The current project enables provisioning of Hyperledger Fabric (HLF) [https://www.hyperledger.org/projects/fabric] cluster over a host of machines managed by Docker Swarm [https://docs.docker.com/engine/swarm/].
The current project enables provisioning of Hyperledger Fabric (HLF) [https://www.hyperledger.org/projects/fabric] cluster over a host of machines managed by Docker Swarm [https://docs.docker.com/engine/swarm/].
It offers an easily configurable mechanism for creating custom Hyperledger Fabric Blockchain deployment arcitecture.
It offers an easily configurable mechanism for creating custom Hyperledger Fabric Blockchain deployment arcitecture.
Current Blockchain as a Service offerings from IBM, Amazon, Microsoft or others tie you and your consortium to their infrastructure and ecosystem. The presented solution is cloud agnostic and can be deployed over any cloud provider or private data centers. Each organization that part of your blockchain can therefore choose their own infrastructure provider and by using the fabric-as-code solution can seamlessly deply a Hyperledger Fabric Blockchain.
Current Blockchain as a Service offerings from IBM, Amazon, Microsoft or others tie you and your consortium to their infrastructure and ecosystem. The presented solution is cloud agnostic and can be deployed over any cloud provider or private data centers. Each organization that part of your blockchain can therefore choose their own infrastructure provider and by using the fabric-as-code solution can seamlessly deply a Hyperledger Fabric Blockchain.
Currently it support the spinning up of HLF cluster for just one organization, however, we are worrking towards mechanism for easily adding new organization to an exisiting cluster.
Currently it support the spinning up of HLF cluster for just one organization, however, we are worrking towards mechanism for easily adding new organization to an exisiting cluster.
Please see the Overview and TODO sections bellow
Please see the Overview and TODO sections bellow
## Overview
## Overview
- Hyperledger Fabric (HLF) v2.2 LTS
- Hyperledger Fabric (HLF) v2.2 LTS
- Cloud Deployment
- Cloud Deployment
- Docker Swarm used for orchestration
- Docker Swarm used for orchestration
- Redundency, High Availability and Scalability of HLF services
- Redundency, High Availability and Scalability of HLF services
- Services:
- Services:
- Certificate Authorities (CA)
- Certificate Authorities (CA)
- Organizational CA
- Organizational CA
- TLS CA
- TLS CA
- Orderer
- Orderer
- RAFT
- RAFT
- Peers
- Peers
- Configurable number of peers
- Configurable number of peers
- Chaincode support V1.X
- Chaincode support V1.X
- Support for both CouchDB and LevelDB databases
- Support for both CouchDB and LevelDB databases
- TLS enabled for all services
- TLS enabled for all services
- Persistent Filesystem for all services
- Persistent Filesystem for all services
- Single Org Setup
- Single Org Setup
- Single Sys
- Single Sys
- Single App channel setup
- Single App channel setup
## Todo
## Todo
- PostGres support for CAs
- PostGres support for CAs
- Add new Organization to consortium
- Add new Organization to consortium
- System channel
- System channel
- Application channel
- Application channel
- Update consortium
- Update consortium
- System channel
- System channel
- Application channel
- Application channel
- Add new Application Channel
- Add new Application Channel
- Update existing Application Channel
- Update existing Application Channel
- Customizable Policies
- Customizable Policies
- System Channel
- System Channel
- Application Channel
- Application Channel
- Endorsement Channel
- Endorsement Channel
- Mutual TLS
- Mutual TLS
- Deployment User Interface
- Deployment User Interface
## Pre-requisites:
## Pre-requisites:
- Ensure that you have installed **ansible** version 2.9.x on your **local machine**. Please see [https://www.ansible.com/] for further details on installing ansible on your local machine.
- Ensure that you have installed **ansible** version 2.9.x on your **local machine**. Please see [https://www.ansible.com/] for further details on installing ansible on your local machine.
Once ansible is installed, you can verify its version using the command `ansible --version` on you bash shell. You should receive an output such as this:
Once ansible is installed, you can verify its version using the command `ansible --version` on you bash shell. You should receive an output such as this:
- Gluster FS is used as persistent storage for all docker services hosted by an organization. In is required to have a seperate GlusterFS cluster in order to run this project on each of the **remote machines** that will host the HLF. We have created an easily deployable package for creating a GlusterFS cluster. Please check: [https://github.com/bityoga/mysome_glusterfs] and follow the ReadMe there!
- Gluster FS is used as persistent storage for all docker services hosted by an organization. In is required to have a seperate GlusterFS cluster in order to run this project on each of the **remote machines** that will host the HLF. We have created an easily deployable package for creating a GlusterFS cluster. Please check: [https://github.com/bityoga/mysome_glusterfs] and follow the ReadMe there!
## ansible-semaphore Setup Instructions:
## ansible-semaphore Setup Instructions:
These instructions is to be used only when utilising ansible-semaphore for deployment.
These instructions is to be used only when utilising ansible-semaphore for deployment.
For normal deployment process, ignore this and follow the instructions below.
For normal deployment process, ignore this and follow the instructions below.
## Configuration
## Configuration
There are very few parameters to be configured currently. All configurations are made inside _group_vars/all.yml_.
There are very few parameters to be configured currently. All configurations are made inside _group_vars/all.yml_.
-**GlusterFS Setup** !Required
-**GlusterFS Setup** !Required
-`gluster_cluster_volume` specifies the name of the created glusterfs volume. It should be the same value as the one used for creating the GlusterFS cluster. See pre-requisites step #2 about GlusterFS
-`gluster_cluster_volume` specifies the name of the created glusterfs volume. It should be the same value as the one used for creating the GlusterFS cluster. See pre-requisites step #2 about GlusterFS
-**config vars**[Optional]
-**config vars**[Optional]
- Under the section _Hyperledger Fabric Network config vars_, there are various values for your organization and credentials of the agents and services running within you HLF cluster for your organization.
- Under the section _Hyperledger Fabric Network config vars_, there are various values for your organization and credentials of the agents and services running within you HLF cluster for your organization.
- You may choose the change them to more secure values
- You may choose the change them to more secure values
-** CAs **[Optional]
-** CAs **[Optional]
- This projects spins up two CAs
- This projects spins up two CAs
- ORGCA: Generates the MSPs for the agents (peers, agents, clients, users, admins) to interact with the Blockchain Network
- ORGCA: Generates the MSPs for the agents (peers, agents, clients, users, admins) to interact with the Blockchain Network
- TLSCA: Generates the MSPs for the agents (peers, agents, clients, users, admins) to estabilsh TLS communication with themselves or with the outside world.
- TLSCA: Generates the MSPs for the agents (peers, agents, clients, users, admins) to estabilsh TLS communication with themselves or with the outside world.
- You may choose the change the number of _replicas_ hosted by Docker Swarm or the database used by the CA (default: SQLITE) to Postgres or MySQL.
- You may choose the change the number of _replicas_ hosted by Docker Swarm or the database used by the CA (default: SQLITE) to Postgres or MySQL.
-**Note: Postgres or MySQL is not supported as of now**
-**Note: Postgres or MySQL is not supported as of now**
-** Orderer **[Optional]
-** Orderer **[Optional]
- This projects spins up one Ordering service for each organization
- This projects spins up one Ordering service for each organization
- The only supported concensus protocal is **RAFT**
- The only supported concensus protocal is **RAFT**
- You may choose the change the number of _replicas_ depending on your requirements to improve scalability, redundency and availability of the service
- You may choose the change the number of _replicas_ depending on your requirements to improve scalability, redundency and availability of the service
-** Peers **[Optional]
-** Peers **[Optional]
- By default two peers are created.
- By default two peers are created.
- Peer1: Is the Anchor peer that will connect with other organization
- Peer1: Is the Anchor peer that will connect with other organization
- Peer2- Is the endorser peer which will have the chaincode installed
- Peer2- Is the endorser peer which will have the chaincode installed
- However, as many number of peers can be created by changing the following configuration values
- However, as many number of peers can be created by changing the following configuration values
- Under _# Creds of various agents_ section in _group_vars/all.yml_ add a new entry for the peer user name and password. We show an example for adding peer3
- Under _# Creds of various agents_ section in _group_vars/all.yml_ add a new entry for the peer user name and password. We show an example for adding peer3
- You may choose the change the number of _replicas_ for each of to peers, depending on your requirements to improve scalability, redundency and availability of the service
- You may choose the change the number of _replicas_ for each of to peers, depending on your requirements to improve scalability, redundency and availability of the service
## Defining the remote host machines
## Defining the remote host machines
In order to set up hlf cluster we would need a set of host machines. Ansible will comunicate with these machines and setup your cluster.
In order to set up hlf cluster we would need a set of host machines. Ansible will comunicate with these machines and setup your cluster.
### Configuring connection to remote machine
### Configuring connection to remote machine
- Please navigate to the file `inventory/hosts_template`
- Please navigate to the file `inventory/hosts_template`
- It looks as follows:
- It looks as follows:
```
```
[all:children]
[all:children]
swarm_manager_prime
swarm_manager_prime
swarm_managers
swarm_managers
swarm_workers
swarm_workers
[swarm_manager_prime]
[swarm_manager_prime]
[swarm_managers]
[swarm_managers]
[swarm_workers]
[swarm_workers]
```
```
- Make a copy of this file as `inventory/hosts`
- Make a copy of this file as `inventory/hosts`
- In order the specify the host machines, you need to populate this file `inventory/hosts` with the names of the host that you want to create. Each line/row in the file would represent a host machine. The lines with square brackets `[]` represents groups for internal reference in the project and **must not be changed**. Please fill each line under a group in the format:
- In order the specify the host machines, you need to populate this file `inventory/hosts` with the names of the host that you want to create. Each line/row in the file would represent a host machine. The lines with square brackets `[]` represents groups for internal reference in the project and **must not be changed**. Please fill each line under a group in the format:
- `hostname`: can be any name. Must be unique for each machine. The project will internally refer to the machines with this name
- `hostname`: can be any name. Must be unique for each machine. The project will internally refer to the machines with this name
- `ansible_host`: the ip address of the remote host. This machine should be accessable over the network with this ip address
- `ansible_host`: the ip address of the remote host. This machine should be accessable over the network with this ip address
- `ansible_python_interpreter`: In order for ansible to work, we need python 2.7.x or above available on each remote machine. Here we specify the **path of python on the remote machine** so that our local ansible project know where to find python on these machines.
- `ansible_python_interpreter`: In order for ansible to work, we need python 2.7.x or above available on each remote machine. Here we specify the **path of python on the remote machine** so that our local ansible project know where to find python on these machines.
- The following _example_ defines 5 machines as remote hosts
- The following _example_ defines 5 machines as remote hosts
- **!!!Required: Ensure that you have password less SSH for these host for a user. Later when you run the playbooks change the value for the playbooks with argument -u to the appropiate user that has passwordless SHH access to these machines**
- **!!!Required: Ensure that you have password less SSH for these host for a user. Later when you run the playbooks change the value for the playbooks with argument -u to the appropiate user that has passwordless SHH access to these machines**
## Setting up HLF
## Setting up HLF
Setting up of hyperledger fabric cluster requires the following steps. Creating the infrastructure with all dependencies installed and starting the hlf services in all the host machines. Finally, there is also mounting the glusterfs point.
Setting up of hyperledger fabric cluster requires the following steps. Creating the infrastructure with all dependencies installed and starting the hlf services in all the host machines. Finally, there is also mounting the glusterfs point.
- **!!!In our case the user root has passwordless SSH access to all the remote machines. In your case, it its different, please change the value for the argument -u to the appropiate user.**
- **!!!In our case the user root has passwordless SSH access to all the remote machines. In your case, it its different, please change the value for the argument -u to the appropiate user.**
- Deploys the Ordering service to docker swarm. Also generates the genesis system channel block, genesis application and anchor transactions for the first application test channel called **`appchannel`**
- Deploys the Ordering service to docker swarm. Also generates the genesis system channel block, genesis application and anchor transactions for the first application test channel called **`appchannel`**
- Deploys the peer services to docker swarm. Creates the application `appchannel` and joins each peer to this channel. Also updates the channel with the anchor peer transaction
- Deploys the peer services to docker swarm. Creates the application `appchannel` and joins each peer to this channel. Also updates the channel with the anchor peer transaction
- Deploys the hyperledger explorer services to docker swarm.
- Deploys the hyperledger explorer services to docker swarm.
- The service will be exposed in **port : 8090**.
- The service will be exposed in **port : 8090**.
- The hlf_explorer service will start 16 seconds after the hlf_explorer_db service. Try to wait for sometime and check the url **http://178.62.207.235:8090/ (Replace ip address, with your primary manager's ip address).**
- The hlf_explorer service will start 16 seconds after the hlf_explorer_db service. Try to wait for sometime and check the url **http://178.62.207.235:8090/ (Replace ip address, with your primary manager's ip address).**
- Note : Make sure to have run 'ansible-playbook -v 012.prepare_docker_images.yml -u root' so the docker images needed for the explorer services are pulled and made ready. Else it may take some time for the services to get started.
- Note : Make sure to have run 'ansible-playbook -v 012.prepare_docker_images.yml -u root' so the docker images needed for the explorer services are pulled and made ready. Else it may take some time for the services to get started.
**Hyperledger Explorer Login Credentials**
**Hyperledger Explorer Login Credentials**
-**user_name : admin**
-**user_name : admin**
-**password : adminpw**
-**password : adminpw**
**File Configuration Explanations**
**File Configuration Explanations**
- All 'hlf_explorer' config files will be available under the directory "root/hlf-explorer/" , in the primary manager.
- All 'hlf_explorer' config files will be available under the directory "root/hlf-explorer/" , in the primary manager.
- "/root/hlf-explorer/pgdata" - is used as mount directory for hlf_explorer_db (Postgresql) service
- "/root/hlf-explorer/pgdata" - is used as mount directory for hlf_explorer_db (Postgresql) service
- "/root/hlf-explorer/wallet" - is used as the wallet directory for the hlf_explorer service
- "/root/hlf-explorer/wallet" - is used as the wallet directory for the hlf_explorer service
- Both of these directories are in the primary manager as the services are started only in primary manager. .
- Both of these directories are in the primary manager as the services are started only in primary manager. .
- This can be modified to a shared mount point, if the services are later planned to run different machines in the swarm.
- This can be modified to a shared mount point, if the services are later planned to run different machines in the swarm.
- In hlf_explorer_db, - "/docker-entrypoint-initdb.d/createdb.sh" and - "/docker-entrypoint.sh" are modified as the original scripts in the images were not starting properly.
- In hlf_explorer_db, - "/docker-entrypoint-initdb.d/createdb.sh" and - "/docker-entrypoint.sh" are modified as the original scripts in the images were not starting properly.
- The network config file for the hlf_explorer is configured with the prime manager's ip addressees.
- The network config file for the hlf_explorer is configured with the prime manager's ip addressees.
**Service Configuration Explanations**
**Service Configuration Explanations**
- The current commit, specifies all the explorer services to be started as swarm services in the prime manager.
- The current commit, specifies all the explorer services to be started as swarm services in the prime manager.
- Both of the services 1) hlf_explorer_db(Postgresql db) and 2) hlf_explorer are started in the prime manager.
- Both of the services 1) hlf_explorer_db(Postgresql db) and 2) hlf_explorer are started in the prime manager.
- The playbook also supports deploying the hlf_explorer services using a docker compose file (and) docker stack deploy
- The playbook also supports deploying the hlf_explorer services using a docker compose file (and) docker stack deploy
- This features are commented out currently. Only swarm service deployment is enabled in this commit.
- This features are commented out currently. Only swarm service deployment is enabled in this commit.
- However a docker-compose.yaml to deploy the hlf_explorer service is templated and configured dynamically for additional support.
- However a docker-compose.yaml to deploy the hlf_explorer service is templated and configured dynamically for additional support.
- This file will be available in the "root/hlf-explorer/hlf-explorer-docker-compose.yaml" in the prime manager machine.
- This file will be available in the "root/hlf-explorer/hlf-explorer-docker-compose.yaml" in the prime manager machine.
## Sample Bank App Deployment
## Sample Bank App Deployment
**a) Deploying Demo Bank App Chaindode**
**a) Deploying Demo Bank App Chaindode**
- Chaincode will be auto installed along with the start of the CLI service.
- Chaincode will be auto installed along with the start of the CLI service.
#### **TO DISABLE AUTO INSTALL OF CHAINCODE**
#### **TO DISABLE AUTO INSTALL OF CHAINCODE**
- Set "INSTALL_BANK_CHAINCODE" in _"group_vars/all.yml"_ to **'n'**
- Set "INSTALL_BANK_CHAINCODE" in _"group_vars/all.yml"_ to **'n'**
- By default it is set to **'y'**
- By default it is set to **'y'**
-**_Sample Bank App Chaincode Repository :_** https://github.com/bityoga/articonf-bank-chaincode.git
-**_Sample Bank App Chaincode Repository :_** https://github.com/bityoga/articonf-bank-chaincode.git
