Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 58 Next »

Step - by - step guide on how to Install Insights Advanced - Hyperledger Fabric Network.

Installing Hyperledger Network covers the initial setup procedures including InstallationConfigurations (Hardware, Software, and Network) and various Commands.  Please note that these instructions are only for Linux (Debian & Ubuntu).

Prerequisites


 Hardware Configuration

Hyperledger Fabric Minimum configuration - Pilot/POC
No. of instances1
OSUbuntu 16.04 Xenial (64bit) 
Storage75 GB (Fabric Network Only)
Mem (GiB)8 GB
vCPU2

Hyperledger Fabric Minimum configuration - Production
No. of instances1
OSUbuntu 16.04 Xenial (64bit) 
Storage100 GB (Fabric Network Only)
Mem (GiB)16 GB
vCPU4
Configuration varies depending on the work load.
 Software
  • Docker version 18.03 or later, Docker Compose  1.14.0 or greater (If not, we recommend that you install a more recent version of Docker) , curl
  • Python 3.x
  • Node.js Runtime 8.x(8.12.0) and NPM 6.x(6.3.0) - For chaincode
  • git (git bash to clone the repo)

Refer the link to know the Software component version for latest fabric network: https://hyperledger-fabric.readthedocs.io/en/latest/prereqs.html

Fabric Version Specific. Change the version in the URL for other versions: https://hyperledger-fabric.readthedocs.io/en/release-1.4/prereqs.html

Docker, Docker Compose and curl

On RHEL/CentOS7:

Docker - https://docs.docker.com/engine/install/centos/

  • yum update

  • yum install yum-utils

  • yum-config-manager --enable rhel-7-server-rhui-extras-rpms 
  • yum install docker
  • Ensure that docker daemon is running with an option -H unix:///var/run/docker.sock  . If not, open the file(vi), add it as shown below and save(:wq). Ensure, only one ExecStart is available in the file. 

          vi /lib/systemd/system/docker.service

          ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock -H unix:///var/run/docker.sock

          :wq

  • Provide permission "chmod 666 /var/run/docker.sock"
  • systemctl start docker
  • systemctl status docker
  • systemctl enable docker (start docker at system boot)
  • Add your user to the docker group.
  • groupadd docker (Do this if not present)
    usermod -a -G docker <username>

                     Example: usermod -aG docker ec2-user

  1. For RHUI 3 repo ID(rhel-7-server-rhui-extras-rpms ) to configure yum-config-manager, please visit - https://access.redhat.com/articles/4599971

  2. For docker commands please visit -  https://docs.docker.com/edge/engine/reference/commandline/docker/

Docker Compose

  1. Install docker compose specific version. Any existing installation of Docker is replaced.           
    1. Specific version of docker-compose installation. Refer current release of docker compose in https://docs.docker.com/compose/install/
    2. For example "docker-compose v1.26.2": 

      sudo curl -L "https://github.com/docker/compose/releases/download/1.26.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/bin/docker-compose

      sudo chmod +x /usr/bin/docker-compose

      docker-compose --version

      systemctl status docke

Reference: https://docs.docker.com/install/linux/docker-ce/ubuntu/

cURL

Download the latest version of cURL (curl) tool if it is not installed - https://curl.haxx.se/download.html

GO

  1. Download the archive: wget https://dl.google.com/go/go1.11.10.linux-amd64.tar.gz
  2. Extract it into /usr/local, creating a Go tree in /usr/local/go
  3. tar -C /usr/local -xzf go1.11.10.linux-amd64.tar.gz
  4. Add /usr/local/go/bin to the PATH environment variable. You can do this by adding this line to your /etc/profile (for a system-wide installation) or $HOME/.bashprofile:                  export PATH=$PATH:/usr/local/go/bin
    Reference - Section Linux :https://golang.org/doc/install#install

Python

As of Ubuntu 16.04 LTS (xenial),  both python 2 and python3 by default. Recommended to use python3. Check and then install if required.

  1. apt-get install python3.5
  2. apt-get install python3-pip

set alias to respectiive python version in ~/.bashrc to avoid error while installing the module.

alias pip=pip3

alias python=python3.5

(OR)

update-alternatives --install /usr/bin/python python /usr/bin/python3.5 10

Reference: https://wiki.ubuntu.com/Python

Node.js Runtime and NPM
The recommended versions for node and npm are Node 8.x.x and npm5.x.x. If you are getting lower versions using apt-get install, remove existing node setup from your machine and then run the following:

curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
yum install nodejs

Git

As Of RHEL/CentOS7, git is available by default. Check and then install if required.

  1. yum update
  2. yum install git
 Recommended Network Ports

Following port must be opened to access the fabric network from fabric sdk.

Source : fabric sdk instance where our Insights is running

Destination: fabric network installed instance - hyperledger network

Example Ports: You can change these ports based on availability and configuration in fabric network. Then, enable connectivity to those ports.

  • orderer - 7050 
  • peer0.org1 - 7051
  • peer1.org1 - 8051
  • peer0.org2 - 9051
  • peer1.org2 - 10051
  • ca.org1 - 7054
  • ca.org2 - 8054
 Useful Docker Commands

List active container: docker ps

List active/exited container: docker ps -a

List docker images: docker images

Check container logs: docker logs <container-id>

Connect to Container: docker exec -it <container-id> bash

Remove docker container: docker rmi -f <contianer-id>

Remove docker images: docker rmi -f <image-name/id>

Reference: https://docs.docker.com/engine/reference/commandline/docker/

Please browse through the below sections to setup specific Fabric Network

Hyperledger Fabric Network

hyperledger fabric network

 Raft (etcd/raft) Fabric Network

Make sure you've done all the Prerequisites. Raft Ordering Service introduced in 1.4.1 (Reference: https://hyperledger-fabric.readthedocs.io/en/latest//whatsnew.html)

Ensure docker images are pulled as per raft supported version ( https://github.com/hyperledger/fabric/releases )

Network Architecture

  • 5 Orderers
  • 2 Organizations
  • 4 peers, 2 for each organization
  • 4 couchdb, one for each peer
  • 2 certificate authority(CA), one for each organization


Setup the Network

  1. Navigate to your home directory or any convenient directory and clone the Hyperledger_Raft branch from our repo:   

    git clone -b Hyperledger_Raft https://github.com/TheCognizantFoundry/Insights.git
  2. Navigate into the raft-with-ca folder: cd Insights/raft-with-ca

  3. Give permissions to all the executables and shell files which will easily bring up/down the network:
    chmod 777 *.sh
    chmod -R 755 bin

  4. Generate the crypto-material. Input arguments to generate.sh are channelname and domain name : 

    ./generate.sh <channelname> <DOMAIN>

    For Example: ./generate.sh mychannel cogdevops.com

  5. Edit the values(DOMAIN, CA_ORG*_KEYFILE etc.) inside the .env file. Refer the list below to know more about the variables of .env:

    • The tls variables must be set to true as Hyperledger-fabric Raft mandates enabling TLS for better security in network communication. Failing to do so will result in crashing of the orderers.

    • Some of the fields are pre-populated with default values. you may change the values as per requirement. The IMAGE_TAG must be >= 1.4.1 or latest to have raft setup.

    .env
    COMPOSE_PROJECT_NAME=<name_of_your_network>
IMAGE_TAG=<docker_image_raft_supported_tag_1.4.1_or_1.4.2>
DOMAIN=<yourCompany_domain_name>
ORDERER_GENERAL_TLS_ENABLED=true
CORE_PEER_TLS_ENABLED=true
FABRIC_CA_SERVER_TLS_ENABLED=true
ORDERER_TLS_CLIENTAUTHREQUIRED=true
CA_ORG1_KEYFILE=<name of the keyfile residing inside crypto-config/peerOrganizations/org1.cogdevops.com/ca/>
CA_ORG2_KEYFILE=<name of the keyfile residing inside crypto-config/peerOrganizations/org2.cogdevops.com/ca/>

    Hint

    Ensure docker images are pulled as per raft supported version >= 1.4.1

    To use raft fabric docker images: Sometimes fabric docker images are pulled with old network architecture(eg., solo) or already present in the system/VM for the image tag "latest", then remove the existing docker images using "docker rmi -f <imageid>" when respective containers are not running. Because, fabric-image with tag "latest" won't pull new image with actual latest tag due to existing reference. Below start.sh will pull the image as per the raft version >=1.4.1 defined in .env file.

  6. Start the Network :

    ./start.sh <channelname> <DOMAIN>

    You must use the same  channelname and DOMAIN which you used in step 6.

    If you want to learn more about how the network is setup, then do not execute the start.sh. In stead, run the below commands manually from your terminal:

    Learn more about the steps performed inside start.sh 
    #Replace $CHANNEL_NAME and $DOMAIN with your channelname and domain respectively.
#setup the network
docker-compose -f docker-compose-cli.yaml -f docker-compose-couch.yaml -f docker-compose-etcdraft2.yaml up -d
sleep 15
#create the channel
docker exec -it peer0.org1.$DOMAIN peer channel create -o orderer.$DOMAIN:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem

#join org1 anchor peer peer0.org1
docker exec -it peer0.org1.$DOMAIN peer channel join -b $CHANNEL_NAME.block
#join org2 anchor peer0.org2
docker exec -it peer0.org2.$DOMAIN peer channel fetch 0 $CHANNEL_NAME.block -c $CHANNEL_NAME -o orderer.$DOMAIN:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem
docker exec -it peer0.org2.$DOMAIN peer channel join -b $CHANNEL_NAME.block

#join org1 & org2
docker exec -it peer0.org1.$DOMAIN peer channel update -o orderer.$DOMAIN:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem
docker exec -it peer0.org2.$DOMAIN peer channel update -o orderer.$DOMAIN:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org2MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem

#join the other peers to the channel
docker exec -it peer1.org1.$DOMAIN peer channel fetch 0 $CHANNEL_NAME.block -c $CHANNEL_NAME -o orderer.$DOMAIN:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem
docker exec -it peer1.org1.$DOMAIN peer channel join -b $CHANNEL_NAME.block

docker exec -it peer1.org2.$DOMAIN peer channel fetch 0 $CHANNEL_NAME.block -c $CHANNEL_NAME -o orderer.$DOMAIN:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem
docker exec -it peer1.org2.$DOMAIN peer channel join -b $CHANNEL_NAME.block

#install the chaincode into the anchor peers
docker exec -it peer0.org1.$DOMAIN peer chaincode install -n insightsAudit -v 1.0 -l node -p /chaincode/src/nodejs/
docker exec -it peer0.org2.$DOMAIN peer chaincode install -n insightsAudit -v 1.0 -l node -p /chaincode/src/nodejs/

#install into the other peers
docker exec -it peer1.org1.$DOMAIN peer chaincode install -n insightsAudit -v 1.0 -l node -p /chaincode/src/nodejs/
docker exec -it peer1.org2.$DOMAIN peer chaincode install -n insightsAudit -v 1.0 -l node -p /chaincode/src/nodejs/

#instantiate the chaincode inside one of the anchor (here we are doing for peer0.org1)
docker exec -it peer0.org1.$DOMAIN peer chaincode instantiate -o orderer.$DOMAIN:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/$DOMAIN/orderers/orderer.$DOMAIN/msp/tlscacerts/tlsca.$DOMAIN-cert.pem -C $CHANNEL_NAME -n insightsAudit -l node -v 1.0 -c '{"Args":["Init"]}'

  7. Verify if all the docker containers are running:

    docker ps -a

    You will notice some extra containers running other than the ones mentioned in the network architecture with names like this: dev-peer0.org1.cogdevops.com-insightsAudit-1.0. It is an expected behaviour for the fabric-network. These containers will get spawned whenever chaincode is instantiated in a peer. Since the start.sh script will instantiate the chaincode inside peer0 by default, therefore this container will get spawned.

    At this point your raft setup is complete. Steps mentioned hereafter are for registration and enrollment of a user to be used with SDK.

  8. Login into the CA container: docker exec -it ca.org1.<DOMAIN> bash
  9. Run the following inside the container:
  • Enroll the admin: fabric-ca-client enroll -u https://Admin:adminpw@localhost:7054 --tls.certfiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.<DOMAIN>/ca/ca.org1.<DOMAIN>-cert.pem
  • Now register a new user: fabric-ca-client register -u https://localhost:7054 --id.name "newusername" --id.secret "password" --id.type "client" --id.affiliation "org1.department1" --tls.certfiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.<DOMAIN>/ca/ca.org1.<DOMAIN>-cert.pem
  • Verify the registration by listing the available users: fabric-ca-client identity list -u https://localhost:7054 --tls.certfiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.<DOMAIN>/ca/ca.org1.<DOMAIN>-cert.pem

You should see the new user inside this list if registration is successful.

     12. Test the Chaincode. Either insert record manually or let the data gets inserted via PlatformAuditEngine. Then run the below query inside any of the peers.             Modify assetID with your Asset ID value and channelname should be the same one used in step 8.

        Query: peer chaincode query -n insightsAuditing -c '{"Args":["GetAssetDetails","<assetID>"]}' -C <channelname>

  • No labels

©2021 Cognizant, all rights reserved. US Patent 10,410,152