Initial
Top-Subjects
- Cryptographic Keys (public & private)
- Chaincode: install & instantiat & upgrade (Ohne/Mit TLS && Multi-Org)
- CA Operations: Regesrtation, Enroll.
- Multi-Org mit JP
- SoftHSM (Hardware Security Module): installing, configuring and testing the SoftHSM via PKCS#11 interface. https://www.opendnssec.org/softhsm/
Source
Subjects
* Generate configuration crypto
* Generate configuration genesis
* Generate configuration channel
* Generate configuration anchor
* ..................................
* Expand Network: Peer
* Expand Network: Ancher
* Expand Network: Channel
* Expand Network: MultiOrg
* ..................................
* Chaincode install
* Chaincode upgrade
* ..................................
* Infrastrukture: CouchDB
* Infrastrukture: Kafka
* ..................................
* CA (Certificate Authorities)
* TLS (Transport Layer Security)
* Discovery
Objects
- Channel: Network
- Chaincode: Programmed business logic
- MSP (Member Service Provider): Certificates for Members. >>> CA
- TLS (Transport Layer Security): Certificates for Transport/communications. Secure all communication between nodes.
...
- Peer: Node
- AnchorPeer define the location of peer which can be used for cross org gossip communication.
- Orderer: Responsible for Transactions from Nodes.
- CA (Certificate Authorities): Responsble for Authentications Users. >>> MSP
Infrastructure
- vCPU: 2
- RAM: 7GB
- HDD: 30GB
- OS: Ubuntu 16.04
# -*- mode: ruby -*-
# vi: set ft=ruby :
ENV['VAGRANT_DEFAULT_PROVIDER'] = 'virtualbox'
ENV["LC_ALL"] = "en_US.UTF-8"
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/xenial64"
config.vm.hostname = "fabric"
config.vm.network "public_network"
config.vm.base_address = "192.168.178.201"
config.vm.base_mac = "0800278A8081"
config.vm.synced_folder ".", "/vagrant"
config.disksize.size = '50GB'
# --------------------------------------------------------------------
config.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.name = "Fabric"
vb.cpus = 2
vb.memory = 4096
end
# --------------------------------------------------------------------
end
Code
sudo apt install curl git python-minimal docker-ce
# https://github.com/hyperledger/fabric-samples.git
curl -sSL http://bit.ly/2ysbOFE | bash -s 1.4.0 # bootstrap: Download the Fabric-Samples und Download Fabric
Basisc
Folder-Structure
configca>>>>OrderersInOrg>>>>Domian>>>Orderers>>>>HOST>>>>MSP && TLS
configca>>>>PeersInOrg...>>>>Domain>>>Peers...>>>>HOST>>>>MSP && TLS
configca>>>>PeersInOrg...>>>>Domain>>>Users...>>>>USER>>>>MSP && TLS
configca>>>>PeersInOrg...>>>>Domain>>>ca......>>>>KEYFILE && CERTFILE
ENV
export BASE_FOLDER=/opt/gopath/src/github.com/hyperledger/fabric/peer/
export CORE_PEER_LOCALMSPID=Org1MSP
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/Admin@org1.example.com/msp
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/configca/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
Docker
docker-compose -f docker-compose.yml kill
docker-compose -f docker-compose.yml down
docker-compose -f docker-compose.yml up -d ca orderer couchdb0 peer0 cli
----------------------------------------------------------------------
docker logs peer0
docker exec -it peer0 bash
docker exec -e $CORE_PEER_LOCALMSPID -e $CORE_PEER_MSPCONFIGPATH -it peer0 bash
Generate configuration
cryptogen generate --config=./crypto-config.yaml # Generate crypto certificates
cryptogen extend --config=./crypto-config.yaml # Extend crypto certificates
configtxgen -profile GenesisOrg1 -outputBlock ./config/genesis.block # Generate transaction: genesis block
configtxgen -profile ChannelOneOrg1 -outputCreateChannelTx ./config/channel1org1.tx -channelID channel1org1 # Generate transaction: channel
configtxgen -profile ChannelOneOrg1 -outputAnchorPeersUpdate ./config/ancherpeer0org1.tx -channelID channel1org1 -asOrg Org1MSP # Generate transaction: anchor peer
configtxgen -inspectBlock ./config/genesis.block # Inspects genesis block
Peer Operations
Channel
peer channel create -o orderer.example.com:7050 -c channel1org1 -f /etc/hyperledger/configtx/channel1org1.tx
peer channel fetch oldest channel1org1.block -o orderer.example.com:7050 -c channel1org1
peer channel join -b channel1org1.block
peer channel update -o orderer.example.com:7050 -c channel1org1 -f ./config/ancherpeer1org1.tx
peer channel fetch config blockFetchedConfig.pb -o orderer.example.com:7050 -c allarewelcome
peer channel list
Chaincode
peer chaincode install -n ccForAll -p github.com/sacc -v 1.0
peer chaincode instantiate -n ccForAll -v 1.0 -C allarewelcome -o orderer.example.com:7050 -c '{"Args":["Mach","50"]}' --policy "AND('Org1.peer', OR ('Org1.member'))"
peer chaincode upgrade -n ccForAll -v 1.1 -C allarewelcome -c '{"Args":["Mach","50"]}' --policy "AND('Org1.peer','Org2.peer', OR('Org1.member','org2.peer'))"
peer chaincode list --installed
peer chaincode list --instantiated -C channel1org1
Multi-Org
cryptogen extend --config=./configca.yaml
configtxgen -printOrg Org2MSP > ./configtx/org2_definition.json
...
docker exec -it cli bash
peer channel fetch config blockFetchedConfig.pb -o orderer.example.com:7050 -c allarewelcome
configtxlator proto_decode --input blockFetchedConfig.pb --type common.Block | jq .data.data[0].payload.data.config > configBlock.json
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups":{"Org2MSP":.[1]}}}}}' configBlock.json ./configtx/org2_definition.json > configChanges.json
configtxlator proto_encode --input configBlock.json --type common.Config --output configBlock.pb
configtxlator proto_encode --input configChanges.json --type common.Config --output configChanges.pb
configtxlator compute_update --channel_id org1channel1 --original configBlock.pb --updated configChanges.pb --output configProposal_Org2.pb
configtxlator proto_decode --input configProposal_Org2.pb --type common.ConfigUpdate | jq . > configProposal_Org2.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"allarewelcome","type":2}},"data":{"config_update":'$(cat configProposal_Org2.json)'}}}' | jq . > org2SubmitReady.json
configtxlator proto_encode --input org2SubmitReady.json --type common.Envelope --output org2SubmitReady.pb
peer channel signconfigtx -f org2SubmitReady.pb
peer channel update -f org2SubmitReady.pb -c allarewelcome -o orderer.example.com:7050
....
docker exec -it cli bash
peer channel fetch 0 Org2AddedConfig.block -o orderer.example.com:7050 -c allarewelcome
peer channel join -b Org2AddedConfig.block
CA
- Intial Server
- Enroll Server
- Register Node (admin, peer, user)
- Enroll Node
Initial Server
cd /etc/hyperledger/fabric-ca-server
rm ca-cert.pem fabric-ca-server-config.yaml
...
fabric-ca-server init -b caServerAdmin:AdminsRock
fabric-ca-server start -b caServerAdmin:AdminsRock -p 8080
Enroll Server
fabric-ca-client enroll -u http://caServerAdmin:AdminsRock@localhost:8080 -M $FABRIC_CA_HOME/msp/
Register & Ennroll an Admin for Org1
ATTRS='"hf.Registrar.Roles=peer",hf.GenCRL=true,admin=true:ecert,hf.Revoker=true'
...
fabric-ca-client register --id.name Org1Administrator --id.affiliation org1 --id.type admin --id.attrs $ATTRS --id.secret Org1Rocks -u http://localhost:8080
fabric-ca-client enroll -u http://Org1Administrator:Org1Rocks@localhost:8080 -M $FABRIC_CA_HOME/msp/Org1Administrator
Register & Ennroll an Peer for Org1
fabric-ca-client register --id.name peerJohn --id.affiliation org1 --id.type peer --id.secret 'IAMAPEER!' -u http://Org1Administrator:Org1Rocks@localhost:8080
fabric-ca-client enroll -u http://peerJohn:'IAMAPEER!'@localhost:8080 -M $FABRIC_CA_HOME/msp/peerJohn
Register & Ennroll an User for Org2
fabric-ca-client register --id.name peerSam --id.affiliation org2 --id.type user --id.secret 'IAMAPEER2!' -u http://Org2Administrator:Org2Rocks@localhost:8080
fabric-ca-client enroll -u http://peerSam:'IAMAPEER2!'@localhost:8080 -M $FABRIC_CA_HOME/msp/peerSam
Modify
fabric-ca-client identity modify peerSam --affiliation org1 --type peer --secret ImFinallyAPeer
fabric-ca-client identity list *
fabric-ca-client identity list --id peerSam
fabric-ca-client revoke -e peerSam -r 'keycompromise'
fabric-ca-client gencrl
fabric-ca-client certificate list --revocation 2018-01-01::2019-12-30
TLS
- CORE_PEER_TLS_ENABLED= true
- CORE_PEER_TLS_ROOTCERT_FILE= /etc/hyperledger/msp/peer/tls/ca.crt
- CORE_PEER_TLS_CERT_FILE= /etc/hyperledger/msp/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE= /etc/hyperledger/msp/peer/tls/server.key
peer channel list -o orderer.example.com:7050 --tls
peer channel create -o orderer.example.com:7050 -c mychannel -f ./config/channel.tx --tls true --cafile $CA_FILE # Creating channel
peer channel update -o orderer.example.com:7050 -c mychannel -f ./config/channel.tx --tls true --cafile $CA_FILE # Updating anchor peers
...
peer chaincode list --installed --tls
peer chaincode install -n mycc -v 1.0 -l golang -p github.com/chaincode/chaincode_example02/go/
peer chaincode install -n mycc -v 1.3 -p github.com/sacc --tls --cafile $CORE_PEER_TLS_ROOTCERT_FILE --certfile $CORE_PEER_TLS_CERT_FILE --keyfile $CORE_PEER_TLS_KEY_FILE
Discovery
export USER_KEY_FILE= ../configca/peerOrganizations/org1.example.com/userer/User1@org1.example.com/msp/keystore/ba57b6261921e0f6bf271ab01501e66e732eaff2b31f6ca106875d29af6fd431_sk
export USER_CRT_FILE= ../configca/peerOrganizations/org1.example.com/userer/User1@org1.example.com/msp/signcerts/User1@org1.example.com-cert.pem
...
discover saveConfig --configFile discoveryConfig.yaml --userKey $USER_KEY_FILE --userCert $USER_CRT_FILE --MSP Org1MSP
discover peers --configFile discoveryConfig.yaml --channel org1channel1 --server peer0.org1.example.com:7051
discover peers --configFile discoveryConfig.yaml --channel org1channel1 --server peer0.org1.example.com:7051 --chaincode ccForAll
Infrastructure: CouchDB
#-------------------------
couchdbOrg1Peer0:
container_name: couchdbOrg1Peer0
image: hyperledger/fabric-couchdb
environment:
- COUCHDB_USER=peer0.Org1
- COUCHDB_PASSWORD=password
ports:
- "5984:5984"
networks:
- basic
#-------------------------
environment:
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdbOrg1Peer0:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=peer0.Org1
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=password
depends_on:
- orderer.example.com
- couchdbPeer0Org1
#-------------------------
Infrastructure: Kafka
# configtx.xaml
# -----------------------------------
Orderer: &OrdererDefaults
OrdererType: kafka
...
Kafka:
Brokers:
- kafkaA.example.com:9092
- kafkaB.example.com:9092
# -----------------------------------
Settings-YAML
- container_name
- image
- ports
- depends_on
- networks
- command
- working_dir
- volumes
- environment
Commands
CMD_CA: sh -c 'fabric-ca-server start -b admin:adminpw'
CMD_Orderer: orderer
CMD_Peer: peer node start
CMD_CLI: /bin/bash
Working-Directory
WD_CA: KEIN
WD_Order: /opt/gopath/src/github.com/hyperledger/fabric/orderer
WD_Peer: /opt/gopath/src/github.com/hyperledger/fabric
WD_CLI: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes
./crypto-config/peerOrganizations/org1.example.com/ca/: /etc/hyperledger/fabric-ca-server-config
./config/: /etc/hyperledger/configtx
./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/: /etc/hyperledger/msp/orderer
./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/: /etc/hyperledger/msp/peerOrg1
/var/run/: /host/var/run/
./config: /etc/hyperledger/configtx
./crypto-config/peerOrganizations/org2.example.com/users: /etc/hyperledger/msp/users
./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp: /etc/hyperledger/msp/peer
./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls: /etc/hyperledger/msp/peer/tls
/var/run/: /host/var/run/
./../chaincode/: /opt/gopath/src/github.com/
./config: /opt/gopath/src/github.com/hyperledger/fabric/peer/config/
./crypto-config: /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
Environment
FABRIC_CA_SERVER_CA_NAME= ca.example.com
FABRIC_CA_HOME= /etc/hyperledger/fabric-ca-server
FABRIC_CA_SERVER_CA_CERTFILE= /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
FABRIC_CA_SERVER_CA_KEYFILE= /etc/hyperledger/fabric-ca-server-config/4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c_sk
FABRIC_LOGGING_SPEC= info
ORDERER_GENERAL_LISTENADDRESS= 0.0.0.0
ORDERER_GENERAL_GENESISMETHOD= file
ORDERER_GENERAL_LOCALMSPID= OrdererMSP
ORDERER_GENERAL_GENESISFILE= /etc/hyperledger/configtx/genesis.block
ORDERER_GENERAL_LOCALMSPDIR= /etc/hyperledger/msp/orderer/msp
CORE_VM_ENDPOINT= unix:///host/var/run/docker.sock
CORE_LOGGING_PEER= debug
CORE_CHAINCODE_LOGGING_LEVEL= debug
CORE_PEER_ID= peer0.org2.example.com
CORE_PEER_LOCALMSPID= Org2MSP
CORE_PEER_MSPCONFIGPATH= /etc/hyperledger/msp/peer/
CORE_PEER_ADDRESS= peer0.org2.example.com:7051
CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE= startFiles_basic
CORE_LEDGER_STATE_STATEDATABASE= CouchDB
CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS= couchdbOrg2Peer0:5984
CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME= Org2Peer0
CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD= password
CORE_PEER_TLS_KEY_FILE= /etc/hyperledger/msp/peer/tls/server.key
CORE_PEER_TLS_CERT_FILE= /etc/hyperledger/msp/peer/tls/server.crt
CORE_PEER_TLS_ROOTCERT_FILE= /etc/hyperledger/msp/peer/tls/ca.crt
CORE_PEER_TLS_KEY_FILE= /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
CORE_PEER_TLS_CERT_FILE= /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
CORE_PEER_TLS_ROOTCERT_FILE= /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
Tutorial: Building First Network
sudo apt-get install curl
sudo apt-get install golang-go
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
sudo apt-get install nodejs
sudo apt-get install npm
sudo apt-get install python
sudo apt-get install docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
apt-cache policy docker-ce
sudo apt-get install -y docker-ce
sudo apt-get install docker-compose
sudo apt-get upgrade
sudo curl -sSL https://goo.gl/6wtTN5 | sudo bash -s 1.1.0
sudo chmod 777 -R fabric-samples
cd fabric-samples/first-network
...
sudo ./byfn.sh generate
sudo ./byfn.sh up
sudo ./byfn.sh down
