From 059a1d0b21b0174f9f19611fa144b55e18c955d8 Mon Sep 17 00:00:00 2001 From: Matthew B White Date: Wed, 3 Nov 2021 10:02:02 +0000 Subject: [PATCH 1/2] Changes to the test-network k8s deployment to use the built-in as-a-service chaincode builder from the Peer Container Signed-off-by: Matthew B White --- .../asset-transfer-basic/connection.json | 2 +- .../asset-transfer-basic/metadata.json | 4 ++-- test-network-k8s/config/org1/core.yaml | 13 +++++------ test-network-k8s/config/org2/core.yaml | 12 ++++------ .../kube/org1/org1-cc-template.yaml | 10 ++++---- test-network-k8s/kube/org1/org1-peer1.yaml | 19 ++------------- test-network-k8s/kube/org1/org1-peer2.yaml | 2 +- test-network-k8s/kube/org2/org2-peer1.yaml | 2 +- test-network-k8s/kube/org2/org2-peer2.yaml | 2 +- test-network-k8s/scripts/chaincode.sh | 23 ++++++++----------- test-network/scripts/deployCC.sh | 4 ++-- 11 files changed, 36 insertions(+), 57 deletions(-) diff --git a/test-network-k8s/chaincode/asset-transfer-basic/connection.json b/test-network-k8s/chaincode/asset-transfer-basic/connection.json index 598ba74f84..f3a8dd89a0 100644 --- a/test-network-k8s/chaincode/asset-transfer-basic/connection.json +++ b/test-network-k8s/chaincode/asset-transfer-basic/connection.json @@ -1,5 +1,5 @@ { - "address": "org1-cc-asset-transfer-basic:9999", + "address": "{{.peername}}-cc-asset-transfer-basic:9999", "dial_timeout": "10s", "tls_required": false } \ No newline at end of file diff --git a/test-network-k8s/chaincode/asset-transfer-basic/metadata.json b/test-network-k8s/chaincode/asset-transfer-basic/metadata.json index bb7056c0c6..c52d2a5eae 100644 --- a/test-network-k8s/chaincode/asset-transfer-basic/metadata.json +++ b/test-network-k8s/chaincode/asset-transfer-basic/metadata.json @@ -1,4 +1,4 @@ { - "type": "external", + "type": "ccaas", "label": "basic_1.0" -} \ No newline at end of file +} diff --git a/test-network-k8s/config/org1/core.yaml b/test-network-k8s/config/org1/core.yaml index ca60ae52ec..817d582664 100644 --- a/test-network-k8s/config/org1/core.yaml +++ b/test-network-k8s/config/org1/core.yaml @@ -474,7 +474,7 @@ vm: # unix:///var/run/docker.sock # http://localhost:2375 # https://localhost:2376 - endpoint: unix:///var/run/docker.sock + # endpoint: unix:///var/run/docker.sock # settings for docker vms docker: @@ -558,12 +558,11 @@ chaincode: # chaincode. The external builder detection processing will iterate over the # builders in the order specified below. externalBuilders: - - path: /var/hyperledger/fabric/chaincode/ccs-builder - name: ccs-builder - propagateEnvironment: - - HOME - - CORE_PEER_ID - - CORE_PEER_LOCALMSPID + - name: ccaas_builder + path: /opt/hyperledger/ccaas_builder + propagateEnvironment: + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG + # The maximum duration to wait for the chaincode build and install process # to complete. diff --git a/test-network-k8s/config/org2/core.yaml b/test-network-k8s/config/org2/core.yaml index 791af4c37d..e32cb32a69 100644 --- a/test-network-k8s/config/org2/core.yaml +++ b/test-network-k8s/config/org2/core.yaml @@ -558,13 +558,11 @@ chaincode: # chaincode. The external builder detection processing will iterate over the # builders in the order specified below. externalBuilders: - - path: /var/hyperledger/fabric/chaincode/ccs-builder - name: ccs-builder - propagateEnvironment: - - HOME - - CORE_PEER_ID - - CORE_PEER_LOCALMSPID - + - name: ccaas_builder + path: /opt/hyperledger/ccaas_builder + propagateEnvironment: + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG + # The maximum duration to wait for the chaincode build and install process # to complete. installTimeout: 300s diff --git a/test-network-k8s/kube/org1/org1-cc-template.yaml b/test-network-k8s/kube/org1/org1-cc-template.yaml index 4c72bb4e77..c86c420801 100644 --- a/test-network-k8s/kube/org1/org1-cc-template.yaml +++ b/test-network-k8s/kube/org1/org1-cc-template.yaml @@ -7,16 +7,16 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: org1-cc-{{CHAINCODE_NAME}} + name: org1{{PEER_NAME}}-cc-{{CHAINCODE_NAME}} spec: replicas: 1 selector: matchLabels: - app: org1-cc-{{CHAINCODE_NAME}} + app: org1{{PEER_NAME}}-cc-{{CHAINCODE_NAME}} template: metadata: labels: - app: org1-cc-{{CHAINCODE_NAME}} + app: org1{{PEER_NAME}}-cc-{{CHAINCODE_NAME}} spec: containers: - name: main @@ -35,11 +35,11 @@ spec: apiVersion: v1 kind: Service metadata: - name: org1-cc-{{CHAINCODE_NAME}} + name: org1{{PEER_NAME}}-cc-{{CHAINCODE_NAME}} spec: ports: - name: chaincode port: 9999 protocol: TCP selector: - app: org1-cc-{{CHAINCODE_NAME}} \ No newline at end of file + app: org1{{PEER_NAME}}-cc-{{CHAINCODE_NAME}} \ No newline at end of file diff --git a/test-network-k8s/kube/org1/org1-peer1.yaml b/test-network-k8s/kube/org1/org1-peer1.yaml index f1f40ac43b..0b6376db86 100644 --- a/test-network-k8s/kube/org1/org1-peer1.yaml +++ b/test-network-k8s/kube/org1/org1-peer1.yaml @@ -28,7 +28,7 @@ data: CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443 CORE_PEER_FILESYSTEMPATH: /var/hyperledger/fabric/data/org1-peer1.org1.example.com CORE_LEDGER_SNAPSHOTS_ROOTDIR: /var/hyperledger/fabric/data/org1-peer1.org1.example.com/snapshots - + CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG: "{\"peername\":\"org1peer1\"}" --- apiVersion: apps/v1 kind: Deployment @@ -61,20 +61,6 @@ spec: mountPath: /var/hyperledger - name: fabric-config mountPath: /var/hyperledger/fabric/config - - name: ccs-builder - mountPath: /var/hyperledger/fabric/chaincode/ccs-builder/bin - - # load the external chaincode builder into the peer image prior to peer launch. - initContainers: - - name: fabric-ccs-builder - image: ghcr.io/hyperledgendary/fabric-ccs-builder - imagePullPolicy: IfNotPresent - command: [sh, -c] - args: ["cp /go/bin/* /var/hyperledger/fabric/chaincode/ccs-builder/bin/"] - volumeMounts: - - name: ccs-builder - mountPath: /var/hyperledger/fabric/chaincode/ccs-builder/bin - volumes: - name: fabric-volume persistentVolumeClaim: @@ -82,8 +68,7 @@ spec: - name: fabric-config configMap: name: org1-config - - name: ccs-builder - emptyDir: {} + --- apiVersion: v1 kind: Service diff --git a/test-network-k8s/kube/org1/org1-peer2.yaml b/test-network-k8s/kube/org1/org1-peer2.yaml index 78f57862a5..a407338523 100644 --- a/test-network-k8s/kube/org1/org1-peer2.yaml +++ b/test-network-k8s/kube/org1/org1-peer2.yaml @@ -28,7 +28,7 @@ data: CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443 CORE_PEER_FILESYSTEMPATH: /var/hyperledger/fabric/data/org1-peer2.org1.example.com CORE_LEDGER_SNAPSHOTS_ROOTDIR: /var/hyperledger/fabric/data/org1-peer2.org1.example.com/snapshots - + CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG: "{\"peername\":\"org1peer2\"}" --- apiVersion: apps/v1 kind: Deployment diff --git a/test-network-k8s/kube/org2/org2-peer1.yaml b/test-network-k8s/kube/org2/org2-peer1.yaml index 7dba924da2..95af55765f 100644 --- a/test-network-k8s/kube/org2/org2-peer1.yaml +++ b/test-network-k8s/kube/org2/org2-peer1.yaml @@ -28,7 +28,7 @@ data: CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443 CORE_PEER_FILESYSTEMPATH: /var/hyperledger/fabric/data/org2-peer1.org2.example.com CORE_LEDGER_SNAPSHOTS_ROOTDIR: /var/hyperledger/fabric/data/org2-peer1.org2.example.com/snapshots - + CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG: "{\"peername\":\"org2peer1\"}" --- apiVersion: apps/v1 kind: Deployment diff --git a/test-network-k8s/kube/org2/org2-peer2.yaml b/test-network-k8s/kube/org2/org2-peer2.yaml index 3b80025fb3..2cd3017582 100644 --- a/test-network-k8s/kube/org2/org2-peer2.yaml +++ b/test-network-k8s/kube/org2/org2-peer2.yaml @@ -28,7 +28,7 @@ data: CORE_OPERATIONS_LISTENADDRESS: 0.0.0.0:9443 CORE_PEER_FILESYSTEMPATH: /var/hyperledger/fabric/data/org2-peer2.org2.example.com CORE_LEDGER_SNAPSHOTS_ROOTDIR: /var/hyperledger/fabric/data/org2-peer2.org2.example.com/snapshots - + CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG: "{\"peername\":\"org2peer2\"}" --- apiVersion: apps/v1 kind: Deployment diff --git a/test-network-k8s/scripts/chaincode.sh b/test-network-k8s/scripts/chaincode.sh index f2c8f24bfb..5eee57e779 100755 --- a/test-network-k8s/scripts/chaincode.sh +++ b/test-network-k8s/scripts/chaincode.sh @@ -36,11 +36,12 @@ function transfer_chaincode_archive_for() { function install_chaincode_for() { local org=$1 - push_fn "Installing chaincode for org ${org}" + local peer=$2 + push_fn "Installing chaincode for org ${org} peer ${peer}" # Install the chaincode echo 'set -x - export CORE_PEER_ADDRESS='${org}'-peer1:7051 + export CORE_PEER_ADDRESS='${org}'-'${peer}':7051 peer lifecycle chaincode install build/chaincode/'${CHAINCODE_NAME}'.tgz ' | exec kubectl -n $NS exec deploy/${org}-admin-cli -c main -i -- /bin/bash @@ -51,6 +52,7 @@ function launch_chaincode_service() { local org=$1 local cc_id=$2 local cc_image=$3 + local peer=$4 push_fn "Launching chaincode container \"${cc_image}\"" # The chaincode endpoint needs to have the generated chaincode ID available in the environment. @@ -60,9 +62,10 @@ function launch_chaincode_service() { | sed 's,{{CHAINCODE_NAME}},'${CHAINCODE_NAME}',g' \ | sed 's,{{CHAINCODE_ID}},'${cc_id}',g' \ | sed 's,{{CHAINCODE_IMAGE}},'${cc_image}',g' \ + | sed 's,{{PEER_NAME}},'${peer}',g' \ | exec kubectl -n $NS apply -f - - kubectl -n $NS rollout status deploy/${org}-cc-${CHAINCODE_NAME} + kubectl -n $NS rollout status deploy/${org}${peer}-cc-${CHAINCODE_NAME} pop_fn } @@ -124,14 +127,6 @@ function query_chaincode_metadata() { peer chaincode query -n '${CHAINCODE_NAME}' -C '${CHANNEL_NAME}' -c '"'$args'"' ' | exec kubectl -n $NS exec deploy/org1-admin-cli -c main -i -- /bin/bash - log '' - log 'Org1-Peer-SVC:' - echo ' - export CORE_PEER_ADDRESS=org1-peer-svc:7051 - peer chaincode query -n '${CHAINCODE_NAME}' -C '${CHANNEL_NAME}' -c '"'$args'"' - ' | exec kubectl -n $NS exec deploy/org1-admin-cli -c main -i -- /bin/bash - - } function invoke_chaincode() { @@ -168,7 +163,8 @@ function install_chaincode() { package_chaincode_for ${org} transfer_chaincode_archive_for ${org} - install_chaincode_for ${org} + install_chaincode_for ${org} peer1 + install_chaincode_for ${org} peer2 set_chaincode_id } @@ -186,7 +182,8 @@ function deploy_chaincode() { set -x install_chaincode - launch_chaincode_service org1 $CHAINCODE_ID $CHAINCODE_IMAGE + launch_chaincode_service org1 $CHAINCODE_ID $CHAINCODE_IMAGE peer1 + launch_chaincode_service org1 $CHAINCODE_ID $CHAINCODE_IMAGE peer2 activate_chaincode } diff --git a/test-network/scripts/deployCC.sh b/test-network/scripts/deployCC.sh index 951aae5aed..1aa4294c06 100755 --- a/test-network/scripts/deployCC.sh +++ b/test-network/scripts/deployCC.sh @@ -44,8 +44,8 @@ elif [ -z "$CC_SRC_LANGUAGE" ] || [ "$CC_SRC_LANGUAGE" = "NA" ]; then fatalln "No chaincode language was provided. Valid call example: ./network.sh deployCC -ccn basic -ccp ../asset-transfer-basic/chaincode-go -ccl go" ## Make sure that the path to the chaincode exists -elif [ ! -d "$CC_SRC_PATH" ]; then - fatalln "Path to chaincode does not exist. Please provide different path." +elif [ ! -d "$CC_SRC_PATH" ] && [ ! -f "$CC_SRC_PATH" ]; then + fatalln "dfghPath to chaincode does not exist. Please provide different path." fi CC_SRC_LANGUAGE=$(echo "$CC_SRC_LANGUAGE" | tr [:upper:] [:lower:]) From b25b30ae407f3c341ff776eb1000596d1bb90f22 Mon Sep 17 00:00:00 2001 From: Josh Kneubuhl Date: Wed, 15 Dec 2021 15:57:59 -0500 Subject: [PATCH 2/2] Remove the ccaas init container from org2 peer; tweak docs on ccaas config Signed-off-by: Josh Kneubuhl --- test-network-k8s/docs/TEST_NETWORK.md | 44 ++++++++-------------- test-network-k8s/kube/org2/org2-peer1.yaml | 16 -------- test-network-k8s/network | 2 +- test-network-k8s/scripts/kind.sh | 2 - 4 files changed, 16 insertions(+), 48 deletions(-) diff --git a/test-network-k8s/docs/TEST_NETWORK.md b/test-network-k8s/docs/TEST_NETWORK.md index 63a9a8577b..c3832bad06 100644 --- a/test-network-k8s/docs/TEST_NETWORK.md +++ b/test-network-k8s/docs/TEST_NETWORK.md @@ -103,52 +103,38 @@ Running Fabric in Kubernetes places some unique constraints on the Chaincode lif - For cloud-ready development, test, validation, CI/CD, and production practices, the use of the [Chaincode as a Service](https://hyperledger-fabric.readthedocs.io/en/latest/cc_service.html) pattern provides a - _vastly superior user experience_. However, with the current (2.3) Fabric builds, the configuration of [External - Chaincode Builders](https://hyperledger-fabric.readthedocs.io/en/latest/cc_launcher.html) is non-trivial and - includes some real complexity for deployment to Kubernetes. + _vastly superior user experience_. - Running Chaincode builds in Docker in Docker, running in Kubernetes in Docker is ... interesting. Let's step back and _keep it simple_. - -For the Kube Test Network, we've configured the peer nodes to launch with the [fabric-ccs-builder](https://github.com/hyperledgendary/fabric-ccs-builder) -External Chaincode Builders pre-bundled into the network. When chaincode is installed on the peers, the external -builder binaries will be invoked, bypassing the reliance on a local Docker daemon running in Kubernetes. +In the Kubernetes Test Network, we've incorporated the default `ccaas` external builder +(See [fabric #2884](https://github.com/hyperledger/fabric/issues/2884)) as an accelerator for working with +Chaincode-as-a-Service on Kubernetes. For `ccaas` smart contracts, when chaincode is installed on a peer, the +external builder binaries will be invoked, bypassing the reliance on a local Docker daemon running in Kubernetes. This configuration is accomplished by registering an external builder in the peer core.yaml: ```yaml externalBuilders: - - path: /var/hyperledger/fabric/chaincode/ccs-builder - name: ccs-builder + - name: ccaas_builder + path: /opt/hyperledger/ccaas_builder propagateEnvironment: - - HOME - - CORE_PEER_ID - - CORE_PEER_LOCALMSPID + - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG ``` - -At launch time, the Kubernetes deployment includes an init container that will load the fabric-ccs-builder binaries -from a public container registry, copying the external builders into the target volume in the peer: -```yaml - initContainers: - - name: fabric-ccs-builder - image: {{FABRIC_CONTAINER_REGISTRY}}/fabric-ccs-builder - command: [sh, -c] - args: ["cp /go/bin/* /var/hyperledger/fabric/chaincode/ccs-builder/bin/"] - volumeMounts: - - name: ccs-builder - mountPath: /var/hyperledger/fabric/chaincode/ccs-builder/bin +To trigger the external builder for a chaincode service, set the metadata.json `type` attribute to `ccaas`. E.g.: +```json +{ + "type": "ccaas", + "label": "basic_1.0" +} ``` -With this configuration we eliminate the reliance on Docker daemon, fully supporting the _Chaincode-as-a-Service_ -pattern for building smart contracts in a cloud-native environment. - - [x] Pro tip: Use the companion container registry at `localhost:5000` to deploy custom chaincode into the test network. -- [x] Pro tip: Deploy a chaincode with `address: host.docker.internal:9999` and run your chaincode in a debugger. -- [ ] Note: An external chaincode builder will be included in future releases of Fabric. +- [x] Pro tip: Deploy a chaincode with `address: host.docker.internal:9999` and attach your chaincode in a debugger. ## Starting Peers and Orderers diff --git a/test-network-k8s/kube/org2/org2-peer1.yaml b/test-network-k8s/kube/org2/org2-peer1.yaml index 95af55765f..112b98f1d9 100644 --- a/test-network-k8s/kube/org2/org2-peer1.yaml +++ b/test-network-k8s/kube/org2/org2-peer1.yaml @@ -61,20 +61,6 @@ spec: mountPath: /var/hyperledger - name: fabric-config mountPath: /var/hyperledger/fabric/config - - name: ccs-builder - mountPath: /var/hyperledger/fabric/chaincode/ccs-builder/bin - - # load the external chaincode builder into the peer image prior to peer launch. - initContainers: - - name: fabric-ccs-builder - image: ghcr.io/hyperledgendary/fabric-ccs-builder - imagePullPolicy: IfNotPresent - command: [sh, -c] - args: ["cp /go/bin/* /var/hyperledger/fabric/chaincode/ccs-builder/bin/"] - volumeMounts: - - name: ccs-builder - mountPath: /var/hyperledger/fabric/chaincode/ccs-builder/bin - volumes: - name: fabric-volume persistentVolumeClaim: @@ -82,8 +68,6 @@ spec: - name: fabric-config configMap: name: org2-config - - name: ccs-builder - emptyDir: {} --- apiVersion: v1 diff --git a/test-network-k8s/network b/test-network-k8s/network index 7836f1fe91..05a9e0ac51 100755 --- a/test-network-k8s/network +++ b/test-network-k8s/network @@ -20,7 +20,7 @@ set -o errexit # todo: track down a nasty bug whereby the CA service endpoints (kube services) will occasionally reject TCP connections after network down/up. This is patched by introducing a 10s sleep after the deployments are up... # todo: refactor query/invoke to specify chaincode name (-n param) -FABRIC_VERSION=${TEST_NETWORK_FABRIC_VERSION:-2.3.2} +FABRIC_VERSION=${TEST_NETWORK_FABRIC_VERSION:-2.4.1} FABRIC_CA_VERSION=${TEST_NETWORK_FABRIC_CA_VERSION:-1.5.2} FABRIC_CONTAINER_REGISTRY=${TEST_NETWORK_FABRIC_CONTAINER_REGISTRY:-hyperledger} NETWORK_NAME=${TEST_NETWORK_NAME:-test-network} diff --git a/test-network-k8s/scripts/kind.sh b/test-network-k8s/scripts/kind.sh index 67a3dd6ab2..6d64d7d913 100755 --- a/test-network-k8s/scripts/kind.sh +++ b/test-network-k8s/scripts/kind.sh @@ -12,7 +12,6 @@ function pull_docker_images() { docker pull ${FABRIC_CONTAINER_REGISTRY}/fabric-orderer:$FABRIC_VERSION docker pull ${FABRIC_CONTAINER_REGISTRY}/fabric-peer:$FABRIC_VERSION docker pull ${FABRIC_CONTAINER_REGISTRY}/fabric-tools:$FABRIC_VERSION - docker pull ghcr.io/hyperledgendary/fabric-ccs-builder:latest docker pull ghcr.io/hyperledgendary/fabric-ccaas-asset-transfer-basic:latest pop_fn @@ -25,7 +24,6 @@ function load_docker_images() { kind load docker-image ${FABRIC_CONTAINER_REGISTRY}/fabric-orderer:$FABRIC_VERSION kind load docker-image ${FABRIC_CONTAINER_REGISTRY}/fabric-peer:$FABRIC_VERSION kind load docker-image ${FABRIC_CONTAINER_REGISTRY}/fabric-tools:$FABRIC_VERSION - kind load docker-image ghcr.io/hyperledgendary/fabric-ccs-builder:latest kind load docker-image ghcr.io/hyperledgendary/fabric-ccaas-asset-transfer-basic:latest pop_fn