Hyperledger Fabric sample Fabcar on IBM Blockchain Platform
NOTE: This developer pattern creates a blockchain network on IBM Blockchain Platform version 2.5 using the Hyperledger Fabric version 1.4.
This code pattern demonstrates setting up a network on the IBM Blockchain Platform and deploying the Fabcar smart contract on the network. Next, we setup our application to interact with the network including identities to submit transactions on the smart contract. The application is setup with a Node.js server using the Fabric Node SDK to process requests to the network, and an Angular client to bring up a web interface.
When the reader has completed this code pattern, they will understand how to:
- Setup a Hyperledger Fabric network on IBM Blockchain Platform
- Install and instantiate smart contract through the IBM Blockchain Platform
- Develop a Node.js server with the Hyperledger Fabric SDK to interact with the deployed network
- Create an Angular frontend for the web app to interface with the network
- The Blockchain Operator sets up the IBM Blockchain Platform service.
- The IBM Blockchain Platform enables to create a Hyperledger Fabric network onto a IBM Cloud Kubernetes Service, allowing to install and instantiate the Fabcar smart contract on the network.
- The Node.js application server uses the Fabric SDK to interact with the deployed network on IBM Blockchain Platform and creates APIs for a web client.
- The Angular client uses the Node.js application API to interact with the network.
- The User interacts with the Fabcar Angular web interface to update and query the blockchain ledger and state.
- IBM Blockchain Platform gives you total control of your blockchain network with a user interface that can simplify and accelerate your journey to deploy and manage blockchain components on the IBM Cloud Kubernetes Service.
- IBM Cloud Kubernetes Service creates a cluster of compute hosts and deploys highly available containers. A Kubernetes cluster lets you securely manage the resources that you need to quickly deploy, update, and scale applications.
- IBM Blockchain Platform Extension for VS Code is designed to assist users in developing, testing, and deploying smart contracts -- including connecting to Hyperledger Fabric environments.
- Hyperledger Fabric v1.4 is a platform for distributed ledger solutions, underpinned by a modular architecture that delivers high degrees of confidentiality, resiliency, flexibility, and scalability.
- Node.js is an open source, cross-platform JavaScript run-time environment that executes server-side JavaScript code.
- Express.js is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications.
- Angular.io is a front-end framework for building web applications.
- IBM Cloud account
- Node v10.x and npm v6.x or greater
- VSCode version 1.38.0 or greater
- IBM Blockchain Platform Extension for VSCode
Follow these steps to set up and run this code pattern. The steps are described in detail below.
To run a local network, you can find steps here
- Clone the repo
- Package the smart contract
- Create IBM Cloud services
- Build a network
- Deploy FabCar Smart Contract on the network
- Connect application to the network
- Run the application
Clone this repository in a folder your choice:
git clone https://github.com/IBM/fabcar-blockchain-sample.git
cd fabcar-blockchain-sample
We will use the IBM Blockchain Platform extension on VS Code to package the Fabcar smart contract.
-
Open Visual Studio code and open the
contract
folder fromfabcar-blockchain-sample
repository that was cloned earlier. It is important that you are opening thecontract
folder and not the entirefabcar-blockchain-sample
directory; otherwise you will see an error that states that it doesn't understand what programming language you are using. -
Press the
F1
key to see the different VS code options. ChooseIBM Blockchain Platform: Package Open Project
.
- Click the
IBM Blockchain Platform
extension button on the left. This will show the packaged contracts on top and the blockchain connections on the bottom.
-
Next, right click on the packaged contract (in this case, select fabcar@1.0.0) to export it and choose
Export Package
. -
Choose a location on your machine and save the
.cds
file. We will use this packaged smart contract later to deploy on the IBM Blockchain Platform service.
Now, we will start setting up the different services required for configuring our Hyperledger Fabric network on the IBM Cloud and for running our application using this network.
- Create the IBM Cloud Kubernetes Service. You can find the service in the
Catalog
. For this code pattern, we can use theFree
cluster, and give it a name. Note, that the IBM Cloud allows one instance of a free cluster which expires after 30 days. Note: it could take 20 minutes for the IBM Cloud Kubernetes Service setup to complete.
- Create the IBM Blockchain Platform service on the IBM Cloud. You can find the service in the
Catalog
, and give it a name.
- After your kubernetes cluster is up and running, you can deploy your IBM Blockchain Platform on the cluster. Again - wait for the IBM Cloud Kubernetes service to indicate it was deployed. The IBM Blockchain Platform service walks through few steps and finds your cluster on the IBM Cloud to deploy the service on.
- Once the Blockchain Platform is deployed on the Kubernetes cluster, you can launch the console to start configuring your blockchain network.
We will build a network as provided by the IBM Blockchain Platform documentation. This will include creating a channel with a single peer organization with its own MSP and CA (Certificate Authority), and an orderer organization with its own MSP and CA. We will create the respective identities to deploy peers and operate nodes.
- Navigate to the Nodes tab in the left navigation and click Add Certificate Authority +.
- Click Create a Certificate Authority + and click Next.
- Give it a CA display name of
Org1 CA
, a CA administrator enroll ID ofadmin
and a CA administrator enroll secret ofadminpw
, then click Next. - Review the summary and click Add Certificate Authority.
- In the Nodes tab, select the Org1 CA once it is running (indicated by the green box in the tile).
- Click Associate identity on the CA overview panel.
- On the side panel, select the Enroll ID tab.
- Provide an Enroll ID of
admin
and an Enroll secret ofadminpw
. Use the default value ofOrg1 CA Admin
for the Identity display name. - Click Associate identity to associate the
admin
identity with the Org1 CA.
- Select the Org1 CA Certificate Authority and ensure the
admin
identity that was created for the CA is visible in the table. - The next step is to register an admin for the organization "Org1". Click on the Register User + button. Give an Enroll ID of
org1admin
and an Enroll secret oforg1adminpw
. Set the Type for this identity asadmin
. Specify to Use root affiliation. Leave the Maximum enrollments field blank. Click Next. - Skip the section to add attributes to this user and click Register user.
- Repeat the process to create an identity of the peer. Click on the Register User + button. Give an Enroll ID of
peer1
and an Enroll secret ofpeer1pw
. Set the Type for this identity aspeer
. Specify to Use root affiliation. Leave the Maximum enrollments field blank. Click Next. - Skip the section to add attributes to this user and click Register user.
- Navigate to the Organizations tab in the left navigation and click Create MSP definition +.
- Enter the MSP display name as
Org1MSP
and the MSP ID asOrg1MSP
. Click Next. - Specify
Org1 CA
as the Root Certificate Authority. Click Next. - Select the New identity tab. Give the Enroll ID and Enroll secret for your organization admin, i.e.
org1admin
andorg1adminpw
respectively. Then, give the Identity name asOrg1 Admin
. - Click the Generate button to enroll this identity as the admin of your organization and add the identity to the wallet. Click Export to export the admin certificates to your file system. Click Next.
- Review all the information and click Create MSP definition.
- Navigate to the Nodes tab in the left navigation and click Add peer +.
- Click Create a peer + and then click Next.
- Give the Peer display name as
Peer Org1
and click Next. - On the next screen, select
Org1 CA
as the Certificate Authority. Then, give the Peer enroll ID and Peer enroll secret aspeer1
andpeer1pw
respectively. Select the Organization MSP asOrg1MSP
. Leave the TLS CSR hostname blank and select the highest value available in the drop-down for Fabric version, i.e.2.1.1-0
. Click Next. - Provide
Org1 Admin
as the Peer administrator identity and click Next. - Review the summary and click Add peer.
- Navigate to the Nodes tab in the left navigation and click Add Certificate Authority +.
- Click Create a Certificate Authority + and click Next.
- Give it a CA display name of
Orderer CA
, a CA administrator enroll ID ofadmin
and a CA administrator enroll secret ofadminpw
, then click Next. - Review the summary and click Add Certificate Authority.
- In the Nodes tab, select the Orderer CA once it is running (indicated by the green box in the tile).
- Click Associate identity on the CA overview panel.
- On the side panel, select the Enroll ID tab.
- Provide an Enroll ID of
admin
and an Enroll secret ofadminpw
. Use the default value ofOrderer CA Admin
for the Identity display name. - Click Associate identity to associate the
admin
identity with the Orderer CA.
- Select the Orderer CA Certificate Authority and ensure the
admin
identity that was created for the CA is visible in the table. - The next step is to register an admin for the organization "Orderer". Click on the Register User + button. Give an Enroll ID of
ordereradmin
and an Enroll secret ofordereradminpw
. Set the Type for this identity asadmin
. Specify to Use root affiliation. Leave the Maximum enrollments field blank. Click Next. - Skip the section to add attributes to this user and click Register user.
- Repeat the process to create an identity of the orderer. Click on the Register User + button. Give an Enroll ID of
orderer
and an Enroll secret ofordererpw
. Set the Type for this identity asorderer
. Specify to Use root affiliation. Leave the Maximum enrollments field blank. Click Next. - Skip the section to add attributes to this user and click Register user.
- Navigate to the Organizations tab in the left navigation and click Create MSP definition +.
- Enter the MSP display name as
OrdererMSP
and the MSP ID asOrdererMSP
. Click Next. - Specify
Orderer CA
as the Root Certificate Authority. Click Next. - Select the New identity tab. Give the Enroll ID and Enroll secret for your organization admin, i.e.
ordereradmin
andordereradminpw
respectively. Then, give the Identity name asOrderer Admin
. - Click the Generate button to enroll this identity as the admin of your organization and add the identity to the wallet. Click Export to export the admin certificates to your file system. Click Next.
- Review all the information and click Create MSP definition.
- Navigate to the Nodes tab in the left navigation and click Add ordering service +.
- Click Create an ordering service + and then click Next.
- Give the Ordering service display name as
Orderer
and click Next. - On the next screen, select
Orderer CA
as the Certificate Authority. Then, give the Ordering service enroll ID and Ordering service enroll secret asorderer
andordererpw
respectively. Select the Organization MSP asOrdererMSP
. Leave the TLS CSR hostname blank and select the highest value available in the drop-down for Fabric version, i.e.2.1.1-0
. Click Next. - Provide
Orderer Admin
as the Orderer administrator identity and click Next. - Review the summary and click Add ordering service.
- Navigate to the Nodes tab, and click on the Orderer that was created.
- Under Consortium Members, click Add organization +.
- Select the Existing MSP ID tab. From the drop-down list, select
Org1MSP (Org1MSP)
, as this is the MSP that represents the peer's organization "Org1". - Click Add organization.
- Navigate to the Channels tab in the left navigation and click Create channel +.
- Click Next.
- Give the Channel name as
mychannel
. SelectOrderer
from the Ordering service drop-down list. Click Next. - Under Organizations, select
Org1MSP (Org1MSP)
from the drop-down list to add the organization "Org1" as a member of this channel. Click the Add button. Set the permissions for this member as Operator. Click Next. - Leave the Policy as the default value i.e.
1 out of 1
. Click Next. - Select the Channel creator MSP as
Org1MSP (Org1MSP)
and the Identity asOrg1 Admin
. Click Next. - Review the summary and click Create channel.
- Click on the newly created channel mychannel.
- In the side panel that opens, under Choose from available peers, select
Peer Org1
. Once the peer is selected, a check mark will be displayed next to it. Ensure that Make anchor peer(s) is marked asYes
. Click Join channel.
- Navigate to the Smart contracts tab in the left navigation and click Install smart contract +.
- Click on Add file.
- Browse to the location of the Fabcar smart contract package file (it is probably named
fabcar@1.0.0.cds
), which we packaged earlier using the IBM Blockchain Platform extension for Visual Studio code. - Once the contract is uploaded, click Install smart contract.
- Under Installed smart contracts, find the smart contract from the list (Note: ours is called fabcar) installed on our peer and click Instantiate from the overflow menu on the right side of the row.
- On the side panel that opens, select the channel,
mychannel
on which to instantiate the smart contract. Click Next. - Select
Org1MSP
as the organization member to be included in the endorsement policy. Click Next. - Skip the Setup private data collection step and simply click Next.
- Provide the Function name as
initLedger
and leave the Arguments blank. - Click Instantiate smart contract.
- Navigate to the Organizations tab in the left navigation, and click on Org1MSP.
- Click on Download Connection Profile.
- In the side panel that opens up, select
Yes
as the response for Include Org1 CA for user registration and enrollment?. Under Select peers to include, selectPeer Org1
. Then click Download connection profile. This will download the connection json which we will use to establish a connection between the Node.js web application and the Blockchain Network.
- Navigate to the Nodes tab in the left navigation, and under Certificate Authorities, choose Org1 CA.
- Click on the Register User + button. Give an Enroll ID of
app-admin
and an Enroll secret ofapp-adminpw
. Set the Type for this identity asclient
. Specify to Use root affiliation. Leave the Maximum enrollments field blank. Click Next. - Click on Add attribute +. Enter the attribute name as
hf.Registrar.Roles
and the attribute value as*
. NOTE: If you wish to use the deregisterUser.js script to remove/revoke/delete existing users, then you need to add another attributehf.Revoker
with the attribute value oftrue
to your application admin. - Click Register user.
- Copy the connection profile you downloaded into the server folder.
- Update the config.json file with:
- The connection json file name you downloaded.
- The enroll id and enroll secret for your app admin, which we earlier provided as
app-admin
andapp-adminpw
respectively. - The orgMSP ID, which we provided as
Org1MSP
. - The caName, which can be found in your connection json file under "organizations" -> "Org1MSP" -> certificateAuthorities". This would be like an IP address and a port.
- The username you would like to register.
- Update gateway discovery to
{ enabled: true, asLocalhost: false }
to connect to IBM Blockchain Platform.
the current default contents of the config.json are to connect to a local fabric instance from VS Code.
After the updates, the contents of the config.json should look similar to the file shown below:
{
"connection_file": "Org1MSP_profile.json",
"appAdmin": "app-admin",
"appAdminSecret": "app-adminpw",
"orgMSPID": "Org1MSP",
"caName": "169.46.208.151:30404",
"userName": "user1",
"gatewayDiscovery": { "enabled": true, "asLocalhost": false }
}
-
First, navigate to the
web-app/server
directory, and install the node dependencies:cd web-app/server npm install
-
Run the
enrollAdmin.js
script:node enrollAdmin.js
-
You should see the following in the terminal:
msg: Successfully enrolled admin user app-admin and imported it into the wallet
-
From the
server
directory, run theregisterUser.js
script:node registerUser.js
-
You should see the following in the terminal:
Successfully registered and enrolled admin user user1 and imported it into the wallet
NOTE: The following steps need to be performed only if you wish to revoke an existing user.
By default, removal of identities is disabled in IBM Blockchain Platform. If you wish to remove identities, you need to manually override this default setting in the IBM Blockchain Platform console.
- On the console, go to the
Nodes
tab using the left hand navigation pane and click on your organization's CA. - Click on the settings icon in the left side.
- In the pane that opens up on the right side, click on
Edit configuration JSON (Advanced)
. - Paste the following into the input block for
Configuration updates
, then clickUpdate Certificate Authority
. NOTE: The value of 10 for passwordattempts is the default value. If your certificate authority was set up with a different number for passwordattempts then you need to use that number. You can find this value from theCurrent configuration
section which is just above theConfiguration updates
section.
{
"ca": {
"cfg": {
"identities": {
"passwordattempts": 10,
"allowremove": true
}
}
}
}
The removal of identities will now be enabled. As long as your application admin has been created with the hf.Revoker
attribute set to the value of true
(as specified in the Create an application admin step above, you can use the deregisterUser.js
script to remove the user identity.
-
From the
server
directory, run thederegisterUser.js
script. This script removes/revokes the user identified byuserName
specified in the config.json file.node deregisterUser.js
-
You should see the following in the terminal:
Successfully deregistered the user user1 and deleted it from the wallet.
-
From the
server
directory, start the server:npm start
-
In a new terminal, open the
web-app/client
directory and install the dependencies:cd web-app/client npm install
-
Start the client:
npm start
You can find the app running at http://localhost:4200/
You can go to the IBM Blockchain Platform console to monitor your users and get information on your channel including the blocks added.
-
If you encounter an error
discover error: access denied
, you need to set thegatewayDiscovery
properly in yourconfig.json
file. This is REQUIRED You must set it as follows to connect to IBP:`"gatewayDiscovery": {"enabled": true, "asLocalhost": false }`
-
When running the registerUser.js script, if you get an error that says
Failed to register user user1: TypeError [ERR_INVALID_ARG_TYPE]: The "options.ca" property must be one of type string, Buffer, TypedArray, or DataView. Received type object
, you can get past this error by editing your connection profile that was downloaded from IBM Blockchain Platform. Open the connection profile and look fortlsCACerts
under your certificateAuthority. If thepem
value undertlsCACerts
is of type array, remove the square brackets[]
and convert it to a string. That is, if your connection profile is like the following image:
update it as shown in the image below:
- When running the registerUser.js script, if you get an error that says
Error: Calling register endpoint failed with error [Error: self signed certificate]
, you can get past this by adding"httpOptions": {"verify": false}
to the certificateAuthorities section of the connection profile that was downloaded from IBM Blockchain Platform.
-
WHen running the *deregisterUser.js script, if you get an error that says
[[{"code":56,"message":"Identity removal is disabled"}]]
, this is because identity removal is disabled by default in IBM Blockchain Platform. You will have to enable it by updating the CA using the steps provided in the Deregister User section above. -
When running the deregisterUser.js script, if you get an error that says
Failed to deregister user user1: Error: fabric-ca request revoke failed with errors [[{"code":71,"message":"Authorization failure"}]]
, this is because your application admin does not have thehf.Revoker
attribute set totrue
. You will need to add a new application admin with this attribute, enroll the admin using the enroll.js script and then you should be able to run the deregisterUser.js script using this new application admin.
This code pattern is licensed under the Apache Software License, Version 2. Separate third-party code objects invoked within this code pattern are licensed by their respective providers pursuant to their own separate licenses. Contributions are subject to the Developer Certificate of Origin, Version 1.1 (DCO) and the Apache Software License, Version 2.