Assuming no access rights limitations, could an organization without owning any peer join a channel?
A channel is created between Orgs, peers don't come into play yet. An Org can also join a channel at a later point. Have a look here for more details : https://hyperledger-fabric.readthedocs.io/en/release-1.4/channel_update_tutorial.html
Once that process is completed, an Org can add peers to the channel it joined. At this point it can have some meaningful participation, meaning each peer will have its own database and its own chaincode, chaincode containers, versions etc. Of course, an Org won't be able to interact with the channel until peers are added.
So yes, an Org can be part of a channel without any peers, but it won't have any meaningful part until peers are added.
Only peers can join to the channel. The Org without peers has the permission to join later, but he will not have access to the network, that mean he dont have a copy of the ledger or state of the blockchain and without peer cannot make transactions. When the org join a peer to the channel, the peer will download the blockchain and keep updated the ledger.
Yes. It is very common to have an organization that only has clients in it, and has a separate CA and different MSP ID.
In the configtx.yaml, a channel includes an organization, but the organization has no peer joining the channel. The idengtity of the organization could send a transaction proposal successfully.
Related
I have isolated two organizations into two different channels. Organizations one and two are part of channel1, and organizations three and four are part of channel two. I would like to ask if it is possible that one peer on channel2 access queries the ledger of channel1 and vice-versa. If it is possible how can I do it?
I very much appreciate your help.
It is not possible in your current setup because the peers who have joined the channel can only access that channel. Peers that are not part of the channel can not access the ledger data.
What you can do is, bring the peers on the common channel and can use PDC (Private Data Collection) to make the transaction private to the organization/Organizations.
Hyperledger Fabric is a private and permissioned blockchain.
A channel is a private blockchain overlay which allows for data isolation and confidentiality. A channel-specific ledger is shared across the peers in the channel, and transacting parties must be authenticated to a channel in order to interact with it. Channels are defined by a Configuration-Block.
At channel creation time, all organizations added to the channel must be part of a consortium. However, an organization that is not defined in a consortium may be added to an existing channel like by adding an new organization into that channel with fulfilling endorsement policy.
So to be a part of a channel, your organizational peer must need access according to the consortium. A peer can be a part of multiple channel and the ledger/database of every peer within a channel is identical/same, to invoke/query the ledger we need smart contact which is also identical among every peer of that channel. So if my peer server is a part of two channel, I need two ledgers/databases. To access the data of a ledger for invoke/query, you need corresponding smart contract.
According to your current setup, it's not possible and this is the nature of private-permissioned blockchain and to make it possible, you have to change the consortium with appropriate endorcement.
Only way to make peer on channel2 to access ledger of channel1 is to join the peer into channel1. Otherwise it is not possible to access the data.
Should we only add anchor peers to a channel to enable cross-org communication?
If yes, from my understanding chaincode is only applied at a channel level, does that mean any peer thats not in the channel will not have the correct chaincode?
If I were to add all of the peers to a channel then is there a point for declearing any anchor peers?
To be precise, it allows cross-org mutual discovery of peers, and therefore it is crucial for cross org endorsements if the client uses service discovery.
This has nothing to do with chaincodes... chaincodes are installed independently to channels.
Yes. Because otherwise peers from different organizations won't be able to find each other.
I was going through hyper ledger documentation and came across a type of peer known as anchor peer. After searching a lot I was not able to find suitable explanation regarding them. Some say that they are used to find all peers of a member of the channel. What does it mean and what anchor peer actually are?
Imagine you have several organizations in the channel, i.e Org1, Org2, Org3.
They need to find each other in order to talk to each other.
Even if you have 100 peers in each organization, you don't need to give all the peers the endpoints of all the other peers - it's enough that the peers would know some peer(s) in the channel, and once a peer learns of another peer's endpoint and can successfully communicate with it - it also learns about all the peers that the other peer already knows.
The anchor peers are just that - endpoints that represent peers (for each organization, there are its own set of anchor peers) that their endpoints are not expected to change, and once peers join to the channel and get a config update about the anchor peer(s), they can contact the anchor peers and exchange information about the peers they know (they tell the anchor peer about it) and obtain from the anchor peer information about the peers the anchor peer knows.
Maybe you are confused about the difference between Anchor peer and Leader peer,so that's the answer:
Anchor peer:
It’s a peer node on a channel that all other peers can discover and communicate with. Therefore, every participating organization in a channel has an anchor peer. Peers belonging to an organization can query this peer to discover all peers belonging to other organizations in the channel.
Leader peer:
When an ordering service node must send a block to the peers in the channel, it sends the block to each of the leading peer associated with the organizations. The leading peer in turn distributes this block to other peers belonging to the same organization.
From hyperledger fabric, peer channel join -b helloch.block command which peer join channel does not generate block which will send to all peers.
So, when other organization peer have joined the channel, we do not know.
I consider it should generate a block to notify any other peer. Is there other ideas?
There is no way of listing all peers which joined the channel in current version of Hyperledger Fabric, however there is a work in progress FAB-5451 to implement service discovery so peer will be able to expose these type of information to the clients.
we have two organisation, org1 and org2
org2 will have a private channel with chaincode on it and private state
now we want users from org1 to execute chaincode on the private channel of org2, but they can't have access to the full state (so they cannot setup a peer that can join the private channel)
how should we do this? is this possible?
I'm not sure. But you can try to apply endorsement policy. I think.
It's impossible to execute chaincode on a channel one can not join. Therefore you would want to create a separate channel for org1 and org2, where org1 is the party which executes the chaincode there. If you need state information from org2, InvokeChainCode provides limited support for cross-channel communication.
You have to decide which information of the org2 would be accesible for the users from org1. Then, you should define a Smart Contract according to it. The org1 and org2 will be members of the channel.
org1 users can't have access to the full state (so they cannot setup a
peer that can join the private channel)
When you create a channel, you define which peers are going to be part of it. Then, the creator of the channel will control the acces to new members. So, if you create the channel, only you will be able to join new peers to the channel.
Side DB capability which is expected in Fabric 1.1 should provide the mechanism you're looking for - ability to store some of the channel data only on a specified subset of peers (e.g. just peers that belong to org2).
https://jira.hyperledger.org/browse/FAB-1151