Vagrant-Infrastructure
- vCPU: 2
- RAM: 7GB
- HDD: 30GB
- OS: Ubuntu 16.04
- Fabric: v1.4.1
# -*- mode: ruby -*-
# vi: set ft=ruby :
ENV['VAGRANT_DEFAULT_PROVIDER'] = 'virtualbox'
ENV["LC_ALL"] = "en_US.UTF-8"
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/xenial64"
config.vm.hostname = "fabric"
config.vm.network "public_network"
config.vm.base_address = "192.168.178.201"
config.vm.base_mac = "0800278A8081"
config.vm.synced_folder ".", "/vagrant"
config.disksize.size = '50GB'
# --------------------------------------------------------------------
config.vm.provider "virtualbox" do |vb|
vb.gui = false
vb.name = "Fabric"
vb.cpus = 2
vb.memory = 4096
end
# --------------------------------------------------------------------
end
Initial
Ref: main
Ref: temp
Glossary
* Peer: Node
* Channel: Is a primary communications mechanism between the members of a consortium
* CA (Certificate Authorities): issue identities by generating a public and private key.
* MSP (Member Service Provider): contains a list of permissioned identities.
* TLS (Transport Layer Security): Certificates for Transport/communications. Secure all communication between nodes.
* AnchorPeer: define the location of peer which can be used for cross org gossip communication.
* Orderer: Are Nodes that orders transactions into a block and then distributes blocks to connected peers for validation and commit.
* Orderer: validates & generates a new configuration transaction, and packages it into a block, then broadcaste to all peers on the channel.
* Transactions: Transactions are created when a chaincode is invoked from a client application to read or write data from the ledge.
* Block/Blockchain: A block contains an ordered set of transactions. Chain is a transaction log structured as hash-linked blocks of transactions.
* SmartContract(Chaincode): Defines the transaction logic of a business object. It is then packaged into a chaincode, then deployed to a blockchain network (Leger).
* Ledger: blockchain & worldstate. Is a record of all state transitions. State transitions are a result of chaincode invocations (“transactions”).
* World State/Current State: The world state represents the latest values for all keys included in the chain transaction log.
* Consensus(إجماع)/Consistent(ثابت): Shared agreement. Is a process, in which each peer in a channel update its own copy of the ledger with every other peer’s copy.
Notes-Collections
- Components: Ledger, Channel, Chaincode, types of network nodes (Endorser, Committer, Orderer, etc.), transaction flow, Certificate Authority (CA).
- Cryptographic Keys (public & private)
- Chaincode: install & instantiat & upgrade (Ohne/Mit TLS && Multi-Org)
- CA Operations: Regesrtation, Enroll.
- Multi-Org mit JP
- SoftHSM (Hardware Security Module): installing, configuring and testing the SoftHSM via PKCS#11 interface. https://www.opendnssec.org/softhsm/
- Logging-Levels: critical, error, warning, notice, info, debug
Notes-My
Architekture
Life-Cycle
* Generate configuration crypto
* Generate configuration genesis
* Generate configuration channel
* Generate configuration anchor
..................................
* Expand Network: Peer
* Expand Network: Anchor
* Expand Network: Channel
* Expand Network: MultiOrg
..................................
* Chaincode install
* Chaincode upgrade
..................................
* Infrastrukture: CouchDB
* Infrastrukture: Kafka
..................................
* CA (Certificate Authorities)
* TLS (Transport Layer Security)
* MSP (Membership Service Provider)
* Discovery
* BCCSP (BlockChain Crypto Service Provider)
Code
* https://github.com/hyperledger/fabric # /bin/ && /config/
* https://github.com/hyperledger/fabric-ca # /bin/fabric-ca-client && /bin/fabric-ca-server
* https://github.com/hyperledger/fabric-samples # Samples-Fabric-Projects
# bootstrap: Download the Fabric-Core, Fabric-CA and Fabric-Samples
curl -sSL http://bit.ly/2ysbOFE | bash -s 1.4.9
curl -sSL http://bit.ly/2ysbOFE | bash -s -- 1.4.7 1.4.7 0.4.20
cd ./fabric-samples/basic-network/
start.sh
stop.sh
---
cd ./fabric-samples/first-network/
eyfn.sh generate
eyfn.sh up
eyfn.sh down
Basisc
Configuration-Files
- Transaction (configtx.yaml)
- Crypto (crypto-config.yaml)
- Orderer (orderer.yaml)
- Peer (core.yaml)
- CA-Client (fabric-ca-client-config.yaml)
- CA-Server (fabric-ca-server-config.yaml)
Folders
>>> Orderer/Peer
* node (Orderer/Peer) >>has>> msp & tls
* msp
* ca
* tlsca
* users
Files
>>> MSP (Membership Service Provider) file.pem
* certs-Admin (Admin@org1.example.com-cert.pem)
* certs-CA-TLS-None (ca.org1.example.com-cert.pem)
* certs-CA-TLS-With (tlsca.org1.example.com-cert.pem)
>>> TLS (Transport Layer Security) file.crt & file.key
* crt-Admin (CA: Certificate Authority) (ca.crt)
* crt-Node (Peer/Orderer) (server.crt)
* key-Node (Peer/Orderer) (server.key)
ENV
export BASE_FOLDER=/etc/hyperledger/
export BASE_FOLDER=/opt/gopath/src/github.com/hyperledger/
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export CORE_PEER_LOCALMSPID=Org1MSP
export CORE_PEER_MSPCONFIGPATH=./configcr/peerOrganizations/org1.example.com/users
Docker
docker-compose -f docker-compose.yml stop
docker-compose -f docker-compose.yml kill
docker-compose -f docker-compose.yml down
docker-compose -f docker-compose.yml up -d ca orderer couchdb0 peer0 cli
----------------------------------------------------------------------
docker logs peer0
docker exec -it peer0 bash
docker exec -e $CORE_PEER_LOCALMSPID -e $CORE_PEER_MSPCONFIGPATH -it peer0 bash
Generate configuration
cryptogen generate --config=./crypto-config.yaml # Generate crypto certificates
cryptogen extend --config=./crypto-config.yaml # Extend crypto certificates
configtxgen -profile Genesis -outputBlock ./config/genesis.block # Generate transaction: genesis
configtxgen -profile Channel -outputCreateChannelTx ./config/channel.tx -channelID channel-id # Generate transaction: channel
configtxgen -profile Channel -outputAnchorPeersUpdate ./config/ancher.tx -channelID channel-id -asOrg Org1MSP # Generate transaction: anchor
configtxgen -inspectBlock ./config/genesis.block # Inspects genesis block
Peer Operations
Channel
peer channel create -o orderer.example.com:7050 -c channel-id -f /etc/hyperledger/configtx/channel.tx
peer channel fetch oldest channel-id.block -o orderer.example.com:7050 -c channel-id
peer channel join -b channel-id.block
peer channel update -o orderer.example.com:7050 -c channel-id -f ./config/ancher.tx
---
peer channel fetch config blockFetchedConfig.pb -o orderer.example.com:7050 -c allarewelcome
peer channel list
Chaincode
peer chaincode install -n ccForAll -p github.com/sacc -v 1.0
peer chaincode instantiate -n ccForAll -v 1.0 -C allarewelcome -o orderer.example.com:7050 -c '{"Args":["Mach","50"]}' --policy "AND('Org1.peer', OR ('Org1.member'))"
peer chaincode upgrade -n ccForAll -v 1.1 -C allarewelcome -c '{"Args":["Mach","50"]}' --policy "AND('Org1.peer','Org2.peer', OR('Org1.member','org2.peer'))"
peer chaincode list --installed
peer chaincode list --instantiated -C channel1org1
Multi-Org
cryptogen extend --config=./configca.yaml
configtxgen -printOrg Org2MSP > ./configtx/org2_definition.json
...
docker exec -it cli bash
peer channel fetch config blockFetchedConfig.pb -o orderer.example.com:7050 -c allarewelcome
configtxlator proto_decode --input blockFetchedConfig.pb --type common.Block | jq .data.data[0].payload.data.config > configBlock.json
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups":{"Org2MSP":.[1]}}}}}' configBlock.json ./configtx/org2_definition.json > configChanges.json
configtxlator proto_encode --input configBlock.json --type common.Config --output configBlock.pb
configtxlator proto_encode --input configChanges.json --type common.Config --output configChanges.pb
configtxlator compute_update --channel_id org1channel1 --original configBlock.pb --updated configChanges.pb --output configProposal_Org2.pb
configtxlator proto_decode --input configProposal_Org2.pb --type common.ConfigUpdate | jq . > configProposal_Org2.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"allarewelcome","type":2}},"data":{"config_update":'$(cat configProposal_Org2.json)'}}}' | jq . > org2SubmitReady.json
configtxlator proto_encode --input org2SubmitReady.json --type common.Envelope --output org2SubmitReady.pb
peer channel signconfigtx -f org2SubmitReady.pb
peer channel update -f org2SubmitReady.pb -c allarewelcome -o orderer.example.com:7050
....
docker exec -it cli bash
peer channel fetch 0 Org2AddedConfig.block -o orderer.example.com:7050 -c allarewelcome
peer channel join -b Org2AddedConfig.block
CA (Certificate Authority)
- Intial Server
- Enroll Server
- Register Node (admin, peer, user)
- Enroll Node
Initial Server
cd /etc/hyperledger/fabric-ca-server
rm ca-cert.pem fabric-ca-server-config.yaml
fabric-ca-server init -b admin:admin # Initialized Root CA-Server
fabric-ca-server start -b admin:admin -p 8080 # Start Root CA-Server
fabric-ca-server start -b intermediate:intermediate -u http://admin:admin@localhost:8080 -p 3000 # Start Intermediate CA-Server
Register & Enroll: bootstrap
fabric-ca-client enroll -u http://admin:admin@localhost:8080 -M $FABRIC_CA_HOME/clients/admin/msp
Register & Enroll: admin
fabric-ca-client register -u http://localhost:8080 --id.name nameAdmin --id.secret 'password' --id.affiliation org1 --id.type admin --id.attrs 'hf.Registrar.Roles=peer, hf.GenCRL=true, admin=true:ecert, hf.Revoker=true'
fabric-ca-client enroll -u http://nameAdmin:password@localhost:8080 -M $FABRIC_CA_HOME/clients/nameAdmin/msp
Register & Ennroll: peer
fabric-ca-client register --id.name namePeer --id.secret 'password' --id.affiliation org1 --id.type peer -u http://nameAdmin:'password'@localhost:8080
fabric-ca-client enroll -u http://namePeer:'password'@localhost:8080 -M $FABRIC_CA_HOME/clients/namePeer/msp
Register & Ennroll: user
fabric-ca-client register --id.name nameUser --id.secret 'password' --id.affiliation org2 --id.type user -u http://nameAdmin:'password'@localhost:8080
fabric-ca-client enroll -u http://nameUser:'password'@localhost:8080 -M $FABRIC_CA_HOME/clients/nameUser/msp
Modify & Revoke
fabric-ca-client identity modify peerSam --affiliation org1 --type peer --secret ImFinallyAPeer
fabric-ca-client reenroll
fabric-ca-client revoke -e peerSam -r 'keycompromise'
fabric-ca-client gencrl
CMD
ls $FABRIC_CA_HOME/msp
ls $FABRIC_CA_HOME/msp/nameAdmin
ls $FABRIC_CA_HOME/msp/namePeer
ls $FABRIC_CA_HOME/msp/nameUser
fabric-ca-client identity list *
fabric-ca-client identity list --id nameAdmin
fabric-ca-client identity list --id namePeer
fabric-ca-client identity list --id nameUser
fabric-ca-client certificate list --id nameAdmin
fabric-ca-client certificate list --revocation 2018-01-01::2022-12-30
TLS (Transport Layer Security)
- Enable TLS
- The Key for peer
- The Certificate for peer
- The Certificate for root/admin
CORE_PEER_TLS_ENABLED= true
CORE_PEER_TLS_KEY_FILE= /etc/hyperledger/msp/peer/tls/server.key
CORE_PEER_TLS_CERT_FILE= /etc/hyperledger/msp/peer/tls/server.crt
CORE_PEER_TLS_ROOTCERT_FILE= /etc/hyperledger/msp/peer/tls/ca.crt
# Exported
peer chaincode list --installed --tls
...
# Runtime
peer chaincode install -n mycc -v 1.3 -p github.com/sacc --tls --cafile $CORE_PEER_TLS_ROOTCERT_FILE --certfile $CORE_PEER_TLS_CERT_FILE --keyfile $CORE_PEER_TLS_KEY_FILE
Discovery
--userKey >> $USER_KEY_FILE=*/peer/*/user/*/msp/keystore
--userCert >> $USER_CER_FILE=*/peer/*/user/*/msp/signcerts
...
CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
discover saveConfig --configFile discoveryConfig.yaml --userKey $USER_KEY_FILE --userCert $USER_CER_FILE --MSP Org1MSP
discover peers --configFile discoveryConfig.yaml --channel org1channel1 --server peer0.org1.example.com:7051
discover peers --configFile discoveryConfig.yaml --channel org1channel1 --server peer0.org1.example.com:7051 --chaincode ccForAll
Infrastructure: CouchDB
#-------------------------
couchdbOrg1Peer0:
container_name: couchdbOrg1Peer0
image: hyperledger/fabric-couchdb
environment:
- COUCHDB_USER=peer0.Org1
- COUCHDB_PASSWORD=password
ports:
- "5984:5984"
networks:
- basic
#-------------------------
environment:
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdbOrg1Peer0:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=peer0.Org1
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=password
depends_on:
- orderer.example.com
- couchdbPeer0Org1
#-------------------------
Infrastructure: Kafka
# configtx.xaml
# -----------------------------------
Orderer: &OrdererDefaults
OrdererType: kafka
...
Kafka:
Brokers:
- kafkaA.example.com:9092
- kafkaB.example.com:9092
# -----------------------------------
Settings-YAML
- container_name
- image
- ports
- depends_on
- networks
- command
- working_dir
- volumes
- environment
Commands
CMD_CA: sh -c 'fabric-ca-server start -b admin:adminpw'
CMD_Orderer: orderer
CMD_Peer: peer node start
CMD_CLI: /bin/bash
Working-Directory
WD_CA: KEIN
WD_Peer: /opt/gopath/src/github.com/hyperledger/fabric
WD_CLI: /opt/gopath/src/github.com/hyperledger/fabric/peer
WD_Order: /opt/gopath/src/github.com/hyperledger/fabric/orderer
volumes
./crypto-config/peerOrganizations/org1.example.com/ca/: /etc/hyperledger/fabric-ca-server-config
./config/: /etc/hyperledger/configtx
./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/: /etc/hyperledger/msp/orderer
./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/: /etc/hyperledger/msp/peerOrg1
/var/run/: /host/var/run/
./config: /etc/hyperledger/configtx
./crypto-config/peerOrganizations/org2.example.com/users: /etc/hyperledger/msp/users
./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp: /etc/hyperledger/msp/peer
./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls: /etc/hyperledger/msp/peer/tls
/var/run/: /host/var/run/
./../chaincode/: /opt/gopath/src/github.com/
./config: /opt/gopath/src/github.com/hyperledger/fabric/peer/config/
./crypto-config: /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
Environment
FABRIC_CA_SERVER_CA_NAME= ca.example.com
FABRIC_CA_HOME= /etc/hyperledger/fabric-ca-server
FABRIC_CA_SERVER_CA_CERTFILE= /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
FABRIC_CA_SERVER_CA_KEYFILE= /etc/hyperledger/fabric-ca-server-config/4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c_sk
FABRIC_LOGGING_SPEC= info
ORDERER_GENERAL_LISTENADDRESS= 0.0.0.0
ORDERER_GENERAL_GENESISMETHOD= file
ORDERER_GENERAL_LOCALMSPID= OrdererMSP
ORDERER_GENERAL_GENESISFILE= /etc/hyperledger/configtx/genesis.block
ORDERER_GENERAL_LOCALMSPDIR= /etc/hyperledger/msp/orderer/msp
CORE_VM_ENDPOINT= unix:///host/var/run/docker.sock
CORE_LOGGING_PEER= debug
CORE_CHAINCODE_LOGGING_LEVEL= debug
CORE_PEER_ID= peer0.org2.example.com
CORE_PEER_LOCALMSPID= Org2MSP
CORE_PEER_MSPCONFIGPATH= /etc/hyperledger/msp/peer/
CORE_PEER_ADDRESS= peer0.org2.example.com:7051
CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE= startFiles_basic
CORE_LEDGER_STATE_STATEDATABASE= CouchDB
CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS= couchdbOrg2Peer0:5984
CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME= Org2Peer0
CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD= password
CORE_PEER_TLS_KEY_FILE= /etc/hyperledger/msp/peer/tls/server.key
CORE_PEER_TLS_CERT_FILE= /etc/hyperledger/msp/peer/tls/server.crt
CORE_PEER_TLS_ROOTCERT_FILE= /etc/hyperledger/msp/peer/tls/ca.crt
CORE_PEER_TLS_KEY_FILE= /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
CORE_PEER_TLS_CERT_FILE= /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
CORE_PEER_TLS_ROOTCERT_FILE= /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
Tutorial: Building First Network
sudo apt-get install curl
sudo apt-get install golang-go
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
sudo apt-get install nodejs
sudo apt-get install npm
sudo apt-get install python
sudo apt-get install docker
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
sudo apt-get update
apt-cache policy docker-ce
sudo apt-get install -y docker-ce
sudo apt-get install docker-compose
sudo apt-get upgrade
sudo curl -sSL https://goo.gl/6wtTN5 | sudo bash -s 1.1.0
sudo chmod 777 -R fabric-samples
cd fabric-samples/first-network
...
sudo ./byfn.sh generate
sudo ./byfn.sh up
sudo ./byfn.sh down
