Date   
Re: Setup Hyperledger Fabric with Red Hat OpenShift - Enquiry

mark wagner
 

sorry for the delay.

The main issues revolve around the need to give special privs to the Peer container so that it can build and run a separate container for the chaincode. Most ops people do not like allowing 3rd party containers with admin privs.  That said, there are production implementations using this configuration. So its really a matter of your level of comfort.

-mark


On Thu, Mar 7, 2019 at 10:53 PM Horace Fung <horacefung@...> wrote:
Hi Mark,

Many thanks for your advice. May i ask

1. What are those other issues? 
2. If running HLF on Kubernetes or OpenShift is not recommended, any alternative that you can recommend?

Thank you very much!

Best Regards
Horace Fung


---------- Forwarded message ---------
From: Mark Wagner <mwagner@...>
Date: Fri, Mar 8, 2019 at 5:49 AM
Subject: Re: [Hyperledger Fabric] Setup Hyperledger Fabric with Red Hat OpenShift - Enquiry
To: Horace Fung <horacefung@...>
Cc: <fabric@...>, Stephen Man <stephenman@...>


Hi

Running HL Fabric on Kubernetes requires that you provide privileged access in order to run the chaincode. There are also some other issues as well. As a result, running HLF on kubernetes and thus OpenShift, is not recommended for production.

That said, I have had multiple versions of HLF running on OpenShift in my lab and at home. I am currently working on a blog post and will circle back to this thread as appropriate.

My understanding is that out of the box Kubernetes support is planned in the V2 timeframe. I would recommend that anyone looking for k8s support check out https://jira.hyperledger.org/browse/FAB-13582 . There is a link to the design doc in there if you want to review and comment. There is also a recording of a talk that was recently given in Confluence. It would also be great if you could vote for this jira so people can gauge the interest. Also "watch" the jira so you can stay abreast of new updates, etc.

-mark wagner

On Mon, Mar 4, 2019 at 7:13 PM Horace Fung <horacefung@...> wrote:
Hello,

My company is planning to use Hyperledger Fabric as our Blockchain solution and my team is now setting up Hyperledger Fabric on Multi-host environment with the use of Red-Hat OpenShift. However, I failed to find any step-by-step installation guide on the official Hyperledger website or other relevant sites. Could you kindly help me with this? Thanks a lot !

Kind regards,

Horace Fung

Vice President, Technology Development

Tel: +852 3977 7015 | Mobile: +852 9803 4543
www.cherrypicks.com

cherrypicks logo

cherrypicks
16/F - 19/F, 10 Knutsford Terrace, Tsimshatsui, Kowloon, Hong Kong

cherrypicks awards logo

Product Platforms

cherrypicks products logo

This message is confidential and is for the sole use of the intended recipient(s). It may also be privileged or otherwise protected by copyright or other legal rules. If you have received it by mistake please let us know by reply email and delete it from your system. Any unauthorized use or distribution of the content of this message is prohibited.



--
Mark Wagner
Senior Principal Software Engineer
Performance and Scalability
Red Hat, Inc


--
Mark Wagner
Senior Principal Software Engineer
Performance and Scalability
Red Hat, Inc

Re: Setup Hyperledger Fabric with Red Hat OpenShift - Enquiry

Tong Li
 

If this is about deploying fabric onto k8s, please look into cello ansible agent. If you have more questions, please reach out at rocket channel #cello.

Thanks.

Tong Li
IBM Open Technology

"Srinivasan Muralidharan" ---03/13/2019 10:03:00 AM---Hi Horace, As Mark mentioned earlier, there's ongoing work on making chaincode

From: "Srinivasan Muralidharan" <srinivasan.muralidharan99@...>
To: Horace Fung <horacefung@...>
Cc: mwagner@..., fabric@..., Stephen Man <stephenman@...>
Date: 03/13/2019 10:03 AM
Subject: Re: [Hyperledger Fabric] Setup Hyperledger Fabric with Red Hat OpenShift - Enquiry
Sent by: fabric@...





Hi Horace,
As Mark mentioned earlier, there's ongoing work on making chaincode deployment cloud/k8s friendly. Its work in progress (and pending review etc) but if you like to try it out, do reach out to me on Rocket Chat id "muralisr".

Thanks
Murali

On Wed, Mar 13, 2019 at 2:43 AM Horace Fung <horacefung@...> wrote:
    Hi Mark,

    Appreciate if you can give me some suggestions. Thank you!

    Best Regards
    Horace Fung


On Mon, Mar 11, 2019 at 10:40 AM Horace Fung <horacefung@...> wrote:
Hi Mark,

Appreciate very much if you can give me some suggestions. Thanks a lot in advance!

Best Regards
Horace Fung


On Fri, Mar 8, 2019 at 11:52 AM Horace Fung <horacefung@...> wrote:
    Hi Mark,

    Many thanks for your advice. May i ask

    1. What are those other issues? 
    2. If running HLF on Kubernetes or OpenShift is not recommended, any alternative that you can recommend?

    Thank you very much!

    Best Regards
    Horace Fung


    ---------- Forwarded message ---------
    From: Mark Wagner <mwagner@...>
    Date: Fri, Mar 8, 2019 at 5:49 AM
    Subject: Re: [Hyperledger Fabric] Setup Hyperledger Fabric with Red Hat OpenShift - Enquiry
    To: Horace Fung <horacefung@...>
    Cc: <fabric@...>, Stephen Man <stephenman@...>


    Hi

    Running HL Fabric on Kubernetes requires that you provide privileged access in order to run the chaincode. There are also some other issues as well. As a result, running HLF on kubernetes and thus OpenShift, is not recommended for production.

    That said, I have had multiple versions of HLF running on OpenShift in my lab and at home. I am currently working on a blog post and will circle back to this thread as appropriate.

    My understanding is that out of the box Kubernetes support is planned in the V2 timeframe. I would recommend that anyone looking for k8s support check out https://jira.hyperledger.org/browse/FAB-13582 . There is a link to the design doc in there if you want to review and comment. There is also a recording of a talk that was recently given in Confluence. It would also be great if you could vote for this jira so people can gauge the interest. Also "watch" the jira so you can stay abreast of new updates, etc.

    -mark wagner

    On Mon, Mar 4, 2019 at 7:13 PM Horace Fung <horacefung@...> wrote:
    Hello,

    My company is planning to use Hyperledger Fabric as our Blockchain solution and my team is now setting up Hyperledger Fabric on Multi-host environment with the use of Red-Hat OpenShift. However, I failed to find any step-by-step installation guide on the official Hyperledger website or other relevant sites. Could you kindly help me with this? Thanks a lot !

    Kind regards,
    Horace Fung
    Vice President, Technology Development

    Tel: +852 3977 7015 | Mobile: +852 9803 4543
    www.cherrypicks.com

    cherrypicks
    16/F - 19/F, 10 Knutsford Terrace, Tsimshatsui, Kowloon, Hong Kong

    Product Platforms

    This message is confidential and is for the sole use of the intended recipient(s). It may also be privileged or otherwise protected by copyright or other legal rules. If you have received it by mistake please let us know by reply email and delete it from your system. Any unauthorized use or distribution of the content of this message is prohibited.



    --
    Mark Wagner
    Senior Principal Software Engineer
    Performance and Scalability
    Red Hat, Inc



--
Thanks,
Murali
"Practice is a means of inviting the perfection desired." - Martha Graham
“We ran and ran. We were exhausted, but we kept running.” - Homare Sawa after winning 2011 Women's Soccer world cup



Re: Setup Hyperledger Fabric with Red Hat OpenShift - Enquiry

Srinivasan Muralidharan
 

Hi Horace,
As Mark mentioned earlier, there's ongoing work on making chaincode deployment cloud/k8s friendly. Its work in progress (and pending review etc) but if you like to try it out, do reach out to me on Rocket Chat id "muralisr".

Thanks
Murali

On Wed, Mar 13, 2019 at 2:43 AM Horace Fung <horacefung@...> wrote:
Hi Mark,

Appreciate if you can give me some suggestions. Thank you!

Best Regards
Horace Fung

On Mon, Mar 11, 2019 at 10:40 AM Horace Fung <horacefung@...> wrote:
Hi Mark,

Appreciate very much if you can give me some suggestions. Thanks a lot in advance!

Best Regards
Horace Fung


On Fri, Mar 8, 2019 at 11:52 AM Horace Fung <horacefung@...> wrote:
Hi Mark,

Many thanks for your advice. May i ask

1. What are those other issues? 
2. If running HLF on Kubernetes or OpenShift is not recommended, any alternative that you can recommend?

Thank you very much!

Best Regards
Horace Fung


---------- Forwarded message ---------
From: Mark Wagner <mwagner@...>
Date: Fri, Mar 8, 2019 at 5:49 AM
Subject: Re: [Hyperledger Fabric] Setup Hyperledger Fabric with Red Hat OpenShift - Enquiry
To: Horace Fung <horacefung@...>
Cc: <fabric@...>, Stephen Man <stephenman@...>


Hi

Running HL Fabric on Kubernetes requires that you provide privileged access in order to run the chaincode. There are also some other issues as well. As a result, running HLF on kubernetes and thus OpenShift, is not recommended for production.

That said, I have had multiple versions of HLF running on OpenShift in my lab and at home. I am currently working on a blog post and will circle back to this thread as appropriate.

My understanding is that out of the box Kubernetes support is planned in the V2 timeframe. I would recommend that anyone looking for k8s support check out https://jira.hyperledger.org/browse/FAB-13582 . There is a link to the design doc in there if you want to review and comment. There is also a recording of a talk that was recently given in Confluence. It would also be great if you could vote for this jira so people can gauge the interest. Also "watch" the jira so you can stay abreast of new updates, etc.

-mark wagner

On Mon, Mar 4, 2019 at 7:13 PM Horace Fung <horacefung@...> wrote:
Hello,

My company is planning to use Hyperledger Fabric as our Blockchain solution and my team is now setting up Hyperledger Fabric on Multi-host environment with the use of Red-Hat OpenShift. However, I failed to find any step-by-step installation guide on the official Hyperledger website or other relevant sites. Could you kindly help me with this? Thanks a lot !

Kind regards,

Horace Fung

Vice President, Technology Development

Tel: +852 3977 7015 | Mobile: +852 9803 4543
www.cherrypicks.com

cherrypicks logo

cherrypicks
16/F - 19/F, 10 Knutsford Terrace, Tsimshatsui, Kowloon, Hong Kong

cherrypicks awards logo

Product Platforms

cherrypicks products logo

This message is confidential and is for the sole use of the intended recipient(s). It may also be privileged or otherwise protected by copyright or other legal rules. If you have received it by mistake please let us know by reply email and delete it from your system. Any unauthorized use or distribution of the content of this message is prohibited.



--
Mark Wagner
Senior Principal Software Engineer
Performance and Scalability
Red Hat, Inc



--
Thanks,
Murali
"Practice is a means of inviting the perfection desired." - Martha Graham
“We ran and ran. We were exhausted, but we kept running.” - Homare Sawa after winning 2011 Women's Soccer world cup

Re: Setup Hyperledger Fabric with Red Hat OpenShift - Enquiry

Horace Fung
 

Hi Mark,

Appreciate if you can give me some suggestions. Thank you!

Best Regards
Horace Fung

On Mon, Mar 11, 2019 at 10:40 AM Horace Fung <horacefung@...> wrote:
Hi Mark,

Appreciate very much if you can give me some suggestions. Thanks a lot in advance!

Best Regards
Horace Fung


On Fri, Mar 8, 2019 at 11:52 AM Horace Fung <horacefung@...> wrote:
Hi Mark,

Many thanks for your advice. May i ask

1. What are those other issues? 
2. If running HLF on Kubernetes or OpenShift is not recommended, any alternative that you can recommend?

Thank you very much!

Best Regards
Horace Fung


---------- Forwarded message ---------
From: Mark Wagner <mwagner@...>
Date: Fri, Mar 8, 2019 at 5:49 AM
Subject: Re: [Hyperledger Fabric] Setup Hyperledger Fabric with Red Hat OpenShift - Enquiry
To: Horace Fung <horacefung@...>
Cc: <fabric@...>, Stephen Man <stephenman@...>


Hi

Running HL Fabric on Kubernetes requires that you provide privileged access in order to run the chaincode. There are also some other issues as well. As a result, running HLF on kubernetes and thus OpenShift, is not recommended for production.

That said, I have had multiple versions of HLF running on OpenShift in my lab and at home. I am currently working on a blog post and will circle back to this thread as appropriate.

My understanding is that out of the box Kubernetes support is planned in the V2 timeframe. I would recommend that anyone looking for k8s support check out https://jira.hyperledger.org/browse/FAB-13582 . There is a link to the design doc in there if you want to review and comment. There is also a recording of a talk that was recently given in Confluence. It would also be great if you could vote for this jira so people can gauge the interest. Also "watch" the jira so you can stay abreast of new updates, etc.

-mark wagner

On Mon, Mar 4, 2019 at 7:13 PM Horace Fung <horacefung@...> wrote:
Hello,

My company is planning to use Hyperledger Fabric as our Blockchain solution and my team is now setting up Hyperledger Fabric on Multi-host environment with the use of Red-Hat OpenShift. However, I failed to find any step-by-step installation guide on the official Hyperledger website or other relevant sites. Could you kindly help me with this? Thanks a lot !

Kind regards,

Horace Fung

Vice President, Technology Development

Tel: +852 3977 7015 | Mobile: +852 9803 4543
www.cherrypicks.com

cherrypicks logo

cherrypicks
16/F - 19/F, 10 Knutsford Terrace, Tsimshatsui, Kowloon, Hong Kong

cherrypicks awards logo

Product Platforms

cherrypicks products logo

This message is confidential and is for the sole use of the intended recipient(s). It may also be privileged or otherwise protected by copyright or other legal rules. If you have received it by mistake please let us know by reply email and delete it from your system. Any unauthorized use or distribution of the content of this message is prohibited.



--
Mark Wagner
Senior Principal Software Engineer
Performance and Scalability
Red Hat, Inc

Re: Any trick to determine if a web application is running off a Hyperledger Fabric blockchain?

Don Li
 

I never touched Fabric 1.4.0 after its Release Candidate messed up one of my Fabric virtual machines, that is, I didn't download nor install its 1.4.0 RC docker image but weird thing happened to force it onto one of my virtual machines a while ago.  That ticked me off.  

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


On Tue, Mar 12, 2019 at 9:38 PM Rich Zhao <zhao.zhenhua@...> wrote:
Actually, Fabric 1.4 uses "wallet" to hold user's identities. 


On Wed, Mar 13, 2019 at 9:32 AM Don Li <lichunshen84@...> wrote:
Thanks for taking the time to share your thoughts.

" a long hex string" or a hash value may not suffice, every software programmer knows how to use hash function to be able to create a fake one.
"wallet" idea may not be applicable here, such wallet is usually used to hold crypto token and/or cryptocurrency/cryptocurrencies.
Talking of which, glad to know Fabric 2.0 would support creation of crypto tokens...

" TLS certificate" is an interesting idea.

One thing is certain tho, every successful Fabric invoke (of a particular chaincode) would generate a hex string or a hash value.    

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


On Tue, Mar 12, 2019 at 8:35 PM Brian Behlendorf <bbehlendorf@...> wrote:
This has been the bane of every blockchain demo I've ever seen, Fabric or otherwise. The presenter goes through a series of app screens or web pages to submit something, and then shows a result as a long hex string or maybe QR code, and "voila! You can verify it for yourself" as if someone is going to read each letter on two screens to make sure they match, or has an easy tool for comparing QR codes. Maybe the best so far are those that involve wallets, showing specific assets in that wallet and a way to spend or share with others, but even that could have a central database behind them. I'm somewhat resigned to the idea that there won't ever be consumer level visual proof that something came from a blockchain as unvarnished truth. I think the closest we'll get is the equivalent of the green URL bar on web browsers when visiting a site with a valid TLS certificate, something contextual and based on a consumer's trust in the fidelity of their app. Given all uses of Fabric and most uses of the rest of the Hyperledger family are B2B (only Indy has a desire to touch average consumers direct through a wallet) that trust by a participant in a blockchain will really be based on trusting their tech provider or in-house devs. Would love to be wrong on that tho.

Brian

On 12 March 2019 5:25:35 PM GMT-07:00, Don Li <lichunshen84@...> wrote:
And let me add another comment.
For fellow Hyperledger Fabric application developers, it would be fairly easy.  Because one could send the few lines of code for CURL call of a REST API for query the ledger data with a parameter and a value (key/value)  and that develop can run such lines of code on his/her own terminal.  Though I haven't tried myself, I don't see any reason why it won't work.

However, here we're talking with convincing non Hyperledger Fabric professionals/developers.

Thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


On Tue, Mar 12, 2019 at 7:10 PM Don Li via Lists.Hyperledger.Org <lichunshen84=gmail.com@...> wrote:
Hi,

When we develop web application on top of a Hyperledger Fabric to a user, it looks and behaves just like any other web applications ( which do not leverage blockchain technology ), 
and CLI command like "peer channel fetch 0 mychannel.block -c mychannel -o orderer0.orderer.staging.example.org:7050"
or "configtxlator proto_decode --type=common.Block --input mychannel.block | jq --indent 4 -S '.' > mychannel_block.json" cannot be easily ported to be web accessible.
So, the question is, how can we convince people, this web application that you develop that leverages Hyperledger Fabric is truly so? 

And I'm not convinced by the argument of setting up such application on several nodes because a traditional web application can also be set up on several servers (nodes) with replicated identical database as well.

Thoughts?

Many thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Any trick to determine if a web application is running off a Hyperledger Fabric blockchain?

Zhenhua Zhao
 

Actually, Fabric 1.4 uses "wallet" to hold user's identities. 


On Wed, Mar 13, 2019 at 9:32 AM Don Li <lichunshen84@...> wrote:
Thanks for taking the time to share your thoughts.

" a long hex string" or a hash value may not suffice, every software programmer knows how to use hash function to be able to create a fake one.
"wallet" idea may not be applicable here, such wallet is usually used to hold crypto token and/or cryptocurrency/cryptocurrencies.
Talking of which, glad to know Fabric 2.0 would support creation of crypto tokens...

" TLS certificate" is an interesting idea.

One thing is certain tho, every successful Fabric invoke (of a particular chaincode) would generate a hex string or a hash value.    

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


On Tue, Mar 12, 2019 at 8:35 PM Brian Behlendorf <bbehlendorf@...> wrote:
This has been the bane of every blockchain demo I've ever seen, Fabric or otherwise. The presenter goes through a series of app screens or web pages to submit something, and then shows a result as a long hex string or maybe QR code, and "voila! You can verify it for yourself" as if someone is going to read each letter on two screens to make sure they match, or has an easy tool for comparing QR codes. Maybe the best so far are those that involve wallets, showing specific assets in that wallet and a way to spend or share with others, but even that could have a central database behind them. I'm somewhat resigned to the idea that there won't ever be consumer level visual proof that something came from a blockchain as unvarnished truth. I think the closest we'll get is the equivalent of the green URL bar on web browsers when visiting a site with a valid TLS certificate, something contextual and based on a consumer's trust in the fidelity of their app. Given all uses of Fabric and most uses of the rest of the Hyperledger family are B2B (only Indy has a desire to touch average consumers direct through a wallet) that trust by a participant in a blockchain will really be based on trusting their tech provider or in-house devs. Would love to be wrong on that tho.

Brian

On 12 March 2019 5:25:35 PM GMT-07:00, Don Li <lichunshen84@...> wrote:
And let me add another comment.
For fellow Hyperledger Fabric application developers, it would be fairly easy.  Because one could send the few lines of code for CURL call of a REST API for query the ledger data with a parameter and a value (key/value)  and that develop can run such lines of code on his/her own terminal.  Though I haven't tried myself, I don't see any reason why it won't work.

However, here we're talking with convincing non Hyperledger Fabric professionals/developers.

Thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


On Tue, Mar 12, 2019 at 7:10 PM Don Li via Lists.Hyperledger.Org <lichunshen84=gmail.com@...> wrote:
Hi,

When we develop web application on top of a Hyperledger Fabric to a user, it looks and behaves just like any other web applications ( which do not leverage blockchain technology ), 
and CLI command like "peer channel fetch 0 mychannel.block -c mychannel -o orderer0.orderer.staging.example.org:7050"
or "configtxlator proto_decode --type=common.Block --input mychannel.block | jq --indent 4 -S '.' > mychannel_block.json" cannot be easily ported to be web accessible.
So, the question is, how can we convince people, this web application that you develop that leverages Hyperledger Fabric is truly so? 

And I'm not convinced by the argument of setting up such application on several nodes because a traditional web application can also be set up on several servers (nodes) with replicated identical database as well.

Thoughts?

Many thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Any trick to determine if a web application is running off a Hyperledger Fabric blockchain?

Don Li
 

Thanks for taking the time to share your thoughts.

" a long hex string" or a hash value may not suffice, every software programmer knows how to use hash function to be able to create a fake one.
"wallet" idea may not be applicable here, such wallet is usually used to hold crypto token and/or cryptocurrency/cryptocurrencies.
Talking of which, glad to know Fabric 2.0 would support creation of crypto tokens...

" TLS certificate" is an interesting idea.

One thing is certain tho, every successful Fabric invoke (of a particular chaincode) would generate a hex string or a hash value.    

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


On Tue, Mar 12, 2019 at 8:35 PM Brian Behlendorf <bbehlendorf@...> wrote:
This has been the bane of every blockchain demo I've ever seen, Fabric or otherwise. The presenter goes through a series of app screens or web pages to submit something, and then shows a result as a long hex string or maybe QR code, and "voila! You can verify it for yourself" as if someone is going to read each letter on two screens to make sure they match, or has an easy tool for comparing QR codes. Maybe the best so far are those that involve wallets, showing specific assets in that wallet and a way to spend or share with others, but even that could have a central database behind them. I'm somewhat resigned to the idea that there won't ever be consumer level visual proof that something came from a blockchain as unvarnished truth. I think the closest we'll get is the equivalent of the green URL bar on web browsers when visiting a site with a valid TLS certificate, something contextual and based on a consumer's trust in the fidelity of their app. Given all uses of Fabric and most uses of the rest of the Hyperledger family are B2B (only Indy has a desire to touch average consumers direct through a wallet) that trust by a participant in a blockchain will really be based on trusting their tech provider or in-house devs. Would love to be wrong on that tho.

Brian

On 12 March 2019 5:25:35 PM GMT-07:00, Don Li <lichunshen84@...> wrote:
And let me add another comment.
For fellow Hyperledger Fabric application developers, it would be fairly easy.  Because one could send the few lines of code for CURL call of a REST API for query the ledger data with a parameter and a value (key/value)  and that develop can run such lines of code on his/her own terminal.  Though I haven't tried myself, I don't see any reason why it won't work.

However, here we're talking with convincing non Hyperledger Fabric professionals/developers.

Thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


On Tue, Mar 12, 2019 at 7:10 PM Don Li via Lists.Hyperledger.Org <lichunshen84=gmail.com@...> wrote:
Hi,

When we develop web application on top of a Hyperledger Fabric to a user, it looks and behaves just like any other web applications ( which do not leverage blockchain technology ), 
and CLI command like "peer channel fetch 0 mychannel.block -c mychannel -o orderer0.orderer.staging.example.org:7050"
or "configtxlator proto_decode --type=common.Block --input mychannel.block | jq --indent 4 -S '.' > mychannel_block.json" cannot be easily ported to be web accessible.
So, the question is, how can we convince people, this web application that you develop that leverages Hyperledger Fabric is truly so? 

And I'm not convinced by the argument of setting up such application on several nodes because a traditional web application can also be set up on several servers (nodes) with replicated identical database as well.

Thoughts?

Many thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Any trick to determine if a web application is running off a Hyperledger Fabric blockchain?

Brian Behlendorf
 

This has been the bane of every blockchain demo I've ever seen, Fabric or otherwise. The presenter goes through a series of app screens or web pages to submit something, and then shows a result as a long hex string or maybe QR code, and "voila! You can verify it for yourself" as if someone is going to read each letter on two screens to make sure they match, or has an easy tool for comparing QR codes. Maybe the best so far are those that involve wallets, showing specific assets in that wallet and a way to spend or share with others, but even that could have a central database behind them. I'm somewhat resigned to the idea that there won't ever be consumer level visual proof that something came from a blockchain as unvarnished truth. I think the closest we'll get is the equivalent of the green URL bar on web browsers when visiting a site with a valid TLS certificate, something contextual and based on a consumer's trust in the fidelity of their app. Given all uses of Fabric and most uses of the rest of the Hyperledger family are B2B (only Indy has a desire to touch average consumers direct through a wallet) that trust by a participant in a blockchain will really be based on trusting their tech provider or in-house devs. Would love to be wrong on that tho.

Brian


On 12 March 2019 5:25:35 PM GMT-07:00, Don Li <lichunshen84@...> wrote:
And let me add another comment.
For fellow Hyperledger Fabric application developers, it would be fairly easy.  Because one could send the few lines of code for CURL call of a REST API for query the ledger data with a parameter and a value (key/value)  and that develop can run such lines of code on his/her own terminal.  Though I haven't tried myself, I don't see any reason why it won't work.

However, here we're talking with convincing non Hyperledger Fabric professionals/developers.

Thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


On Tue, Mar 12, 2019 at 7:10 PM Don Li via Lists.Hyperledger.Org <lichunshen84=gmail.com@...> wrote:
Hi,

When we develop web application on top of a Hyperledger Fabric to a user, it looks and behaves just like any other web applications ( which do not leverage blockchain technology ), 
and CLI command like "peer channel fetch 0 mychannel.block -c mychannel -o orderer0.orderer.staging.example.org:7050"
or "configtxlator proto_decode --type=common.Block --input mychannel.block | jq --indent 4 -S '.' > mychannel_block.json" cannot be easily ported to be web accessible.
So, the question is, how can we convince people, this web application that you develop that leverages Hyperledger Fabric is truly so? 

And I'm not convinced by the argument of setting up such application on several nodes because a traditional web application can also be set up on several servers (nodes) with replicated identical database as well.

Thoughts?

Many thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: Any trick to determine if a web application is running off a Hyperledger Fabric blockchain?

Don Li
 

And let me add another comment.
For fellow Hyperledger Fabric application developers, it would be fairly easy.  Because one could send the few lines of code for CURL call of a REST API for query the ledger data with a parameter and a value (key/value)  and that develop can run such lines of code on his/her own terminal.  Though I haven't tried myself, I don't see any reason why it won't work.

However, here we're talking with convincing non Hyperledger Fabric professionals/developers.

Thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer


On Tue, Mar 12, 2019 at 7:10 PM Don Li via Lists.Hyperledger.Org <lichunshen84=gmail.com@...> wrote:
Hi,

When we develop web application on top of a Hyperledger Fabric to a user, it looks and behaves just like any other web applications ( which do not leverage blockchain technology ), 
and CLI command like "peer channel fetch 0 mychannel.block -c mychannel -o orderer0.orderer.staging.example.org:7050"
or "configtxlator proto_decode --type=common.Block --input mychannel.block | jq --indent 4 -S '.' > mychannel_block.json" cannot be easily ported to be web accessible.
So, the question is, how can we convince people, this web application that you develop that leverages Hyperledger Fabric is truly so? 

And I'm not convinced by the argument of setting up such application on several nodes because a traditional web application can also be set up on several servers (nodes) with replicated identical database as well.

Thoughts?

Many thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer

Any trick to determine if a web application is running off a Hyperledger Fabric blockchain?

Don Li
 

Hi,

When we develop web application on top of a Hyperledger Fabric to a user, it looks and behaves just like any other web applications ( which do not leverage blockchain technology ), 
and CLI command like "peer channel fetch 0 mychannel.block -c mychannel -o orderer0.orderer.staging.example.org:7050"
or "configtxlator proto_decode --type=common.Block --input mychannel.block | jq --indent 4 -S '.' > mychannel_block.json" cannot be easily ported to be web accessible.
So, the question is, how can we convince people, this web application that you develop that leverages Hyperledger Fabric is truly so? 

And I'm not convinced by the argument of setting up such application on several nodes because a traditional web application can also be set up on several servers (nodes) with replicated identical database as well.

Thoughts?

Many thanks.

(Don) Chunshen Li
Blockchain Consultant / Hyperledger Fabric Application Developer

Re: Fabric-Indy integration

Arnaud Le Hors
 

Hi,
We've had several discussions about the different possible integrations at the Hackfests but I'm not aware of any work actually being done at this point.
What's your interest?
--
Arnaud  Le Hors - Senior Technical Staff Member, Blockchain & Web Open Technologies - IBM




From:        "Yuval Carmel" <yuval.carmel@...>
To:        fabric@...
Date:        03/11/2019 10:45 AM
Subject:        [Hyperledger Fabric] Fabric-Indy integration
Sent by:        fabric@...




Hello,
Any work in being done to enable integration of Indy like identities (a public user repository) into a Fabric network?

Thanks,
Yuval



Re: Question on policy validation while creating a new channel

Nye Liu <nye@...>
 

I was wondering about this too.


In most examples, the orderer and peers use a completely different root CA (and each only have a *single* root CA).


How does the orderer know the peer's certs are valid?


Am I missing something? Or is this a different question?


On 3/12/2019 10:43 AM, Siddharth Jain wrote:
we have been looking at the code for first-network.

in configtx.yaml see see this section:
Policies:

            Readers:

                Type: Signature

                Rule: "OR('OrdererMSP.member')"

            Writers:

                Type: Signature

                Rule: "OR('OrdererMSP.member')"

            Admins:

                Type: Signature

                Rule: "OR('OrdererMSP.admin')"
and mspdir is set to:
# MSPDir is the filesystem path which contains the MSP configuration

        MSPDir: crypto-config/ordererOrganizations/example.com/msp


in docker-compose we can see msp is set to admin of org1:

and the cacaert for org1's admin does not match the cacaert under ordererMSP. So then why is there no exception during policy validation for Orderer/Writers? How come org1's admin is still able to create a channel?

org1's admin cert:

$ openssl x509 -in crypto-config/peerOrganizations/org1.example.com/msp/admincerts/Admin\@org1.example.com-cert.pem -text -noout

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            41:00:2e:f8:52:e1:7c:9d:e0:70:5d:6d:79:45:cb:26

    Signature Algorithm: ecdsa-with-SHA256

        Issuer: C=US, ST=California, L=San Francisco, O=org1.example.com, CN=ca.org1.example.com

        Validity

            Not Before: Mar 12 17:03:00 2019 GMT

            Not After : Mar  9 17:03:00 2029 GMT

        Subject: C=US, ST=California, L=San Francisco, OU=client, CN=Admin@...

        Subject Public Key Info:

            Public Key Algorithm: id-ecPublicKey

                Public-Key: (256 bit)

                pub: 

                    04:35:16:49:7c:46:b7:a9:b8:7e:67:ad:b7:fa:2c:

                    c0:d5:ea:da:6f:a2:a6:65:29:98:64:a4:86:62:6f:

                    02:5b:57:40:ae:c1:0e:21:78:42:6d:a6:54:24:b7:

                    65:5a:03:61:76:f0:ec:45:05:19:9b:69:cb:88:a1:

                    89:da:b3:f7:a9

                ASN1 OID: prime256v1

                NIST CURVE: P-256

        X509v3 extensions:

            X509v3 Key Usage: critical

                Digital Signature

            X509v3 Basic Constraints: critical

                CA:FALSE

            X509v3 Authority Key Identifier: 

                keyid:4A:B0:75:8E:52:F6:D0:DE:65:E7:19:A0:11:FE:B3:F9:F9:BD:4F:C8:AC:04:39:58:71:CC:0E:A5:3D:CF:DE:A0


    Signature Algorithm: ecdsa-with-SHA256

         30:44:02:20:67:9d:aa:af:b8:ca:0f:bf:00:ff:2f:ad:6d:a5:

         8b:d8:89:98:25:48:e7:c3:f6:23:f5:da:19:bf:16:5e:f8:fd:

         02:20:24:45:d9:21:1e:d4:a4:f7:0d:92:d6:21:ac:ae:38:b2:

         3a:37:90:80:fe:b9:18:49:a1:d9:13:e8:9b:c9:fe:ef


cacert under orderer's msp:


$ openssl x509 -in crypto-config/ordererOrganizations/example.com/msp/cacerts/ca.example.com-cert.pem -text -noout

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            4d:1d:d8:21:76:34:b7:05:29:fe:d5:88:03:0b:80:1c

    Signature Algorithm: ecdsa-with-SHA256

        Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com

        Validity

            Not Before: Mar 12 17:03:00 2019 GMT

            Not After : Mar  9 17:03:00 2029 GMT

        Subject: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com

        Subject Public Key Info:

            Public Key Algorithm: id-ecPublicKey

                Public-Key: (256 bit)

                pub: 

                    04:7b:ee:3b:d8:39:d2:0a:99:e2:e2:25:81:60:b6:

                    e5:94:99:52:21:bb:2d:4c:79:e3:14:f7:45:e2:37:

                    ce:21:ad:0e:eb:1c:90:e6:d1:0b:ed:aa:f7:4c:be:

                    15:e1:61:21:e1:2e:5f:4d:da:69:f1:80:e6:08:3f:

                    07:22:eb:13:b9

                ASN1 OID: prime256v1

                NIST CURVE: P-256

        X509v3 extensions:

            X509v3 Key Usage: critical

                Digital Signature, Key Encipherment, Certificate Sign, CRL Sign

            X509v3 Extended Key Usage: 

                Any Extended Key Usage

            X509v3 Basic Constraints: critical

                CA:TRUE

            X509v3 Subject Key Identifier: 

                C7:4D:E3:DA:24:C9:C6:9A:E5:2B:EA:65:06:61:70:97:B8:F6:BB:56:4B:B4:05:80:15:68:D9:D5:60:C8:B9:61

    Signature Algorithm: ecdsa-with-SHA256

         30:45:02:21:00:da:ef:1e:40:74:1b:5a:fd:dc:c5:00:a4:01:

         cc:4b:a0:ac:db:52:db:23:66:58:22:9f:80:73:8f:58:92:c6:

         aa:02:20:3e:38:2a:75:0c:61:11:d2:9b:fe:6d:20:fb:d7:c2:

         bd:a8:de:0c:1d:d0:e5:10:a9:26:e8:86:d0:a2:77:4e:7b


so org1 admin's cert is issued by an authority that is not whitelisted under the orderer msp's cacerts. so how can it pass validation? thanks


Re: Question on policy validation while creating a new channel

Siddharth Jain
 

even the localMSPID is set to CORE_PEER_LOCALMSPID=Org1MSP in docker-compose which is different from the msp in the policy:

Writers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
so the only explanation seems to be that the policy is not being evaluated. is that correct? 
the reason we ask is because we are following the same pattern with similar configtx.yaml etc. but when we try to create a channel we get an error:

2019-03-12 17:05:09.337 UTC [policies] Evaluate -> DEBU 0da == Evaluating *policies.implicitMetaPolicy Policy /Channel/Writers ==
2019-03-12 17:05:09.337 UTC [policies] Evaluate -> DEBU 0db This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign
2019-03-12 17:05:09.337 UTC [policies] Evaluate -> DEBU 0dc == Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Writers ==
2019-03-12 17:05:09.337 UTC [policies] Evaluate -> DEBU 0dd This is an implicit meta policy, it will trigger other policy evaluations, whose failures may be benign
2019-03-12 17:05:09.337 UTC [policies] Evaluate -> DEBU 0de == Evaluating *cauthdsl.policy Policy /Channel/Orderer/ord/Writers ==
2019-03-12 17:05:09.337 UTC [msp] DeserializeIdentity -> DEBU 0df Obtaining identity
2019-03-12 17:05:09.337 UTC [msp/identity] newIdentity -> DEBU 0e0 Creating identity instance for cert -----BEGIN CERTIFICATE-----
.....
-----END CERTIFICATE-----
2019-03-12 17:05:09.338 UTC [cauthdsl] func1 -> DEBU 0e1 0xc42000e1e8 gate 1552410309337999686 evaluation starts
2019-03-12 17:05:09.338 UTC [cauthdsl] func2 -> DEBU 0e2 0xc42000e1e8 signed by 0 principal evaluation starts (used [false])
2019-03-12 17:05:09.338 UTC [cauthdsl] func2 -> DEBU 0e3 0xc42000e1e8 processing identity 0 with bytes of ....
2019-03-12 17:05:09.338 UTC [cauthdsl] func2 -> DEBU 0e4 0xc42000e1e8 identity 0 does not satisfy principal: the identity is a member of a different MSP (expected ordMSP, got org1MSP)
2019-03-12 17:05:09.338 UTC [cauthdsl] func2 -> DEBU 0e5 0xc42000e1e8 principal evaluation fails
2019-03-12 17:05:09.338 UTC [cauthdsl] func1 -> DEBU 0e6 0xc42000e1e8 gate 1552410309337999686 evaluation fails
2019-03-12 17:05:09.338 UTC [policies] Evaluate -> DEBU 0e7 Signature set did not satisfy policy /Channel/Orderer/ord/Writers
2019-03-12 17:05:09.338 UTC [policies] Evaluate -> DEBU 0e8 == Done Evaluating *cauthdsl.policy Policy /Channel/Orderer/ord/Writers
2019-03-12 17:05:09.338 UTC [policies] func1 -> DEBU 0e9 Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ ord.Writers ]
2019-03-12 17:05:09.338 UTC [policies] Evaluate -> DEBU 0ea Signature set did not satisfy policy /Channel/Orderer/Writers
2019-03-12 17:05:09.338 UTC [policies] Evaluate -> DEBU 0eb == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Orderer/Writers
2019-03-12 17:05:09.338 UTC [policies] func1 -> DEBU 0ec Evaluation Failed: Only 0 policies were satisfied, but needed 1 of [ Orderer.Writers Consortiums.Writers ]
2019-03-12 17:05:09.338 UTC [policies] Evaluate -> DEBU 0ed Signature set did not satisfy policy /Channel/Writers
2019-03-12 17:05:09.338 UTC [policies] Evaluate -> DEBU 0ee == Done Evaluating *policies.implicitMetaPolicy Policy /Channel/Writers
2019-03-12 17:05:09.338 UTC [orderer/common/broadcast] Handle -> WARN 0ef [channel: mychannel] Rejecting broadcast of config message from 10.0.0.192:54232 because of error: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied


From: Siddharth Jain <siddjain@...>
Sent: Tuesday, March 12, 2019 10:43 AM
To: fabric@...
Subject: Question on policy validation while creating a new channel
 
we have been looking at the code for first-network.

in configtx.yaml see see this section:
Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('OrdererMSP.admin')"
and mspdir is set to:
# MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/example.com/msp


in docker-compose we can see msp is set to admin of org1:
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@.../msp

and the cacaert for org1's admin does not match the cacaert under ordererMSP. So then why is there no exception during policy validation for Orderer/Writers? How come org1's admin is still able to create a channel?

org1's admin cert:

$ openssl x509 -in crypto-config/peerOrganizations/org1.example.com/msp/admincerts/Admin\@org1.example.com-cert.pem -text -noout

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            41:00:2e:f8:52:e1:7c:9d:e0:70:5d:6d:79:45:cb:26

    Signature Algorithm: ecdsa-with-SHA256

        Issuer: C=US, ST=California, L=San Francisco, O=org1.example.com, CN=ca.org1.example.com

        Validity

            Not Before: Mar 12 17:03:00 2019 GMT

            Not After : Mar  9 17:03:00 2029 GMT

        Subject: C=US, ST=California, L=San Francisco, OU=client, CN=Admin@...

        Subject Public Key Info:

            Public Key Algorithm: id-ecPublicKey

                Public-Key: (256 bit)

                pub: 

                    04:35:16:49:7c:46:b7:a9:b8:7e:67:ad:b7:fa:2c:

                    c0:d5:ea:da:6f:a2:a6:65:29:98:64:a4:86:62:6f:

                    02:5b:57:40:ae:c1:0e:21:78:42:6d:a6:54:24:b7:

                    65:5a:03:61:76:f0:ec:45:05:19:9b:69:cb:88:a1:

                    89:da:b3:f7:a9

                ASN1 OID: prime256v1

                NIST CURVE: P-256

        X509v3 extensions:

            X509v3 Key Usage: critical

                Digital Signature

            X509v3 Basic Constraints: critical

                CA:FALSE

            X509v3 Authority Key Identifier: 

                keyid:4A:B0:75:8E:52:F6:D0:DE:65:E7:19:A0:11:FE:B3:F9:F9:BD:4F:C8:AC:04:39:58:71:CC:0E:A5:3D:CF:DE:A0


    Signature Algorithm: ecdsa-with-SHA256

         30:44:02:20:67:9d:aa:af:b8:ca:0f:bf:00:ff:2f:ad:6d:a5:

         8b:d8:89:98:25:48:e7:c3:f6:23:f5:da:19:bf:16:5e:f8:fd:

         02:20:24:45:d9:21:1e:d4:a4:f7:0d:92:d6:21:ac:ae:38:b2:

         3a:37:90:80:fe:b9:18:49:a1:d9:13:e8:9b:c9:fe:ef


cacert under orderer's msp:


$ openssl x509 -in crypto-config/ordererOrganizations/example.com/msp/cacerts/ca.example.com-cert.pem -text -noout

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            4d:1d:d8:21:76:34:b7:05:29:fe:d5:88:03:0b:80:1c

    Signature Algorithm: ecdsa-with-SHA256

        Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com

        Validity

            Not Before: Mar 12 17:03:00 2019 GMT

            Not After : Mar  9 17:03:00 2029 GMT

        Subject: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com

        Subject Public Key Info:

            Public Key Algorithm: id-ecPublicKey

                Public-Key: (256 bit)

                pub: 

                    04:7b:ee:3b:d8:39:d2:0a:99:e2:e2:25:81:60:b6:

                    e5:94:99:52:21:bb:2d:4c:79:e3:14:f7:45:e2:37:

                    ce:21:ad:0e:eb:1c:90:e6:d1:0b:ed:aa:f7:4c:be:

                    15:e1:61:21:e1:2e:5f:4d:da:69:f1:80:e6:08:3f:

                    07:22:eb:13:b9

                ASN1 OID: prime256v1

                NIST CURVE: P-256

        X509v3 extensions:

            X509v3 Key Usage: critical

                Digital Signature, Key Encipherment, Certificate Sign, CRL Sign

            X509v3 Extended Key Usage: 

                Any Extended Key Usage

            X509v3 Basic Constraints: critical

                CA:TRUE

            X509v3 Subject Key Identifier: 

                C7:4D:E3:DA:24:C9:C6:9A:E5:2B:EA:65:06:61:70:97:B8:F6:BB:56:4B:B4:05:80:15:68:D9:D5:60:C8:B9:61

    Signature Algorithm: ecdsa-with-SHA256

         30:45:02:21:00:da:ef:1e:40:74:1b:5a:fd:dc:c5:00:a4:01:

         cc:4b:a0:ac:db:52:db:23:66:58:22:9f:80:73:8f:58:92:c6:

         aa:02:20:3e:38:2a:75:0c:61:11:d2:9b:fe:6d:20:fb:d7:c2:

         bd:a8:de:0c:1d:d0:e5:10:a9:26:e8:86:d0:a2:77:4e:7b


so org1 admin's cert is issued by an authority that is not whitelisted under the orderer msp's cacerts. so how can it pass validation? thanks


Re: Few concerns about Hyperledger Fabric

Sharon Weed <weeds@...>
 

Adam,

I thought it might be useful to point you to a blog Chris Ferris has been doing on Hyperledger Fabric performance at this link:


Question on policy validation while creating a new channel

Siddharth Jain
 

we have been looking at the code for first-network.

in configtx.yaml see see this section:
Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('OrdererMSP.admin')"
and mspdir is set to:
# MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/example.com/msp


in docker-compose we can see msp is set to admin of org1:
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@.../msp

and the cacaert for org1's admin does not match the cacaert under ordererMSP. So then why is there no exception during policy validation for Orderer/Writers? How come org1's admin is still able to create a channel?

org1's admin cert:

$ openssl x509 -in crypto-config/peerOrganizations/org1.example.com/msp/admincerts/Admin\@org1.example.com-cert.pem -text -noout

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            41:00:2e:f8:52:e1:7c:9d:e0:70:5d:6d:79:45:cb:26

    Signature Algorithm: ecdsa-with-SHA256

        Issuer: C=US, ST=California, L=San Francisco, O=org1.example.com, CN=ca.org1.example.com

        Validity

            Not Before: Mar 12 17:03:00 2019 GMT

            Not After : Mar  9 17:03:00 2029 GMT

        Subject: C=US, ST=California, L=San Francisco, OU=client, CN=Admin@...

        Subject Public Key Info:

            Public Key Algorithm: id-ecPublicKey

                Public-Key: (256 bit)

                pub: 

                    04:35:16:49:7c:46:b7:a9:b8:7e:67:ad:b7:fa:2c:

                    c0:d5:ea:da:6f:a2:a6:65:29:98:64:a4:86:62:6f:

                    02:5b:57:40:ae:c1:0e:21:78:42:6d:a6:54:24:b7:

                    65:5a:03:61:76:f0:ec:45:05:19:9b:69:cb:88:a1:

                    89:da:b3:f7:a9

                ASN1 OID: prime256v1

                NIST CURVE: P-256

        X509v3 extensions:

            X509v3 Key Usage: critical

                Digital Signature

            X509v3 Basic Constraints: critical

                CA:FALSE

            X509v3 Authority Key Identifier: 

                keyid:4A:B0:75:8E:52:F6:D0:DE:65:E7:19:A0:11:FE:B3:F9:F9:BD:4F:C8:AC:04:39:58:71:CC:0E:A5:3D:CF:DE:A0


    Signature Algorithm: ecdsa-with-SHA256

         30:44:02:20:67:9d:aa:af:b8:ca:0f:bf:00:ff:2f:ad:6d:a5:

         8b:d8:89:98:25:48:e7:c3:f6:23:f5:da:19:bf:16:5e:f8:fd:

         02:20:24:45:d9:21:1e:d4:a4:f7:0d:92:d6:21:ac:ae:38:b2:

         3a:37:90:80:fe:b9:18:49:a1:d9:13:e8:9b:c9:fe:ef


cacert under orderer's msp:


$ openssl x509 -in crypto-config/ordererOrganizations/example.com/msp/cacerts/ca.example.com-cert.pem -text -noout

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            4d:1d:d8:21:76:34:b7:05:29:fe:d5:88:03:0b:80:1c

    Signature Algorithm: ecdsa-with-SHA256

        Issuer: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com

        Validity

            Not Before: Mar 12 17:03:00 2019 GMT

            Not After : Mar  9 17:03:00 2029 GMT

        Subject: C=US, ST=California, L=San Francisco, O=example.com, CN=ca.example.com

        Subject Public Key Info:

            Public Key Algorithm: id-ecPublicKey

                Public-Key: (256 bit)

                pub: 

                    04:7b:ee:3b:d8:39:d2:0a:99:e2:e2:25:81:60:b6:

                    e5:94:99:52:21:bb:2d:4c:79:e3:14:f7:45:e2:37:

                    ce:21:ad:0e:eb:1c:90:e6:d1:0b:ed:aa:f7:4c:be:

                    15:e1:61:21:e1:2e:5f:4d:da:69:f1:80:e6:08:3f:

                    07:22:eb:13:b9

                ASN1 OID: prime256v1

                NIST CURVE: P-256

        X509v3 extensions:

            X509v3 Key Usage: critical

                Digital Signature, Key Encipherment, Certificate Sign, CRL Sign

            X509v3 Extended Key Usage: 

                Any Extended Key Usage

            X509v3 Basic Constraints: critical

                CA:TRUE

            X509v3 Subject Key Identifier: 

                C7:4D:E3:DA:24:C9:C6:9A:E5:2B:EA:65:06:61:70:97:B8:F6:BB:56:4B:B4:05:80:15:68:D9:D5:60:C8:B9:61

    Signature Algorithm: ecdsa-with-SHA256

         30:45:02:21:00:da:ef:1e:40:74:1b:5a:fd:dc:c5:00:a4:01:

         cc:4b:a0:ac:db:52:db:23:66:58:22:9f:80:73:8f:58:92:c6:

         aa:02:20:3e:38:2a:75:0c:61:11:d2:9b:fe:6d:20:fb:d7:c2:

         bd:a8:de:0c:1d:d0:e5:10:a9:26:e8:86:d0:a2:77:4e:7b


so org1 admin's cert is issued by an authority that is not whitelisted under the orderer msp's cacerts. so how can it pass validation? thanks


Increasing space automatically

Ashish Yadav (AsHu)
 

Hello Everyone, 
I have noticed strange thing that it automatically increasing size, I have setup my fabric network on ubuntu server using docker . Each n every component is running properly and able to comit successful transaction. But i have noticed that it automatically increasing disk size without doing any transaction. I have assigned 250 gb space and it got finished. What may be the case? Plz help me out with this.'

Thanks 
Ashish

Re: Weird behavior: Same connection profile works for submitTransaction--> PutState but doesn't work for evaluateTransaction-->GetState #fabric #fabric-questions

Ankur Goyal
 

Nevermind. The problem was with node js code which was calling the evaluateTransaction method. I missed the await keyword and hence connection was getting closed immediately. Once i added await it works fine. 

Re: Few concerns about Hyperledger Fabric

Nye Liu <nye@...>
 

None of the ledger data is encrypted.

Re: chaincode: PutState works but getState gives no result

Ankur Goyal
 

Dear All, I am able to PutState both using node SDK and new version of fabric-cli with --peerAddresses option. Thanks. 

Weird behavior: Same connection profile works for submitTransaction--> PutState but doesn't work for evaluateTransaction-->GetState #fabric #fabric-questions

Ankur Goyal
 

Hello All, I am using fabric node SDK and below is the definition of my connnectionProfile.yaml 
 
channels:
  # name of the channel
  channel-chain1:
 
    orderers:
     - orderer0.orderer-org1.example.com
 
 
    # Required. list of peers from participating orgs
    peers:
      peer0.org1.example.com:
        endorsingPeer: true
        chaincodeQuery: true
        ledgerQuery: true
        eventSource: true
 
peers:
  peer0.org1.example.com:
url: grpcs://localhost:7051
grpcOptions:
  ssl-target-name-override: peer0.org1.example.com
  request-timeout: 120
tlsCACerts:
  path: crypto-config/peerOrganizations/org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
 
Please excuse the indentation, and I have omitted other definition such as CA, orderer, org etc. 
 
The configuration is working perfectly fine for Create function which calls PutState function of chaincode using 
await contract.submitTransaction('CreateRecord','arg1');
and I can see the record being added in my CouchDB state too. 
 
However, when I am trying to call GetState function of my chaincode using
const retrievedResult =  contract.submitTransaction('RetrieveRecords','arg1');
I am getting the following error: 
2019-03-12T02:54:08.609Z - error: [Remote.js]: Error: The channel has been closed URL:grpcs://localhost:7051
2019-03-12T02:54:08.611Z - warn: [DefaultQueryHandler]: queryChaincode - error response trying new peer: peer0.org1.example.com. Error: Error: The channel has been closed URL:grpcs://localhost:7051
2019-03-12T02:54:08.611Z - error: [DefaultQueryHandler]: queryChaincode - No peers out of a total of 1 were available to query
 
Please let me know why the channel is getting closed and what am I missing here. 
Also, please note the environment is on AWS if that matters. 

Best Regards,
Ankur