khala-fabric-formatter v2.2.2-alpha.1
fabric-common
Current version 1.4.8
Prerequisite
- docker: 17.06.2-ce +
- docker-compose: 1.14.0 +
- golang: 1.13.x
- fabric-node-sdk:
- nodejs: 10.x
- npm: 6 +
- Python: 2.7
Mono repository division
- bash
- deprecated(./composer)
- golang
- java
- nodejs
Milestone
Notes
- connectionProfileA connection profile is normally created by an administrator who understands the network topology.
- if random result is included in WriteSet, it corrupts the deterministic process.
- instantiate/upgrade could be where data migration is performed, if necessary
- keystore For private keys existing in local file system, you should set the permissions to 0400 on *nix based OS’s.
- gRpcs host name SHOULD not include upper-case character, otherwise gRpcs ping for discovery_client will not response back with docker network DNS
- queryblockHeight(got from queryChain) indexing from 1, blockNumber in blockEvent starting from 0
- referenceplayback conference: https://wiki.hyperledger.org/display/fabric/Playbacks
- channel
txId
is required in peer join channel because: bret HarrisonThere is a transaction proposal to the system chaincode, so a transaction id is required. - channel individual properties may be overridden by setting environment variables, such as
CONFIGTX_ORDERER_ORDERERTYPE=kafka
. - channel peer could not join system channel
[Orderer.js]: sendDeliver - rejecting - status:FORBIDDEN
- channelchannel ID length < 250 :initializing configtx manager failed: bad channel ID: channel ID illegal, cannot be longer than 249
- proposalResponse instantiate|upgrade action return a response payload with struct
ChaincodeData
. See in protobuf message description file - disasterbackup recovery: at least 1 anchor peer for each organization should be resumed to recover transaction process
- couchdberror symptom of run richQuery on levelDB:
GET_QUERY_RESULT failed: transaction ID: 6b53220f87f791047ba44635f32d07cb667b6439c5df95e9a208d74ab12b5ff2: ExecuteQuery not supported for leveldb
- raft etcdraft does not support non TLS
- Raft nodes identify each other using TLS pinning, so in order to impersonate a Raft node, an attacker needs to obtain the private key of its TLS certificate. As a result, it is not possible to run a Raft node without a valid TLS configuration.
[orderer.common.server] initializeClusterClientConfig -> PANI 004 TLS is required for running ordering nodes of type etcdraft.
ClientTLSCert
,ServerTLSCert
in configtx.yaml have to be aligned with orderer environment set:
otherwise it will say:General.Cluster.ClientCertificate = "" General.Cluster.ClientPrivateKey = "" General.Cluster.RootCAs = []
I do not belong to channel testchainid or am forbidden pulling it (not in the channel), skipping chain retrieval
- raft Each channel has its own RAFT orderer cluster, but system channel should have a super set of all orderer cluster -- Jay Guo
- raft migrate from kafka to etcdRaft, see here
- solo Deploy a single-node Raft-based ordering service instead of using solo consensus type
- Replay Attack txID replay validation is done by orderer, the duplicated txID could not be found at next block marked as "invalid transaction"
- fabric-kafka and fabric-zookeeper docker images are no longer updated, maintained, or published.
Notes: ChannelEventHub
- for application channel
- The first block could be replayed is not the channel genesis block (available from
Channel.getGenesisBlock
), but the one after, which isblock.header.number='1'
.
- The first block could be replayed is not the channel genesis block (available from
Notes: Private Data
- privateDatarequirePeerCount <= peerCount - 1 (1 for peer itself)
- privateData"2-of" collectionPolicy is not allowed
- privateDataprivate data work only after manually set anchor peers
- privateDataNote that collections cannot be deleted, as there may be prior private data hashes on the channel’s blockchain that cannot be removed.
- privateDatacall
await stub.putPrivateData('any', "key", 'value');
without setup collection Config or in Init step:
Error: collection config not define for namespace node
See also in https://github.com/hyperledger/fabric/commit/8a705b75070b7a7021ec6f897a80898abf6a1e45 - privateData collectionConfig.memberOnlyRead
- expected symptom:
Error: GET_STATE failed: transaction ID: 35175d5ac4ccaa44ad77257a25caca5999c1a70fdee27174f0b7d9df1c39cfe5: tx creator does not have read access permission on privatedata in chaincodeName:diagnose collectionName: private
- expected symptom:
- privateData private data will automatic sync on new peer(process last for seconds)
Notes: Chaincode
- chaincode peer.response in chaincode.Init cannot be recovered from proposal response. stub.GetState is meaningless in Init
- chaincode transient map context keep persistent when cross chaincode
- chaincode Chaincode invoker
creator
could belongs to differed organization than target peers - chaincode Chaincode name is not a secret, we can use combination of discovery service and query chaincode installed on peer to get them all
- chaincode call
await stub.putPrivateData('anyCollection', "key", 'value');
without setup collection Config or in Init step:
Error: collection config not define for namespace
See in https://github.com/hyperledger/fabric/commit/8a705b75070b7a7021ec6f897a80898abf6a1e45 - chaincodeSystem chaincodes are intended to be invoked by a client rather than by a user chaincode
- chaincodechaincode partial update: when not all peers upgrade to latest chaincode, is it possible that old chaincode still work with inappropriate endorsement config; while with appropriate endorsement policy, we get chaincode fingerprint mismatch error
- chaincode System chaincodes are designed to be invoked by a client rather than by a user chaincode. Invoking from a user chaincode may cause deadlocks. See here
- chaincode
instantiate policy
is notendorsemnet policy
, it is used during chaincode packaging/install determining who is able to instantiate/upgrade chaincode, it is partially supported in nodejs with chaincode package binary(byte[]) as input.- to customize instantiate policy, we reply on
peer chaincode package
Notes: Operations
- logLevel
logspec
:{"spec":"chaincode=debug:info"}
, the logger is in debug mode and level is info. - healthz In the current version, the only health check that is registered is for Docker.
- metrics the TLS enable flag located in
Operations
section - metrics for peer and orderer, even ...OPERATIONS_TLS_CLIENTAUTHREQUIRED=false, client side key-cert is still
- required on endpoints:
/metrics
,/logspec
but not required on endpoints
/healthz
,/version
See details in FAB-14323
- required on endpoints:
- metrics The
/metrics
endpoint allows operators to utilize Prometheus to pull operational metrics from peer and orderer nodes.
TODO
- npm couchdb-dump in nodejs/couchdbDump.sh
- level db navigator(https://github.com/Level/level or https://github.com/syndtr/goleveldb) and richQuery for leveldb;leveldb analyzer
- NodeOUs enable and intermediate CA
- channelEventHub.disconnect status sync
- make use of npm jsrsasign
- make use of softHSM in node-sdk
- replace some function in query.js with system chaincode
- escc, vscc sample
Fabric weakness
- fabric RSA key support:
- not supported as peer|orderer keystore
- new Feature required: GetPrivateStateByRangeWithPagination: https://jira.hyperledger.org/browse/FAB-11732
async or not: CryptoSuite importKey
1.4
Channel#getChannelConfigFromOrderer
could not specify target orderer- client.newTransactionID(); --> new TransactionID(Identity,isAdmin)
create docker env manager to convert a env jsObject to env list(having same key checking)
go mod support
lib/packager/Golang.js
could not support project outside of GoPath (as usually in go mod)const projDir = path.join(goPath, 'src', chaincodePath);
Abandoned
- what is peer_chaincode_id and peer_chaincode_path
- keystore object un-promisify: https://gerrit.hyperledger.org/r/#/c/24749/
- endpoint ping: https://gerrit.hyperledger.org/r/#/c/28115/
- docker-swarm support
- graphiteapp/graphite-statsd not working to receive metrics: push statsD to AWS
2 years ago
2 years ago
2 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
3 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago
4 years ago