├── .gitignore ├── tekton ├── result-pvc.yaml ├── service-creds.json.example ├── ansible-vars │ ├── ordering-org-vars.yml │ ├── org1-vars.yml │ ├── org2-vars.yml │ └── common-vars.yml ├── ansible-templates │ ├── 09-admins-policy.json.j2 │ ├── 09-readers-policy.json.j2 │ ├── 09-writers-policy.json.j2 │ ├── 09-endorsement-policy.json.j2 │ ├── 09-lifecycle-endorsement-policy.json.j2 │ ├── 15-admins-policy.json.j2 │ ├── 15-readers-policy.json.j2 │ ├── 15-writers-policy.json.j2 │ ├── 15-endorsement-policy.json.j2 │ └── 15-lifecycle-endorsement-policy.json.j2 ├── debug.yaml ├── README.md ├── LICENSE ├── join-network-task.yaml └── build-network-task.yaml ├── README.md └── LICENSE /.gitignore: -------------------------------------------------------------------------------- 1 | service-creds.json -------------------------------------------------------------------------------- /tekton/result-pvc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: PersistentVolumeClaim 3 | metadata: 4 | name: ansible-results-pvc 5 | labels: 6 | app: ansible 7 | spec: 8 | accessModes: 9 | - ReadWriteOnce 10 | resources: 11 | requests: 12 | storage: 10M -------------------------------------------------------------------------------- /tekton/service-creds.json.example: -------------------------------------------------------------------------------- 1 | { 2 | "api_endpoint": "xxxxxxxxxxxxxxx", 3 | "apikey": "xxxxxxxxxxxxxxxxxxxxx", 4 | "iam_apikey_description": "Auto-generated for key ", 5 | "iam_apikey_name": "Service credentials-1", 6 | "iam_role_crn": "crn:v1:bluemix:public:iam::::serviceRole:Manager", 7 | "iam_serviceid_crn": "" 8 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # fabric-ci-pipelines-examples 2 | 3 | 4 | Examples of how to use different CI/CD pipelines and tools to automate the administration and operations of Hyperledger Fabric 5 | 6 | ## Tekton 7 | 8 | Shows the use of Tekton to: 9 | 10 | - Orchesterate Ansible roles and tasks to create a Fabric Network 11 | - Based on the [ansible-colleciton tutorial](https://ibm-blockchain.github.io/ansible-collection/tutorials/building.html) 12 | 13 | -------------------------------------------------------------------------------- /tekton/ansible-vars/ordering-org-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | # api_endpoint: https://ibp-console.example.org:32000 6 | # api_authtype: basic 7 | # api_key: xxxxxxxx 8 | # api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: orderingorgadmin 12 | organization_admin_enrollment_secret: orderingorgadminpw 13 | ordering_service_enrollment_id: orderingorgorderer 14 | ordering_service_enrollment_secret: orderingorgordererpw 15 | ordering_service_msp: OrdererMSP 16 | ordering_service_nodes: 1 17 | wait_timeout: 600 18 | -------------------------------------------------------------------------------- /tekton/ansible-templates/09-admins-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "ADMIN" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tekton/ansible-templates/09-readers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tekton/ansible-templates/09-writers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tekton/ansible-templates/09-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tekton/ansible-templates/09-lifecycle-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | } 11 | ] 12 | } 13 | }, 14 | "identities": [ 15 | { 16 | "principal_classification": "ROLE", 17 | "principal": { 18 | "msp_identifier": "{{ org1_msp_id }}", 19 | "role": "MEMBER" 20 | } 21 | } 22 | ] 23 | } 24 | } -------------------------------------------------------------------------------- /tekton/ansible-vars/org1-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | # api_endpoint: https://ibp-console.example.org:32000 6 | # api_authtype: basic 7 | # api_key: xxxxxxxx 8 | # api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: org1admin 12 | organization_admin_enrollment_secret: org1adminpw 13 | peer_enrollment_id: org1peer 14 | peer_enrollment_secret: org1peerpw 15 | application_enrollment_id: org1app 16 | application_enrollment_secret: org1apppw 17 | application_enrollment_type: client 18 | application_max_enrollments: 10 19 | org1_ca_name: "Org1 CA" 20 | org1_peer_name: "Org1 Peer" 21 | wait_timeout: 600 22 | -------------------------------------------------------------------------------- /tekton/ansible-vars/org2-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | # api_endpoint: https://ibp-console.example.org:32000 6 | # api_authtype: basic 7 | # api_key: xxxxxxxx 8 | # api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 9 | ca_admin_enrollment_id: admin 10 | ca_admin_enrollment_secret: adminpw 11 | organization_admin_enrollment_id: org2admin 12 | organization_admin_enrollment_secret: org2adminpw 13 | peer_enrollment_id: org2peer 14 | peer_enrollment_secret: org2peerpw 15 | application_enrollment_id: org2app 16 | application_enrollment_secret: org2apppw 17 | application_enrollment_type: client 18 | application_max_enrollments: 10 19 | org2_ca_name: "Org2 CA" 20 | org2_peer_name: "Org2 Peer" 21 | wait_timeout: 600 22 | -------------------------------------------------------------------------------- /tekton/ansible-vars/common-vars.yml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | --- 5 | # These vars are used in more than one file, 6 | # i.e. needed by multiple orgs so can't just live in a per org file 7 | ordering_org_name: "Ordering Org" 8 | ordering_service_name: "Ordering Service" 9 | org1_name: "Org1" 10 | org1_msp_id: Org1MSP 11 | org2_name: "Org2" 12 | org2_msp_id: Org2MSP 13 | channel_name: "mychannel" 14 | smart_contract_name: "fabcar" 15 | smart_contract_version: "1.0.0" 16 | smart_contract_sequence: 1 17 | smart_contract_package: "fabcar@1.0.0.tgz" 18 | # smart_contract_constructor: "initLedger" 19 | # smart_contract_endorsement_policy: "" 20 | # smart_contract_collections_file: "" 21 | ca_version: ">=1.4,<2.0" 22 | peer_version: ">=2.2,<3.0" 23 | ordering_service_version: ">=2.2,<3.0" 24 | -------------------------------------------------------------------------------- /tekton/debug.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: ubuntu 5 | labels: 6 | app: ubuntu 7 | spec: 8 | volumes: 9 | - name: ansible-config-vol 10 | configMap: 11 | name: org1-vars 12 | - name: ansible-config-vol 13 | configMap: 14 | name: org2-vars 15 | - name: ansible-ctx-vol 16 | persistentVolumeClaim: 17 | claimName: ansible-results-pvc 18 | containers: 19 | - image: ubuntu:configmap 20 | command: 21 | - "sleep" 22 | - "604800" 23 | imagePullPolicy: IfNotPresent 24 | name: ubuntu 25 | volumeMounts: 26 | - name: ansible-config-vol 27 | mountPath: /playbooks/env 28 | readOnly: true 29 | - name: ansible-ctx-vol 30 | mountPath: /playbooks/output 31 | restartPolicy: Never -------------------------------------------------------------------------------- /tekton/ansible-templates/15-admins-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "ADMIN" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "ADMIN" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tekton/ansible-templates/15-readers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tekton/ansible-templates/15-writers-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 1, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tekton/ansible-templates/15-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tekton/ansible-templates/15-lifecycle-endorsement-policy.json.j2: -------------------------------------------------------------------------------- 1 | { 2 | "type": 1, 3 | "value": { 4 | "rule": { 5 | "n_out_of": { 6 | "n": 2, 7 | "rules": [ 8 | { 9 | "signed_by": 0 10 | }, 11 | { 12 | "signed_by": 1 13 | } 14 | ] 15 | } 16 | }, 17 | "identities": [ 18 | { 19 | "principal_classification": "ROLE", 20 | "principal": { 21 | "msp_identifier": "{{ org1_msp_id }}", 22 | "role": "MEMBER" 23 | } 24 | }, 25 | { 26 | "principal_classification": "ROLE", 27 | "principal": { 28 | "msp_identifier": "{{ org2_msp_id }}", 29 | "role": "MEMBER" 30 | } 31 | } 32 | ] 33 | } 34 | } -------------------------------------------------------------------------------- /tekton/README.md: -------------------------------------------------------------------------------- 1 | # Using Tekton 2 | 3 | This sample shows how Tekton tasks and pipelines can be configured to use the Ansible Collection for IBP. The tutorial network from the Ansible collection is used. It comprisies two endorsing ogranizations (org1/org2), along with a ordering organization. It is created in a series of playbooks, orchestrated by shell scripts. 4 | 5 | - Create the Ordering Organzation 6 | - Create the (first) Endorsing organization 7 | - Create a channel 8 | - Join the peer to the channel, and add as an anchor peer 9 | 10 | - Create a (second) Endorsing ogranization 11 | - Add this to the channel 12 | 13 | - Deploy a chaincode 14 | 15 | ## Directory setup 16 | 17 | The files here are (almost) identical copies of the ones from the test network. 18 | 19 | - ansible-vars 20 | - ansible-templates 21 | 22 | The variations are entirely down to the location of the variable files, and the use of secrets not varaible files for the api endpoint and key. 23 | 24 | ## Pre-reqs 25 | 26 | Make sure you've access to a K8S cluster, and that Tekton is installed. Typically [installation of Tekton](https://tekton.dev/docs/getting-started/tasks/) is this command 27 | 28 | ```bash 29 | kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml 30 | ``` 31 | 32 | Also install the [Tekton CLI](https://tekton.dev/docs/cli/) 33 | 34 | 35 | You will need to have a created IBP Instance. This does not need to be in the same cluster as Tekton. A service credential needs to be created from the IBP Instance. Recommended to save this credential as a JSON file. 36 | 37 | ## Tekton Tasks and Pipelines 38 | 39 | 40 | ## Steps 41 | 42 | ### 1. Create K8S secrets 43 | 44 | ``` 45 | kubectl create secret generic ibp-creds --from-literal=api_endpoint=$(jq -r '.api_endpoint' service-creds.json) --from-literal=api_key=$(jq -r '.apikey' service-creds.json) 46 | ``` 47 | 48 | ### 2. Create a PVC for storing working files 49 | 50 | ``` 51 | kubectl apply -f result-pvc.yaml 52 | ``` 53 | 54 | ### 3. Create the organization variables 55 | 56 | There are three organizations, "Ordering" "Org1" "Org2". The tutorial splits these into separate files with a common file shared amongst all of them. These can be loaded into K8S as Config Maps 57 | 58 | ``` 59 | kubectl create configmap ordering-org-vars --from-file=ansible-vars/common-vars.yml --from-file=org-vars.yml=ansible-vars/ordering-org-vars.yml 60 | kubectl create configmap org1-vars --from-file=ansible-vars/common-vars.yml --from-file=org-vars.yml=ansible-vars/org1-vars.yml 61 | kubectl create configmap org2-vars --from-file=ansible-vars/common-vars.yml --from-file=org-vars.yml=ansible-vars/org2-vars.yml 62 | ``` 63 | 64 | ### 4. Templates 65 | There are some templats used for creating policies, create these as a config map as well 66 | 67 | ``` 68 | kubectl create configmap common --from-file=ansible-templates 69 | ``` 70 | 71 | ### 5. Build the nework. 72 | 73 | ``` 74 | kubectl apply -f build-network-task.yaml 75 | ``` 76 | 77 | Start the Tekton TaskRun 78 | - using the persistence volume claim for outputs 79 | - using the `ordering-org-vars` and `org1-vars` configuration configmaps 80 | - using the `api-endpoint` and `api-key` stored in the secrets 81 | 82 | 83 | ``` 84 | tkn task start --use-param-defaults --workspace name=ansiblectx,claimName=ansible-results-pvc --param endorse-org-vars=org1-vars --param ordering-org-vars=ordering-org-vars --showlog build-network-task 85 | ``` 86 | 87 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /tekton/LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Apache License 3 | Version 2.0, January 2004 4 | http://www.apache.org/licenses/ 5 | 6 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 7 | 8 | 1. Definitions. 9 | 10 | "License" shall mean the terms and conditions for use, reproduction, 11 | and distribution as defined by Sections 1 through 9 of this document. 12 | 13 | "Licensor" shall mean the copyright owner or entity authorized by 14 | the copyright owner that is granting the License. 15 | 16 | "Legal Entity" shall mean the union of the acting entity and all 17 | other entities that control, are controlled by, or are under common 18 | control with that entity. For the purposes of this definition, 19 | "control" means (i) the power, direct or indirect, to cause the 20 | direction or management of such entity, whether by contract or 21 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 22 | outstanding shares, or (iii) beneficial ownership of such entity. 23 | 24 | "You" (or "Your") shall mean an individual or Legal Entity 25 | exercising permissions granted by this License. 26 | 27 | "Source" form shall mean the preferred form for making modifications, 28 | including but not limited to software source code, documentation 29 | source, and configuration files. 30 | 31 | "Object" form shall mean any form resulting from mechanical 32 | transformation or translation of a Source form, including but 33 | not limited to compiled object code, generated documentation, 34 | and conversions to other media types. 35 | 36 | "Work" shall mean the work of authorship, whether in Source or 37 | Object form, made available under the License, as indicated by a 38 | copyright notice that is included in or attached to the work 39 | (an example is provided in the Appendix below). 40 | 41 | "Derivative Works" shall mean any work, whether in Source or Object 42 | form, that is based on (or derived from) the Work and for which the 43 | editorial revisions, annotations, elaborations, or other modifications 44 | represent, as a whole, an original work of authorship. For the purposes 45 | of this License, Derivative Works shall not include works that remain 46 | separable from, or merely link (or bind by name) to the interfaces of, 47 | the Work and Derivative Works thereof. 48 | 49 | "Contribution" shall mean any work of authorship, including 50 | the original version of the Work and any modifications or additions 51 | to that Work or Derivative Works thereof, that is intentionally 52 | submitted to Licensor for inclusion in the Work by the copyright owner 53 | or by an individual or Legal Entity authorized to submit on behalf of 54 | the copyright owner. For the purposes of this definition, "submitted" 55 | means any form of electronic, verbal, or written communication sent 56 | to the Licensor or its representatives, including but not limited to 57 | communication on electronic mailing lists, source code control systems, 58 | and issue tracking systems that are managed by, or on behalf of, the 59 | Licensor for the purpose of discussing and improving the Work, but 60 | excluding communication that is conspicuously marked or otherwise 61 | designated in writing by the copyright owner as "Not a Contribution." 62 | 63 | "Contributor" shall mean Licensor and any individual or Legal Entity 64 | on behalf of whom a Contribution has been received by Licensor and 65 | subsequently incorporated within the Work. 66 | 67 | 2. Grant of Copyright License. Subject to the terms and conditions of 68 | this License, each Contributor hereby grants to You a perpetual, 69 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 70 | copyright license to reproduce, prepare Derivative Works of, 71 | publicly display, publicly perform, sublicense, and distribute the 72 | Work and such Derivative Works in Source or Object form. 73 | 74 | 3. Grant of Patent License. Subject to the terms and conditions of 75 | this License, each Contributor hereby grants to You a perpetual, 76 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 77 | (except as stated in this section) patent license to make, have made, 78 | use, offer to sell, sell, import, and otherwise transfer the Work, 79 | where such license applies only to those patent claims licensable 80 | by such Contributor that are necessarily infringed by their 81 | Contribution(s) alone or by combination of their Contribution(s) 82 | with the Work to which such Contribution(s) was submitted. If You 83 | institute patent litigation against any entity (including a 84 | cross-claim or counterclaim in a lawsuit) alleging that the Work 85 | or a Contribution incorporated within the Work constitutes direct 86 | or contributory patent infringement, then any patent licenses 87 | granted to You under this License for that Work shall terminate 88 | as of the date such litigation is filed. 89 | 90 | 4. Redistribution. You may reproduce and distribute copies of the 91 | Work or Derivative Works thereof in any medium, with or without 92 | modifications, and in Source or Object form, provided that You 93 | meet the following conditions: 94 | 95 | (a) You must give any other recipients of the Work or 96 | Derivative Works a copy of this License; and 97 | 98 | (b) You must cause any modified files to carry prominent notices 99 | stating that You changed the files; and 100 | 101 | (c) You must retain, in the Source form of any Derivative Works 102 | that You distribute, all copyright, patent, trademark, and 103 | attribution notices from the Source form of the Work, 104 | excluding those notices that do not pertain to any part of 105 | the Derivative Works; and 106 | 107 | (d) If the Work includes a "NOTICE" text file as part of its 108 | distribution, then any Derivative Works that You distribute must 109 | include a readable copy of the attribution notices contained 110 | within such NOTICE file, excluding those notices that do not 111 | pertain to any part of the Derivative Works, in at least one 112 | of the following places: within a NOTICE text file distributed 113 | as part of the Derivative Works; within the Source form or 114 | documentation, if provided along with the Derivative Works; or, 115 | within a display generated by the Derivative Works, if and 116 | wherever such third-party notices normally appear. The contents 117 | of the NOTICE file are for informational purposes only and 118 | do not modify the License. You may add Your own attribution 119 | notices within Derivative Works that You distribute, alongside 120 | or as an addendum to the NOTICE text from the Work, provided 121 | that such additional attribution notices cannot be construed 122 | as modifying the License. 123 | 124 | You may add Your own copyright statement to Your modifications and 125 | may provide additional or different license terms and conditions 126 | for use, reproduction, or distribution of Your modifications, or 127 | for any such Derivative Works as a whole, provided Your use, 128 | reproduction, and distribution of the Work otherwise complies with 129 | the conditions stated in this License. 130 | 131 | 5. Submission of Contributions. Unless You explicitly state otherwise, 132 | any Contribution intentionally submitted for inclusion in the Work 133 | by You to the Licensor shall be under the terms and conditions of 134 | this License, without any additional terms or conditions. 135 | Notwithstanding the above, nothing herein shall supersede or modify 136 | the terms of any separate license agreement you may have executed 137 | with Licensor regarding such Contributions. 138 | 139 | 6. Trademarks. This License does not grant permission to use the trade 140 | names, trademarks, service marks, or product names of the Licensor, 141 | except as required for reasonable and customary use in describing the 142 | origin of the Work and reproducing the content of the NOTICE file. 143 | 144 | 7. Disclaimer of Warranty. Unless required by applicable law or 145 | agreed to in writing, Licensor provides the Work (and each 146 | Contributor provides its Contributions) on an "AS IS" BASIS, 147 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 148 | implied, including, without limitation, any warranties or conditions 149 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 150 | PARTICULAR PURPOSE. You are solely responsible for determining the 151 | appropriateness of using or redistributing the Work and assume any 152 | risks associated with Your exercise of permissions under this License. 153 | 154 | 8. Limitation of Liability. In no event and under no legal theory, 155 | whether in tort (including negligence), contract, or otherwise, 156 | unless required by applicable law (such as deliberate and grossly 157 | negligent acts) or agreed to in writing, shall any Contributor be 158 | liable to You for damages, including any direct, indirect, special, 159 | incidental, or consequential damages of any character arising as a 160 | result of this License or out of the use or inability to use the 161 | Work (including but not limited to damages for loss of goodwill, 162 | work stoppage, computer failure or malfunction, or any and all 163 | other commercial damages or losses), even if such Contributor 164 | has been advised of the possibility of such damages. 165 | 166 | 9. Accepting Warranty or Additional Liability. While redistributing 167 | the Work or Derivative Works thereof, You may choose to offer, 168 | and charge a fee for, acceptance of support, warranty, indemnity, 169 | or other liability obligations and/or rights consistent with this 170 | License. However, in accepting such obligations, You may act only 171 | on Your own behalf and on Your sole responsibility, not on behalf 172 | of any other Contributor, and only if You agree to indemnify, 173 | defend, and hold each Contributor harmless for any liability 174 | incurred by, or claims asserted against, such Contributor by reason 175 | of your accepting any such warranty or additional liability. 176 | 177 | END OF TERMS AND CONDITIONS 178 | 179 | APPENDIX: How to apply the Apache License to your work. 180 | 181 | To apply the Apache License to your work, attach the following 182 | boilerplate notice, with the fields enclosed by brackets "[]" 183 | replaced with your own identifying information. (Don't include 184 | the brackets!) The text should be enclosed in the appropriate 185 | comment syntax for the file format. We also recommend that a 186 | file or class name and description of purpose be included on the 187 | same "printed page" as the copyright notice for easier 188 | identification within third-party archives. 189 | 190 | Copyright [yyyy] [name of copyright owner] 191 | 192 | Licensed under the Apache License, Version 2.0 (the "License"); 193 | you may not use this file except in compliance with the License. 194 | You may obtain a copy of the License at 195 | 196 | http://www.apache.org/licenses/LICENSE-2.0 197 | 198 | Unless required by applicable law or agreed to in writing, software 199 | distributed under the License is distributed on an "AS IS" BASIS, 200 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 201 | See the License for the specific language governing permissions and 202 | limitations under the License. 203 | -------------------------------------------------------------------------------- /tekton/join-network-task.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | apiVersion: tekton.dev/v1beta1 5 | kind: Task 6 | metadata: 7 | name: build-network-task 8 | spec: 9 | params: 10 | - name: ibp-creds 11 | type: string 12 | description: name of the secret holding the github-token 13 | default: ibp-creds 14 | - name: ordering-org-vars 15 | type: string 16 | description: Name of ConfigMap with organisation vars for the Ordering Orgs 17 | - name: endorse-org-vars 18 | type: string 19 | description: Name of ConfigMap with organisation vars for the Endorsing Orgs 20 | 21 | volumes: 22 | - name: ansible-config-ordering-vol 23 | configMap: 24 | name: $(params.ordering-org-vars) 25 | - name: ansible-config-endorsing-vol 26 | configMap: 27 | name: $(params.endorse-org-vars) 28 | - name: ansible-templates-vol 29 | configMap: 30 | name: templates 31 | workspaces: 32 | - name: ansiblectx 33 | description: 34 | mountPath: /playbooks/output 35 | steps: 36 | 37 | - name: createendorsingorg 38 | image: ibmcom/ibp-ansible 39 | env: 40 | - name: IBP_ANSIBLE_LOG_FILENAME 41 | value: /playbooks/output/build-network-task.log 42 | - name: IBP_API_ENDPOINT 43 | valueFrom: 44 | secretKeyRef: 45 | name: $(params.ibp-creds) 46 | key: api_endpoint 47 | - name: IBP_API_KEY 48 | valueFrom: 49 | secretKeyRef: 50 | name: $(params.ibp-creds) 51 | key: api_key 52 | volumeMounts: 53 | - name: ansible-config-endorsing-vol 54 | mountPath: /playbooks/env 55 | readOnly: true 56 | 57 | script: | 58 | #!/usr/bin/env -vS ansible-playbook -v 59 | --- 60 | - name: Create components for an ordering organization 61 | hosts: localhost 62 | vars: 63 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 64 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 65 | api_authtype: ibmcloud 66 | state: present 67 | organization_name: "{{ org1_name }}" 68 | organization_msp_id: "{{ org1_msp_id }}" 69 | ca_name: "{{ org1_ca_name }}" 70 | peer_name: "{{ org1_peer_name }}" 71 | wallet: /playbooks/output 72 | vars_files: 73 | - /playbooks/env/common-vars.yml 74 | - /playbooks/env/org-vars.yml 75 | roles: 76 | - ibm.blockchain_platform.endorsing_organization 77 | 78 | - name: enablecapabilities 79 | image: ibmcom/ibp-ansible 80 | env: 81 | - name: IBP_ANSIBLE_LOG_FILENAME 82 | value: /playbooks/output/build-network-task.log 83 | - name: IBP_API_ENDPOINT 84 | valueFrom: 85 | secretKeyRef: 86 | name: $(params.ibp-creds) 87 | key: api_endpoint 88 | - name: IBP_API_KEY 89 | valueFrom: 90 | secretKeyRef: 91 | name: $(params.ibp-creds) 92 | key: api_key 93 | volumeMounts: 94 | - name: ansible-config-ordering-vol 95 | mountPath: /playbooks/env 96 | readOnly: true 97 | 98 | script: | 99 | #!/usr/bin/env -vS ansible-playbook -v 100 | --- 101 | - name: Enable Fabric v2.x capabilities 102 | hosts: localhost 103 | vars: 104 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 105 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 106 | api_authtype: ibmcloud 107 | rootdir: /playbooks/output 108 | wallet: /playbooks/output 109 | vars_files: 110 | - /playbooks/env/common-vars.yml 111 | - /playbooks/env/org-vars.yml 112 | tasks: 113 | - name: Get the ordering service information 114 | ibm.blockchain_platform.ordering_service_info: 115 | api_endpoint: "{{ api_endpoint }}" 116 | api_authtype: "{{ api_authtype }}" 117 | api_key: "{{ api_key }}" 118 | api_secret: "{{ api_secret | default(omit) }}" 119 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 120 | name: "{{ ordering_service_name }}" 121 | register: ordering_service 122 | 123 | - name: Fail if the ordering service does not exist 124 | fail: 125 | msg: "{{ ordering_service_name }} does not exist" 126 | when: not ordering_service.exists 127 | 128 | - name: Fetch the system channel configuration 129 | ibm.blockchain_platform.channel_config: 130 | api_endpoint: "{{ api_endpoint }}" 131 | api_authtype: "{{ api_authtype }}" 132 | api_key: "{{ api_key }}" 133 | api_secret: "{{ api_secret | default(omit) }}" 134 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 135 | ordering_service: "{{ ordering_service_name }}" 136 | identity: "{{ rootdir}}/{{ ordering_org_name }} Admin.json" 137 | msp_id: "{{ ordering_service_msp }}" 138 | operation: fetch 139 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 140 | path: "{{ rootdir}}/original_config.bin" 141 | 142 | - name: Create a copy of the system channel configuration 143 | copy: 144 | src: "{{ rootdir }}/original_config.bin" 145 | dest: "{{ rootdir }}/updated_config.bin" 146 | 147 | - name: Enable Fabric v2.x capabilities 148 | ibm.blockchain_platform.channel_capabilities: 149 | path: "{{rootdir}}/updated_config.bin" 150 | channel: V2_0 151 | orderer: V2_0 152 | 153 | - name: Compute the system channel configuration update 154 | ibm.blockchain_platform.channel_config: 155 | operation: compute_update 156 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 157 | original: "{{rootdir}}/original_config.bin" 158 | updated: "{{rootdir}}/updated_config.bin" 159 | path: "{{rootdir}}/config_update.bin" 160 | register: compute_update 161 | 162 | - name: Sign the system channel configuration update 163 | ibm.blockchain_platform.channel_config: 164 | operation: sign_update 165 | identity: "{{ rootdir}}/{{ ordering_org_name }} Admin.json" 166 | msp_id: "{{ ordering_service_msp }}" 167 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 168 | path: "{{rootdir}}/config_update.bin" 169 | when: compute_update.path 170 | 171 | - name: Apply the system channel configuration update 172 | ibm.blockchain_platform.channel_config: 173 | api_endpoint: "{{ api_endpoint }}" 174 | api_authtype: "{{ api_authtype }}" 175 | api_key: "{{ api_key }}" 176 | api_secret: "{{ api_secret | default(omit) }}" 177 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 178 | operation: apply_update 179 | ordering_service: "{{ ordering_service_name }}" 180 | identity: "{{ rootdir}}/{{ ordering_org_name }} Admin.json" 181 | msp_id: "{{ ordering_service_msp }}" 182 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 183 | path: "{{rootdir}}/config_update.bin" 184 | when: compute_update.path 185 | 186 | 187 | - name: addorgtoconstirum 188 | image: ibmcom/ibp-ansible 189 | env: 190 | - name: IBP_ANSIBLE_LOG_FILENAME 191 | value: /playbooks/output/build-network-task.log 192 | - name: IBP_API_ENDPOINT 193 | valueFrom: 194 | secretKeyRef: 195 | name: $(params.ibp-creds) 196 | key: api_endpoint 197 | - name: IBP_API_KEY 198 | valueFrom: 199 | secretKeyRef: 200 | name: $(params.ibp-creds) 201 | key: api_key 202 | volumeMounts: 203 | - name: ansible-config-ordering-vol 204 | mountPath: /playbooks/env 205 | readOnly: true 206 | 207 | script: | 208 | #!/usr/bin/env -vS ansible-playbook -v 209 | --- 210 | - name: Add the organization to the consortium 211 | hosts: localhost 212 | vars: 213 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 214 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 215 | api_authtype: ibmcloud 216 | rootdir: /playbooks/output 217 | wallet: /playbooks/output 218 | vars_files: 219 | - /playbooks/env/common-vars.yml 220 | - /playbooks/env/org-vars.yml 221 | tasks: 222 | - name: Get the ordering service information 223 | ibm.blockchain_platform.ordering_service_info: 224 | api_endpoint: "{{ api_endpoint }}" 225 | api_authtype: "{{ api_authtype }}" 226 | api_key: "{{ api_key }}" 227 | api_secret: "{{ api_secret | default(omit) }}" 228 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 229 | name: "{{ ordering_service_name }}" 230 | register: ordering_service 231 | 232 | - name: Fail if the ordering service does not exist 233 | fail: 234 | msg: "{{ ordering_service_name }} does not exist" 235 | when: not ordering_service.exists 236 | 237 | - name: Fetch the system channel configuration 238 | ibm.blockchain_platform.channel_config: 239 | api_endpoint: "{{ api_endpoint }}" 240 | api_authtype: "{{ api_authtype }}" 241 | api_key: "{{ api_key }}" 242 | api_secret: "{{ api_secret | default(omit) }}" 243 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 244 | ordering_service: "{{ ordering_service_name }}" 245 | identity: "{{rootdir}}/{{ ordering_org_name }} Admin.json" 246 | msp_id: "{{ ordering_service_msp }}" 247 | operation: fetch 248 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 249 | path: "{{rootdir}}/original_config.bin" 250 | 251 | - name: Create a copy of the system channel configuration 252 | copy: 253 | src: "{{rootdir}}/original_config.bin" 254 | dest: "{{rootdir}}/updated_config.bin" 255 | 256 | - name: Add the organization to the consortium 257 | ibm.blockchain_platform.consortium_member: 258 | state: present 259 | api_endpoint: "{{ api_endpoint }}" 260 | api_authtype: "{{ api_authtype }}" 261 | api_key: "{{ api_key }}" 262 | api_secret: "{{ api_secret | default(omit) }}" 263 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 264 | organization: "{{ org1_name }}" 265 | path: "{{rootdir}}/updated_config.bin" 266 | 267 | - name: Compute the system channel configuration update 268 | ibm.blockchain_platform.channel_config: 269 | operation: compute_update 270 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 271 | original: "{{rootdir}}/original_config.bin" 272 | updated: "{{rootdir}}/updated_config.bin" 273 | path: "{{rootdir}}/config_update.bin" 274 | register: compute_update 275 | 276 | - name: Sign the system channel configuration update 277 | ibm.blockchain_platform.channel_config: 278 | operation: sign_update 279 | identity: "{{rootdir}}/{{ ordering_org_name }} Admin.json" 280 | msp_id: "{{ ordering_service_msp }}" 281 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 282 | path: "{{rootdir}}/config_update.bin" 283 | when: compute_update.path 284 | 285 | - name: Apply the system channel configuration update 286 | ibm.blockchain_platform.channel_config: 287 | api_endpoint: "{{ api_endpoint }}" 288 | api_authtype: "{{ api_authtype }}" 289 | api_key: "{{ api_key }}" 290 | api_secret: "{{ api_secret | default(omit) }}" 291 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 292 | operation: apply_update 293 | ordering_service: "{{ ordering_service_name }}" 294 | identity: "{{rootdir}}/{{ ordering_org_name }} Admin.json" 295 | msp_id: "{{ ordering_service_msp }}" 296 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 297 | path: "{{rootdir}}/config_update.bin" 298 | when: compute_update.path 299 | 300 | - name: createchannel 301 | image: ibmcom/ibp-ansible 302 | env: 303 | - name: IBP_ANSIBLE_LOG_FILENAME 304 | value: /playbooks/output/build-network-task.log 305 | - name: IBP_API_ENDPOINT 306 | valueFrom: 307 | secretKeyRef: 308 | name: $(params.ibp-creds) 309 | key: api_endpoint 310 | - name: IBP_API_KEY 311 | valueFrom: 312 | secretKeyRef: 313 | name: $(params.ibp-creds) 314 | key: api_key 315 | volumeMounts: 316 | - name: ansible-config-endorsing-vol 317 | mountPath: /playbooks/env 318 | readOnly: true 319 | - name: ansible-templates-vol 320 | mountPath: /playbooks/templates 321 | readOnly: true 322 | script: | 323 | #!/usr/bin/env -vS ansible-playbook -v 324 | --- 325 | - name: Create the channel 326 | hosts: localhost 327 | vars: 328 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 329 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 330 | api_authtype: ibmcloud 331 | rootdir: /playbooks/output 332 | wallet: /playbooks/output 333 | vars_files: 334 | - /playbooks/env/common-vars.yml 335 | - /playbooks/env/org-vars.yml 336 | tasks: 337 | - name: Check to see if the channel already exists 338 | ibm.blockchain_platform.channel_block: 339 | api_endpoint: "{{ api_endpoint }}" 340 | api_authtype: "{{ api_authtype }}" 341 | api_key: "{{ api_key }}" 342 | api_secret: "{{ api_secret | default(omit) }}" 343 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 344 | operation: fetch 345 | ordering_service: "{{ ordering_service_name }}" 346 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 347 | msp_id: "{{ org1_msp_id }}" 348 | name: "{{ channel_name }}" 349 | target: "0" 350 | path: "{{rootdir}}/channel_genesis_block.bin" 351 | failed_when: False 352 | register: result 353 | 354 | - name: Fail on any error other than the channel not existing 355 | fail: 356 | msg: "{{ result.msg }}" 357 | when: result.msg is defined and 'NOT_FOUND' not in result.msg 358 | 359 | - name: Create the configuration update for the new channel 360 | ibm.blockchain_platform.channel_config: 361 | api_endpoint: "{{ api_endpoint }}" 362 | api_authtype: "{{ api_authtype }}" 363 | api_key: "{{ api_key }}" 364 | api_secret: "{{ api_secret | default(omit) }}" 365 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 366 | operation: create 367 | name: "{{ channel_name }}" 368 | path: "{{rootdir}}/config_update.bin" 369 | organizations: 370 | - "{{ org1_name }}" 371 | policies: 372 | Admins: "{{ lookup('template', '/playbooks/templates/09-admins-policy.json.j2') }}" 373 | Readers: "{{ lookup('template', '/playbooks/templates/09-readers-policy.json.j2') }}" 374 | Writers: "{{ lookup('template', '/playbooks/templates/09-writers-policy.json.j2') }}" 375 | Endorsement: "{{ lookup('template', '/playbooks/templates/09-endorsement-policy.json.j2') }}" 376 | LifecycleEndorsement: "{{ lookup('template', '/playbooks/templates/09-lifecycle-endorsement-policy.json.j2') }}" 377 | capabilities: 378 | application: V2_0 379 | when: result.msg is defined and 'NOT_FOUND' in result.msg 380 | 381 | - name: Sign the channel configuration update for the new channel 382 | ibm.blockchain_platform.channel_config: 383 | operation: sign_update 384 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 385 | msp_id: "{{ org1_msp_id }}" 386 | name: "{{ channel_name }}" 387 | path: "{{rootdir}}/config_update.bin" 388 | when: result.msg is defined and 'NOT_FOUND' in result.msg 389 | 390 | - name: Apply the channel configuration update for the new channel 391 | ibm.blockchain_platform.channel_config: 392 | api_endpoint: "{{ api_endpoint }}" 393 | api_authtype: "{{ api_authtype }}" 394 | api_key: "{{ api_key }}" 395 | api_secret: "{{ api_secret | default(omit) }}" 396 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 397 | operation: apply_update 398 | ordering_service: "{{ ordering_service_name }}" 399 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 400 | msp_id: "{{ org1_msp_id }}" 401 | name: "{{ channel_name }}" 402 | path: "{{rootdir}}/config_update.bin" 403 | when: result.msg is defined and 'NOT_FOUND' in result.msg 404 | 405 | - name: joinpeertochannel 406 | image: ibmcom/ibp-ansible 407 | env: 408 | - name: IBP_ANSIBLE_LOG_FILENAME 409 | value: /playbooks/output/build-network-task.log 410 | - name: IBP_API_ENDPOINT 411 | valueFrom: 412 | secretKeyRef: 413 | name: $(params.ibp-creds) 414 | key: api_endpoint 415 | - name: IBP_API_KEY 416 | valueFrom: 417 | secretKeyRef: 418 | name: $(params.ibp-creds) 419 | key: api_key 420 | volumeMounts: 421 | - name: ansible-config-endorsing-vol 422 | mountPath: /playbooks/env 423 | readOnly: true 424 | script: | 425 | #!/usr/bin/env -vS ansible-playbook -v 426 | --- 427 | - name: Join peer to channel 428 | hosts: localhost 429 | vars: 430 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 431 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 432 | api_authtype: ibmcloud 433 | rootdir: /playbooks/output 434 | wallet: /playbooks/output 435 | vars_files: 436 | - /playbooks/env/common-vars.yml 437 | - /playbooks/env/org-vars.yml 438 | tasks: 439 | - name: Fetch the genesis block for the channel 440 | ibm.blockchain_platform.channel_block: 441 | api_endpoint: "{{ api_endpoint }}" 442 | api_authtype: "{{ api_authtype }}" 443 | api_key: "{{ api_key }}" 444 | api_secret: "{{ api_secret | default(omit) }}" 445 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 446 | operation: fetch 447 | ordering_service: "{{ ordering_service_name }}" 448 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 449 | msp_id: "{{ org1_msp_id }}" 450 | name: "{{ channel_name }}" 451 | target: "0" 452 | path: "{{rootdir}}/channel_genesis_block.bin" 453 | 454 | - name: Join the peer to the channel 455 | ibm.blockchain_platform.peer_channel: 456 | api_endpoint: "{{ api_endpoint }}" 457 | api_authtype: "{{ api_authtype }}" 458 | api_key: "{{ api_key }}" 459 | api_secret: "{{ api_secret | default(omit) }}" 460 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 461 | operation: join 462 | peer: "{{ org1_peer_name }}" 463 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 464 | msp_id: "{{ org1_msp_id }}" 465 | path: "{{rootdir}}/channel_genesis_block.bin" 466 | 467 | - name: addanchorpeer 468 | image: ibmcom/ibp-ansible 469 | env: 470 | - name: IBP_ANSIBLE_LOG_FILENAME 471 | value: /playbooks/output/build-network-task.log 472 | - name: IBP_API_ENDPOINT 473 | valueFrom: 474 | secretKeyRef: 475 | name: $(params.ibp-creds) 476 | key: api_endpoint 477 | - name: IBP_API_KEY 478 | valueFrom: 479 | secretKeyRef: 480 | name: $(params.ibp-creds) 481 | key: api_key 482 | volumeMounts: 483 | - name: ansible-config-endorsing-vol 484 | mountPath: /playbooks/env 485 | readOnly: true 486 | script: | 487 | #!/usr/bin/env -vS ansible-playbook -v 488 | --- 489 | - name: Add Anchor Peer 490 | hosts: localhost 491 | vars: 492 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 493 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 494 | api_authtype: ibmcloud 495 | rootdir: /playbooks/output 496 | wallet: /playbooks/output 497 | vars_files: 498 | - /playbooks/env/common-vars.yml 499 | - /playbooks/env/org-vars.yml 500 | tasks: 501 | - name: Get the ordering service information 502 | ibm.blockchain_platform.ordering_service_info: 503 | api_endpoint: "{{ api_endpoint }}" 504 | api_authtype: "{{ api_authtype }}" 505 | api_key: "{{ api_key }}" 506 | api_secret: "{{ api_secret | default(omit) }}" 507 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 508 | name: "{{ ordering_service_name }}" 509 | register: ordering_service 510 | 511 | - name: Fail if the ordering service does not exist 512 | fail: 513 | msg: "{{ ordering_service_name }} does not exist" 514 | when: not ordering_service.exists 515 | 516 | - name: Fetch the channel configuration 517 | ibm.blockchain_platform.channel_config: 518 | api_endpoint: "{{ api_endpoint }}" 519 | api_authtype: "{{ api_authtype }}" 520 | api_key: "{{ api_key }}" 521 | api_secret: "{{ api_secret | default(omit) }}" 522 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 523 | ordering_service: "{{ ordering_service_name }}" 524 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 525 | msp_id: "{{ org1_msp_id }}" 526 | operation: fetch 527 | name: "{{ channel_name }}" 528 | path: "{{rootdir}}/original_config.bin" 529 | 530 | - name: Create a copy of the channel configuration 531 | copy: 532 | src: "{{rootdir}}/original_config.bin" 533 | dest: "{{rootdir}}/updated_config.bin" 534 | 535 | - name: Update the organization 536 | ibm.blockchain_platform.channel_member: 537 | state: present 538 | api_endpoint: "{{ api_endpoint }}" 539 | api_authtype: "{{ api_authtype }}" 540 | api_key: "{{ api_key }}" 541 | api_secret: "{{ api_secret | default(omit) }}" 542 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 543 | organization: "{{ org1_name }}" 544 | anchor_peers: 545 | - "{{ org1_peer_name }}" 546 | path: "{{rootdir}}/updated_config.bin" 547 | 548 | - name: Compute the channel configuration update 549 | ibm.blockchain_platform.channel_config: 550 | operation: compute_update 551 | name: "{{ channel_name }}" 552 | original: "{{rootdir}}/original_config.bin" 553 | updated: "{{rootdir}}/updated_config.bin" 554 | path: "{{rootdir}}/config_update.bin" 555 | register: compute_update 556 | 557 | - name: Sign the channel configuration update 558 | ibm.blockchain_platform.channel_config: 559 | operation: sign_update 560 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 561 | msp_id: "{{ org1_msp_id }}" 562 | name: "{{ channel_name }}" 563 | path: "{{rootdir}}/config_update.bin" 564 | when: compute_update.path 565 | 566 | - name: Apply the channel configuration update 567 | ibm.blockchain_platform.channel_config: 568 | api_endpoint: "{{ api_endpoint }}" 569 | api_authtype: "{{ api_authtype }}" 570 | api_key: "{{ api_key }}" 571 | api_secret: "{{ api_secret | default(omit) }}" 572 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 573 | operation: apply_update 574 | ordering_service: "{{ ordering_service_name }}" 575 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 576 | msp_id: "{{ org1_msp_id }}" 577 | name: "{{ channel_name }}" 578 | path: "{{rootdir}}/config_update.bin" 579 | when: compute_update.path 580 | 581 | -------------------------------------------------------------------------------- /tekton/build-network-task.yaml: -------------------------------------------------------------------------------- 1 | # 2 | # SPDX-License-Identifier: Apache-2.0 3 | # 4 | apiVersion: tekton.dev/v1beta1 5 | kind: Task 6 | metadata: 7 | name: build-network-task 8 | spec: 9 | params: 10 | - name: ibp-creds 11 | type: string 12 | description: name of the secret holding the github-token 13 | default: ibp-creds 14 | - name: ordering-org-vars 15 | type: string 16 | description: Name of ConfigMap with organisation vars for the Ordering Orgs 17 | - name: endorse-org-vars 18 | type: string 19 | description: Name of ConfigMap with organisation vars for the Endorsing Orgs 20 | 21 | volumes: 22 | - name: ansible-config-ordering-vol 23 | configMap: 24 | name: $(params.ordering-org-vars) 25 | - name: ansible-config-endorsing-vol 26 | configMap: 27 | name: $(params.endorse-org-vars) 28 | - name: ansible-templates-vol 29 | configMap: 30 | name: templates 31 | workspaces: 32 | - name: ansiblectx 33 | description: 34 | mountPath: /playbooks/output 35 | steps: 36 | - name: createorderingorg 37 | image: ibmcom/ibp-ansible 38 | env: 39 | - name: IBP_ANSIBLE_LOG_FILENAME 40 | value: /playbooks/output/build-network-task.log 41 | - name: IBP_API_ENDPOINT 42 | valueFrom: 43 | secretKeyRef: 44 | name: $(params.ibp-creds) 45 | key: api_endpoint 46 | - name: IBP_API_KEY 47 | valueFrom: 48 | secretKeyRef: 49 | name: $(params.ibp-creds) 50 | key: api_key 51 | volumeMounts: 52 | - name: ansible-config-ordering-vol 53 | mountPath: /playbooks/env 54 | readOnly: true 55 | 56 | script: | 57 | #!/usr/bin/env -vS ansible-playbook -v 58 | --- 59 | - name: Create components for an ordering organization 60 | hosts: localhost 61 | vars: 62 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 63 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 64 | api_authtype: ibmcloud 65 | state: present 66 | organization_name: "{{ ordering_org_name }}" 67 | organization_msp_id: "{{ ordering_service_msp }}" 68 | wallet: /playbooks/output 69 | vars_files: 70 | - /playbooks/env/common-vars.yml 71 | - /playbooks/env/org-vars.yml 72 | roles: 73 | - ibm.blockchain_platform.ordering_organization 74 | 75 | - name: createendorsingorg 76 | image: ibmcom/ibp-ansible 77 | env: 78 | - name: IBP_ANSIBLE_LOG_FILENAME 79 | value: /playbooks/output/build-network-task.log 80 | - name: IBP_API_ENDPOINT 81 | valueFrom: 82 | secretKeyRef: 83 | name: $(params.ibp-creds) 84 | key: api_endpoint 85 | - name: IBP_API_KEY 86 | valueFrom: 87 | secretKeyRef: 88 | name: $(params.ibp-creds) 89 | key: api_key 90 | volumeMounts: 91 | - name: ansible-config-endorsing-vol 92 | mountPath: /playbooks/env 93 | readOnly: true 94 | 95 | script: | 96 | #!/usr/bin/env -vS ansible-playbook -v 97 | --- 98 | - name: Create components for an ordering organization 99 | hosts: localhost 100 | vars: 101 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 102 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 103 | api_authtype: ibmcloud 104 | state: present 105 | organization_name: "{{ org1_name }}" 106 | organization_msp_id: "{{ org1_msp_id }}" 107 | ca_name: "{{ org1_ca_name }}" 108 | peer_name: "{{ org1_peer_name }}" 109 | wallet: /playbooks/output 110 | vars_files: 111 | - /playbooks/env/common-vars.yml 112 | - /playbooks/env/org-vars.yml 113 | roles: 114 | - ibm.blockchain_platform.endorsing_organization 115 | 116 | - name: enablecapabilities 117 | image: ibmcom/ibp-ansible 118 | env: 119 | - name: IBP_ANSIBLE_LOG_FILENAME 120 | value: /playbooks/output/build-network-task.log 121 | - name: IBP_API_ENDPOINT 122 | valueFrom: 123 | secretKeyRef: 124 | name: $(params.ibp-creds) 125 | key: api_endpoint 126 | - name: IBP_API_KEY 127 | valueFrom: 128 | secretKeyRef: 129 | name: $(params.ibp-creds) 130 | key: api_key 131 | volumeMounts: 132 | - name: ansible-config-ordering-vol 133 | mountPath: /playbooks/env 134 | readOnly: true 135 | 136 | script: | 137 | #!/usr/bin/env -vS ansible-playbook -v 138 | --- 139 | - name: Enable Fabric v2.x capabilities 140 | hosts: localhost 141 | vars: 142 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 143 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 144 | api_authtype: ibmcloud 145 | rootdir: /playbooks/output 146 | wallet: /playbooks/output 147 | vars_files: 148 | - /playbooks/env/common-vars.yml 149 | - /playbooks/env/org-vars.yml 150 | tasks: 151 | - name: Get the ordering service information 152 | ibm.blockchain_platform.ordering_service_info: 153 | api_endpoint: "{{ api_endpoint }}" 154 | api_authtype: "{{ api_authtype }}" 155 | api_key: "{{ api_key }}" 156 | api_secret: "{{ api_secret | default(omit) }}" 157 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 158 | name: "{{ ordering_service_name }}" 159 | register: ordering_service 160 | 161 | - name: Fail if the ordering service does not exist 162 | fail: 163 | msg: "{{ ordering_service_name }} does not exist" 164 | when: not ordering_service.exists 165 | 166 | - name: Fetch the system channel configuration 167 | ibm.blockchain_platform.channel_config: 168 | api_endpoint: "{{ api_endpoint }}" 169 | api_authtype: "{{ api_authtype }}" 170 | api_key: "{{ api_key }}" 171 | api_secret: "{{ api_secret | default(omit) }}" 172 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 173 | ordering_service: "{{ ordering_service_name }}" 174 | identity: "{{ rootdir}}/{{ ordering_org_name }} Admin.json" 175 | msp_id: "{{ ordering_service_msp }}" 176 | operation: fetch 177 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 178 | path: "{{ rootdir}}/original_config.bin" 179 | 180 | - name: Create a copy of the system channel configuration 181 | copy: 182 | src: "{{ rootdir }}/original_config.bin" 183 | dest: "{{ rootdir }}/updated_config.bin" 184 | 185 | - name: Enable Fabric v2.x capabilities 186 | ibm.blockchain_platform.channel_capabilities: 187 | path: "{{rootdir}}/updated_config.bin" 188 | channel: V2_0 189 | orderer: V2_0 190 | 191 | - name: Compute the system channel configuration update 192 | ibm.blockchain_platform.channel_config: 193 | operation: compute_update 194 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 195 | original: "{{rootdir}}/original_config.bin" 196 | updated: "{{rootdir}}/updated_config.bin" 197 | path: "{{rootdir}}/config_update.bin" 198 | register: compute_update 199 | 200 | - name: Sign the system channel configuration update 201 | ibm.blockchain_platform.channel_config: 202 | operation: sign_update 203 | identity: "{{ rootdir}}/{{ ordering_org_name }} Admin.json" 204 | msp_id: "{{ ordering_service_msp }}" 205 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 206 | path: "{{rootdir}}/config_update.bin" 207 | when: compute_update.path 208 | 209 | - name: Apply the system channel configuration update 210 | ibm.blockchain_platform.channel_config: 211 | api_endpoint: "{{ api_endpoint }}" 212 | api_authtype: "{{ api_authtype }}" 213 | api_key: "{{ api_key }}" 214 | api_secret: "{{ api_secret | default(omit) }}" 215 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 216 | operation: apply_update 217 | ordering_service: "{{ ordering_service_name }}" 218 | identity: "{{ rootdir}}/{{ ordering_org_name }} Admin.json" 219 | msp_id: "{{ ordering_service_msp }}" 220 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 221 | path: "{{rootdir}}/config_update.bin" 222 | when: compute_update.path 223 | 224 | 225 | - name: addorgtoconstirum 226 | image: ibmcom/ibp-ansible 227 | env: 228 | - name: IBP_ANSIBLE_LOG_FILENAME 229 | value: /playbooks/output/build-network-task.log 230 | - name: IBP_API_ENDPOINT 231 | valueFrom: 232 | secretKeyRef: 233 | name: $(params.ibp-creds) 234 | key: api_endpoint 235 | - name: IBP_API_KEY 236 | valueFrom: 237 | secretKeyRef: 238 | name: $(params.ibp-creds) 239 | key: api_key 240 | volumeMounts: 241 | - name: ansible-config-ordering-vol 242 | mountPath: /playbooks/env 243 | readOnly: true 244 | 245 | script: | 246 | #!/usr/bin/env -vS ansible-playbook -v 247 | --- 248 | - name: Add the organization to the consortium 249 | hosts: localhost 250 | vars: 251 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 252 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 253 | api_authtype: ibmcloud 254 | rootdir: /playbooks/output 255 | wallet: /playbooks/output 256 | vars_files: 257 | - /playbooks/env/common-vars.yml 258 | - /playbooks/env/org-vars.yml 259 | tasks: 260 | - name: Get the ordering service information 261 | ibm.blockchain_platform.ordering_service_info: 262 | api_endpoint: "{{ api_endpoint }}" 263 | api_authtype: "{{ api_authtype }}" 264 | api_key: "{{ api_key }}" 265 | api_secret: "{{ api_secret | default(omit) }}" 266 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 267 | name: "{{ ordering_service_name }}" 268 | register: ordering_service 269 | 270 | - name: Fail if the ordering service does not exist 271 | fail: 272 | msg: "{{ ordering_service_name }} does not exist" 273 | when: not ordering_service.exists 274 | 275 | - name: Fetch the system channel configuration 276 | ibm.blockchain_platform.channel_config: 277 | api_endpoint: "{{ api_endpoint }}" 278 | api_authtype: "{{ api_authtype }}" 279 | api_key: "{{ api_key }}" 280 | api_secret: "{{ api_secret | default(omit) }}" 281 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 282 | ordering_service: "{{ ordering_service_name }}" 283 | identity: "{{rootdir}}/{{ ordering_org_name }} Admin.json" 284 | msp_id: "{{ ordering_service_msp }}" 285 | operation: fetch 286 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 287 | path: "{{rootdir}}/original_config.bin" 288 | 289 | - name: Create a copy of the system channel configuration 290 | copy: 291 | src: "{{rootdir}}/original_config.bin" 292 | dest: "{{rootdir}}/updated_config.bin" 293 | 294 | - name: Add the organization to the consortium 295 | ibm.blockchain_platform.consortium_member: 296 | state: present 297 | api_endpoint: "{{ api_endpoint }}" 298 | api_authtype: "{{ api_authtype }}" 299 | api_key: "{{ api_key }}" 300 | api_secret: "{{ api_secret | default(omit) }}" 301 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 302 | organization: "{{ org1_name }}" 303 | path: "{{rootdir}}/updated_config.bin" 304 | 305 | - name: Compute the system channel configuration update 306 | ibm.blockchain_platform.channel_config: 307 | operation: compute_update 308 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 309 | original: "{{rootdir}}/original_config.bin" 310 | updated: "{{rootdir}}/updated_config.bin" 311 | path: "{{rootdir}}/config_update.bin" 312 | register: compute_update 313 | 314 | - name: Sign the system channel configuration update 315 | ibm.blockchain_platform.channel_config: 316 | operation: sign_update 317 | identity: "{{rootdir}}/{{ ordering_org_name }} Admin.json" 318 | msp_id: "{{ ordering_service_msp }}" 319 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 320 | path: "{{rootdir}}/config_update.bin" 321 | when: compute_update.path 322 | 323 | - name: Apply the system channel configuration update 324 | ibm.blockchain_platform.channel_config: 325 | api_endpoint: "{{ api_endpoint }}" 326 | api_authtype: "{{ api_authtype }}" 327 | api_key: "{{ api_key }}" 328 | api_secret: "{{ api_secret | default(omit) }}" 329 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 330 | operation: apply_update 331 | ordering_service: "{{ ordering_service_name }}" 332 | identity: "{{rootdir}}/{{ ordering_org_name }} Admin.json" 333 | msp_id: "{{ ordering_service_msp }}" 334 | name: "{{ ordering_service.ordering_service[0].system_channel_id }}" 335 | path: "{{rootdir}}/config_update.bin" 336 | when: compute_update.path 337 | 338 | - name: createchannel 339 | image: ibmcom/ibp-ansible 340 | env: 341 | - name: IBP_ANSIBLE_LOG_FILENAME 342 | value: /playbooks/output/build-network-task.log 343 | - name: IBP_API_ENDPOINT 344 | valueFrom: 345 | secretKeyRef: 346 | name: $(params.ibp-creds) 347 | key: api_endpoint 348 | - name: IBP_API_KEY 349 | valueFrom: 350 | secretKeyRef: 351 | name: $(params.ibp-creds) 352 | key: api_key 353 | volumeMounts: 354 | - name: ansible-config-endorsing-vol 355 | mountPath: /playbooks/env 356 | readOnly: true 357 | - name: ansible-templates-vol 358 | mountPath: /playbooks/templates 359 | readOnly: true 360 | script: | 361 | #!/usr/bin/env -vS ansible-playbook -v 362 | --- 363 | - name: Create the channel 364 | hosts: localhost 365 | vars: 366 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 367 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 368 | api_authtype: ibmcloud 369 | rootdir: /playbooks/output 370 | wallet: /playbooks/output 371 | vars_files: 372 | - /playbooks/env/common-vars.yml 373 | - /playbooks/env/org-vars.yml 374 | tasks: 375 | - name: Check to see if the channel already exists 376 | ibm.blockchain_platform.channel_block: 377 | api_endpoint: "{{ api_endpoint }}" 378 | api_authtype: "{{ api_authtype }}" 379 | api_key: "{{ api_key }}" 380 | api_secret: "{{ api_secret | default(omit) }}" 381 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 382 | operation: fetch 383 | ordering_service: "{{ ordering_service_name }}" 384 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 385 | msp_id: "{{ org1_msp_id }}" 386 | name: "{{ channel_name }}" 387 | target: "0" 388 | path: "{{rootdir}}/channel_genesis_block.bin" 389 | failed_when: False 390 | register: result 391 | 392 | - name: Fail on any error other than the channel not existing 393 | fail: 394 | msg: "{{ result.msg }}" 395 | when: result.msg is defined and 'NOT_FOUND' not in result.msg 396 | 397 | - name: Create the configuration update for the new channel 398 | ibm.blockchain_platform.channel_config: 399 | api_endpoint: "{{ api_endpoint }}" 400 | api_authtype: "{{ api_authtype }}" 401 | api_key: "{{ api_key }}" 402 | api_secret: "{{ api_secret | default(omit) }}" 403 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 404 | operation: create 405 | name: "{{ channel_name }}" 406 | path: "{{rootdir}}/config_update.bin" 407 | organizations: 408 | - "{{ org1_name }}" 409 | policies: 410 | Admins: "{{ lookup('template', '/playbooks/templates/09-admins-policy.json.j2') }}" 411 | Readers: "{{ lookup('template', '/playbooks/templates/09-readers-policy.json.j2') }}" 412 | Writers: "{{ lookup('template', '/playbooks/templates/09-writers-policy.json.j2') }}" 413 | Endorsement: "{{ lookup('template', '/playbooks/templates/09-endorsement-policy.json.j2') }}" 414 | LifecycleEndorsement: "{{ lookup('template', '/playbooks/templates/09-lifecycle-endorsement-policy.json.j2') }}" 415 | capabilities: 416 | application: V2_0 417 | when: result.msg is defined and 'NOT_FOUND' in result.msg 418 | 419 | - name: Sign the channel configuration update for the new channel 420 | ibm.blockchain_platform.channel_config: 421 | operation: sign_update 422 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 423 | msp_id: "{{ org1_msp_id }}" 424 | name: "{{ channel_name }}" 425 | path: "{{rootdir}}/config_update.bin" 426 | when: result.msg is defined and 'NOT_FOUND' in result.msg 427 | 428 | - name: Apply the channel configuration update for the new channel 429 | ibm.blockchain_platform.channel_config: 430 | api_endpoint: "{{ api_endpoint }}" 431 | api_authtype: "{{ api_authtype }}" 432 | api_key: "{{ api_key }}" 433 | api_secret: "{{ api_secret | default(omit) }}" 434 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 435 | operation: apply_update 436 | ordering_service: "{{ ordering_service_name }}" 437 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 438 | msp_id: "{{ org1_msp_id }}" 439 | name: "{{ channel_name }}" 440 | path: "{{rootdir}}/config_update.bin" 441 | when: result.msg is defined and 'NOT_FOUND' in result.msg 442 | 443 | - name: joinpeertochannel 444 | image: ibmcom/ibp-ansible 445 | env: 446 | - name: IBP_ANSIBLE_LOG_FILENAME 447 | value: /playbooks/output/build-network-task.log 448 | - name: IBP_API_ENDPOINT 449 | valueFrom: 450 | secretKeyRef: 451 | name: $(params.ibp-creds) 452 | key: api_endpoint 453 | - name: IBP_API_KEY 454 | valueFrom: 455 | secretKeyRef: 456 | name: $(params.ibp-creds) 457 | key: api_key 458 | volumeMounts: 459 | - name: ansible-config-endorsing-vol 460 | mountPath: /playbooks/env 461 | readOnly: true 462 | script: | 463 | #!/usr/bin/env -vS ansible-playbook -v 464 | --- 465 | - name: Join peer to channel 466 | hosts: localhost 467 | vars: 468 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 469 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 470 | api_authtype: ibmcloud 471 | rootdir: /playbooks/output 472 | wallet: /playbooks/output 473 | vars_files: 474 | - /playbooks/env/common-vars.yml 475 | - /playbooks/env/org-vars.yml 476 | tasks: 477 | - name: Fetch the genesis block for the channel 478 | ibm.blockchain_platform.channel_block: 479 | api_endpoint: "{{ api_endpoint }}" 480 | api_authtype: "{{ api_authtype }}" 481 | api_key: "{{ api_key }}" 482 | api_secret: "{{ api_secret | default(omit) }}" 483 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 484 | operation: fetch 485 | ordering_service: "{{ ordering_service_name }}" 486 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 487 | msp_id: "{{ org1_msp_id }}" 488 | name: "{{ channel_name }}" 489 | target: "0" 490 | path: "{{rootdir}}/channel_genesis_block.bin" 491 | 492 | - name: Join the peer to the channel 493 | ibm.blockchain_platform.peer_channel: 494 | api_endpoint: "{{ api_endpoint }}" 495 | api_authtype: "{{ api_authtype }}" 496 | api_key: "{{ api_key }}" 497 | api_secret: "{{ api_secret | default(omit) }}" 498 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 499 | operation: join 500 | peer: "{{ org1_peer_name }}" 501 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 502 | msp_id: "{{ org1_msp_id }}" 503 | path: "{{rootdir}}/channel_genesis_block.bin" 504 | 505 | - name: addanchorpeer 506 | image: ibmcom/ibp-ansible 507 | env: 508 | - name: IBP_ANSIBLE_LOG_FILENAME 509 | value: /playbooks/output/build-network-task.log 510 | - name: IBP_API_ENDPOINT 511 | valueFrom: 512 | secretKeyRef: 513 | name: $(params.ibp-creds) 514 | key: api_endpoint 515 | - name: IBP_API_KEY 516 | valueFrom: 517 | secretKeyRef: 518 | name: $(params.ibp-creds) 519 | key: api_key 520 | volumeMounts: 521 | - name: ansible-config-endorsing-vol 522 | mountPath: /playbooks/env 523 | readOnly: true 524 | script: | 525 | #!/usr/bin/env -vS ansible-playbook -v 526 | --- 527 | - name: Add Anchor Peer 528 | hosts: localhost 529 | vars: 530 | api_endpoint: "{{ lookup('ansible.builtin.env', 'IBP_API_ENDPOINT') }}" 531 | api_key: "{{ lookup('ansible.builtin.env', 'IBP_API_KEY') }}" 532 | api_authtype: ibmcloud 533 | rootdir: /playbooks/output 534 | wallet: /playbooks/output 535 | vars_files: 536 | - /playbooks/env/common-vars.yml 537 | - /playbooks/env/org-vars.yml 538 | tasks: 539 | - name: Get the ordering service information 540 | ibm.blockchain_platform.ordering_service_info: 541 | api_endpoint: "{{ api_endpoint }}" 542 | api_authtype: "{{ api_authtype }}" 543 | api_key: "{{ api_key }}" 544 | api_secret: "{{ api_secret | default(omit) }}" 545 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 546 | name: "{{ ordering_service_name }}" 547 | register: ordering_service 548 | 549 | - name: Fail if the ordering service does not exist 550 | fail: 551 | msg: "{{ ordering_service_name }} does not exist" 552 | when: not ordering_service.exists 553 | 554 | - name: Fetch the channel configuration 555 | ibm.blockchain_platform.channel_config: 556 | api_endpoint: "{{ api_endpoint }}" 557 | api_authtype: "{{ api_authtype }}" 558 | api_key: "{{ api_key }}" 559 | api_secret: "{{ api_secret | default(omit) }}" 560 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 561 | ordering_service: "{{ ordering_service_name }}" 562 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 563 | msp_id: "{{ org1_msp_id }}" 564 | operation: fetch 565 | name: "{{ channel_name }}" 566 | path: "{{rootdir}}/original_config.bin" 567 | 568 | - name: Create a copy of the channel configuration 569 | copy: 570 | src: "{{rootdir}}/original_config.bin" 571 | dest: "{{rootdir}}/updated_config.bin" 572 | 573 | - name: Update the organization 574 | ibm.blockchain_platform.channel_member: 575 | state: present 576 | api_endpoint: "{{ api_endpoint }}" 577 | api_authtype: "{{ api_authtype }}" 578 | api_key: "{{ api_key }}" 579 | api_secret: "{{ api_secret | default(omit) }}" 580 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 581 | organization: "{{ org1_name }}" 582 | anchor_peers: 583 | - "{{ org1_peer_name }}" 584 | path: "{{rootdir}}/updated_config.bin" 585 | 586 | - name: Compute the channel configuration update 587 | ibm.blockchain_platform.channel_config: 588 | operation: compute_update 589 | name: "{{ channel_name }}" 590 | original: "{{rootdir}}/original_config.bin" 591 | updated: "{{rootdir}}/updated_config.bin" 592 | path: "{{rootdir}}/config_update.bin" 593 | register: compute_update 594 | 595 | - name: Sign the channel configuration update 596 | ibm.blockchain_platform.channel_config: 597 | operation: sign_update 598 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 599 | msp_id: "{{ org1_msp_id }}" 600 | name: "{{ channel_name }}" 601 | path: "{{rootdir}}/config_update.bin" 602 | when: compute_update.path 603 | 604 | - name: Apply the channel configuration update 605 | ibm.blockchain_platform.channel_config: 606 | api_endpoint: "{{ api_endpoint }}" 607 | api_authtype: "{{ api_authtype }}" 608 | api_key: "{{ api_key }}" 609 | api_secret: "{{ api_secret | default(omit) }}" 610 | api_token_endpoint: "{{ api_token_endpoint | default(omit) }}" 611 | operation: apply_update 612 | ordering_service: "{{ ordering_service_name }}" 613 | identity: "{{rootdir}}/{{ org1_name }} Admin.json" 614 | msp_id: "{{ org1_msp_id }}" 615 | name: "{{ channel_name }}" 616 | path: "{{rootdir}}/config_update.bin" 617 | when: compute_update.path 618 | 619 | --------------------------------------------------------------------------------