Decentralized (Peer-owned Orderer) Setup with No System Channel

Introduction

In Hyperledger Fabric, ordering service plays an important role of keeping the consortium configuration and creating blocks. Over the past two years, the implementation of ordering service keeps evolving. Raft-based ordering service enables a type of decentralization, as participating organizations (peer organizations) can now have their own ordering service nodes. This means fabric can now support a setup with no orderer organization. Meanwhile, Fabric keeps using the system channel to manage the consortium, which creates an additional layer of administration. Fabric v2.3 supports a fabric network setup without a system channel. This provides flexibility in design and operation of a fabric deployment.

Overview

Fabric documentation provides the best explanation on both raft-based implementation and setup of no system channel. Here is a quick overview.

Fabric Network Setup

I modified the Fabric CA tutorial setup (link), from which I also reworked this setup for Fabric v2.2 in this article. Here is our setup in this article.

Demonstration

Step 1: Prepare a Fabric host and obtain the setup

Prepare a single host with Fabric v2.3 properly installed. You can refer to the prerequisite and the installation guide for the detail.

cd fabric-samples/
git clone https://github.com/kctam/peerowned-nosyschannel.git
cd peerowned-nosyschannel

Step 2: Create crypto material for the whole network

As mentioned above, we are adopting a setup using Fabric-CA to create all the crypt material for both organizations. All materials generated are stored inside /tmp/hyperledger-fabric/, and this directory is mapped in the components later.

docker-compose downmkdir -p /tmp/hyperledger/
rm -rf /tmp/hyperledger/*
docker-compose up -d rca-org1 rca-org2 ca-tls
sudo chown -R vagrant:vagrant /tmp/hyperledger/*
./allCAnReg.sh./enrollAllOrgs.sh

Step 3: Bring up all components

Now we are ready to bring up the network. All the peers and orderers are defined inside docker-compose.yaml. The three CAs in step 2 are not used from now on.

  • set bootstrap method to none
  • set listen address and enable TLS client authentication for administrator
  • set true to channel participation enabled
  • map the admin directory
  • map the port accessing the administrator port
docker-compose up -d
no system channel is running in orderer in our setup

Step 4: Create application channel and join all components to the channel

To create application channel mychannel, we are now generate the genesis block for mychannel. Note that this is not the genesis block for the system channel as we are not using the system channel any more.

source term-org1
source term-org2
Terminal for org1 orderer1-org1 is used
Terminal for org2 orderer1-org2 is used
configtxgen -profile SampleAppChannelEtcdRaft -configPath ${PWD} -outputBlock mychannel.block -channelID mychannel
# to show channel status
osnadmin channel list -o localhost:7080 --ca-file $ORDERER_CA --client-cert /tmp/hyperledger/org1/admin/tls-msp/signcerts/cert.pem --client-key /tmp/hyperledger/org1/admin/tls-msp/keystore/key.pem
# join channel
osnadmin channel join --channelID mychannel --config-block mychannel.block -o localhost:7080 --ca-file $ORDERER_CA --client-cert /tmp/hyperledger/org1/admin/tls-msp/signcerts/cert.pem --client-key /tmp/hyperledger/org1/admin/tls-msp/keystore/key.pem
No system channel and application channels are in orderer1-org1
Join orderer1-org1 to application channel
orderer1-org1 joins mychannel
# to show channel status
osnadmin channel list -o localhost:8080 --ca-file $ORDERER_CA --client-cert /tmp/hyperledger/org2/admin/tls-msp/signcerts/cert.pem --client-key /tmp/hyperledger/org2/admin/tls-msp/keystore/key.pem
# join channel
osnadmin channel join --channelID mychannel --config-block mychannel.block -o localhost:8080 --ca-file $ORDERER_CA --client-cert /tmp/hyperledger/org2/admin/tls-msp/signcerts/cert.pem --client-key /tmp/hyperledger/org2/admin/tls-msp/keystore/key.pem
orderer1-org2 joins mychannel
peer channel join -b mychannel.block
Join peer1-org1 to mychannel
Join peer1-org2 to mychannel
Joining components to mychannel

Step 5: Test the network with chaincode sacc

This is the standard lifecycle chaincode process. I omit all the commands. You can make reference to this article to find out more.

Summary

We have walked through a setup with decentralized ordering service (orderer owned by peer organization) and no system channel when bringing up an application channel. Hope this setup gives you more insight how to build things up with these new features.

Visit http://www.ledgertech.biz/kcarticles.html for all my works. Reach me on https://www.linkedin.com/in/ktam1/ or follow me @kctheservant in Twitter.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store