|
Re: Working flow of passport-jwt for Authentication Rest Apis.
PM <hyperledger@...>
The "balance transfer" example demonstrate use of JSON webtoken, you can download the samples from http://hyperledger-fabric.readthedocs.io/en/release-1.1/samples.html
On Wed, 2018-05-16 at 14:26 +0530, Bhavesh Patadiya wrote:
|
||||||||||
|
|
||||||||||
|
Re: One suggestion to the fuction named createLedgerID
Manish
To correct my previous reply - Dave reminded me of what we wanted to achieve here and the purpose of passing the block in this function at the first place. So, this is a bug and thanks Dave for opening the Jira for this - https://jira.hyperledger.org/browse/FAB-10141
On Wed, May 16, 2018 at 1:00 PM, Manish <manish.sethi@...> wrote:
|
||||||||||
|
|
||||||||||
|
Re: multiple channels versus multiple networks?
Kim Letkeman <kletkema@...>
Some thoughts ...
 "rpjday@..." ---05/16/2018 05:40:32 AM--- recently, i asked if there was any rationale for, rather than creating another channel within an eFrom: "rpjday@..." <rpjday@...> To: Christopher Ferris <chris.ferris@...> Cc: Hyperledger Fabric discussion list <hyperledger-fabric@...> Date: 05/16/2018 05:40 AM Subject: Re: [Hyperledger Fabric] multiple channels versus multiple networks? Sent by: fabric@... recently, i asked if there was any rationale for, rather than creating another channel within an existing fabric network, just creating an entirely new network, whereupon christopher ferris replied:
On Sun, 13 May 2018, Christopher Ferris wrote: > "is there some general rule of thumb that advises when it's > appropriate to create multiple channels within a single network, and > when it's appropriate to simply create entirely distinct fabric > networks?" > > no. unless the set of members is disjoint and it were unlikely that > membership would ever be overlapping, there would be no reason that > one should go to that extreme. > > Chris is this explained somewhere in the docs? more to the point, is it something that should be immediately obvious to the fabric developer? i know this might sound like reaching, but if you took this position to its logical extreme, then the entire planet would need only one network, with a gazillion different channels, which is obviously absurd. rday
|
||||||||||
|
|
||||||||||
|
One suggestion to the fuction named createLedgerID
Manish
Somehow, hit the ‘reply’ instead of reply all... ---------- Forwarded message ---------- From: Manish Sethi <manish.sethi@...> Date: Wed, May 16, 2018 at 11:56 AM Subject: Re: [Hyperledger Fabric] One suggestion to the fuction named createLedgerID To: wangzp <wangzhipengxlj@...> Yes, it can be be dropped. As you see that this parameter is not used in this function as such. Thanks, Manish
On Wed, May 16, 2018 at 11:37 AM, wangzp <wangzhipengxlj@...> wrote:
|
||||||||||
|
|
||||||||||
|
Re: Some questions about the orderer service
Jason Yellick <jyellick@...>
I start the container, and enter the docker container of cli with the bash. Run the command:Only users from the orderer organization is authorized to read from the orderer system channel. Be sure that you have configured your CORE_PEER_LOCALMSPID to be "OrdererOrg" and CORE_PEER_MSPCONFIGPATH to point to the msp path of a user of the orderer organization. So, I don't konw how to solve this problem and implement the issues mentioned in the previous email, Can you tell me how to do this? or where to config the authority of org to add the other orgs into consortium defined in the cofigtx.yaml or other place?In general, only an admin of the ordering organization may add or remove members of a consortium. So, you may fetch the orderer system channel config as the orderer admin, then modify it to include your new organization definitions into the consortium, then sign and submit the config update as the orderer admin. Thanks, ~Jason
|
||||||||||
|
|
||||||||||
|
Re: Keeping Peer-Orderer connection alive
Yacov
any chance of also getting a tcpdump log
on both ends (peer and orderer) ? :)
toggle quoted messageShow quoted text
From: "Yash" <yashgt@...> To: Gari Singh <garis@...> Cc: hyperledger-fabric <hyperledger-fabric@...> Date: 16/05/2018 03:51 PM Subject: Re: [Hyperledger Fabric] Keeping Peer-Orderer connection alive Sent by: fabric@... Hi Gari, I have attached the log that shows messages from the deliveryClient module in peer. It shows that after every 15 min, the connection is terminated by the Peer and a reattempt is made. This indicates that the keepalives did not make it to the Orderer and hence the Peer decided to close the connection. The new connection lasts for another 15 min and if there is no activity from the Orderer to the Peer, after 10 such connections, the Peer stops attempting. To reproduce the issue, you can leave a channel without activity for about 3 hours and make a transaction on the channel from another peer. Observe that the first Peer does not get the update. I am attaching the nghttpx configuration. This is on Fabric 1.0.6.
On Wed, May 16, 2018 at 2:55 PM, Gari Singh <garis@...> wrote: Hi Yash - gRPC keepalives should work with nghttpx (we've used it in the past as a reverse proxy as well). Can you share your settings (keep alive settings for the peer as well as the various timeouts for front/back for nghttpx) as well as any logs which show the keepalives not going through? As an aside, if you are not wed to nghttpx, you might also want to try Envoy as well (https://www.envoyproxy.io/) as it seems to be gaining traction as a gRPC proxy. -- G ----------------------------------------- Gari Singh Distinguished Engineer, CTO - IBM Blockchain IBM Middleware 550 King St Littleton, MA 01460 Cell: 978-846-7499 garis@... ----------------------------------------- -----fabric@...wrote: ----- To: hyperledger-fabric <hyperledger-fabric@...> From: "Yash" Sent by: fabric@... Date: 05/16/2018 04:57AM Subject: [Hyperledger Fabric] Keeping Peer-Orderer connection alive Hi, The Peer to Orderer connection needs to be kept alive so that whenever there are new transactions, the orderer can send them to the peer for committing. The Peer already uses a TCP keepAlive to maintain this connection. In our case, the orderer is behind a reverse proxy call nghttpx. This reverse proxy does not seem to forward the keepAlives to the orderer. Due to this, the connection between peer and orderer is lost after some time and new transactions do not reach the peer for committing. Is there a way we can get Peer to periodically send a message to the orderer so that the connection is kept alive at the application level? Thanks, Yash
|
||||||||||
|
|
||||||||||
|
Re: Keeping Peer-Orderer connection alive
Yash <yashgt@...>
Hi Gari, I have attached the log that shows messages from the deliveryClient module in peer. It shows that after every 15 min, the connection is terminated by the Peer and a reattempt is made. This indicates that the keepalives did not make it to the Orderer and hence the Peer decided to close the connection. The new connection lasts for another 15 min and if there is no activity from the Orderer to the Peer, after 10 such connections, the Peer stops attempting. To reproduce the issue, you can leave a channel without activity for about 3 hours and make a transaction on the channel from another peer. Observe that the first Peer does not get the update. I am attaching the nghttpx configuration. This is on Fabric 1.0.6.
On Wed, May 16, 2018 at 2:55 PM, Gari Singh <garis@...> wrote: Hi Yash -
|
||||||||||
|
|
||||||||||
|
Re: multiple channels versus multiple networks?
rpjday@crashcourse.ca <rpjday@...>
recently, i asked if there was any rationale for, rather than
creating another channel within an existing fabric network, just creating an entirely new network, whereupon christopher ferris replied: On Sun, 13 May 2018, Christopher Ferris wrote: "is there some general rule of thumb that advises when it'sis this explained somewhere in the docs? more to the point, is it something that should be immediately obvious to the fabric developer? i know this might sound like reaching, but if you took this position to its logical extreme, then the entire planet would need only one network, with a gazillion different channels, which is obviously absurd. rday
|
||||||||||
|
|
||||||||||
|
Re: Keeping Peer-Orderer connection alive
Gari Singh <garis@...>
Hi Yash -
gRPC keepalives should work with nghttpx (we've used it in the past as a reverse proxy as well). Can you share your settings (keep alive settings for the peer as well as the various timeouts for front/back for nghttpx) as well as any logs which show the keepalives not going through? As an aside, if you are not wed to nghttpx, you might also want to try Envoy as well (https://www.envoyproxy.io/) as it seems to be gaining traction as a gRPC proxy. -- G ----------------------------------------- Gari Singh Distinguished Engineer, CTO - IBM Blockchain IBM Middleware 550 King St Littleton, MA 01460 Cell: 978-846-7499 garis@... ----------------------------------------- -----fabric@... wrote: ----- To: hyperledger-fabric <hyperledger-fabric@...> From: "Yash" Sent by: fabric@... Date: 05/16/2018 04:57AM Subject: [Hyperledger Fabric] Keeping Peer-Orderer connection alive Hi, The Peer to Orderer connection needs to be kept alive so that whenever there are new transactions, the orderer can send them to the peer for committing. The Peer already uses a TCP keepAlive to maintain this connection. In our case, the orderer is behind a reverse proxy call nghttpx. This reverse proxy does not seem to forward the keepAlives to the orderer. Due to this, the connection between peer and orderer is lost after some time and new transactions do not reach the peer for committing. Is there a way we can get Peer to periodically send a message to the orderer so that the connection is kept alive at the application level? Thanks, Yash
|
||||||||||
|
|
||||||||||
|
Working flow of passport-jwt for Authentication Rest Apis.
Bhavesh Patadiya
Hello Guys, I want to use passport-jwt as part of authentication for composer rest api. I followed https://github.com/hyperledger/composer/issues/2038#issuecomment-340540726 and do the same thing mentioned there. However, I typically do not have any idea about what to do next. Can anyone help me with below questions? Question 1. For fetching the access token, I called the localhost:3030/auth/jwt but every time getting Unauthorized as the output.(Screenshot attached) what am I doing wrong here? Question 2. I also want to understand how the front end will going to interact with this authentication flow. For accessing rest endpoints, the user will require an access token and for that front end have to pass any unique component(userid or username or anything else?) to the authentication URL so that passport-jwt return accesstoken according to that. How should this be integrated? Question 3. I was wondering if I can use any other passport strategy other than JWT? Note that I do not want the end user to login into some specific social site(google/facebook/twitter/Github) just to get the access token for rest endpoints. I want to have something which can work like passport-JWT. --
|
||||||||||
|
|
||||||||||
|
Keeping Peer-Orderer connection alive
Yash <yashgt@...>
Hi, The Peer to Orderer connection needs to be kept alive so that whenever there are new transactions, the orderer can send them to the peer for committing. The Peer already uses a TCP keepAlive to maintain this connection. In our case, the orderer is behind a reverse proxy call nghttpx. This reverse proxy does not seem to forward the keepAlives to the orderer. Due to this, the connection between peer and orderer is lost after some time and new transactions do not reach the peer for committing. Is there a way we can get Peer to periodically send a message to the orderer so that the connection is kept alive at the application level? Thanks, Yash
|
||||||||||
|
|
||||||||||
|
One suggestion to the fuction named createLedgerID
??? <wangzhipengxlj@...>
func (s *idStore) createLedgerID(ledgerID string, gb *common.Block) error { key := s.encodeLedgerKey(ledgerID) var val []byte var err error if val, err = proto.Marshal(gb); err != nil { return err } if val, err = s.db.Get(key); err != nil { return err } if val != nil { return ErrLedgerIDExists } batch := &leveldb.Batch{} batch.Put(key, val) batch.Delete(underConstructionLedgerKey) return s.db.WriteBatch(batch, true) } func (s *idStore) ledgerIDExists(ledgerID string) (bool, error) { key := s.encodeLedgerKey(ledgerID) val := []byte{} err := error(nil) if val, err = s.db.Get(key); err != nil { return false, err } return val != nil, nil } Two functions in ` core/ledger/kvledger/kv_ledger_provider.go` in version v1.10;In ` createLedgerID()`, put `nil` value with the key of `ledgerID` into the `ledgerProviderDB` . Why not put the genesis block into the `ledgerProviderDB` ? When a crash occurs, the ledger can still be generated with the genesis block after restart.
|
||||||||||
|
|
||||||||||
|
Re: the difference of kafka and sbft
qs meng <qsmeng@...>
Hi Baohua, thank you for the link. Maybe, kafka is good at detecting crash failure while bft is good at detecting malicous failure. best regards, qs meng
|
||||||||||
|
|
||||||||||
|
Unable to create Hyperledger Fabric on Multiple VM's
#fabric
Hello team,
I am trying to create a Hyperledger fabric environment with Multiple organizations across multiple VM's. I took hyperledger/fabric-sample/first-network as reference and separated organization1 and organization2 into different files which worked fine on single VM. Now, I am trying to use the same files on different machines and trying to establish communication. i was able to resolve the communication but, I am getting the following error when trying to fetch the peer channel transport: http2Client.notifyError got notified that the client transport was broken unexpected EOF.* *Error: Error receiving: rpc error: code = Unavailable desc = transport is closing. If I disable TLS then fetching channel configuration is going smooth. But, getting issue in peers stating that authentication failure on peer0.org2.example.com. I copied all my certificated from VM1 to VM2. But, I am not sure what exactly is causing this TLS issue. Any help is really appreciated.
|
||||||||||
|
|
||||||||||
|
Re: defining peer for multiple orgs
Sunil Suseelan <sunil.suseelan@...>
Hello Vineet,
Thanks a lot for the reply, but is it mandatory to give 7051 as listen port for peer and if yes then why. Because if I try using any port apart from 7051 I can’t connect to that peer.
Regards, Sunil Suseelan
From: Vineet Timble
Sent: Tuesday, May 15, 2018 11:39 AM To: Sunil Suseelan <sunil.suseelan@...>; hyperledger-fabric@... Subject: RE: [Hyperledger Fabric] defining peer for multiple orgs
Sunil,
Answers below… Hope this helps.
Vineet From: Sunil Suseelan
Hello All,
As I was referring to Hyperledger Build your First network sample I have some queries against the docker compose yaml file
Ø Why do all the peer’s of different Organization have configured with 7051, wont every peer listen on different port. 7051 is port of docker container. Each docker container (i.e. each peer) has separate IP address and hence they all can have same standard port number on which they can run particular service. Ø What we should specify for “CORE_PEER_GOSSIP_BOOTSTRAP” is we only have one peer for an Organization Yakov already answered that this configuration is not required if there is only 1 peer in org Ø Why we give two line entries for Ports when it comes to peer type node/container This line maps docker container ports to host machine’s port. So you would map all ports of docker containers which you want to be visible from outside of the host machine. Here core peer address 7051 and event address 7053 are mapped to physical host’s 9051 and 9053 respectively. Here if all peers of particular org are running on same physical host, each of 7051 port of docker container port will map to different port on physical machine. You can check https://docs.docker.com/compose/compose-file/#ports
environment: - CORE_PEER_ID=peer0.org2.example.com - CORE_PEER_ADDRESS=peer0.org2.example.com:7051 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:7051 - CORE_PEER_LOCALMSPID=Org2MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls - peer0.org2.example.com:/var/hyperledger/production ports: - 9051:7051 - 9053:7053
Please guide me.
Phone: +918898549399
|
||||||||||
|
|
||||||||||
|
Java Chaincode
jonas.schiffl@...
Hi,
I am somewhat confused as to the state of Java Chaincode. Is there any way to write Java Smart Contracts at the moment? Or is Java currently disabled? Thanks, js
|
||||||||||
|
|
||||||||||
|
Re: Load Testing
Barry
Hi Dmitriy, thanks for the link to StackOverflow. @AdnanC is doing couchDB scalability and performance work and does see similar symptoms. He communicates on the fabric-quality channel..
Thanks, Barry Mosakowski
On Tuesday, May 15, 2018, 5:59:25 AM EDT, Dmitriy Pugachev <pugach@...> wrote:
Hi folks!
I've performed load tests with Fabric and I have some questions and useful information. I created my question on the StackOverflow: https://stackoverflow.com/questions/50334489/performance-test-of-the-hyperledger-fabric Any information would be very helpful. Thanks. Dima Pugachev Software Engineer in Optherium Labs
|
||||||||||
|
|
||||||||||
|
Re: Some questions about the orderer service
Jason Yellick <jyellick@...>
First, I want one orderer to serve multi channels in a blockchain network. And I didn't know the number of channels at the beginning.This is Fabric's standard mode of operation. One ordering network (or in the case of 'Solo', one orderer) may serve an arbitrary number of channels, created dynamically over time. Second, Must I define the org in the configtx.yaml of orderer at first ?For an organization to be included in an initial channel definition, it must be defined in a consortium in the orderer system channel. The easiest way to do this is by defining your consortiums in the configtx.yaml file prior to bootstrapping the network, however you may define consortiums and change their membership dynamically through channel config update transactions. The third, If I have to denfine at least one org in a configtx.yaml file of orderer at the beginning, just called org1 ,channel1. And I generate the org2, and create the channel2 of org2, How could I use the only one orderer to service the two channel, Do I have to define this at the beginning?You should define at least one ordering organization in your configtx.yaml file before bootstrapping the network (note, this is typically not a consortium member). This is required so that updates to the configuration may be authorized in the future. Typically, you should setup a dedicated ordering organization which will not be involved in transactions on the network. Then, as the admin of the ordering organization you may define new consortiums when you are ready to do so. It is always easiest if you can define your configuration before bootstrapping the network, however reconfiguration is certainly possible. I mean is there any methods to do this dynamically without to define it at first? Thank you very much!Note, that you can even create channels, then modify their membership to include non-consortium members. You will probably be interested in: http://hyperledger-fabric.readthedocs.io/en/release-1.1/config_update.html http://hyperledger-fabric.readthedocs.io/en/release-1.1/channel_update_tutorial.html Thanks, ~Jason
|
||||||||||
|
|
||||||||||
|
Re: the difference of kafka and sbft
qs Here might give some explanation. Besides, the maillist has removed all "hyperledger-" prefix, hence we can use fabric@....
On Tue, May 15, 2018 at 9:16 AM, qs meng <qsmeng@...> wrote:
--
Best wishes! Baohua Yang
|
||||||||||
|
|
||||||||||
|
Re: Hyperledger clean query.
Christopher Ferris
Depends how you provisioned the network, but basically, if you want a fresh start, re-create the network.
toggle quoted messageShow quoted text
Chris
On May 14, 2018, at 12:41 PM, Cardenas, Carlos <carlos.cardenas@...> wrote:
|
||||||||||
|
|
