Versions Compared

Version Old Version 48 New Version Current
Changes made by

Jeyanthi

Vishwajit Mankar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Image Removed

Tip

Step - by - step guide on how to Install Insights Enterprise - Hyperledger Fabric Network.

Installing Hyperledger Network covers the initial setup procedures including InstallationConfigurations (Hardware, Software, and Network) and various Commands.  Please note that these instructions are only for Linux (Debian & Ubuntu).

Prerequisites

Expand
titleHardware Configuration
Hyperledger Fabric Minimum configuration - Pilot/POCNo. of instances1OSUbuntu 16.04 Xenial (64bit) Storage75 GB (Fabric Network Only)Mem (GiB)8 GBvCPU2Hyperledger Fabric Minimum configuration - ProductionNo. of instances1OSUbuntu 16.04 Xenial (64bit) Storage100 GB (Fabric Network Only)Mem (GiB)16 GBvCPU4
Note
Configuration varies depending on the work load.
Expand
titleSoftware
  • Docker 17.06.2-ce or greater, Docker Compose  1.14.0 or greater , curl
  • Go 1.11.x
  • Python 3.x
  • Node.js Runtime 8.x and NPM 5.x
  • git (git bash to clone the repo)
Refer the link to know the Software component version for latest fabric network



Tip

Step - by - step guide on how to Install Insights Advanced - Hyperledger Fabric Network.

Installing Hyperledger Network covers the initial setup procedures including InstallationConfigurations (Hardware, Software, and Network) and various Commands.  Please note that these instructions are only for Linux (RHEL 7).

Prerequisites

Expand
titleHardware Configuration



Hyperledger Fabric Minimum configuration - Pilot/POC
No. of instances1
OSUbuntu 16.04 Xenial (64bit) 
Storage75 GB (Fabric Network Only)
Mem (GiB)8 GB
vCPU2



Hyperledger Fabric Minimum configuration - Production
No. of instances1
OSUbuntu 16.04 Xenial (64bit) 
Storage100 GB (Fabric Network Only)
Mem (GiB)16 GB
vCPU4


Note
Configuration varies depending on the work load.



Expand
titleSoftware
  • Docker version 18.03 or later, Docker Compose  1.14.0 or greater (If not, we recommend that you install a more recent version of Docker) , curl
  • Python 3.x
  • Node.js Runtime 8.x(8.12.0) and NPM 6.x(6.3.0) - For chaincode
  • git (git bash to clone the repo)
  • wget

Refer the link to know the Software component version for latest fabric network: https://hyperledger-fabric.readthedocs.io/en/latest/prereqs.html

Fabric Version Specific. Change the version in the URL for other versions: https://hyperledger-fabric.readthedocs.io/en/release-1.4/prereqs.html

Docker, Docker Compose and curl

On RHEL/CentOS7:

Docker - https://docs.docker.com/engine/install/centos/

  • yum update

  • yum install yum-utils

  • yum-config-manager --enable rhel-7-server-rhui-extras-rpms 
  • yum install docker
  • Ensure that docker daemon is running with an option -H unix:///var/run/docker.sock  . If not, open the file(vi), add it as shown below and save(:wq). Ensure, only one ExecStart is available in the file. 

          vi /lib/systemd/system/docker.service

          ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H unix:///var/run/docker.sock

          :wq

  • Provide permission "chmod 666 /var/run/docker.sock"
  • systemctl start docker
  • systemctl status docker
  • systemctl enable docker (start docker at system boot)
  • Add your user to the docker group.
  • groupadd docker (Do this if not present)
    usermod -a -G docker <username>

                     Example: usermod -aG docker ec2-user

  1. For RHUI 3 repo ID(rhel-7-server-rhui-extras-rpms ) to configure yum-config-manager, please visit - https://access.redhat.com/articles/4599971

  2. For docker commands please visit -  https://docs.docker.com/edge/engine/reference/commandline/docker/

Docker Compose

  1. Install docker compose specific version. Any existing installation of Docker is replaced.           
    1. Specific version of docker-compose installation. Refer current release of docker compose in https://docs.docker.com/compose/install/
    2. For example "docker-compose v1.26.2": 

      sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/bin/docker-compose

      sudo chmod +x /usr/bin/docker-compose

      docker-compose --version

      systemctl status docke

Reference: https://docs.docker.com/install/linux/docker-ce/ubuntu/

cURL

Download the latest version of cURL (curl) tool if it is not installed - https://curl.haxx.se/download.html

GO

  1. Download the archive: wget https://dl.google.com/go/go1.11.10.linux-amd64.tar.gz
  2. Extract it into /usr/local, creating a Go tree in /usr/local/go
  3. tar -C /usr/local -xzf go1.11.10.linux-amd64.tar.gz
  4. Add /usr/local/go/bin to the PATH environment variable. You can do this by adding this line to your /etc/profile (for a system-wide installation) or $HOME/.bashprofile:                  export PATH=$PATH:/usr/local/go/bin
    Reference - Section Linux :https://golang.org/doc/install#install

Python

As of Ubuntu 16.04 LTS (xenial),  both python 2 and python3 by default. Recommended to use python3. Check and then install if required.

  1. apt-get install python3.5
  2. apt-get install python3-pip

set alias to respectiive python version in ~/.bashrc to avoid error while installing the module.

alias pip=pip3

alias python=python3.5

(OR)

update-alternatives --install /usr/bin/python python /usr/bin/python3.5 10

Reference: https://wiki.ubuntu.com/Python

Node.js Runtime and NPM
The recommended versions for node and npm are Node 8.x.x and npm5.x.x. If you are getting lower versions using apt-get install, remove existing node setup from your machine and then run the following:

curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
yum install nodejs

Git

As Of RHEL/CentOS7, git is available by default. Check and then install if required.

  1. yum update
  2. yum install git

wget

       yum install wget




Expand
titleEnvironment variable INSIGHTS_HOME

Environment variable INSIGHTS_HOME and $INSIGHTS_HOME/.InSights/server-config.json

  • Windows: Server 2 - SetEnvVariables.bat
  • Linux: insights_first.sh

Refer here for installation steps if required.


Expand
titleRecommended Network Ports

Following port must be opened to access the fabric network from fabric sdk.

Source : fabric sdk instance where our Insights is running

Destination: fabric network installed instance - hyperledger network

Example Ports: You can change these ports based on availability and configuration in fabric network. Then, enable connectivity to those ports.

  • orderer - 7050 
  • peer0.org1 - 7051
  • peer1.org1 - 8051
  • peer0.org2 - 9051
  • peer1.org2 - 10051
  • ca.org1 - 7054
  • ca.org2 - 8054


Expand
titleUseful Docker Commands

List active container: docker ps

List active/exited container: docker ps -a

List docker images: docker images

Check container logs: docker logs <container-id>

Connect to Container: docker exec -it <container-id> bash

Remove docker container: docker rmi -f <contianer-id>

Remove docker images: docker rmi -f <image-name/id>

Reference: https://docs.docker.com/engine/reference/commandline/docker/

Hyperledger Fabric - Installation and Configuration
Expand
titleNetwork: Raft Ordering Service: fabric_version: 2.2.0 fabric-ca_version 1.4.8, deploy Chaincode

Make sure you've done all the Prerequisites. Raft Ordering Service introduced in 1.4.1 (Reference: https://hyperledger-fabric.readthedocs.io/en/latest//whatsnew.html)

Ensure docker images are pulled as per raft supported version ( https://github.com/hyperledger/fabric/releases )

Network Architecture

  • 5 Orderers
  • 2 Organizations
  • 4 peers, 2 for each organization
  • 4 couchdb, one for each peer
  • 2 certificate authority(CA), one for each organization

Setup the Network

  1. Login as non-root user "ec2-user". Navigate to your home directory or any convenient directory and create directory hyperledger:

  2. cd /home/ec2-user/

    mkdir hyperledger

    cd /home/ec2-user/hyperledger/


  3. Refer for more detailed steps with sampleshttps://hyperledger-fabric.readthedocs.io/en/latest/

prereqs

  1. install.html

Fabric Version Specific. Change the version in the URL for other versions: 

  1. ?highlight=https%3A%2F%2Fbit.ly%2F2ysbOFE#install-samples-binaries-and-docker-images Followed the steps and created tar ball (insights-fabric-network.tar.gz) with required binaries and docker images.

    wget https://

hyperledger-fabric

  1. infra.

readthedocs.io/en/release-1.4/prereqs.html

Docker, Docker Compose and curl

  1. apt-get update
  2. apt-get install apt-transport-https ca-certificates curl software-properties-common
  3. curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
  4. add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"
  5. apt-get update
  6. apt-get install docker.io
  7. Install the latest version of Docker CE using "apt-get install docker-ce" , or go to the next step (7.a / 7.b) to install a specific version. Any existing installation of Docker is replaced.           
    1. Specific version of docker-compose installation. Refer current release of docker compose in https://docs.docker.com/compose/install/
    2. For example "docker-compose v1.23.1": 

      sudo curl -L "https://github.com/docker/compose/releases/download/1.23.1/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

      sudo chmod +x /usr/local/bin/docker-compose

      docker-compose --version

  8. systemctl status docker

Reference: https://docs.docker.com/install/linux/docker-ce/ubuntu/

GO

  1. Download the archive: wget https://dl.google.com/go/go1.11.10.linux-amd64.tar.gz
  2. Extract it into /usr/local, creating a Go tree in /usr/local/go
  3. tar -C /usr/local -xzf go1.11.10.linux-amd64.tar.gz
  4. Add /usr/local/go/bin to the PATH environment variable. You can do this by adding this line to your /etc/profile (for a system-wide installation) or $HOME/.bashprofile:                  export PATH=$PATH:/usr/local/go/bin
    Reference - Section Linux :https://golang.org/doc/install#install

Python

As of Ubuntu 16.04 LTS (xenial),  both python 2 and python3 by default. Recommended to use python3. Check and then install if required.

  1. apt-get install python3.5
  2. apt-get install python3-pip

set alias to respectiive python version in ~/.bashrc to avoid error while installing the module.

alias pip=pip3

alias python=python3.5

(OR)

update-alternatives --install /usr/bin/python python /usr/bin/python3.5 10

Reference: https://wiki.ubuntu.com/Python

Node.js Runtime and NPM
The recommended versions for node and npm are Node 8.x.x and npm5.x.x. If you are getting lower versions using apt-get install, remove existing node setup from your machine and then run the following:

curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
apt-get install nodejs

Git

As Of Ubuntu, git is available by default. Check and then install if required.

  1. apt-get update
  2. apt-get install git

                                 

Expand
titleRecommended Network Ports

Following port must be opened to access the fabric network from fabric sdk.

Source : fabric sdk instance

Destination: fabric network installed instance

Example Ports: You can change these ports based on availability and configuration in fabric network. Then, enable connectivity to those ports.

  • Orderer - 7050 
  • Peer0.Org1 - 7051
  • EventHub : 7053
  • ca.org1 : 7054

Please browse through the below sections to setup specific Fabric Network

Make sure you've done all the Prerequisites 

Network Architecture

  • 1 Orderer
  • 1 Organization
  • 3 peers
  • 3 couchdb for each peer
  • 1 ca
  • 1 cli (Optional)

Setup the Network

  • Set the GOPATH. You can do this by adding this line to your /etc/environment (for a system-wide installation) or $HOME/.bashprofile : export GOPATH=/usr/local/go. Source if you set this in the same linux sesison then, source /etc/environment (OR)  source $HOME/.bashprofile
  • git clone of Solo Orderer Network:    git clone -b SoloOrdererNetwork https://github.com/TheCognizantFoundry/Insights.git
  • cd hyperledger-fabric-basic-network

    • Configuration: Values like DOMAIN, CHANNEL_NAME, FABRIC_VERSION, TIME_ZONE,etc ... can be modified in .env file based on your requirement.

    Panel
    titleTypes of Hyperledger Fabric Network

    Different types of hyperledger fabric network

    Expand
    titleSOLO Orderer
    Code Block
    languageapplescript
    themeEmacs
    title.env
    FABRIC_VERSION=<hyperledger_fabric_version>
COMPOSE_PROJECT_NAME=<your_project_name>
DOMAIN=<your_company.com>
CHANNEL_NAME=<channelname>
CHANNEL_FILE_NAME=<channel_transaction_filename.tx>
GENESIS_FILE_NAME=<genesis_filename.block>
CHANNEL_ARTIFACTS_PATH=<folder_path_for_storing_artifacts>
CA_USER_ENROLLMENT=<admin_username_to_be_enrolled>
CA_ENROLLMENT_SECRET=<admin_password>
TIME_ZONE=<Continent/City>
  • Provide executable permissions to sh files:  chmod +x *.sh
  • Start network for the first time. 

    network.sh - Generate the crypto-material, start/stop/restart the network.

    ./network.sh -m download

    ./network.sh -m up

  • Start for the first time:

  • Start/Stop the Network :

     ./network.sh -m start./network.sh -m stop

  • Recreate the containers without losing the data.

     ./network.sh -m recreate

  • Clean and Remove the Network.

     ./network.sh -m down

  • Verify if all the docker containers are running

    docker ps
  • ./network.sh itself will create and join the channel for Anchor peer - peer0.   

      Optional Step for information: Create and Join channel in Anchor peer - peer0.org1 :

      Get into peer0.org1 container: docker exec -it peer0.org1.<DOMAIN> bash

      Create: peer channel create -o orderer.<DOMAIN>:7050 -c mychannel -f /var/hyperledger/configs/channel.tx

      Join: peer channel join -o orderer.<DOMAIN> -b mychannel.block
    • Fetch the block and join channel in other peers: 

    Get into peer0.org1 container: docker exec -it peer0.org1.<DOMAIN> bash

    Fetch block: peer channel fetch 0 mychannel.block --channelID mychannel --orderer orderer.<DOMAIN>:7050

    Join channel: peer channel join -o orderer.<DOMAIN> -b mychannel.block

    Install,Instantiate the chaincode in Anchor peer - peer0. Get into respective peer containers and use the below install command to install chaincode in other peers.

      Get into peer0.org1 container: docker exec -it peer0.org1.<DOMAIN> bash

      Install: peer chaincode install -n insightsAuditing -p /chaincode/src/nodejs -l node -v 1.0

    If your network is in dev mode (To find the mode of your network, go to docker-compose-base/docker-compose-base.yaml and search for "peer node". If the command used is "peer node start --peer-chaincodedev=true" then you are in dev mode

  • Go into cli container: docker exec -it cli bash

    • Execute the following command to run the chaincode in dev mode (Ensure the chaincode name and peer0 port is correct) :

    Code Block
    CORE_CHAINCODE_ID_NAME="insightsAuditing:1.0" node --inspect tool_chaincode.js --peer.address grpc://peer0.org1.<DOMAIN>:7052
  • Get into peer0.org1 container: docker exec -it peer0.org1.<DOMAIN> bash and execute the following command:

    • Instantiate: peer chaincode instantiate -n insightsAuditing -v 1.0 -c '{"Args":["init"]}' -C mychannel

    b. If your network is in prod mode (To find the mode of your network, go to docker-compose-base/docker-compose-base.yaml and search for "peer node". If the command used is "peer node start" then you are in prod mode)

    Instantiate: peer chaincode instantiate -n insightsAuditing -v 1.0 -c '{"Args":["init"]}' -C mychannel

    15. Get into ca container. Create user to connect from fabric sdk by using admin. Fabric sdk network connection requires the user's cert details to get connected to the fabric network.

    docker exec -it ca.org1.<DOMAIN> bash

    fabric-ca-client enroll -u http://Admin:<password>@localhost:7054

    fabric-ca-client register -u "http://localhost:7054" --id.name "newusername" --id.secret "password" --id.type "client" --id.affiliation "org1.department1"

    fabric-ca-client enroll -u "http://newusername:password@localhost:7054"

    16. Test the Chaincode. Either insert record manually or let the data gets inserted via PlatformAuditEngine. Then, query as shown below. Modify ASSET-ID with your Asset ID value.

      Query: peer chaincode query -n insightsAuditing -c '{"Args":["GetAssetDetails","ASSET-ID"]}' -C mychannel

    Expand
    titleKafka Fabric Network

    Make sure you've done all the Prerequisites 

    Network Architecture

    • 3 Orderers
    • 2 Organizations
    • 4 peers, 2 for each organization
    • 4 couchdb for each peer
    • 2 ca, 1 for each organization
    • 4 Kafka broker instances
    • 3 Zookeper instances
    • 1 cli (Optional)

    Setup the Network

  • Set the GOPATH. You can do this by adding this line to your /etc/environment (for a system-wide installation) or $HOME/.bashprofile : export GOPATH=/opt/gopath Source if you set this in the same linux sesison then, source /etc/environment (OR)  source $HOME/.bashprofile
    • Keep the hyperledger fabric source under GOPATH. cd $GOPATH/src/github.com/ mkdir hyperledger cd hyperledger git clone https://github.com/hyperledger/fabric.git
  • git clone of Kafka Fabric Network:   git clone -b KafkaFabricNetwork https://github.com/TheCognizantFoundry/Insights.git
  • cd Hyperledger_fabric_kafka

    • Configuration: Values like DOMAIN, CORE_PEER configs,etc ... can be modified in .env file based on your requirement.

    Code Block
    languagebash
    themeEmacs
    title.env
    COMPOSE_PROJECT_NAME=<name_of_your_network>
CONFIGTX_ORDERER_BATCHSIZE_MAXMESSAGECOUNT=10
CONFIGTX_ORDERER_BATCHTIMEOUT=2s
KAFKA_DEFAULT_REPLICATION_FACTOR=3
CORE_LOGGING_GOSSIP=WARNING
ORDERER_GENERAL_TLS_ENABLED=false
ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/tls/server.key
ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/tls/server.crt
ORDERER_TLS_CLIENTAUTHREQUIRED=false
CORE_PEER_TLS_ENABLED=false
CORE_PEER_TLS_CERT_FILE=/var/hyperledger/tls/server.crt
CORE_PEER_TLS_KEY_FILE=/var/hyperledger/tls/server.key
CORE_PEER_TLS_CLIENTAUTHREQUIRED=false
CORE_PEER_GOSSIP_ORGLEADER_PEER0_ORG1=false
CORE_PEER_GOSSIP_USELEADERELECTION_PEER0_ORG1=true
CORE_PEER_GOSSIP_ORGLEADER_PEER0_ORG2=false
CORE_PEER_GOSSIP_USELEADERELECTION_PEER0_ORG2=true
CORE_PEER_GOSSIP_ORGLEADER_PEER0_ORG3=false
CORE_PEER_GOSSIP_USELEADERELECTION_PEER0_ORG3=true
CORE_PEER_GOSSIP_ORGLEADER_PEER1_ORG1=false
CORE_PEER_GOSSIP_USELEADERELECTION_PEER1_ORG1=true
CORE_PEER_GOSSIP_ORGLEADER_PEER1_ORG2=false
CORE_PEER_GOSSIP_USELEADERELECTION_PEER1_ORG2=true
CORE_PEER_GOSSIP_ORGLEADER_PEER1_ORG3=false
CORE_PEER_GOSSIP_USELEADERELECTION_PEER1_ORG3=true
ORDERER_ABSOLUTEMAXBYTES=10 MB
ORDERER_PREFERREDMAXBYTES=512 KB
KAFKA_MESSAGE_MAX_BYTES=1000012 B
KAFKA_REPLICA_FETCH_MAX_BYTES=1048576 B
KAFKA_REPLICA_FETCH_RESPONSE_MAX_BYTES=10485760 B
CORE_PEER_NETWORKID=net
DOMAIN=<your_company_domain>
FABRIC_CA_SERVER_TLS_ENABLED=false
  • chmod 777 *.sh
  • Generate the crypto-material. Input arguments to generate.sh are channelname and domain name : 

    ./generate.sh <channelname> <DOMAIN>

    For Example: ./generate.sh mychannel cogdevops.com

  • Start/Restart the Network :

    ./start.sh

  • Verify if all the docker containers are running

    docker ps
    • Create and Join channel in Anchor peer - peer0.org1:  

      Get into peer0.org1 container: docker exec -it peer0.org1.<DOMAIN> bash

      Create: peer channel create -o orderer0.<DOMAIN>:7050 -c mychannel -f /var/hyperledger/configs/channel.tx

      Join channel: peer channel join -o orderer0.<DOMAIN> -b mychannel.blockFetch the block and join channel in other peers: 

    Get into peer0.org1 container: docker exec -it peer0.org1.<DOMAIN> bash

    Fetch block: peer channel fetch 0 mychannel.block --channelID mychannel --orderer orderer0.<DOMAIN>:7050

    Join: peer channel join -o orderer0.<DOMAIN> -b mychannel.block

  • Install,Instantiate the chaincode in Anchor peer - peer0. Get into respective peer containers and use the below install command to install chaincode in other peers.

      Get into peer0.org1 container: docker exec -it peer0.org1.<DOMAIN> bash

      Install: peer chaincode install -n insightsAuditing -p /chaincode/src/nodejs -l node -v 1.0

      Instantiate: peer chaincode instantiate -n insightsAuditing -v 1.0 -c '{"Args":["init"]}' -C mychannel

  • Get into ca container. Create user to connect from fabric sdk by using admin. Fabric sdk network connection requires the user's cert details to get connected to the fabric network.

    docker exec -it ca.org1.<DOMAIN> bash

    fabric-ca-client enroll -u http://Admin:<password>@localhost:7054

    fabric-ca-client register -u "http://localhost:7054" --id.name "newusername" --id.secret "password" --id.type "client" --id.affiliation "org1.department1"

    fabric-ca-client enroll -u "http://newusername:password@localhost:7054"

  • Test the Chaincode. Either insert record manually or let the data gets inserted via PlatformAuditEngine. Then, query as shown below. Modify ASSET-ID with your Asset ID value.

      Query: peer chaincode query -n insightsAuditing -c '{"Args":["GetAssetDetails","ASSET-ID"]}' -C mychannel

    • Expand
    titleRaft (etcd/raft) Fabric Network

    Make sure you've done all the Prerequisites 

    Network Architecture

    • 5 Orderers
    • 2 Organizations
    • 4 peers, 2 for each organization
    • 4 couchdb, one for each peer
    • 2 certificate authority(CA), one for each organization
    • 1 cli (Optional)

    Setup the Network

  • Set the GOPATH. You can do this by adding this line to your /etc/environment (for a system-wide installation) or $HOME/.bashprofile : export GOPATH=/usr/local/go. Source if you set this in the same linux sesison then, source /etc/environment (OR)  source $HOME/.bashprofile

    • Keep the hyperledger fabric source under GOPATH with the steps mentioned below:

    No Format
    cd $GOPATH/src/github.com/
mkdir hyperledger
cd hyperledger
git clone https://github.com/hyperledger/fabric.git

    Navigate to your home directory or any convenient directory and clone the Hyperledger_Raft branch from our repo:   

    Code Block
    languagebash
    git clone -b Hyperledger_Raft https://github.com/TheCognizantFoundry/Insights.git
  • Navigate into the raft-with-ca folder: cd Insights/raft-with-ca

  • Give permissions to all the executables and shell files which will easily bring up/down the network:
    chmod 777 *.sh
    chmod -R 755 bin

  • Generate the crypto-material. Input arguments to generate.sh are channelname and domain name : 

    ./generate.sh <channelname> <DOMAIN>

    For Example: ./generate.sh mychannel cogdevops.com

    • Edit the values(DOMAIN, CA_ORG*_KEYFILE etc.) inside the .env file. Refer the list below to know more about the variables of .env:

    Code Block
    languagebash
    themeEmacs
    title.env
    COMPOSE_PROJECT_NAME=<name_of_your_network>
IMAGE_TAG=<docker_image_tag_to_be_used_for_spawning_containers>
DOMAIN=<yourCompany_domain_name>
ORDERER_GENERAL_TLS_ENABLED=true
CORE_PEER_TLS_ENABLED=true
FABRIC_CA_SERVER_TLS_ENABLED=true
ORDERER_TLS_CLIENTAUTHREQUIRED=true
CA_ORG1_KEYFILE=<name of the keyfile residing inside crypto-config/peerOrganizations/org1.cogdevops.com/ca/>
CA_ORG2_KEYFILE=<name of the keyfile residing inside crypto-config/peerOrganizations/org2.cogdevops.com/ca/>
    Warning
  • The tls variables must be set to true as Hyperledger-fabric Raft mandates enabling TLS for better security in network communication. Failing to do so will result in crashing of the orderers.

    • Some of the fields are pre-populated with default values. you may change the values as per requirement. The IMAGE_TAG must be > 1.4.1 or latest to have raft setup.

    Start the Network :

    ./start.sh <channelname> <DOMAIN>

    Note

    You must use the same  channelname and DOMAIN which you used in step 6.

    If you want to learn more about how the network is setup, then do not execute the start.sh. In stead, run the below commands manually from your terminal:

    Code Block
    languageapplescript
    titleLearn more about the steps performed inside start.sh
    collapsetrue
    #Replace $CHANNEL_NAME and $DOMAIN with your channelname and domain respectively.
#setup the network
docker-compose -f docker-compose-cli.yaml -f docker-compose-couch.yaml -f docker-compose-etcdraft2.yaml up -d
sleep 15
#create the channel
docker exec -it peer0.org1.$DOMAIN peer channel create -o orderer.$DOMAIN:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem

#join org1 anchor peer peer0.org1
docker exec -it peer0.org1.$DOMAIN peer channel join -b $CHANNEL_NAME.block
#join org2 anchor peer0.org2
docker exec -it peer0.org2.$DOMAIN peer channel fetch 0 $CHANNEL_NAME.block -c $CHANNEL_NAME -o orderer.$DOMAIN:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem
docker exec -it peer0.org2.$DOMAIN peer channel join -b $CHANNEL_NAME.block

#join org1 & org2
docker exec -it peer0.org1.$DOMAIN peer channel update -o orderer.$DOMAIN:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem
docker exec -it peer0.org2.$DOMAIN peer channel update -o orderer.$DOMAIN:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org2MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem

#join the other peers to the channel
docker exec -it peer1.org1.$DOMAIN peer channel fetch 0 $CHANNEL_NAME.block -c $CHANNEL_NAME -o orderer.$DOMAIN:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem
docker exec -it peer1.org1.$DOMAIN peer channel join -b $CHANNEL_NAME.block

docker exec -it peer1.org2.$DOMAIN peer channel fetch 0 $CHANNEL_NAME.block -c $CHANNEL_NAME -o orderer.$DOMAIN:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem
docker exec -it peer1.org2.$DOMAIN peer channel join -b $CHANNEL_NAME.block

#install the chaincode into the anchor peers
docker exec -it peer0.org1.$DOMAIN peer chaincode install -n insightsAudit -v 1.0 -l node -p /chaincode/src/nodejs/
docker exec -it peer0.org2.$DOMAIN peer chaincode install -n insightsAudit -v 1.0 -l node -p /chaincode/src/nodejs/

#install into the other peers
docker exec -it peer1.org1.$DOMAIN peer chaincode install -n insightsAudit -v 1.0 -l node -p /chaincode/src/nodejs/
docker exec -it peer1.org2.$DOMAIN peer chaincode install -n insightsAudit -v 1.0 -l node -p /chaincode/src/nodejs/

#instantiate the chaincode inside one of the anchor (here we are doing for peer0.org1)
docker exec -it peer0.org1.$DOMAIN peer chaincode instantiate -o orderer.$DOMAIN:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem -C $CHANNEL_NAME -n insightsAudit -l node -v 1.0 -c '{"Args":["Init"]}'

  • Verify if all the docker containers are running:

    docker ps -a

    Info

    You will notice some extra containers running other than the ones mentioned in the network architecture with names like this: dev-peer0.org1.cogdevops.com-insightsAudit-1.0. It is an expected behaviour for the fabric-network. These containers will get spawned whenever chaincode is instantiated in a peer. Since the start.sh script will instantiate the chaincode inside peer0 by default, therefore this container will get spawned.

    At this point your raft setup is complete. Steps mentioned hereafter are for registration and enrollment of a user to be used with SDK.

  • Login into the CA container: docker exec -it ca.org1.<DOMAIN> bash
  • Run the following inside the container:
    • Enroll the admin: fabric-ca-client enroll -u https://Admin:adminpw@localhost:7054 --tls.certfiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.<DOMAIN>/ca/ca.org1.<DOMAIN>-cert.pem
    • Now register a new user: fabric-ca-client register -u https://localhost:7054 --id.name "newusername" --id.secret "password" --id.type "client" --id.affiliation "org1.department1" --tls.certfiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.<DOMAIN>/ca/ca.org1.<DOMAIN>-cert.pem
    • Verify the registration by listing the available users: fabric-ca-client identity list -u https://localhost:7054 --tls.certfiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.<DOMAIN>/ca/ca.org1.<DOMAIN>-cert.pem

    You should see the new user inside this list if registration is successful.

         12. Test the Chaincode. Either insert record manually or let the data gets inserted via PlatformAuditEngine. Then run the below query inside any of the peers.             Modify assetID with your Asset ID value and channelname should be the same one used in step 8.

            Query: peer chaincode query -n insightsAuditing -c '{"Args":["GetAssetDetails","<assetID>"]}' -C <channelname>

    1. cogdevops.com:8443/repository/docroot/insights_install/installationScripts/latest/RHEL/hyperledger/insights-fabric-network.tar.gz


    2. untar the file insights-fabric-network.tar.gz .   

      cd /home/ec2-user/hyperledger

      tar -zxvf insights-fabric-network.tar.gz

      cd /home/ec2-user/hyperledger/insights-fabric-network

         
    3. Following directories (bin , config , insights-network) are available to start the network.

    4. Give permissions to all the executable and shell files which will easily bring up/down the network:
      chmod 777 *.sh
      chmod -R 755 bin

    5. Get into the directory insights-network : cd /home/ec2-user/hyperledger/insights-fabric-network/insights-network

    6. Required configurations and scripts are already updated for the DOMAIN - cogdevops.com .   

      Info
      titleReferences - Hyperledger Config Files

      configtx.yaml - https://hyperledger-fabric.readthedocs.io/en/latest/create_channel/create_channel_config.html#using-configtx-yaml-to-build-a-channel-configuration

      Architecture - https://hyperledger-fabric.readthedocs.io/en/latest/architecture.html

      /home/ec2-user/hyperledger/insights-fabric-network/insights-network/.env

      Code Block
      languagebash
      themeEmacs
      title.env
      COMPOSE_PROJECT_NAME=hyperledger
IMAGE_TAG=latest
SYS_CHANNEL=system-channel
DOMAIN=<yourdomain>


    7. Start the network by  using the following command. Specify the fabric version, fabric-ca version and couch db as state database : 


      Code Block
      languagebash
      themeEmacs
      titleStart fabric network
      cd /home/ec2-user/hyperledger/insights-fabric-network/insights-network
./network.sh up -ca -s couchdb -i 2.2.0 -cai 1.4.8

      network.sh internally calls the required scripts to perform the following actions: TLS Enabled, required certs, register and enroll users (fabric-ca) - both admin and other users;- these details required to connect from Java sdk while connecting network , pull necessary docker images and start the containers. 

              Verify if all the docker containers are running:

              docker ps -a


    2. Create channel. Following script will create channel , join and update for all peers.                                                                                                                                                            

      Code Block
      languagebash
      themeEmacs
      titleCreate Channel
      cd /home/ec2-user/hyperledger/insights-fabric-network/insights-network
./network.sh createChannel -c insightschannel


      Info
      titleHint:

      Change permission/ownership to non-root user for the directory channel-artifacts if you face any issues in channel creation due to permissions restricted by root user.


    3. Copy (Specify github location for chaincode) the chaincode/contract to the directory /home/ec2-user/hyperledger/insights-fabric-network/insights-network. Directory structure after chaincode copy is : /home/ec2-user/hyperledger/insights-fabric-network/insights-network/chaincode/src/nodejs

    4. Deploy Smart Contract (Chaincode): Run the following command to deploy the smart contract/chaincode. 

      Code Block
      languagebash
      themeEmacs
      titleDeploy Smart Contract (Chaincode)
      cd /home/ec2-user/hyperledger/insights-fabric-network/insights-network
./network.sh deployCC -ccn insightsaudit -ccp ./chaincode/src/nodejs/ -ccv 1 -ccl javascript

      Note: ccl parameter can either javascript or typescript. Both will refer to CC_RUNTIME_LANGUAGE=node inside scripts/deployCC.sh file

      Info

      You will notice some extra containers running other than the ones mentioned in the network architecture with names like this: dev-peer0.org1.<yourdomain>-insightsaudit_1-xxxxxxxxxxxxxxxx , dev-peer1.org1.<yourdomain>-insightsaudit_1-xxxxxxxxxxxxxxxx, dev-peer0.org2.<yourdomain>-insightsaudit_1-xxxxxxxxxxxxxxxx , dev-peer1.org2.<yourdomain>-insightsaudit_1-xxxxxxxxxxxxxxxx . It is an expected behavior for the fabric-network. These containers will get spawned whenever chaincode is instantiated(deployed) in a peer. 


    5. Set the environments in host machine where you have deployed your network(Don't to get into any peer container). to operate via Org1 or Org2. 

      Info
      titleImportant Note

      Set either ORG1 or ORG2 in one terminal. Open 2 terminal window then set ORG1 in first terminal and Org2 in second terminal. If you attempt to set continuously then latest one will override all the previous ones.


      Code Block
      languagebash
      themeEmacs
      titleORG1 admin
      export PATH=${PWD}/../bin:${PWD}:$PATH

export FABRIC_CFG_PATH=$PWD/../config/

export CORE_PEER_TLS_ENABLED=true

export CORE_PEER_LOCALMSPID="Org1MSP"

export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.<yourdomain>/peers/peer0.org1.<yourdomain>/tls/ca.crt

export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.<yourdomain>/users/Admin@org1.<yourdomain>/msp

export CORE_PEER_ADDRESS=localhost:7051



      Code Block
      languagebash
      themeEmacs
      titleORG2 admin
      export PATH=${PWD}/../bin:${PWD}:$PATH

export FABRIC_CFG_PATH=$PWD/../config/

export CORE_PEER_LOCALMSPID="Org2MSP"

export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org2.<yourdomain>/peers/peer0.org2.<yourdomain>/tls/ca.crt

export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.<yourdomain>/users/Admin@org2.<yourdomain>/msp

export CORE_PEER_ADDRESS=localhost:9051


      Info
      titleNote

      Latest fabric version has feature to execute peer lifecycle commands in host machine itself by setting respective org env variables as specified above.


    6. Sanity testing. Test the Chaincode. Either insert record manually or let the data gets inserted via PlatformEngine with digitalSignature validation. Use the following command to verify network and smart contract functionality are deployed successfully or not.

      Before executing the below command in host machine. You must have either ORG1 admin env variables or ORG2 admin env variables set in the terminal.

      Manual insertion and read:

      Code Block
      languagebash
      titleInstantiate(write) to Smart Contract insightsaudit
      peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer0.<yourdomain> -C insightschannel -n insightsaudit --tls --cafile ${PWD}/organizations/ordererOrganizations/<yourdomain>/orderers/orderer0.<yourdomain>/msp/tlscacerts/tlsca.<yourdomain>-cert.pem --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.<yourdomain>/peers/peer0.org1.<yourdomain>/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.<yourdomain>/peers/peer0.org2.<yourdomain>/tls/ca.crt -c '{"Args":["Instantiate","{\"almAssetID\":\"IN-1\",\"property\":\"ALM\",\"phase\":\"Plan\",\"toolName\":\"JIRA\",\"toolstatus\":\"Done\",\"priority\":\"Medium\",\"sprintNames\":[\"IN Sprint 1\"],\"issueType\":\"Story\",\"attachments\":\"https://<jirahostnameurl>/secure/attachment/10017/test.txt\",\"projectName\":\"InsightsAuditing Testing\",\"createdTime\": 1557741850.0,\"issueAPI\": \"https://bcdevops.atlassian.net/rest/api/2/issue/10013\",\"timestamp\":1557751850.0,\"date\":\"2019-05-13\",\"uplink\":\"null\",\"downlink\":{\"jiraKeys\":\"IN-1\"}}"]}'


      Code Block
      languagebash
      titleRead from Smart Contract - insightsaudit
      peer chaincode query -n insightsaudit -c '{"Args":["GetAssetDetails","IN-1"]}' -C insightschannel




    Expand
    titleSDK: Hyperledger Java SDK to connect hyperledger fabric network

    Prerequisites:

    1. Fabric network must be running and with smart contract/chaincode deployed into it, to establish the fabric network connection from fabric Java sdk.
    2. Required network ports must be opened (Refer: "Recommended Network Ports" section in this page)

    Configuration Steps:

    • Download connections-tls.json from Nexus3 docroot repo and keep it inside the instance where our Insights application is running. Path: $INSIGHTS_HOME/.InSights/connections-tls.json
    • Keep the required certs inside the path $INSIGHTS_HOME/.InSights/BlockChainCerts/etcdraft-certs. Certs generated while creating fabric network.
    • Update the path of the json and certs locations in connections-tls.json.  
    • Replace <yourdomain> by your actual domain name. (For example: orderer0.example.com)
    • Update enrollSecret value which is password for ca-org1 and ca-org2.
    • Finally, keep this updated connections-tls.json inside the path  INSIGHTS_HOME. Parallel to server-config.json
    • Download other config files datamodel.json and Process.json used for logic construction. Keep these files inside the path INSIGHTS_HOME. Parallel to server-config.json
    Config filesExplanation
    datamodel.json

    datamodelDescription

    Process.json

    ProcessDescription

    • Set flag as true for AuditEngine in "server-config.json" as mentioned below:
    Info

    "enableAuditEngine":true,

    }

    • Set flag as true for "showAuditReporting" in uiConfig.json (Path: TOMCAT/webapps/app/config/uiConfig.json) as mentioned below to enable the "Audit Reporting" in UI.
    Info

    "showAuditReporting": true,

    }

    • Restart Tomcat service for the changes to be refreshed in Insights application.
    • Restart PlatformEngine for the engine to include audit/hyperledger functionalities.


    Expand
    titledigitalSignature

    Prerequisites:

    1. Following value must be configured "enableAuditEngine":true in server-config.json

    Configure digitalSignature:

    • The hash value of each node is encrypted using the public key at agent(python) side and decrypted using private key at the platformengine(java) side.
    • BaseAgent has digitalSignature encryption function invoked from publishToolsData and tool agents(Example: JenkinsAgent3.py) will invoke publishToolsData with third parameter auditing as True. Default publishToolsData without sending this parameter will perform the usual publish data to MQ without digitalSignature. 
    • Public/Private keys are generated using the same RSA algorithm by executing a simple python script GenerateKeys.py where Insights is installed and INSIGHTS_HOME is set in environment. This is a one time execution.
    • Public/Private keys are placed inside */$INSIGHTS_HOME/.InSights/BlockChainCerts/* folder by the python script mentioned in previous point.
    • Each agent config.json contains an additional property called "publicKeyPath"  containing the path of the public key ($INSIGHTS_HOME/.InSights/BlockChainCerts/public_key.pem) used for encryption.
    • The connections-tls.json contains an additional variable called "ENGINE_PRIVATE_KEY" containing the path of the private key ($INSIGHTS_HOME/.InSights/BlockChainCerts/private_key.pem) used for decryption.
    • If a node doesn't contain digitalSignature, PlatformEngine will reject it and inform the corresponding uuid in console output.

    The tool agents(written in python) will perform the following:

    1. Calculates the hash from all the property values of each node
    2. Encrypts the hash using *RSA* algorithm with MGF1 padding
    3. Adds the encrypted hash as "digitalSignature" field to respective nodes and push to Neo4j.

    PlatformEngine with Audit enabled does the following:

    1. PlatformEngine will consume the nodes from Neo4j. Decrypt digitalSignature of each node and obtain the hash value of the corresponding node
    2. Re-calculate the hash value from the corresponding node's properties
    3. if hash obtained in step 1 is equal to calculated hash value in step 2 then respective node is inserted into ledger, else node is not inserted into ledger & the corresponding uuid is logged into console output.


    Info
    titleNote

    Restart respective service(Tomcat/Engine/Agent) whenever config files are modified.