Hyperledger Fabric principle details and actual combat 6

The main content of this article is as follows

The first block of each blockchain (block 0) is called genesis Block, a name that probably, probably, probably comes from Bitcoin.

System channel and application channel

As mentioned earlier, Fabric is a multi-linked system, with one blockchain for each Channel. Channels are understandably set up for business isolation, or for resource isolation.

However, one Channel is special. It is the basis of other channels and maintains the basic configuration information of the basic network operation.

It is called an “Orderer System Channel,” while the other channels are collectively called “Application Channels.”

Its corresponding blockchain exists in the Orderer cluster, while the others exist in the peer cluster.

This time we will generate a system channel corresponding to the blockchain creation block file. To launch our infrastructure.

Basic configuration file

To generate genesis Block files, you need to have an initial configuration. This configuration is much more complex than certificate generation, please refer to the Operation Guide for complete documentation.

As usual, take it apart to see what it has:

The file name is configtx.yaml, which contains a configuration block called Profiles, followed by two sub-blocks. The configuration in the ForGenesisBlock block is used in this section.

Going into long speech mode again! The following discussion on configuration encountered do not understand, directly skip. After you’ve read the whole thing, you’ll probably come back and understand it.

“Capabilities configuration

To start with, the Capabilities configuration shows what version of the app this node or Channel runs. The current version is 2.0.

Since the nodes of the Fabric are distributed across organizations, there is no guarantee that all organizations are running the same version of the program at the same time, this configuration declares the version number that the current node is running. Used to declare versions and capabilities when collaborating with other nodes to ensure compatibility.

Of course, there are other limitations to the use of this configuration that are not covered here. More later!

Policies configuration

The implications of this configuration, speaking, are a long story.

To make a long story short, it’s called strategy!

What are policies and ACLs

Policies This configuration occurs at many levels in the configuration file and defines a set of Policies.

What is strategy?

If you are familiar with the public cloud, it is similar to a security group.

If you are familiar with network switched routing, it is similar to acLs (acLs are also present in Fabric, covered below).

If you’re not familiar with them, here’s an example.

As shown above, this is your house. Every door in the room is a smart lock that you can set the rules for unlocking.

You then formulate the rules described in the strategy on the diagram.

So which door can be opened and which door cannot be opened?

The ACL in the figure specifies how each door can be opened.

Notice, in order to enter the vault, both you and your wife must be fingerprinted. You want to steal something and trade it for money? No way!

Is that clear? A policy is the rule itself, which makes sense only if you specify which resource the rule is used on.

Using a policy results in two outcomes: rule compliance and rule non-compliance. It is up to the business logic to decide what to do with the results.

Back to the policy for Fabric. Take this strategy:

#Profiles.ForGenesisBlock.Policies

Readers:             # policy name

Type: ImplicitMeta # type

Rule: ANY Readers  # rules

Copy the code

• Policy names can be customized, but Readers, Writers, and Admins are reserved by default.

• There are two types: ImplicitMeta and Signature.

  Here’s a Signature:

#Profiles.ForGenesisBlock.Consortiums.BondNetConsortium.Organizations.Policies

Readers:

Type: Signature

Rule: OR('McorpMSP.admin', 'McorpMSP.peer'. 'McorpMSP.client')

Copy the code

Together, types and rules determine how this policy can be satisfied.

How to meet the policy

Let’s look at the Channel hierarchy first.

The hierarchy of channels

In the profile, the two subblocks under Profiles are actually configurations of the two channels described. ForGenesisBlock is a configuration for a system channel, and ForCreateChannel is a configuration for a business channel.

The configuration of a Channel has its hierarchical structure, as shown in the following figure:

This is what is translated from the creation block of the system channel.

Channel_group is the root node and has three children under groups: Application, Consortiums, and Orderer.

If you expand Application, you’ll see its child nodes again, again under Groups.

Application has one child node: MidMSP. Expand it and groups is empty, indicating that MidMSP is already a leaf node (here MidMSP is the name of MID.org organization MSP).

This is what a tree graph looks like:

❝

“Note:“

The gray node in the figure is a nonexistent node that I added to illustrate the problem later. Also, the Consortiums node is omitted.

❞

Note that policies are configured under each node. Taking the Admins policy as an example, it looks like this when added to the tree:

Having said all that, what does this have to do with the satisfaction strategy? Don’t worry, just add some more of these strategies.

Ok, now let’s talk about how the strategy satisfies!

Policy verification rule

First, look at the root node (Channel/Admins), where Type is ImplicitMeta, indicating that the policy for this node depends on its children.

How to decide? Rule: MAJORITY Admins. This means that the Admins policies for most of the molecular nodes need to be satisfied.

How much is most of it? >50%, that is, if there are 3 children, then at least 2 children must be satisfied, and if there are 2 children, then both must be satisfied.

Then look at the layer 2 node, which has the same meaning as the root node.

The grey leaf node in the middle, Type: Signature, indicates that a Signature is required to satisfy this node policy.

Who will sign it? See Rule: OR(‘ othermsp. admin’, ‘othermsp. peer’,’ othermsp. client’), which means that only one of the signatures of the admin OR peer OR any of the roles in the client is required.

Is that clear? The responsibility for whether policies are met ultimately rests with specific members of the organization, including users and nodes. If you agree, add your signature and the number of signatures meets the requirements.

There are, of course, several other options for a more flexible strategy:

• ImplicitMetaPolicy type Rule format for: < ANY | | ALL MAJORITY > < SubPolicyName >. For example: Rule: ANY Readers Indicates the Reader policy of ANY child node.

• The format of Signature rules is EXPR(E[, E… EXPR has three options: AND, OR AND OutOf. E stands for principal, for example:

  • ‘org0.admin ‘: any administrator in Org0
  • ‘org1.member ‘: any user in the Org1 organization
  • ‘org1.client ‘: Any client in the Org1 organization
  • ‘org1. peer’: any peer in Org1

Here are a few complete examples:

• AND(‘ org1. member’, ‘org2. member’,’ org3. member’) : requires a signature from Org1, Org2, AND Org3 from any user in each organization.

• OR(‘ org1. member’, ‘org2. member’) : either Org1 OR Org2 provides a signature.

• OR(‘ org1. member’, AND(‘ org2. member’, ‘org3. member’)) : Org1 AND Org3 Any user in each organization provides a signature at the same time, OR Org1 provides a signature from any user in the organization.

• OutOf(1, ‘org1. member’,’ org2. member’) : n out of m means n/m. This is equivalent to OR(‘ org1. member’, ‘org2. member’).

• OutOf(2, ‘org1. member’,’ org2. member’) : equivalent to AND(‘ org1. member’, ‘org2. member’).

• OutOf(2, ‘org1. member’,’ org2. member’, ‘org3. member’) : OR(AND(‘ org1. member’, ‘org2. member’), AND(‘ org2. member’,’ org3. member’)).

Okay, that’s enough for you to digest for a while. If you get confused, don’t worry, come back to understand after reading the following content.

I am a2Stream programmer, we next time again cheap!

This article is formatted using MDNICE