日本語はこちら - Japanese version

FabCar Blockchain Sample

Hyperledger Fabric sample Fabcar on IBM Blockchain Platform

NOTE: This developer pattern creates a blockchain network on IBM Blockchain Platform version 2.5 using the Hyperledger Fabric version 1.4.

This code pattern demonstrates setting up a network on the IBM Blockchain Platform and deploying the Fabcar smart contract on the network. Next, we setup our application to interact with the network including identities to submit transactions on the smart contract. The application is setup with a Node.js server using the Fabric Node SDK to process requests to the network, and an Angular client to bring up a web interface.

When the reader has completed this code pattern, they will understand how to:

• Setup a Hyperledger Fabric network on IBM Blockchain Platform
• Install and instantiate smart contract through the IBM Blockchain Platform
• Develop a Node.js server with the Hyperledger Fabric SDK to interact with the deployed network
• Create an Angular frontend for the web app to interface with the network

Architecture flow

1. The Blockchain Operator sets up the IBM Blockchain Platform service.
2. The IBM Blockchain Platform enables to create a Hyperledger Fabric network onto a IBM Cloud Kubernetes Service, allowing to install and instantiate the Fabcar smart contract on the network.
3. The Node.js application server uses the Fabric SDK to interact with the deployed network on IBM Blockchain Platform and creates APIs for a web client.
4. The Angular client uses the Node.js application API to interact with the network.
5. The User interacts with the Fabcar Angular web interface to update and query the blockchain ledger and state.

Included components

• IBM Blockchain Platform gives you total control of your blockchain network with a user interface that can simplify and accelerate your journey to deploy and manage blockchain components on the IBM Cloud Kubernetes Service.
• IBM Cloud Kubernetes Service creates a cluster of compute hosts and deploys highly available containers. A Kubernetes cluster lets you securely manage the resources that you need to quickly deploy, update, and scale applications.
• IBM Blockchain Platform Extension for VS Code is designed to assist users in developing, testing, and deploying smart contracts -- including connecting to Hyperledger Fabric environments.

Featured technologies

• Hyperledger Fabric v1.4 is a platform for distributed ledger solutions, underpinned by a modular architecture that delivers high degrees of confidentiality, resiliency, flexibility, and scalability.
• Node.js is an open source, cross-platform JavaScript run-time environment that executes server-side JavaScript code.
• Express.js is a minimal and flexible Node.js web application framework that provides a robust set of features for web and mobile applications.
• Angular.io is a front-end framework for building web applications.

Prerequisites

• IBM Cloud account
• Node v10.x and npm v6.x or greater
• VSCode version 1.38.0 or greater
• IBM Blockchain Platform Extension for VSCode

Running the application

Follow these steps to set up and run this code pattern. The steps are described in detail below.

Steps

To run a local network, you can find steps here

1. Clone the repo
2. Package the smart contract
3. Create IBM Cloud services
4. Build a network
5. Deploy FabCar Smart Contract on the network
6. Connect application to the network
7. Run the application

1. Clone the repo

Clone this repository in a folder your choice:

git clone https://github.com/IBM/fabcar-blockchain-sample.git
cd fabcar-blockchain-sample

2. Package the smart contract

We will use the IBM Blockchain Platform extension on VS Code to package the Fabcar smart contract.

• Open Visual Studio code and open the contract folder from fabcar-blockchain-sample repository that was cloned earlier. It is important that you are opening the contract folder and not the entire fabcar-blockchain-sample directory; otherwise you will see an error that states that it doesn't understand what programming language you are using.

• Press the F1 key to see the different VS code options. Choose IBM Blockchain Platform: Package Open Project.

• Click the IBM Blockchain Platform extension button on the left. This will show the packaged contracts on top and the blockchain connections on the bottom.

• Next, right click on the packaged contract (in this case, select fabcar@1.0.0) to export it and choose Export Package.

• Choose a location on your machine and save the .cds file. We will use this packaged smart contract later to deploy on the IBM Blockchain Platform service.

Now, we will start setting up the different services required for configuring our Hyperledger Fabric network on the IBM Cloud and for running our application using this network.

3. Create IBM Cloud services

• Create the IBM Cloud Kubernetes Service. You can find the service in the Catalog. For this code pattern, we can use the Free cluster, and give it a name. Note, that the IBM Cloud allows one instance of a free cluster which expires after 30 days. Note: it could take 20 minutes for the IBM Cloud Kubernetes Service setup to complete.

• Create the IBM Blockchain Platform service on the IBM Cloud. You can find the service in the Catalog, and give it a name.

• After your kubernetes cluster is up and running, you can deploy your IBM Blockchain Platform on the cluster. Again - wait for the IBM Cloud Kubernetes service to indicate it was deployed. The IBM Blockchain Platform service walks through few steps and finds your cluster on the IBM Cloud to deploy the service on.

• Once the Blockchain Platform is deployed on the Kubernetes cluster, you can launch the console to start configuring your blockchain network.

4. Build a network

We will build a network as provided by the IBM Blockchain Platform documentation. This will include creating a channel with a single peer organization with its own MSP and CA (Certificate Authority), and an orderer organization with its own MSP and CA. We will create the respective identities to deploy peers and operate nodes.

Create your peer organization CA

• Navigate to the Nodes tab in the left navigation and click Add Certificate Authority +.
• Click Create a Certificate Authority + and click Next.
• Give it a CA display name of Org1 CA, a CA administrator enroll ID of admin and a CA administrator enroll secret of adminpw, then click Next.
• Review the summary and click Add Certificate Authority.

Associate the peer organization CA admin identity

• In the Nodes tab, select the Org1 CA once it is running (indicated by the green box in the tile).
• Click Associate identity on the CA overview panel.
• On the side panel, select the Enroll ID tab.
• Provide an Enroll ID of admin and an Enroll secret of adminpw. Use the default value of Org1 CA Admin for the Identity display name.
• Click Associate identity to associate the admin identity with the Org1 CA.

Use peer organization CA to register the peer and org1 admin identities

• Select the Org1 CA Certificate Authority and ensure the admin identity that was created for the CA is visible in the table.
• The next step is to register an admin for the organization "Org1". Click on the Register User + button. Give an Enroll ID of org1admin and an Enroll secret of org1adminpw. Set the Type for this identity as admin. Specify to Use root affiliation. Leave the Maximum enrollments field blank. Click Next.
• Skip the section to add attributes to this user and click Register user.
• Repeat the process to create an identity of the peer. Click on the Register User + button. Give an Enroll ID of peer1 and an Enroll secret of peer1pw. Set the Type for this identity as peer. Specify to Use root affiliation. Leave the Maximum enrollments field blank. Click Next.
• Skip the section to add attributes to this user and click Register user.

Create the peer organization MSP definition

• Navigate to the Organizations tab in the left navigation and click Create MSP definition +.
• Enter the MSP display name as Org1MSP and the MSP ID as Org1MSP. Click Next.
• Specify Org1 CA as the Root Certificate Authority. Click Next.
• Select the New identity tab. Give the Enroll ID and Enroll secret for your organization admin, i.e. org1admin and org1adminpw respectively. Then, give the Identity name as Org1 Admin.
• Click the Generate button to enroll this identity as the admin of your organization and add the identity to the wallet. Click Export to export the admin certificates to your file system. Click Next.
• Review all the information and click Create MSP definition.

Create a peer

• Navigate to the Nodes tab in the left navigation and click Add peer +.
• Click Create a peer + and then click Next.
• Give the Peer display name as Peer Org1 and click Next.
• On the next screen, select Org1 CA as the Certificate Authority. Then, give the Peer enroll ID and Peer enroll secret as peer1 and peer1pw respectively. Select the Organization MSP as Org1MSP. Leave the TLS CSR hostname blank and select the highest value available in the drop-down for Fabric version, i.e. 2.1.1-0. Click Next.
• Provide Org1 Admin as the Peer administrator identity and click Next.
• Review the summary and click Add peer.

Create your orderer organization CA

• Navigate to the Nodes tab in the left navigation and click Add Certificate Authority +.
• Click Create a Certificate Authority + and click Next.
• Give it a CA display name of Orderer CA, a CA administrator enroll ID of admin and a CA administrator enroll secret of adminpw, then click Next.
• Review the summary and click Add Certificate Authority.

Associate the orderer organization CA admin identity

• In the Nodes tab, select the Orderer CA once it is running (indicated by the green box in the tile).
• Click Associate identity on the CA overview panel.
• On the side panel, select the Enroll ID tab.
• Provide an Enroll ID of admin and an Enroll secret of adminpw. Use the default value of Orderer CA Admin for the Identity display name.
• Click Associate identity to associate the admin identity with the Orderer CA.

Use orderer organization CA to register orderer and orderer admin identities

• Select the Orderer CA Certificate Authority and ensure the admin identity that was created for the CA is visible in the table.
• The next step is to register an admin for the organization "Orderer". Click on the Register User + button. Give an Enroll ID of ordereradmin and an Enroll secret of ordereradminpw. Set the Type for this identity as admin. Specify to Use root affiliation. Leave the Maximum enrollments field blank. Click Next.
• Skip the section to add attributes to this user and click Register user.
• Repeat the process to create an identity of the orderer. Click on the Register User + button. Give an Enroll ID of orderer and an Enroll secret of ordererpw. Set the Type for this identity as orderer. Specify to Use root affiliation. Leave the Maximum enrollments field blank. Click Next.
• Skip the section to add attributes to this user and click Register user.

Create the orderer organization MSP definition

• Navigate to the Organizations tab in the left navigation and click Create MSP definition +.
• Enter the MSP display name as OrdererMSP and the MSP ID as OrdererMSP. Click Next.
• Specify Orderer CA as the Root Certificate Authority. Click Next.
• Select the New identity tab. Give the Enroll ID and Enroll secret for your organization admin, i.e. ordereradmin and ordereradminpw respectively. Then, give the Identity name as Orderer Admin.
• Click the Generate button to enroll this identity as the admin of your organization and add the identity to the wallet. Click Export to export the admin certificates to your file system. Click Next.
• Review all the information and click Create MSP definition.

Create an orderer

• Navigate to the Nodes tab in the left navigation and click Add ordering service +.
• Click Create an ordering service + and then click Next.
• Give the Ordering service display name as Orderer and click Next.
• On the next screen, select Orderer CA as the Certificate Authority. Then, give the Ordering service enroll ID and Ordering service enroll secret as orderer and ordererpw respectively. Select the Organization MSP as OrdererMSP. Leave the TLS CSR hostname blank and select the highest value available in the drop-down for Fabric version, i.e. 2.1.1-0. Click Next.
• Provide Orderer Admin as the Orderer administrator identity and click Next.
• Review the summary and click Add ordering service.

Add organization as Consortium Member on the orderer to transact

• Navigate to the Nodes tab, and click on the Orderer that was created.
• Under Consortium Members, click Add organization +.
• Select the Existing MSP ID tab. From the drop-down list, select Org1MSP (Org1MSP), as this is the MSP that represents the peer's organization "Org1".
• Click Add organization.

Create the channel

• Navigate to the Channels tab in the left navigation and click Create channel +.
• Click Next.
• Give the Channel name as mychannel. Select Orderer from the Ordering service drop-down list. Click Next.
• Under Organizations, select Org1MSP (Org1MSP) from the drop-down list to add the organization "Org1" as a member of this channel. Click the Add button. Set the permissions for this member as Operator. Click Next.
• Leave the Policy as the default value i.e. 1 out of 1. Click Next.
• Select the Channel creator MSP as Org1MSP (Org1MSP) and the Identity as Org1 Admin. Click Next.
• Review the summary and click Create channel.

Join your peer to the channel

• Click on the newly created channel mychannel.
• In the side panel that opens, under Choose from available peers, select Peer Org1. Once the peer is selected, a check mark will be displayed next to it. Ensure that Make anchor peer(s) is marked as Yes. Click Join channel.

5. Deploy FabCar Smart Contract on the network

Install a smart contract

• Navigate to the Smart contracts tab in the left navigation and click Install smart contract +.
• Click on Add file.
• Browse to the location of the Fabcar smart contract package file (it is probably named fabcar@1.0.0.cds), which we packaged earlier using the IBM Blockchain Platform extension for Visual Studio code.
• Once the contract is uploaded, click Install smart contract.

Instantiate smart contract

• Under Installed smart contracts, find the smart contract from the list (Note: ours is called fabcar) installed on our peer and click Instantiate from the overflow menu on the right side of the row.
• On the side panel that opens, select the channel, mychannel on which to instantiate the smart contract. Click Next.
• Select Org1MSP as the organization member to be included in the endorsement policy. Click Next.
• Skip the Setup private data collection step and simply click Next.
• Provide the Function name as initLedger and leave the Arguments blank.
• Click Instantiate smart contract.

6. Connect application to the network

Connect with sdk through connection profile

• Navigate to the Organizations tab in the left navigation, and click on Org1MSP.
• Click on Download Connection Profile.
• In the side panel that opens up, select Yes as the response for Include Org1 CA for user registration and enrollment?. Under Select peers to include, select Peer Org1. Then click Download connection profile. This will download the connection json which we will use to establish a connection between the Node.js web application and the Blockchain Network.

Create an application admin

• Navigate to the Nodes tab in the left navigation, and under Certificate Authorities, choose Org1 CA.
• Click on the Register User + button. Give an Enroll ID of app-admin and an Enroll secret of app-adminpw. Set the Type for this identity as client. Specify to Use root affiliation. Leave the Maximum enrollments field blank. Click Next.
• Click on Add attribute +. Enter the attribute name as hf.Registrar.Roles and the attribute value as *. NOTE: If you wish to use the deregisterUser.js script to remove/revoke/delete existing users, then you need to add another attribute hf.Revoker with the attribute value of true to your application admin.
• Click Register user.

Update application connection profile

• Copy the connection profile you downloaded into the server folder.
• Update the config.json file with:
  • The connection json file name you downloaded.
  • The enroll id and enroll secret for your app admin, which we earlier provided as app-admin and app-adminpw respectively.
  • The orgMSP ID, which we provided as Org1MSP.
  • The caName, which can be found in your connection json file under "organizations" -> "Org1MSP" -> certificateAuthorities". This would be like an IP address and a port.
  • The username you would like to register.
  • Update gateway discovery to { enabled: true, asLocalhost: false } to connect to IBM Blockchain Platform.

the current default contents of the config.json are to connect to a local fabric instance from VS Code.

After the updates, the contents of the config.json should look similar to the file shown below:

{
    "connection_file": "Org1MSP_profile.json",
    "appAdmin": "app-admin",
    "appAdminSecret": "app-adminpw",
    "orgMSPID": "Org1MSP",
    "caName": "169.46.208.151:30404",
    "userName": "user1",
    "gatewayDiscovery": { "enabled": true, "asLocalhost": false }
}

7. Run the application

Enroll admin

• First, navigate to the web-app/server directory, and install the node dependencies:

  cd web-app/server
  npm install

• Run the enrollAdmin.js script:

  node enrollAdmin.js

• You should see the following in the terminal:

  msg: Successfully enrolled admin user app-admin and imported it into the wallet

Register User

• From the server directory, run the registerUser.js script:

  node registerUser.js

• You should see the following in the terminal:

  Successfully registered and enrolled admin user user1 and imported it into the wallet

Deregister User

NOTE: The following steps need to be performed only if you wish to revoke an existing user.

By default, removal of identities is disabled in IBM Blockchain Platform. If you wish to remove identities, you need to manually override this default setting in the IBM Blockchain Platform console.

• On the console, go to the Nodes tab using the left hand navigation pane and click on your organization's CA.
• Click on the settings icon in the left side.
• In the pane that opens up on the right side, click on Edit configuration JSON (Advanced).

• Paste the following into the input block for Configuration updates, then click Update Certificate Authority. NOTE: The value of 10 for passwordattempts is the default value. If your certificate authority was set up with a different number for passwordattempts then you need to use that number. You can find this value from the Current configuration section which is just above the Configuration updates section.

  {
  "ca": { 
    "cfg": {
    "identities": {
      "passwordattempts": 10,
      "allowremove": true 
      }
    }
  }
  }

The removal of identities will now be enabled. As long as your application admin has been created with the hf.Revoker attribute set to the value of true (as specified in the Create an application admin step above, you can use the deregisterUser.js script to remove the user identity.

• From the server directory, run the deregisterUser.js script. This script removes/revokes the user identified by userName specified in the config.json file.

  node deregisterUser.js

• You should see the following in the terminal:

  Successfully deregistered the user user1 and deleted it from the wallet.

Start the application server

• From the server directory, start the server:

  npm start

Start the web client

• In a new terminal, open the web-app/client directory and install the dependencies:

  cd web-app/client
  npm install

• Start the client:

  npm start

You can find the app running at http://localhost:4200/

You can go to the IBM Blockchain Platform console to monitor your users and get information on your channel including the blocks added.

Troubleshooting

• If you encounter an error discover error: access denied, you need to set the gatewayDiscovery properly in your config.json file. This is REQUIRED You must set it as follows to connect to IBP:

           `"gatewayDiscovery": {"enabled": true, "asLocalhost": false }`

• When running the registerUser.js script, if you get an error that says Failed to register user user1: TypeError [ERR_INVALID_ARG_TYPE]: The "options.ca" property must be one of type string, Buffer, TypedArray, or DataView. Received type object , you can get past this error by editing your connection profile that was downloaded from IBM Blockchain Platform. Open the connection profile and look for tlsCACerts under your certificateAuthority. If the pem value under tlsCACerts is of type array, remove the square brackets [] and convert it to a string. That is, if your connection profile is like the following image:

update it as shown in the image below:

• When running the registerUser.js script, if you get an error that says Error: Calling register endpoint failed with error [Error: self signed certificate], you can get past this by adding "httpOptions": {"verify": false} to the certificateAuthorities section of the connection profile that was downloaded from IBM Blockchain Platform.

• WHen running the *deregisterUser.js script, if you get an error that says [[{"code":56,"message":"Identity removal is disabled"}]], this is because identity removal is disabled by default in IBM Blockchain Platform. You will have to enable it by updating the CA using the steps provided in the Deregister User section above.

• When running the deregisterUser.js script, if you get an error that says Failed to deregister user user1: Error: fabric-ca request revoke failed with errors [[{"code":71,"message":"Authorization failure"}]], this is because your application admin does not have the hf.Revoker attribute set to true. You will need to add a new application admin with this attribute, enroll the admin using the enroll.js script and then you should be able to run the deregisterUser.js script using this new application admin.

Links

• Hyperledger Fabric Docs
• IBM Code Patterns for Blockchain

License

This code pattern is licensed under the Apache Software License, Version 2. Separate third-party code objects invoked within this code pattern are licensed by their respective providers pursuant to their own separate licenses. Contributions are subject to the Developer Certificate of Origin, Version 1.1 (DCO) and the Apache Software License, Version 2.

Apache Software License (ASL) FAQ