how-to-deploy-hyperledger-fabric-network-from-scratch.png

How to Deploy Multi-organization Hyperledger Fabric Network from Scratch

21/November/2019
Hyperledger is always taken for discussions by the tech giants and blockchain enthusiasts. The open source collaborative effort initiated by Linux Foundation aims to improvise the possibilities of cross-industry blockchain technologies among different streams. The participants of this global collaboration includes delegates from finance, banking, supply chain,  IoT,  technology and manufacturing.

This blog discusses the setting up of a multi-organization hyperledger fabric network from scratch. 

Prerequisite

1. Basic knowledge of the hyperledger fabric network.
2. All prerequisite installed as per
    https://hyperledger-fabric.readthedocs.io/en/release-1.4/install.html
3. Basic understanding of Build Your First Network tutorial.

The Build Your First Network tutorial is a great way to start with a hyperledger fabric network. But even after having hands-on this tutorial, one may find difficult to customize the network. Today we are going to create a network with 4 organizations and 5 ordering nodes. We also run 4 CA’s that are one for each organization.

In our case, the network represents an IT company and the 4 organization represents 4 departments in it. Let’s assume our company domain as workspace.

4 organizations with 2 peers each
    1. Accounts
        a. Nodes
            i. Peer 1
            ii. Peer 2
        b. Client
            i. admin
            ii.user1
        c. CA 1
    2. Developers
        a. Nodes
            i. Peer 1
            ii. Peer 2
        b. Client
            i. admin
            ii. user1
        c. CA 2
    3. HR
        a. Nodes
            i. Peer 1
            ii. Peer 2
        b. Client
            i. admin
            ii. user1
        c. CA 3
    4. Marketing
        a. Nodes
            i. Peer 1
            ii. Peer 2
        b. Client
            i. admin
            ii. user1
        c. CA 4

5 Ordering Nodes with Raft consensus

1. Orderer1
2. Orderer2
3. Orderer3
4. Orderer4
5. Orderer5

To get started, first clone our git repository into your fabric samples folder.

git clone https://github.com/blockchain-expert/hyperledger-fabric-network-from-scratch
cd hyperledger-fabric-network-from-scratch

For the rest of the tutorial, we run the commands at this directory.

Step 1
In the first step, we would generate all the crypto elements for all the organizations. We also generate admin and 1 user account for each organization.

The cryptogen tool in the bin folder helps us with this. The tool utilizes the crypto-config.yaml file for this.

Please have a look at the crypto-config.yaml file. I’ve removed all the comments for simplicity. If you need any clarification, refer to the comments provided in the first network folder.

../bin/cryptogen generate --config=./crypto-config.yaml
After successful generation of crypto elements, the following will be outputted

developers.workspace
accounts.workspace
hr.workspace
marketing.workspace

Step 2
In this step, we are going to generate the orderer genesis block.
For this, we’d used configtxgen tool and consumes configtx.yaml file.

Before that, we have to set up an environment variable.

export FABRIC_CFG_PATH=$PWD

Have a look at the profiles section configtx.yaml file. We are providing 2 profiles, one is Raft and the other one is workspaceChannel.

In order to generate orderer genesis block, we use the Raft profile

../bin/configtxgen -profile Raft -channelID workspace-sys-channel -outputBlock 
./channel-artifacts/genesis.block

This will output a genesis.block file under the channel-artifacts directory.

Step 3
In this step, we’d create the channel transaction artifact, so that we can utilize it  in the future at the time of channel creation transaction. 

Note: This step and step 4 doesn’t make any actual blockchain transaction, instead generates transaction artifacts that will aid in performing transactions in step 6 and 7.

Before that, set the channel name that we are going to create as an environmental variable.

Since this is our main channel, we name it as workspace itself.

export CHANNEL_NAME=workspace

../bin/configtxgen -profile workspaceChannel -outputCreateChannelTx 
./channel-artifacts/workspace.tx -channelID $CHANNEL_NAME

We use the same configtxgen tool for generating channel creation artifact. Notice that we use -outputCreateChannelTx flag this time. Also workspaceChannel is provided as the profile.

The successful execution of the above command will generate a workspace.tx file under channel artifacts directory.

Step 4
Next, we are going to create artifacts for anchor peer update. Since we have 4 organizations in our main workspace channel, we have to generate 4 artifacts, 1 for each organization.

For developer organization
../bin/configtxgen -profile workspaceChannel -outputAnchorPeersUpdate 
./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP

For accounts organization
../bin/configtxgen -profile workspaceChannel -outputAnchorPeersUpdate 
./channel-artifacts/Org2MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org2MSP

For hr organization
../bin/configtxgen -profile workspaceChannel -outputAnchorPeersUpdate
./channel-artifacts/Org3MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org3MSP

For marketing organization
../bin/configtxgen -profile workspaceChannel -outputAnchorPeersUpdate 
./channel-artifacts/Org4MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org4MSP

Step 5
Next, we are going to start the network. This is the most important step.

We use docker-compose.yaml file for this purpose.

Check out the base.yaml and docker-compose.yaml file in our project.

The network up process will run 5 containers for 5 ordering nodes + 8 containers for 8 peers + 4 containers for 4 Certificate Authorities(CA) + 1 container for CLI.

The base services are declared in the base.yaml file for avoiding the complexity in our docker-compose file. Notice how each container is configured. Notice how the ports are allocated for each container. This way you can configure a network of any size.

In order to run CA for each organization, you have to customize FABRIC_CA_SERVER_TLS_KEYFILE variable in docker-compose.yaml.

We’ll show for developers organization. The same way you can configure all other CAs.
First look in the following directory,
crypto-config/peerOrganizations/developers.workspace/ca

In that folder, we can find a file with a long hash value followed by _sk. Copy this file name and update the FABRIC_CA_SERVER_TLS_KEYFILE variable in the environment section under ca1 container configurations in docker-compose.yaml file with this value. You also need to update the value in command in command section after the --ca.keyfile flag.


Do this for all four CAs.

Run the following to set environment variables

export COMPOSE_PROJECT_NAME=net
export IMAGE_TAG=latest
export SYS_CHANNEL=workspace-sys-channel

After that, we can start the network.

docker-compose -f docker-compose.yaml up -d


The execution of the container denotes success. This way you can customize the network for any size. 

Step 6
In this step, we are going to create the workspace channel.
For that, we are now entering the CLI container.

docker exec -it cli bash

First set channel name as an environment variable.
export CHANNEL_NAME=workspace

Next, we are going to set the required variables so that we can perform blockchain transactions as developers admin.

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/developers.workspace/users/Admin@developers.workspace/msp
CORE_PEER_ADDRESS=peer1.developers.workspace:7051
CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/developers.workspace/peers/peer1.developers.workspace/tls/ca.crt

In order to create the workspace channel, we need to use the channel creation artifact (workspace.tx) that we have generated in step 3.

peer channel create \
    -o orderer1.workspace:7050 \
    -c $CHANNEL_NAME \
    -f ./channel-artifacts/$CHANNEL_NAME.tx \
    --outputBlock ./$CHANNEL_NAME.block \
    --tls \
    --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/workspace/orderers/orderer1.workspace/msp/tlscacerts/tlsca.workspace-cert.pem

On successful execution of the above command, a workspace.block file is returned.

Step 7
In this step, we are going to make all four organizations join to channel and also update the anchor peer at the same time.

Since we already set the environment variables for developers’ organization, we don’t have to set it up again.
So we can directly join the workspace channel using the following command.

peer channel join -b ./workspace.block

We are also going to update the current peer(PEER 1) as an anchor peer.
In order to update the anchor peers, we need anchor peer update transaction artifact that we have generated in step 4.

peer channel update \
-o orderer1.workspace:7050 \
-c $CHANNEL_NAME \
-f ./channel-artifacts/Org1MSPanchors.tx \
--tls \
--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/workspace/orderers/orderer1.workspace/msp/tlscacerts/tlsca.workspace-cert.pem

For the next organization, we have to first set the environment variables before executing the above commands.

For Accounts organization:

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/accounts.workspace/users/Admin@accounts.workspace/msp
CORE_PEER_ADDRESS=peer1.accounts.workspace:9051
CORE_PEER_LOCALMSPID="Org2MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/accounts.workspace/peers/peer1.accounts.workspace/tls/ca.crt
peer channel join -b ./workspace.block
peer channel update \
-o orderer1.workspace:7050 \
-c $CHANNEL_NAME \
-f ./channel-artifacts/Org2MSPanchors.tx \
--tls \
--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/workspace/orderers/orderer1.workspace/msp/tlscacerts/tlsca.workspace-cert.pem

For HR organization:

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/hr.workspace/users/Admin@hr.workspace/msp
CORE_PEER_ADDRESS=peer1.hr.workspace:11051
CORE_PEER_LOCALMSPID="Org3MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/hr.workspace/peers/peer1.hr.workspace/tls/ca.crt
peer channel join -b ./workspace.block
peer channel update \
-o orderer1.workspace:7050 \
-c $CHANNEL_NAME \
-f ./channel-artifacts/Org3MSPanchors.tx \
--tls \
--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/workspace/orderers/orderer1.workspace/msp/tlscacerts/tlsca.workspace-cert.pem

For Marketing organization:

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/marketing.workspace/users/Admin@marketing.workspace/msp
CORE_PEER_ADDRESS=peer1.marketing.workspace:13051
CORE_PEER_LOCALMSPID="Org4MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/marketing.workspace/peers/peer1.marketing.workspace/tls/ca.crt
peer channel join -b ./workspace.block
peer channel update \
-o orderer1.workspace:7050 \
-c $CHANNEL_NAME \
-f ./channel-artifacts/Org4MSPanchors.tx \
--tls \
--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/workspace/orderers/orderer1.workspace/msp/tlscacerts/tlsca.workspace-cert.pem

Congrats! You have successfully created workspace channel and made 4 organizations join to it. Try experimenting with things in this network and get your hands dirty. We’ll provide further tutorials on installing, instantiating and upgrading the chaincode based on this network configuration. Stay tuned.

Comments

2
Leonardo Moreira De Oliveira
25/11/2019 - 8:13AM

Are you sure about "workspaceChannel", I could just find "FourOrgsChannel" within configtx.yaml tks


I am getting the following error while running this command configtxgen -profile workspaceChannel -outputCreateChannelTx ./channel-artifacts/workspace.tx -channelID $CHANNEL_NAME Could not find profile: workspaceChannel 2020-01-14 18:47:59.215 IST [common.tools.configtxgen] func1 -> ERRO 003 Could not find profile: workspaceChannel. Please make sure that FABRIC_CFG_PATH or -configPath is set to a path which contains configtx.yaml with the specified profile


Leave a comment