I implemented hyper ledger fabric network on single machine and I am worry about backup of ledger data.
As blockchain network is secure and transaction can not be altered but as a backed developer How can we secure data as backup ?
There are two ways to do that:
Create a new network or node which has access to the same channels as the node whose data you want to backup. This new node will then rebuild its ledger and state DB for all these channels.
Manual backup: Login to peers and go to /var/hyperledger/production and backup the folders like chaincodes , ledgersData and transientStore
You can refer to this JIRA Add ledger backup/restore to Operations Guide
Related
I have IBM blockchain infrastruture where I have all blockchain related data now I want to migrate whole data except user certs. to other hyperledger fabric infrastruture. so I want ledger and couchDB data with same transactionID and blocknumber. Is it possible to do it?
One way would be just to start a new Hyperledger Node/Network in another cloud, install chaincodes, add it to the desired channels and private data collections currently in IBM cloud. This way you'll get the full copy of your ledger and stateDB (CouchDB in your case).
Did a small example using the hyperledger composer and then used the composer-rest-server to integrate it with GUI. So in the case of identity, only admin is there. There is also documentation to create and issue other identities to login into the business networks.
But still, the problem is it's only in a single peer, meaning my local machine. To my understanding, for the hyperledger to function as decentralized and distributed ledger system, additional peers have to be added to the channel and then states gets synced in those peers. Hence if one node is down, details can be obtained from other nodes.
I checked some links such as this and this. But all of these point to the things that :
Existing network should be stopped and teared down.
The IP address of the second machine should be manually added to the docker.yml file and then have to be restarted.
My doubts are :
But on doing this, won't the existing ledger stated be cleared? All the data are gone.
So before even creating a dApp using hyperledger, we have to include all the IP address of the machine in the yml and start the network?
How to actually implement the distributed-decentralised ledger system for a hyperleder network?
UPDATE :
I have checked the links mentioned by Paul O'Mahony. The links explains about the peer addition steps. Overall what happens there is :
downloaded the fabric sample as the fabric extension is only possible through the cryptogen version appropriate to the Fabric version.
Currently contains order, org1 & org2 (with 2 peers each).
To add a new peer along with its couchdb, changed the template count in the crypto-config.yaml and created crypto material for the new peer using the extend command.
Then using the docker composer file to spawn a new peer and its couchdb. This will create new containers.
Finally the created peers should be joined to the existing channel for the couch db to get sync. The adding to existing channel is via logging into the docker container and typing some cli commands and adding the peer to channel via channel join command.
Is this recommend way to add peers to the channel ? Suppose i am creating a network and wanted to add peers to the channel based on a condition. Like a user/users can add themselves to the network through a login via composer playground and act as a peer. So i have to follow the same steps to do it ? Is this the recommended way ?
Supporting link : https://chat.hyperledger.org/channel/fabric?msg=KgxFegcZyKEPdo4v2
I have a multi-org fabric network where all the orgs are on a single channel.
I understand that using the composer acl file we can hide data from the users based on their roles and other conditions.
However, the data will be visible when we get into the peer container of any org and issue a peer channel fetch.
So, my question is, is there a way to encrypt this ledger data when the orgs shares the same channel? Here, they mention about encrypting the data. Is there any example/reference that can get me started on that one?
Currently, I'm not planning to use different channels between different orgs.
Yes, there are few ways to protect the ledger data. Like your mentioned in your question, Hyperledger Fabric FAQ, official gives five different ways to help us to achieve security and access control.
In the newest version of Fabric, which is tagged v1.2.0, provided a new definition called private data. I prefer to use this method to build my access control in my apps.
Since I am using Fabric Node SDK to deploy and control the fabric network, and it provides a convenient way for me to embed it into the exists projects.
Using the configuration file to define who can persist data, how many peers the data is distributed to, how many peers are required to disseminate the private data, and how long the private data is persisted in the private database. All the upgrade that you need to do is adding some parameters when install and instantiate, modifying some function to invoke the private data, writing some codes to handle the configuration file and users control.
It gives some examples for us to use this new feature:
Chaincode example
SDK example
I have created a network composed by two nodes using this tutorial: Multiple Machine.
In the node with orderer and ca installed, I can use the composer-playground to interact with the blockchain. Instead, analysing the logs of the docker on the second node, I am able to see the communication between the nodes but I am not able to access the data.
How can I access data on the second machine?
It is a simple node connect to the first node (where is installed the orderer and the ca).
Thanks,
What do you mean by accessing the data?
In Hyperledger Fabric the ledger data is composed of two components i.e. World State and Transaction History Log (the blockchain).
Here World state refers to the most recent (current) state of the assets you have and Transaction History log refers to the transaction executed on these assets. Assets or Key Value set when using CouchDB as the World State allows you to have KeyValue with Value as JSON documents.
The World State by default is stored in levelDB or couchDB, if you have docker containerized network the World State levelDB is stored on the peer container while using couchDB sets up its own couchDB container associated with each peer. The couchdb for each peer can be accessed from host machine using http://couchdbIp:port
The Transaction log get's stored in the underlying file system as blockFiles somewhere under location /var/hyperledger/ledgerdata or something in the peer container.
When you mention Orderer, which is another component like peer, is a docker container assigned the role of making sure that transactions are properly ordered and verified that their endorsement are valid. This gets complicated as you go to having multiple ordering service nodes and requires Kafka implementation rather than the default SOLO implementation. You can read about each of these implementations in Hyperledger Fabric official documentation.
Also CA is associated with each organization responsible for establishing chain of trust is another component of Hyperledger Fabric that signs certificates of network components like organization peers, client and participants following PKI.
The Playground will connect to the Fabric based on the connection profile (connection.json) for the Business Network Cards you have. If you want to specifically connect to second node you could modify a card.
But remember that Playground is a development and test tool not a production tool so you shouldn't worry too much about hitting different containers with it - particularly as the data will be the same replicated across Peers.
I'm using Hyperledger Composer on Fabric v1.0. When stopping Fabric with fabric-tools/stopFabric.sh and then starting with startFabric.sh, the deployed model (.bna file) is no longer there.
How do I set the system up so that data will stay there after a system reboot?
This is an operational consideration for how to set up a fabric environment and as you correctly observe, because our fabric dev server just start up fabric containers, if those containers are destroyed for any reason then their internal filesystem are lost.
In the hyperledger fabric documentation they describe a simple way to make the fabric containers persist their data outside of their isolated file systems.
see
http://hyperledger-fabric.readthedocs.io/en/latest/build_network.html
and the section called "A Note on Data Persistence" which provide detail on this. In this case you would need to apply the concepts described there to the docker-compose.yml file in the hlfv1/composer directory in our fabric dev server.
If you were deploying using the composer playground, you can save your bna using the export button on the lower left of the playground define interface.
If you want to persist your deployment itself, you can modify the docker-compose files to persist the data in the /var/hyperledger/production on the peer and orderer containers using a data volume. This will persist the ledger and credentials the next time you bring up the network.