fabric
fabric copied to clipboard
hyperledger-archives
Ability to deploy chaincode to the peer from the private git repository
So far we are able to deploy chaincode to a peer from a chaincode hosted in public git repository. What are our options for deploying the same chaincode hosted in a private git repository. Any suggestions are welcome. Thanks.
I am part of a team working on a first project and this is a problem I have also encountered.
We really need the chaincode to be in a private repository but we are currently having to place it in a public repository so that we can deploy to a bluemix peer.
We also tried to deploy the chaincode from a peer in a local vagrant environment and point it at a bluemix peer using the command:
OPENCHAIN_PEER_ADDRESS={Bluemix host:port} ./obc-peer chaincode deploy -p github.com/openblockchain/obc-peer/openchain/example/chaincode/chaincode_example02 -c '{"Function":"init", "Args": ["a","100", "b", "200"]}'
However this hasn't been working for us, getting the error:
vagrant@vagrant-ubuntu-trusty-64:/opt/gopath/src/github.com/openblockchain/obc-peer$ OPENCHAIN_PEER_ADDRESS={169.44.38.122:38645} ./obc-peer chaincode deploy -p github.com/openblockchain/obc-peer/openchain/example/chaincode/chaincode_example02 -c '{"Function":"init", "Args": ["a","100", "b", "200"]}'
10:07:05.509 [crypto] main -> INFO 001 Log level recognized 'debug', set to DEBUG 10:07:05.512 [crypto] main -> DEBU 002 Working at security level [256] 2016/03/29 10:07:06 grpc: ClientConn.resetTransport failed to create client transport: connection error: desc = "transport: dial tcp: lookup {169.44.38.122: invalid domain name"; Reconnecting to "{169.44.38.122:38645}" 2016/03/29 10:07:08 grpc: ClientConn.resetTransport failed to create client transport: connection error: desc = "transport: dial tcp: lookup {169.44.38.122: invalid domain name"; Reconnecting to "{169.44.38.122:38645}"
Even if this did work for us, it is still not what we require because upon deployment we will get back just the chaincodeID. We are using the ibm-blockchain-js sdk so we need to have access to the go file so that the sdk can read the file and construct a chaincode object for us to use on a node js server.
I think as more projects are starting this will become a common requirement and as a result should be addressed sooner rather than later.
Thanks
Hi; We're struggling with this as well. For our PoC we're looking at deploying to bluemix whilst using a private repository for our chaincode. This doesn't seem to work, and as @jpayne23 mentions, if you deploy it via the cli, we can't use the SDK because it then doesn't have the go file read nor the chaincodeId. The conditions of our project are that we keep the chaincode in a private repository, I think this is quite a pressing common requirement for deployment that has to be addressed soon.
Thanks
FWIW, I am working on a patch series which includes the ability to deploy chaincode payload inband to the REST interface, which would help with this scenario.
@ghaskins - how's this coming along? seems related to discussion on issue #1381 as well
for the work we do for the IBM BMX service, this functionality would be very useful.
@mastersingh24 I haven't had a chance to spend any time on it. However, even if I did, it might not be something you would be interested in per se. My focus would have been on chaincodeType=CAR. I would guess I would need to address the GOLANG platform as well to a degree, but I am not sure what a GOLANG bundle might look like. Perhaps the SDK folks would have a solution. Of course, I would be more than happy to pick up some CAR customers ;)
@ghaskins @mastersingh24 I did look at this a bit. The issues were the following
- we execute "go get ..." which does not appear to make working with private repositories easy
- even if we were to make that work, the creds typically used (think SSH keys) need to mesh well with fabric's security
One approach to that would be to investigate library alternatives to "go get" command execution. For example, there seem to be some promising golang github packages out there. They would give lower-level, finer grained control than "go get" would. This is probably worth investigating IMO.
One thing to note : NVP's could provide some relief by deploying files from a local file system not on a VP.
@ghaskins @christo4ferris It is possible to do this in the current version of hyperledger fabric by adjusting the git config settings on all of the VPs.
Step 1: Create a github personal access token with control of the private repository.
Step 2: Change the git config settings on the VM that is running the peer :
GITHUB_ACCESS_TOKEN="tokenFromStep1"
git config --global url."https://${GITHUB_ACCESS_TOKEN}:[email protected]/".insteadOf "https://github.com/"
This setting will cause git to substitute https://github.com with https://tokenFromStep1:[email protected]/ when cloning.
When go get is run by the peer, git will do the correct substitution and successfully clone your private repository and install the chaincode.
This needs to be done on all of the validating peers. Peers without this config will not be able to find the chaincode and will break consensus.
For anyone who uses Gitlab instead of Github, you need to use a CI runner token, the command looks like this:
GITLAB_CI_TOKEN="tokenFromStep1"
git config --global url."https://gitlab-ci-token:${GITLAB_CI_TOKEN}@gitlab.com/".insteadOf "https://gitlab.com/"
@wdawson4 : I think this would be a great option in SDK.
@cbc @ghaskins @angrbrd @smithbk thoughts ?
