For the chaincode instantiation we pull the images dynamically from the docker hub. However, let's say if I have chaincode related images (e.g. fabric-ccenv, fabric-baseos, etc.) on a private registry, then how shall the peer code validate or authenticate to the registry? Is there any setting in core.yaml or other configuration changes that we can make to achieve that?
While there is no mechanism in the core.yaml to specify credentials for a private registry, using the new External Builder and Launcher chaincode model, you can tell the Peer exactly how to build/compile/pull/run/connect to chaincode, thus allowing you to tell the peer how to connect to the private registry and pull your image. You can find instructions on configuring your own external builder in our doc here where you can use absolutely any mechanism you want for running chaincode: https://hyperledger-fabric.readthedocs.io/en/release-2.2/cc_launcher.html
Related
what are the containers which are associated with each peer in Hyperledger Fabric (HLF)?
For example: Endorsing peers most have one chaincode container to execute chaincode.
I'm not sure if I understand your question very well, but I still would like to give it a try.
The docker containers associated with a peer are:
Peer container, which manages you peer node. It's the peer container to which you send the transaction proposal either using CLI or through SDK. Every peer container embodies a copy of the ledger. The ledger is segregated using a channel.
Couchdb container, which persists the world state. It saves every key-value pair which you query or invoke using chaincode. The name of the container is usually in the form couchdb.
Chaincode container, where the chaincode is actually deployed. All the modules/packages that your chaincode requires are first installed when you instantiate your chaincode. The chaincode container usually have its name in the form dev-peer0.org1.example.com-fabcar-1.0.1, where dev refers to the environment in which the chaincode is instantiated. peer0.org1.example.com refers to the peer which instantiated it. fabcar here is the name of your chaincode and 1.0.1 is its version, which is changed every time you upgrade your chaincode.
A peer might not have a chaincode container if it's only acting as a validating or committing peer.
CLI container, this container is required for managing peers. At a time, CLI container can only manage a single peer. You can change the peer it's managing by adding/changing the environment variable CORE_PEER_ADDRESS, e.g. CORE_PEER_ADDRESS=peer0.org1.example.com:7051.
I'm new at HyperLedger Fabric and trying to customize the test-network provided in the demo https://github.com/hyperledger/fabric-samples/tree/master/test-network.
I can't find a way to 1. add new users and peers to the docker network and 2. create private channels using the CLI or Java SDK.
Could someone please help me ? A good tutorial to start would also be great. Thanks.
To extend Test Network with new orderer and peer, we need to extend fabric key with cryptogen, update system-channel definition, compose orderer nodes, compose peer nodes, join application channel and deploy the chaincode.
I created an article about how to extend test-network (in more details) with new peers and orderers https://dev.to/bukhorimuhammad/extending-fabric-2-test-network-50ll hope that helps
I am trying to set up the BYFN Hyperledger Fabric (v1.4.1) network by manually executing the commands, as opposed to running the script byfn.sh, given here: https://hyperledger-fabric.readthedocs.io/en/release-1.4/build_network.html#start-the-network
I observed that the command docker-compose -f docker-compose-cli.yaml up -d
spins up one container per peer and orderer node. But it also spins up a container for a CLI, through which all subsequent commands are run. By examining the docker-compose-cli.yaml file it is also evident that the filesystem of the CLI container contains the crypto material for all the peers and the orderer. This leads me to the following two questions:
Can one not run the subsequent commands for network setup (such channel creation, joining a channel, chaincode installation etc.) by 'exec'-ing into the Docker container of the corresponding peers?
Is it a good practice to spin up a single container which has the crypto material of all network components in one location, as is the case with the CLI container? Won't such a design, when adopted in production, compromise the private keys of the organisations involved?
Yes, you can definitely setup your network without using a cli container. That's just for a shortcut to access multiple peers using a single container. It's basically just a container in which you pass certificates of all the peers or orderers to access to the network. So whatever you are doing from cli you can do seperately from other containers. Now coming back to your questions:
Can one not run the subsequent commands for network setup (such channel creation, joining a channel, chaincode installation etc.) by 'exec'-ing into the Docker container of the corresponding peers?
Yes, you can definitely do that the only requirement is you must set the environment variables accordingly.
Is it a good practice to spin up a single container which has the crypto material of all network components in one location, as is the case with the CLI container? Won't such a design, when adopted in production, compromise the private keys of the organisations involved?
Yes, it will surely be a problem for a production setup. You can't be having a single cli for your peers and orderers. As I have already told you can do everything without a cli container but if you still want a cli then you can have different cli for your orderer container and your peer container.
I am trying to run Hyperledger Fabric first-network. I have a couple of question.
What is the role of CLI container? Is it possible to run the fabric network without CLI container?
if no, then docker-compose-couch.YAML file does not have cli as service. How does that work?
Yes, you could perform all the necessary operation without CLI. Like -
Create Channel
Join Channel
Install Chaincode
Instantiate Chaincode
Invoke Chaincode
Query
In layman terms CLI is there to facilitate you all these functionality in easy manner, because to perform above mentioned operation you need to have some dependent files (e.g - crypto-config,chaincode,channel-artifacts) on accessible place/container, in this case all these files are provided by CLI. You could check below mentioned volume mapped in docker-compose-cli.yaml file.
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
Like to create channel,join channel you will have to access .tx file, to install chaincode you need to access specific chaincode on every peer you want to install, one thing would like to mentioned, chaincode you only instantiate once on a single peer and later on you have to install the chaincode.
Hope it would be helpful. :)
The role of the CLI container is to make all the operations regarding the channel and network. The cli container contains the tools necessary for it, like the fabric ca client, the configtxgen and JQ. Yes its possible to run the network without it.
I guess you are talking about the byfn network. You can do all the necessary operations without the CLI container. Of course you will need the tools for it as mentioned above or do all the operations using the fabric SDK.
I am working upon a basic Blockchain POC and I have been able to do following:
Installed and started the Hyperledger fabric v1.0 successfully
I have list of Docker images running on Fabric
hyperledger/fabric-ca, hyperledger/fabric-orderer, hyperledger/fabric-peer, hyperledger/fabric-ccenv , hyperledger/fabric-couchdb
I have written Chaincode in go to read and update the ledger and compiled successfully
Next - What do I need to do and not able to do and Where I am confused?
Register my Chaincode to a peer – How do I find which Peer I need to register
I tried to follow this video but it uses YAML and I do not have it and it gives error-
https://www.youtube.com/watch?v=76WIJjKNekY&list=PLz3iwtnWFin-yUUgn-zP7KJp0iW0IFas9&index=2
Also followed few more tutorials but still confused what to do
https://hyperledger-fabric.readthedocs.io/en/release-1.2/build_network.html
Instantiate my Chaincode
Query my Chaincode - I will be able to do it once Chaincode is registered and deployed
Invoke my Chaincode to update the ledger - Same as above
Please help in above step or let me know if there is any good source of clear steps to perform registration and instantiation of chaincode.