 15 | 'email': image_registry_email, 16 | 'username': image_registry_username, 17 | 'password': image_registry_password, 18 | 'auth': (image_registry_username ~ ':' ~ image_registry_password) | b64encode 19 | } 20 | } 21 | } | to_json | b64encode 22 | }}" 23 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for primary region 6 | include_tasks: create/primary-region.yml 7 | loop: "{{ regions }}" 8 | loop_control: 9 | index_var: region_index 10 | label: "{{ region.api_endpoint }}" 11 | loop_var: region 12 | when: region_index == 0 13 | 14 | - name: Create components for secondary regions 15 | include_tasks: create/secondary-region.yml 16 | loop: "{{ regions }}" 17 | loop_control: 18 | index_var: region_index 19 | label: "{{ region.api_endpoint }}" 20 | loop_var: region 21 | when: region_index != 0 22 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for primary region 6 | include_tasks: delete/primary-region.yml 7 | loop: "{{ regions }}" 8 | loop_control: 9 | index_var: region_index 10 | label: "{{ region.api_endpoint }}" 11 | loop_var: region 12 | when: region_index == 0 13 | 14 | - name: Delete components for secondary regions 15 | include_tasks: delete/secondary-region.yml 16 | loop: "{{ regions }}" 17 | loop_control: 18 | index_var: region_index 19 | label: "{{ region.api_endpoint }}" 20 | loop_var: region 21 | when: region_index != 0 22 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Create components for primary region 6 | include_tasks: create/primary-region.yml 7 | loop: "{{ regions }}" 8 | loop_control: 9 | index_var: region_index 10 | label: "{{ region.api_endpoint }}" 11 | loop_var: region 12 | when: region_index == 0 13 | 14 | - name: Create components for secondary regions 15 | include_tasks: create/secondary-region.yml 16 | loop: "{{ regions }}" 17 | loop_control: 18 | index_var: region_index 19 | label: "{{ region.api_endpoint }}" 20 | loop_var: region 21 | when: region_index != 0 22 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/delete.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for primary region 6 | include_tasks: delete/primary-region.yml 7 | loop: "{{ regions }}" 8 | loop_control: 9 | index_var: region_index 10 | label: "{{ region.api_endpoint }}" 11 | loop_var: region 12 | when: region_index == 0 13 | 14 | - name: Delete components for secondary regions 15 | include_tasks: delete/secondary-region.yml 16 | loop: "{{ regions }}" 17 | loop_control: 18 | index_var: region_index 19 | label: "{{ region.api_endpoint }}" 20 | loop_var: region 21 | when: region_index != 0 22 | -------------------------------------------------------------------------------- /tutorial/v1.x/13-import-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Import the organization 12 | ibm.blockchain_platform.external_organization: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | organization: "{{ lookup('file', org2_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/v1.x/common-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | # These vars are used in more than one file, 6 | # i.e. needed by multiple orgs so can't just live in a per org file 7 | ordering_org_name: "Ordering Org" 8 | ordering_service_name: "Ordering Service" 9 | org1_name: "Org1" 10 | org1_msp_id: Org1MSP 11 | org2_name: "Org2" 12 | org2_msp_id: Org2MSP 13 | channel_name: "mychannel" 14 | smart_contract_name: "fabcar" 15 | smart_contract_version: "1.0.0" 16 | smart_contract_package: "fabcar@1.0.0.cds" 17 | # smart_contract_constructor: "initLedger" 18 | # smart_contract_endorsement_policy: "" 19 | # smart_contract_collections_file: "" 20 | -------------------------------------------------------------------------------- /tutorial/04-import-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - ordering-org-vars.yml 10 | tasks: 11 | - name: Import the organization 12 | ibm.blockchain_platform.external_organization: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | organization: "{{ lookup('file', org1_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /examples/enable-fabricv2-capability/endorsement-policy.json: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ organization_msp }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /roles/console/templates/k8s/cluster_role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: ClusterRoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ cluster_role_binding }}" 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-ibp" 12 | app.kubernetes.io/name: "ibp" 13 | app.kubernetes.io/instance: "ibp" 14 | app.kubernetes.io/managed-by: "ibp-operator" 15 | subjects: 16 | - kind: ServiceAccount 17 | name: "{{ service_account }}" 18 | namespace: "{{ namespace }}" 19 | roleRef: 20 | kind: ClusterRole 21 | name: "{{ cluster_role }}" 22 | apiGroup: rbac.authorization.k8s.io 23 | -------------------------------------------------------------------------------- /tutorial/v1.x/04-import-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - ordering-org-vars.yml 10 | tasks: 11 | - name: Import the organization 12 | ibm.blockchain_platform.external_organization: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | organization: "{{ lookup('file', org1_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/08-import-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Import the ordering service 12 | ibm.blockchain_platform.external_ordering_service: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | ordering_service: "{{ lookup('file', ordering_service_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/16-import-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Import the ordering service 12 | ibm.blockchain_platform.external_ordering_service: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | ordering_service: "{{ lookup('file', ordering_service_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/v1.x/07-import-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Import the ordering service 12 | ibm.blockchain_platform.external_ordering_service: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | ordering_service: "{{ lookup('file', ordering_service_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /tutorial/v1.x/15-import-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Import the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Import the ordering service 12 | ibm.blockchain_platform.external_ordering_service: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | ordering_service: "{{ lookup('file', ordering_service_name+'.json') }}" 19 | -------------------------------------------------------------------------------- /examples/opensource-stack/vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | # The type of K8S cluster this is using 6 | target: k8s 7 | arch: amd64 8 | 9 | # k8s namespace for the operator and console 10 | namespace: fabricinfra 11 | 12 | # Console name/domain 13 | console_name: hlf-console 14 | console_domain: localho.st 15 | 16 | # default configuration for the console 17 | # password reset will be required on first login 18 | console_email: admin 19 | console_default_password: password 20 | 21 | # different k8s clusters will be shipped with differently named default storage providers 22 | # or none at all. KIND for example has one called 'standard' 23 | console_storage_class: standard 24 | -------------------------------------------------------------------------------- /.github/scripts/setup-tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | curl -sSL https://github.com/hyperledger/fabric/releases/download/v2.2.1/hyperledger-fabric-linux-amd64-2.2.1.tar.gz | sudo tar xzf - -C /usr/local 4 | curl -sL https://ibm.biz/idt-installer | bash 5 | ibmcloud config --check-version=false 6 | ibmcloud version 7 | ibmcloud plugin list 8 | curl -sSL https://mirror.openshift.com/pub/openshift-v4/clients/ocp/stable-4.5/openshift-client-linux.tar.gz | sudo tar xzf - -C /usr/local/bin 9 | ibmcloud login --apikey "${IBM_CLOUD_API_KEY}" -c "${IBM_CLOUD_ACCOUNT}" -r "${IBM_CLOUD_REGION}" 10 | ibmcloud oc cluster config -c "${IBM_CLOUD_OPENSHIFT_CLUSTER_ID}" 11 | oc login -u apikey -p "${IBM_CLOUD_API_KEY}" -------------------------------------------------------------------------------- /docs/source/roles.rst: -------------------------------------------------------------------------------- 1 | .. 2 | .. SPDX-License-Identifier: Apache-2.0 3 | .. 4 | 5 | Roles 6 | ======= 7 | 8 | Roles can be used from the command line or in a playbook task. Ansible 9 | executes each role, usually on the remote target node, and collects return 10 | values. 11 | 12 | While different roles perform different tasks, their interfaces and responses 13 | follow similar patterns. 14 | 15 | Role reference 16 | ---------------- 17 | 18 | Reference material for each role contains documentation on what parameters 19 | certain roles accept and what values they expect those parameters to be. 20 | 21 | 22 | .. toctree:: 23 | :maxdepth: 1 24 | :caption: Contents: 25 | :glob: 26 | 27 | roles/* 28 | 29 | 30 | -------------------------------------------------------------------------------- /tutorial/org1-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: org1admin 12 | organization_admin_enrollment_secret: org1adminpw 13 | peer_enrollment_id: org1peer 14 | peer_enrollment_secret: org1peerpw 15 | application_enrollment_id: org1app 16 | application_enrollment_secret: org1apppw 17 | application_enrollment_type: client 18 | application_max_enrollments: 10 19 | org1_ca_name: "Org1 CA" 20 | org1_peer_name: "Org1 Peer" 21 | wait_timeout: 600 22 | -------------------------------------------------------------------------------- /tutorial/org2-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: org2admin 12 | organization_admin_enrollment_secret: org2adminpw 13 | peer_enrollment_id: org2peer 14 | peer_enrollment_secret: org2peerpw 15 | application_enrollment_id: org2app 16 | application_enrollment_secret: org2apppw 17 | application_enrollment_type: client 18 | application_max_enrollments: 10 19 | org2_ca_name: "Org2 CA" 20 | org2_peer_name: "Org2 Peer" 21 | wait_timeout: 600 22 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/k8s/cluster_role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: ClusterRoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ cluster_role_binding }}" 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-hlfsupport" 12 | app.kubernetes.io/name: "ibm-hlfsupport" 13 | app.kubernetes.io/instance: "ibm-hlfsupport" 14 | app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" 15 | subjects: 16 | - kind: ServiceAccount 17 | name: "{{ service_account }}" 18 | namespace: "{{ namespace }}" 19 | roleRef: 20 | kind: ClusterRole 21 | name: "{{ cluster_role }}" 22 | apiGroup: rbac.authorization.k8s.io 23 | -------------------------------------------------------------------------------- /tutorial/v1.x/org1-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: org1admin 12 | organization_admin_enrollment_secret: org1adminpw 13 | peer_enrollment_id: org1peer 14 | peer_enrollment_secret: org1peerpw 15 | application_enrollment_id: org1app 16 | application_enrollment_secret: org1apppw 17 | application_enrollment_type: client 18 | application_max_enrollments: 10 19 | org1_ca_name: "Org1 CA" 20 | org1_peer_name: "Org1 Peer" 21 | wait_timeout: 600 22 | -------------------------------------------------------------------------------- /tutorial/v1.x/org2-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | api_endpoint: https://ibp-console.example.org:32000 6 | api_authtype: basic 7 | api_key: xxxxxxxx 8 | api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: org2admin 12 | organization_admin_enrollment_secret: org2adminpw 13 | peer_enrollment_id: org2peer 14 | peer_enrollment_secret: org2peerpw 15 | application_enrollment_id: org2app 16 | application_enrollment_secret: org2apppw 17 | application_enrollment_type: client 18 | application_max_enrollments: 10 19 | org2_ca_name: "Org2 CA" 20 | org2_peer_name: "Org2 Peer" 21 | wait_timeout: 600 22 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/openshift/cluster_role_binding.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | kind: ClusterRoleBinding 6 | apiVersion: rbac.authorization.k8s.io/v1 7 | metadata: 8 | name: "{{ cluster_role_binding }}" 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-hlfsupport" 12 | app.kubernetes.io/name: "ibm-hlfsupport" 13 | app.kubernetes.io/instance: "ibm-hlfsupport" 14 | app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" 15 | subjects: 16 | - kind: ServiceAccount 17 | name: "{{ service_account }}" 18 | namespace: "{{ project }}" 19 | roleRef: 20 | kind: ClusterRole 21 | name: "{{ cluster_role }}" 22 | apiGroup: rbac.authorization.k8s.io 23 | -------------------------------------------------------------------------------- /galaxy.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | namespace: ibm 6 | name: blockchain_platform 7 | version: 2.0.0 8 | readme: README.md 9 | authors: 10 | - Simon Stone/Matthew White 11 | description: Ansible collection for building Hyperledger Fabric networks using the IBM Blockchain Platform 12 | license: 13 | - Apache-2.0 14 | tags: 15 | - ibm 16 | - enterprise 17 | - blockchain 18 | - dlt 19 | - hyperledger 20 | - fabric 21 | - blockchain 22 | repository: https://github.com/IBM-Blockchain/ansible-collection 23 | documentation: https://ibm-blockchain.github.io/ansible-collection/ 24 | homepage: https://www.ibm.com/cloud/blockchain-platform 25 | issues: https://github.com/IBM-Blockchain/ansible-collection/issues 26 | -------------------------------------------------------------------------------- /docker/docker-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | set -euo pipefail 6 | 7 | # If this image is run with -u , as happens on Red Hat OpenShift, then 8 | # the user is not in the /etc/passwd file. This causes Ansible to fail, so we need 9 | # to add the user to /etc/passwd now before Ansible runs. 10 | if ! whoami &> /dev/null; then 11 | sed '/ibp-user/d' /etc/passwd > /tmp/passwd 12 | cat /tmp/passwd > /etc/passwd 13 | rm -f /tmp/passwd 14 | echo "ibp-user:x:$(id -u):0::/home/ibp-user:/bin/bash" >> /etc/passwd 15 | export HOME=/home/ibp-user 16 | fi 17 | 18 | # Run a shell or the specified command. 19 | if [ $# -eq 0 ]; then 20 | exec /bin/bash 21 | else 22 | exec "$@" 23 | fi 24 | -------------------------------------------------------------------------------- /roles/console/templates/k8s/pod_security_policy.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: policy/v1beta1 6 | kind: PodSecurityPolicy 7 | metadata: 8 | name: "{{ pod_security_policy }}" 9 | spec: 10 | hostIPC: false 11 | hostNetwork: false 12 | hostPID: false 13 | privileged: true 14 | allowPrivilegeEscalation: true 15 | readOnlyRootFilesystem: false 16 | seLinux: 17 | rule: RunAsAny 18 | supplementalGroups: 19 | rule: RunAsAny 20 | runAsUser: 21 | rule: RunAsAny 22 | fsGroup: 23 | rule: RunAsAny 24 | requiredDropCapabilities: 25 | - ALL 26 | allowedCapabilities: 27 | - NET_BIND_SERVICE 28 | - CHOWN 29 | - DAC_OVERRIDE 30 | - SETGID 31 | - SETUID 32 | - FOWNER 33 | volumes: 34 | - '*' 35 | -------------------------------------------------------------------------------- /tutorial/v1.x/18-install-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Install chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Install the chaincode on the peer 12 | ibm.blockchain_platform.installed_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org1_peer_name }}" 19 | identity: "{{ org1_name }} Admin.json" 20 | msp_id: "{{ org1_msp_id }}" 21 | path: "{{ smart_contract_package }}" 22 | -------------------------------------------------------------------------------- /tutorial/v1.x/19-install-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Install chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Install the chaincode on the peer 12 | ibm.blockchain_platform.installed_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org2_peer_name }}" 19 | identity: "{{ org2_name }} Admin.json" 20 | msp_id: "{{ org2_msp_id }}" 21 | path: "{{ smart_contract_package }}" 22 | -------------------------------------------------------------------------------- /tutorial/common-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | # These vars are used in more than one file, 6 | # i.e. needed by multiple orgs so can't just live in a per org file 7 | ordering_org_name: "Ordering Org" 8 | ordering_service_name: "Ordering Service" 9 | org1_name: "Org1" 10 | org1_msp_id: Org1MSP 11 | org2_name: "Org2" 12 | org2_msp_id: Org2MSP 13 | channel_name: "mychannel" 14 | smart_contract_name: "fabcar" 15 | smart_contract_version: "1.0.0" 16 | smart_contract_sequence: 1 17 | smart_contract_package: "fabcar@1.0.0.tgz" 18 | # smart_contract_constructor: "initLedger" 19 | # smart_contract_endorsement_policy: "" 20 | # smart_contract_collections_file: "" 21 | ca_version: ">=1.4,<2.0" 22 | peer_version: ">=2.2,<3.0" 23 | ordering_service_version: ">=2.2,<3.0" 24 | -------------------------------------------------------------------------------- /roles/crds/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" or "s390x" 8 | when: not arch is defined or not arch in ("amd64", "s390x") 9 | 10 | - name: Fail if image registry email not specified 11 | fail: 12 | msg: image_registry_email not specified or is empty 13 | when: not image_registry_email is defined or not image_registry_email 14 | 15 | - name: Fail if image registry password not specified 16 | fail: 17 | msg: image_registry_password not specified or is empty 18 | when: not image_registry_password is defined or not image_registry_password 19 | 20 | - name: Create custom resource definitions 21 | include_tasks: "{{ target }}/create.yml" 22 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" or "s390x" 8 | when: not arch is defined or not arch in ("amd64", "s390x") 9 | 10 | - name: Fail if image registry email not specified 11 | fail: 12 | msg: image_registry_email not specified or is empty 13 | when: not image_registry_email is defined or not image_registry_email 14 | 15 | - name: Fail if image registry password not specified 16 | fail: 17 | msg: image_registry_password not specified or is empty 18 | when: not image_registry_password is defined or not image_registry_password 19 | 20 | - name: Create custom resource definitions 21 | include_tasks: "{{ target }}/create.yml" 22 | -------------------------------------------------------------------------------- /examples/opensource-stack/templates/coredns/coredns.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: coredns 6 | namespace: kube-system 7 | data: 8 | Corefile: | 9 | .:53 { 10 | errors 11 | health { 12 | lameduck 5s 13 | } 14 | rewrite name regex (.*)\.localho\.st host.ingress.internal 15 | hosts { 16 | {{ clusterip }} host.ingress.internal 17 | fallthrough 18 | } 19 | ready 20 | kubernetes cluster.local in-addr.arpa ip6.arpa { 21 | pods insecure 22 | fallthrough in-addr.arpa ip6.arpa 23 | ttl 30 24 | } 25 | prometheus :9153 26 | forward . /etc/resolv.conf { 27 | max_concurrent 1000 28 | } 29 | cache 30 30 | loop 31 | reload 32 | loadbalance 33 | } -------------------------------------------------------------------------------- /roles/endorsing_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # api_endpoint: 7 | # api_authtype: 8 | # api_key: 9 | # api_secret: 10 | # api_token_endpoint: 11 | # organization_name: 12 | # ca_admin_enrollment_id 13 | # ca_admin_enrollment_secret 14 | # organization_admin_enrollment_id: 15 | # organization_admin_enrollment_secret: 16 | # peer_enrollment_id 17 | # peer_enrollment_secret 18 | ca_name: "{{ organization_name }} CA" 19 | # ca_resources: 20 | # ca_storage: 21 | # ca_version: 22 | peers: 1 23 | peer_name: "{{ organization_name }} Peer" 24 | # peer_resources: 25 | # peer_storage: 26 | peer_state_db: couchdb 27 | # peer_version: 28 | wallet: "{{ playbook_dir }}" 29 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 30 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 31 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/k8s/coredns/coredns.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | kind: ConfigMap 3 | apiVersion: v1 4 | metadata: 5 | name: coredns 6 | namespace: kube-system 7 | data: 8 | Corefile: | 9 | .:53 { 10 | errors 11 | health { 12 | lameduck 5s 13 | } 14 | rewrite name regex (.*)\.localho\.st host.ingress.internal 15 | hosts { 16 | {{ clusterip }} host.ingress.internal 17 | fallthrough 18 | } 19 | ready 20 | kubernetes cluster.local in-addr.arpa ip6.arpa { 21 | pods insecure 22 | fallthrough in-addr.arpa ip6.arpa 23 | ttl 30 24 | } 25 | prometheus :9153 26 | forward . /etc/resolv.conf { 27 | max_concurrent 1000 28 | } 29 | cache 30 30 | loop 31 | reload 32 | loadbalance 33 | } -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/k8s/rbac/hlf-operator-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | metadata: 22 | name: hlf-operator 23 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/rbac/hlf-operator-serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | apiVersion: v1 20 | kind: ServiceAccount 21 | metadata: 22 | name: hlf-operator 23 | -------------------------------------------------------------------------------- /roles/ordering_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # api_endpoint: 7 | # api_authtype: 8 | # api_key: 9 | # api_secret: 10 | # api_token_endpoint: 11 | # organization_name: 12 | # ca_admin_enrollment_id 13 | # ca_admin_enrollment_secret 14 | # organization_admin_enrollment_id: 15 | # organization_admin_enrollment_secret: 16 | # ordering_service_enrollment_id: 17 | # ordering_service_enrollment_secret: 18 | ca_name: "{{ organization_name }} CA" 19 | # ca_resources: 20 | # ca_storage: 21 | # ca_version: 22 | ordering_service_name: Ordering Service 23 | ordering_service_nodes: 1 24 | # ordering_service_resources: 25 | # ordering_service_storage: 26 | # ordering_service_version: 27 | wallet: "{{ playbook_dir }}" 28 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 29 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 30 | -------------------------------------------------------------------------------- /roles/fabric_console/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" 8 | when: not arch is defined or not arch in ("amd64") 9 | 10 | - name: Fail if console domain not specified 11 | fail: 12 | msg: console_domain not specified or is empty 13 | when: not console_domain is defined or not console_domain 14 | 15 | - name: Fail if console email not specified 16 | fail: 17 | msg: console_email not specified or is empty 18 | when: not console_email is defined or not console_email 19 | 20 | - name: Fail if console default password not specified 21 | fail: 22 | msg: console_default_password not specified or is empty 23 | when: not console_default_password is defined or not console_default_password 24 | 25 | - name: Create console 26 | include_tasks: "{{ target }}/create.yml" 27 | -------------------------------------------------------------------------------- /roles/console/templates/openshift/security_context_constraints.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: security.openshift.io/v1 6 | kind: SecurityContextConstraints 7 | metadata: 8 | name: "{{ security_context_constraints }}" 9 | allowHostDirVolumePlugin: false 10 | allowHostIPC: false 11 | allowHostNetwork: false 12 | allowHostPID: false 13 | allowHostPorts: false 14 | allowPrivilegeEscalation: true 15 | allowPrivilegedContainer: true 16 | allowedCapabilities: 17 | - NET_BIND_SERVICE 18 | - CHOWN 19 | - DAC_OVERRIDE 20 | - SETGID 21 | - SETUID 22 | - FOWNER 23 | defaultAddCapabilities: [] 24 | fsGroup: 25 | type: RunAsAny 26 | groups: 27 | - system:serviceaccounts:{{ project }} 28 | readOnlyRootFilesystem: false 29 | requiredDropCapabilities: [] 30 | runAsUser: 31 | type: RunAsAny 32 | seLinuxContext: 33 | type: RunAsAny 34 | supplementalGroups: 35 | type: RunAsAny 36 | users: 37 | - system:serviceaccounts:{{ project }} 38 | volumes: 39 | - "*" 40 | -------------------------------------------------------------------------------- /tutorial/15-admins-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "ADMIN" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "ADMIN" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/15-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/15-readers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/15-writers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/v1.x/14-admins-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "ADMIN" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "ADMIN" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /roles/hlfsupport_crds/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | target: openshift 7 | # arch: amd64 | s390x 8 | # project: my-project 9 | namespace: "" 10 | 11 | image_pull_secret: docker-key-secret 12 | image_registry: cp.icr.io 13 | image_registry_username: cp 14 | # image_registry_email: user@example.org 15 | # image_registry_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 16 | image_repository: cp 17 | image_registry_url: "{{ image_registry }}/{{ image_repository }}" 18 | 19 | role: "{{ project | default(namespace) | default('') }}" 20 | role_binding: "{{ project | default(namespace) | default('') }}" 21 | security_context_constraints: "{{ project | default(namespace) | default('') }}" 22 | service_account: default 23 | wait_timeout: 60 24 | 25 | product_version: "1.0.0" 26 | webhook_version: "20220308" 27 | webhook_image: "{{ image_registry_url }}/ibm-hlfsupport-crdwebhook" 28 | webhook_tag: "{{ product_version }}-{{ webhook_version }}-{{ arch }}" 29 | -------------------------------------------------------------------------------- /tutorial/03-export-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Get the organization 12 | ibm.blockchain_platform.organization_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ org1_name }}" 19 | register: result 20 | 21 | - name: Fail if the organization does not exist 22 | fail: 23 | msg: "Organization {{ org1_name }} does not exist" 24 | when: not result.exists 25 | 26 | - name: Store the organization in a file 27 | copy: 28 | content: "{{ result.organization | to_nice_json }}" 29 | dest: "{{ org1_name }}.json" 30 | -------------------------------------------------------------------------------- /tutorial/13-export-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Get the organization 12 | ibm.blockchain_platform.organization_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ org2_name }}" 19 | register: result 20 | 21 | - name: Fail if the organization does not exist 22 | fail: 23 | msg: "Organization {{ org2_name }} does not exist" 24 | when: not result.exists 25 | 26 | - name: Store the organization in a file 27 | copy: 28 | content: "{{ result.organization | to_nice_json }}" 29 | dest: "{{ org2_name }}.json" 30 | -------------------------------------------------------------------------------- /tutorial/v1.x/14-readers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/v1.x/14-writers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /examples/add-admin-cert/04-update-channels-member.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Update admin certificates 6 | hosts: localhost 7 | vars_files: 8 | - vars.yml 9 | tasks: 10 | - name: Get the ordering service details 11 | ibm.blockchain_platform.ordering_service_info: 12 | api_endpoint: "{{ api_endpoint }}" 13 | api_authtype: "{{ api_authtype }}" 14 | api_key: "{{ api_key }}" 15 | api_secret: "{{ api_secret | default(omit) }}" 16 | name: "{{ ordering_service_name }}" 17 | register: ordering_service_info 18 | 19 | - name: Fail if the ordering service does not exist 20 | fail: 21 | msg: Ordering service {{ ordering_service_name }} does not exist 22 | when: not ordering_service_info.exists 23 | 24 | - name: Update channel 25 | include_tasks: tasks/04-update-channel-member.yml 26 | loop: "{{ channel_names }}" 27 | loop_control: 28 | loop_var: channel_name 29 | -------------------------------------------------------------------------------- /examples/add-admin-cert/05-update-channels-admin.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Update admin certificates 6 | hosts: localhost 7 | vars_files: 8 | - vars.yml 9 | tasks: 10 | - name: Get the ordering service details 11 | ibm.blockchain_platform.ordering_service_info: 12 | api_endpoint: "{{ api_endpoint }}" 13 | api_authtype: "{{ api_authtype }}" 14 | api_key: "{{ api_key }}" 15 | api_secret: "{{ api_secret | default(omit) }}" 16 | name: "{{ ordering_service_name }}" 17 | register: ordering_service_info 18 | 19 | - name: Fail if the ordering service does not exist 20 | fail: 21 | msg: Ordering service {{ ordering_service_name }} does not exist 22 | when: not ordering_service_info.exists 23 | 24 | - name: Update channel 25 | include_tasks: tasks/05-update-channel-admin.yml 26 | loop: "{{ channel_names }}" 27 | loop_control: 28 | loop_var: channel_name 29 | -------------------------------------------------------------------------------- /justfile: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | 5 | default: 6 | @just --list 7 | 8 | # Local ansible-galalxy build and install 9 | local: 10 | ansible-galaxy collection build -f 11 | ansible-galaxy collection install $(ls -1 | grep ibm-blockchain_platform) -f 12 | 13 | # Lint the codebase 14 | lint: 15 | #!/bin/bash 16 | set -ex -o pipefail 17 | 18 | flake8 . 19 | ansible-lint 20 | shellcheck tutorial/*.sh 21 | yamllint . 22 | 23 | docker: 24 | docker build -t fabric-ansible . 25 | 26 | # Build the documentation 27 | docs: 28 | #!/bin/bash 29 | set -ex -o pipefail 30 | 31 | cd docs 32 | make clean 33 | make all 34 | 35 | toolcheck: 36 | #!/bin/bash 37 | set -e -o pipefail 38 | 39 | confirm() { 40 | if ! command -v $1 &> /dev/null 41 | then 42 | echo "$1 could not be found" 43 | exit 44 | fi 45 | } 46 | 47 | confirm "shellcheck" 48 | confirm "yamllint" 49 | 50 | -------------------------------------------------------------------------------- /tutorial/15-lifecycle-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tutorial/v1.x/03-export-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Get the organization 12 | ibm.blockchain_platform.organization_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ org1_name }}" 19 | register: result 20 | 21 | - name: Fail if the organization does not exist 22 | fail: 23 | msg: "Organization {{ org1_name }} does not exist" 24 | when: not result.exists 25 | 26 | - name: Store the organization in a file 27 | copy: 28 | content: "{{ result.organization | to_nice_json }}" 29 | dest: "{{ org1_name }}.json" 30 | -------------------------------------------------------------------------------- /tutorial/v1.x/12-export-organization.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the organization 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Get the organization 12 | ibm.blockchain_platform.organization_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ org2_name }}" 19 | register: result 20 | 21 | - name: Fail if the organization does not exist 22 | fail: 23 | msg: "Organization {{ org2_name }} does not exist" 24 | when: not result.exists 25 | 26 | - name: Store the organization in a file 27 | copy: 28 | content: "{{ result.organization | to_nice_json }}" 29 | dest: "{{ org2_name }}.json" 30 | -------------------------------------------------------------------------------- /roles/mzha_endorsing_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # api_endpoint: 7 | # api_authtype: 8 | # api_key: 9 | # api_secret: 10 | # api_token_endpoint: 11 | # zones: 12 | # organization_name: 13 | # ca_admin_enrollment_id 14 | # ca_admin_enrollment_secret 15 | # organization_admin_enrollment_id: 16 | # organization_admin_enrollment_secret: 17 | # peer_enrollment_id 18 | # peer_enrollment_secret 19 | ca_name: "{{ organization_name }} CA" 20 | ca_db_type: postgres 21 | # ca_db_datasource: 22 | ca_db_tls_enabled: true 23 | # ca_db_tls_certfiles: 24 | ca_replicas: 3 25 | # ca_resources: 26 | # ca_storage: 27 | # ca_version: 28 | peers: 4 29 | peer_name: "{{ organization_name }} Peer" 30 | # peer_resources: 31 | # peer_storage: 32 | peer_state_db: couchdb 33 | # peer_version: 34 | wallet: "{{ playbook_dir }}" 35 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 36 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 37 | -------------------------------------------------------------------------------- /roles/console/README.md: -------------------------------------------------------------------------------- 1 | # console 2 | 3 | The IBM Hyperledger Fabric Support Offering provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Hyperledger Fabric Support Offering, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Hyperledger Fabric Support Offering development team. -------------------------------------------------------------------------------- /examples/enable-fabricv2-capability/02-enable-fabricv2-channels.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Update channels to v2 capability 6 | hosts: localhost 7 | vars_files: 8 | - vars.yml 9 | tasks: 10 | - name: Get the ordering service details 11 | ibm.blockchain_platform.ordering_service_info: 12 | api_endpoint: "{{ api_endpoint }}" 13 | api_authtype: "{{ api_authtype }}" 14 | api_key: "{{ api_key }}" 15 | api_secret: "{{ api_secret | default(omit) }}" 16 | name: "{{ ordering_service_name }}" 17 | register: ordering_service_info 18 | 19 | - name: Fail if the ordering service does not exist 20 | fail: 21 | msg: "Ordering service {{ ordering_service_name }} does not exist" 22 | when: not ordering_service_info.exists 23 | 24 | - name: Update channel 25 | include_tasks: tasks/02-enable-fabricv2-channel.yml 26 | loop: "{{ channel_names }}" 27 | loop_control: 28 | loop_var: channel_name 29 | -------------------------------------------------------------------------------- /roles/crds/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # target: k8s | openshift 7 | # arch: amd64 | s390x 8 | # project: my-project 9 | namespace: "" # defined by jinja2 otherwise 10 | 11 | image_pull_secret: docker-key-secret 12 | image_registry: cp.icr.io 13 | image_registry_username: cp 14 | # image_registry_email: user@example.org 15 | # image_registry_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 16 | image_repository: cp 17 | image_registry_url: "{{ image_registry }}/{{ image_repository }}" 18 | 19 | role: "{{ project | default(namespace) | default('') }}" 20 | role_binding: "{{ project | default(namespace) | default('') }}" 21 | security_context_constraints: "{{ project | default(namespace) | default('') }}" 22 | service_account: default 23 | webhook: ibp-webhook 24 | 25 | wait_timeout: 60 26 | product_version: "2.5.3" 27 | webhook_version: "20220503" 28 | webhook_image: "{{ image_registry_url }}/ibp-crdwebhook" 29 | webhook_tag: "{{ product_version }}-{{ webhook_version }}-{{ arch }}" 30 | -------------------------------------------------------------------------------- /roles/crds/templates/openshift/security_context_constraints.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: security.openshift.io/v1 6 | kind: SecurityContextConstraints 7 | metadata: 8 | name: "{{ security_context_constraints }}" 9 | allowHostDirVolumePlugin: true 10 | allowHostIPC: true 11 | allowHostNetwork: true 12 | allowHostPID: true 13 | allowHostPorts: true 14 | allowPrivilegeEscalation: true 15 | allowPrivilegedContainer: true 16 | allowedCapabilities: 17 | - NET_BIND_SERVICE 18 | - CHOWN 19 | - DAC_OVERRIDE 20 | - SETGID 21 | - SETUID 22 | - FOWNER 23 | defaultAddCapabilities: null 24 | fsGroup: 25 | type: RunAsAny 26 | groups: 27 | - system:cluster-admins 28 | - system:authenticated 29 | - system:serviceaccounts:{{ project }} 30 | readOnlyRootFilesystem: false 31 | requiredDropCapabilities: null 32 | runAsUser: 33 | type: RunAsAny 34 | seLinuxContext: 35 | type: RunAsAny 36 | supplementalGroups: 37 | type: RunAsAny 38 | users: 39 | - system:serviceaccounts:{{ project }} 40 | volumes: 41 | - "*" 42 | -------------------------------------------------------------------------------- /tutorial/07-export-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - ordering-org-vars.yml 10 | tasks: 11 | - name: Get the ordering service 12 | ibm.blockchain_platform.ordering_service_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ ordering_service_name }}" 19 | register: result 20 | 21 | - name: Fail if the ordering service does not exist 22 | fail: 23 | msg: Ordering service does not exist 24 | when: not result.exists 25 | 26 | - name: Store the ordering service in a file 27 | copy: 28 | content: "{{ result.ordering_service | to_nice_json }}" 29 | dest: "{{ ordering_service_name }}.json" 30 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/openshift/security_context_constraints.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: security.openshift.io/v1 6 | kind: SecurityContextConstraints 7 | metadata: 8 | name: "{{ security_context_constraints }}" 9 | allowHostDirVolumePlugin: true 10 | allowHostIPC: true 11 | allowHostNetwork: true 12 | allowHostPID: true 13 | allowHostPorts: true 14 | allowPrivilegeEscalation: true 15 | allowPrivilegedContainer: true 16 | allowedCapabilities: 17 | - NET_BIND_SERVICE 18 | - CHOWN 19 | - DAC_OVERRIDE 20 | - SETGID 21 | - SETUID 22 | - FOWNER 23 | defaultAddCapabilities: null 24 | fsGroup: 25 | type: RunAsAny 26 | groups: 27 | - system:cluster-admins 28 | - system:authenticated 29 | - system:serviceaccounts:{{ project }} 30 | readOnlyRootFilesystem: false 31 | requiredDropCapabilities: null 32 | runAsUser: 33 | type: RunAsAny 34 | seLinuxContext: 35 | type: RunAsAny 36 | supplementalGroups: 37 | type: RunAsAny 38 | users: 39 | - system:serviceaccounts:{{ project }} 40 | volumes: 41 | - "*" 42 | -------------------------------------------------------------------------------- /tutorial/v1.x/06-export-ordering-service.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Export the ordering service 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - ordering-org-vars.yml 10 | tasks: 11 | - name: Get the ordering service 12 | ibm.blockchain_platform.ordering_service_info: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | name: "{{ ordering_service_name }}" 19 | register: result 20 | 21 | - name: Fail if the ordering service does not exist 22 | fail: 23 | msg: Ordering service does not exist 24 | when: not result.exists 25 | 26 | - name: Store the ordering service in a file 27 | copy: 28 | content: "{{ result.ordering_service | to_nice_json }}" 29 | dest: "{{ ordering_service_name }}.json" 30 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/security_context_constraints.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: security.openshift.io/v1 6 | kind: SecurityContextConstraints 7 | metadata: 8 | name: "{{ security_context_constraints }}" 9 | allowHostDirVolumePlugin: true 10 | allowHostIPC: true 11 | allowHostNetwork: true 12 | allowHostPID: true 13 | allowHostPorts: true 14 | allowPrivilegeEscalation: true 15 | allowPrivilegedContainer: true 16 | allowedCapabilities: 17 | - NET_BIND_SERVICE 18 | - CHOWN 19 | - DAC_OVERRIDE 20 | - SETGID 21 | - SETUID 22 | - FOWNER 23 | defaultAddCapabilities: null 24 | fsGroup: 25 | type: RunAsAny 26 | groups: 27 | - system:cluster-admins 28 | - system:authenticated 29 | - system:serviceaccounts:{{ project }} 30 | readOnlyRootFilesystem: false 31 | requiredDropCapabilities: null 32 | runAsUser: 33 | type: RunAsAny 34 | seLinuxContext: 35 | type: RunAsAny 36 | supplementalGroups: 37 | type: RunAsAny 38 | users: 39 | - system:serviceaccounts:{{ project }} 40 | volumes: 41 | - "*" 42 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/openshift/security_context_constraints.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: security.openshift.io/v1 6 | kind: SecurityContextConstraints 7 | metadata: 8 | name: "{{ security_context_constraints }}" 9 | allowHostDirVolumePlugin: true 10 | allowHostIPC: true 11 | allowHostNetwork: true 12 | allowHostPID: true 13 | allowHostPorts: true 14 | allowPrivilegeEscalation: true 15 | allowPrivilegedContainer: true 16 | allowedCapabilities: 17 | - NET_BIND_SERVICE 18 | - CHOWN 19 | - DAC_OVERRIDE 20 | - SETGID 21 | - SETUID 22 | - FOWNER 23 | defaultAddCapabilities: null 24 | fsGroup: 25 | type: RunAsAny 26 | groups: 27 | - system:cluster-admins 28 | - system:authenticated 29 | - system:serviceaccounts:{{ project }} 30 | readOnlyRootFilesystem: false 31 | requiredDropCapabilities: null 32 | runAsUser: 33 | type: RunAsAny 34 | seLinuxContext: 35 | type: RunAsAny 36 | supplementalGroups: 37 | type: RunAsAny 38 | users: 39 | - system:serviceaccounts:{{ project }} 40 | volumes: 41 | - "*" 42 | -------------------------------------------------------------------------------- /tutorial/99-delete-ordering-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an ordering organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ ordering_org_name }}" 10 | vars_files: 11 | - common-vars.yml 12 | - ordering-org-vars.yml 13 | roles: 14 | - ibm.blockchain_platform.ordering_organization 15 | 16 | - name: Remove imported components 17 | hosts: localhost 18 | vars_files: 19 | - common-vars.yml 20 | - ordering-org-vars.yml 21 | tasks: 22 | - name: Remove imported organization 23 | ibm.blockchain_platform.external_organization: 24 | api_endpoint: "{{ api_endpoint }}" 25 | api_authtype: "{{ api_authtype }}" 26 | api_key: "{{ api_key }}" 27 | api_secret: "{{ api_secret | default(omit) }}" 28 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 29 | state: absent 30 | name: "{{ org1_name }}" 31 | when: import_export_used | default(false) 32 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # regions: 7 | # api_endpoint: 8 | # api_authtype: 9 | # api_key: 10 | # api_secret: 11 | # api_token_endpoint: 12 | #  zones: 13 | # organization_name: 14 | # ca_admin_enrollment_id 15 | # ca_admin_enrollment_secret 16 | # organization_admin_enrollment_id: 17 | # organization_admin_enrollment_secret: 18 | # ordering_service_enrollment_id: 19 | # ordering_service_enrollment_secret: 20 | ca_name: "{{ organization_name }} CA" 21 | ca_db_type: postgres 22 | # ca_db_datasource: 23 | ca_db_tls_enabled: true 24 | # ca_db_tls_certfiles: 25 | ca_replicas: 3 26 | # ca_resources: 27 | # ca_storage: 28 | # ca_version: 29 | peers: 6 30 | peer_name: "{{ organization_name }} Peer" 31 | # peer_resources: 32 | # peer_storage: 33 | peer_state_db: couchdb 34 | # peer_version: 35 | wallet: "{{ playbook_dir }}" 36 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 37 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 38 | -------------------------------------------------------------------------------- /tutorial/v1.x/99-delete-ordering-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an ordering organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ ordering_org_name }}" 10 | vars_files: 11 | - common-vars.yml 12 | - ordering-org-vars.yml 13 | roles: 14 | - ibm.blockchain_platform.ordering_organization 15 | 16 | - name: Remove imported components 17 | hosts: localhost 18 | vars_files: 19 | - common-vars.yml 20 | - ordering-org-vars.yml 21 | tasks: 22 | - name: Remove imported organization 23 | ibm.blockchain_platform.external_organization: 24 | api_endpoint: "{{ api_endpoint }}" 25 | api_authtype: "{{ api_authtype }}" 26 | api_key: "{{ api_key }}" 27 | api_secret: "{{ api_secret | default(omit) }}" 28 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 29 | state: absent 30 | name: "{{ org1_name }}" 31 | when: import_export_used | default(false) 32 | -------------------------------------------------------------------------------- /.github/scripts/run-integration-tests.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | set -euo pipefail 3 | cd ~/.ansible/collections/ansible_collections/ibm/blockchain_platform 4 | TEST_RUN_ID=$(dd if=/dev/urandom bs=4096 count=1 2>/dev/null | shasum | awk '{print $1}') 5 | SHORT_TEST_RUN_ID=$(echo "${TEST_RUN_ID}" | awk '{print substr($1,1,8)}') 6 | yq -yi ".api_endpoint=\"${API_ENDPOINT}\"" tests/integration/integration_config.yml 7 | yq -yi ".api_authtype=\"${API_AUTHTYPE}\"" tests/integration/integration_config.yml 8 | yq -yi ".api_key=\"${API_KEY}\"" tests/integration/integration_config.yml 9 | yq -yi ".api_secret=\"${API_SECRET}\"" tests/integration/integration_config.yml 10 | yq -yi ".api_timeout=300" tests/integration/integration_config.yml 11 | yq -yi ".k8s_namespace=\"${K8S_NAMESPACE}\"" tests/integration/integration_config.yml 12 | yq -yi ".test_run_id=\"${TEST_RUN_ID}\"" tests/integration/integration_config.yml 13 | yq -yi ".short_test_run_id=\"${SHORT_TEST_RUN_ID}\"" tests/integration/integration_config.yml 14 | yq -yi ".wait_timeout=1800" tests/integration/integration_config.yml 15 | ansible-test integration 16 | -------------------------------------------------------------------------------- /roles/mzha_ordering_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # api_endpoint: 7 | # api_authtype: 8 | # api_key: 9 | # api_secret: 10 | # api_token_endpoint: 11 | # zones: 12 | # organization_name: 13 | # ca_admin_enrollment_id 14 | # ca_admin_enrollment_secret 15 | # organization_admin_enrollment_id: 16 | # organization_admin_enrollment_secret: 17 | # ordering_service_enrollment_id: 18 | # ordering_service_enrollment_secret: 19 | ca_name: "{{ organization_name }} CA" 20 | ca_db_type: postgres 21 | # ca_db_datasource: 22 | ca_db_tls_enabled: true 23 | # ca_db_tls_certfiles: 24 | ca_replicas: 3 25 | # ca_resources: 26 | # ca_storage: 27 | # ca_version: 28 | ordering_service_name: Ordering Service 29 | ordering_service_nodes: 5 30 | # ordering_service_resources: 31 | # ordering_service_storage: 32 | # ordering_service_version: 33 | # ordering_service_zones: 34 | wallet: "{{ playbook_dir }}" 35 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 36 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 37 | -------------------------------------------------------------------------------- /roles/crds/README.md: -------------------------------------------------------------------------------- 1 | # crds 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /tests/integration/targets/it_endorsing_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Set test facts 6 | set_fact: 7 | organization_name: "Test Org {{ short_test_run_id }}" 8 | organization_msp_id: "TestOrg{{ short_test_run_id }}MSP" 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: orgadmin 12 | organization_admin_enrollment_secret: orgadminpw 13 | peer_enrollment_id: peer 14 | peer_enrollment_secret: peerpw 15 | k8s_namespace: "{{ k8s_namespace | mandatory }}" 16 | wait_timeout: "{{ wait_timeout | mandatory }}" 17 | 18 | - name: Run tests 19 | block: 20 | - name: Create endorsing organization 21 | include_role: 22 | name: ibm.blockchain_platform.endorsing_organization 23 | vars: 24 | state: present 25 | register: result 26 | 27 | always: 28 | - name: Delete endorsing organization 29 | include_role: 30 | name: ibm.blockchain_platform.endorsing_organization 31 | vars: 32 | state: absent 33 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # regions: 7 | # api_endpoint: 8 | # api_authtype: 9 | # api_key: 10 | # api_secret: 11 | # api_token_endpoint: 12 | #  zones: 13 | # organization_name: 14 | # ca_admin_enrollment_id 15 | # ca_admin_enrollment_secret 16 | # organization_admin_enrollment_id: 17 | # organization_admin_enrollment_secret: 18 | # ordering_service_enrollment_id: 19 | # ordering_service_enrollment_secret: 20 | ca_name: "{{ organization_name }} CA" 21 | ca_db_type: postgres 22 | # ca_db_datasource: 23 | ca_db_tls_enabled: true 24 | # ca_db_tls_certfiles: 25 | ca_replicas: 3 26 | # ca_resources: 27 | # ca_storage: 28 | # ca_version: 29 | ordering_service_name: Ordering Service 30 | ordering_service_nodes: 5 31 | # ordering_service_resources: 32 | # ordering_service_storage: 33 | # ordering_service_version: 34 | # ordering_service_zones: 35 | wallet: "{{ playbook_dir }}" 36 | ca_admin_identity: "{{ wallet }}/{{ ca_name }} Admin.json" 37 | organization_admin_identity: "{{ wallet }}/{{ organization_name }} Admin.json" 38 | -------------------------------------------------------------------------------- /roles/ordering_organization/README.md: -------------------------------------------------------------------------------- 1 | # ordering_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/endorsing_organization/README.md: -------------------------------------------------------------------------------- 1 | # endorsing_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/README.md: -------------------------------------------------------------------------------- 1 | # mrha_ordering_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/mzha_ordering_organization/README.md: -------------------------------------------------------------------------------- 1 | # mzha_ordering_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/README.md: -------------------------------------------------------------------------------- 1 | # mrha_endorsing_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /roles/mzha_endorsing_organization/README.md: -------------------------------------------------------------------------------- 1 | # mzha_endorsing_organization 2 | 3 | The IBM Blockchain Platform provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Blockchain Platform, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Blockchain Platform development team. For more information on the IBM Blockchain Platform, visit the following website: https://www.ibm.com/cloud/blockchain-platform -------------------------------------------------------------------------------- /tutorial/98-delete-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ org2_name }}" 10 | ca_name: "{{ org2_ca_name }}" 11 | peer_name: "{{ org2_peer_name }}" 12 | vars_files: 13 | - common-vars.yml 14 | - org2-vars.yml 15 | roles: 16 | - ibm.blockchain_platform.endorsing_organization 17 | 18 | - name: Remove imported components 19 | hosts: localhost 20 | vars_files: 21 | - common-vars.yml 22 | - org2-vars.yml 23 | tasks: 24 | - name: Remove imported ordering service 25 | ibm.blockchain_platform.external_ordering_service: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | state: absent 32 | name: "{{ ordering_service_name }}" 33 | when: import_export_used | default(false) 34 | -------------------------------------------------------------------------------- /tutorial/v1.x/98-delete-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ org2_name }}" 10 | ca_name: "{{ org2_ca_name }}" 11 | peer_name: "{{ org2_peer_name }}" 12 | vars_files: 13 | - common-vars.yml 14 | - org2-vars.yml 15 | roles: 16 | - ibm.blockchain_platform.endorsing_organization 17 | 18 | - name: Remove imported components 19 | hosts: localhost 20 | vars_files: 21 | - common-vars.yml 22 | - org2-vars.yml 23 | tasks: 24 | - name: Remove imported ordering service 25 | ibm.blockchain_platform.external_ordering_service: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | state: absent 32 | name: "{{ ordering_service_name }}" 33 | when: import_export_used | default(false) 34 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/delete/secondary-region.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Clear ordering service nodes 6 | set_fact: 7 | ordering_service_nodes_in_region: 0 8 | 9 | - name: Determine and set ordering service nodes 10 | set_fact: 11 | ordering_service_nodes_in_region: "{{ (ordering_service_nodes_in_region | int) + 1 }}" 12 | loop: "{{ range(0, ordering_service_nodes, 1) | list }}" 13 | when: region_index == (item % (regions | length)) 14 | 15 | - name: Clear ordering service zones 16 | set_fact: 17 | ordering_service_zones_in_region: [] 18 | 19 | - name: Determine and set ordering service zones 20 | set_fact: 21 | ordering_service_zones_in_region: "{{ (ordering_service_zones_in_region | default([])) + [zones[item % (zones | length)]] }}" 22 | loop: "{{ range(0, ordering_service_nodes_in_region | int, 1) | list }}" 23 | when: zones is defined and zones 24 | 25 | - name: Delete ordering service nodes 26 | include_tasks: secondary-osn.yml 27 | loop: "{{ range(0, ordering_service_nodes_in_region | int, 1) | list }}" 28 | loop_control: 29 | index_var: node_index 30 | -------------------------------------------------------------------------------- /tutorial/v1.x/20-instantiate-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Instantiate chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Instantiate the chaincode on the channel 12 | ibm.blockchain_platform.instantiated_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org1_peer_name }}" 19 | identity: "{{ org1_name }} Admin.json" 20 | msp_id: "{{ org1_msp_id }}" 21 | channel: "{{ channel_name }}" 22 | name: "{{ smart_contract_name }}" 23 | constructor: 24 | function: "{{ smart_contract_constructor | default(omit) }}" 25 | version: "{{ smart_contract_version }}" 26 | endorsement_policy: "{{ smart_contract_endorsement_policy | default(omit) }}" 27 | collections_config: "{{ smart_contract_collections_file | default(omit) }}" 28 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/README.md: -------------------------------------------------------------------------------- 1 | # hlfsupport_crds 2 | 3 | The IBM Support for Hyperledger Fabric provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Support for Hyperledger Fabric, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Support for Hyperledger Fabric development team. For more information on the IBM Support for Hyperledger Fabric, visit the following website: https://www.ibm.com/cloud/blockchain-platform/hyperledger-fabric-support -------------------------------------------------------------------------------- /tutorial/21-commit-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Commit chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Commit the chaincode on the channel 12 | ibm.blockchain_platform.committed_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org1_peer_name }}" 19 | identity: "{{ org1_name }} Admin.json" 20 | msp_id: "{{ org1_msp_id }}" 21 | channel: "{{ channel_name }}" 22 | organizations: 23 | - "{{ org1_name }}" 24 | - "{{ org2_name }}" 25 | name: "{{ smart_contract_name }}" 26 | version: "{{ smart_contract_version }}" 27 | sequence: "{{ smart_contract_sequence }}" 28 | endorsement_policy: "{{ smart_contract_endorsement_policy | default(omit) }}" 29 | collections_config: "{{ smart_contract_collections_file | default(omit) }}" 30 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/README.md: -------------------------------------------------------------------------------- 1 | # hlfsupport_crds 2 | 3 | The IBM Support for Hyperledger Fabric provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the IBM Support for Hyperledger Fabric, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Support for Hyperledger Fabric development team. For more information on the IBM Support for Hyperledger Fabric, visit the following website: https://www.ibm.com/cloud/blockchain-platform/hyperledger-fabric-support -------------------------------------------------------------------------------- /docs/source/modules.rst: -------------------------------------------------------------------------------- 1 | .. 2 | .. SPDX-License-Identifier: Apache-2.0 3 | .. 4 | 5 | Modules 6 | ======= 7 | 8 | Modules can be used from the command line or in a playbook task. Ansible 9 | executes each module, usually on the remote target node, and collects return 10 | values. 11 | 12 | While different modules perform different tasks, their interfaces and responses 13 | follow similar patterns. 14 | 15 | 16 | Invoking transactions 17 | --------------------- 18 | 19 | Ansible modules should work on the principle that they are idempotent; the same playbook 20 | can be executed more than once safetly. Submmiting a transactions to Fabric would break this concept. 21 | 22 | The modules here are intended for administrative purposes; for this reason and to main the modules 23 | as being idempotent there are no modules for general purpose transaction invoking. 24 | 25 | Module reference 26 | ---------------- 27 | 28 | Reference material for each module contains documentation on what parameters 29 | certain modules accept and what values they expect those parameters to be. 30 | 31 | 32 | .. toctree:: 33 | :maxdepth: 1 34 | :caption: Contents: 35 | :glob: 36 | 37 | modules/* 38 | 39 | 40 | -------------------------------------------------------------------------------- /tests/integration/targets/it_ordering_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Set test facts 6 | set_fact: 7 | organization_name: "Test Org {{ short_test_run_id }}" 8 | organization_msp_id: "TestOrg{{ short_test_run_id }}MSP" 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: orgadmin 12 | organization_admin_enrollment_secret: orgadminpw 13 | ordering_service_enrollment_id: orderingservice 14 | ordering_service_enrollment_secret: orderingservicepw 15 | ordering_service_name: "Test Ordering Service {{ short_test_run_id }}" 16 | k8s_namespace: "{{ k8s_namespace | mandatory }}" 17 | wait_timeout: "{{ wait_timeout | mandatory }}" 18 | 19 | - name: Run tests 20 | block: 21 | - name: Create ordering organization 22 | include_role: 23 | name: ibm.blockchain_platform.ordering_organization 24 | vars: 25 | state: present 26 | register: result 27 | 28 | always: 29 | - name: Delete ordering organization 30 | include_role: 31 | name: ibm.blockchain_platform.ordering_organization 32 | vars: 33 | state: absent 34 | -------------------------------------------------------------------------------- /.github/workflows/purge.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | name: Purge 6 | on: 7 | workflow_dispatch: {} 8 | jobs: 9 | purge: 10 | strategy: 11 | matrix: 12 | include: 13 | - api_endpoint: API_ENDPOINT_SOFTWARE 14 | api_authtype: API_AUTHTYPE_SOFTWARE 15 | api_key: API_KEY_SOFTWARE 16 | api_secret: API_SECRET_SOFTWARE 17 | k8s_namespace: K8S_NAMESPACE_SOFTWARE 18 | target: software 19 | - api_endpoint: API_ENDPOINT_SAAS 20 | api_authtype: API_AUTHTYPE_SAAS 21 | api_key: API_KEY_SAAS 22 | api_secret: API_SECRET_SAAS 23 | k8s_namespace: K8S_NAMESPACE_SAAS 24 | target: SaaS 25 | name: Purge (${{ matrix.target }}) 26 | runs-on: ubuntu-latest 27 | steps: 28 | - name: Checkout 29 | uses: actions/checkout@v2 30 | - name: Purge all components 31 | run: .github/scripts/purge.sh 32 | env: 33 | API_ENDPOINT: ${{ secrets[matrix.api_endpoint] }} 34 | API_AUTHTYPE: ${{ secrets[matrix.api_authtype] }} 35 | API_KEY: ${{ secrets[matrix.api_key] }} 36 | API_SECRET: ${{ secrets[matrix.api_secret] }} 37 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/delete/secondary-region.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Clear peers 6 | set_fact: 7 | peers_in_region: 0 8 | 9 | - name: Determine and set peers 10 | set_fact: 11 | peers_in_region: "{{ (peers_in_region | int) + 1 }}" 12 | loop: "{{ range(0, peers, 1) | list }}" 13 | when: region_index == (item % (regions | length)) 14 | 15 | - name: Clear peer indexes 16 | set_fact: 17 | peer_indexes: [] 18 | 19 | - name: Determine and set peer indexes 20 | set_fact: 21 | peer_indexes: "{{ (peer_indexes | default([])) + [item] }}" 22 | loop: "{{ range(0, peers, 1) | list }}" 23 | when: region_index == (item % (regions | length)) 24 | 25 | - name: Clear peer zones 26 | set_fact: 27 | peer_zones_in_region: [] 28 | 29 | - name: Determine and set peer zones 30 | set_fact: 31 | peer_zones_in_region: "{{ (peer_zones_in_region | default([])) + [zones[item % (zones | length)]] }}" 32 | loop: "{{ range(0, peers_in_region | int, 1) | list }}" 33 | when: zones is defined and zones 34 | 35 | - name: Delete peers 36 | include_tasks: secondary-peer.yml 37 | loop: "{{ range(0, peers_in_region | int, 1) | list }}" 38 | loop_control: 39 | index_var: peer_index 40 | -------------------------------------------------------------------------------- /roles/endorsing_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if API endpoint not specified 6 | fail: 7 | msg: api_endpoint not specified or is empty 8 | when: not api_endpoint is defined or not api_endpoint 9 | 10 | - name: Fail if API authentication type not specified 11 | fail: 12 | msg: api_authtype not specified or is not one of "ibmcloud" or "basic" 13 | when: not api_authtype is defined or not api_authtype in ("ibmcloud", "basic") 14 | 15 | - name: Fail if API key not specified 16 | fail: 17 | msg: api_key not specified or is empty 18 | when: not api_key is defined or not api_key 19 | 20 | - name: Fail if API secret not specified 21 | fail: 22 | msg: api_secret not specified or is empty 23 | when: (api_authtype == "basic") and (not api_secret is defined or not api_secret) 24 | 25 | - name: Fail if organization name not specified 26 | fail: 27 | msg: organization_name not specified or is empty 28 | when: not organization_name is defined or not organization_name 29 | 30 | - name: Create endorsing organization 31 | include_tasks: create.yml 32 | when: state == "present" 33 | 34 | - name: Delete endorsing organization 35 | include_tasks: delete.yml 36 | when: state == "absent" 37 | -------------------------------------------------------------------------------- /roles/ordering_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if API endpoint not specified 6 | fail: 7 | msg: api_endpoint not specified or is empty 8 | when: not api_endpoint is defined or not api_endpoint 9 | 10 | - name: Fail if API authentication type not specified 11 | fail: 12 | msg: api_authtype not specified or is not one of "ibmcloud" or "basic" 13 | when: not api_authtype is defined or not api_authtype in ("ibmcloud", "basic") 14 | 15 | - name: Fail if API key not specified 16 | fail: 17 | msg: api_key not specified or is empty 18 | when: not api_key is defined or not api_key 19 | 20 | - name: Fail if API secret not specified 21 | fail: 22 | msg: api_secret not specified or is empty 23 | when: (api_authtype == "basic") and (not api_secret is defined or not api_secret) 24 | 25 | - name: Fail if organization name not specified 26 | fail: 27 | msg: organization_name not specified or is empty 28 | when: not organization_name is defined or not organization_name 29 | 30 | - name: Create ordering organization 31 | include_tasks: create.yml 32 | when: state == "present" 33 | 34 | - name: Delete ordering organization 35 | include_tasks: delete.yml 36 | when: state == "absent" 37 | -------------------------------------------------------------------------------- /roles/mzha_endorsing_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if API endpoint not specified 6 | fail: 7 | msg: api_endpoint not specified or is empty 8 | when: not api_endpoint is defined or not api_endpoint 9 | 10 | - name: Fail if API authentication type not specified 11 | fail: 12 | msg: api_authtype not specified or is not one of "ibmcloud" or "basic" 13 | when: not api_authtype is defined or not api_authtype in ("ibmcloud", "basic") 14 | 15 | - name: Fail if API key not specified 16 | fail: 17 | msg: api_key not specified or is empty 18 | when: not api_key is defined or not api_key 19 | 20 | - name: Fail if API secret not specified 21 | fail: 22 | msg: api_secret not specified or is empty 23 | when: (api_authtype == "basic") and (not api_secret is defined or not api_secret) 24 | 25 | - name: Fail if organization name not specified 26 | fail: 27 | msg: organization_name not specified or is empty 28 | when: not organization_name is defined or not organization_name 29 | 30 | - name: Create endorsing organization 31 | include_tasks: create.yml 32 | when: state == "present" 33 | 34 | - name: Delete endorsing organization 35 | include_tasks: delete.yml 36 | when: state == "absent" 37 | -------------------------------------------------------------------------------- /roles/mzha_ordering_organization/tasks/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if API endpoint not specified 6 | fail: 7 | msg: api_endpoint not specified or is empty 8 | when: not api_endpoint is defined or not api_endpoint 9 | 10 | - name: Fail if API authentication type not specified 11 | fail: 12 | msg: api_authtype not specified or is not one of "ibmcloud" or "basic" 13 | when: not api_authtype is defined or not api_authtype in ("ibmcloud", "basic") 14 | 15 | - name: Fail if API key not specified 16 | fail: 17 | msg: api_key not specified or is empty 18 | when: not api_key is defined or not api_key 19 | 20 | - name: Fail if API secret not specified 21 | fail: 22 | msg: api_secret not specified or is empty 23 | when: (api_authtype == "basic") and (not api_secret is defined or not api_secret) 24 | 25 | - name: Fail if organization name not specified 26 | fail: 27 | msg: organization_name not specified or is empty 28 | when: not organization_name is defined or not organization_name 29 | 30 | - name: Create ordering organization 31 | include_tasks: create.yml 32 | when: state == "present" 33 | 34 | - name: Delete ordering organization 35 | include_tasks: delete.yml 36 | when: state == "absent" 37 | -------------------------------------------------------------------------------- /plugins/module_utils/proto_utils.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | 6 | from __future__ import absolute_import, division, print_function 7 | __metaclass__ = type 8 | 9 | from .file_utils import get_temp_file 10 | 11 | import json 12 | import os 13 | import subprocess 14 | 15 | 16 | def proto_to_json(proto_type, proto_input): 17 | temp_file = get_temp_file() 18 | try: 19 | subprocess.run([ 20 | 'configtxlator', 'proto_decode', f'--type={proto_type}', f'--output={temp_file}' 21 | ], input=proto_input, text=False, close_fds=True, check=True, capture_output=True) 22 | with open(temp_file, 'rb') as file: 23 | return json.load(file) 24 | finally: 25 | os.remove(temp_file) 26 | 27 | 28 | def json_to_proto(proto_type, json_input): 29 | json_data = json.dumps(json_input).encode('utf-8') 30 | temp_file = get_temp_file() 31 | try: 32 | subprocess.run([ 33 | 'configtxlator', 'proto_encode', f'--type={proto_type}', f'--output={temp_file}' 34 | ], input=json_data, text=False, close_fds=True, check=True, capture_output=True) 35 | with open(temp_file, 'rb') as file: 36 | return file.read() 37 | finally: 38 | os.remove(temp_file) 39 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/openshift/console.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | 6 | apiVersion: ibp.com/v1beta1 7 | kind: IBPConsole 8 | metadata: 9 | name: "{{ console }}" 10 | spec: 11 | arch: 12 | - "{{ arch }}" 13 | license: 14 | accept: true 15 | serviceAccountName: "{{ service_account }}" 16 | email: "{{ console_email }}" 17 | password: "{{ console_default_password }}" 18 | registryURL: "{{ image_registry_url }}" 19 | imagePullSecrets: 20 | - "{{ image_pull_secret }}" 21 | networkinfo: 22 | domain: "{{ console_domain }}" 23 | storage: 24 | console: 25 | class: "{{ console_storage_class }}" 26 | size: "{{ console_storage_size }}" 27 | {%+ if console_tls_secret is defined %} 28 | tlsSecretName: "{{ console_tls_secret }}" 29 | {% endif %} 30 | {%+ if zones is defined %} 31 | clusterdata: 32 | zones: 33 | {%+ for zone in zones %} 34 | - "{{ zone }}" 35 | {% endfor %} 36 | {% endif %} 37 | {%+ if console_images is defined %} 38 | images: 39 | {{ console_images | to_nice_yaml(indent=2, width=1024) | indent(4, false) }} 40 | {% endif %} 41 | {%+ if console_versions is defined %} 42 | versions: 43 | {{ console_versions | to_nice_yaml(indent=2, width=1024) | indent(4, false) }} 44 | {% endif %} 45 | -------------------------------------------------------------------------------- /plugins/module_utils/dict_utils.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # SPDX-License-Identifier: Apache-2.0 4 | # 5 | 6 | from __future__ import absolute_import, division, print_function 7 | __metaclass__ = type 8 | 9 | from collections.abc import Mapping 10 | import json 11 | 12 | 13 | def copy_dict(source): 14 | return json.loads(json.dumps(source)) 15 | 16 | 17 | def merge_dicts(target, source): 18 | for key, value in source.items(): 19 | if key in target and isinstance(target[key], dict) and isinstance(source[key], Mapping): 20 | merge_dicts(target[key], source[key]) 21 | else: 22 | target[key] = source[key] 23 | 24 | 25 | def diff_dicts(target, source): 26 | result = dict() 27 | for key, value in source.items(): 28 | if key in target and isinstance(target[key], dict) and isinstance(source[key], Mapping): 29 | sub_result = diff_dicts(target[key], source[key]) 30 | if bool(sub_result): 31 | result[key] = sub_result 32 | elif target.get(key, None) != source[key]: 33 | result[key] = source[key] 34 | return result 35 | 36 | 37 | def equal_dicts(source1, source2): 38 | json1 = json.dumps(source1, sort_keys=True) 39 | json2 = json.dumps(source2, sort_keys=True) 40 | return json1 == json2 41 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/create/secondary-region.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Load the organization admin 6 | ibm.blockchain_platform.enrolled_identity_info: 7 | path: "{{ organization_admin_identity }}" 8 | register: org_admin 9 | 10 | - name: Clear ordering service nodes 11 | set_fact: 12 | ordering_service_nodes_in_region: 0 13 | 14 | - name: Determine and set ordering service nodes 15 | set_fact: 16 | ordering_service_nodes_in_region: "{{ (ordering_service_nodes_in_region | int) + 1 }}" 17 | loop: "{{ range(0, ordering_service_nodes, 1) | list }}" 18 | when: region_index == (item % (regions | length)) 19 | 20 | - name: Clear ordering service zones 21 | set_fact: 22 | ordering_service_zones_in_region: [] 23 | 24 | - name: Determine and set ordering service zones 25 | set_fact: 26 | ordering_service_zones_in_region: "{{ (ordering_service_zones_in_region | default([])) + [zones[item % (zones | length)]] }}" 27 | loop: "{{ range(0, ordering_service_nodes_in_region | int, 1) | list }}" 28 | when: zones is defined and zones 29 | 30 | - name: Create ordering service nodes 31 | include_tasks: secondary-osn.yml 32 | loop: "{{ range(0, ordering_service_nodes_in_region | int, 1) | list }}" 33 | loop_control: 34 | index_var: node_index 35 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/README.md: -------------------------------------------------------------------------------- 1 | # hlfsupport_console 2 | 3 | The IBM Support for Hyperledger Fabric provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise blockchain. It also helps you to deploy Hyperledger Fabric networks anywhere, either to cloud or on-premises, using Kubernetes. 4 | 5 | This Ansible collection, provided as part of the provides advanced tooling that allows you to quickly build, operate & govern and grow blockchain networks. It uses Hyperledger Fabric, the open source, industry standard for enterprise block, enables you to automate the building of Hyperledger Fabric networks. 6 | 7 | ## Documentation 8 | 9 | Documentation for this Ansible collection is available here: https://ibm-blockchain.github.io/ansible-collection/ 10 | 11 | The documentation includes installation instructions, tutorials, and reference material for all modules and roles in this collection. 12 | 13 | ## License 14 | 15 | Apache-2.0 16 | 17 | ## Author Information 18 | 19 | This Ansible collection is maintained by the IBM Support for Hyperledger Fabric development team. For more information on the IBM Support for Hyperledger Fabric, visit the following website: https://www.ibm.com/cloud/blockchain-platform/hyperledger-fabric-support -------------------------------------------------------------------------------- /roles/console/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" or "s390x" 8 | when: not arch is defined or not arch in ("amd64", "s390x") 9 | 10 | - name: Fail if image registry email not specified 11 | fail: 12 | msg: image_registry_email not specified or is empty 13 | when: not image_registry_email is defined or not image_registry_email 14 | 15 | - name: Fail if image registry password not specified 16 | fail: 17 | msg: image_registry_password not specified or is empty 18 | when: not image_registry_password is defined or not image_registry_password 19 | 20 | - name: Fail if console domain not specified 21 | fail: 22 | msg: console_domain not specified or is empty 23 | when: not console_domain is defined or not console_domain 24 | 25 | - name: Fail if console email not specified 26 | fail: 27 | msg: console_email not specified or is empty 28 | when: not console_email is defined or not console_email 29 | 30 | - name: Fail if console default password not specified 31 | fail: 32 | msg: console_default_password not specified or is empty 33 | when: not console_default_password is defined or not console_default_password 34 | 35 | - name: Create console 36 | include_tasks: "{{ target }}/create.yml" 37 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/tasks/create.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Fail if architecture not specified 6 | fail: 7 | msg: arch not specified or is not one of "amd64" or "s390x" 8 | when: not arch is defined or not arch in ("amd64", "s390x") 9 | 10 | - name: Fail if image registry email not specified 11 | fail: 12 | msg: image_registry_email not specified or is empty 13 | when: not image_registry_email is defined or not image_registry_email 14 | 15 | - name: Fail if image registry password not specified 16 | fail: 17 | msg: image_registry_password not specified or is empty 18 | when: not image_registry_password is defined or not image_registry_password 19 | 20 | - name: Fail if console domain not specified 21 | fail: 22 | msg: console_domain not specified or is empty 23 | when: not console_domain is defined or not console_domain 24 | 25 | - name: Fail if console email not specified 26 | fail: 27 | msg: console_email not specified or is empty 28 | when: not console_email is defined or not console_email 29 | 30 | - name: Fail if console default password not specified 31 | fail: 32 | msg: console_default_password not specified or is empty 33 | when: not console_default_password is defined or not console_default_password 34 | 35 | - name: Create console 36 | include_tasks: "{{ target }}/create.yml" 37 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/k8s/rbac/hlf-operator-clusterrolebinding.yaml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | kind: ClusterRoleBinding 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | metadata: 22 | name: hlf-operator-rolebinding 23 | labels: 24 | release: "operator" 25 | helm.sh/chart: "ibm-hlfsupport" 26 | app.kubernetes.io/name: "ibm-hlfsupport" 27 | app.kubernetes.io/instance: "ibm-hlfsupport" 28 | app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" 29 | subjects: 30 | - kind: ServiceAccount 31 | name: hlf-operator 32 | namespace: "{{namespace}}" 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: ClusterRole 36 | name: hlf-operator-role 37 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/delete/primary-peer.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete peer 6 | ibm.blockchain_platform.peer: 7 | state: "{{ state }}" 8 | api_endpoint: "{{ region.api_endpoint }}" 9 | api_authtype: "{{ region.api_authtype }}" 10 | api_key: "{{ region.api_key }}" 11 | api_secret: "{{ region.api_secret | default(omit) }}" 12 | api_token_endpoint: "{{ region.api_token_endpoint | default(omit) }}" 13 | api_timeout: "{{ region.api_timeout | default(omit) }}" 14 | name: "{{ peer_name }}{{ peer_indexes[peer_index] + 1 }}" 15 | 16 | - name: Remove peer into all other regions 17 | ibm.blockchain_platform.external_peer: 18 | state: "{{ state }}" 19 | api_endpoint: "{{ other_region.api_endpoint }}" 20 | api_authtype: "{{ other_region.api_authtype }}" 21 | api_key: "{{ other_region.api_key }}" 22 | api_secret: "{{ other_region.api_secret | default(omit) }}" 23 | api_token_endpoint: "{{ other_region.api_token_endpoint | default(omit) }}" 24 | api_timeout: "{{ other_region.api_timeout | default(omit) }}" 25 | name: "{{ peer_name }}{{ peer_indexes[peer_index] + 1 }}" 26 | when: region_index != other_region_index 27 | loop: "{{ regions }}" 28 | loop_control: 29 | index_var: other_region_index 30 | label: "{{ other_region.api_endpoint }}" 31 | loop_var: other_region 32 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/delete/secondary-peer.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete peer 6 | ibm.blockchain_platform.peer: 7 | state: "{{ state }}" 8 | api_endpoint: "{{ region.api_endpoint }}" 9 | api_authtype: "{{ region.api_authtype }}" 10 | api_key: "{{ region.api_key }}" 11 | api_secret: "{{ region.api_secret | default(omit) }}" 12 | api_token_endpoint: "{{ region.api_token_endpoint | default(omit) }}" 13 | api_timeout: "{{ region.api_timeout | default(omit) }}" 14 | name: "{{ peer_name }}{{ peer_indexes[peer_index] + 1 }}" 15 | 16 | - name: Remove peer into all other regions 17 | ibm.blockchain_platform.external_peer: 18 | state: "{{ state }}" 19 | api_endpoint: "{{ other_region.api_endpoint }}" 20 | api_authtype: "{{ other_region.api_authtype }}" 21 | api_key: "{{ other_region.api_key }}" 22 | api_secret: "{{ other_region.api_secret | default(omit) }}" 23 | api_token_endpoint: "{{ other_region.api_token_endpoint | default(omit) }}" 24 | api_timeout: "{{ other_region.api_timeout | default(omit) }}" 25 | name: "{{ peer_name }}{{ peer_indexes[peer_index] + 1 }}" 26 | when: region_index != other_region_index 27 | loop: "{{ regions }}" 28 | loop_control: 29 | index_var: other_region_index 30 | label: "{{ other_region.api_endpoint }}" 31 | loop_var: other_region 32 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/openshift/rbac/hlf-operator-clusterrolebinding.yaml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | kind: ClusterRoleBinding 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | metadata: 22 | name: hlf-operator-rolebinding 23 | labels: 24 | release: "operator" 25 | helm.sh/chart: "ibm-hlfsupport" 26 | app.kubernetes.io/name: "ibm-hlfsupport" 27 | app.kubernetes.io/instance: "ibm-hlfsupport" 28 | app.kubernetes.io/managed-by: "ibm-hlfsupport-operator" 29 | subjects: 30 | - kind: ServiceAccount 31 | name: hlf-operator 32 | namespace: "{{namespace}}" 33 | roleRef: 34 | apiGroup: rbac.authorization.k8s.io 35 | kind: ClusterRole 36 | name: hlf-operator-role 37 | -------------------------------------------------------------------------------- /examples/opensource-stack/templates/ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | apiVersion: kustomize.config.k8s.io/v1beta1 19 | kind: Kustomization 20 | 21 | resources: 22 | - https://github.com/kubernetes/ingress-nginx.git/deploy/static/provider/cloud?ref=controller-v1.1.2 23 | 24 | patchesStrategicMerge: 25 | - ingress-nginx-controller.yaml 26 | 27 | # Remove the port `appProtocol` attribute as this is not accepted by all cloud providers 28 | patchesJson6902: 29 | - target: 30 | kind: Service 31 | name: ingress-nginx-controller 32 | version: v1 33 | patch: |- 34 | - op: remove 35 | path: "/spec/ports/0/appProtocol" 36 | - op: remove 37 | path: "/spec/ports/1/appProtocol" 38 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/k8s/ingress/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | apiVersion: kustomize.config.k8s.io/v1beta1 19 | kind: Kustomization 20 | 21 | resources: 22 | - https://github.com/kubernetes/ingress-nginx.git/deploy/static/provider/cloud?ref=controller-v1.1.2 23 | 24 | patchesStrategicMerge: 25 | - ingress-nginx-controller.yaml 26 | 27 | # Remove the port `appProtocol` attribute as this is not accepted by all cloud providers 28 | patchesJson6902: 29 | - target: 30 | kind: Service 31 | name: ingress-nginx-controller 32 | version: v1 33 | patch: |- 34 | - op: remove 35 | path: "/spec/ports/0/appProtocol" 36 | - op: remove 37 | path: "/spec/ports/1/appProtocol" 38 | -------------------------------------------------------------------------------- /roles/mrha_endorsing_organization/tasks/create/secondary-region.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Load the organization admin 6 | ibm.blockchain_platform.enrolled_identity_info: 7 | path: "{{ organization_admin_identity }}" 8 | register: org_admin 9 | 10 | - name: Clear peers 11 | set_fact: 12 | peers_in_region: 0 13 | 14 | - name: Determine and set peers 15 | set_fact: 16 | peers_in_region: "{{ (peers_in_region | int) + 1 }}" 17 | loop: "{{ range(0, peers, 1) | list }}" 18 | when: region_index == (item % (regions | length)) 19 | 20 | - name: Clear peer indexes 21 | set_fact: 22 | peer_indexes: [] 23 | 24 | - name: Determine and set peer indexes 25 | set_fact: 26 | peer_indexes: "{{ (peer_indexes | default([])) + [item] }}" 27 | loop: "{{ range(0, peers, 1) | list }}" 28 | when: region_index == (item % (regions | length)) 29 | 30 | - name: Clear peer zones 31 | set_fact: 32 | peer_zones_in_region: [] 33 | 34 | - name: Determine and set peer zones 35 | set_fact: 36 | peer_zones_in_region: "{{ (peer_zones_in_region | default([])) + [zones[item % (zones | length)]] }}" 37 | loop: "{{ range(0, peers_in_region | int, 1) | list }}" 38 | when: zones is defined and zones 39 | 40 | - name: Create peers 41 | include_tasks: secondary-peer.yml 42 | loop: "{{ range(0, peers_in_region | int, 1) | list }}" 43 | loop_control: 44 | index_var: peer_index 45 | -------------------------------------------------------------------------------- /tutorial/10-join-peer-to-channel.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Join the channel 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Fetch the genesis block for the channel 12 | ibm.blockchain_platform.channel_block: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | operation: fetch 19 | ordering_service: "{{ ordering_service_name }}" 20 | identity: "{{ org1_name }} Admin.json" 21 | msp_id: "{{ org1_msp_id }}" 22 | name: "{{ channel_name }}" 23 | target: "0" 24 | path: channel_genesis_block.bin 25 | 26 | - name: Join the peer to the channel 27 | ibm.blockchain_platform.peer_channel: 28 | api_endpoint: "{{ api_endpoint }}" 29 | api_authtype: "{{ api_authtype }}" 30 | api_key: "{{ api_key }}" 31 | api_secret: "{{ api_secret | default(omit) }}" 32 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 33 | operation: join 34 | peer: "{{ org1_peer_name }}" 35 | identity: "{{ org1_name }} Admin.json" 36 | msp_id: "{{ org1_msp_id }}" 37 | path: channel_genesis_block.bin 38 | -------------------------------------------------------------------------------- /tutorial/17-join-peer-to-channel.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Join the channel 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Fetch the genesis block for the channel 12 | ibm.blockchain_platform.channel_block: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | operation: fetch 19 | ordering_service: "{{ ordering_service_name }}" 20 | identity: "{{ org2_name }} Admin.json" 21 | msp_id: "{{ org2_msp_id }}" 22 | name: "{{ channel_name }}" 23 | target: "0" 24 | path: channel_genesis_block.bin 25 | 26 | - name: Join the peer to the channel 27 | ibm.blockchain_platform.peer_channel: 28 | api_endpoint: "{{ api_endpoint }}" 29 | api_authtype: "{{ api_authtype }}" 30 | api_key: "{{ api_key }}" 31 | api_secret: "{{ api_secret | default(omit) }}" 32 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 33 | operation: join 34 | peer: "{{ org2_peer_name }}" 35 | identity: "{{ org2_name }} Admin.json" 36 | msp_id: "{{ org2_msp_id }}" 37 | path: channel_genesis_block.bin 38 | -------------------------------------------------------------------------------- /tutorial/v1.x/09-join-peer-to-channel.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Join the channel 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Fetch the genesis block for the channel 12 | ibm.blockchain_platform.channel_block: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | operation: fetch 19 | ordering_service: "{{ ordering_service_name }}" 20 | identity: "{{ org1_name }} Admin.json" 21 | msp_id: "{{ org1_msp_id }}" 22 | name: "{{ channel_name }}" 23 | target: "0" 24 | path: channel_genesis_block.bin 25 | 26 | - name: Join the peer to the channel 27 | ibm.blockchain_platform.peer_channel: 28 | api_endpoint: "{{ api_endpoint }}" 29 | api_authtype: "{{ api_authtype }}" 30 | api_key: "{{ api_key }}" 31 | api_secret: "{{ api_secret | default(omit) }}" 32 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 33 | operation: join 34 | peer: "{{ org1_peer_name }}" 35 | identity: "{{ org1_name }} Admin.json" 36 | msp_id: "{{ org1_msp_id }}" 37 | path: channel_genesis_block.bin 38 | -------------------------------------------------------------------------------- /tutorial/v1.x/16-join-peer-to-channel.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Join the channel 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Fetch the genesis block for the channel 12 | ibm.blockchain_platform.channel_block: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | operation: fetch 19 | ordering_service: "{{ ordering_service_name }}" 20 | identity: "{{ org2_name }} Admin.json" 21 | msp_id: "{{ org2_msp_id }}" 22 | name: "{{ channel_name }}" 23 | target: "0" 24 | path: channel_genesis_block.bin 25 | 26 | - name: Join the peer to the channel 27 | ibm.blockchain_platform.peer_channel: 28 | api_endpoint: "{{ api_endpoint }}" 29 | api_authtype: "{{ api_authtype }}" 30 | api_key: "{{ api_key }}" 31 | api_secret: "{{ api_secret | default(omit) }}" 32 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 33 | operation: join 34 | peer: "{{ org2_peer_name }}" 35 | identity: "{{ org2_name }} Admin.json" 36 | msp_id: "{{ org2_msp_id }}" 37 | path: channel_genesis_block.bin 38 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/delete/primary-osn.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete ordering service node 6 | ibm.blockchain_platform.ordering_service_node: 7 | state: "{{ state }}" 8 | api_endpoint: "{{ region.api_endpoint }}" 9 | api_authtype: "{{ region.api_authtype }}" 10 | api_key: "{{ region.api_key }}" 11 | api_secret: "{{ region.api_secret | default(omit) }}" 12 | api_token_endpoint: "{{ region.api_token_endpoint | default(omit) }}" 13 | api_timeout: "{{ region.api_timeout | default(omit) }}" 14 | name: "{{ ordering_service_name }}_{{ node_index + 1 }}" 15 | 16 | - name: Remove ordering service node from all other regions 17 | ibm.blockchain_platform.external_ordering_service_node: 18 | state: "{{ state }}" 19 | api_endpoint: "{{ other_region.api_endpoint }}" 20 | api_authtype: "{{ other_region.api_authtype }}" 21 | api_key: "{{ other_region.api_key }}" 22 | api_secret: "{{ other_region.api_secret | default(omit) }}" 23 | api_token_endpoint: "{{ other_region.api_token_endpoint | default(omit) }}" 24 | api_timeout: "{{ other_region.api_timeout | default(omit) }}" 25 | name: "{{ ordering_service_name }}_{{ node_index + 1 }}" 26 | when: region_index != other_region_index 27 | loop: "{{ regions }}" 28 | loop_control: 29 | index_var: other_region_index 30 | label: "{{ other_region.api_endpoint }}" 31 | loop_var: other_region 32 | -------------------------------------------------------------------------------- /tests/integration/targets/it_certificate_authority/tasks/assertions.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Assertions 6 | assert: 7 | that: 8 | - result is success 9 | - "result is {{ 'changed' if expected_change else 'not changed' }}" 10 | - result.certificate_authority.name == ca_name 11 | 12 | - name: Get CA info from CA 13 | uri: 14 | url: "{{ result.certificate_authority.api_url }}/cainfo" 15 | validate_certs: no 16 | until: result.status == 200 17 | retries: 60 18 | delay: 1 19 | register: result 20 | 21 | - name: Assertions 22 | assert: 23 | that: 24 | - result.json.result.CAChain is defined 25 | 26 | - name: Get CA info from Kubernetes 27 | k8s_info: 28 | api_version: ibp.com/v1alpha2 29 | kind: IBPCA 30 | namespace: "{{ k8s_namespace }}" 31 | name: "{{ k8s_name }}" 32 | register: result 33 | 34 | - name: Assertions 35 | assert: 36 | that: 37 | - result is success 38 | - result.resources 39 | - result.resources[0].spec.configoverride.ca.registry.identities[0].name == expected_enrollment_id 40 | - result.resources[0].spec.configoverride.ca.registry.identities[0].pass == expected_enrollment_secret 41 | - result.resources[0].spec.resources.ca.requests.cpu == expected_cpu 42 | - result.resources[0].spec.resources.ca.requests.memory == expected_memory 43 | - result.resources[0].spec.storage.ca.size == expected_storage_size 44 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | target: openshift 7 | # arch: amd64 | s390x 8 | # project: my-project 9 | namespace: "" 10 | 11 | image_pull_secret: docker-key-secret 12 | image_registry: cp.icr.io 13 | image_registry_username: cp 14 | # image_registry_email: user@example.org 15 | # image_registry_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 16 | image_repository: cp 17 | image_registry_url: "{{ image_registry }}/{{ image_repository }}" 18 | 19 | cluster_role: "{{ project | default(namespace) | default('') }}" 20 | cluster_role_binding: "{{ project | default(namespace) | default('') }}" 21 | pod_security_policy: "{{ project | default(namespace) | default('') }}" 22 | role_binding: "{{ project | default(namespace) | default('') }}" 23 | security_context_constraints: "{{ project | default(namespace) | default('') }}" 24 | service_account: default 25 | operator: ibm-hlfsupport-operator 26 | console: hlf 27 | 28 | # console_domain: example.org 29 | # console_email: user@example.org 30 | # console_default_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 31 | console_storage_class: default 32 | console_storage_size: 10Gi 33 | 34 | wait_timeout: 60 35 | product_version: 1.0.0 36 | operator_version: "20220308" 37 | operator_image: "{{ image_registry_url }}/ibm-hlfsupport-operator" 38 | operator_tag: "{{ product_version }}-{{ operator_version }}-{{ arch }}" 39 | # console_tls_secret: ibp-tls-secret 40 | # zones: [] 41 | -------------------------------------------------------------------------------- /roles/mrha_ordering_organization/tasks/delete/secondary-osn.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete ordering service node 6 | ibm.blockchain_platform.ordering_service_node: 7 | state: "{{ state }}" 8 | api_endpoint: "{{ region.api_endpoint }}" 9 | api_authtype: "{{ region.api_authtype }}" 10 | api_key: "{{ region.api_key }}" 11 | api_secret: "{{ region.api_secret | default(omit) }}" 12 | api_token_endpoint: "{{ region.api_token_endpoint | default(omit) }}" 13 | api_timeout: "{{ region.api_timeout | default(omit) }}" 14 | name: "{{ ordering_service_name }}_r{{ region_index }}n{{ node_index }}" 15 | 16 | - name: Remove ordering service node from all other regions 17 | ibm.blockchain_platform.external_ordering_service_node: 18 | state: "{{ state }}" 19 | api_endpoint: "{{ other_region.api_endpoint }}" 20 | api_authtype: "{{ other_region.api_authtype }}" 21 | api_key: "{{ other_region.api_key }}" 22 | api_secret: "{{ other_region.api_secret | default(omit) }}" 23 | api_token_endpoint: "{{ other_region.api_token_endpoint | default(omit) }}" 24 | api_timeout: "{{ other_region.api_timeout | default(omit) }}" 25 | name: "{{ ordering_service_name }}_r{{ region_index }}n{{ node_index }}" 26 | when: region_index != other_region_index 27 | loop: "{{ regions }}" 28 | loop_control: 29 | index_var: other_region_index 30 | label: "{{ other_region.api_endpoint }}" 31 | loop_var: other_region 32 | -------------------------------------------------------------------------------- /roles/console/defaults/main.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | state: present 6 | # target: k8s | openshift 7 | # arch: amd64 | s390x 8 | # project: my-project 9 | namespace: "" # defined by jinja2 otherwise 10 | 11 | image_pull_secret: docker-key-secret 12 | image_registry: cp.icr.io 13 | image_registry_username: cp 14 | # image_registry_email: user@example.org 15 | # image_registry_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 16 | image_repository: cp 17 | image_registry_url: "{{ image_registry }}/{{ image_repository }}" 18 | 19 | cluster_role: "{{ project | default(namespace) | default('') }}" 20 | cluster_role_binding: "{{ project | default(namespace) | default('') }}" 21 | pod_security_policy: "{{ project | default(namespace) | default('') }}" 22 | role_binding: "{{ project | default(namespace) | default('') }}" 23 | security_context_constraints: "{{ project | default(namespace) | default('') }}" 24 | service_account: default 25 | operator: ibp-operator 26 | console: ibp-console 27 | 28 | # console_domain: example.org 29 | # console_email: user@example.org 30 | # console_default_password: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 31 | console_storage_class: default 32 | console_storage_size: 10Gi 33 | 34 | wait_timeout: 60 35 | 36 | product_version: "2.5.3" 37 | operator_version: "20220503" 38 | operator_image: "{{ image_registry_url }}/ibp-operator" 39 | operator_tag: "{{ product_version }}-{{ operator_version }}-{{ arch }}" 40 | # console_tls_secret: ibp-tls-secret 41 | # zones: [] 42 | -------------------------------------------------------------------------------- /examples/opensource-stack/90-KIND-ingress.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Setup ingress for KIND for use with Fabric Operator/Console 3 | hosts: localhost 4 | tasks: 5 | - name: Create kubernetes resources for the ingress 6 | k8s: 7 | definition: "{{ lookup('kubernetes.core.kustomize', dir='templates/ingress') }}" 8 | register: resultingress 9 | 10 | - name: Wait for the ingress 11 | command: kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m 12 | changed_when: false 13 | 14 | # Override the cluster DNS with a local override to refer pods to the HOST interface 15 | # when connecting to ingress. 16 | - name: Need the cluster ip address 17 | k8s_info: 18 | api_version: v1 19 | kind: service 20 | namespace: ingress-nginx 21 | name: "ingress-nginx-controller" 22 | register: ingress_info 23 | 24 | - name: Applying CoreDNS overrides for ingress domain 25 | vars: 26 | clusterip: "{{ ingress_info.resources[0].spec.clusterIP }}" 27 | k8s: 28 | state: present 29 | namespace: kube-system 30 | resource_definition: "{{ lookup('template','templates/coredns/coredns.yaml.j2') }}" 31 | apply: yes 32 | 33 | - name: Rollout the CoreDNS 34 | shell: | 35 | kubectl -n kube-system rollout restart deployment/coredns 36 | kubectl wait --namespace ingress-nginx --for=condition=ready pod --selector=app.kubernetes.io/component=controller --timeout=2m 37 | changed_when: false 38 | -------------------------------------------------------------------------------- /examples/opensource-stack/templates/ingress/ingress-nginx-controller.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | namespace: ingress-nginx 23 | name: ingress-nginx-controller 24 | spec: 25 | template: 26 | spec: 27 | containers: 28 | - name: controller 29 | args: 30 | - /nginx-ingress-controller 31 | - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller 32 | - --election-id=ingress-controller-leader 33 | - --controller-class=k8s.io/ingress-nginx 34 | - --ingress-class=nginx 35 | - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller 36 | - --validating-webhook=:8443 37 | - --validating-webhook-certificate=/usr/local/certificates/cert 38 | - --validating-webhook-key=/usr/local/certificates/key 39 | - --enable-ssl-passthrough 40 | -------------------------------------------------------------------------------- /tutorial/97-delete-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ org1_name }}" 10 | ca_name: "{{ org1_ca_name }}" 11 | peer_name: "{{ org1_peer_name }}" 12 | vars_files: 13 | - common-vars.yml 14 | - org1-vars.yml 15 | roles: 16 | - ibm.blockchain_platform.endorsing_organization 17 | 18 | - name: Remove imported components 19 | hosts: localhost 20 | vars_files: 21 | - common-vars.yml 22 | - org1-vars.yml 23 | tasks: 24 | - name: Remove imported ordering service 25 | ibm.blockchain_platform.external_ordering_service: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | state: absent 32 | name: "{{ ordering_service_name }}" 33 | when: import_export_used | default(false) 34 | 35 | - name: Remove imported organization 36 | ibm.blockchain_platform.external_organization: 37 | api_endpoint: "{{ api_endpoint }}" 38 | api_authtype: "{{ api_authtype }}" 39 | api_key: "{{ api_key }}" 40 | api_secret: "{{ api_secret | default(omit) }}" 41 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 42 | state: absent 43 | name: "{{ org2_name }}" 44 | when: import_export_used | default(false) 45 | -------------------------------------------------------------------------------- /roles/fabric_operator_crds/templates/k8s/ingress/ingress-nginx-controller.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright contributors to the Hyperledger Fabric Operator project 3 | # 4 | # SPDX-License-Identifier: Apache-2.0 5 | # 6 | # Licensed under the Apache License, Version 2.0 (the "License"); 7 | # you may not use this file except in compliance with the License. 8 | # You may obtain a copy of the License at: 9 | # 10 | # http://www.apache.org/licenses/LICENSE-2.0 11 | # 12 | # Unless required by applicable law or agreed to in writing, software 13 | # distributed under the License is distributed on an "AS IS" BASIS, 14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | # See the License for the specific language governing permissions and 16 | # limitations under the License. 17 | # 18 | --- 19 | apiVersion: apps/v1 20 | kind: Deployment 21 | metadata: 22 | namespace: ingress-nginx 23 | name: ingress-nginx-controller 24 | spec: 25 | template: 26 | spec: 27 | containers: 28 | - name: controller 29 | args: 30 | - /nginx-ingress-controller 31 | - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller 32 | - --election-id=ingress-controller-leader 33 | - --controller-class=k8s.io/ingress-nginx 34 | - --ingress-class=nginx 35 | - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller 36 | - --validating-webhook=:8443 37 | - --validating-webhook-certificate=/usr/local/certificates/cert 38 | - --validating-webhook-key=/usr/local/certificates/key 39 | - --enable-ssl-passthrough 40 | -------------------------------------------------------------------------------- /tutorial/v1.x/97-delete-endorsing-organization-components.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Delete components for an endorsing organization 6 | hosts: localhost 7 | vars: 8 | state: absent 9 | organization_name: "{{ org1_name }}" 10 | ca_name: "{{ org1_ca_name }}" 11 | peer_name: "{{ org1_peer_name }}" 12 | vars_files: 13 | - common-vars.yml 14 | - org1-vars.yml 15 | roles: 16 | - ibm.blockchain_platform.endorsing_organization 17 | 18 | - name: Remove imported components 19 | hosts: localhost 20 | vars_files: 21 | - common-vars.yml 22 | - org1-vars.yml 23 | tasks: 24 | - name: Remove imported ordering service 25 | ibm.blockchain_platform.external_ordering_service: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | state: absent 32 | name: "{{ ordering_service_name }}" 33 | when: import_export_used | default(false) 34 | 35 | - name: Remove imported organization 36 | ibm.blockchain_platform.external_organization: 37 | api_endpoint: "{{ api_endpoint }}" 38 | api_authtype: "{{ api_authtype }}" 39 | api_key: "{{ api_key }}" 40 | api_secret: "{{ api_secret | default(omit) }}" 41 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 42 | state: absent 43 | name: "{{ org2_name }}" 44 | when: import_export_used | default(false) 45 | -------------------------------------------------------------------------------- /tutorial/22-register-application.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Register application 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Register a new identity 12 | ibm.blockchain_platform.registered_identity: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | certificate_authority: "{{ org1_ca_name }}" 19 | registrar: "{{ org1_ca_name }} Admin.json" 20 | enrollment_id: "{{ application_enrollment_id }}" 21 | enrollment_secret: "{{ application_enrollment_secret }}" 22 | max_enrollments: "{{ application_max_enrollments }}" 23 | type: "{{ application_enrollment_type }}" 24 | attributes: 25 | - name: "{{ smart_contract_name }}.admin" 26 | value: "true" 27 | 28 | - name: Create a connection profile 29 | ibm.blockchain_platform.connection_profile: 30 | api_endpoint: "{{ api_endpoint }}" 31 | api_authtype: "{{ api_authtype }}" 32 | api_key: "{{ api_key }}" 33 | api_secret: "{{ api_secret | default(omit) }}" 34 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 35 | name: "{{ org1_name }} Gateway" 36 | path: "{{ org1_name }} Gateway.json" 37 | organization: "{{ org1_name }}" 38 | certificate_authority: "{{ org1_ca_name }}" 39 | peers: 40 | - "{{ org1_peer_name }}" 41 | -------------------------------------------------------------------------------- /tutorial/23-register-application.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Register application 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Register a new identity 12 | ibm.blockchain_platform.registered_identity: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | certificate_authority: "{{ org2_ca_name }}" 19 | registrar: "{{ org2_ca_name }} Admin.json" 20 | enrollment_id: "{{ application_enrollment_id }}" 21 | enrollment_secret: "{{ application_enrollment_secret }}" 22 | max_enrollments: "{{ application_max_enrollments }}" 23 | type: "{{ application_enrollment_type }}" 24 | attributes: 25 | - name: "{{ smart_contract_name }}.admin" 26 | value: "true" 27 | 28 | - name: Create a connection profile 29 | ibm.blockchain_platform.connection_profile: 30 | api_endpoint: "{{ api_endpoint }}" 31 | api_authtype: "{{ api_authtype }}" 32 | api_key: "{{ api_key }}" 33 | api_secret: "{{ api_secret | default(omit) }}" 34 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 35 | name: "{{ org2_name }} Gateway" 36 | path: "{{ org2_name }} Gateway.json" 37 | organization: "{{ org2_name }}" 38 | certificate_authority: "{{ org2_ca_name }}" 39 | peers: 40 | - "{{ org2_peer_name }}" 41 | -------------------------------------------------------------------------------- /tutorial/v1.x/21-register-application.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Register application 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Register a new identity 12 | ibm.blockchain_platform.registered_identity: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | certificate_authority: "{{ org1_ca_name }}" 19 | registrar: "{{ org1_ca_name }} Admin.json" 20 | enrollment_id: "{{ application_enrollment_id }}" 21 | enrollment_secret: "{{ application_enrollment_secret }}" 22 | max_enrollments: "{{ application_max_enrollments }}" 23 | type: "{{ application_enrollment_type }}" 24 | attributes: 25 | - name: "{{ smart_contract_name }}.admin" 26 | value: "true" 27 | 28 | - name: Create a connection profile 29 | ibm.blockchain_platform.connection_profile: 30 | api_endpoint: "{{ api_endpoint }}" 31 | api_authtype: "{{ api_authtype }}" 32 | api_key: "{{ api_key }}" 33 | api_secret: "{{ api_secret | default(omit) }}" 34 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 35 | name: "{{ org1_name }} Gateway" 36 | path: "{{ org1_name }} Gateway.json" 37 | organization: "{{ org1_name }}" 38 | certificate_authority: "{{ org1_ca_name }}" 39 | peers: 40 | - "{{ org1_peer_name }}" 41 | -------------------------------------------------------------------------------- /tutorial/v1.x/22-register-application.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Register application 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Register a new identity 12 | ibm.blockchain_platform.registered_identity: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | certificate_authority: "{{ org2_ca_name }}" 19 | registrar: "{{ org2_ca_name }} Admin.json" 20 | enrollment_id: "{{ application_enrollment_id }}" 21 | enrollment_secret: "{{ application_enrollment_secret }}" 22 | max_enrollments: "{{ application_max_enrollments }}" 23 | type: "{{ application_enrollment_type }}" 24 | attributes: 25 | - name: "{{ smart_contract_name }}.admin" 26 | value: "true" 27 | 28 | - name: Create a connection profile 29 | ibm.blockchain_platform.connection_profile: 30 | api_endpoint: "{{ api_endpoint }}" 31 | api_authtype: "{{ api_authtype }}" 32 | api_key: "{{ api_key }}" 33 | api_secret: "{{ api_secret | default(omit) }}" 34 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 35 | name: "{{ org2_name }} Gateway" 36 | path: "{{ org2_name }} Gateway.json" 37 | organization: "{{ org2_name }}" 38 | certificate_authority: "{{ org2_ca_name }}" 39 | peers: 40 | - "{{ org2_peer_name }}" 41 | -------------------------------------------------------------------------------- /docs/source/index.rst: -------------------------------------------------------------------------------- 1 | .. 2 | .. SPDX-License-Identifier: Apache-2.0 3 | .. 4 | 5 | IBM Blockchain collection for Ansible 6 | ============================================== 7 | 8 | This Ansible collection, enables you to automate the building of Hyperledger Fabric networks. 9 | 10 | It supports creating these networks within 11 | - the IBM Hyperledger Fabric Support Offering 12 | - Fabric Open Source Stack (Hyperledger Labs `Fabric Operations `_ and `Fabric Operations Console `_) 13 | 14 | Roles are provided to install the operations console and operator; additional roles and modules can then create the Fabric Network. 15 | 16 | License 17 | ======= 18 | 19 | Apache-2.0 20 | 21 | Author Information 22 | ================== 23 | 24 | This Ansible collection is maintained by the IBM Blockchain development team. 25 | 26 | .. 27 | .. Fabric Operator: 28 | 29 | .. toctree:: 30 | :maxdepth: 2 31 | :caption: Getting Started 32 | :hidden: 33 | 34 | installation 35 | migrating-v12-v2.rst 36 | 37 | .. toctree:: 38 | :maxdepth: 2 39 | :caption: Tutorials 40 | :hidden: 41 | 42 | tutorials/oss-installing 43 | tutorials/hlfsupport-installing 44 | tutorials/installing 45 | tutorials/building 46 | tutorials/joining 47 | tutorials/deploying 48 | 49 | .. toctree:: 50 | :maxdepth: 2 51 | :caption: Tasks 52 | :hidden: 53 | :glob: 54 | 55 | tasks/* 56 | 57 | .. toctree:: 58 | :maxdepth: 3 59 | :caption: Reference 60 | :hidden: 61 | 62 | modules 63 | roles 64 | 65 | .. toctree:: 66 | :maxdepth: 2 67 | :caption: Support 68 | :hidden: 69 | 70 | support 71 | 72 | -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/peer-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibppeers.ibp.com 9 | labels: 10 | app.kubernetes.io/name: "ibm-hlfsupport" 11 | app.kubernetes.io/instance: "ibm-hlfsupport" 12 | app.kubernetes.io/managed-by: "ibm-hlfsupport" 13 | spec: 14 | conversion: 15 | strategy: Webhook 16 | webhook: 17 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 18 | clientConfig: 19 | service: 20 | namespace: "{{ project | default(namespace) }}" 21 | name: ibm-hlfsupport-webhook 22 | path: /crdconvert 23 | caBundle: "{{ webhook_tls_cert }}" 24 | group: ibp.com 25 | names: 26 | kind: IBPPeer 27 | listKind: IBPPeerList 28 | plural: ibppeers 29 | singular: ibppeer 30 | scope: Namespaced 31 | versions: 32 | - name: v1beta1 33 | schema: 34 | openAPIV3Schema: 35 | x-kubernetes-preserve-unknown-fields: true 36 | served: true 37 | storage: true 38 | subresources: 39 | status: {} 40 | - name: v1alpha2 41 | schema: 42 | openAPIV3Schema: 43 | x-kubernetes-preserve-unknown-fields: true 44 | served: true 45 | storage: false 46 | subresources: 47 | status: {} 48 | - name: v1alpha1 49 | schema: 50 | openAPIV3Schema: 51 | x-kubernetes-preserve-unknown-fields: true 52 | served: true 53 | storage: false 54 | subresources: 55 | status: {} 56 | status: 57 | acceptedNames: 58 | kind: IBPPeer 59 | listKind: IBPPeerList 60 | plural: ibppeers 61 | singular: ibppeer 62 | conditions: [] 63 | storedVersions: 64 | - v1beta1 -------------------------------------------------------------------------------- /tutorial/19-install-and-approve-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Install and approve chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org1-vars.yml 10 | tasks: 11 | - name: Install the chaincode on the peer 12 | ibm.blockchain_platform.installed_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org1_peer_name }}" 19 | identity: "{{ org1_name }} Admin.json" 20 | msp_id: "{{ org1_msp_id }}" 21 | path: "{{ smart_contract_package }}" 22 | register: result 23 | 24 | - name: Approve the chaincode on the channel 25 | ibm.blockchain_platform.approved_chaincode: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | peer: "{{ org1_peer_name }}" 32 | identity: "{{ org1_name }} Admin.json" 33 | msp_id: "{{ org1_msp_id }}" 34 | channel: "{{ channel_name }}" 35 | name: "{{ smart_contract_name }}" 36 | version: "{{ smart_contract_version }}" 37 | package_id: "{{ result.installed_chaincode.package_id }}" 38 | sequence: "{{ smart_contract_sequence }}" 39 | endorsement_policy: "{{ smart_contract_endorsement_policy | default(omit) }}" 40 | collections_config: "{{ smart_contract_collections_file | default(omit) }}" 41 | -------------------------------------------------------------------------------- /tutorial/20-install-and-approve-chaincode.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | - name: Install and approve chaincode 6 | hosts: localhost 7 | vars_files: 8 | - common-vars.yml 9 | - org2-vars.yml 10 | tasks: 11 | - name: Install the chaincode on the peer 12 | ibm.blockchain_platform.installed_chaincode: 13 | api_endpoint: "{{ api_endpoint }}" 14 | api_authtype: "{{ api_authtype }}" 15 | api_key: "{{ api_key }}" 16 | api_secret: "{{ api_secret | default(omit) }}" 17 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 18 | peer: "{{ org2_peer_name }}" 19 | identity: "{{ org2_name }} Admin.json" 20 | msp_id: "{{ org2_msp_id }}" 21 | path: "{{ smart_contract_package }}" 22 | register: result 23 | 24 | - name: Approve the chaincode on the channel 25 | ibm.blockchain_platform.approved_chaincode: 26 | api_endpoint: "{{ api_endpoint }}" 27 | api_authtype: "{{ api_authtype }}" 28 | api_key: "{{ api_key }}" 29 | api_secret: "{{ api_secret | default(omit) }}" 30 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 31 | peer: "{{ org2_peer_name }}" 32 | identity: "{{ org2_name }} Admin.json" 33 | msp_id: "{{ org2_msp_id }}" 34 | channel: "{{ channel_name }}" 35 | name: "{{ smart_contract_name }}" 36 | version: "{{ smart_contract_version }}" 37 | package_id: "{{ result.installed_chaincode.package_id }}" 38 | sequence: "{{ smart_contract_sequence }}" 39 | endorsement_policy: "{{ smart_contract_endorsement_policy | default(omit) }}" 40 | collections_config: "{{ smart_contract_collections_file | default(omit) }}" 41 | -------------------------------------------------------------------------------- /roles/hlfsupport_console/templates/k8s/console.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | 6 | apiVersion: ibp.com/v1beta1 7 | kind: IBPConsole 8 | metadata: 9 | name: "{{ console }}" 10 | spec: 11 | arch: 12 | - "{{ arch }}" 13 | license: 14 | accept: true 15 | serviceAccountName: "{{ service_account }}" 16 | email: "{{ console_email }}" 17 | password: "{{ console_default_password }}" 18 | registryURL: "{{ image_registry_url }}" 19 | imagePullSecrets: 20 | - "{{ image_pull_secret }}" 21 | usetags: true 22 | images: 23 | deployerImage: "{{deployer_image}}" 24 | deployerTag: "{{deployer_image_label}}" 25 | consoleInitImage: "{{init_image}}" 26 | consoleInitTag: "{{init_image_label}}" 27 | consoleImage: "{{console_image}}" 28 | consoleTag: "{{console_image_label}}" 29 | configtxlatorImage: "{{tools_image}}" 30 | configtxlatorTag: "{{tools_image_label}}" 31 | couchdbImage: "{{couchdb_image}}" 32 | couchdbTag: "{{couchdb_image_label}}" 33 | networkinfo: 34 | domain: "{{ console_domain }}" 35 | storage: 36 | console: 37 | class: "{{ console_storage_class }}" 38 | size: "{{ console_storage_size }}" 39 | {%+ if console_tls_secret is defined %} 40 | tlsSecretName: "{{ console_tls_secret }}" 41 | {% endif %} 42 | {%+ if zones is defined %} 43 | clusterdata: 44 | zones: 45 | {%+ for zone in zones %} 46 | - "{{ zone }}" 47 | {% endfor %} 48 | {% endif %} 49 | {%+ if console_images is defined %} 50 | images: 51 | {{ console_images | to_nice_yaml(indent=2, width=1024) | indent(4, false) }} 52 | {% endif %} 53 | {%+ if console_versions is defined %} 54 | versions: 55 | {{ console_versions | to_nice_yaml(indent=2, width=1024) | indent(4, false) }} 56 | {% endif %} 57 | -------------------------------------------------------------------------------- /roles/crds/templates/peer-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibppeers.ibp.com 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-ibp" 12 | app.kubernetes.io/name: "ibp" 13 | app.kubernetes.io/instance: "ibppeer" 14 | app.kubernetes.io/managed-by: "ibp-operator" 15 | spec: 16 | conversion: 17 | strategy: Webhook 18 | webhook: 19 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 20 | clientConfig: 21 | service: 22 | namespace: "{{ project | default(namespace) }}" 23 | name: ibp-webhook 24 | path: /crdconvert 25 | caBundle: "{{ webhook_tls_cert }}" 26 | group: ibp.com 27 | names: 28 | kind: IBPPeer 29 | listKind: IBPPeerList 30 | plural: ibppeers 31 | singular: ibppeer 32 | scope: Namespaced 33 | versions: 34 | - name: v1beta1 35 | schema: 36 | openAPIV3Schema: 37 | x-kubernetes-preserve-unknown-fields: true 38 | served: true 39 | storage: true 40 | subresources: 41 | status: {} 42 | - name: v1alpha2 43 | schema: 44 | openAPIV3Schema: 45 | x-kubernetes-preserve-unknown-fields: true 46 | served: true 47 | storage: false 48 | subresources: 49 | status: {} 50 | - name: v1alpha1 51 | schema: 52 | openAPIV3Schema: 53 | x-kubernetes-preserve-unknown-fields: true 54 | served: true 55 | storage: false 56 | subresources: 57 | status: {} 58 | status: 59 | acceptedNames: 60 | kind: IBPPeer 61 | listKind: IBPPeerList 62 | plural: ibppeers 63 | singular: ibppeer 64 | conditions: [] 65 | storedVersions: 66 | - v1beta1 -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/orderer-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibporderers.ibp.com 9 | labels: 10 | app.kubernetes.io/name: "ibm-hlfsupport" 11 | app.kubernetes.io/instance: "ibm-hlfsupport" 12 | app.kubernetes.io/managed-by: "ibm-hlfsupport" 13 | spec: 14 | conversion: 15 | strategy: Webhook 16 | webhook: 17 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 18 | clientConfig: 19 | service: 20 | namespace: "{{ project | default(namespace) }}" 21 | name: ibm-hlfsupport-webhook 22 | path: /crdconvert 23 | caBundle: "{{ webhook_tls_cert }}" 24 | group: ibp.com 25 | names: 26 | kind: IBPOrderer 27 | listKind: IBPOrdererList 28 | plural: ibporderers 29 | singular: ibporderer 30 | scope: Namespaced 31 | versions: 32 | - name: v1beta1 33 | schema: 34 | openAPIV3Schema: 35 | x-kubernetes-preserve-unknown-fields: true 36 | served: true 37 | storage: true 38 | subresources: 39 | status: {} 40 | - name: v1alpha2 41 | schema: 42 | openAPIV3Schema: 43 | x-kubernetes-preserve-unknown-fields: true 44 | served: true 45 | storage: false 46 | subresources: 47 | status: {} 48 | - name: v1alpha1 49 | schema: 50 | openAPIV3Schema: 51 | x-kubernetes-preserve-unknown-fields: true 52 | served: true 53 | storage: false 54 | subresources: 55 | status: {} 56 | status: 57 | acceptedNames: 58 | kind: IBPOrderer 59 | listKind: IBPOrdererList 60 | plural: ibporderers 61 | singular: ibporderer 62 | conditions: [] 63 | storedVersions: 64 | - v1beta1 -------------------------------------------------------------------------------- /roles/hlfsupport_crds/templates/console-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibpconsoles.ibp.com 9 | labels: 10 | app.kubernetes.io/name: "ibm-hlfsupport" 11 | app.kubernetes.io/instance: "ibm-hlfsupport" 12 | app.kubernetes.io/managed-by: "ibm-hlfsupport" 13 | spec: 14 | conversion: 15 | strategy: Webhook 16 | webhook: 17 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 18 | clientConfig: 19 | service: 20 | namespace: "{{ project | default(namespace) }}" 21 | name: ibm-hlfsupport-webhook 22 | path: /crdconvert 23 | caBundle: "{{ webhook_tls_cert }}" 24 | group: ibp.com 25 | names: 26 | kind: IBPConsole 27 | listKind: IBPConsoleList 28 | plural: ibpconsoles 29 | singular: ibpconsole 30 | scope: Namespaced 31 | versions: 32 | - name: v1beta1 33 | schema: 34 | openAPIV3Schema: 35 | x-kubernetes-preserve-unknown-fields: true 36 | served: true 37 | storage: true 38 | subresources: 39 | status: {} 40 | - name: v1alpha2 41 | schema: 42 | openAPIV3Schema: 43 | x-kubernetes-preserve-unknown-fields: true 44 | served: true 45 | storage: false 46 | subresources: 47 | status: {} 48 | - name: v1alpha1 49 | schema: 50 | openAPIV3Schema: 51 | x-kubernetes-preserve-unknown-fields: true 52 | served: true 53 | storage: false 54 | subresources: 55 | status: {} 56 | status: 57 | acceptedNames: 58 | kind: IBPConsole 59 | listKind: IBPConsoleList 60 | plural: ibpconsoles 61 | singular: ibpconsole 62 | conditions: [] 63 | storedVersions: 64 | - v1beta1 -------------------------------------------------------------------------------- /roles/crds/templates/console-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibpconsoles.ibp.com 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-ibp" 12 | app.kubernetes.io/name: "ibp" 13 | app.kubernetes.io/instance: "ibpconsole" 14 | app.kubernetes.io/managed-by: "ibp-operator" 15 | spec: 16 | conversion: 17 | strategy: Webhook 18 | webhook: 19 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 20 | clientConfig: 21 | service: 22 | namespace: "{{ project | default(namespace) }}" 23 | name: ibp-webhook 24 | path: /crdconvert 25 | caBundle: "{{ webhook_tls_cert }}" 26 | group: ibp.com 27 | names: 28 | kind: IBPConsole 29 | listKind: IBPConsoleList 30 | plural: ibpconsoles 31 | singular: ibpconsole 32 | scope: Namespaced 33 | versions: 34 | - name: v1beta1 35 | schema: 36 | openAPIV3Schema: 37 | x-kubernetes-preserve-unknown-fields: true 38 | served: true 39 | storage: true 40 | subresources: 41 | status: {} 42 | - name: v1alpha2 43 | schema: 44 | openAPIV3Schema: 45 | x-kubernetes-preserve-unknown-fields: true 46 | served: true 47 | storage: false 48 | subresources: 49 | status: {} 50 | - name: v1alpha1 51 | schema: 52 | openAPIV3Schema: 53 | x-kubernetes-preserve-unknown-fields: true 54 | served: true 55 | storage: false 56 | subresources: 57 | status: {} 58 | status: 59 | acceptedNames: 60 | kind: IBPConsole 61 | listKind: IBPConsoleList 62 | plural: ibpconsoles 63 | singular: ibpconsole 64 | conditions: [] 65 | storedVersions: 66 | - v1beta1 -------------------------------------------------------------------------------- /roles/crds/templates/orderer-crd.yml.j2: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | name: ibporderers.ibp.com 9 | labels: 10 | release: "operator" 11 | helm.sh/chart: "ibm-ibp" 12 | app.kubernetes.io/name: "ibp" 13 | app.kubernetes.io/instance: "ibporderer" 14 | app.kubernetes.io/managed-by: "ibp-operator" 15 | spec: 16 | conversion: 17 | strategy: Webhook 18 | webhook: 19 | conversionReviewVersions: ["v1beta1", "v1alpha2", "v1alpha1"] 20 | clientConfig: 21 | service: 22 | namespace: "{{ project | default(namespace) }}" 23 | name: ibp-webhook 24 | path: /crdconvert 25 | caBundle: "{{ webhook_tls_cert }}" 26 | group: ibp.com 27 | names: 28 | kind: IBPOrderer 29 | listKind: IBPOrdererList 30 | plural: ibporderers 31 | singular: ibporderer 32 | scope: Namespaced 33 | versions: 34 | - name: v1beta1 35 | schema: 36 | openAPIV3Schema: 37 | x-kubernetes-preserve-unknown-fields: true 38 | served: true 39 | storage: true 40 | subresources: 41 | status: {} 42 | - name: v1alpha2 43 | schema: 44 | openAPIV3Schema: 45 | x-kubernetes-preserve-unknown-fields: true 46 | served: true 47 | storage: false 48 | subresources: 49 | status: {} 50 | - name: v1alpha1 51 | schema: 52 | openAPIV3Schema: 53 | x-kubernetes-preserve-unknown-fields: true 54 | served: true 55 | storage: false 56 | subresources: 57 | status: {} 58 | status: 59 | acceptedNames: 60 | kind: IBPOrderer 61 | listKind: IBPOrdererList 62 | plural: ibporderers 63 | singular: ibporderer 64 | conditions: [] 65 | storedVersions: 66 | - v1beta1 --------------------------------------------------------------------------------