I am trying to create my own fabric network by taking reference of "basic network" and "First Network" provided in "fabric-samples"
I have came across section called "Capabilities" in "configtx" yaml file.
Kindly help me to understand significance of this section.
This is a new feature added in Hyperledger Fabric 1.1 to enable us to manage system upgrades across a decentralized deployment spanning multiple organizations.
It is likely that in a large network, there may be nodes running different versions of the software. As new features are introduced, we need a means of ensuring deterministic execution, and hence we use this feature to ensure consistency of execution within a channel.
Capability requirements are defined per channel in the channel configuration (found in the channel’s most recent configuration block). The channel configuration contains three locations, each of which defines a capability of a different type.
Channel: these capabilities apply to both peer and orderers and are
located in the root Channel group.
Orderer: apply to orderers only and are located in the Orderer group.
Application: apply to peers only and are located in the Application group.
Only binaries that support a given capability specified in a channel's configuration block will be able to participate in that channel.
Please see the docs for additional insight.
Related
We are creating a new Blockchain network using Hyperledger Fabric for our new Project.We could not able to understand which point configtx.yaml file will be used and how the same is being accessed during runtime.
configtx.yaml is only used to generate a channel's genesis block based on some initial channel configuration. It is not used at runtime. The runtime channel configuration is stored on the channel's ledger based on the genesis block and any subsequent channel configuration updates.
See Creating the network for an overview of the key concepts.
See Generate the genesis block for additional details.
I want to have orderer beside each organization and NOT to create a separate organization for orderers. Is it possible? If yes, how can I do it?
Yes, the application organizations can provide ordering nodes. For example the sample configuration shows a single organization providing both peers and ordering nodes. Simply configure OrdererEndpoints under the organization configuration.
That being said, for each organization that provides an ordering node, you may want to consider creating a separate logical organization in the channel configuration, so that the peer credentials and orderer credentials can be managed separately using different root certificate authorities.
I have a multi-org fabric network where all the orgs are on a single channel.
I understand that using the composer acl file we can hide data from the users based on their roles and other conditions.
However, the data will be visible when we get into the peer container of any org and issue a peer channel fetch.
So, my question is, is there a way to encrypt this ledger data when the orgs shares the same channel? Here, they mention about encrypting the data. Is there any example/reference that can get me started on that one?
Currently, I'm not planning to use different channels between different orgs.
Yes, there are few ways to protect the ledger data. Like your mentioned in your question, Hyperledger Fabric FAQ, official gives five different ways to help us to achieve security and access control.
In the newest version of Fabric, which is tagged v1.2.0, provided a new definition called private data. I prefer to use this method to build my access control in my apps.
Since I am using Fabric Node SDK to deploy and control the fabric network, and it provides a convenient way for me to embed it into the exists projects.
Using the configuration file to define who can persist data, how many peers the data is distributed to, how many peers are required to disseminate the private data, and how long the private data is persisted in the private database. All the upgrade that you need to do is adding some parameters when install and instantiate, modifying some function to invoke the private data, writing some codes to handle the configuration file and users control.
It gives some examples for us to use this new feature:
Chaincode example
SDK example
There is no clear documentation of hyperledger fabric multichannel, can someone from community share example of configuration.
This Stack Overflow thread on creating multi-channel for a Hyperledger Fabric configuration should help you (mostly in yellow and grey code blocks) -> Configure Multiple Channel in Hyperledger Fabric.
Once you have configured your custom runtime Fabric environment for your multi-Org, multi-channel setup, you can then create the requisite Hyperledger Composer config artifacts (eg. such as business network cards, one for a PeerAdmin for runtime install on the two peers in a specific organisation, and one card for a PeerAdmin to instantiate/start the business network across all the multi-Org peers joined to the specific channel in question) - and thereafter, issue cards for the individual identities that will consume/transact on the business network (on whatever channel the connection profile information is set up to communicate on). See this Multi-Org tutorial (for two Organisations, but similar principles apply) https://hyperledger.github.io/composer/tutorials/deploy-to-fabric-multi-org.html for guidance.
I was wandering what is the "best" practice in ordering the steps for the HF development cycle? Here are some questions organized in different topics.
1. Specification of network infrastructure:
What are the mandatory members in one business
network definition (organizations, peers, ca)?
How many pears do we need in our business network (bn)?
I am aware of the semantic in
relationship between the channel and the peer, but I am not sure
about the relationship between the peer and the organization? Also,
what if just one organization (org1.example.com) will use the
developed network, how to specify the endorsement policy in that use
case (since we need at least two organization in chaincode
instantiate command specification)?
2. SDK development lifecycle
When we develop SDK (Node.js), in order to interact with our BN what are required CA certificates needed for our SDK app to be able to connect and issue chain-code functions?
How to issue the CA certificates needed for SDK app?
3. Chain-code development lifecycle
1.If I am using the CLI docker container for management of my BN, is it a good practice to git clone my chain-code to CLI and then to install it and instantiate it to certain peer node?
2.After I change my go chain-code, do I need to install it again with the different id to the same peer, or I can just update the existing instance of my chain-code?
My idea is to make this question sort of place where we can add all the relevant questions about these three topics, so please edit and add additional questions! Thank you for your answers.
Let me try to answer your questions:
What are the mandatory members in one business network definition (organizations, peers, ca)?
The only mandatory network entities are peers and ordering service. Of course to be able to define anything you should have a notion of organizations the parties which are going to transact. Each such party expected to have a number of peers which running chaincodes (smartcontracts) on organization behalf. CA is required to issue certificates and bind peers and clients identities to certain organization.
How many pears do we need in our business network (bn)?
The desired number of peers is completely up to your business logic and requirements, need to accommodate expectations for availability, scalability and your trust model (endorsement policies).
I am aware of the semantic in relationship between the channel and the peer, but I am not sure about the relationship between the peer and the organization?
Peer is the network entity which executes chaincodes on behalf of given organization increasing the organization confidence in correctness of execution results.
Also, what if just one organization (org1.example.com) will use the developed network, how to specify the endorsement policy in that use case (since we need at least two organization in chaincode instantiate command specification)?
You do not have to have at least two organizations to define endorsement policy, while with one org is a bit redundant since, default endorsement policy is to have some peer from the channel to sign on endorsement request.
When we develop SDK (Node.js), in order to interact with our BN what are required CA certificates needed for our SDK app to be able to connect and issue chain-code functions?
You do not need CA certificate, but you need a client certificated signed by root CA to prove client identity and enable peer to validate whenever client has correct access rights.
How to issue the CA certificates needed for SDK app?
You can use fabric-ca to enroll use and get client certificate, or you can simply leverage cryptogen to produce client certs for you.
If I am using the CLI docker container for management of my BN, is it a good practice to git clone my chain-code to CLI and then to install it and instantiate it to certain peer node?
Here is the thing, peer cli is a bit abused, since it's primary usage is to rapid testing in development and for demoing. The proper way to communicate with Hyperledger Fabric is by using SDK's, e.g. you basically need to implement a client which will be capable to install and instantiate chaincodes based on your own logic and parameters relevant for your application.
After I change my go chain-code, do I need to install it again with the different id to the same peer, or I can just update the existing instance of my chain-code?
You have an upgrade procedure which pretty well covered in Hyperledger Fabric documentation. Or you can see a short demo on video.
My idea is to make this question sort of place where we can add all the relevant questions about these three topics, so please edit and add additional questions!
Please consider to login into Rocket.Chat and use #fabric channel to ask your questions.
Additionally please take a look on documentation, since most of the information and details about your questions could be found there and it constantly being updated.