Date   

#fabric-kubernetes #fabric-questions #fabric-sdk-java Resilient fabric cluste #fabric-kubernetes #fabric-questions #fabric-sdk-java

jk@...
 

I have a simple fabric network with an orderer in solo mode and single peer connected. The network is used by two spring-boot apps, each of them using a separate channel. Both apps and fabric nodes are run in AWS and orchestrated using Kubernetes. I'd like to prepare my network for a production environment and ensure resilience of the network. I have couple of questions regarding this topic:

  1. What is the best setup for a resilient network? How many orderers and peers should I have? Are 2 orderer pods and 3 peer pods enough? Would I have to change the setup if I were running the network on bare metal?
  2. How Kafka is utilized by orders?
  3. How do I revive nodes that were off?

    • Do I need to rerun peer channel create -o REVIVED_ORDERER_HOST:PORT -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx when a dead orderer node comes back? In my case I'd have to run it twice for both channels that I have? What would happen if both orderers disappears at the same time?
    • For a peer I assume I need to rerun peer channel join -b $CHANNEL_NAME.block if a peer was offline for some time?
  4. Is there a way to automate this things, e.g. for a peer to automatically rejoin a channel after restart?

Thank you in advance!

PS. Right now I'm not using CLI container at all and my spring apps are creating or fetching the existing channel and then installing chaincode onto it if missing. The flow works correct if fabric nodes are started first and then spring apps. Also if I reboot one of the spring apps, they are still able to rejoin the network. Unfortunately a problem arises when I reboot the peer pod because a peer doesn't have channel information:

peer | 2018-12-06 11:10:44.853 UTC [protoutils] ValidateProposalMessage -> WARN 037 channel [audit]: MSP error: channel doesn't exist peer | 2018-12-06 11:10:47.524 UTC [common/deliver] Handle -> WARN 038 Error reading from 172.18.0.1:49218: rpc error: code = Canceled desc = context canceled

but the orderer has has registered previous installation of the channel so when my spring app is trying to rejoin the network the orderer logs following:

2018-11-22 19:02:48.158 UTC [orderer/common/broadcast] Handle -> WARN 9a0 [channel: audit] Rejecting broadcast of config message from 100.96.35.159:55544 because of error: error authorizing update: error validating ReadSet: readset expected key [Group] /Channel/Application at version 0, but got version 1

Is there a facility within JavSDK to automatically rejoin a channel/install chaincode? Should I even create a channel as a part of Java code or is using CLI container a more preferable way of managing fabric system?


Re: Collection ~ Private data on ledger

Laszlo Sandor
 

Hi, 
The Private Data stored in the transient DB until the Orderer validates the transaction. 
Then the private data only be stored in SideDB of a Peer. 
In the SideDB of only those Peers  who have permission to read it. 
So the transaction data is NOT committed to the ledger in a readable format for all. Only the hash of the data is committed to ledger for all on the same channel. 
Those peers who do not have permission to read the Private Data, will only see the hash. 
Those peers who have permission to read the Private Data, they will have a reference (kind of a link) to the SideDB where the actual data is stored.

Hope it helps.
Las


On Thu, Dec 6, 2018 at 10:59 PM Angie Prakash via Lists.Hyperledger.Org <angie.prakash=yahoo.com@...> wrote:
Hi team - we are planning to implement the private data collection (as we have around 25+ parties and need to make some data private to some parties) however reading through the fabric docs, seems we r bit confused :( . Would appreciate if someone can confirm.


1) Is the private data maintained only in the transient store and private state DB only and not committed to the ledger during the commit phase?  
2) If the private data not committed to ledger, then how is the history of the private data maintained?  
3) In other words 'Private data collections are only an off-chain DB solution' is NOT a correct understanding?   Because if the private data moves only between private datasource and not maintained on a ledger then I would not be able to retrieve the state changes from ledger? Being only off-chain DB solution is a concern for our design ....

Please help us with a correct understanding. 

Reference : Private data — hyperledger-fabricdocs master documentation (section Transaction flow with private data - step 5)


Regards
AP


Collection ~ Private data on ledger

Angie Prakash <angie.prakash@...>
 

Hi team - we are planning to implement the private data collection (as we have around 25+ parties and need to make some data private to some parties) however reading through the fabric docs, seems we r bit confused :( . Would appreciate if someone can confirm.


1) Is the private data maintained only in the transient store and private state DB only and not committed to the ledger during the commit phase?  
2) If the private data not committed to ledger, then how is the history of the private data maintained?  
3) In other words 'Private data collections are only an off-chain DB solution' is NOT a correct understanding?   Because if the private data moves only between private datasource and not maintained on a ledger then I would not be able to retrieve the state changes from ledger? Being only off-chain DB solution is a concern for our design ....

Please help us with a correct understanding. 

Reference : Private data — hyperledger-fabricdocs master documentation (section Transaction flow with private data - step 5)


Regards
AP


Documentation Workgroup: Agenda for Friday, 7 Dec

Anthony O'Dowd <a_o-dowd@...>
 

Hi All,

We will hold the documentation workgroup  on Friday, 7 Dec Nov.  Thanks to Joe for being an excellent host last week! We run the meeting twice during the day to make it easier for both Eastern and Western hemispheres.  See meeting times at the bottom of this note.  Sign-in details below.

We'll kick-off this week's meeting with a 1.4 close-out status update from Pam and Joe. Version 1.4 code and docs are also closing out, so we'll have a close-to-final view on the release. Our first review will be an update from Chris on the chaincode key concept topic. Isaac will then give an update on the transaction topic. We'll talk about the Developing Applications close out topics and additional topics: smart contract contexts and APIs. We'll quickly checkpoint the policy topic.

If you'd like to contribute to these or another topic, please join the call -- there are now lots of people who are keen to help you understand this material by creating a topic.

The full agenda is available for you to read here : https://drive.google.com/open?id=1Akt3HRH_8qCPLk-JIkie1bCO1_ZeA3I6
Feel free to post comments to the mailing list, so that we can include at the meeting. Or you can just come along, listen and discuss - you're always welcome!

Very best regards, Anthony.

Meeting Details
-------------
Please use the following link to attend the meeting:  https://zoom.us/j/6223336701

Zoom should work in the browser.  I will open the call 5 minutes early so that folks can test it out. I'll also monitor the RocketChat at https://chat.hyperledger.org/channel/fabric-release so that if anyone has issues, ping me there!

More Zoom connection options at the bottom of this note.

The meeting times are as follows:

Meeting 64A: Friday 7 Dec
                   1130 India Standard Time
                   1400 China Standard Time
                   1500 Japan Standard Time
                   1700 Australia Eastern Time
                   1400 Singapore Time
                   1000 Gulf Standard Time
                   0900 Moscow Standard Time
                   0600 Greenwich Mean Time
                   0700 Central European Time
   
Meeting 64B: Friday 7 Dec
              1000 Central Daylight Time
                   1100 Eastern Daylight Time
                   0800 Pacific Daylight Time
                   1200 Brasil Standard Time
                   1600 Greenwich Mean Time
                   1700 Central European Time
                   1800 Moscow Standard Time
 
More Zoom details
----------------

Join from PC, Mac, Linux, iOS or Android: https://zoom.us/j/6223336701
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: interoperability

Shan YU
 

Hi Chris,

We (Alibaba Cloud) would like to join and see what we can help with. Thanks!

Shan
Alibaba Cloud Blockchain


Deconstruct GetCreator return value

Attila Klenik <klenik@...>
 

Hi All,

 

For golang chaincodes there is the CID lib to process the signing identity and check cert-related stuff. Is there a similar approach for Node.js and Java chaincodes? Or is there any workaround for checking the common name or some attributes in the cert? Or what is the prefered way to implement function-level authorization for user chaincodes?  

 

Regards,

Attila Klenik

PhD Student @ Fault Tolerant Systems Research Group,

Department of Measurement and Information Systems,

Faculty of Electrical Engineering and Informatics,

Budapest University of Technology and Economics

 

E-mail: klenik@...

 


Re: Error while deploying the HL Fabric application on multiple host using Docker swarm

Jonathan C.
 

Are you using TLS ? Which command did you use to join the channel ?

Télécharger Outlook pour Android


From: fabric@... <fabric@...> on behalf of Abiram <Abiram@...>
Sent: Tuesday, December 4, 2018 7:54:02 AM
To: hyperledger-fabric@...
Subject: [Hyperledger Fabric] Error while deploying the HL Fabric application on multiple host using Docker swarm
 

Hi Team,

 

I am trying to set up a Docker swarm multiple organization setup on the Amazon AWS using the EC2 instances of Ubuntu Linux.

 

Scenario:

 

1.       3 Organisation (1 Peer per Organization) 

2.       1 Orderer (For Testing Purpose we are just using the 1 Orderer ) [ Orderer is setup on org2 machine on different port ]

3.       Kafka- Zookeeper (Ordering Consensus) [ Kafka- Zookeeper is setup on org2 machine on different port ]

4.       Single Channel

5.       Hyperledger Fabric version 1.1

6.       All the ports which are getting used were added in the inbound rule.

 

 

Steps which I did

 

Three EC2 Instances name  : 

1.       org1

2.       org2

3.       org3

 

1.       All the instances hostname has been changed to org1,  org2 and org3.

2.       The sudo docker swarm leave to make all the host machine leave any swarm network.

3.       Running the command to create a docker swarm on org2

sudo docker swarm init --advertise-addr=Org2PublicIPAddress

Swarm initialized: current node (lz8kcscmhc7cwx45cdp5qn70u) is now a manager.

 

To add a worker to this swarm, run the following command:

 

    sudo docker swarm join --token SWMTKN-1-1t55bquusnhgjdbsovdvexasxrj6c9xrd59r42xr25d3ci7cmf-0kaof39gxnqru9nc9fns8xvpj Org2PublicIPAddress:2377

 

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

 

 

4.       Then running the “ sudo docker swarm join ” commands from the token generated above on “Org1” and “Org3”.

5.       Confirming that the  docker swarm is running and Org2 is working as “Leader” and “Org1” and “Org3” are working as “Worker”.

6.       Creating the overlay network using the below command with the name as “demo-fabric”.

docker network create --driver=overlay --attachable demo-fabric

7.        After this I was able to verify that the network has been created using   “docker network inspect demo-fabric ”.

8.        After creating the network , I created the configuration files for the Kafka , Zookeeper , Orderer and the three organization, which I have attached in the attachments.

9.       As Org2 was working as a “Manager” node , so after generating the crypto for the network copying all the crypto certificates to all the organisation is the network in the same location.

10.   Also on the “Manager” node , using the docker stack deploy command to bring up the container required for the Blockchain network, for which I have listed the commands in the command.txt in the attachments.

11.    After running the docker stack deploy commands all the container get starts and we verified it by running docker ps –a on all the host machines.

12.   After creating the channel “demochannel” , which we were able to create. We were able to join the org2 peer0 to the demochannel .

13.   But when we tried to make the peer0 of org1 join the channel after setting the environment variables of peer0 of org1 but got the error :

                  

DEBU 002 Obtaining default signing identity

Error: failed to create deliver client: orderer client failed to connect to orderer.demo.com:7050: failed to create new connection: context deadline exceeded

2018-12-03 07:34:26.045 UTC [grpc] Printf -> DEBU 003 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: Error while dialing dial tcp 10.0.0.19:7050: operation was canceled"; Reconnecting to {orderer.demo.com:7050 <nil>} 

        

      To cross check,  we were able to ping the two other host machine successfully.  

 

Can you please look into this issue and if you want any other information please let me know.

 

 

Thanks and Regards,

Abiram Kumar

 

 


Failed to connect before the deadline URL:grpcs://localhost:7013

Siddharth Jain
 

Hi All,

we are running a modified version of balance-transfer app and when we execute below code
let results = await channel.sendTransactionProposal(request);
in invoke-transaction.js we get following error for all our peers:
Failed to connect before the deadline URL:grpcs://localhost:<port>

we checked the logs of our peers using cat log | grep "ERRO" and can't see any error. we ran docker ps and can see the container is live and port is correct.


Could anyone help us debug this? thanks


problem creating channel client

Marcos Sarres
 

Hello,

 

I'm having issues in SDK-Go when creating Channel Client.

 

Currently my channel config in the config.yaml file is:

 

channels:

  mainchannel:

    peers:

      peer0.pmsp.gov.br:

        endorsingPeer: true

        chaincodeQuery: true

        ledgerQuery: true

        eventSource: true

 

And my organization config:

 

organizations:

  pmsp:

    mspid: pmspMSP

    cryptoPath: /crypto/users/admin@.../msp

    peers:

      - peer0.pmsp.gov.br

    users:

      admin:

        cert:

          path: /crypto/users/admin@.../msp/signcerts/cert.pem

    certificateAuthorities:

      - ca.pmsp.gov.br

    tlsCACerts:

      path: /crypto/msp/cacert.pem

 

When creating channel client with this section of code:

 

    channelContext := t.Sdk.ChannelContext("mainchannel", fabsdk.WithUser("admin"), fabsdk.WithOrg("pmsp"))

    channelClient, err := channel.New(channelContext)

 

the SDK says:

 

event service creation failed: could not get chConfig cache reference:

    QueryBlockConfig failed: queryChaincode failed: Transaction processing

    for endorser [18.188.121.217:7051]: Endorser Client Status Code: (2)

    CONNECTION_FAILED. Description: dialing connection timed out [18.188.121.217:7051]

[fabsdk/util] 2018/12/05 17:34:00 UTC - lazyref.(*Reference).refreshValue ->

    WARN Error - initializer returned error: QueryBlockConfig failed:

    queryChaincode failed: Transaction processing for endorser [18.188.121.217:7051]:

    Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection

    timed out [18.188.121.217:7051]. Will retry again later

 

And the peer says:

 

2018-12-05 18:52:35.541 UTC [core/comm] ServerHandshake -> ERRO 110 TLS handshake failed with error remote error:

    tls: bad certificate {"server": "PeerServer", "remote address": "18.188.121.217:48690"}

2018-12-05 18:52:35.541 UTC [grpc] handleRawConn -> DEBU 111 grpc: Server.Serve failed

    to complete security handshake from "18.188.121.217:48690": remote error: tls: bad certificate

 

What am I doing wrong? The TLS certificate paths are correct and client-side TLS on the peer is disabled.

 

Best regards,

 

Marcos Sarres | CEO | +55 61 98116 7866

 


Re: JIRA Account

Tessler, Micah (M.B.) <mtessler@...>
 

OK, thanks Tracy.

I logged in with my linux foundation ID.

Is it appropriate to start asking questions in the JIRA comments?  Or are there other protocols and processes in place?

 

 

Regarding the linux foundation username.

It’s a little tricky to find if you don’t know it.  I used the forgot my password link, and the email for the forgotten password had my username in it.

I’m not sure if it could be added to this screen:

https://identity.linuxfoundation.org/user

 

 

Micah Tessler
AIR TS Senior Architect
Ford Credit  Architecture Innovation & Research

(313) 322-4267

mtessler@...

 

From: Tracy Kuhrt <tkuhrt@...>
Sent: Wednesday, December 05, 2018 11:59 AM
To: Tessler, Micah (M.B.) <mtessler@...>
Cc: hyperledger-fabric <hyperledger-fabric@...>
Subject: Re: [Hyperledger Fabric] JIRA Account

 

Hi, Micah.

 

I can help answer your question on gaining access to Jira. First, you will need to obtain a Linux Foundation Identity at https://identity.linuxfoundation.org. Please see this video for steps on setting this up, as it has good hints if you want to use a social identity for doing so. Once you have obtained your Linux Foundation Identity, you will use the username and password to log into Jira. Please note that it is your username that you will use there, not your email address. Please let me know if you have any questions.

 

----
Tracy Kuhrt
Community Architect, Hyperledger
The Linux Foundation
tkuhrt@...

Hyperledger Chat: @tkuhrt

 

 

On Wed, Dec 5, 2018 at 9:54 AM Tessler, Micah (M.B.) <mtessler@...> wrote:

Hi, I am interested in getting more background & commenting on issue #FAB-7406

I could not find instructions for getting a JIRA Account.

 

I am trying to figure out how to run Hyperledger Fabric in Container as a Service (CAAS)

I have tried both in OpenShift and Azure.

In both cases, docker.sock access is blocked.

Furthermore, I cannot run priviledged containers, so I can't use Docker in Docker.

I'd like to try a modification where the code that calls docker.sock to spin up a new container, instead calls into either Azure or Openshift REST APIs to spin up the new container.

FAB-7406 looks like work is already happening in this space, so I want to find how I can help.

 

Thanks,

  -Micah Tessler

 

Micah Tessler 

mtessler@...
Senior Architect / Technical Specialist
Ford Credit  Architecture Innovation & Research

(313) 322-4267

 

  


Re: JIRA Account

Tracy Kuhrt <tkuhrt@...>
 

Hi, Micah.

I can help answer your question on gaining access to Jira. First, you will need to obtain a Linux Foundation Identity at https://identity.linuxfoundation.org. Please see this video for steps on setting this up, as it has good hints if you want to use a social identity for doing so. Once you have obtained your Linux Foundation Identity, you will use the username and password to log into Jira. Please note that it is your username that you will use there, not your email address. Please let me know if you have any questions.

----
Tracy Kuhrt
Community Architect, Hyperledger
The Linux Foundation
tkuhrt@...
Hyperledger Chat: @tkuhrt


On Wed, Dec 5, 2018 at 9:54 AM Tessler, Micah (M.B.) <mtessler@...> wrote:

Hi, I am interested in getting more background & commenting on issue #FAB-7406

I could not find instructions for getting a JIRA Account.


I am trying to figure out how to run Hyperledger Fabric in Container as a Service (CAAS)

I have tried both in OpenShift and Azure.

In both cases, docker.sock access is blocked.

Furthermore, I cannot run priviledged containers, so I can't use Docker in Docker.

I'd like to try a modification where the code that calls docker.sock to spin up a new container, instead calls into either Azure or Openshift REST APIs to spin up the new container.

FAB-7406 looks like work is already happening in this space, so I want to find how I can help.


Thanks,

  -Micah Tessler


Micah Tessler 
mtessler@...
Senior Architect / Technical Specialist
Ford Credit  Architecture Innovation & Research
(313) 322-4267

  


JIRA Account

Tessler, Micah (M.B.) <mtessler@...>
 

Hi, I am interested in getting more background & commenting on issue #FAB-7406

I could not find instructions for getting a JIRA Account.


I am trying to figure out how to run Hyperledger Fabric in Container as a Service (CAAS)

I have tried both in OpenShift and Azure.

In both cases, docker.sock access is blocked.

Furthermore, I cannot run priviledged containers, so I can't use Docker in Docker.

I'd like to try a modification where the code that calls docker.sock to spin up a new container, instead calls into either Azure or Openshift REST APIs to spin up the new container.

FAB-7406 looks like work is already happening in this space, so I want to find how I can help.


Thanks,

  -Micah Tessler


Micah Tessler 
mtessler@...
Senior Architect / Technical Specialist
Ford Credit  Architecture Innovation & Research
(313) 322-4267

  


Question about Certified Hyperledger Fabric Administrator

5n31k <unaiwebak@...>
 

Hi,

Im studying for the Certified Hyperledger Fabric Administrator exam.

In the Install and Configure Network, there is a part called Define initial multi-org configuration policy. Where can I find info about that?

Thanks,
Unai


Re: couchDB Query and Indexing

Vigneswaran R
 

Hi Varun,

Please see whether the following helps you to get the name of the store which is having marbles of specific color.

{
    "selector": {
        "marbles": {
            "$elemMatch": {
                "color": "red"
            }
        }
    },
    "fields": ["storename"]
}

ref: https://medium.com/wearetheledger/hyperledger-fabric-couchdb-fantastic-queries-and-where-to-find-them-f8a3aecef767

regards,
vignesh


On 12/04/2018 05:04 PM, Varun Verma wrote:
"External email. Open with Caution"
HI All,

type marble struct { 
  Name       string   `json:"name"`
  Color      string   `json:"color"`
  Size       int      `json:"size"` 
  Owner      string   `json:"owner"`
}
type marbleStore struct { 
  ObjectType string   `json:"docType"` 
  Storename  string   `json:"storename"`
  Ownername  string   `json:"ownername"`
  Owner      owner   `json:"owner"`
  Employees  int      `json:"employees"`
  Marbles    []marble `json:"marbles"`
}


Can any one please help me with this? If i want to Query storename on basis of Color so what should be my query and indexing.

=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you


Fabric Continuous Integration (CI) Meeting - December 5th 10am US Eastern

David Enyeart
 

Meeting: Hyperledger Fabric Continuous Integration (CI) Overview and Pipeline changes
Date: Wednesday, December 5th 10am US Eastern / 15:00 UTC

Learn about Hyperledger Fabric CI and recent improvements.

https://zoom.us/my/hyperledger.community.3
or
https://zoom.us/j/5184947650

For full playback schedule see:
https://wiki.hyperledger.org/projects/fabric/playbacks



Re: How does HyperLedger / Fabric enforce an orderer not to inspect transaction content?

Baohua Yang
 

The feature private data since v1.1.0 may help in this type of privacy protection.


On Wed, Dec 5, 2018 at 1:11 AM Laszlo Sandor <laszlo@...> wrote:
Adding to Ale’s note, organizations who are concerned with sharing transaction data privacy, could setup and use their own orderer server.
> On Dec 4, 2018, at 04:02, Alessandro Sorniotti <ale.linux@...> wrote:
>
> The short answer is that there is no security control enabled by default that ensures that ordering nodes do not inspect the content of transactions they order.
>
> As part of your risk assessment you'll have to evaluate whether this is a problem or not. If it's a problem you can use private data collections to hide ledger updates, make use of the transient field to hide chaincode arguments, idemix to hide the creator of transactions and privacy preserving endorsements (not yet available, we're working on it) to hide who your endorsers are.
>
> Thanks,
> Ale
>
>> On Mon, 3 Dec 2018, at 5:06 AM, Yongrae Jo wrote:
>> Hello all,
>> From the official document of Hyperledger / Fabric, I recognized that an
>> orderer doesn't look at transaction content by design.
>> But how to enforce orderer's incapability to inspect each transaction?
>> Does the client encrypt transactions? If it is, then peers need to share
>> the encryption key with the client because peers definitely need to inspect
>> the content due to validation phase. But I can't find any key agreement
>> protocols between client and peer in the spec.
>>
>> I would really appreciate it if anyone could explain this.
>>
>>
>>
>
>
>





--
Best wishes!

Baohua Yang


Error while deploying the HL Fabric application on multiple host using Docker swarm

Abiram <Abiram@...>
 

Hi Team,

 

I am trying to set up a Docker swarm multiple organization setup on the Amazon AWS using the EC2 instances of Ubuntu Linux.

 

Scenario:

 

1.       3 Organisation (1 Peer per Organization) 

2.       1 Orderer (For Testing Purpose we are just using the 1 Orderer ) [ Orderer is setup on org2 machine on different port ]

3.       Kafka- Zookeeper (Ordering Consensus) [ Kafka- Zookeeper is setup on org2 machine on different port ]

4.       Single Channel

5.       Hyperledger Fabric version 1.1

6.       All the ports which are getting used were added in the inbound rule.

 

 

Steps which I did

 

Three EC2 Instances name  : 

1.       org1

2.       org2

3.       org3

 

1.       All the instances hostname has been changed to org1,  org2 and org3.

2.       The sudo docker swarm leave to make all the host machine leave any swarm network.

3.       Running the command to create a docker swarm on org2

sudo docker swarm init --advertise-addr=Org2PublicIPAddress

Swarm initialized: current node (lz8kcscmhc7cwx45cdp5qn70u) is now a manager.

 

To add a worker to this swarm, run the following command:

 

    sudo docker swarm join --token SWMTKN-1-1t55bquusnhgjdbsovdvexasxrj6c9xrd59r42xr25d3ci7cmf-0kaof39gxnqru9nc9fns8xvpj Org2PublicIPAddress:2377

 

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

 

 

4.       Then running the “ sudo docker swarm join ” commands from the token generated above on “Org1” and “Org3”.

5.       Confirming that the  docker swarm is running and Org2 is working as “Leader” and “Org1” and “Org3” are working as “Worker”.

6.       Creating the overlay network using the below command with the name as “demo-fabric”.

docker network create --driver=overlay --attachable demo-fabric

7.        After this I was able to verify that the network has been created using   “docker network inspect demo-fabric ”.

8.        After creating the network , I created the configuration files for the Kafka , Zookeeper , Orderer and the three organization, which I have attached in the attachments.

9.       As Org2 was working as a “Manager” node , so after generating the crypto for the network copying all the crypto certificates to all the organisation is the network in the same location.

10.   Also on the “Manager” node , using the docker stack deploy command to bring up the container required for the Blockchain network, for which I have listed the commands in the command.txt in the attachments.

11.    After running the docker stack deploy commands all the container get starts and we verified it by running docker ps –a on all the host machines.

12.   After creating the channel “demochannel” , which we were able to create. We were able to join the org2 peer0 to the demochannel .

13.   But when we tried to make the peer0 of org1 join the channel after setting the environment variables of peer0 of org1 but got the error :

                  

DEBU 002 Obtaining default signing identity

Error: failed to create deliver client: orderer client failed to connect to orderer.demo.com:7050: failed to create new connection: context deadline exceeded

2018-12-03 07:34:26.045 UTC [grpc] Printf -> DEBU 003 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: Error while dialing dial tcp 10.0.0.19:7050: operation was canceled"; Reconnecting to {orderer.demo.com:7050 <nil>} 

        

      To cross check,  we were able to ping the two other host machine successfully.  

 

Can you please look into this issue and if you want any other information please let me know.

 

 

Thanks and Regards,

Abiram Kumar

 

 


Re: How does HyperLedger / Fabric enforce an orderer not to inspect transaction content?

Laszlo Sandor
 

Adding to Ale’s note, organizations who are concerned with sharing transaction data privacy, could setup and use their own orderer server.

On Dec 4, 2018, at 04:02, Alessandro Sorniotti <ale.linux@...> wrote:

The short answer is that there is no security control enabled by default that ensures that ordering nodes do not inspect the content of transactions they order.

As part of your risk assessment you'll have to evaluate whether this is a problem or not. If it's a problem you can use private data collections to hide ledger updates, make use of the transient field to hide chaincode arguments, idemix to hide the creator of transactions and privacy preserving endorsements (not yet available, we're working on it) to hide who your endorsers are.

Thanks,
Ale

On Mon, 3 Dec 2018, at 5:06 AM, Yongrae Jo wrote:
Hello all,
From the official document of Hyperledger / Fabric, I recognized that an
orderer doesn't look at transaction content by design.
But how to enforce orderer's incapability to inspect each transaction?
Does the client encrypt transactions? If it is, then peers need to share
the encryption key with the client because peers definitely need to inspect
the content due to validation phase. But I can't find any key agreement
protocols between client and peer in the spec.

I would really appreciate it if anyone could explain this.




Re: User chaincode ACL to control access to user defined chaincode functions #fabric

Srinivasan Muralidharan
 

Hi Vipin,

1. I'm not aware of metrics for this. However, I expect the impact of "size increase" of chaincode to be minimal in the post 0.6 model where the chaincode is not stored on the ledger. 
2. I assume that you are speaking of user functions or finer grained control in the actual system chaincode functions. 
Right, SCCs and other user defined code such as plugins (thinkibg of https://github.com/hyperledger/fabric/blob/release-1.3/sampleconfig/core.yaml#L365) should be able to use this to implement ACL for user chaincodes as well.
3. Will have to think a bit about this (would depend upon the organizations of MSPs in this larger scenario I think). But to your point, worth thinking about upfront as to what out-of-the-box capabilities can be used to secure.

Looking forward to meeting you as well!
Murali


On Mon, Dec 3, 2018 at 4:43 PM vipin bharathan <vipinsun@...> wrote:
Hi Murali,

I have a couple of questions prompted by your statement
"One thing to note, the resource ACL system is not confined to the predefined resource list and policies in sampleconfig. We can add our own resource strings and use them in any pluggable code (such as system chaincode plugin). So in that sense these should be extensible (you should be able to write a custom "ACL" system chaincode plugin which other user chaincodes can access to do access control."
  
1. Thanakrit Lee noted that adding support through the CID library adds to the size of Chaincode. Are there any metrics for this? i.e. observed slowdown or size increases.
2. How would the fine-grained control work? We know that the ACL through the config controls  lscc, qscc, cscc- mostly for Reader type functions, also  for a couple of Writer functions, this is by controlling access to the actual system chaincode functions listed. I assume that you are speaking of user functions or finer grained control in the actual system chaincode functions. What would be examples of this finer grained control?
3. For Interoperability between Fabric Channels or Fabric Networks that Chris Ferris is setting up. I assume that the mechanism would be similar to these policies, by allowing chaincodetochaincode invocations or using some kind of bridging technology by having readers on one and writers on another and vice versa.

Thanks and looking forward to meeting you at Basel,
Vipin 


--
Thanks,
Murali
"Practice is a means of inviting the perfection desired." - Martha Graham
“We ran and ran. We were exhausted, but we kept running.” - Homare Sawa after winning 2011 Women's Soccer world cup


couchDB Query and Indexing

Varun Verma
 

HI All,

type marble struct { 
Name string `json:"name"`
Color string `json:"color"`
Size int `json:"size"`
Owner string `json:"owner"`
}
type marbleStore struct { 
ObjectType string `json:"docType"`
Storename string `json:"storename"`
Ownername string `json:"ownername"`
Owner owner `json:"owner"`
Employees int `json:"employees"`
Marbles []marble `json:"marbles"`
}


Can any one please help me with this? If i want to Query storename on basis of Color so what should be my query and indexing.