A connection profile will describe the Hyperledger Fabric network to the Hyperledger Fabric Node.js Client (fabric client). It also contains entries that describe the Hyperledger Fabric network including entries that describe the fabric client that will access the network. The connection profile has specific addresses and settings for network items. Configuring a connection profile for a single channel - single chaincode is pretty straightforward but it will be a little tricky the other way round. Let me showcase a scenario which will define the channels and chaincodes with their relationships between them.
The Scenario
There will be two organizations with their respective channels. The scenario will be that the first organization can make use of the second organization’s channel and chaincode but not the vice versa. Let us first start with the first organization’s connection profile.
Before proceeding with this article, make sure that you have a basic understanding of the YAML.
ORG1 Connection Profile
The first organization’s connection profile is where we will be defining the configuration to interact with the second organization’s channel & chaincode.
1
2
3
4
5
6
7
8
| name: "ORG1 Client"
version: "1.0"
client:
organization: org1
credentialStore:
path: "./KeyStore/clearingHouse"
cryptoStore:
path: "./KeyStore/clearingHouse"
|
The above configuration defines the name and the HLF Keystore location which will store the private and public keys.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| channels:
org1channel:
orderers:
- orderer.example.com
peers:
peer0.org1.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org1.example.com:
endorsingPeer: false
chaincodeQuery: false
ledgerQuery: false
eventSource: false
org2channel:
orderers:
- orderer.example.com
peers:
peer0.org2.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org2.example.com:
endorsingPeer: false
chaincodeQuery: false
ledgerQuery: false
eventSource: false
|
Channels are the state store of a blockchain network which holds the application data generated during the lifecycle of the system. It’s used to store information like user data, purchase data, order data, invoices and more. We defined the channels in such a way that the first organization’s fabric client will now know the available channels for its organization. In our scenario, the first organization will be able to interact with the second organization’s channel.
1
2
3
4
5
6
7
8
9
10
11
12
| organizations:
org1:
mspid: ORG1MSP
peers:
- peer0.org1.example.com
- peer1.org1.example.com
certificateAuthorities:
- ca.org1.example.com
adminPrivateKey:
path: crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/keystore/7f6d1298f6a1a98a2bae3aa68d2b0a1b32be00f49298c5c1aad2e6ed74b9a72e_sk
signedCert:
path: crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/signcerts/[email protected]
|
The organizations key defines the attributes that are related to its organization. This will stay the same for the second organization with its respective attributes. This defines the Membership Service Provider Identifier
(mspid), the peers with which the client will interact with, the certificate authority
that enrolls the admin and the key that is generated during the cryptogenic key generation
.
1
2
3
4
5
6
7
8
| orderers:
orderer.example.com:
url: grpcs://localhost:7050
grpcOptions:
ssl-target-name-override: orderer.example.com
grpc-max-send-message-length: 15
tlsCACerts:
path: crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem
|
The orderers form the ordering service, i.e., a communication fabric that provides delivery guarantees. The ordering service can be implemented in different ways: ranging from a centralized service (used e.g., in development and testing) to distributed protocols that target different network and node fault models. If you’re using Kafka solo, you will have only one orderer for both the organizations.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| peers:
peer0.org1.example.com:
url: grpcs://localhost:9051
eventUrl: grpcs://localhost:9053
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
grpc.keepalive_time_ms: 600000
tlsCACerts:
path: crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
peer1.org1.example.com:
url: grpcs://localhost:10051
eventUrl: grpcs://localhost:10053
grpcOptions:
ssl-target-name-override: peer1.org1.example.com
grpc.keepalive_time_ms: 600000
tlsCACerts:
path: crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
peer0.org2.example.com:
url: grpcs://localhost:13051
eventUrl: grpcs://localhost:13053
grpcOptions:
ssl-target-name-override: peer0.org2.example.com
grpc.keepalive_time_ms: 600000
tlsCACerts:
path: crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
peer1.org2.example.com:
url: grpcs://localhost:14051
eventUrl: grpcs://localhost:14053
grpcOptions:
ssl-target-name-override: peer1.org2.example.com
grpc.keepalive_time_ms: 600000
tlsCACerts:
path: crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
|
A blockchain network is comprised primarily of a set of peer nodes (or, simply, peers). Peers are a fundamental element of the network because they host ledgers and smart contracts. The above peer configuration defines the available peers for the first organization. Since the first organization will interact with the second organization, we’ll define both the peers.
1
2
3
4
5
6
7
8
9
10
11
| certificateAuthorities:
ca.org1.example.com:
url: http://localhost:8054
httpOptions:
verify: false
tlsCACerts:
path: crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
registrar:
- enrollId: admin
enrollSecret: adminpw
caName: ca.org1.example.com
|
The Certificate Authority (CA) provides a number of certificate services to the users of a blockchain. More specifically, these services relate to the user enrollment, transactions invoked on the blockchain and TLS-secured connections between users or components of the blockchain. Every channel has it’s own CA.
ORG2 Connection Profile
The second organization’s connection profile is pretty straightforward as it is bound to access its own channel.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
| name: "ORG2 Client"
version: "1.0"
client:
organization: org2
credentialStore:
path: "./KeyStore/org2"
cryptoStore:
path: "./KeyStore/org2"
channels:
org2channel:
orderers:
- orderer.example.com
peers:
peer0.org2.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer1.org2.example.com:
endorsingPeer: false
chaincodeQuery: false
ledgerQuery: false
eventSource: false
organizations:
org2:
mspid: ORG2MSP
peers:
- peer0.org2.example.com
- peer1.org2.example.com
certificateAuthorities:
- ca.org2.example.com
adminPrivateKey:
path: crypto-config/peerOrganizations/org2.example.com/users/[email protected]/msp/keystore/1bf30f8854f99c3667ed8664769d8957dc8193414611e93f9d18e2a24374887b_sk
signedCert:
path: crypto-config/peerOrganizations/org2.example.com/users/[email protected]/msp/signcerts/[email protected]
orderers:
orderer.example.com:
url: grpcs://localhost:7050
grpcOptions:
ssl-target-name-override: orderer.example.com
grpc-max-send-message-length: 15
tlsCACerts:
path: crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peers:
peer0.org2.example.com:
url: grpcs://localhost:11051
eventUrl: grpcs://localhost:11053
grpcOptions:
ssl-target-name-override: peer0.org2.example.com
grpc.keepalive_time_ms: 600000
tlsCACerts:
path: crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
peer1.org2.example.com:
url: grpcs://localhost:12051
eventUrl: grpcs://localhost:12053
grpcOptions:
ssl-target-name-override: peer1.org2.example.com
grpc.keepalive_time_ms: 600000
tlsCACerts:
path: crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
certificateAuthorities:
ca.org2.example.com:
url: http://localhost:8054
httpOptions:
verify: false
tlsCACerts:
path: crypto-config/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem
registrar:
- enrollId: admin
enrollSecret: adminpw
caName: ca.org2.example.com
|
And that’s all there is to it! If you’re using a different SDK and have a different approach of writing the fabric client, let’s discuss in the comments section below!