peer – Manage a Hyperledger Fabric peer
Synopsis
Create, update, or delete a Hyperledger Fabric peer.
This module works with the IBM Support for Hyperledger Fabric software or the Hyperledger Fabric Open Source Stack running in a Red Hat OpenShift or Kubernetes cluster.
Parameters
- api_endpoint (required)
The URL for the Fabric operations console.
Type: str- api_authtype (required)
basic- Authenticate to the Fabric operations console using basic authentication. You must provide both a valid API key using api_key and API secret using api_secret.Type: str- api_key (required)
The API key for the Fabric operations console.
Type: str- api_secret
The API secret for the Fabric operations console.
Only required when api_authtype is
basic.Type: str- api_timeout
The timeout, in seconds, to use when interacting with the Fabric operations console.
Type: intDefault value:60- state
absent- A peer matching the specified name will be stopped and removed.
present- Asserts that a peer matching the specified name and configuration exists. If no peer matches the specified name, a peer will be created. If a peer matches the specified name but the configuration does not match, then the peer will be updated, if it can be. If it cannot be updated, it will be removed and re-created with the specified configuration.Type: strDefault value:present- name (required)
The name of the peer.
Type: str- msp_id
The MSP ID for this peer.
Only required when state is
present.Type: str- state_db
couchdb- Use CouchDB as the state database for this peer.
leveldb- Use LevelDB as the state database for this peer.Type: strDefault value:couchdb- certificate_authority
The certificate authority to use to enroll the identity for this peer.
You can pass a string, which is the display name of a certificate authority registered with the Fabric operations console.
You can also pass a dictionary, which must match the result format of one of the ERROR while parsing: While parsing “M(certificate_authority_info)” at index 82: Module name “certificate_authority_info” is not a FQCN or ERROR while parsing: While parsing “M(certificate_authority)” at index 115: Module name “certificate_authority” is not a FQCN modules.
Only required when config is not specified.
Type: raw- enrollment_id
The enrollment ID, or user name, of an identity registered on the certificate authority for this peer.
Only required when config is not specified.
Type: str- enrollment_secret
The enrollment secret, or password, of an identity registered on the certificate authority for this peer.
Only required when config is not specified.
Type: str- admins
The list of administrator certificates for this peer.
Administrator certificates must be supplied as base64 encoded PEM files.
Only required when config is not specified.
Type: listElements: str- config
The initial configuration for the peer. This is only required if you need more advanced configuration than is provided by this module using certificate_authority and related options.
Type: dict- config_override
The configuration overrides for the peer.
See the Hyperledger Fabric documentation for available options: https://github.com/hyperledger/fabric/blob/release-1.4/sampleconfig/core.yaml
Type: dict- resources
The Kubernetes resource configuration for the peer.
Type: dict
- peer
The Kubernetes resource configuration for the peer container.
Type: dict
- requests
The Kubernetes resource requests for the peer container.
Type: str
- cpu
The Kubernetes CPU resource request for the peer container.
Type: strDefault value:200m- memory
The Kubernetes memory resource request for the peer container.
Type: strDefault value:1G- proxy
The Kubernetes resource configuration for the proxy container.
Type: dict
- requests
The Kubernetes resource requests for the proxy container.
Type: str
- cpu
The Kubernetes CPU resource request for the proxy container.
Type: strDefault value:100m- memory
The Kubernetes memory resource request for the proxy container.
Type: strDefault value:200M- couchdb
The Kubernetes resource configuration for the CouchDB container.
Type: dict
- requests
The Kubernetes resource requests for the CouchDB container.
Type: str
- cpu
The Kubernetes CPU resource request for the CouchDB container.
Type: strDefault value:200m- memory
The Kubernetes memory resource request for the CouchDB container.
Type: strDefault value:400M- dind
The Kubernetes resource configuration for the Docker in Docker (DinD) container.
This configuration is only used if the peer is using Hyperledger Fabric v1.4.
Type: dict
- requests
The Kubernetes resource requests for the Docker in Docker (DinD) container.
Type: str
- cpu
The Kubernetes CPU resource request for the Docker in Docker (DinD) container.
Type: strDefault value:1- memory
The Kubernetes memory resource request for the Docker in Docker (DinD) container.
Type: strDefault value:1G- chaincodelauncher
The Kubernetes resource configuration for the chaincode launcher container.
This configuration is only used if the peer is using Hyperledger Fabric v2.0 or later.
Type: dict
- requests
The Kubernetes resource requests for the chaincode launcher container.
Type: str
- cpu
The Kubernetes CPU resource request for the chaincode launcher container.
Type: strDefault value:200m- memory
The Kubernetes memory resource request for the chaincode launcher container.
Type: strDefault value:400M- crypto
Component crypto configuration for connecting to a certificate authority
Type: dict
- enrollment
Enrollment information for connecting to a certificate authority
Type: dict
- component
Admin certificates for connecting to a certificate authority
Type: dict
- admins
An array that contains base 64 encoded PEM identity certificates for administrators. Also known as signing certificates of an organization administrator.
Type: dict- ca
Configuration for connecting to the certificate authority
Type: dict
- host
The CA’s hostname. Do not include protocol or port. Must be a hostname from a known CA.
Type: str- port
The CA’s port.
Type: str- name
The CA’s “CAName” attribute. This name is used to distinguish this CA from the TLS CA.
Type: str- tls_cert
The TLS certificate as base 64 encoded PEM. Certificate is used to secure/validate a TLS connection with this component.
Type: str- enroll_id
The username of the enroll id.
Type: str- enroll_secret
The password of the enroll id.
Type: str- tlsca
Configuration for connecting to the TLS certificate authority
Type: dict
- host
The CA’s hostname. Do not include protocol or port. Must be a hostname from a known CA.
Type: str- port
The CA’s port.
Type: str- name
The CA’s “CAName” attribute. This name is used to distinguish this CA from the TLS CA.
Type: str- tls_cert
The TLS certificate as base 64 encoded PEM. Certificate is used to secure/validate a TLS connection with this component.
Type: str- enroll_id
The username of the enroll id.
Type: str- enroll_secret
The password of the enroll id.
Type: str- storage
The Kubernetes storage configuration for the peer.
Type: dict
- peer
The Kubernetes storage configuration for the peer container.
Type: dict
- size
The size of the Kubernetes persistent volume claim for the peer container.
Type: strDefault value:100Gi- class
The Kubernetes storage class for the the Kubernetes persistent volume claim for the peer container.
By default, the Kubernetes storage class for the Fabric operations console is used.
Type: str- statedb
The Kubernetes storage configuration for the CouchDB container.
Type: dict
- size
The size of the Kubernetes persistent volume claim for the CouchDB container.
Type: strDefault value:100Gi- class
The Kubernetes storage class for the the Kubernetes persistent volume claim for the CouchDB container.
By default, the Kubernetes storage class for the Fabric operations console is used.
Type: str- hsm
The PKCS #11 compliant HSM configuration to use for the peer.
Type: dict
- pkcs11endpoint
The HSM proxy endpoint that the peer should use.
Type: str- label
The HSM label that the peer should use.
Type: str- pin
The HSM pin that the peer should use.
Type: str- zone
The Kubernetes zone for this peer.
If you do not specify a Kubernetes zone, and multiple Kubernetes zones are available, then a random Kubernetes zone will be selected for you.
See the Kubernetes documentation for more information: https://kubernetes.io/docs/setup/best-practices/multiple-zones/
Type: str- version
The version of Hyperledger Fabric to use for this peer.
If you do not specify a version, the default Hyperledger Fabric version will be used for a new peer.
If you do not specify a version, an existing peer will not be upgraded.
If you specify a new version, an existing peer will be automatically upgraded.
The version can also be specified as a version range specification, for example
>=2.2,<3.0, which will match Hyperledger Fabric v2.2 and greater, but not Hyperledger Fabric v3.0 and greater.See the
semantic_versionPython module documentation for more information: https://python-semanticversion.readthedocs.io/en/latest/reference.html#semantic_version.SimpleSpecType: str- wait_timeout
The timeout, in seconds, to wait until the peer is available.
Type: intDefault value:60
Examples
- name: Create peer
hyperledger.fabric_ansible_collection.peer:
state: present
api_endpoint: https://console.example.org:32000
api_authtype: basic
api_key: xxxxxxxx
api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: Org1 Peer
msp_id: Org1MSP
certificate_authority: Org1 CA
enrollment_id: org1peer
enrollment_secret: org1peerpw
admin_certificates:
- LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...
- name: Create peer with custom resources and storage
hyperledger.fabric_ansible_collection.peer:
state: present
api_endpoint: https://console.example.org:32000
api_authtype: basic
api_key: xxxxxxxx
api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: Org1 Peer
msp_id: Org1MSP
certificate_authority: Org1 CA
enrollment_id: org1peer
enrollment_secret: org1peerpw
admin_certificates:
- LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...
resources:
peer:
requests:
cpu: 400m
memory: 2G
storage:
peer:
size: 200Gi
class: ibmc-file-gold
- name: Create peer that uses an HSM
hyperledger.fabric_ansible_collection.peer:
state: present
api_endpoint: https://console.example.org:32000
api_authtype: basic
api_key: xxxxxxxx
api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: Org1 Peer
msp_id: Org1MSP
certificate_authority: Org1 CA
enrollment_id: org1peer
enrollment_secret: org1peerpw
admin_certificates:
- LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...
hsm:
pkcs11endpoint: tcp://pkcs11-proxy.example.org:2345
label: Org1 CA label
pin: 12345678
- name: Create multiple peers with advanced crypto configuration (CSR Hosts with SANs) and K8S builder
hyperledger.fabric_ansible_collection.peer:
state: present
api_endpoint: https://console.example.org:32000
api_authtype: basic
api_key: xxxxxxxx
api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
api_token_endpoint: "{{ api_token_endpoint | default(omit) }}"
api_timeout: "{{ api_timeout | default(omit) }}"
name: "Org Peer{{ item }}"
msp_id: "Org1MSP"
state_db: "{{ peer_state_db }}"
resources: "{{ peer_resources | default(omit) }}"
storage: "{{ peer_storage | default(omit) }}"
version: "{{ peer_version | default(omit) }}"
zone: "{{ peer_zones[peer_idx] | default(omit) }}"
wait_timeout: "{{ wait_timeout | default(omit) }}"
crypto:
enrollment:
component:
admin_certs:
- "{{ endorsing_organization_org_admin.enrolled_identity.cert | default(omit) }}"
ca:
host: "console_namespace-ca-ca.your.own.domain.localh.st"
port: "443"
name: "ca"
tls_cert: "{{ organization_ca.certificate_authority.pem }}"
enroll_id: "{{ peer_enrollment_id }}{{ item }}"
enroll_secret: "{{ peer_enrollment_secret }}"
tlsca:
host: "console_namespace-ca-ca.your.own.domain.localh.st"
port: "443"
name: "tlsca"
tls_cert: "{{ organization_ca.certificate_authority.pem }}"
enroll_id: "{{ peer_enrollment_id }}{{ item }}"
enroll_secret: "{{ peer_enrollment_secret }}"
csr_hosts:
- peers.your.own.domain.localh.st
- peer.your.own.domain.localh.st
- "127.0.0.1"
config_override:
chaincode:
externalBuilders:
- name: k8s_builder
path: /opt/hyperledger/k8s_builder
propagateEnvironment:
- CORE_PEER_ID
- FABRIC_K8S_BUILDER_DEBUG
- FABRIC_K8S_BUILDER_NAMESPACE
- FABRIC_K8S_BUILDER_OBJECT_NAME_PREFIX
- FABRIC_K8S_BUILDER_SERVICE_ACCOUNT
- KUBERNETES_SERVICE_HOST
- KUBERNETES_SERVICE_PORT
loop: "{{ range(1, number_of_peers|int + 1, 1) | list }}"
loop_control:
index_var: peer_idx
- name: Destroy peer
hyperledger.fabric_ansible_collection.peer:
state: absent
api_endpoint: https://console.example.org:32000
api_authtype: basic
api_key: xxxxxxxx
api_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
name: Org1 Peer
Return Values
- peer
The peer.
Returned: when state ispresentType: dict
- name
The name of the peer.
Type: strSample:Org1 Peer- api_url
The URL for the API of the peer.
Type: strSample:grpcs://org1peer-api.example.org:32000- operations_url
The URL for the operations service of the peer.
Type: strSample:grpcs://org1peer-operations.example.org:32000- grpcwp_url
The URL for the gRPC web proxy of the peer.
Type: strSample:grpcs://org1peer-grpcwebproxy.example.org:32000- msp_id
The MSP ID of the peer.
Type: strSample:Org1MSP- pem
The TLS certificate chain for the peer.
The TLS certificate chain is returned as a base64 encoded PEM.
Type: strSample:LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...- tls_ca_root_cert
The TLS certificate chain for the peer.
The TLS certificate chain is returned as a base64 encoded PEM.
Type: strSample:LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...- tls_cert
The TLS certificate for the peer.
The TLS certificate is returned as a base64 encoded PEM.
Type: strSample:LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0t...- location
The location of the peer.
Type: strSample:ibmcloud