|
Re: Fabric CA server with customized CSR details.
Chris Gabriel <alaskadd@...>
Hello, so --tls.enabled true if using command line flags Note the 'tls' section of the following doc: Hope this helps, Chris
|
|
|
|
Fabric CA server with customized CSR details.
Pechimuthu T
hello,
when we start fabric-ca server we get the following files are generated. -------------------------------------------------------------------------------- fabric-ca-server start \ -b ${USERNAME}:${PASSWORD} \ --tls.enabled \ --csr.hosts ${CSR_HOSTS} \ --csr.cn ${CSR_CN} -------------------------------------------------------------------------------- IssuerPublicKey IssuerRevocationPublicKey ca-cert.pem fabric-ca-server-config.yaml fabric-ca-server.db ./msp tls-cert.pem I have changed fabric-ca-server-config.yaml file( changes are specific to CSR section ) deleted ca-cert.pem, ./msp folder, and tls-cert.pem after that started fabric-ca-server again as mentioned above. ca-cert.pem has been changed as per my csr config. But tls-cert.pem is not generated at all. Any thing i am missing ? we want the tls-cert.pem also to be regenerated as per my modify CSR config. any one has faced this issue ? Help in this regard is very much appreciated. Thanks and Regards, T. Pechimuthu Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.
|
|
|
|
Re: End devices identities in an IoT BC network
Chris Gabriel <alaskadd@...>
Hi Nikos,
toggle quoted messageShow quoted text
I have done this within my company and I prefer to issue identities to the end devices as we would the users. We do not use an intermediate DB as we use our Fabric blockchain network instead, but there are many ways to do this. I call our stack the BEAN stack (Blockchain, Express, Angular, and Node). In our case, the IoT sensor input is autonomous after checking for signal quality and identity credentials as it passes though the gateway (we use Node-Red on RaspberryPi in the demo) and can trigger transactions in the smart contract. I have posted a demo video that shows how this works on YouTube. I hope this helps. Chris
|
|
|
|
End devices identities in an IoT BC network
Nikos Karamolegkos
Hello,
I want to build a smart building IoT BC network and I am working to the network architecture. At this point I have built the IoT infrastructure and I am looking to integrate the BC idea. Specifically, the end devices (EDs) are equipped with sensors (these device can not run fabric) and the data are transmitted via 802.15.4 to IoT GW (raspberry) which sends them to the DB. In order to integrate the BC concept I am thinking to use a fabric client app in the IoT GW which will send (update) the date to ledger. Is this a good approach? I was wondering how the EDs can prove their identity through the GW in order to match with the information defined in smart-contract? I can use fabric-ca to create ED identities but these identities would be in the IoT GWs which will match the ED ID with the fabric identity (through the client app running in GWs). Is this the best I can do? Also, in the BC network would be users which will have access to the sensor data written by the EDs. As I have understood these user will be fabric client application too with specific right policies (read &/or write). Should I make a different organization for them? I have experience in IoT but not in BC so any idea, example, application or use case are welcome in order to design my BC architecture. Thank you for your time, -- Nikos Karamolegkos R & D engineer at ICS-FORTH Telecommunications and Networks Lab (TNL)
|
|
|
|
Re: using APIs in fabric
#fabric-questions
#fabric-endorser
#fabric
David Enyeart
Remember that chaincode execution is only a transaction simulation that builds a read/write set. The transaction doesn't get validated and committed until after it is ordered into a block. Therefore you don't want to call any external services that take action from a chaincode. Rather, your application can listen for the block commit events, and then take action for any validated and committed transactions. Hi, What kind of external services are we allowed to use in fabric? Can we use any APIs? Or we must just use fabric SDK. For example, an external service is a bank ATM API, and our transaction is calling the ATM withdrawal operation. ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Hi, What kind of external services are we allowed to use in fabric? Can we use any APIs? Or we must just use fabric SDK. For example, an external service is a bank ATM API, and our transaction is calling the ATM withdrawal operation. We have defined in our policies that four endorsers must approve it. When the endorser nodes call that external service, are the withdrawal operations performed four times separately; and change the bank account's balance outside the blockchain each time? (so we have trouble in the commitment phase) How can we handle external calls? I appreciate any help you can provide.
|
|
|
|
Re: Running same application from multiple users
David Enyeart
You should also take a look at attribute based access control in chaincode, to authorize users to chaincode actions based on issued role attributes. Nice ideas both. So to be more specific, the CityOrg would have some raspberries as IoT gateways (network) which are receiving sensor measurements (like empty parking positions, temperature, etc) from the end devices. I am thinking of running ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Nice ideas both. So to be more specific, the CityOrg would have some raspberries as IoT gateways (network) which are receiving sensor measurements (like empty parking positions, temperature, etc) from the end devices. I am thinking of running a fabric application into raspberries (i.e the client application runs in raspberry) to use the smart contracts (chaincode) to write the measurements (or a hash for better memory utilization) to the ledger. I am thinking also running some GW raspberries as peers too (eg. 3-4 PI). For the CitizenOrg/ValidatorOrg I am thinking to have two applications (running to PCs), one for the citizen to just read the data (I have to think which of your proposed two approaches to follow), and an other application which can change the data to the ledger (e.g set a parking position to unavailable for some reason). Also, the CitizenOrg/ValidatorOrg would have some peer (3 or 4) which will be part of the endorsing policy for writing data to ledger by CityOrg (to avoid the control of the ledger by a single org). I have to think how to deploy the orderers too. In case an other city want to join the BC network will be a new org with characteristics similar to CityOrg. Bases on your experience are these all steps a good approach? I am new to BC idea so any other ideas are welcome. We have already build an IoT network with raspberries for GWs (flow: sensor-> gateway->broker->database->ui) and we would like to make the BC part of it
|
|
|
|
ANNOUNCEMENT: Hyperledger Fabric fix releases v1.4.12, v2.2.3, v2.3.2 are now available!
David Enyeart
Hyperledger Fabric fix releases v1.4.12, v2.2.3, and v2.3.2 are now available.
|
|
|
|
Hyperledger Fabric Documentation Workgroup call - Western hemisphere - Fri, 04/23/2021
#cal-notice
fabric@lists.hyperledger.org Calendar <noreply@...>
Hyperledger Fabric Documentation Workgroup call - Western hemisphere When: Where: Organizer: Description: Join Zoom Meeting
https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09
Meeting ID: 622 333 6701
Passcode: 475869
|
|
|
|
Hyperledger Fabric Documentation Workgroup call - Western hemisphere - Fri, 04/23/2021 11:00am-12:00pm
#cal-reminder
fabric@lists.hyperledger.org Calendar <fabric@...>
Reminder: Hyperledger Fabric Documentation Workgroup call - Western hemisphere When: Friday, 23 April 2021, 11:00am to 12:00pm, (GMT-04:00) America/New York Where:https://zoom.us/my/hyperledger.community.backup?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09 Organizer: Pam Andrejko pama@... Description: Documentation workgroup call. Join Zoom Meeting
https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09
Meeting ID: 622 333 6701
Passcode: 475869
|
|
|
|
Re: Kubernetes proposes Hyperledger Fabric
Hi Jay, That's a good point. Thanks for the pointer. However, based on the criteria in the Operator Capability Levels page, the answer is a bit blurry. As it's now, Fabric Operator spans capabilities from level 2 up to 4. But I won't call it level 4. For example some supported capabilities: Level 2 Operand can be upgraded as part of changing the CR Level 3 Operator orchestrates complex re-configuration flows on the Operand Operator orchestrates complex re-configuration flows on the Operand Operator supports add/removing members to a clustered Operand Operator enables application-aware scaling of the Operand Level 4 Operator exposing metrics about its health (provided by default by Operator-SDK) Operand sends useful alerts (not alerts but exposes status field) On the other hand, it doesn't perform even some basic checks. For example it doesn't monitor if the resources created by the underlying Helm chart is deleted, or the Helm chart is deleted itself. Best, Hakan
On Wed, Apr 21, 2021 at 2:23 PM Jay Guo <guojiannan1101@...> wrote: Thanks Hakan! It would be nice to add operator capability level to readme.
|
|
|
|
Re: Kubernetes proposes Hyperledger Fabric
Jay Guo
Thanks Hakan! It would be nice to add operator capability level to readme.
toggle quoted messageShow quoted text
- J
On Sun, Apr 18, 2021 at 5:37 PM Gari Singh <gari.r.singh@...> wrote:
|
|
|
|
Single organization
#administrator-organiization
rafa_kleb10@...
Hello, everyone. I'm doing a research on blockchain for a particular use case and I would like to know what is the best approach for using blockchain in an environment where there is only one organization that needs to manage several distributed IoT devices. I apreciate the help.
|
|
|
|
Private Chaincode Lab - Tue, 04/20/2021
#cal-notice
fabric@lists.hyperledger.org Calendar <noreply@...>
Private Chaincode Lab When: Where: Organizer: Description:
|
|
|
|
missing tags for go chaincode developement dependencies
david liu <david-khala@...>
Hi Fabric maintainers,
As some community member and me found for a while, Both following repositories have no git tags yet pushed to Github github.com/hyperledger/fabric-chaincode-go
github.com/hyperledger/fabric-protos-go This will introduce a result that fabric go chaincode developer have to suffer from go.mod dependency versioning issue. such as v0.0.0-20200511190512-bcfeb58dd83a
Each time we get lost in what 20200511190512 indicates. We have to guess whether it is 2.2.x or 2.3.x Can you consider give tags to them, in a similar way in fabric itself. then we could pin to use v2.2.x as dependency version. Best Regards, David Liu
|
|
|
|
Re: AWS cloud HSM with hyperledger
#hyperledger-fabric
Kumar Shantanu
Thanks Gary, This seems to be working now :) I will probably write a blog around how to integrate AWS Cloudhsm with hyperledger components.
On Tue, Apr 20, 2021 at 10:59 AM Gari Singh <gari.r.singh@...> wrote:
|
|
|
|
Re: AWS cloud HSM with hyperledger
#hyperledger-fabric
Gari Singh
Make sure you are using the latest version of Fabric CA. With the AWS HSM, you need to add "AltId" to your bccsp configuration: bccsp: default: PKCS11 pkcs11: Library: /opt/cloudhsm/lib/libcloudhsm_pkcs11.so Pin: 'user:password' AltId: $STRING Label: cavium hash: SHA2 security: 256 AltId can be any string label you want to use. If the label does not exist on the HSM, a new key will be generated.
On Mon, Apr 19, 2021 at 5:15 PM Kumar Shantanu <km.shantanu@...> wrote:
|
|
|
|
Re: AWS cloud HSM with hyperledger
#hyperledger-fabric
Kumar Shantanu
Thank again, guys. When I configure fabric CA to use AWS HSM it crashes with the below error, sh-4.2# ./fabric-ca-server start -b admin:adminpw My BCCSP configuration looks like this, bccsp: Any pointer would be really helpful. Thanks Shantanu
On Tue, Apr 13, 2021 at 2:28 PM Gmail <alaskadd@...> wrote:
|
|
|
|
Re: How Check Names of Installed Smart Contracts
Chris Gabriel <alaskadd@...>
Brian,
toggle quoted messageShow quoted text
Sorry, I sent you the command for earlier fabric networks which would be correct if you are on Fabric 1.x If you are on Fabric 2.x you will need to use the new peer lifecycle chaincode commands. So from within the peer container, run: peer lifecycle chaincode queryinstalled -o <your orderer> If tls is enabled you need to add the --tls flag and path to your tls cert like this: peer lifecycle chaincode queryinstalled -o <your orderer> —tls —cafile <path to your cert file>
|
|
|
|
How Fabric is being used in the blockchain carbon accounting lab and how to help out
David Boswell <dboswell@...>
The Climate Action and Accounting SIG has an active blockchain carbon accounting lab that is using Hyperledger Fabric to record emissions data, using energy data from utility bills and audited emissions factors from the EPA and EEA. The code from the lab was recently used for a production system to track and offset emissions. The group wrote a blog post that goes into more details about the project and shows screenshots and a video of the production system at: https://www.hyperledger.org/blog/2021/04/19/help-us-scale-up-our-operating-system-for-climate-action The group is also looking for contributors and they've documented several good first issues that people can help with. If you're interested in using Fabric for a climate change related use case, please consider helping out. If you know of anyone who would be interested, please share the link above to the blog post or this link to the project's wiki: Thanks, David
|
|
|
|
Re: Hyperledger fabric in IoT application
Chris Gabriel <alaskadd@...>
Hi Nikos,
toggle quoted messageShow quoted text
In general, each party involved in any transaction should be in its own org. With that in mind, it is not a good idea to have only one org as this creates multiple problems (single point of failure, endorsement, trust, and defeats the business purpose of having a blockchain). When I think about Fabric network structure I always begin with the use case. Fabric networks are best implemented in B2B scenarios but you can also implement them in B2C or C2C (as of now, my view is that B2B scenarios is where Fabric really shines). Implement Fabric networks where: B2B transactions are occurring between two or more parties. There is a need for a transparent auditable view of what happened when transactions are executed. There is a contractual relationship between parties where the terms of the paper contract between them cam be executed in smart contracts. Each party on the network has its own peer(s), Certificate Authority or other means of managing identities. Note that these are suggestions for a starting point as there are many ways to think about this. Example: Company A (org1) and Company B (org2) need to transact with each other and you want to implement a Fabric network. Both companies have their own peer nodes and certificate authorities (just like the test-network). The orderer can be implemented by any of; a trusted third party, Company A, Company B, or each can have their own orderer. I hope this helps. Chris
On Apr 19, 2021, at 5:26 AM, Nikos Karamolegkos <nkaram@...> wrote:
|
|
|
"elmira" ---04/19/2021 07:54:35 AM---Hi, What kind of external services are we allowed to use in fabric? Can we use any APIs? Or we must
"Nikos Karamolegkos" ---04/14/2021 04:03:26 AM---Nice ideas both. So to be more specific, the CityOrg would have some raspberries as IoT gateways (ne