Date   

#fabric Certificates and Keys generation and sharing #fabric

Jean-Gaël Dominé <jgdomine@...>
 

Hi all,

I would like to expose some ideas to have your feelings and ideas about the generation and sharing of the artifacts because I'm not sure about which path to take.
In my network (deployed in Kubernetes) I have a batch that generates all the certificates and keys (TLS included) of the admins, peers, orderers, genesis block, ... by connecting to the CA using fabric-ca-client.
Then I export all these artifacts as secrets in K8S so that the components have access to them.
This works fine but it does not look like production mode to me.

So I was trying to think of how this process would be handled in production. Here are some ideas:

1) Peers and orderers enroll themselves at startup:
  • by installing fabric-ca-client on them so that they can register and enroll to the CA
  • by exposing some endpoints on an API using the SDK that they would call
This would work if we add peers and orderers to the existing the organizations as normally the root certificates are already present in the genesis block and thus known by everybody.
But an issue I foresee is the management in case the component restarts, we must avoid going through the registration/enrollment again since it was already done. How can this be achieved?
Also the LCM of the certificates could be an issue

Besides this would become more complex to add a new organization.
In case a new organization is added, I don't see how to automate it since the system channel configuration must be updated...

So if anyone has a better idea on how to handle this part of Fabric, I'd be happy to learn about it :)

Thanks

JG


Re: Proposal : Hyperledger Fabric block archiving

Gari Singh <garis@...>
 

Hi Atsushi -

Thanks for sharing your efforts to date.

Overall, I like the idea of providing a utility to do this as generally we tell people that they can do this but don't provide any tools for doing so.

I do, however, have concerns about integrating any part of this functionality into the actual peer binary itself. I don't actually think you need to do that.
I think running a separate "archive client" without modifying the peer is the way to go. It keeps this functionality clean and separate from the peer and allows it to progress on its own.

It seems the only thing you really wanted to use the peer for was to propagate information to other peers within the same organization. My take here is that you can more easily do something such as having the archive client write its status to a file in the "archiver repository". This way other archiver clients within the same organization can simply periodically poll this file for status. Additionally, you can also use this same file repository to maintain some type of process lock file such that you'll only have one archiver client actively performing the archival.

-- G

-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: "Manish" <manish.sethi@...>
From: "Yacov"
Sent by: fabric@...
Date: 11/25/2019 04:21PM
Cc: nekia <atsushin@...>, "fabric@..." <fabric@...>
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Proposal : Hyperledger Fabric block archiving

Hey Atsushi,

one thing I noticed while skimming the code, is that while you send the ArchivedBlockFileMsg via gossip, you are not ensuring it is eventually propagated to peers successfully.

This means that if a peer didn't get the message, it won't archive your file.

I suggest that you think of a more robust mechanism, like periodically comparing digests of ranges.

The code in https://github.com/hyperledger-labs/fabric-block-archiving/blob/master/gossip/gossip/pull/pullstore.go is a generic pull mechanism based on digests. You might want to give it a look.


- Yacov.



From: "Manish" <manish.sethi@...>
To: nekia <atsushin@...>
Cc: "fabric@..." <fabric@...>
Date: 11/25/2019 10:50 PM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Proposal : Hyperledger Fabric block archiving
Sent by: fabric@...



Hi Atsushi,

Thanks for your proposal and at high level the objective makes sense to me and below is my high level observations that you may want to consider.

First, the fundamental assumption that you make is that all the block files are same across peers is incorrect. The block files are not guaranteed to contain same number of blocks across peers. This is because a block file is bounded by the file size and not by the number of blocks. Further, the size of a given block may vary slightly on each peer. Though the header and the data section of a blocks are of same size across peers but this difference in overall size could be caused by the metadata section which contains concenter signatures. In addition, on some of the peers, the metadata may also include block commit hash as an additional data. So, either you have to operate at the block numbers (i.e., during purging an archiver client on a peer deals a file that should be purged partially based on where in the file the target block is located) or if you want to deal at the files level the archiver client could just consider files up to previous file.

Second, there are certain kind of queries for which a peer assumes the presence of block files in the current way. This primarily includes history queries, blocks related queries, and txid related queries. These queries may start failing or lead to crashes or unexpected results if you simply delete the files. I did not see any details in your design how you plan to handle these. The potential solutions may range from simply denying these kind of queries to more sophisticated solution such as serving the queries by involving the achiever repository. However, in either of these the challenge would be to know that the desired block/ transaction has been purged from the local peer (e.g., consider blockByHash or transactionByTxid kind of queries.)

Third, somewhat similar to the second point above, peer has a feature wherein it rebuilds the statedb and historydb if they are dropped and peer is simply restarted. For this feature as well it relies on the percense of blockfiles.

Fourth, I am not sure if gossip is the right communication mechanism that you want to employ for this communication. An archiver client perhaps can simply poll (or register for updates with) the archiver repository.

Finally, I would like to understand in more details what are the benefits of having a separate repository? Why not simply let the files be there on the anchor peer and purge from other peers? If the answer is compression, then ideally we should explore a choise of writing the data in blockfiles in compressed format.


Hope this helps.

Thanks,
Manish

On Thu, Nov 14, 2019 at 10:26 PM nekia <atsushin@...> wrote:
Hello everybody,

I’d like to propose a new feature ‘block archiving’ for Hyperledger Fabric. We are working on this block archiving project which is listed under Hyperledger Labs repository. Our current main efforts are focused on improvement of reliability. If we could get some feedback on our proposed feature from members involved in Hyperledger Fabric implementation, it’ll be quite useful for further improvement of UX.

- Hyperledger Fabric Block Archiving
https://github.com/hyperledger-labs/fabric-block-archiving

This enhancement for Hyperledger Fabric is aiming to:

- Reduce the total amount of storage space required for an organisation to operate a Hyperledger Fabric network by archiving block data into repository.
- For organisations, operate a Hyperledger Fabric network with low resourced nodes, such as a IoT edge devices for example.

- Our proposal
https://github.com/hyperledger-labs/hyperledger-labs.github.io/blob/master/labs/fabric-block-archiving.md

- Technical overview
https://github.com/nekia/fabric-block-archiving/blob/techoverview/BlockVault%20-%20Technical%20Overview.pdf


Kind regards,
Atsushi Neki
RocketChat: nekia

Atsushi Neki
Senior Software Development Engineer

Fujitsu Australia Software Technology Pty Ltd
14 Rodborough Road, Frenchs Forest NSW 2086, Australia
T +61 2 9452 9036 M +61 428 223 387
AtsushiN@...
fastware.com.au



Disclaimer
The information in this e-mail is confidential and may contain content that is subject to copyright and/or is commercial-in-confidence and is intended only for the use of the above named addressee. If you are not the intended recipient, you are hereby notified that dissemination, copying or use of the information is strictly prohibited. If you have received this e-mail in error, please telephone Fujitsu Australia Software Technology Pty Ltd on + 61 2 9452 9000 or by reply e-mail to the sender and delete the document and all copies thereof.

Whereas Fujitsu Australia Software Technology Pty Ltd would not knowingly transmit a virus within an email communication, it is the receiver’s responsibility to scan all communication and any files attached for computer viruses and other defects. Fujitsu Australia Software Technology Pty Ltd does not accept liability for any loss or damage (whether direct, indirect, consequential or economic) however caused, and whether by negligence or otherwise, which may result directly or indirectly from this communication or any files attached.

If you do not wish to receive commercial and/or marketing email messages from Fujitsu Australia Software Technology Pty Ltd, please email unsubscribe@...


Re: Maintainer nominations

Yacov
 

I think the best solution for these 2 seemingly conflicting ideas is:
  • All maintainers of code repositories should be able to merge documentation contributions
  • Maintainers of the documentation should not be able to merge code contributions.



From:        "Brian Behlendorf" <bbehlendorf@...>
To:        fabric@...
Date:        11/26/2019 07:36 AM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Maintainer nominations
Sent by:        fabric@...




On 11/25/19 6:09 PM, David Enyeart wrote:
I'd suggest that we identify the top documentation contributors and reviewers to seed the fabric docs repository maintainer list in the coming weeks (including Chris and Joe), rather than pulling the trigger in the Fabric repository this week.

Are there separate maintainer pools for different fabric-* repos? 

If so, I can understand the argument, coming from a world where the precautionary principle would apply, and where prior version control systems (and even earlier versions of git) allowed for a dangerous degree of repository damage if someone made the wrong set of changes. I also of course get the point for different maintainers for different Hyperledger projects, e.g. Fabric vs Sawtooth. 

But for the same project, which is arguably the same "community" of contributors and representatives of end-users, you may want to consider a single pool of maintainers across all fabric-* repos.  The easy case is to argue for the ability for anyone who's a maintainer on the main code repos to also be able to merge in changes into docs-related repos.  The harder case is for people who come in as solid contributors to docs, but aren't (yet!) code contributors.  There, I'd still argue for it - the boundary between docs and code is rarely so hard, as changes to error messages/logging or admin/user interfaces often are driven by a docs-level view of what would be easier to explain.  And, I've seen great core developers on projects come in first through a docs-related role.  Also, just for simplicity: I'll counter your precautionary principle with an Occam's Razor, which makes understanding the project easier for newcomers.  I bet reversing any mistaken merges is a lower cost than the value of contributions you might not otherwise see.

Up to you all,

Brian

--
Brian Behlendorf
Executive Director, Hyperledger
bbehlendorf@...
Twitter: @brianbehlendorf





Re: Maintainer nominations

Anthony O'Dowd <a_o-dowd@...>
 

Thank you Pam.

I'm very much in favour of these two nominations, and personally, I'd like to see more maintainers and contributors to Hyperledger Fabric in general, and documentation in particular.

On a related note, an additional request would be to support the work that Rich Zhao started on Chinese language docs. With our move to GitHub, and the soon creation of a separate docs repo, two of the items that Rich requires to make progress are overcome.  A final requirement would be a Chinese language docs maintainer.  I'd be happy to discuss this topic and the introduction of other languages on the next Documentation workgroup calls -- it's probably most relevant on the Eastern hemi call. I'll add an item to both agendas.

Thanks, Anthony.


Re: #fabric #raft Orderers and organization, how to organize them? #fabric #raft

Yueming Xu
 

I do not think you’d benefit by using different root CA’s for orderer and peer of the same org. Each org already need 2 root CA’s, one for signing cert, the other for TLS. If you double that, it’s just too much management overhead for not much gain, I think. 

Yueming Xu


Re: Maintainer nominations

Brian Behlendorf <bbehlendorf@...>
 

On 11/25/19 6:09 PM, David Enyeart wrote:
I'd suggest that we identify the top documentation contributors and reviewers to seed the fabric docs repository maintainer list in the coming weeks (including Chris and Joe), rather than pulling the trigger in the Fabric repository this week.

Are there separate maintainer pools for different fabric-* repos? 

If so, I can understand the argument, coming from a world where the precautionary principle would apply, and where prior version control systems (and even earlier versions of git) allowed for a dangerous degree of repository damage if someone made the wrong set of changes. I also of course get the point for different maintainers for different Hyperledger projects, e.g. Fabric vs Sawtooth. 

But for the same project, which is arguably the same "community" of contributors and representatives of end-users, you may want to consider a single pool of maintainers across all fabric-* repos.  The easy case is to argue for the ability for anyone who's a maintainer on the main code repos to also be able to merge in changes into docs-related repos.  The harder case is for people who come in as solid contributors to docs, but aren't (yet!) code contributors.  There, I'd still argue for it - the boundary between docs and code is rarely so hard, as changes to error messages/logging or admin/user interfaces often are driven by a docs-level view of what would be easier to explain.  And, I've seen great core developers on projects come in first through a docs-related role.  Also, just for simplicity: I'll counter your precautionary principle with an Occam's Razor, which makes understanding the project easier for newcomers.  I bet reversing any mistaken merges is a lower cost than the value of contributions you might not otherwise see.

Up to you all,

Brian


-- 
Brian Behlendorf
Executive Director, Hyperledger
bbehlendorf@...
Twitter: @brianbehlendorf


Re: Maintainer nominations

David Enyeart
 

Our intent has been to split Fabric docs into its own repository after the transition to GitHub and Azure Pipelines. We only have one more repository to switch over (fabric-test), then will proceed with the documentation split. If anybody would like to drive the documentation split in parallel, that would certainly expedite things.

I'd suggest that we identify the top documentation contributors and reviewers to seed the fabric docs repository maintainer list in the coming weeks (including Chris and Joe), rather than pulling the trigger in the Fabric repository this week.


Dave Enyeart

"Pam Andrejko" ---11/25/2019 05:26:48 PM---All, I would like to nominate two new Documentation maintainers for the Hyperledger Fabric project.

From: "Pam Andrejko" <pama@...>
To: fabric@...
Date: 11/25/2019 05:26 PM
Subject: [EXTERNAL] [Hyperledger Fabric] Maintainer nominations
Sent by: fabric@...





All,

I would like to nominate two new Documentation maintainers for the Hyperledger Fabric project. They are Chris Gabriel (Hyperchain Labs) and Joe Alewine (IBM).


Chris has been an instrumental member of the Documentation community workgroup for several years now. In addition to being a regular content reviewer and contributor, he is a consumer of Fabric in his own Hyperchain Labs business that he founded. The insights, perspective, and content that he's provided based on his experience have been invaluable to the documentation work group and Fabric community as a whole.

Joe has been providing important Fabric documentation for over two and half years, is recognized as an expert on the ordering service, the Fabric upgrade process and channel capabilities, and was recently recognized as a
Hyperledger significant contributor.

Adding two more Documentation Maintainers will greatly facilitate the addition and approval of Fabric documentation content going forward.

I have opened a separate PR for each nomination:

Chris Gabriel - https://github.com/hyperledger/fabric/pull/317
Joe Alewine -
https://github.com/hyperledger/fabric/pull/316

I'm requesting that existing maintainers review the nominations and indicate whether they agree with a comment in the PR. Other’s are welcome to provide their input.

Warm regards,
Pam Andrejko





Re: Hyperledger Fabric GitHub Migration

David Enyeart
 

The transition to GitHub for source control management, and Azure Pipelines for CI, is now complete for all Fabric development repositories. The final repository to shift will be fabric-test in early December.

You can open pull requests at https://github.com/hyperledger/fabric/pulls.

We use the standard GitHub fork and branch PR workflow. If you need a refresher on the workflow, please see the instructions at https://hyperledger-fabric.readthedocs.io/en/latest/github/github.html.

Thanks to Brett Logan for making the transition a smooth one!


Dave Enyeart

"Brett T Logan" ---11/21/2019 01:11:31 AM---Hello Contributors,

From: "Brett T Logan" <brett.t.logan@...>
To: fabric@...
Date: 11/21/2019 01:11 AM
Subject: [EXTERNAL] [Hyperledger Fabric] Hyperledger Fabric GitHub Migration
Sent by: fabric@...





Hello Contributors,

The time has finally come. The Hyperledger Fabric maintainers are planning for a migration of the core Fabric repository to GitHub this Friday morning Eastern Standard Time.

We are asking that effective immediately, all contributors stop pushing changes to Gerrit. Instead contributors can open their changes as pull requests using the Hyperledger Fabric repository in Github https://github.com/hyperledger/fabric. We have already configured CI to run against new pull requests using Azure Pipelines. This will allow the maintainers time merge as many Gerrit CR's as they can before the cutover.

Any changes that don't make it in before the Friday cutover will be abandoned and contributors will need to reopen them in GitHub. If you feel it's unlikely your change will make it in by Friday morning, we ask that you move it to GitHub now, and close your CR so maintainers can focus on changes that will get merged in the next day.

We will be publishing updated documentation about best practices, but in the meantime a few reminders about GitHub contributions:
    • Commits should be focused and small
    • Commit messages should include the Jira number on their first line and the body should include meaningful information on the change
    • Your signature must be included in your commit message, you can do this using the "-s" flag when running the "git commit" command
    • When opening a pull request it must come from your fork of the Fabric repository
    • When opening the pull request, your pull request message should include a meaningful title and provide the reasoning around the change, this will help maintainers understand what you are attempting to achieve (we will be publishing an automatic template yet this week, once that happens you should fill out the template accordingly)
With this migration, Hyperledger will have migrated all of its development repositories off of Gerrit and Jenkins. Contributions are welcome to any of the Hyperledger projects through GitHub moving forward. It is our hope that by adopting this industry standard we can lower the barrier of entry for new contributors and attract even more of the community to participate in contributing.

As always, thank you for your contributions!

Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
E-mail: brett.t.logan@...







Re: Maintainer nominations

Yacov
 

>  and was recently recognized as a Hyperledger significant contributor.


Just for the record.... only IBMers can access this link....        



From:        "Pam Andrejko" <pama@...>
To:        fabric@...
Date:        11/26/2019 12:26 AM
Subject:        [EXTERNAL] [Hyperledger Fabric] Maintainer nominations
Sent by:        fabric@...




All,

I would like to nominate two new Documentation maintainers for the Hyperledger Fabric project. They are Chris Gabriel (Hyperchain Labs) and Joe Alewine (IBM).

Chris has been an instrumental member of the Documentation community workgroup for several years now. In addition to being a regular content reviewer and contributor, he is a consumer of Fabric in his own Hyperchain Labs business that he founded. The insights, perspective, and content that he's provided based on his experience have been invaluable to the documentation work group and Fabric community as a whole.

Joe has been providing important Fabric documentation for over two and half years, is recognized as an expert on the ordering service, the Fabric upgrade process and channel capabilities, and was recently recognized as a Hyperledger significant contributor.

Adding two more Documentation Maintainers will greatly facilitate the addition and approval of Fabric documentation content going forward.

I have opened a separate PR for each nomination:

Chris Gabriel - https://github.com/hyperledger/fabric/pull/317
Joe Alewine - https://github.com/hyperledger/fabric/pull/316

I'm requesting that existing maintainers review the nominations and indicate whether they agree with a comment in the PR. Other’s are welcome to provide their input.

Warm regards,
Pam Andrejko





Maintainer nominations

Pam Andrejko
 

All,

I would like to nominate two new Documentation maintainers for the Hyperledger Fabric project. They are Chris Gabriel (Hyperchain Labs) and Joe Alewine (IBM).

Chris has been an instrumental member of the Documentation community workgroup for several years now. In addition to being a regular content reviewer and contributor, he is a consumer of Fabric in his own Hyperchain Labs business that he founded. The insights, perspective, and content that he's provided based on his experience have been invaluable to the documentation work group and Fabric community as a whole.

Joe has been providing important Fabric documentation for over two and half years, is recognized as an expert on the ordering service, the Fabric upgrade process and channel capabilities, and was recently recognized as a Hyperledger significant contributor.

Adding two more Documentation Maintainers will greatly facilitate the addition and approval of Fabric documentation content going forward.

I have opened a separate PR for each nomination:

Chris Gabriel - https://github.com/hyperledger/fabric/pull/317
Joe Alewine - https://github.com/hyperledger/fabric/pull/316

I'm requesting that existing maintainers review the nominations and indicate whether they agree with a comment in the PR. Other’s are welcome to provide their input.

Warm regards,
Pam Andrejko


Re: Proposal : Hyperledger Fabric block archiving

Yacov
 

Hey Atsushi,

one thing I noticed while skimming the code, is that while you send the ArchivedBlockFileMsg via gossip, you are not ensuring it is eventually propagated to peers successfully.

This means that if a peer didn't get the message, it won't archive your file.

I suggest that you think of a more robust mechanism, like periodically comparing digests of ranges.

The code in https://github.com/hyperledger-labs/fabric-block-archiving/blob/master/gossip/gossip/pull/pullstore.go is a generic pull mechanism based on digests.  You might want to give it a look.


- Yacov.



From:        "Manish" <manish.sethi@...>
To:        nekia <atsushin@...>
Cc:        "fabric@..." <fabric@...>
Date:        11/25/2019 10:50 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Proposal : Hyperledger Fabric block archiving
Sent by:        fabric@...




Hi Atsushi,

Thanks for your proposal and at high level the objective makes sense to me and below is my high level observations that you may want to consider. 

First, the fundamental assumption that you make is that all the block files are same across peers is incorrect. The block files are not guaranteed to contain same number of blocks across peers. This is because a block file is bounded by the file size and not by the  number of blocks. Further, the size of a given block may vary slightly on each peer. Though the header and the data section of a blocks are of same size across peers but this difference in overall size could be caused by the metadata section which contains concenter signatures. In addition, on some of the peers, the metadata may also include block commit hash as an additional data. So, either you have to operate at the block numbers (i.e., during purging an archiver client on a peer deals a file that should be purged partially based on where in the file the target block is located) or if you want to deal at the files level the archiver client could just consider files up to previous file.

Second, there are certain kind of queries for which a peer assumes the presence of block files in the current way. This primarily includes history queries, blocks related queries, and txid related queries. These queries may start failing or lead to crashes or unexpected results if you simply delete the files. I did not see any details in your design how you plan to handle these. The potential solutions may range from simply denying these kind of queries to more sophisticated solution such as serving the queries by involving the  achiever repository. However, in either of these the challenge would be to know that the desired block/ transaction has been purged from the local peer (e.g., consider blockByHash or transactionByTxid kind of queries.)

Third, somewhat similar to the second point above, peer has a feature wherein it rebuilds the statedb and historydb if they are dropped and peer is simply restarted. For this feature as well it relies on the percense of blockfiles.

Fourth, I am not sure if gossip is the right communication mechanism that you want to employ for this communication. An archiver client perhaps can simply poll (or register for updates with) the archiver repository.

Finally, I would like to understand in more details what are the benefits of having a separate repository? Why not simply let the files be there on the anchor peer and purge from other peers? If the answer is compression, then ideally we should explore a choise of writing the data in blockfiles in compressed format.


Hope this helps.

Thanks,
Manish


On Thu, Nov 14, 2019 at 10:26 PM nekia <atsushin@...> wrote:
Hello everybody,

 

 

I’d like to propose a new feature ‘block archiving’ for Hyperledger Fabric. We are working on this block archiving project which is listed under Hyperledger Labs repository. Our current main efforts are focused on improvement of reliability. If we could get some feedback on our proposed feature from members involved in Hyperledger Fabric implementation, it’ll be quite useful for further improvement of UX.

 

- Hyperledger Fabric Block Archiving

    https://github.com/hyperledger-labs/fabric-block-archiving

 

    This enhancement for Hyperledger Fabric is aiming to:

 

        - Reduce the total amount of storage space required for an organisation to operate a Hyperledger Fabric network by archiving block data into repository.

        - For organisations, operate a Hyperledger Fabric network with low resourced nodes, such as a IoT edge devices for example.

 

- Our proposal

    https://github.com/hyperledger-labs/hyperledger-labs.github.io/blob/master/labs/fabric-block-archiving.md

 

- Technical overview

    https://github.com/nekia/fabric-block-archiving/blob/techoverview/BlockVault%20-%20Technical%20Overview.pdf

 

 

Kind regards,

Atsushi Neki

RocketChat:  nekia

 

Atsushi Neki
Senior Software Development Engineer

Fujitsu Australia Software Technology Pty Ltd

14 Rodborough Road, Frenchs Forest NSW 2086, Australia
T
+61 2 9452 9036 M +61 428 223 387

AtsushiN@...
fastware.com.au


Disclaimer

The information in this e-mail is confidential and may contain content that is subject to copyright and/or is commercial-in-confidence and is intended only for the use of the above named addressee. If you are not the intended recipient, you are hereby notified that dissemination, copying or use of the information is strictly prohibited. If you have received this e-mail in error, please telephone Fujitsu Australia Software Technology Pty Ltd on + 61 2 9452 9000 or by reply e-mail to the sender and delete the document and all copies thereof.

Whereas Fujitsu Australia Software Technology Pty Ltd would not knowingly transmit a virus within an email communication, it is the receiver’s responsibility to scan all communication and any files attached for computer viruses and other defects. Fujitsu Australia Software Technology Pty Ltd does not accept liability for any loss or damage (whether direct, indirect, consequential or economic) however caused, and whether by negligence or otherwise, which may result directly or indirectly from this communication or any files attached.

If you do not wish to receive commercial and/or marketing email messages from Fujitsu Australia Software Technology Pty Ltd, please email unsubscribe@...





Re: Proposal : Hyperledger Fabric block archiving

Manish
 

Hi Atsushi,

Thanks for your proposal and at high level the objective makes sense to me and below is my high level observations that you may want to consider. 

First, the fundamental assumption that you make is that all the block files are same across peers is incorrect. The block files are not guaranteed to contain same number of blocks across peers. This is because a block file is bounded by the file size and not by the  number of blocks. Further, the size of a given block may vary slightly on each peer. Though the header and the data section of a blocks are of same size across peers but this difference in overall size could be caused by the metadata section which contains concenter signatures. In addition, on some of the peers, the metadata may also include block commit hash as an additional data. So, either you have to operate at the block numbers (i.e., during purging an archiver client on a peer deals a file that should be purged partially based on where in the file the target block is located) or if you want to deal at the files level the archiver client could just consider files up to previous file.

Second, there are certain kind of queries for which a peer assumes the presence of block files in the current way. This primarily includes history queries, blocks related queries, and txid related queries. These queries may start failing or lead to crashes or unexpected results if you simply delete the files. I did not see any details in your design how you plan to handle these. The potential solutions may range from simply denying these kind of queries to more sophisticated solution such as serving the queries by involving the  achiever repository. However, in either of these the challenge would be to know that the desired block/ transaction has been purged from the local peer (e.g., consider blockByHash or transactionByTxid kind of queries.)

Third, somewhat similar to the second point above, peer has a feature wherein it rebuilds the statedb and historydb if they are dropped and peer is simply restarted. For this feature as well it relies on the percense of blockfiles.

Fourth, I am not sure if gossip is the right communication mechanism that you want to employ for this communication. An archiver client perhaps can simply poll (or register for updates with) the archiver repository.

Finally, I would like to understand in more details what are the benefits of having a separate repository? Why not simply let the files be there on the anchor peer and purge from other peers? If the answer is compression, then ideally we should explore a choise of writing the data in blockfiles in compressed format.


Hope this helps.

Thanks,
Manish


On Thu, Nov 14, 2019 at 10:26 PM nekia <atsushin@...> wrote:

Hello everybody,

 

 

I’d like to propose a new feature ‘block archiving’ for Hyperledger Fabric. We are working on this block archiving project which is listed under Hyperledger Labs repository. Our current main efforts are focused on improvement of reliability. If we could get some feedback on our proposed feature from members involved in Hyperledger Fabric implementation, it’ll be quite useful for further improvement of UX.

 

- Hyperledger Fabric Block Archiving

    https://github.com/hyperledger-labs/fabric-block-archiving

 

    This enhancement for Hyperledger Fabric is aiming to:

 

        - Reduce the total amount of storage space required for an organisation to operate a Hyperledger Fabric network by archiving block data into repository.

        - For organisations, operate a Hyperledger Fabric network with low resourced nodes, such as a IoT edge devices for example.

 

- Our proposal

    https://github.com/hyperledger-labs/hyperledger-labs.github.io/blob/master/labs/fabric-block-archiving.md

 

- Technical overview

    https://github.com/nekia/fabric-block-archiving/blob/techoverview/BlockVault%20-%20Technical%20Overview.pdf

 

 

Kind regards,

Atsushi Neki

RocketChat:  nekia

 

Atsushi Neki
Senior Software Development Engineer

Fujitsu Australia Software Technology Pty Ltd

14 Rodborough Road, Frenchs Forest NSW 2086, Australia
T +61 2 9452 9036 M +61 428 223 387
AtsushiN@...
fastware.com.au


Disclaimer

The information in this e-mail is confidential and may contain content that is subject to copyright and/or is commercial-in-confidence and is intended only for the use of the above named addressee. If you are not the intended recipient, you are hereby notified that dissemination, copying or use of the information is strictly prohibited. If you have received this e-mail in error, please telephone Fujitsu Australia Software Technology Pty Ltd on + 61 2 9452 9000 or by reply e-mail to the sender and delete the document and all copies thereof.


Whereas Fujitsu Australia Software Technology Pty Ltd would not knowingly transmit a virus within an email communication, it is the receiver’s responsibility to scan all communication and any files attached for computer viruses and other defects. Fujitsu Australia Software Technology Pty Ltd does not accept liability for any loss or damage (whether direct, indirect, consequential or economic) however caused, and whether by negligence or otherwise, which may result directly or indirectly from this communication or any files attached.


If you do not wish to receive commercial and/or marketing email messages from Fujitsu Australia Software Technology Pty Ltd, please email unsubscribe@...


Re: Multi-network node deployments #fabric

Nye Liu <nye@...>
 

Private VLAN/VPN, or do a proper public IP p2p setup w/o docker swarm.

Again, docker swarm and k8s are great for distributed microservices and big load balanced, asymmetrical client/server stacks, not p2p. They're both designed by those uninterested in symmetric, stateful node, p2p applications. There are a ton of hacks to get around the various networking issues, but IMO they all try to fit a square peg into a round hole.

On 11/25/2019 8:33 AM, Nancy Min wrote:

Thanks Tong.

 

We are currently using Docker swarm as a method of deploying a Fabric network across multiple hosts. However, this solution can only be properly applied to hosts inside the same LAN. Our attempts to deploy the Fabric network to other remote locations using swarm have been problematic. The simplest solution we have so far is to use port forwarding to make manager nodes publicly accessible to the internet and creating the swarm network that way. This has the unfortunate draw back of creating a dependency for the worker nodes as they require certain manager nodes to communicate with the rest of the network. What are our options for deploying a Fabric network across multiple remote locations, each with their distinct internet networks?

 

Nancy Min

ecoLong

Tel/Direct: +1 518 703 6088

www.ecolongllc.com

 

From: Tong Li <litong01@...>
Sent: Thursday, October 17, 2019 4:36 PM
To: Nancy Min <Nancym@...>
Cc: fabric@...
Subject: Re: [Hyperledger Fabric] Multi-network node deployments #fabric

 

if you have k8s, then it will be very easy to do this and please look into cello ansible agent.

Thanks.

Tong Li
IBM Open Technology


"Nancy Min" ---10/17/2019 04:20:48 PM---Hi All, We're interested in different methods to facilitate multi-network node deployments. One opti

From: "Nancy Min" <Nancym@...>
To: fabric@...
Date: 10/17/2019 04:20 PM
Subject: [EXTERNAL] [Hyperledger Fabric] Multi-network node deployments #fabric
Sent by: fabric@...





Hi All,

We're interested in different methods to facilitate multi-network node deployments. One option we've thought of is to communicate with nodes hosted on different networks by using port forwarding on both ends in order for swarm connections to occur. Are there better ways to do this?

Thanks,
Nancy



Re: Multi-network node deployments #fabric

email4tong@gmail.com
 

I highly suggest that you look into cello ansible agent to deploy your network onto k8s environment. Here is the doc on how to do that. hyperledger/cello

Please let me know if you have questions or errors doing it.


On Monday, November 25, 2019, 11:35:47 AM EST, Nancy Min <nancym@...> wrote:


Thanks Tong.

 

We are currently using Docker swarm as a method of deploying a Fabric network across multiple hosts. However, this solution can only be properly applied to hosts inside the same LAN. Our attempts to deploy the Fabric network to other remote locations using swarm have been problematic. The simplest solution we have so far is to use port forwarding to make manager nodes publicly accessible to the internet and creating the swarm network that way. This has the unfortunate draw back of creating a dependency for the worker nodes as they require certain manager nodes to communicate with the rest of the network. What are our options for deploying a Fabric network across multiple remote locations, each with their distinct internet networks?

 

Nancy Min

ecoLong

Tel/Direct: +1 518 703 6088

www.ecolongllc.com

 

From: Tong Li <litong01@...>
Sent: Thursday, October 17, 2019 4:36 PM
To: Nancy Min <Nancym@...>
Cc: fabric@...
Subject: Re: [Hyperledger Fabric] Multi-network node deployments #fabric

 

if you have k8s, then it will be very easy to do this and please look into cello ansible agent.

Thanks.

Tong Li
IBM Open Technology


Inactive hide details for "Nancy Min" ---10/17/2019 04:20:48 PM---Hi All, We're interested in different methods to facilitate multi-network node deployments. One opti

From: "Nancy Min" <Nancym@...>
To: fabric@...
Date: 10/17/2019 04:20 PM
Subject: [EXTERNAL] [Hyperledger Fabric] Multi-network node deployments #fabric
Sent by: fabric@...





Hi All,

We're interested in different methods to facilitate multi-network node deployments. One option we've thought of is to communicate with nodes hosted on different networks by using port forwarding on both ends in order for swarm connections to occur. Are there better ways to do this?

Thanks,
Nancy



Re: Multi-network node deployments #fabric

Nancy Min
 

Thanks Tong.

 

We are currently using Docker swarm as a method of deploying a Fabric network across multiple hosts. However, this solution can only be properly applied to hosts inside the same LAN. Our attempts to deploy the Fabric network to other remote locations using swarm have been problematic. The simplest solution we have so far is to use port forwarding to make manager nodes publicly accessible to the internet and creating the swarm network that way. This has the unfortunate draw back of creating a dependency for the worker nodes as they require certain manager nodes to communicate with the rest of the network. What are our options for deploying a Fabric network across multiple remote locations, each with their distinct internet networks?

 

Nancy Min

ecoLong

Tel/Direct: +1 518 703 6088

www.ecolongllc.com

 

From: Tong Li <litong01@...>
Sent: Thursday, October 17, 2019 4:36 PM
To: Nancy Min <Nancym@...>
Cc: fabric@...
Subject: Re: [Hyperledger Fabric] Multi-network node deployments #fabric

 

if you have k8s, then it will be very easy to do this and please look into cello ansible agent.

Thanks.

Tong Li
IBM Open Technology


"Nancy Min" ---10/17/2019 04:20:48 PM---Hi All, We're interested in different methods to facilitate multi-network node deployments. One opti

From: "Nancy Min" <Nancym@...>
To: fabric@...
Date: 10/17/2019 04:20 PM
Subject: [EXTERNAL] [Hyperledger Fabric] Multi-network node deployments #fabric
Sent by: fabric@...





Hi All,

We're interested in different methods to facilitate multi-network node deployments. One option we've thought of is to communicate with nodes hosted on different networks by using port forwarding on both ends in order for swarm connections to occur. Are there better ways to do this?

Thanks,
Nancy



Next Hyperledger Fabric Application Developer Community call - Thursday Nov 28th @ 4pm UTC (4pm UK) - 11am ET, 8am PT

Paul O'Mahoney <mahoney@...>
 

dear Fabric Application Developer,


the next  Fabric Application Developer community call is scheduled for this  Thursday Nov 28th @ 4pm UTC (4pm UK) - 11am ET (-5 hrs), 8am PT(-8 hrs) - see time zones.   It lasts approx 30-60 mins FYI.

The agenda will be posted here -> https://wiki.hyperledger.org/display/fabric/Meeting+Agendas%3A+Fabric+Application+Developer+Community+Call

This community call is held bi-weekly via Zoom webconference and is aimed at :

- helping the worldwide Hyperledger Fabric Application Developer community grow in their development journey (eg. developing applications, smart contracts,  developing application clients, using the SDKs, tutorials/demos etc - eg. spanning NodeJS/TypeScript, Java, Go etc etc) 
- helping App developers understand / hear more about exciting new things in Fabric, eg. features upcoming or work in progress - ie things that appeal to the developer
- to foster more interest, best practices etc in developing applications (eg developing solutions, use cases) with Hyperledger Fabric. 
- opportunity to ask questions of the Fabric team eg. you may have feedback/questions on your experiences developing solutions with Fabric
- to share stuff you've done with the community, eg sample code / sample use cases that others may be interested in

If you wish to share content on a call, just let me know via email direct or DM me on Rocketchat (ID: mahoney1) and I'll put an item on the agenda. Provide the following:
- the topic (state whether its presentation, or demo etc)
- the full name of the presenter, and 
- approx length of your pitch in minutes


The Zoom webconference ID is https://zoom.us/my/hyperledger.community   

More information can be found on the community page -> https://wiki.hyperledger.org/display/fabric/Fabric+Application+Developer+Community+Calls

You can get calendar invites (eg iCal) here

many thanks for your time - feel free to forward this email if you think it is of interest to a colleague.

Paul O'Mahony
Community Lead - Hyperledger Fabric Developer Community
RocketChat:  mahoney1

mahoney@...



Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: #fabric #raft Orderers and organization, how to organize them? #fabric #raft

Todd Little
 

Why is it a "best practice" to have different CAs for peers and for orderers?  What potential problems is this solving over having a single CA for both?

Regards,
Todd


Re: #fabric #raft Orderers and organization, how to organize them? #fabric #raft

Jean-Gaël Dominé <jgdomine@...>
 

Yueming,

From the description you gave and Joe's explanation, you should have two CAs instead one of to issue the certificates for both MSPs (One for org1MSP and one for org1OrdererMSP). Joe explained that the same root certificate (thus Certificate Authority) should not issue the peers and orderers artifacts.
Technically nothing prevents you from doing so but from a best practice perspective, that should be the case.

Hope I'm not mistaken

Jean-Gaël


Re: #fabric #raft Orderers and organization, how to organize them? #fabric #raft

Yueming Xu
 

As I understand it, each org is similar to a real-world business entity, and should have its own CA. Each org may or may not own an orderer node. If an org contributes both peer and orderer nodes, however, you need to define 2 MSP’s, e.g., org1MSP and org1OrdererMSP. But you can use the same org1CA to issue certificates for both MSP’s, since they belong to the same business entity. 

Yueming Xu


Re: #fabric #raft Orderers and organization, how to organize them? #fabric #raft

Joe Alewine <joe.alewine@...>
 

Yes, as I keep saying, your peers and ordering nodes should belong to different Fabric organizations. If there are subgroupings within a large entity like a bank, this separation should still happen between peer and orderer orgs, only now within each subgrouping.
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 

----- Original message -----
From: Harris Niavis <harniavis@...>
To: Joe Alewine <Joe.Alewine@...>
Cc: fabric@..., "Jean-Gaël Dominé" <jgdomine@...>
Subject: [EXTERNAL] Re: [Hyperledger Fabric] #fabric #raft Orderers and organization, how to organize them?
Date: Fri, Nov 22, 2019 11:14 AM
 
Thanks Joe,
 
So it is technically feasible but not recommended for decentralization purposes, right? 
 
I could imagine a use case where we don't have such a large organization with different arms like BoA and it could make sense to have a single organization for peers and orderers. e.g. the fisherman in the supply chain paradigm.
Should we still split the peers and orderers (of the same conceptual organization) to different fabric organizations?
 
Best,
Harris
 
On Fri, 22 Nov 2019 at 10:57, Joe Alewine <Joe.Alewine@...> wrote:
Harris,
 
This is not a recommended configuration. Each entity (ie, Bank of America) should have an org that owns their peers and a separate org that owns their ordering nodes. Regulations or business preferences might make it desirable (or necessary) for BOA to split up their operations even further (a different CA for their investment arm than for their housing arm, for example), but ordering nodes and peers should not have the same root of trust (the same root CA).
 
Fabric will ALLOW you to do this --- there is no internal mechanism that checks to make sure the roots of trust are different --- but it is not recommended.
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 
----- Original message -----
From: Harris Niavis <harniavis@...>
To: "Jean-Gaël Dominé" <jgdomine@...>, joe.alewine@...
Cc: fabric@...
Subject: [EXTERNAL] Re: [Hyperledger Fabric] #fabric #raft Orderers and organization, how to organize them?
Date: Fri, Nov 22, 2019 10:43 AM
 
Hi Joe and Jean,
 
Looking at the example of Jean I am wondering if it is possible to use Org1 and Org2 as the organizations of the orderers.
 
So instead of creating new organizations for each orderer (Org1Ord and Org2Ord), can I have a single Org1 for both peer1 and orderer1 and another Org2 for both peer2 and orderer2?
 
Best,
Harris
 
On Fri, 22 Nov 2019 at 10:24, Jean-Gaël Dominé <jgdomine@...> wrote:
Joe,

Thank you very much for your great explanation which was exactly the kind of insights I was looking for.
Unless I'm wrong (if so correct me please), the illustration I made in my previous post matches the description you made of the way things should be “organized".
It seems to me that the notion of organization in Fabric is now much clearer.

Thank you again for your time!

Jean-Gaël

 

 

 
 
 
 
 
--
Harris Niavis
Yale Institute of Network Science (YINS)
University of Thessaly (UTH)
Centre for Research and Technology Hellas (CERTH)
s: niavisharris