Setup the Hyperledger Fabric network from scratch.

Davor Kljajic
Jan 18, 2019 · 8 min read

I will provide a quick intro if you are new in blockchain or Hyperledger Fabric.

Hyperledger Fabric is permissioned blockchain or private network, only entities defined in the network can interact with each other, the opposite is a public blockchain as bitcoin where any entities can interact with each other.

There is a concept of “Channels” where parties that are part of a blockchain can create separate transactions privately and then pass the final state to the be recorded on the main blockchain.

Any participants must have identities. Identity is issued by Certificate Authority(CA) as crypto-material.

Fabric doesn’t use typical Proof of Work or Proof of Stake mechanisms to achieve consensus. Because it’s highly permissioned, it uses a sequence of verified transactions (based on MSP) instead.

Prerequisite

Hyperledger Fabric is written in golang, and environment that components of a network exist is a docker. You can install prerequisite in the script, in my last article :).

Install:

Run the following script. This script will clone the pre-packaged Hyperledger Fabric samples and download the binaries you need. Or you can create own folder and export path of the bin folder.

> curl -sSL https://goo.gl/6wtTN5 | bash -s 1.1.0

Set an environment variable with a path to your binaries so Fabric knows where to find them. Replace the part below with the full path of the directory where the folder is found. You can find that by typing in your terminal.

> export PATH=<replace this with your path>/bin:$PATH

Check golang version.

go version

We have everything we need to proceed with getting our network set up.


Crucial files

In order to configure and launch your own Hyperledger fabric network,

you will need 3 files :

  • configtx.yaml
  • crypto-config.yaml
  • docker-compose.yaml

The document is well documented and I will also add additional comments.

Configtx.yaml

Defines which elements to use with your network and are passed to configtxgen in order to create genesis block and channel artifacts.

We can split the configtx.yaml file into 5 different blocks :

  • Organizations block
  • Orderer block
  • Applications block
  • Profiles block
  • Capabilities block

I will explain organizations, orderer and profile blocks.

Organizations block

1. organization_block

Most important thing is to set a directory of certificates in the docker-compose.yaml file as is defined here, also known as mounting.

Another thing is also interesting that you can specify a custom policy for the organization in the channel, I will write in the next articles about that.

Orderer block

2.orderer_block

Orderer is a messaging system in the Hyperldger Fabric network, his main purpose is a delivery guarantee, such as atomic or total order broadcast.

In production, we must use Kafka because is faster and have high throughput.

Also in this section, we define the measurement of blocks our blockchain network.

Profile Blocks

As a say earlier, that is a most important section in this file, “Profiles defines which elements to use with your network and are passed to configtxgen in order to create genesis block and channel artefacts.”

3.profile_block

In this section, you define the name of orderer in your network, organizations that are part of your network defined in section consortium. Also provided the name of these names is define upside in the same document.


Crypto-config.yaml

The crypto-config.yaml file is pretty simple to create. It defines your network participants and is used for creating all necessary for each peer.

The file is constructed from:

  1. ordererOrgs
  2. peerOrgs

(If you have more than one org in your network, copy/paste and add all your org definition)

OrdererOrgs

4.orderer_org

As we see that name of order is previously defined in the configtx.yaml file, so be careful about this.

PeerOrgs

5.peerOrgs

Common mistakes are made when we have multiple peers in our organization, so in the section template, the number of peers must be the same as the count section. The section user is referred to the number of user accounts in addition to admin.


Create artefacts and certificates

The question that is raised is how to create certificates and artefacts for previously defined custom files for our network.

We will use the Cryptogen tool to generate the cryptographic material (x509 certs) for our various network entities. cryptogen is a utility for generating Hyperledger Fabric key material, however, it is mainly meant to be used for a testing environment.

In order for us to finish the initialization of our blockchain we need to create :

  • The orderer genesis block. It is intended, as its name indicates, to correctly initialize Fabric’s orderers.
  • A channel genesis block. The channel is a kind of private network inside the main network which our users will be able to use. This allows you to initialize Fabric’s peers to join a channel.
  • An anchor peer. Its a peer node with an additional feature which allows all other peers to discover and communicate with it.

I use a shell script that generates all that needed materials. To create custom you need to set that script is executable.(sudo chmod 777 name_of_file).

Another important thing is to set the name of your channel and all variables are defined in the profile section in the configtx.yaml (TwoOrgsOrdererGenesis,TwoOrgsChannel etc.)

#!/bin/sh## Copyright IBM Corp All Rights Reserved# SCRIPT FOR GENERATING CERTIFICATES AND ARTIFACTSexport PATH=$GOPATH/src/github.com/hyperledger/fabric/build/bin:${PWD}/../bin:${PWD}:$PATHexport FABRIC_CFG_PATH=${PWD}CHANNEL_NAME=mychannel# remove previous crypto material and config transactionsrm -fr config/*rm -fr crypto-config/*# generate crypto materialcryptogen generate --config=./crypto-config.yamlif [ "$?" -ne 0 ]; thenecho "Failed to generate crypto material..."exit 1fi# generate genesis block for ordererconfigtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./genesis.blockif [ "$?" -ne 0 ]; thenecho "Failed to generate orderer genesis block..."exit 1fi# generate channel configuration transactionconfigtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel.tx -channelID $CHANNEL_NAMEif [ "$?" -ne 0 ]; thenecho "Failed to generate channel configuration transaction..."exit 1fi# generate anchor peer transactionconfigtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSPif [ "$?" -ne 0 ]; thenecho "Failed to generate anchor peer update for Org1MSP..."exit 1fi# generate anchor peer transactionconfigtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./Org2MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org2MSPif [ "$?" -ne 0 ]; thenecho "Failed to generate anchor peer update for Org2MSP..."exit 1fi

Generated crypto material and artefacts

  • We created 2 organizations
  • We created 1 peer per organization
  • We created certificates for each of the above, so each transaction can be signed by them and we know who created and signed the transactions
  • We created a genesis block
6.crypto material and artifacts

Docker-compose.yaml

For each entity on our network, we need a different docker container. The flow is simple, we use local files to put in an isolated environment.

We will see how to declare :

  • Certificate authority container(CA)
  • Peer container
  • Orderer container

Certificate authority

As I mentioned CA is used for identifying participants in the network, each organization must have own ca. I commented on important sections.

7. CA

The most important thing is to use a proper key file name of generated certificates. Here are different names because I am using from another project :).

8.location_key

Peer container

9.peer_container

The most common mistakes are that mounted path is wrong, what I think about that path where we defined in configtx.yaml must be the same in the docker container.yaml file.

Be especially careful about chaincode where to put him. To test where is chaincode, you can use docker command “docker exec -it name_of_contnainer bash” to see are your chaincode is well mounted this tip I use.


Connect the components of a network

This is another shell script to create a channel, join and update anchor peers to have communication in the network.

#!/bin/bash
#
# Copyright IBM Corp All Rights Reserved
#
# SPDX-License-Identifier: Apache-2.0
#
# Exit on first error, print all commands.
set -e
# don't rewrite paths for Windows Git Bash users
export MSYS_NO_PATHCONV=1
starttime=$(date +%s)
LANGUAGE=${1:-"node"}
# clean the keystore
rm -rf ./hfc-key-store
docker-compose -f docker-compose.yml downdocker-compose -f docker-compose.yml up -d ca0 ca1 orderer.example.com peer0.org1.example.com peer1.org2.example.com couchdb# wait for Hyperledger Fabric to start
# incase of errors when running later commands, issue export
export FABRIC_START_TIMEOUT=10
#echo ${FABRIC_START_TIMEOUT}
sleep ${FABRIC_START_TIMEOUT}
# Create the channel
docker exec -e "CORE_PEER_LOCALMSPID=Org1MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/Admin@org1.example.com/msp" peer0.org1.example.com peer channel create -o orderer.example.com:7050 -c mychannel -f /etc/hyperledger/configtx/channel.tx
# Join peer0.org1.example.com to the channel.
docker exec -e "CORE_PEER_LOCALMSPID=Org1MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/Admin@org1.example.com/msp" peer0.org1.example.com peer channel join -b mychannel.block
# fetch channel config block org2
docker exec -e "CORE_PEER_LOCALMSPID=Org2MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users1/Admin@org2.example.com/msp" peer0.org2.example.com peer channel fetch 0 mychannel.block -c mychannel -o orderer.example.com:7050
# join org2 peer to channel
docker exec -e "CORE_PEER_LOCALMSPID=Org2MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users1/Admin@org2.example.com/msp" peer0.org2.example.com peer channel join -b mychannel.block
# update anchor peers
docker exec -e "CORE_PEER_LOCALMSPID=Org1MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/Admin@org1.example.com/msp" peer0.org1.example.com peer channel update -o orderer.example.com:7050 -c mychannel -f /etc/hyperledger/configtx/Org1MSPanchors.tx
docker exec -e "CORE_PEER_LOCALMSPID=Org2MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users1/Admin@org2.example.com/msp" peer0.org2.example.com peer channel update -o orderer.example.com:7050 -c mychannel -f /etc/hyperledger/configtx/Org2MSPanchors.txdocker exec -e "CORE_PEER_LOCALMSPID=Org3MSP" -e "CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users1/Admin@org3.example.com/msp" peer0.org3.example.com peer channel update -o orderer.example.com:7050 -c mychannel -f /etc/hyperledger/configtx/Org3MSPanchors.tx
  • We joined the first peer of our first organization
  • We fetch config block for the second org
  • We joined the first peer of our second organization and updated the environment variables accordingly to recognize it
  • We made these two peers the Anchor Peers of each organization so new peers can talk to them

Conclusion

We created the blockchain network from scratch. The entire Hyperledger Fabric custom network is up and running in the docker containers. You can check here official Hyperledger documentation for the network.

More about my experience and knowledge about Hyperledger you can read here:


Next article will be about how to set up the chaincode, if you have any questions or suggestions, feel free to write me. See ya!

Work with us!

Beyondi offers high-quality services: Web Development and Design, Mobile Development and Design, Embedded Solutions, Blockchain Solutions, Digital Marketing, SEO, Growth and Team Augmentation? You can find more about our services on our website.


Beyondi | Full Stack Development Solutions

We get a project done and we answer on your email. Beyondi is a company full of passionate people who like to work on futuristic and challenging projects and of course share knowledge with community.

Davor Kljajic

Written by

Blockchain developer at Beyondi

Beyondi | Full Stack Development Solutions

We get a project done and we answer on your email. Beyondi is a company full of passionate people who like to work on futuristic and challenging projects and of course share knowledge with community.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade