Date   

Peers with different heights #fabric #database #consensus

Joao Antunes
 

Hi to all,

Currently, in my setup, I have 2 organizations with 2 peers each. Also have 2 Orderers, one per each organization, and a CA per Organization too.
They have a Kafkas and Zookeepers consensus mechanism.
Running the `peer channel getinfo -c mychannel` command on all peers I receive the following:


Peer 1 org 1 - 

Blockchain info: {"height":4120,"currentBlockHash":"rmA39fxfCBU5AcGEOq6gErwtBILcucnhcAbnPQ7y2m0=","previousBlockHash":"toGGvdXZZwiCg2ncC7jcWkbUvfmuohEtT45YSUutZLA="}

Peer 2 org 1 - 

Blockchain info: {"height":2875,"currentBlockHash":"mz7qXXPLXNNMY5WMbOiuQdMebURa9NZL9FQsOu6Io3w=","previousBlockHash":"kfM/90uFTho48EXzphOX2ZFhIjgFKNzTjKK/z53hrhc="}

Peer 1 org 2 - 

Blockchain info: {"height":4120,"currentBlockHash":"rmA39fxfCBU5AcGEOq6gErwtBILcucnhcAbnPQ7y2m0=","previousBlockHash":"toGGvdXZZwiCg2ncC7jcWkbUvfmuohEtT45YSUutZLA="}

Peer 2 org 2 - 

Blockchain info: {"height":4120,"currentBlockHash":"rmA39fxfCBU5AcGEOq6gErwtBILcucnhcAbnPQ7y2m0=","previousBlockHash":"toGGvdXZZwiCg2ncC7jcWkbUvfmuohEtT45YSUutZLA="}




 

Peer 2 org 1 has a different height. Is there something that we can configure for it to be updated automatically? Is Kafka badly set up? Is something on the peer configs?

Currently running the network on 1.4 version.


Re: Alternative of cryptogen for Prod

Joe Alewine <joe.alewine@...>
 

Hakan,
 
Fabric doesn't care if you use certificates you wrote on a cocktail napkin. You could probably, technically speaking, use the same certificate everywhere, for everything. But that does not mean that this would be a "production" deployment.
 
The need for true Root CAs and Certificate Authorities in general is not something Hyperledger Fabric invented. It's a standard part of Public Key Infrastructure. Other organizations rely on their trust in the Root CA cert to validate certificates. No one in a production environment is going to trust cryptogen.
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 

----- Original message -----
From: "Hakan Eryargi" <hakan.eryargi@...>
Sent by: fabric@...
To: Joe Alewine <joe.alewine@...>, jgdomine@...
Cc: fabric@...
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Alternative of cryptogen for Prod
Date: Wed, Nov 6, 2019 8:47 AM
 
Hi Jean-Gaël and Joe,
 
This is not my understanding.
 
1. Fabric doesnt care about if root certificate is self-signed or not. Root certificate of an organization is encoded in the genesis block, Fabric only cares about it.
2. CA doesnt create the root certificate, you need feed it the root certificate so it can create other certificates. Peer, user, admin etc.
 
So either using CA or not, one needs to create the root certificate. IMHO doesnt really matter if self-signed or not. After that, it's a matter of choice use CA or  cryptogen to create other certificates.
 
Please correct me if i am wrong about above. 
 
Otherwise I dont see a real issue about using cryptogen in production.
 
In our flow, we create all the initial certificates with cryptogen, launch the network including CA's, then use CA to register users. Our intention is using the same flow in production too unless someone provides a more convenient tool to create the initial certificates.
 
Best,
Hakan
 
On Wed, Nov 6, 2019 at 2:36 PM Joe Alewine <joe.alewine@...> wrote:
Hakan,
 
Generating certificates using a Certificate Authority (and not cryptogen) is a fact of life for Hyperledger Fabric users who are interested in deploying something in production. Cryptogen is a handy tool for application developers who only want to deploy a network they can test smart contracts and apps against and explicitly not meant (or supported) for production networks. It's analogous to printing your own identification card at home and expecting that government agencies and businesses will accept it as being valid.
 
The sooner you get used to creating certificates and MSPs using a CA, the better off you will be.
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 
----- Original message -----
From: hakan eryargi <hakan.eryargi@...>
To: Abhijeet Bhowmik <abhijeet@...>
Cc: Joe Alewine <joe.alewine@...>, fabric@...
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Alternative of cryptogen for Prod
Date: Wed, Nov 6, 2019 7:29 AM
 
Hi,
 
To my knowledge, cryptogen is the most convenient tool for now to create the initial certificates.  

I dont want to create the certificates manually, nor want to write some scripts for certificate creation. Maybe cryptogen is not intended for this purpose but best option for now, especially if you dont need additional stuff in certificates.  

So, if there is no real issue with it, like a security threat or whatever, we plan to go production with cryptogen . 

It will also be nice if cryptogen is even more developed to cover other needs too :) 

Best,

Hakan
 
On Tue, Nov 5, 2019 at 4:40 AM Abhijeet Bhowmik <abhijeet@...> wrote:
Hey,
 
Thanks to all for the help. I am extremely grateful to everyone.
 
Abhijeet Bhowmik
 
On Mon, Nov 4, 2019 at 9:51 PM Joe Alewine <joe.alewine@...> wrote:
Abhijeet,
 
Certificate Authorities --- specifically, the Fabric CA --- should be used to create all of the certificates in a production scenario (it is a best practice tp stand up one CA for each organization and the organization's related identities, MSP, and nodes).
 
Consult the Fabric CA User's Guide for more information: https://hyperledger-fabric-ca.readthedocs.io/en/latest/
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 
----- Original message -----
From: "Nye Liu" <nye@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Alternative of cryptogen for Prod
Date: Sun, Nov 3, 2019 7:43 AM
 

It is described in the Operations Guide.

On 11/3/2019 1:11 AM, Abhijeet Bhowmik wrote:
Hey,
 
Just to be specific, I was referring to the certificates that we set up at peers and place public keys at orderer. From where do we obtain that folder structure (MSP and TLS)?
 
Thanks and Regards
Abhijeet Bhowmik
 
On Sun, Nov 3, 2019 at 10:44 AM Mrudav Shukla <mrudavshukla@...> wrote:
Hi Abhijeet,
 
For prod, you’ll need to generate certs from CAs. References:
Cheers,
Mrudav 
 
On Sun, 3 Nov 2019 at 10:22 AM, Abhijeet Bhowmik <abhijeet@...> wrote:
Greetings Everyone,
 
I am dwelling in the answer of the question: "If not cryptogen in Prod, then what and how?".
Right now, generating org certificates is a pretty straightforward task while getting started with HLF. But after reading the docs, the question has been thrown upon me that how can we configure certificates in Prod. I know it's a naive question to ask but being a beginner and stepping my first foot into actually hosting fabric application, I am obliged to ask the community to help me out.
 
 
Thanks and Regards
Abhijeet Bhowmik
 
 

 

 

 

 

 
 

 

 

 


Re: Alternative of cryptogen for Prod

Jean-Gaël Dominé <jgdomine@...>
 

Hi Hakan

For the 2), you have several options: 
a) The CA generates self-signed certificate and key
b) you provide them to the CA (manually or HSM)
So the CA does create the root certificate if you want him to.

As for the 1), I agree that it is encoded in the genesis block but how can two organizations trust each other if you use self-signed certificates that you cannot verify by a public certification authority?
To me it is not because the Fabric network runs correctly and trusts everything happening in it that it makes a trustworthy Hyperledger blockchain. You need to be sure that the participants are who they pretend to be and to me this is not possible through the use of cryptogen.

But again this is my understanding of Hyperledger Fabric

Regards,

JG


Re: Alternative of cryptogen for Prod

Hakan Eryargi
 

Hi Jean-Gaël and Joe,

This is not my understanding.

1. Fabric doesnt care about if root certificate is self-signed or not. Root certificate of an organization is encoded in the genesis block, Fabric only cares about it.
2. CA doesnt create the root certificate, you need feed it the root certificate so it can create other certificates. Peer, user, admin etc.

So either using CA or not, one needs to create the root certificate. IMHO doesnt really matter if self-signed or not. After that, it's a matter of choice use CA or  cryptogen to create other certificates.

Please correct me if i am wrong about above. 

Otherwise I dont see a real issue about using cryptogen in production.

In our flow, we create all the initial certificates with cryptogen, launch the network including CA's, then use CA to register users. Our intention is using the same flow in production too unless someone provides a more convenient tool to create the initial certificates.

Best,
Hakan

On Wed, Nov 6, 2019 at 2:36 PM Joe Alewine <joe.alewine@...> wrote:
Hakan,
 
Generating certificates using a Certificate Authority (and not cryptogen) is a fact of life for Hyperledger Fabric users who are interested in deploying something in production. Cryptogen is a handy tool for application developers who only want to deploy a network they can test smart contracts and apps against and explicitly not meant (or supported) for production networks. It's analogous to printing your own identification card at home and expecting that government agencies and businesses will accept it as being valid.
 
The sooner you get used to creating certificates and MSPs using a CA, the better off you will be.
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 
----- Original message -----
From: hakan eryargi <hakan.eryargi@...>
To: Abhijeet Bhowmik <abhijeet@...>
Cc: Joe Alewine <joe.alewine@...>, fabric@...
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Alternative of cryptogen for Prod
Date: Wed, Nov 6, 2019 7:29 AM
 
Hi,
 
To my knowledge, cryptogen is the most convenient tool for now to create the initial certificates.  

I dont want to create the certificates manually, nor want to write some scripts for certificate creation. Maybe cryptogen is not intended for this purpose but best option for now, especially if you dont need additional stuff in certificates.  

So, if there is no real issue with it, like a security threat or whatever, we plan to go production with cryptogen . 

It will also be nice if cryptogen is even more developed to cover other needs too :) 

Best,

Hakan
 
On Tue, Nov 5, 2019 at 4:40 AM Abhijeet Bhowmik <abhijeet@...> wrote:
Hey,
 
Thanks to all for the help. I am extremely grateful to everyone.
 
Abhijeet Bhowmik
 
On Mon, Nov 4, 2019 at 9:51 PM Joe Alewine <joe.alewine@...> wrote:
Abhijeet,
 
Certificate Authorities --- specifically, the Fabric CA --- should be used to create all of the certificates in a production scenario (it is a best practice tp stand up one CA for each organization and the organization's related identities, MSP, and nodes).
 
Consult the Fabric CA User's Guide for more information: https://hyperledger-fabric-ca.readthedocs.io/en/latest/
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 
----- Original message -----
From: "Nye Liu" <nye@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Alternative of cryptogen for Prod
Date: Sun, Nov 3, 2019 7:43 AM
 

It is described in the Operations Guide.

On 11/3/2019 1:11 AM, Abhijeet Bhowmik wrote:
Hey,
 
Just to be specific, I was referring to the certificates that we set up at peers and place public keys at orderer. From where do we obtain that folder structure (MSP and TLS)?
 
Thanks and Regards
Abhijeet Bhowmik
 
On Sun, Nov 3, 2019 at 10:44 AM Mrudav Shukla <mrudavshukla@...> wrote:
Hi Abhijeet,
 
For prod, you’ll need to generate certs from CAs. References:
Cheers,
Mrudav 
 
On Sun, 3 Nov 2019 at 10:22 AM, Abhijeet Bhowmik <abhijeet@...> wrote:
Greetings Everyone,
 
I am dwelling in the answer of the question: "If not cryptogen in Prod, then what and how?".
Right now, generating org certificates is a pretty straightforward task while getting started with HLF. But after reading the docs, the question has been thrown upon me that how can we configure certificates in Prod. I know it's a naive question to ask but being a beginner and stepping my first foot into actually hosting fabric application, I am obliged to ask the community to help me out.
 
 
Thanks and Regards
Abhijeet Bhowmik
 
 

 

 

 

 

 


Re: Alternative of cryptogen for Prod

Joe Alewine <joe.alewine@...>
 

Hakan,
 
Generating certificates using a Certificate Authority (and not cryptogen) is a fact of life for Hyperledger Fabric users who are interested in deploying something in production. Cryptogen is a handy tool for application developers who only want to deploy a network they can test smart contracts and apps against and explicitly not meant (or supported) for production networks. It's analogous to printing your own identification card at home and expecting that government agencies and businesses will accept it as being valid.
 
The sooner you get used to creating certificates and MSPs using a CA, the better off you will be.
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 

----- Original message -----
From: hakan eryargi <hakan.eryargi@...>
To: Abhijeet Bhowmik <abhijeet@...>
Cc: Joe Alewine <joe.alewine@...>, fabric@...
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Alternative of cryptogen for Prod
Date: Wed, Nov 6, 2019 7:29 AM
 
Hi,
 
To my knowledge, cryptogen is the most convenient tool for now to create the initial certificates.  

I dont want to create the certificates manually, nor want to write some scripts for certificate creation. Maybe cryptogen is not intended for this purpose but best option for now, especially if you dont need additional stuff in certificates.  

So, if there is no real issue with it, like a security threat or whatever, we plan to go production with cryptogen . 

It will also be nice if cryptogen is even more developed to cover other needs too :) 

Best,

Hakan
 
On Tue, Nov 5, 2019 at 4:40 AM Abhijeet Bhowmik <abhijeet@...> wrote:
Hey,
 
Thanks to all for the help. I am extremely grateful to everyone.
 
Abhijeet Bhowmik
 
On Mon, Nov 4, 2019 at 9:51 PM Joe Alewine <joe.alewine@...> wrote:
Abhijeet,
 
Certificate Authorities --- specifically, the Fabric CA --- should be used to create all of the certificates in a production scenario (it is a best practice tp stand up one CA for each organization and the organization's related identities, MSP, and nodes).
 
Consult the Fabric CA User's Guide for more information: https://hyperledger-fabric-ca.readthedocs.io/en/latest/
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 
----- Original message -----
From: "Nye Liu" <nye@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Alternative of cryptogen for Prod
Date: Sun, Nov 3, 2019 7:43 AM
 

It is described in the Operations Guide.

On 11/3/2019 1:11 AM, Abhijeet Bhowmik wrote:
Hey,
 
Just to be specific, I was referring to the certificates that we set up at peers and place public keys at orderer. From where do we obtain that folder structure (MSP and TLS)?
 
Thanks and Regards
Abhijeet Bhowmik
 
On Sun, Nov 3, 2019 at 10:44 AM Mrudav Shukla <mrudavshukla@...> wrote:
Hi Abhijeet,
 
For prod, you’ll need to generate certs from CAs. References:
Cheers,
Mrudav 
 
On Sun, 3 Nov 2019 at 10:22 AM, Abhijeet Bhowmik <abhijeet@...> wrote:
Greetings Everyone,
 
I am dwelling in the answer of the question: "If not cryptogen in Prod, then what and how?".
Right now, generating org certificates is a pretty straightforward task while getting started with HLF. But after reading the docs, the question has been thrown upon me that how can we configure certificates in Prod. I know it's a naive question to ask but being a beginner and stepping my first foot into actually hosting fabric application, I am obliged to ask the community to help me out.
 
 
Thanks and Regards
Abhijeet Bhowmik
 
 

 

 

 

 

 


Re: Alternative of cryptogen for Prod

Jean-Gaël Dominé <jgdomine@...>
 

Hi,

cryptogen uses self-signed root certificates to generate all the other certificates and keys.
IMHO one of the purposes of a blockchain is to bring trust between entities that do not necessarily "trust" each other. As the certificates and keys are used by Fabric to ensure that every component participating in the network is who it pretends to be and is also authorized to perform its actions, I don't see how it can work with self-signed certificates.
That is why the CA (or a replacement) is here for because you should use root certificates that can be verified by a certification authority.

To me, cryptogen should never be used beyond development environments.

I'm no expert in this matter but that is my understanding of Fabric on this aspect

Hope this helps

JG


Re: Alternative of cryptogen for Prod

Hakan Eryargi
 

Hi,

To my knowledge, cryptogen is the most convenient tool for now to create the initial certificates.  

I dont want to create the certificates manually, nor want to write some scripts for certificate creation. Maybe cryptogen is not intended for this purpose but best option for now, especially if you dont need additional stuff in certificates.  

So, if there is no real issue with it, like a security threat or whatever, we plan to go production with cryptogen . 

It will also be nice if cryptogen is even more developed to cover other needs too :) 

Best,

Hakan

On Tue, Nov 5, 2019 at 4:40 AM Abhijeet Bhowmik <abhijeet@...> wrote:
Hey,

Thanks to all for the help. I am extremely grateful to everyone.

Abhijeet Bhowmik

On Mon, Nov 4, 2019 at 9:51 PM Joe Alewine <joe.alewine@...> wrote:
Abhijeet,
 
Certificate Authorities --- specifically, the Fabric CA --- should be used to create all of the certificates in a production scenario (it is a best practice tp stand up one CA for each organization and the organization's related identities, MSP, and nodes).
 
Consult the Fabric CA User's Guide for more information: https://hyperledger-fabric-ca.readthedocs.io/en/latest/
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 
----- Original message -----
From: "Nye Liu" <nye@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Alternative of cryptogen for Prod
Date: Sun, Nov 3, 2019 7:43 AM
 

It is described in the Operations Guide.

On 11/3/2019 1:11 AM, Abhijeet Bhowmik wrote:
Hey,
 
Just to be specific, I was referring to the certificates that we set up at peers and place public keys at orderer. From where do we obtain that folder structure (MSP and TLS)?
 
Thanks and Regards
Abhijeet Bhowmik
 
On Sun, Nov 3, 2019 at 10:44 AM Mrudav Shukla <mrudavshukla@...> wrote:
Hi Abhijeet,
 
For prod, you’ll need to generate certs from CAs. References:
Cheers,
Mrudav 
 
On Sun, 3 Nov 2019 at 10:22 AM, Abhijeet Bhowmik <abhijeet@...> wrote:
Greetings Everyone,
 
I am dwelling in the answer of the question: "If not cryptogen in Prod, then what and how?".
Right now, generating org certificates is a pretty straightforward task while getting started with HLF. But after reading the docs, the question has been thrown upon me that how can we configure certificates in Prod. I know it's a naive question to ask but being a beginner and stepping my first foot into actually hosting fabric application, I am obliged to ask the community to help me out.
 
 
Thanks and Regards
Abhijeet Bhowmik
 


Re: Hyperledger Fabric Scalability

Christopher Ferris
 

Alok,

I wrote a couple of blog posts earlier this year on Hyperledger Fabric performance and scale.

There have been some more recent improvements that should improve performance even more when 2.0 ships.
I'll have another post up with those results. There are some additional efforts in the community where performance
has been pushed even further.

Hope this helps.

Chris


On Wed, Nov 6, 2019 at 3:36 AM alok gupta <metech11@...> wrote:
Hello There,

We are conducting a POC for Oil & GAS Retail automation. In which, we are recording all digital/ cash sales onto the Fabric ledger. We monitor the stock levels in the fuel tanks through smart contract. The idea is to replace the current automation system in India which requires massive investment in installation and maintenance. Our app is running successfully on a fuel station at a fuel station in Chandigarh, India. 

My query is about the scalability of fabric over no. of channel, organizations, and peers. Can we scale up our solution to connect the fuel companies ( IOCL. HPCL etc.) with India wide fuel stations? I have seen other use cases like Wallmart food safety where there are running a huge network on blockchain. To move forward in our idea, we need a clarity on scalability Please advise.

Thank you
Alok


Re: chaincode fingerprint ID is mismatching #fabric-chaincode #fabric-questions

Nicholas Leonardi
 

Hi Suresh, 
It must be the exact same folder with the exact same files when you install.
But that's not for production, here's what you do:
   
 1. In org1 where you instantiated the chaincode, run the the command 
"peer chaincode package -n chaincodeName -p /path/to/save -v 1 chaincodeName.pak -l node"

2. Install the chaincodeName.pak in org 2 with the following command
"peer chaincode install /path/to/chaincode/chaincodeName.pak"

That's the best way to always have the exact same chaincodes installed 




Em quarta-feira, 6 de novembro de 2019 06:55:58 BRT, suresh <tedlasuresh@...> escreveu:


Hi All,

Initially, I have Org1 in my fabric network. after that, I added Org2 into the consortium My question is I already install and instantiated the chain code in org1

Now I stall the same chaincode in Org2 peer nodes. But When I am querying the chaincode I am getting error i.e could not get chaincode code: chaincode fingerprint mismatch: data mismatch

Can any one help regarding this issue

Thanks
Suresh
 


chaincode fingerprint ID is mismatching #fabric-chaincode #fabric-questions

suresh <tedlasuresh@...>
 

Hi All,

Initially, I have Org1 in my fabric network. after that, I added Org2 into the consortium My question is I already install and instantiated the chain code in org1

Now I stall the same chaincode in Org2 peer nodes. But When I am querying the chaincode I am getting error i.e could not get chaincode code: chaincode fingerprint mismatch: data mismatch

Can any one help regarding this issue

Thanks
Suresh
 


Hyperledger Fabric Scalability

alok gupta
 

Hello There,

We are conducting a POC for Oil & GAS Retail automation. In which, we are recording all digital/ cash sales onto the Fabric ledger. We monitor the stock levels in the fuel tanks through smart contract. The idea is to replace the current automation system in India which requires massive investment in installation and maintenance. Our app is running successfully on a fuel station at a fuel station in Chandigarh, India. 

My query is about the scalability of fabric over no. of channel, organizations, and peers. Can we scale up our solution to connect the fuel companies ( IOCL. HPCL etc.) with India wide fuel stations? I have seen other use cases like Wallmart food safety where there are running a huge network on blockchain. To move forward in our idea, we need a clarity on scalability Please advise.

Thank you
Alok


Re: Testing tools for Hyperledger

Tong Li
 

Trevor,
you can take a look at this tool. https://github.com/litong01/hfrd

Thanks.

Tong Li
IBM Open Technology

"Trevor Lee Oakley" ---11/05/2019 07:53:49 PM---I need to test a HLF app, and I am seeking testing tools which can test the security, code audits,

From: "Trevor Lee Oakley" <trevor@...>
To: <fabric@...>
Date: 11/05/2019 07:53 PM
Subject: [EXTERNAL] [Hyperledger Fabric] Testing tools for Hyperledger
Sent by: fabric@...





I need to test a HLF app, and I am seeking testing tools which can test the security, code audits, efficiency etc of the systems.

Are there any utilities for such testing?

Thanks
Trevor






Testing tools for Hyperledger

Trevor Lee Oakley <trevor@...>
 

I need to test a HLF app, and I am seeking testing tools which can test the security, code audits, efficiency etc of the systems.
 
Are there any utilities for such testing?
 
Thanks
Trevor
 
 


Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

Yacov
 

PBFT has an "all to all" message pattern, so it means that all nodes need to send to all nodes messages.
While it can sustain up to a third faults, it doesn't mean you'd want to run a deployment of PBFT where you'll have a third of the nodes disconnected....



From:        "Ivan Ch" <acizlan@...>
To:        fabric@...
Date:        11/05/2019 05:18 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Major security hole in Hyperledger Fabric - Private Data is not private #fabric #fabric-questions #fabric-dstorage #database #dstorage #dstorage-fabric #fabric-chaincode #ssl
Sent by:        fabric@...




If you have trouble opening ports between companies, you shouldn't use a Blockchain at all, since Blockchain is a decentralized peer to peer protocol.
this statement is so flawed, there is no such requirement in ALL public blockchains. at most you can say is this is true for private/consortium blockchains, even that is terribly flawed since even PBFT does, in theory, allow up to 1/3 disconnected peers.

you can never build a consortium while expecting everyone will open firewalls to each other, especially for international projects. it just can't be done, period.



 




Re: Major security hole in Hyperledger Fabric - Private Data is not private #fabric-chaincode #ssl #fabric #fabric-questions #fabric-dstorage

Ivan Ch <acizlan@...>
 

If you have trouble opening ports between companies, you shouldn't use a Blockchain at all, since Blockchain is a decentralized peer to peer protocol.
this statement is so flawed, there is no such requirement in ALL public blockchains. at most you can say is this is true for private/consortium blockchains, even that is terribly flawed since even PBFT does, in theory, allow up to 1/3 disconnected peers. 

you can never build a consortium while expecting everyone will open firewalls to each other, especially for international projects. it just can't be done, period.



 


Re: solo to kafka

Artem Barger <bartem@...>
 

----- Original message -----
From: "Battaglia TLC" <antonio@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] Re: [Hyperledger Fabric] solo to kafka
Date: Tue, Nov 5, 2019 10:32 AM
 
Dear Artem,
 
Seems that migration from solo to kafka is impossible but solo to raft it's possible in v1.4. Have you some documentation about this? Can you give me some links or books?
 
Change from solo to raft permit me to have
 
Best regards.
Antonio Battaglia
 
Il 05/11/2019 09:07, Artem Barger ha scritto:
No, this is not that I've said. I told that there is no way to migrate from Solo to Kafka ordering service and there no one should use Solo for production. Changing orderer type from Solo to Kafka simply not supported, however your Solo ledger will remain as-is.
 
----- Original message -----
From: "Battaglia TLC" <antonio@...>
Sent by: fabric@...
To: Artem Barger <bartem@...>
Cc: fabric@...
Subject: [EXTERNAL] Re: [Hyperledger Fabric] solo to kafka
Date: Tue, Nov 5, 2019 8:02 AM
 
Dear Artem Barger,
 
You say me that if i change orderer i lost all the transaction in my ledger?
There is no way to mantain the transactions?
 
Thanks for your answer.
 
Antonio
 
Il 04/11/2019 23:30, Artem Barger ha scritto:
Migration from solo to kafka is not supported. Solo orderer should be used for development and testing only.
 
----- Original message -----
From: "Battaglia TLC" <antonio@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] solo to kafka
Date: Mon, Nov 4, 2019 8:45 PM
 
Hello everybody,

i want change orderer from solo to raft. I can switch off the network
but i want to mantain data in the ledger after restart with new orderer.

It's possible? I haven't found documentation.

Best regards.

Antonio





 
 

 

 

 

 


Re: solo to kafka

Battaglia TLC
 

Dear Artem,

Seems that migration from solo to kafka is impossible but solo to raft it's possible in v1.4. Have you some documentation about this? Can you give me some links or books?

Change from solo to raft permit me to have

Best regards.
Antonio Battaglia

Il 05/11/2019 09:07, Artem Barger ha scritto:

No, this is not that I've said. I told that there is no way to migrate from Solo to Kafka ordering service and there no one should use Solo for production. Changing orderer type from Solo to Kafka simply not supported, however your Solo ledger will remain as-is.
 
----- Original message -----
From: "Battaglia TLC" <antonio@...>
Sent by: fabric@...
To: Artem Barger <bartem@...>
Cc: fabric@...
Subject: [EXTERNAL] Re: [Hyperledger Fabric] solo to kafka
Date: Tue, Nov 5, 2019 8:02 AM
 
Dear Artem Barger,
 
You say me that if i change orderer i lost all the transaction in my ledger?
There is no way to mantain the transactions?
 
Thanks for your answer.
 
Antonio
 
Il 04/11/2019 23:30, Artem Barger ha scritto:
Migration from solo to kafka is not supported. Solo orderer should be used for development and testing only.
 
----- Original message -----
From: "Battaglia TLC" <antonio@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] solo to kafka
Date: Mon, Nov 4, 2019 8:45 PM
 
Hello everybody,

i want change orderer from solo to raft. I can switch off the network
but i want to mantain data in the ledger after restart with new orderer.

It's possible? I haven't found documentation.

Best regards.

Antonio





 
 

 

 



Re: solo to kafka

Artem Barger <bartem@...>
 

No, this is not that I've said. I told that there is no way to migrate from Solo to Kafka ordering service and there no one should use Solo for production. Changing orderer type from Solo to Kafka simply not supported, however your Solo ledger will remain as-is.
 

----- Original message -----
From: "Battaglia TLC" <antonio@...>
Sent by: fabric@...
To: Artem Barger <bartem@...>
Cc: fabric@...
Subject: [EXTERNAL] Re: [Hyperledger Fabric] solo to kafka
Date: Tue, Nov 5, 2019 8:02 AM
 
Dear Artem Barger,
 
You say me that if i change orderer i lost all the transaction in my ledger?
There is no way to mantain the transactions?
 
Thanks for your answer.
 
Antonio
 
Il 04/11/2019 23:30, Artem Barger ha scritto:
Migration from solo to kafka is not supported. Solo orderer should be used for development and testing only.
 
----- Original message -----
From: "Battaglia TLC" <antonio@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] solo to kafka
Date: Mon, Nov 4, 2019 8:45 PM
 
Hello everybody,

i want change orderer from solo to raft. I can switch off the network
but i want to mantain data in the ledger after restart with new orderer.

It's possible? I haven't found documentation.

Best regards.

Antonio





 
 

 

 


Re: solo to kafka

Battaglia TLC
 

Dear Artem Barger,

You say me that if i change orderer i lost all the transaction in my ledger?
There is no way to mantain the transactions?

Thanks for your answer.

Antonio

Il 04/11/2019 23:30, Artem Barger ha scritto:

Migration from solo to kafka is not supported. Solo orderer should be used for development and testing only.
 
----- Original message -----
From: "Battaglia TLC" <antonio@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] solo to kafka
Date: Mon, Nov 4, 2019 8:45 PM
 
Hello everybody,

i want change orderer from solo to raft. I can switch off the network
but i want to mantain data in the ledger after restart with new orderer.

It's possible? I haven't found documentation.

Best regards.

Antonio




 
 



Re: Alternative of cryptogen for Prod

Abhijeet Bhowmik <abhijeet@...>
 

Hey,

Thanks to all for the help. I am extremely grateful to everyone.

Abhijeet Bhowmik

On Mon, Nov 4, 2019 at 9:51 PM Joe Alewine <joe.alewine@...> wrote:
Abhijeet,
 
Certificate Authorities --- specifically, the Fabric CA --- should be used to create all of the certificates in a production scenario (it is a best practice tp stand up one CA for each organization and the organization's related identities, MSP, and nodes).
 
Consult the Fabric CA User's Guide for more information: https://hyperledger-fabric-ca.readthedocs.io/en/latest/
 
Regards,
 
Joe Alewine
IBM Blockchain, Raleigh
 
rocket chat: joe-alewine
slack: joe.alewine
 
 
 
----- Original message -----
From: "Nye Liu" <nye@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Alternative of cryptogen for Prod
Date: Sun, Nov 3, 2019 7:43 AM
 

It is described in the Operations Guide.

On 11/3/2019 1:11 AM, Abhijeet Bhowmik wrote:
Hey,
 
Just to be specific, I was referring to the certificates that we set up at peers and place public keys at orderer. From where do we obtain that folder structure (MSP and TLS)?
 
Thanks and Regards
Abhijeet Bhowmik
 
On Sun, Nov 3, 2019 at 10:44 AM Mrudav Shukla <mrudavshukla@...> wrote:
Hi Abhijeet,
 
For prod, you’ll need to generate certs from CAs. References:
Cheers,
Mrudav 
 
On Sun, 3 Nov 2019 at 10:22 AM, Abhijeet Bhowmik <abhijeet@...> wrote:
Greetings Everyone,
 
I am dwelling in the answer of the question: "If not cryptogen in Prod, then what and how?".
Right now, generating org certificates is a pretty straightforward task while getting started with HLF. But after reading the docs, the question has been thrown upon me that how can we configure certificates in Prod. I know it's a naive question to ask but being a beginner and stepping my first foot into actually hosting fabric application, I am obliged to ask the community to help me out.
 
 
Thanks and Regards
Abhijeet Bhowmik
 

4341 - 4360 of 11437