I am currently working at a blockchain project with Hyperledger Fabric, and I'm facing some issues.
The scenario I would like to achieve is the following:
three organizations (Org1, Org2, Org3) with one peer each
a private channel between Org1 and Org2, say channel12
a private channel between Org2 and Org3, say channel23
My problem is that I can't understand how to customize the provided Hyperledger Fabric test network, in order to achieve the described scenario.
How can I proceed?
You can customize the configuration of the test network in configtx.yaml (test-network/configtx/configtx.yaml). I would start by adding a definition for Org3, which you can model off the existing definitions for Org1 and Org2 under the Organizations section, then creating a new channel profile that includes (Org2, Org3) under the Profiles section.
If by private channel you mean:
There is a need to encapsulate all the attributes of a channel like the chaincode deployed and the peers on the channel. In this case, you can use the createChannel.sh script (test-network/scripts/createChannel.sh) to join Org1 and Org2 to a new channel, then use this script as a base for another script joining Org2 and Org3 to another channel, referencing the new channel profile created earlier.
There is a need to keep only the data within transactions private. In this case, a separate channel for Org2 and Org3 would be unnecessary. You can use the addOrg3 script to create and add Org3 to an existing channel between Org1 and Org2. You can then use private data to hide the data in transactions on the channel.
Related
I have isolated two organizations into two different channels. Organizations one and two are part of channel1, and organizations three and four are part of channel two. I would like to ask if it is possible that one peer on channel2 access queries the ledger of channel1 and vice-versa. If it is possible how can I do it?
I very much appreciate your help.
It is not possible in your current setup because the peers who have joined the channel can only access that channel. Peers that are not part of the channel can not access the ledger data.
What you can do is, bring the peers on the common channel and can use PDC (Private Data Collection) to make the transaction private to the organization/Organizations.
Hyperledger Fabric is a private and permissioned blockchain.
A channel is a private blockchain overlay which allows for data isolation and confidentiality. A channel-specific ledger is shared across the peers in the channel, and transacting parties must be authenticated to a channel in order to interact with it. Channels are defined by a Configuration-Block.
At channel creation time, all organizations added to the channel must be part of a consortium. However, an organization that is not defined in a consortium may be added to an existing channel like by adding an new organization into that channel with fulfilling endorsement policy.
So to be a part of a channel, your organizational peer must need access according to the consortium. A peer can be a part of multiple channel and the ledger/database of every peer within a channel is identical/same, to invoke/query the ledger we need smart contact which is also identical among every peer of that channel. So if my peer server is a part of two channel, I need two ledgers/databases. To access the data of a ledger for invoke/query, you need corresponding smart contract.
According to your current setup, it's not possible and this is the nature of private-permissioned blockchain and to make it possible, you have to change the consortium with appropriate endorcement.
Only way to make peer on channel2 to access ledger of channel1 is to join the peer into channel1. Otherwise it is not possible to access the data.
I am building one POC using Hyperledger fabric,
Is it possible to send messages from one organization admin like money details to another organization admin and he sends the (agree/denied) message?
You can work with multi organization model. Install chaincode on two organization peers and instantiate the chaincode over channel. Post Instantiation of chaincode you can invoke some transactions which will be distributed the orderer to every peer that is joined in the channel.
In the below link you can expect a basic network for two organizations with two peers each.
In hyperleder Fabric network with Two orgs ORG1, ORG2
In Org1- Peer1,
In Org2- Peer1
Using these peers new channel has been created, smart contract deployed then some transactions are already done on the channel.
After Some time, I'm adding the new org. Then adding one new peer to the old channel.
Org3- Peer1, is added to the channel. In this scenario I have some questions.
1) Will the new peer can view the old transactions happened on the channel.
2) If he is able to view the old transactions, how can we restrict it
If new org is on the same channel obviously it will sync up with the other nodes. You can restrict it by encryption which is available in fabric 1.1. If the new org peer doesnot have the key, it wont be able to read the data.
I have 2 organization say org1 and org2. I would like to create a channel which gives full access to org1 and read only to org2. Can some one tell me on how in hyperledger fabric.
I have already created a TwoOrg channel as per https://hyperledger-fabric.readthedocs.io/en/release-1.1/build_network.html#understanding-the-docker-compose-topology. But I wanted to make org1 alone have write permission.
You need to update the configuration of the channel to change the access rights of org2 to read (instead of write).
we have two organisation, org1 and org2
org2 will have a private channel with chaincode on it and private state
now we want users from org1 to execute chaincode on the private channel of org2, but they can't have access to the full state (so they cannot setup a peer that can join the private channel)
how should we do this? is this possible?
I'm not sure. But you can try to apply endorsement policy. I think.
It's impossible to execute chaincode on a channel one can not join. Therefore you would want to create a separate channel for org1 and org2, where org1 is the party which executes the chaincode there. If you need state information from org2, InvokeChainCode provides limited support for cross-channel communication.
You have to decide which information of the org2 would be accesible for the users from org1. Then, you should define a Smart Contract according to it. The org1 and org2 will be members of the channel.
org1 users can't have access to the full state (so they cannot setup a
peer that can join the private channel)
When you create a channel, you define which peers are going to be part of it. Then, the creator of the channel will control the acces to new members. So, if you create the channel, only you will be able to join new peers to the channel.
Side DB capability which is expected in Fabric 1.1 should provide the mechanism you're looking for - ability to store some of the channel data only on a specified subset of peers (e.g. just peers that belong to org2).
https://jira.hyperledger.org/browse/FAB-1151