From 20981f070fa76c5025b607c897aa339e04ec9669 Mon Sep 17 00:00:00 2001 From: "Dixing (Dex) Xu" Date: Sat, 29 Aug 2020 09:44:33 +0800 Subject: [PATCH] add docker rest api agent docker agent for api-agent #121 * support for node creation, start, stop, restart, deletion * add crypto materials and integration test Signed-off-by: Dixing (Dex) Xu --- src/agent/docker-rest-agent/README.md | 1 + .../intergration-test/sampleconfig/block.zip | Bin 0 -> 762 bytes .../sampleconfig/configtx.yaml | 600 ++++++++++++++ .../intergration-test/sampleconfig/core.yaml | 735 ++++++++++++++++++ .../intergration-test/sampleconfig/msp.zip | Bin 0 -> 158 bytes .../sampleconfig/msp/admincerts/admincert.pem | 14 + .../sampleconfig/msp/cacerts/cacert.pem | 15 + .../sampleconfig/msp/config.yaml | 30 + .../sampleconfig/msp/keystore/key.pem | 5 + .../sampleconfig/msp/signcerts/peer.pem | 14 + .../sampleconfig/msp/tlscacerts/tlsroot.pem | 13 + .../tlsintermediatecerts/tlsintermediate.pem | 14 + .../sampleconfig/orderer.yaml | 377 +++++++++ .../sampleconfig/orderer_config.zip | Bin 0 -> 4594 bytes .../sampleconfig/peer_config.zip | Bin 0 -> 10306 bytes .../intergration-test/sampleconfig/test.block | Bin 0 -> 1054 bytes .../intergration-test/sampleconfig/tls.zip | Bin 0 -> 158 bytes .../intergration-test/test.py | 45 ++ src/agent/docker-rest-agent/requirements.txt | 3 + src/agent/docker-rest-agent/server.py | 115 +++ 20 files changed, 1981 insertions(+) create mode 100644 src/agent/docker-rest-agent/README.md create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/block.zip create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/configtx.yaml create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/core.yaml create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/msp.zip create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/msp/admincerts/admincert.pem create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/msp/cacerts/cacert.pem create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/msp/config.yaml create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/msp/keystore/key.pem create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/msp/signcerts/peer.pem create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/msp/tlscacerts/tlsroot.pem create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/msp/tlsintermediatecerts/tlsintermediate.pem create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/orderer.yaml create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/orderer_config.zip create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/peer_config.zip create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/test.block create mode 100644 src/agent/docker-rest-agent/intergration-test/sampleconfig/tls.zip create mode 100644 src/agent/docker-rest-agent/intergration-test/test.py create mode 100644 src/agent/docker-rest-agent/requirements.txt create mode 100644 src/agent/docker-rest-agent/server.py diff --git a/src/agent/docker-rest-agent/README.md b/src/agent/docker-rest-agent/README.md new file mode 100644 index 000000000..69c9851c9 --- /dev/null +++ b/src/agent/docker-rest-agent/README.md @@ -0,0 +1 @@ +## Pre-requisite \ No newline at end of file diff --git a/src/agent/docker-rest-agent/intergration-test/sampleconfig/block.zip b/src/agent/docker-rest-agent/intergration-test/sampleconfig/block.zip new file mode 100644 index 0000000000000000000000000000000000000000..461b2e8f1134b2cff82435462f8f5122f28593ca GIT binary patch literal 762 zcmWIWW@Zs#U|`^2=wcKNoMSs9Ab^R1L5_uifr~+gp(M4qL@y~PKRG)zgp+~!%R0Mw z5H79YW?*D_!OXw_Ce}_mpDpYta(wodyE*Zf%PNzkzdz{L&~?c&zF8vNeL*d7h4|EE zSDX)8-JEOIJp1m3&5YU{Kc#IdUSBL0bP0K}RpVaO_JEAg4IS)`UlQ)NoQ>kw6}i)x z`u%MBz2E!3%X+MOp8qbsxG4VnK3kpM+&4DSx93Iuul@hHyLReZKmYr;?%X=AZ}>x| zd9TEpLyKerl~$?b*Zlap+5F~v!-tZgr*iX_rF~hm&1YuXlM_ali>C-|-jtKIYuU@n zB!Mh}W9y89PA=E3a#L<|TQSdndE~sb(q4hy1znxr{kin#?~8rB{@$I6x&WQ7hrTcG zJ(lk+{iAYlU5m9)p1We%ZPS^jWA1dVn!aGYM=fvazmA6-d?)Vjo|?A#=Ijsg`z|y^ zKHe5^-f55T+0RnNQgVDr{4T~yckJ1hdxd7*J~QjHbM39dI~le=_Hyz~|MaZCqX#lx0r8R5+<}`UNx`>QzLqTh@( zysy8>$lG=5ZEe=2~AX%j<&s+1O9byKS(i?e;$HPmTY1 z{(j$G#PmP3Vcof3%mLnvOmfV)Ql$hiwL-v>Mi7mhMp+?g6fJ!Qc(byBR5Ai#0Fa&n IOyLX+0FnVp>;M1& literal 0 HcmV?d00001 diff --git a/src/agent/docker-rest-agent/intergration-test/sampleconfig/configtx.yaml b/src/agent/docker-rest-agent/intergration-test/sampleconfig/configtx.yaml new file mode 100644 index 000000000..e7c526481 --- /dev/null +++ b/src/agent/docker-rest-agent/intergration-test/sampleconfig/configtx.yaml @@ -0,0 +1,600 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +################################################################################ +# +# ORGANIZATIONS +# +# This section defines the organizational identities that can be referenced +# in the configuration profiles. +# +################################################################################ +Organizations: + + # SampleOrg defines an MSP using the sampleconfig. It should never be used + # in production but may be used as a template for other definitions. + - &SampleOrg + # Name is the key by which this org will be referenced in channel + # configuration transactions. + # Name can include alphanumeric characters as well as dots and dashes. + Name: SampleOrg + + # SkipAsForeign can be set to true for org definitions which are to be + # inherited from the orderer system channel during channel creation. This + # is especially useful when an admin of a single org without access to the + # MSP directories of the other orgs wishes to create a channel. Note + # this property must always be set to false for orgs included in block + # creation. + SkipAsForeign: false + + # ID is the key by which this org's MSP definition will be referenced. + # ID can include alphanumeric characters as well as dots and dashes. + ID: SampleOrg + + # MSPDir is the filesystem path which contains the MSP configuration. + MSPDir: msp + + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: &SampleOrgPolicies + Readers: + Type: Signature + Rule: "OR('SampleOrg.member')" + # If your MSP is configured with the new NodeOUs, you might + # want to use a more specific rule like the following: + # Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')" + Writers: + Type: Signature + Rule: "OR('SampleOrg.member')" + # If your MSP is configured with the new NodeOUs, you might + # want to use a more specific rule like the following: + # Rule: "OR('SampleOrg.admin', 'SampleOrg.client')" + Admins: + Type: Signature + Rule: "OR('SampleOrg.admin')" + Endorsement: + Type: Signature + Rule: "OR('SampleOrg.member')" + + # OrdererEndpoints is a list of all orderers this org runs which clients + # and peers may to connect to to push transactions and receive blocks respectively. + OrdererEndpoints: + - "127.0.0.1:7050" + + # AnchorPeers defines the location of peers which can be used for + # cross-org gossip communication. Note, this value is only encoded in + # the genesis block in the Application section context. + AnchorPeers: + - Host: 127.0.0.1 + Port: 7051 + +################################################################################ +# +# CAPABILITIES +# +# This section defines the capabilities of fabric network. This is a new +# concept as of v1.1.0 and should not be utilized in mixed networks with +# v1.0.x peers and orderers. Capabilities define features which must be +# present in a fabric binary for that binary to safely participate in the +# fabric network. For instance, if a new MSP type is added, newer binaries +# might recognize and validate the signatures from this type, while older +# binaries without this support would be unable to validate those +# transactions. This could lead to different versions of the fabric binaries +# having different world states. Instead, defining a capability for a channel +# informs those binaries without this capability that they must cease +# processing transactions until they have been upgraded. For v1.0.x if any +# capabilities are defined (including a map with all capabilities turned off) +# then the v1.0.x peer will deliberately crash. +# +################################################################################ +Capabilities: + # Channel capabilities apply to both the orderers and the peers and must be + # supported by both. + # Set the value of the capability to true to require it. + Channel: &ChannelCapabilities + # V2.0 for Channel is a catchall flag for behavior which has been + # determined to be desired for all orderers and peers running at the v2.0.0 + # level, but which would be incompatible with orderers and peers from + # prior releases. + # Prior to enabling V2.0 channel capabilities, ensure that all + # orderers and peers on a channel are at v2.0.0 or later. + V2_0: true + + # Orderer capabilities apply only to the orderers, and may be safely + # used with prior release peers. + # Set the value of the capability to true to require it. + Orderer: &OrdererCapabilities + # V1.1 for Orderer is a catchall flag for behavior which has been + # determined to be desired for all orderers running at the v1.1.x + # level, but which would be incompatible with orderers from prior releases. + # Prior to enabling V2.0 orderer capabilities, ensure that all + # orderers on a channel are at v2.0.0 or later. + V2_0: true + + # Application capabilities apply only to the peer network, and may be safely + # used with prior release orderers. + # Set the value of the capability to true to require it. + Application: &ApplicationCapabilities + # V2.0 for Application enables the new non-backwards compatible + # features and fixes of fabric v2.0. + # Prior to enabling V2.0 orderer capabilities, ensure that all + # orderers on a channel are at v2.0.0 or later. + V2_0: true + +################################################################################ +# +# APPLICATION +# +# This section defines the values to encode into a config transaction or +# genesis block for application-related parameters. +# +################################################################################ +Application: &ApplicationDefaults + ACLs: &ACLsDefault + # This section provides defaults for policies for various resources + # in the system. These "resources" could be functions on system chaincodes + # (e.g., "GetBlockByNumber" on the "qscc" system chaincode) or other resources + # (e.g.,who can receive Block events). This section does NOT specify the resource's + # definition or API, but just the ACL policy for it. + # + # Users can override these defaults with their own policy mapping by defining the + # mapping under ACLs in their channel definition + + #---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--# + + # ACL policy for _lifecycle's "CheckCommitReadiness" function + _lifecycle/CheckCommitReadiness: /Channel/Application/Writers + + # ACL policy for _lifecycle's "CommitChaincodeDefinition" function + _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers + + # ACL policy for _lifecycle's "QueryChaincodeDefinition" function + _lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers + + # ACL policy for _lifecycle's "QueryChaincodeDefinitions" function + _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers + + #---Lifecycle System Chaincode (lscc) function to policy mapping for access control---# + + # ACL policy for lscc's "getid" function + lscc/ChaincodeExists: /Channel/Application/Readers + + # ACL policy for lscc's "getdepspec" function + lscc/GetDeploymentSpec: /Channel/Application/Readers + + # ACL policy for lscc's "getccdata" function + lscc/GetChaincodeData: /Channel/Application/Readers + + # ACL Policy for lscc's "getchaincodes" function + lscc/GetInstantiatedChaincodes: /Channel/Application/Readers + + #---Query System Chaincode (qscc) function to policy mapping for access control---# + + # ACL policy for qscc's "GetChainInfo" function + qscc/GetChainInfo: /Channel/Application/Readers + + # ACL policy for qscc's "GetBlockByNumber" function + qscc/GetBlockByNumber: /Channel/Application/Readers + + # ACL policy for qscc's "GetBlockByHash" function + qscc/GetBlockByHash: /Channel/Application/Readers + + # ACL policy for qscc's "GetTransactionByID" function + qscc/GetTransactionByID: /Channel/Application/Readers + + # ACL policy for qscc's "GetBlockByTxID" function + qscc/GetBlockByTxID: /Channel/Application/Readers + + #---Configuration System Chaincode (cscc) function to policy mapping for access control---# + + # ACL policy for cscc's "GetConfigBlock" function + cscc/GetConfigBlock: /Channel/Application/Readers + + #---Miscellaneous peer function to policy mapping for access control---# + + # ACL policy for invoking chaincodes on peer + peer/Propose: /Channel/Application/Writers + + # ACL policy for chaincode to chaincode invocation + peer/ChaincodeToChaincode: /Channel/Application/Writers + + #---Events resource to policy mapping for access control###---# + + # ACL policy for sending block events + event/Block: /Channel/Application/Readers + + # ACL policy for sending filtered block events + event/FilteredBlock: /Channel/Application/Readers + + # Organizations lists the orgs participating on the application side of the + # network. + Organizations: + + # Policies defines the set of policies at this level of the config tree + # For Application policies, their canonical path is + # /Channel/Application/ + Policies: &ApplicationDefaultPolicies + LifecycleEndorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Endorsement: + Type: ImplicitMeta + Rule: "MAJORITY Endorsement" + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + + # Capabilities describes the application level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ApplicationCapabilities + +################################################################################ +# +# ORDERER +# +# This section defines the values to encode into a config transaction or +# genesis block for orderer related parameters. +# +################################################################################ +Orderer: &OrdererDefaults + + # Orderer Type: The orderer implementation to start. + # Available types are "solo", "kafka" and "etcdraft". + OrdererType: solo + + # Addresses used to be the list of orderer addresses that clients and peers + # could connect to. However, this does not allow clients to associate orderer + # addresses and orderer organizations which can be useful for things such + # as TLS validation. The preferred way to specify orderer addresses is now + # to include the OrdererEndpoints item in your org definition + Addresses: + # - 127.0.0.1:7050 + + # Batch Timeout: The amount of time to wait before creating a batch. + BatchTimeout: 2s + + # Batch Size: Controls the number of messages batched into a block. + # The orderer views messages opaquely, but typically, messages may + # be considered to be Fabric transactions. The 'batch' is the group + # of messages in the 'data' field of the block. Blocks will be a few kb + # larger than the batch size, when signatures, hashes, and other metadata + # is applied. + BatchSize: + + # Max Message Count: The maximum number of messages to permit in a + # batch. No block will contain more than this number of messages. + MaxMessageCount: 500 + + # Absolute Max Bytes: The absolute maximum number of bytes allowed for + # the serialized messages in a batch. The maximum block size is this value + # plus the size of the associated metadata (usually a few KB depending + # upon the size of the signing identities). Any transaction larger than + # this value will be rejected by ordering. If the "kafka" OrdererType is + # selected, set 'message.max.bytes' and 'replica.fetch.max.bytes' on + # the Kafka brokers to a value that is larger than this one. + AbsoluteMaxBytes: 10 MB + + # Preferred Max Bytes: The preferred maximum number of bytes allowed + # for the serialized messages in a batch. Roughly, this field may be considered + # the best effort maximum size of a batch. A batch will fill with messages + # until this size is reached (or the max message count, or batch timeout is + # exceeded). If adding a new message to the batch would cause the batch to + # exceed the preferred max bytes, then the current batch is closed and written + # to a block, and a new batch containing the new message is created. If a + # message larger than the preferred max bytes is received, then its batch + # will contain only that message. Because messages may be larger than + # preferred max bytes (up to AbsoluteMaxBytes), some batches may exceed + # the preferred max bytes, but will always contain exactly one transaction. + PreferredMaxBytes: 2 MB + + # Max Channels is the maximum number of channels to allow on the ordering + # network. When set to 0, this implies no maximum number of channels. + MaxChannels: 0 + + Kafka: + # Brokers: A list of Kafka brokers to which the orderer connects. Edit + # this list to identify the brokers of the ordering service. + # NOTE: Use IP:port notation. + Brokers: + - kafka0:9092 + - kafka1:9092 + - kafka2:9092 + + # EtcdRaft defines configuration which must be set when the "etcdraft" + # orderertype is chosen. + EtcdRaft: + # The set of Raft replicas for this network. For the etcd/raft-based + # implementation, we expect every replica to also be an OSN. Therefore, + # a subset of the host:port items enumerated in this list should be + # replicated under the Orderer.Addresses key above. + Consenters: + - Host: raft0.example.com + Port: 7050 + ClientTLSCert: path/to/ClientTLSCert0 + ServerTLSCert: path/to/ServerTLSCert0 + - Host: raft1.example.com + Port: 7050 + ClientTLSCert: path/to/ClientTLSCert1 + ServerTLSCert: path/to/ServerTLSCert1 + - Host: raft2.example.com + Port: 7050 + ClientTLSCert: path/to/ClientTLSCert2 + ServerTLSCert: path/to/ServerTLSCert2 + + # Options to be specified for all the etcd/raft nodes. The values here + # are the defaults for all new channels and can be modified on a + # per-channel basis via configuration updates. + Options: + # TickInterval is the time interval between two Node.Tick invocations. + TickInterval: 500ms + + # ElectionTick is the number of Node.Tick invocations that must pass + # between elections. That is, if a follower does not receive any + # message from the leader of current term before ElectionTick has + # elapsed, it will become candidate and start an election. + # ElectionTick must be greater than HeartbeatTick. + ElectionTick: 10 + + # HeartbeatTick is the number of Node.Tick invocations that must + # pass between heartbeats. That is, a leader sends heartbeat + # messages to maintain its leadership every HeartbeatTick ticks. + HeartbeatTick: 1 + + # MaxInflightBlocks limits the max number of in-flight append messages + # during optimistic replication phase. + MaxInflightBlocks: 5 + + # SnapshotIntervalSize defines number of bytes per which a snapshot is taken + SnapshotIntervalSize: 16 MB + + # Organizations lists the orgs participating on the orderer side of the + # network. + Organizations: + + # Policies defines the set of policies at this level of the config tree + # For Orderer policies, their canonical path is + # /Channel/Orderer/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # BlockValidation specifies what signatures must be included in the block + # from the orderer for the peer to validate it. + BlockValidation: + Type: ImplicitMeta + Rule: "ANY Writers" + + # Capabilities describes the orderer level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *OrdererCapabilities + +################################################################################ +# +# CHANNEL +# +# This section defines the values to encode into a config transaction or +# genesis block for channel related parameters. +# +################################################################################ +Channel: &ChannelDefaults + # Policies defines the set of policies at this level of the config tree + # For Channel policies, their canonical path is + # /Channel/ + Policies: + # Who may invoke the 'Deliver' API + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + # Who may invoke the 'Broadcast' API + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + # By default, who may modify elements at this config level + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + + + # Capabilities describes the channel level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ChannelCapabilities + +################################################################################ +# +# PROFILES +# +# Different configuration profiles may be encoded here to be specified as +# parameters to the configtxgen tool. The profiles which specify consortiums +# are to be used for generating the orderer genesis block. With the correct +# consortium members defined in the orderer genesis block, channel creation +# requests may be generated with only the org member names and a consortium +# name. +# +################################################################################ +Profiles: + + # SampleSingleMSPSolo defines a configuration which uses the Solo orderer, + # and contains a single MSP definition (the MSP sampleconfig). + # The Consortium SampleConsortium has only a single member, SampleOrg. + SampleSingleMSPSolo: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + Organizations: + - *SampleOrg + Consortiums: + SampleConsortium: + Organizations: + - *SampleOrg + + # SampleSingleMSPKafka defines a configuration that differs from the + # SampleSingleMSPSolo one only in that it uses the Kafka-based orderer. + SampleSingleMSPKafka: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + OrdererType: kafka + Organizations: + - *SampleOrg + Consortiums: + SampleConsortium: + Organizations: + - *SampleOrg + + # SampleInsecureSolo defines a configuration which uses the Solo orderer, + # contains no MSP definitions, and allows all transactions and channel + # creation requests for the consortium SampleConsortium. + SampleInsecureSolo: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + Consortiums: + SampleConsortium: + Organizations: + + # SampleInsecureKafka defines a configuration that differs from the + # SampleInsecureSolo one only in that it uses the Kafka-based orderer. + SampleInsecureKafka: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + OrdererType: kafka + Consortiums: + SampleConsortium: + Organizations: + + # SampleDevModeSolo defines a configuration which uses the Solo orderer, + # contains the sample MSP as both orderer and consortium member, and + # requires only basic membership for admin privileges. It also defines + # an Application on the ordering system channel, which should usually + # be avoided. + SampleDevModeSolo: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Application: + <<: *ApplicationDefaults + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Consortiums: + SampleConsortium: + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + + # SampleDevModeKafka defines a configuration that differs from the + # SampleDevModeSolo one only in that it uses the Kafka-based orderer. + SampleDevModeKafka: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + OrdererType: kafka + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Application: + <<: *ApplicationDefaults + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Consortiums: + SampleConsortium: + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + + # SampleSingleMSPChannel defines a channel with only the sample org as a + # member. It is designed to be used in conjunction with SampleSingleMSPSolo + # and SampleSingleMSPKafka orderer profiles. Note, for channel creation + # profiles, only the 'Application' section and consortium # name are + # considered. + SampleSingleMSPChannel: + <<: *ChannelDefaults + Consortium: SampleConsortium + Application: + <<: *ApplicationDefaults + Organizations: + - <<: *SampleOrg + + # SampleDevModeEtcdRaft defines a configuration that differs from the + # SampleDevModeSolo one only in that it uses the etcd/raft-based orderer. + SampleDevModeEtcdRaft: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + OrdererType: etcdraft + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Application: + <<: *ApplicationDefaults + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Consortiums: + SampleConsortium: + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" diff --git a/src/agent/docker-rest-agent/intergration-test/sampleconfig/core.yaml b/src/agent/docker-rest-agent/intergration-test/sampleconfig/core.yaml new file mode 100644 index 000000000..f0844468d --- /dev/null +++ b/src/agent/docker-rest-agent/intergration-test/sampleconfig/core.yaml @@ -0,0 +1,735 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +############################################################################### +# +# Peer section +# +############################################################################### +peer: + + # The peer id provides a name for this peer instance and is used when + # naming docker resources. + id: jdoe + + # The networkId allows for logical separation of networks and is used when + # naming docker resources. + networkId: dev + + # The Address at local network interface this Peer will listen on. + # By default, it will listen on all network interfaces + listenAddress: 0.0.0.0:7051 + + # The endpoint this peer uses to listen for inbound chaincode connections. + # If this is commented-out, the listen address is selected to be + # the peer's address (see below) with port 7052 + # chaincodeListenAddress: 0.0.0.0:7052 + + # The endpoint the chaincode for this peer uses to connect to the peer. + # If this is not specified, the chaincodeListenAddress address is selected. + # And if chaincodeListenAddress is not specified, address is selected from + # peer address (see below). If specified peer address is invalid then it + # will fallback to the auto detected IP (local IP) regardless of the peer + # addressAutoDetect value. + # chaincodeAddress: 0.0.0.0:7052 + + # When used as peer config, this represents the endpoint to other peers + # in the same organization. For peers in other organization, see + # gossip.externalEndpoint for more info. + # When used as CLI config, this means the peer's endpoint to interact with + address: 0.0.0.0:7051 + + # Whether the Peer should programmatically determine its address + # This case is useful for docker containers. + # When set to true, will override peer address. + addressAutoDetect: false + + # Keepalive settings for peer server and clients + keepalive: + # Interval is the duration after which if the server does not see + # any activity from the client it pings the client to see if it's alive + interval: 7200s + # Timeout is the duration the server waits for a response + # from the client after sending a ping before closing the connection + timeout: 20s + # MinInterval is the minimum permitted time between client pings. + # If clients send pings more frequently, the peer server will + # disconnect them + minInterval: 60s + # Client keepalive settings for communicating with other peer nodes + client: + # Interval is the time between pings to peer nodes. This must + # greater than or equal to the minInterval specified by peer + # nodes + interval: 60s + # Timeout is the duration the client waits for a response from + # peer nodes before closing the connection + timeout: 20s + # DeliveryClient keepalive settings for communication with ordering + # nodes. + deliveryClient: + # Interval is the time between pings to ordering nodes. This must + # greater than or equal to the minInterval specified by ordering + # nodes. + interval: 60s + # Timeout is the duration the client waits for a response from + # ordering nodes before closing the connection + timeout: 20s + + + # Gossip related configuration + gossip: + # Bootstrap set to initialize gossip with. + # This is a list of other peers that this peer reaches out to at startup. + # Important: The endpoints here have to be endpoints of peers in the same + # organization, because the peer would refuse connecting to these endpoints + # unless they are in the same organization as the peer. + bootstrap: 127.0.0.1:7051 + + # NOTE: orgLeader and useLeaderElection parameters are mutual exclusive. + # Setting both to true would result in the termination of the peer + # since this is undefined state. If the peers are configured with + # useLeaderElection=false, make sure there is at least 1 peer in the + # organization that its orgLeader is set to true. + + # Defines whenever peer will initialize dynamic algorithm for + # "leader" selection, where leader is the peer to establish + # connection with ordering service and use delivery protocol + # to pull ledger blocks from ordering service. + useLeaderElection: false + # Statically defines peer to be an organization "leader", + # where this means that current peer will maintain connection + # with ordering service and disseminate block across peers in + # its own organization. Multiple peers or all peers in an organization + # may be configured as org leaders, so that they all pull + # blocks directly from ordering service. + orgLeader: true + + # Interval for membershipTracker polling + membershipTrackerInterval: 5s + + # Overrides the endpoint that the peer publishes to peers + # in its organization. For peers in foreign organizations + # see 'externalEndpoint' + endpoint: + # Maximum count of blocks stored in memory + maxBlockCountToStore: 10 + # Max time between consecutive message pushes(unit: millisecond) + maxPropagationBurstLatency: 10ms + # Max number of messages stored until a push is triggered to remote peers + maxPropagationBurstSize: 10 + # Number of times a message is pushed to remote peers + propagateIterations: 1 + # Number of peers selected to push messages to + propagatePeerNum: 3 + # Determines frequency of pull phases(unit: second) + # Must be greater than digestWaitTime + responseWaitTime + pullInterval: 4s + # Number of peers to pull from + pullPeerNum: 3 + # Determines frequency of pulling state info messages from peers(unit: second) + requestStateInfoInterval: 4s + # Determines frequency of pushing state info messages to peers(unit: second) + publishStateInfoInterval: 4s + # Maximum time a stateInfo message is kept until expired + stateInfoRetentionInterval: + # Time from startup certificates are included in Alive messages(unit: second) + publishCertPeriod: 10s + # Should we skip verifying block messages or not (currently not in use) + skipBlockVerification: false + # Dial timeout(unit: second) + dialTimeout: 3s + # Connection timeout(unit: second) + connTimeout: 2s + # Buffer size of received messages + recvBuffSize: 20 + # Buffer size of sending messages + sendBuffSize: 200 + # Time to wait before pull engine processes incoming digests (unit: second) + # Should be slightly smaller than requestWaitTime + digestWaitTime: 1s + # Time to wait before pull engine removes incoming nonce (unit: milliseconds) + # Should be slightly bigger than digestWaitTime + requestWaitTime: 1500ms + # Time to wait before pull engine ends pull (unit: second) + responseWaitTime: 2s + # Alive check interval(unit: second) + aliveTimeInterval: 5s + # Alive expiration timeout(unit: second) + aliveExpirationTimeout: 25s + # Reconnect interval(unit: second) + reconnectInterval: 25s + # Max number of attempts to connect to a peer + maxConnectionAttempts: 120 + # Message expiration factor for alive messages + msgExpirationFactor: 20 + # This is an endpoint that is published to peers outside of the organization. + # If this isn't set, the peer will not be known to other organizations. + externalEndpoint: + # Leader election service configuration + election: + # Longest time peer waits for stable membership during leader election startup (unit: second) + startupGracePeriod: 15s + # Interval gossip membership samples to check its stability (unit: second) + membershipSampleInterval: 1s + # Time passes since last declaration message before peer decides to perform leader election (unit: second) + leaderAliveThreshold: 10s + # Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second) + leaderElectionDuration: 5s + + pvtData: + # pullRetryThreshold determines the maximum duration of time private data corresponding for a given block + # would be attempted to be pulled from peers until the block would be committed without the private data + pullRetryThreshold: 60s + # As private data enters the transient store, it is associated with the peer's ledger's height at that time. + # transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit, + # and the private data residing inside the transient store that is guaranteed not to be purged. + # Private data is purged from the transient store when blocks with sequences that are multiples + # of transientstoreMaxBlockRetention are committed. + transientstoreMaxBlockRetention: 1000 + # pushAckTimeout is the maximum time to wait for an acknowledgement from each peer + # at private data push at endorsement time. + pushAckTimeout: 3s + # Block to live pulling margin, used as a buffer + # to prevent peer from trying to pull private data + # from peers that is soon to be purged in next N blocks. + # This helps a newly joined peer catch up to current + # blockchain height quicker. + btlPullMargin: 10 + # the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to + # pull from the other peers the most recent missing blocks with a maximum batch size limitation. + # reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a + # single iteration. + reconcileBatchSize: 10 + # reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning + # of the next reconciliation iteration. + reconcileSleepInterval: 1m + # reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not. + reconciliationEnabled: true + # skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid + # transaction's private data from other peers need to be skipped during the commit time and pulled + # only through reconciler. + skipPullingInvalidTransactionsDuringCommit: false + # implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection. + # When a peer endorses a proposal that writes to its own implicit collection, below values override the default values + # for disseminating private data. + # Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to + # be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization. + implicitCollectionDisseminationPolicy: + # requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully + # disseminate private data for its own implicit collection during endorsement. Default value is 0. + requiredPeerCount: 0 + # maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to + # disseminate private data for its own implicit collection during endorsement. Default value is 1. + maxPeerCount: 1 + + # Gossip state transfer related configuration + state: + # indicates whenever state transfer is enabled or not + # default value is true, i.e. state transfer is active + # and takes care to sync up missing blocks allowing + # lagging peer to catch up to speed with rest network + enabled: false + # checkInterval interval to check whether peer is lagging behind enough to + # request blocks via state transfer from another peer. + checkInterval: 10s + # responseTimeout amount of time to wait for state transfer response from + # other peers + responseTimeout: 3s + # batchSize the number of blocks to request via state transfer from another peer + batchSize: 10 + # blockBufferSize reflects the size of the re-ordering buffer + # which captures blocks and takes care to deliver them in order + # down to the ledger layer. The actual buffer size is bounded between + # 0 and 2*blockBufferSize, each channel maintains its own buffer + blockBufferSize: 20 + # maxRetries maximum number of re-tries to ask + # for single state transfer request + maxRetries: 3 + + # TLS Settings + tls: + # Require server-side TLS + enabled: false + # Require client certificates / mutual TLS. + # Note that clients that are not configured to use a certificate will + # fail to connect to the peer. + clientAuthRequired: false + # X.509 certificate used for TLS server + cert: + file: tls/server.crt + # Private key used for TLS server (and client if clientAuthEnabled + # is set to true + key: + file: tls/server.key + # Trusted root certificate chain for tls.cert + rootcert: + file: tls/ca.crt + # Set of root certificate authorities used to verify client certificates + clientRootCAs: + files: + - tls/ca.crt + # Private key used for TLS when making client connections. If + # not set, peer.tls.key.file will be used instead + clientKey: + file: + # X.509 certificate used for TLS when making client connections. + # If not set, peer.tls.cert.file will be used instead + clientCert: + file: + + # Authentication contains configuration parameters related to authenticating + # client messages + authentication: + # the acceptable difference between the current server time and the + # client's time as specified in a client request message + timewindow: 15m + + # Path on the file system where peer will store data (eg ledger). This + # location must be access control protected to prevent unintended + # modification that might corrupt the peer operations. + fileSystemPath: /var/hyperledger/production + + # BCCSP (Blockchain crypto provider): Select which crypto implementation or + # library to use + BCCSP: + Default: SW + # Settings for the SW crypto provider (i.e. when DEFAULT: SW) + SW: + # TODO: The default Hash and Security level needs refactoring to be + # fully configurable. Changing these defaults requires coordination + # SHA2 is hardcoded in several places, not only BCCSP + Hash: SHA2 + Security: 256 + # Location of Key Store + FileKeyStore: + # If "", defaults to 'mspConfigPath'/keystore + KeyStore: + # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) + PKCS11: + # Location of the PKCS11 module library + Library: + # Token Label + Label: + # User PIN + Pin: + Hash: + Security: + + # Path on the file system where peer will find MSP local configurations + mspConfigPath: msp + + # Identifier of the local MSP + # ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!---- + # Deployers need to change the value of the localMspId string. + # In particular, the name of the local MSP ID of a peer needs + # to match the name of one of the MSPs in each of the channel + # that this peer is a member of. Otherwise this peer's messages + # will not be identified as valid by other nodes. + localMspId: SampleOrg + + # CLI common client config options + client: + # connection timeout + connTimeout: 3s + + # Delivery service related config + deliveryclient: + # It sets the total time the delivery service may spend in reconnection + # attempts until its retry logic gives up and returns an error + reconnectTotalTimeThreshold: 3600s + + # It sets the delivery service <-> ordering service node connection timeout + connTimeout: 3s + + # It sets the delivery service maximal delay between consecutive retries + reConnectBackoffThreshold: 3600s + + # A list of orderer endpoint addresses which should be overridden + # when found in channel configurations. + addressOverrides: + # - from: + # to: + # caCertsFile: + # - from: + # to: + # caCertsFile: + + # Type for the local MSP - by default it's of type bccsp + localMspType: bccsp + + # Used with Go profiling tools only in none production environment. In + # production, it should be disabled (eg enabled: false) + profile: + enabled: false + listenAddress: 0.0.0.0:6060 + + # Handlers defines custom handlers that can filter and mutate + # objects passing within the peer, such as: + # Auth filter - reject or forward proposals from clients + # Decorators - append or mutate the chaincode input passed to the chaincode + # Endorsers - Custom signing over proposal response payload and its mutation + # Valid handler definition contains: + # - A name which is a factory method name defined in + # core/handlers/library/library.go for statically compiled handlers + # - library path to shared object binary for pluggable filters + # Auth filters and decorators are chained and executed in the order that + # they are defined. For example: + # authFilters: + # - + # name: FilterOne + # library: /opt/lib/filter.so + # - + # name: FilterTwo + # decorators: + # - + # name: DecoratorOne + # - + # name: DecoratorTwo + # library: /opt/lib/decorator.so + # Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden. + # Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality + # as the default ESCC. + # If the 'library' property is missing, the name is used as the constructor method in the builtin library similar + # to auth filters and decorators. + # endorsers: + # escc: + # name: DefaultESCC + # library: /etc/hyperledger/fabric/plugin/escc.so + handlers: + authFilters: + - + name: DefaultAuth + - + name: ExpirationCheck # This filter checks identity x509 certificate expiration + decorators: + - + name: DefaultDecorator + endorsers: + escc: + name: DefaultEndorsement + library: + validators: + vscc: + name: DefaultValidation + library: + + # library: /etc/hyperledger/fabric/plugin/escc.so + # Number of goroutines that will execute transaction validation in parallel. + # By default, the peer chooses the number of CPUs on the machine. Set this + # variable to override that choice. + # NOTE: overriding this value might negatively influence the performance of + # the peer so please change this value only if you know what you're doing + validatorPoolSize: + + # The discovery service is used by clients to query information about peers, + # such as - which peers have joined a certain channel, what is the latest + # channel config, and most importantly - given a chaincode and a channel, + # what possible sets of peers satisfy the endorsement policy. + discovery: + enabled: true + # Whether the authentication cache is enabled or not. + authCacheEnabled: true + # The maximum size of the cache, after which a purge takes place + authCacheMaxSize: 1000 + # The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulation + authCachePurgeRetentionRatio: 0.75 + # Whether to allow non-admins to perform non channel scoped queries. + # When this is false, it means that only peer admins can perform non channel scoped queries. + orgMembersAllowedAccess: false + + # Limits is used to configure some internal resource limits. + limits: + # Concurrency limits the number of concurrently running requests to a service on each peer. + # Currently this option is only applied to endorser service and deliver service. + # When the property is missing or the value is 0, the concurrency limit is disabled for the service. + concurrency: + # endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation, + # including both user chaincodes and system chaincodes. + endorserService: 2500 + # deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events. + deliverService: 2500 + +############################################################################### +# +# VM section +# +############################################################################### +vm: + + # Endpoint of the vm management system. For docker can be one of the following in general + # unix:///var/run/docker.sock + # http://localhost:2375 + # https://localhost:2376 + endpoint: unix:///var/run/docker.sock + + # settings for docker vms + docker: + tls: + enabled: false + ca: + file: docker/ca.crt + cert: + file: docker/tls.crt + key: + file: docker/tls.key + + # Enables/disables the standard out/err from chaincode containers for + # debugging purposes + attachStdout: false + + # Parameters on creating docker container. + # Container may be efficiently created using ipam & dns-server for cluster + # NetworkMode - sets the networking mode for the container. Supported + # standard values are: `host`(default),`bridge`,`ipvlan`,`none`. + # Dns - a list of DNS servers for the container to use. + # Note: `Privileged` `Binds` `Links` and `PortBindings` properties of + # Docker Host Config are not supported and will not be used if set. + # LogConfig - sets the logging driver (Type) and related options + # (Config) for Docker. For more info, + # https://docs.docker.com/engine/admin/logging/overview/ + # Note: Set LogConfig using Environment Variables is not supported. + hostConfig: + NetworkMode: host + Dns: + # - 192.168.0.1 + LogConfig: + Type: json-file + Config: + max-size: "50m" + max-file: "5" + Memory: 2147483648 + +############################################################################### +# +# Chaincode section +# +############################################################################### +chaincode: + + # The id is used by the Chaincode stub to register the executing Chaincode + # ID with the Peer and is generally supplied through ENV variables + # the `path` form of ID is provided when installing the chaincode. + # The `name` is used for all other requests and can be any string. + id: + path: + name: + + # Generic builder environment, suitable for most chaincode types + builder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION) + + # Enables/disables force pulling of the base docker images (listed below) + # during user chaincode instantiation. + # Useful when using moving image tags (such as :latest) + pull: false + + golang: + # golang will never need more than baseos + runtime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION) + + # whether or not golang chaincode should be linked dynamically + dynamicLink: false + + java: + # This is an image based on java:openjdk-8 with addition compiler + # tools added for java shim layer packaging. + # This image is packed with shim layer libraries that are necessary + # for Java chaincode runtime. + runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION) + + node: + # This is an image based on node:$(NODE_VER)-alpine + runtime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION) + + # List of directories to treat as external builders and launchers for + # chaincode. The external builder detection processing will iterate over the + # builders in the order specified below. + externalBuilders: [] + # - path: /path/to/directory + # name: descriptive-builder-name + # propagateEnvironment: + # - ENVVAR_NAME_TO_PROPAGATE_FROM_PEER + # - GOPROXY + + # The maximum duration to wait for the chaincode build and install process + # to complete. + installTimeout: 300s + + # Timeout duration for starting up a container and waiting for Register + # to come through. + startuptimeout: 300s + + # Timeout duration for Invoke and Init calls to prevent runaway. + # This timeout is used by all chaincodes in all the channels, including + # system chaincodes. + # Note that during Invoke, if the image is not available (e.g. being + # cleaned up when in development environment), the peer will automatically + # build the image, which might take more time. In production environment, + # the chaincode image is unlikely to be deleted, so the timeout could be + # reduced accordingly. + executetimeout: 30s + + # There are 2 modes: "dev" and "net". + # In dev mode, user runs the chaincode after starting peer from + # command line on local machine. + # In net mode, peer will run chaincode in a docker container. + mode: net + + # keepalive in seconds. In situations where the communication goes through a + # proxy that does not support keep-alive, this parameter will maintain connection + # between peer and chaincode. + # A value <= 0 turns keepalive off + keepalive: 0 + + # enabled system chaincodes + system: + _lifecycle: enable + cscc: enable + lscc: enable + escc: enable + vscc: enable + qscc: enable + + # Logging section for the chaincode container + logging: + # Default level for all loggers within the chaincode container + level: info + # Override default level for the 'shim' logger + shim: warning + # Format for the chaincode container logs + format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}' + +############################################################################### +# +# Ledger section - ledger configuration encompasses both the blockchain +# and the state +# +############################################################################### +ledger: + + blockchain: + + state: + # stateDatabase - options are "goleveldb", "CouchDB" + # goleveldb - default state database stored in goleveldb. + # CouchDB - store state database in CouchDB + stateDatabase: goleveldb + # Limit on the number of records to return per query + totalQueryLimit: 100000 + couchDBConfig: + # It is recommended to run CouchDB on the same server as the peer, and + # not map the CouchDB container port to a server port in docker-compose. + # Otherwise proper security must be provided on the connection between + # CouchDB client (on the peer) and server. + couchDBAddress: 127.0.0.1:5984 + # This username must have read and write authority on CouchDB + username: + # The password is recommended to pass as an environment variable + # during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD). + # If it is stored here, the file must be access control protected + # to prevent unintended users from discovering the password. + password: + # Number of retries for CouchDB errors + maxRetries: 3 + # Number of retries for CouchDB errors during peer startup. + # The delay between retries doubles for each attempt. + # Default of 10 retries results in 11 attempts over 2 minutes. + maxRetriesOnStartup: 10 + # CouchDB request timeout (unit: duration, e.g. 20s) + requestTimeout: 35s + # Limit on the number of records per each CouchDB query + # Note that chaincode queries are only bound by totalQueryLimit. + # Internally the chaincode may execute multiple CouchDB queries, + # each of size internalQueryLimit. + internalQueryLimit: 1000 + # Limit on the number of records per CouchDB bulk update batch + maxBatchUpdateSize: 1000 + # Warm indexes after every N blocks. + # This option warms any indexes that have been + # deployed to CouchDB after every N blocks. + # A value of 1 will warm indexes after every block commit, + # to ensure fast selector queries. + # Increasing the value may improve write efficiency of peer and CouchDB, + # but may degrade query response time. + warmIndexesAfterNBlocks: 1 + # Create the _global_changes system database + # This is optional. Creating the global changes database will require + # additional system resources to track changes and maintain the database + createGlobalChangesDB: false + # CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state + # cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple + # of 32 MB, the peer would round the size to the next multiple of 32 MB. + # To disable the cache, 0 MB needs to be assigned to the cacheSize. + cacheSize: 64 + + history: + # enableHistoryDatabase - options are true or false + # Indicates if the history of key updates should be stored. + # All history 'index' will be stored in goleveldb, regardless if using + # CouchDB or alternate database for the state. + enableHistoryDatabase: true + + pvtdataStore: + # the maximum db batch size for converting + # the ineligible missing data entries to eligible missing data entries + collElgProcMaxDbBatchSize: 5000 + # the minimum duration (in milliseconds) between writing + # two consecutive db batches for converting the ineligible missing data entries to eligible missing data entries + collElgProcDbBatchesInterval: 1000 + +############################################################################### +# +# Operations section +# +############################################################################### +operations: + # host and port for the operations server + listenAddress: 127.0.0.1:9443 + + # TLS configuration for the operations endpoint + tls: + # TLS enabled + enabled: false + + # path to PEM encoded server certificate for the operations server + cert: + file: + + # path to PEM encoded server key for the operations server + key: + file: + + # most operations service endpoints require client authentication when TLS + # is enabled. clientAuthRequired requires client certificate authentication + # at the TLS layer to access all resources. + clientAuthRequired: false + + # paths to PEM encoded ca certificates to trust for client authentication + clientRootCAs: + files: [] + +############################################################################### +# +# Metrics section +# +############################################################################### +metrics: + # metrics provider is one of statsd, prometheus, or disabled + provider: disabled + + # statsd configuration + statsd: + # network type: tcp or udp + network: udp + + # statsd server address + address: 127.0.0.1:8125 + + # the interval at which locally cached counters and gauges are pushed + # to statsd; timings are pushed immediately + writeInterval: 10s + + # prefix is prepended to all emitted statsd metrics + prefix: diff --git a/src/agent/docker-rest-agent/intergration-test/sampleconfig/msp.zip b/src/agent/docker-rest-agent/intergration-test/sampleconfig/msp.zip new file mode 100644 index 0000000000000000000000000000000000000000..5e001613b6d25c2cb0d27f54fdff93065b9e11b8 GIT binary patch literal 158 zcmWIWW@h1H0D;yrkw7p5O0Y1 for a total of , and then every + # for a total of until they succeed. + # Note that the orderer will be unable to write to or read from a + # channel until all of the steps above have been completed successfully. + ShortInterval: 5s + ShortTotal: 10m + LongInterval: 5m + LongTotal: 12h + # Affects the socket timeouts when waiting for an initial connection, a + # response, or a transmission. See Config.Net for more info: + # https://godoc.org/github.com/Shopify/sarama#Config + NetworkTimeouts: + DialTimeout: 10s + ReadTimeout: 10s + WriteTimeout: 10s + # Affects the metadata requests when the Kafka cluster is in the middle + # of a leader election.See Config.Metadata for more info: + # https://godoc.org/github.com/Shopify/sarama#Config + Metadata: + RetryBackoff: 250ms + RetryMax: 3 + # What to do if posting a message to the Kafka cluster fails. See + # Config.Producer for more info: + # https://godoc.org/github.com/Shopify/sarama#Config + Producer: + RetryBackoff: 100ms + RetryMax: 3 + # What to do if reading from the Kafka cluster fails. See + # Config.Consumer for more info: + # https://godoc.org/github.com/Shopify/sarama#Config + Consumer: + RetryBackoff: 2s + # Settings to use when creating Kafka topics. Only applies when + # Kafka.Version is v0.10.1.0 or higher + Topic: + # The number of Kafka brokers across which to replicate the topic + ReplicationFactor: 3 + # Verbose: Enable logging for interactions with the Kafka cluster. + Verbose: false + + # TLS: TLS settings for the orderer's connection to the Kafka cluster. + TLS: + + # Enabled: Use TLS when connecting to the Kafka cluster. + Enabled: false + + # PrivateKey: PEM-encoded private key the orderer will use for + # authentication. + PrivateKey: + # As an alternative to specifying the PrivateKey here, uncomment the + # following "File" key and specify the file name from which to load the + # value of PrivateKey. + #File: path/to/PrivateKey + + # Certificate: PEM-encoded signed public key certificate the orderer will + # use for authentication. + Certificate: + # As an alternative to specifying the Certificate here, uncomment the + # following "File" key and specify the file name from which to load the + # value of Certificate. + #File: path/to/Certificate + + # RootCAs: PEM-encoded trusted root certificates used to validate + # certificates from the Kafka cluster. + RootCAs: + # As an alternative to specifying the RootCAs here, uncomment the + # following "File" key and specify the file name from which to load the + # value of RootCAs. + #File: path/to/RootCAs + + # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers + SASLPlain: + # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers + Enabled: false + # User: Required when Enabled is set to true + User: + # Password: Required when Enabled is set to true + Password: + + # Kafka protocol version used to communicate with the Kafka cluster brokers + # (defaults to 0.10.2.0 if not specified) + Version: + +################################################################################ +# +# Debug Configuration +# +# - This controls the debugging options for the orderer +# +################################################################################ +Debug: + + # BroadcastTraceDir when set will cause each request to the Broadcast service + # for this orderer to be written to a file in this directory + BroadcastTraceDir: + + # DeliverTraceDir when set will cause each request to the Deliver service + # for this orderer to be written to a file in this directory + DeliverTraceDir: + +################################################################################ +# +# Operations Configuration +# +# - This configures the operations server endpoint for the orderer +# +################################################################################ +Operations: + # host and port for the operations server + ListenAddress: 127.0.0.1:8443 + + # TLS configuration for the operations endpoint + TLS: + # TLS enabled + Enabled: false + + # Certificate is the location of the PEM encoded TLS certificate + Certificate: + + # PrivateKey points to the location of the PEM-encoded key + PrivateKey: + + # Most operations service endpoints require client authentication when TLS + # is enabled. ClientAuthRequired requires client certificate authentication + # at the TLS layer to access all resources. + ClientAuthRequired: false + + # Paths to PEM encoded ca certificates to trust for client authentication + ClientRootCAs: [] + +################################################################################ +# +# Metrics Configuration +# +# - This configures metrics collection for the orderer +# +################################################################################ +Metrics: + # The metrics provider is one of statsd, prometheus, or disabled + Provider: disabled + + # The statsd configuration + Statsd: + # network type: tcp or udp + Network: udp + + # the statsd server address + Address: 127.0.0.1:8125 + + # The interval at which locally cached counters and gauges are pushed + # to statsd; timings are pushed immediately + WriteInterval: 30s + + # The prefix is prepended to all emitted statsd metrics + Prefix: + + +################################################################################ +# +# Channel participation API Configuration +# +# - This provides the channel participation API configuration for the orderer. +# - Channel participation uses the same ListenAddress and TLS settings of the +# Operations service. +# +################################################################################ +ChannelParticipation: + # Channel participation API is enabled. + Enabled: false + + # Permanently remove storage resources when a channel is removed. + # Defines the default behavior of channel removal. + RemoveStorage: false + + # The maximum size of the request body when joining a channel. + MaxRequestBodySize: 1 MB + + +################################################################################ +# +# Consensus Configuration +# +# - This section contains config options for a consensus plugin. It is opaque +# to orderer, and completely up to consensus implementation to make use of. +# +################################################################################ +Consensus: + # The allowed key-value pairs here depend on consensus plugin. For etcd/raft, + # we use following options: + + # WALDir specifies the location at which Write Ahead Logs for etcd/raft are + # stored. Each channel will have its own subdir named after channel ID. + WALDir: /var/hyperledger/production/orderer/etcdraft/wal + + # SnapDir specifies the location at which snapshots for etcd/raft are + # stored. Each channel will have its own subdir named after channel ID. + SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot diff --git a/src/agent/docker-rest-agent/intergration-test/sampleconfig/orderer_config.zip b/src/agent/docker-rest-agent/intergration-test/sampleconfig/orderer_config.zip new file mode 100644 index 0000000000000000000000000000000000000000..5f2c42b7bdd7b8f50212f39624f364dd257dec54 GIT binary patch literal 4594 zcmV?+WpZV5E_q>XY*kbV z00XHjK3}OTK3{cs3jhHG=mP)%1n2_*0L2?^ZyUGyyMF~?56A-8lI=F_pbZ0LIcbgB zv0%CLfMFP@J4(9wbi5sTcGO?L=Y`~vCn<5dy35+tIg$^b_gDHzOmw|zisj0RtBV`> zTT>6jxGcpTely}u8PzBAq&8xy;cUfHSrnxbrOpyz z)VxBKC z)A0p$68B~@**7T*Fr9I0S9j_^ZP9FVj&~&Rj>Jz&)v_#})CZ&2h}$=b|hl0C{1+E-RH;+_dgsZ(%wT-<_H*Qu=fxSTi=D`3}cE^bYj*=chY> z-vcn+S`Rz-z9S|_7M6t|1sG_p!7l>odL03io_%w*K+a^PHh>v{al`}EK638zkvMml zfjXBhSZ$LEpF9|XLyW*Ni%RDT5tbI9uh(tG`u|+mmC$hKz9a4u(}LHK;P>SMFqQ^X zp}(I|b=aipRpl4$VxgK@@rw$&B|njFRqc9?w=cvRT$x+~mIX6YEz!A&IUSAlYl8f& zOl!I$5;&MQx~>7Sf-RTN;dP6)ERV_C+eTJK5@#cL2^5qaQiWVJ5WW;SOVV5ncbzz5 zqQC>6#t4#Rzsk=zW$5{t2xf~s2UL`?;8Y8<66@BspyPBTD2(~CNC!Q461%W1BK}8D zy_>8)29ev25WuiCSEYUy-vVe|<9QI0S?RXSQ6#D$DnapqF-wJiIR=_>sjcF#J?8|U zHY97rPw zZ2>J%n&@PgCx~1vib}Ck^l}Ume+-7bZl|gpjZxyUb&X4MlAC%N5`)K|QtVTC^ltOX z)0Tse?KZyjEAj)j)|abF&&%(zNM4LA@{8DgP43i(KJwY$1*97WsHnkF+Lg{Zq2!;% zeA9_R&#iR6dmhfr0jEbFMK-{Nwa8Wybbz9>sa1xxLOvj%x+d&1S)mc@3jSUAG)IU- zr121Pr&?ONP%_n+*~7&?dZK9=fK4}}Kj0kS|9#OzqXS>Tg$Q1j;B>(Ht6-gQ7r0%} zZgj2~{AHh(q>dnvfo(UAYl!PMPw^{rbQdi>K6-n91~=j$!CqTHO81LD;&JXFi1yt> zi3C7y(!pW|4+Oj31Vt~CEe3O7Ei7$-WEF#@11D3?qdAnQjU8kZhF%lZA)+H@22A=< zQMNH~z_@O*=<8Aeg9f&BE-7gL;ludi?rQR{$%h~QH67poIAjFur@=<9i3bNhn&Ni9 zy2NA_3=%1!@OgLwLatkTfj1mFwe*-=s)cMzOWurFbLbG7^X@-_4fGKK|J;Dr)6M2B z`tM5HNcB^7`G5)$>Nqgy@&@Ybf+7RRy-|FxbJyO&vu0Dn_ci?7fI5f@vK2+<>7D*j zC~L))^`dVSNCZm<0xU7)4q+HIY{|(9V$>+OJ~$%a z1;p;Wjk4K@rjb~ix=-uXrOy!yY9-hWf^O8ZAg7KC2)-1swBp!s_p^@vlOt0zP;)TH*(`E+n{i#4DSV?kb9l?h)+JDacM|^Xz!F@sV_DXLjU8Gx*w;b?@qr9O^b`k1PJylaZ!>?6hr~sa~9*taolQL zRzj!a;OneDn5|2B8U<-rgO>J1$PqAh<32--p!mIL0q7*;lPpT4-IdFFVV@zLj6iWQ z7S8?gaQ1NcmI`XhgL|pu-yl+SyQ$)diG<)cdl+GKa~C=Aj-nluz=`QkliArBo|=q7 z*P8s9bL*^a(012g{iW)I=#X-Z1;u-abIjR8Uv@p5wi&(+8;FUTE|g2(Uf!}7@P6(` z3AGe@{+Y+PR8OjOt^gz>(Qi|94Y93*hqdLVGdz&gK%iwWT{t%3B7{X<9c)E{b0{jA z)S-^-AIIk?eB@)Mb2fAX2w|~Mmr#$IW6}&=!M&uV2?V5OL{O5?p0<%VfA?MQ%Ihd; z#6-~mxn4J2;lag=?A*H3uO6gqr6G)Sa2<&^k)wYz1jqz9IfAhcQq37Iq>{ov-Aa-K z_j+8Yen)3#eI<>D9;N^R%c&+w$El+F#GvBY{mvjJ1w%mxY>sM1fiu z5;SxilsItEm(kg3=>WRI-?vuiYkEoScaY06%T#SC)c9gH>$-MSO|}hHxUS}+uAVDf zx60Z##;r#+2AWc6yHO+31PlWJ?65sRcBP+3;_Th};NZ1J7PI%0`>WfJBNCOkRym|9 z>BPctoh)QsmlSZc?+$K{EV%q5Ag?mEKqMK*BsV2NvODz&E*DGK(hLC?TY6oh!Dog~ zvKg*6wQ3maVV5QjUF!7utp74(Fw9_^&37DCejF+Z1_I7NLg^)gHSGiy zlIl5D2em@S!Ro+>MaKJp?pnf$=eSFdHFSoWd*sj|7ge929H1hu+XqfbONf~fKrF^G z5D?}0;@^PKNu#Ki?_~D&I7!&O$V?De1TUq`rTPnv9Roz>S#FY!(is(7j6W7ve4JGs zW7IQvZa^ReGq(=t6>g{?ZS320!}El^Q%oj5PV&y_QtDt*!#`Yy;ZYmxUR3%-*J5(} z@gtam_kj#DxiDZ7efwr7O<2N1&JQ%fLf+AY_j@3{KCG;KR|@0<{H!6UL%Ms+T~nXJ zHtIxLsGw?;7$!pTEblL~m2Rvb+5FYbT&%X(T3xv1d;IHPkA1ADwxL|>YPlZ>t}+bB zglthVex`+hm1fr;wN*@VtWO~q=Q;|QOj4(gS%c+rPO~8)V?jHm=KEw>hJGWlNzOIa z?D7c%BsVXhWn|T8s)(;mqy~9NmqzCoMChWs+c2iAYJhL&sP!3V~E*kG@Pnu zkJwn^X_aB4jVCLz@{Oy=5gjKi@Pjk5ddZ`kbzuxu$1|netbg!Paj$~ri$%52vHf*5 zCzPaAaxTH9+xY-EHU!%1VzC(-Ol#y3!wZK2?z3(l-NenLNz^4^9%gZ8(UcJX+<{2< zE)NPgwS7n9mNyxpI?Jw5B#&T_MNX#!9~q%4kt(&Q)J<`3`h~TSmyd%ENXkx zw!z<^6rnDo5l^RsGx%q4itb`nELW~gagUJtW5sUh%-78usMN3>k~P|xZlVF%O34Eq zdPabt4m#?14etLyEdnpNBLQg5p%NbX)>)~SOYixjgwX8G2oX#G!aXksdjC@#7jE8| zFQsi;7(}@Pb^U3uHMDxzZRxm~yflj0X^JH_gzFZP^o+2K zCy{*y2Y8Ordl#xE7hT(_K};)D#d$Qtq`-L&fwMoDeCy+op?2MCbz?5oyj{Nd z>flkU>KP+_8tPc!qF^=6y-=EER*P4l>{s5^+m!-KO8#n zX4-JGJ$i5e6(iP(?qQ32>Oh%3>*8(`P%QHVI9h0TuPl9d_IfMssajqEV-?^=Q;T3Pv3s~O_VzJ z+L$|ldYZc&v2*?iK(XHnUw7wzy?n*b^ZU<}Ajk?IWcR&%OcId@e3Zu#!l5Cyl|FP#|f4YIw*Wt`%A#)L7RA0+f67Frk(6M-y@XWL-M8}Dc=$N=N)Ed?IIbUh~I zS}8YdijrDC)GY#Vx^1%U$DX@hm&aU%@J*bIMU%-ipW$F-SSfdMp?7J>s{ZlMSF`yW zC^n&F6fd;+wc8Hi)HOza4=Z;_dJ}i==m?Q`^6#FQ7%Q#Gk8uf~MXA@fHQ<0kJDzf(4{FAH@oQfVn)JdHD1)_wcFr&VI%q!4%zMo=P}){vA7+({L$I@ zyAHrTzc=N#`k>LAdD8P79IE5*4k7YwMI%S_g-hA`huU?E6NwHP?Qr=swjC+K>~@I) zlHZ5)73oo*TX1+|a!n z;;wpD)a-V~)2q*EzSAxfj|_G|*b^SYuR{^Q-3YjG13g+&y{EeouGx*rZnvE6 ztBk}P+S3?oZ;1PO8u{*neen+5rfSx*qTg!)*Sp5%JdQxIH5ojyn_Q*yD%_e!4-3O{ zUjI5}u2%A?(A2B)C+V0h{Rj5lhaz*hI04&vtG6}3CO1pSOQ`x$NTnL<(#$mmgNUA9m$_;-)GmOzqIJ{rPwliM&! zDe+aQd#~=G6u5#lw)CyFwS1%}R>0TSQCWX?95Cp0GUqZUT#nbWXt)soYJ;vyFmHO) ze*ms1o8`ksF07yAJ}cJ<@_how!%#syjIXh9NT0oh94k0&a;IXv!fDpEcGZ2jP53u! zNBlGZ5~254b$E@YYJ|pFI5XGJP@}YSC?2RQkqdx;6KS{k>XMa{F?-QVf+1pphzy@) z8F~_xtY1Q!fqiDB?e9U8!|5xD@)#cc7f?$90v-bt000080EKoGQ9f$f&O{La0Ju8< z01N;a00000009610JMPs0001Qa%5$4WpXZgVQp+xR0RM7sVhETb$AN^0R-p+000E& c0{{R}O9ci1000010096}0001r5dZ)H09bat7XSbN literal 0 HcmV?d00001 diff --git a/src/agent/docker-rest-agent/intergration-test/sampleconfig/peer_config.zip b/src/agent/docker-rest-agent/intergration-test/sampleconfig/peer_config.zip new file mode 100644 index 0000000000000000000000000000000000000000..5fea13e828b4277d8a5f0979757c437396a3a4bb GIT binary patch literal 10306 zcmZ|V<98hl@F(ya+iYyx&W)4CO&Ytg?Z%C5+qQ9o#+03ZVVa&R_d@iMlv{i%)sfT~~=G5nvn zc_INIpiiIxfd4&ue%rWgN+<4md?8lzxfEWF9uFp7oNjEvM;4oHhf`=4Uv{jn#?J!X zuxJQQ#2|{jY2SBv^B%;Ll8LL16hf9x#5Mk_UPd2AL3_>fTAj`NwY4ml=fxVDHC25J z(wmGa5qz6YK{ch`wO4b-u1=wsjjOIowixa%ixR6>Yl95?OyU~w{_q8f(xdSvukKfm zKNt7AKEZ<7GWPE!p681`uT-3XJij}X>E;yuopfYU)1MhNosYE)F;n2`u{4^jHvQ!t zbq!dq)|spUQ!h318^`+6$twp1%J|)sN^Mg!-OYiM=~ed=#9y@cZaWp8ix+fAKwFOrS9?_;Qk2B0mI*{1;807JhRD9C$EK&;U zm$zN-h;Zf4%TPM%0(8&DA7NFjX&{fM2m+?>3a&gFE0tmQ28P*~d&YyIgRNRc3%(Tl zHvHYt3oSF9mj!71gk%VMeao_4a{mpB#GmXz zq;XB6cee*+!_%K=;;zmxDt?<6xe*G(YnQi{LVtswCdj@EU!@4G;wdxgdlzOvG}9Q7 zdRMED$fq+5OQD4B1V=*>T4i+wCQxFmE`UhIG8*!9*=^G{*koV_Lwu@c=9Ywr~Jn(8-maI)g z2E}Z_uj&?(!#b@w5b$^IjR=Au7jY4w1Nq`Y|S5WE}Aq#!zv&u=P)+}Q4yz3gg zW{hint*{b^8NO6>`v}7)g_)VFM4;(R#u&%NZhXjzQ;= zX6e0ZEOR2-Gm2&q7d@OR^h>u4zpok&uP15*IX;UeF8}YwwSnO&f#BceSCxK>v~g%6 zEQnIi!0l1#15S~j#Argy3-QRCA&3A~et~ZQw&#kS1@v-QrY~3?XGw~$+XJt5} zN9YUK{00o!v6v4!O6ftK>6B@>ZZ@}+C>|!;5a-`AtlaVUJPo+%jRR9EkLp8+A#2a% z<_Ejj6#X3n_@Qwq=BYOGIC}s%xUMI6;GRnjuG`|B&Z%fTRSC}$6p$i^i2FqUBSN{9 z1vq!w74=8OL;w>&bI7@V2sk~nYyjy4WZz~d3|;if#4r=&WiMR$PLgbRj0fJL?DjBm z?CN~Lb0Eu~BwS4?4TgYVD(&`BkaU4ed6Q|={QIdpU&&^i zQv`3!O}{#auF+Kx;=j<^bJ^uvf(Q?-Y6v0!UY0P|{82F5fh)m6D}ke!3X%n(ATXP* z(%j60>c7DY_`=o7ub@@QMl;VTO$Ay}6fKwomQ8v2>uJCB_Vcn;adIybA&?Ebk4$3o z)0wcsUCUK@Id@h8MP;d zqn>MHsV~g4SO#J$#B0hYXqiN-7eIZ(_p87h^W(v!e{!<8eVjEkJCcp)nnq(j+#Z#= zqmPJ6Vja?HtpFs`IrsW_YLauncvB{gH%%-I`=)S#p&&BR0R#aoJWp^E){h}lu-0ng zK<&_+jKR-uQMgt+xOU~ks^q9AcbU!*YEz(o0B_D@26nDR!kj@l^|u=p()1n$cKr!t z_NX@CSOXT&$XRk(;6jbvl~|iQ_DsG$YK~`{>b{kv02!Zc8U2mGfG0hZ7@n1u0+Mcs z_(^fUGkZ|AT%!fdI&KFVkxMsCfM_@Cm1cmR%*A>dJJxmd)=7z=<3&G1*EVcaHe2eC zJbzFlJm&NHj!X=0TJSoQ$~Zzk?yJyP*##6FG+3VtEdDOS*k1K9lW51=4=>&>sE*`y z)ku&+M<*oS8-{`e5->~ zp3#qd;6{zG7g$gq@7IwLbvzPb>6r zt&!|TGV4GFOP6~Jt7VQu==9@tfLE4D%pJ2G$1l!Zr9Dhj#5Qk=fY zs7$1QmVra!)GFHpPI!lD&h=JwyUyZ6C!hL7dvBP97J{csXfLlF6>tYWyG=COeolOo z;msWx=fgRGZK^j$vg7$cgE-Gb5i1|4w-vxy`<7r2qk>;8FEp4Sr>()}|Amz9WO-@! zHKOhGI!Xzv_MCJ#FVd)zGMhjiuI%@eDa)0=UjmGv#YaHPya+tPBwKa%eL^<)4Y&*Y z2kUhU+Vs96P1lAVQsX?YC{atjleFj;8VzVOUqU+1nqfrGE`iz|_7A|}8uhi$rTPwP z#QGKSxuV$1ur3&BjkOFHWWYpLD21RJfrxo3nc9rlJcIIA)V5ABB$w5seu z#D`7H>DF|@lxZGlEQHPq1L7=?2ECPF!$ttIgz5N9CB$4;3Dh*})!Y#X49vo_TM~xC z&5-Kl2teM*s@NSKqX{|8E&g6uiMHGk1`aaHz_Xg;Nr(NPUl_mY&XZ`q=q$OyV5q ztGG-#O2Drj6DD2XiBZgGsLXw1o*DL#O}Kt}XABi=NW2{$%fYU9NmFib&x#)WN`MpE zl7-9X5TB)Z{G#CZectPJSY=cj#^HG>ztI`az>Js#3ZVu!ftHheI4!s@(@|Zv#h3+_ zx_MBt3xLWQOTq4rx}A4Y**BBT92sAOTl$bRV;!o40zWqpjR$79@u!kW@*oU%=T!;4 z^%PkZuBLV%Rq*v%7ts84_r+PVQ0C^Kz_qi^0hqnn>{jRvb*KlLlU3MBG+xtj=t+{0 z!!Js{?B~lVQch!3+IU|NmFn>%P<&`q4(T`1v~gR>JN%u?@oik0&7!kKH*ZE%?iCnK zgBOWCNQ|qwRZyYM>(B;l6^%p64$*29Mch z6~4@|E3CjZHdJ>+LL?0_tE<}c!|3qDz=apB*b$2Z6O7TAXrTZgS#`NpDut26xG_GM zdWL;b7Kgs$wFTHC$I%e11e*D)>l#`b6)P$Dqu|oyhKcT4RbA7B^z@9ee8-H}0L^-vE&YgtA6JO~G@5+f3d1Oik6z(B+> z9;7Jlbaec+?PS`Z2WcNk7G@#nhB^0Ci0Cy&X$Fp=Z%oY5QHod5E|6(naG}ew@^Syx zqN|UR-Nc&RkEj1^c+z&YK=-UE`kiRm|FO{T7;Ck|x<&V0e~pXnuz7dv@tBZi1rvA^y#)y%T}$sbdO^9yJQaq4sz+h9V zKHx!THt~d@|B;E&CP$5~jNW6CpOPYhR$bGP1QRNf*5#zTe@+v7XuFyf(h*-Tv4Zld zq%mw%3OS5 z-N6!b_!f3#v5e1Dt(;|&2-LCY#!FD&s7_;f$P8bzYKd`qA?k*TU!5U~6L4~iA%oi) zDnHw6mg-$9;GZ4W2HI@Wf>K?b_$UU;g<|(21uRnYJ&HiaJ&3}>r|SGeN(Gg8o3uPu z>^Bl&ZB^c_wcJk)5MWfzZYQUVhZdO-cFmvT9u?N0ahkqjN#A1lz7fX;)6?)Wjc|kp zj?OkRGhlD9j4m916QPPtH62YdiTTBr9GNA41&EIf_6NPMvO~-e8(0m$pnx+E+Df&a z9vAst8nY8fdjIhJhYaTO=vBH7_p3Kt)uhWXM5eQLbTqk=yboGUGs^lHtYtZ@5|c_v zllsHdolfO#D)4UQfPc_d$5)}D`@tA@o|0gdA8WF~d%OQ~J+GKEcA0PLaYV~_+k_KC zGVKGEB3=Nijm9kT3j&iUS{9uJ)rDFtTijZJZ&!)KRmltoEyZ(}6h*0LRMym`R}kWC z@jJaYb)ZTq(w@m*YZDqmplXXD1KU`{m;(x~th?*+WhedYnfwJwr3C4@l?o6kkv%a0 zHAWh}>1@}{RjFfLFvv)q&_3}P8~@hr`zsnAhg0SB4I)lPMhC<`r0qO6WdWtCy8fDe zO4%X>L?W*N)G#vUUJHG5ftdP(CAg$iNM?F6JdUJ7@%wlG2i6R`;3^ImcMB$?Kak0M zrkTD7>?Q}F7zYU;m&O2^>q(*+>L>(m=i8l}H8+IEm@CYQCz{nnCo}_GC%nk} zuUje0Z0t!7Eht6pq*@-b#^)@5fxE<{ZA*6|-=j~ne$?X~eLXgpA_D)+SvmArF4aWY z8%a{rK|**NbtsVxC{Eb_^ZF_3Z3p?~Sy)uihY=#vXv6rnak%tpSeQXa5O65-%5Enl ziH~<4%8x&+R(wH%mV>QN8n9wCTchm&nQiy>!?`nQj}3Q)5`csEtAiB)#=`FpXM36r z#DNNTwIjSF+6gt%?QF$*AEq@jy7(o}3N~E>xex8167g3fBlX8$MiA8#Odr|rmzYwD z0-6sf1*Hc{hj*^bt4TJI5&N0%bd#+jWgKtmCZ>-e@L6WBJ<>PgwE&Jm;e3X9`3H)e zNoivYpPf#9z1fs`Ans|n7*(lu!|3zdV_{8*VBg3B@mtzM=g=6Gs`~vO%&f_t{aq#% zwx`~O(K;lGn3$2Zuz~Eo`+9R&b0++b)3-5<O|$ z+fxM6?2SHb{``(h1(OfQ&(CKZ8-52+aZ+st81Am3O+M@}{DIP;naJc3PQG=kZ&%VVc#GNL_Q(qtkCZV&Qj z7I@hf4cJ2^lu>G;*gc-E04WalpXT0z52i+(iz^La!@Cvxt{%cJ6u zyvvHFOQ(ZVa7A*PyU^Q9aWY}$9QNSaAx8V55nN$Bm8mL%Ylo|N&wMR34340HstnBJ zlZILp&YL=!m(2m{S>U*tIuw4)3q(77@7_LWG45By!^K*xAszbJ%Y1EY1jDH3%oA{N z9YgP(aB!>sA*$+^`iW4i?e6s`;_a(VP4B)wIJNQQL%m3p)9k`G<9o-Ec*9g!_&al7CTGx4 zNRxs+-o?11#uo4M6XA1unw3>VkF=*R)c;!K_9gFz+Uskm`plgeR&*}jupa3zi3i_Z zhklOnr7(%K$5<*hPI*Sbv>;1%{=@-GA zrM*JkldIdDxuZrqNEfKqZ|WgC@Anis>M5)(;@hq8NZY+FJMD_eVBZ>=hyyOJ@AA(h zcR2|Kl=QK!X#>It{WJj$S48(d5*%|lcz;_?Ys16uNO2;zNCIZ3{JwwaM(5;%!dOFV z_ndQUky!ZnR#(C?YWZcS{oe>23`OcgFs8q{-|7xtKWKU>zRZ$8gT_X+OBPiXsb3GA zFJpVAj7okeJkYS(Z@j!WxRJbcDYuiM_PJmrZ%&o)5oSU!r)WJ;K!IX*EO>hKl-JuXLE~LOdP_$R2$yE_QCq?Rh_MSp!1B! z;v1-PilJ*+ZS7c(!ZCsoSZynCH$;IikX-&3B3g5TXU~_n;mZB5*q6iUPJlZ^s$&;4 zl1#3PBLph>i#h%@_Y7~?#3%E;uTtJNX+0El?-!kwxJ%< z%Zy-91PGa9u3FEje8#hwSV2zwrPX}tw7*O2ioH)Q({yS}`A~=y8y#J&p$MB^_=Shc zTEWxNqZFaoXtRqAR^mgH7vnGfaObB1=EI<%<{uFjy-Sn zQBHQ{Nnp6{rs0KnCX`NyV{&jOx*}_d^4yEB<6M@TZ^HNJnxe2nx#;jQnGq6GaEUmc zESrzh8&}J?orE{JIHgf{o6xT!=E|~SQMgAyWVtI?r}Dg1rnNGY@2^~%_CE=U0gjP* zm8}={-SW1mv0S9B+=WvZ>IP{c>KZJqqIFJLvO?*ru0X`Zqi2MuY1mcY=eArdU1ml$ z+n$O{(aEpKtT{XIg^8`I0`CnZGxADH0*->AWJ8db$a$qnoK<@mTMF-eu}==W0QY+v zVFxz`foEeL{^>+h96f(Z2PR{}Lo#=x32@NdS4qOTmuxdoIc_B>yps}}ZZv!!JUi!0 znXERGGM6vl#yR#$y65r4cc1rC!qvMQ@b>XZxk0=Q)@deAuSm>TZlq7>HvWjJ4Q9aS z>(p8)-Ci6Wmuia4YHe}u{tbEj45qE>y~fPuNcRy>INuK2x&qhEBSz)dLZQTDEpIWq zrOkLjhuJbP*3yQp5(KxwUL&s=++{Kd!ALM{l;)aVZrWg1G{L^1usRW5&kKNTN2i+H z1XWZ;EzN+)BEm917p?V{?B1!<{gW#YyVO;ol15)O$vJi3)D^QneuLOOZEAGKe|~&B zmZu--palF4fP|TXg~Y>9!GfgMJgio_ntC7})NF7ra-{-O;4G3u*zyln_bJ6n$)|xMAp?(Ou3iY%9Ba&@M zb-?1+IsphNZ2_rsGf#Ifnz2yq4j9`c&WO97B0`7=2Ds7Z%2i@k3JF;3#mG_sMQ^Y6 zx|1|rbXaw3X)>4PKe1WU&k~n(e;WF5Y2WA&*#E4qgSH|sqSceEog?`Bz1aB#_&o)? zMUuaXaz2Hq`B+JO{FEBD_vg7lB62EMR+InjQNm9myg{mS5ZPxr$dKn?uf*9pg4kW@ zjQM6Ku|xSWag;bU06H=oK#f1#gcM|0C3ZUV&#*!GbZfpsd!;~`>R}5L+B1n&T-iJ^ zVW#}|6|mW8c0wlZUk$cfLB2lOkqZhTn&N|3XPXQ?KVPp8GL$V-M{0A**8K;fvMmM4OJx8(ca52^f`St|6@^w%zis?YCh|Hog?3#78Z zCECL|t{b;qsOJe@FHbf((A84HkfqaDa94(oZVxibPR1vLM6yD&6-Pk(W2aaWXFQKy z#?>TNc^`^exBP-`v;9QoUH6(;*bz9r%gg#Zlh_U8@fW=JSSJE)gZXaQdc@z!{+1aR9@Gg+HPhDB)Cjl!Gj75E+DG+CjZ>Y)J6#Wa@?l*8gFadX z6&NYqd>r4+++u~LM97o;)^QoX{!Y{0uz+Tso9`-gwwAo0zCfeLWsW7ZDC@<&r^{nL zHK2xHdQ^kixU7mz7g!qc0MP*QJNmc#QtR(XU%xfE+inc89r9R=5uS;Z2WWrlSTeL2 z!;B#~jK^6{IL}WmiD^?q^&>U$>y-s+KEI*2cwCADq3>&T%?leTjk{yW_wf>|c8kBK z_ZR~=kdI+7Lf8-aQqSoLTB(0DK)jpLQlLhUer$&qpV+_P zu+`ol*m&cEZ?)A{l7;`LyrjI?%| zWxMZ2L#2?;xN#uFBahB8q5xG@XDQLU(>AF_`@60cius*c;3|CT@zrmfO^O0j{8o(K ze@dg(!B?^sRn&Q~RpNV$h^s1;=T%n$D+g=9P-T6L# zbXgeJagW);Iyhf6ASMA~#C8O#d-gKVzQU5ce~h^+^xFEPAB?PZlkYuHFBT>EulxBs zIY+V?TpT}CT2H2t2eFE}ZEr`^3{KtZFmqqe)k-L>z><2`YL73z%wqEv7!%yf{cC)? zm$I5tYRUEGZlA~Me-h>Qxn^K#dyiHXXFlPHqRn}dr1hb!Q)u%4iVNuNV!CS-exEVe zxjMBT{JoOS^E@b}S;L0d#YlI-<8-}{uc>1cO6BFN01VQ3et~~HJbAxAc=$UqfrghR z;}BP?Ec$t~xBq@{bb1ic`|cP?CzOkCH{6 z85s5giLM#8w{g?yMg6p%us+n83L>GA$Bv($#v_$nlg1)kN*C(j(m(C<1UDVm_8fW6 zY6s&D0^A63n+5_$ukTtkb5oXr(q={Cec}mlDxOyugG?B^4k+o*y6jQ2Leg+0ci2(| z*W0!bXp#rXh$=G|Pg*mWXtKi=Db=%x26uqk>?k)fLIG2nrpK`B&r<6xaQ+`4?in<+ z_z@$S{hn+qkYybm8MdAJdTYbD1m%GoaZs(5<=GkT9gc5CJJ+aA3D*%F4qTe0hH04+I<)7h^>aOlsEcfdFpo+k!jiiP;F8UoE z?r`~h{`1GS+j8&wcp)_{Cc3)r+ujmg-4dNdHBfvqRC+R0e0+Lpx~n?hY4rcP6KyAY zZTlMid`Dwb>LRJ4@|$q~!V$THq-DKyxPi#d_;3*YqM0pw9%K*}NuyZV$@S-cdL-Uq zS*+P!IuE_o#|@5wDv`r$gIVcSl;ndgnF>AG-qyTH{Kg5scwf9{Z|~~Kr2=U^ZE|`r{2fRBxCjcC+)i{V@W^#v2%gIvx zro#NyDw9cif+aK?@)<}!i1Bx<0vi`d2oQg6<8$<|_g_P4P0SQ7Gbd z#V&bAuoF~Y5+k=t*#Z&ULWbfVOw?W#@r<-c=#S zZOh&cjCjSE6vNoe4_Pxgb>Z6larfC1w10^u^CF(wOEhGT_16Z6J9=bMpSz%ye@Ql8 z;g>?7_WL!-zUHXo$T=j3o;S{X&DX{36rPZ?tP4}q3DT>#)Ov8}Q%I{s{QllURL6TSljlGEn zNY}yWgSvh1L{^IELUzJ4UA}zk4=MM!mDjUSZ&^SSvSwm%J1i$92$lR_JlnjV?FvG-_c1i&8gsH>m7{_u)d5E)$ToBNfJ zuTF9NJTOP4*LJ*>?ENt#Lpg6SL>0hb#k$mT^5}4*se3sKXYNNcvHr=Xg0dC)rW0r5 z;TBfrxFC!6N=}1CjM`J-tq)|v)xn0MW{SN>C)Kv5?$6Obb{Zd$+&GCb&ORwCNzwf$ z6yKCe9kXltNeB&7?`OFrBl;YMI6Fz#51;Wr!TAG)iJWe!<>9>ju?xix2*JPnP7f6m zM?!!8QcU7Xf?6Ou?QPkx>B`i^)llY1B z{$@b`hzL{sdSnyy=e%8y7RR>_fvc4mY={1W|Id1?kV@7vsSvi`3iaE!>O^Cu)&$nw z&`2-u*M#megs_b1QoovJ_V`5{v(_U>e=Y*dEv{tzo&(4g`c8xK1UCKlFy_rgF^@3X z+wrZ5f%7A<#_l}O*}=$qWpzSj5}%v;tvg11*CBnz2%JA6DcDQLT&NHT*XL`KBmAVo zgPF3HFZ?e}-Bu1Z`lZ%t!m;{~(bfsTbs5|qrASvNoRpnBsyb06Tc+HT?f z13h;;r(A!L444`e!wLnwi{hVYQF!(T*Kr|R>p3Zb^UR=!-WdCuQ*gB6^5ahpYIzPG zThV)*i42y_oR7Nn!iN}$WPi4%=^E&{2-RF$2~$0^l*7!lC(2JS*le+l#=VOdu(VF~ z__ROF0}rD5P)kHCGHNy;?-UZI{UWh*beb55{2IZN*8S3Ii>Cc2J_f!g%IfL~QB!&4 zfe85H`T1|Bv)xDeN4~<|X+6rUhDwdl+N>I_r3{<(ULpX^XnclrPs0fnZOiyE9lXBM z3VRfY=5Z$nZ>xrg=e1cFu6wd-V4cpRLY{G-FwL1B`>F%?N<^H#Z zAq7N;K9+-F8MuJE0an8a8R6x z^HaYJU563>!;mYnf@3}o%Es5~`$Z**>ERehobJ+}?5zy1hm0tN$#E&sn|l0HELQAz zeb;Mn)`G()l8QV8Bnj02kN4sK$Nm5Si2u?Y_&?YGh5cau5BB?ipr4974DA0rLj2dt N|Lv{+q#ywBzW~Kh^PT_z literal 0 HcmV?d00001 diff --git a/src/agent/docker-rest-agent/intergration-test/sampleconfig/test.block b/src/agent/docker-rest-agent/intergration-test/sampleconfig/test.block new file mode 100644 index 0000000000000000000000000000000000000000..783ea1919ea0748349f9d49a614734141d9df40e GIT binary patch literal 1054 zcmb_a&r1|h9Cufp9lx$Rd?U3v^kWN!4Rha)&TbOu?iSdk!WBCR+1r_?`)GDX=FLI| zfqz4XZXP>J5K)0wDY|)25VV3MIs{RN?77ZtURFBv9=yZ%eZJrC=ll75A*G+cxqr>e zeck)^ur$1}^K5N8G)3AzMP1CUEHl(l zfezt0UIa;{AaU2{0rN$JZ##B11II8Sa~#B8wH;-vqe--Q6O)F%qT^W)=BUGMdPw-B zdWjiErD(@`hJmPFI_mf?2Hl4jpMvN1*b#NNxYJLGBAIcS%_82&nfm=M!gA*NxN#L5Oz!w7_4K-vz(VE_P%t`{!= literal 0 HcmV?d00001 diff --git a/src/agent/docker-rest-agent/intergration-test/test.py b/src/agent/docker-rest-agent/intergration-test/test.py new file mode 100644 index 000000000..993152fe0 --- /dev/null +++ b/src/agent/docker-rest-agent/intergration-test/test.py @@ -0,0 +1,45 @@ +from requests import put, get, post +import base64 +import docker +import json + +client = docker.from_env() + +with open('sampleconfig/msp.zip', 'rb') as node_msp, open('sampleconfig/tls.zip', 'rb') as tls, open('sampleconfig/block.zip', 'rb') as block, open('sampleconfig/peer_config.zip', 'rb') as peer_config, open('sampleconfig/orderer_config.zip', 'rb') as orderer_config: + + data = { + 'msp':base64.b64encode(node_msp.read()), + 'tls':base64.b64encode(tls.read()), + 'bootstrap_block':base64.b64encode(block.read()), + 'peer_config_file':base64.b64encode(peer_config.read()), + 'orderer_config_file':base64.b64encode(orderer_config.read()), + 'img': 'yeasy/hyperledger-fabric:2.2.0', + 'cmd': 'bash /tmp/init.sh "peer node start"', + 'name': 'cello-hlf-peer' + } + +# Test creating a node +n = post('http://localhost:5001/api/v1/nodes', data=data) +print(n.text) +txt = json.loads(n.text) +nid = txt['data']['id'] + +# Test starting a node +data = {'action': 'start'} +response = post('http://localhost:5001/api/v1/nodes/'+nid, data=data) +print(response.text) + +# Test restarting a node +data = {'action': 'restart'} +response = post('http://localhost:5001/api/v1/nodes/'+nid, data=data) +print(response.text) + +# Test stopping a node +data = {'action': 'stop'} +response = post('http://localhost:5001/api/v1/nodes/'+nid, data=data) +print(response.text) + +# Test deleting a node +data = {'action': 'delete'} +response = post('http://localhost:5001/api/v1/nodes/'+nid, data=data) +print(response.text) diff --git a/src/agent/docker-rest-agent/requirements.txt b/src/agent/docker-rest-agent/requirements.txt new file mode 100644 index 000000000..94f0dc9a6 --- /dev/null +++ b/src/agent/docker-rest-agent/requirements.txt @@ -0,0 +1,3 @@ +Flask +flask-restful +requests \ No newline at end of file diff --git a/src/agent/docker-rest-agent/server.py b/src/agent/docker-rest-agent/server.py new file mode 100644 index 000000000..0718b81b1 --- /dev/null +++ b/src/agent/docker-rest-agent/server.py @@ -0,0 +1,115 @@ +from flask import Flask, jsonify, request +import docker +import sys +import logging + +app = Flask(__name__) + +client = docker.from_env() +res = {'code': 'OK', 'data': {}, 'msg': ''} + +@app.route('/api/v1/networks', methods=['GET']) +def get_network(): + return jsonify({'networks': client.containers.list()}) + +@app.route('/api/v1/nodes', methods=['POST']) +def create_node(): + msp = request.form.get('msp') + tls = request.form.get('tls') + bootstrap_block = request.form.get('bootstrap_block') + peer_config_file = request.form.get('peer_config_file') + orderer_config_file = request.form.get('orderer_config_file') + img = request.form.get('img') + cmd = request.form.get('cmd') + name_tag = request.form.get('name') + + env = { + 'HLF_NODE_MSP':msp, + 'HLF_NODE_TLS':tls, + 'HLF_NODE_BOOTSTRAP_BLOCK':bootstrap_block, + 'HLF_NODE_PEER_CONFIG':peer_config_file, + 'HLF_NODE_ORDERER_CONFIG':orderer_config_file, + } + + + try: + # same as `docker run -dit yeasy/hyperledge-fabric:2.2.0 -e VARIABLES`` + container = client.containers.run(img, cmd, detach=True, tty=True, stdin_open=True, name=name_tag, environment=env) + except: + res['code'] = 'Fail' + res['data'] = sys.exc_info()[0] + res['msg'] = 'failed' + logging.debug(res) + raise + res['data']['status'] = 'created' + res['data']['id'] = container.id + res['data']['public-grpc'] = '127.0.0.1:7050' + res['data']['public-raft'] = '127.0.0.1:7052' + return jsonify(res) + +@app.route('/api/v1/nodes/', methods=['GET', 'POST']) +def operate_node(id): + + if request.method == 'POST': + act = request.form.get('action') + else: + act = request.args.get('action') + container = client.containers.get(id) + + if act == 'start': + try: + container.start() + except: + res['code'] = 'Fail' + res['data'] = sys.exc_info()[0] + res['msg'] = 'start failed' + logging.debug(res) + raise + res['data']['status'] = 'started' + elif act == 'restart': + try: + container.restart() + except: + res['code'] = 'Fail' + res['data'] = sys.exc_info()[0] + res['msg'] = 'restart failed' + logging.debug(res) + raise + res['data']['status'] = 'restarted' + elif act == 'stop': + try: + container.stop() + except: + res['code'] = 'Fail' + res['data'] = sys.exc_info()[0] + res['msg'] = 'stop failed' + logging.debug(res) + raise + res['data']['status'] = 'stopped' + elif act == 'delete': + try: + container.remove() + except: + res['code'] = 'Fail' + res['data'] = sys.exc_info()[0] + res['msg'] = 'delete failed' + logging.debug(res) + raise + res['data']['status'] = 'deleted' + elif act == 'query': + try: + res['data']['status'] = container.status() + except: + res['code'] = 'Fail' + res['data'] = sys.exc_info()[0] + res['msg'] = 'query failed' + logging.debug(res) + raise + else: + res['msg'] = 'undefined action' + + return res + + +if __name__ == '__main__': + app.run(port=5001, debug=True) \ No newline at end of file