How to Run Hyperledger Fabric on Azure

Deploying a blockchain is no doubt a tedious task. A lot of components need to be installed apart from Identity and role-based management implementations before realizing value out of such a network. However, Azure Blockchain service has reduced the workload, and it only takes a few clicks to install the Blockchain on Azure, thanks to the Microsoft Azure team.

It spares you the hard work of network-related management so that you can concentrate on business logic and scale to any level with built-in governance and codeless association management. You can also build Blockchain apps in the language of your choice.

Once your blockchain is ready, you will start receiving a lot of ledger data that can be collected off the chain for use later with the help of the blockchain data manager for an end-to-end solution.

Building Hyperledger Fabric blockchain from scratch is time-consuming while the Azure blockchain service takes heavy deployment tasks off your shoulders. This means all tasks related to creating the ordering service, peer organization, storing ledger data, and etc. are handled by Azure, so you can be up and running ASAP.

On Azure cloud, you can scale to any level, balance load as per demand, retrieve off-chain data and store in CosmosDB for later use, add any number of Peer organizations, and order services to the consortium.

Before jumping to implementation, there are a few facts to be known with regard to how Hyperledger-based platforms differ from other networks.

In terms of processes, in Hyperledger it’s execute, order, then validate instead of order, execute, then validate as it is for Bitcoin. Hyperledger does not have its own currency, although you can introduce assets that can be transacted by businesses over a secure network.

A non-Azure organization can also be a part of the network which is often the case when businesses don’t want to share their transactions due to privacy issues. For these purposes, a private network needs to be set up as a subset.

What a Hyperledger Fabric Setup Looks Like on Azure

A general HLF setup on Azure has different types of data from various sources fed to the transaction builder through an Azure IoT hub, and the service bus. The Transaction builder transforms the data into a format that’s readable by the ABS.

When a peer organization executes the transactions, the details are sent to other peers to add to their ledgers. The transaction is either rejected or endorsed. If a majority of peers endorses the transaction, the ordering service approves it, and vice versa.

Peers can endorse or commit or both, based on what privileges they can leverage, as they have details of the transactions in the ledger However, an ordering unit does not need this. A committer commits the transaction, whereas the ordering service can only approve the transaction, and not commit or endorse.

Need For A Membership Certificate Authority

This authority issues a certificate as well as the private and the public key to the units. The units broadcast using a public key, and they sign using their private keys. The certificate can either be self signed or issued by the organization.

What Is Traded?

Assets are traded instead of cryptocurrencies, however, bitcoin or any cryptocurrency can also be traded as assets. So a blockchain tracks the provenance and traces the structure allowing the global trade participants to systemize the trade. It enables trust, ensures data sharing, delivers seamless tie-ups, and offers intelligent decisions.

Further, it minimizes the risk involved due to analytical insights, predictive scenario sharing, and benchmarking. If any unusual incident occurs, it ensures efficient management thus minimizing the impact.

How to Install an ABS with HyperLedger Fabric

The Azure Blockchain Services can be accessed from Azure Marketplace. Further steps to be followed are described below.

Member Creation

1. The first step is to create a Member for which details like subscription, resource group & region followed by consortium details like Protocol & Member details like Member name have to be mentioned. The member can either be an ordering service or a certain peer organization. The ordering service will then be chosen followed by selection of the required number of nodes that will be allowed to ensure crash fault tolerance.
2. The second step is to prove the identity. For this, we need to enter the certificate which is the.pem file. Then either self-sign certificates or our organization-issued certificate can be used. Both options are available as.pem files
3. Following the validity check, the blockchain member node can be created. The deployment however takes 8 to 10 minutes.

After being created, the member will be displayed on the Azure blockchain services list from which it can then be selected. Details related to the Ordering service will be listed upon clicking the ordering service that was created earlier.

Following the above steps, a consortium needs to be developed with a peer organization using the templates being provided by Azure. A peer can be any customer who has the node and is looking to become part of the consortium.

Creating Hyperledger Fabric Over AKS

The template for hyperledger fabric on Azure Kubernetes Service (AKS) can be selected from the Blockchain tab on the Azure marketplace to create the Hyperledger Fabric over AKS.

1. On the first page, subscription,resource group details,region and resource prefix need to be entered. The prefix helps search for this peer later.
2. The fabric settings require the name of the organization and fabric type, followed by selecting peer node and the number of nodes. Then either Couchdb or leveldb will be selected, followed by the fabric CA name, and password confirmation. Finally, choice will be made between a self-signed certificate or one issued by your.
3. An AKS cluster needs to be created as an unmanaged service. However, the rest is done through cli, so we will not be discussing it here. The cluster size, VM for the cluster and the number of nodes need to be selected, followed by entering client id and client secret for authentication. The Kubernetes service monitoring can be enabled or disabled, after which you are good to go.

Following these actions, a managed ordering service and two unmanaged peer organizations over AKS are created to form the consortium unmanaged peers resource group, and all the other features, such as AKS Monitoring are enabled.

Note: Currently CLI is used for the above procedure, but soon this feature will be available through UI as well.

Building Consortium

After deploying the ordering service and the peer nodes, we need to set up the consortium, develop the channel, and install the chaincode. The following network script can be used here.

Note: The above procedure is for demo purposes only. For the production level, native HLF APIs need to be used.

The commands can be executed through Azure Bash CLI for running the ‘byn’ script. You can log in to the web version of the Azure shell using the blue button at the top right side of the portal. Use the following commands to switch to the bash cli for downloading the byn.sh and execute fabric-admin.yaml.

Curl"Your byn.sh url"; chmod 777 byn.sh
curl "Your fabric yaml file url" -o fabric-admin.yaml

On the Azure CLI Bash Shell, we will set up the environment for the channel and orderer:

SWITCH_TO_AKS_CLUSTER() { az aks get-credentials --resource-group $1 --name $2 --subscription $3; }
ORDERER_AKS_SUBSCRIP=<SubscriptionID of orderer>
ORDERER_AKS_RESRCE_GRP=<ResourceGroup of orderer cluster>
ORDERER_AKS_NME=<cluster name of orderer aks>
ORDERR_DNS_ZONE=<DNSZone of orderer>
ORDERER_END_POIN="orderer1.$ORDERR_DNS_ZONE:443"
CHANNEL_NME=<Name of channel>

The peer organization will be registered as follows:

PEER_AKS_RESRCE_GRP=<AKS Cluster Resource Group of peer>
PEER_AKS_NME=<Cluster Name of peer aks>
PEER_AKS_SUBSCRIP=<SubscriptionID of peer aks cluster>
#Remember that peer aks cluster name happens to be case sensitive.
PEER_ORG_NME=< name of peer Organization> 

An Azure file will be created for sharing the public certificates between the orderer and peer organizations:

STORAGE_SUBSCRIP=<sub Id>
STORAGE_RESRCE_GRP=<azure File Share Resource Group>
STORAGE_ACNT=<azure Storage Account Name>
STORAGE_LOCTION=<azure Storage Account Location>
STORAGE_FLE_SHARE=<azure File Share Name>

az account set --subscription $STORAGE_SUBSCRIP
az group create -l $STORAGE_LOCTION -n $STORAGE_RESRCE_GRP
az storage account create -n $STORAGE_ACNT -g  $STORAGE_RESRCE_GRP -l $STORAGE_LOCTION --sku Standard_LRS
STORAGE_KEY=$(az storage account keys list --resource-group $STORAGE_RESRCE_GRP  --account-name $STORAGE_ACNT --query "[0].value" | tr -d '"')
az storage share create  --account-name $STORAGE_ACNT  --account-key $STORAGE_KEY  --name $STORAGE_FLE_SHARE
SAS_TOKEN=$(az storage account generate-sas --account-key $STORAGE_KEY --account-name $STORAGE_ACNT --expiry 2020-01-01 --https-only --permissions lruw --resource-types sco --services f | tr -d '"')
AZURE_FLE_CONNECTION_STRNG="https://$STORAGE_ACCOUNT.file.core.windows.net/$STORAGE_FILE_SHARE?$SAS_TOKEN"

Channel Management Commands

The command for generating a new channel will now be issued from the orderer organization AKS cluster:

SWITCH_TO_AKS_CLUSTER $ORDERER_AKS_RESRCE_GRP $ORDERER_AKS_NME $ORDERER_AKS_SUBSCRIP
./byn.sh createChannel "$CHANNEL_NME "

Consortium Management Commands

The following command needs to be executed for adding a peer organization to the channel and consortium. From the peer organization AKS cluster, add up the MSP on the Azure file Storage:

SWITCH_TO_AKS_CLUSTER $PEER_AKS_RESRCE_GRP $PEER_AKS_NME $PEER_AKS_SUBSCRIP
./byn.sh uploadOrgMSP "$AZURE_FLE_CONNECTION_STRNG"

From the orderer organization AKS cluster, the peer organization will be appended to the channel and the consortium:

SWITCH_TO_AKS_CLUSTER $ORDERER_AKS_RESRCE_GRP $ORDERER_AKS_NME $ORDERER_AKS_SUBSCRIP
# PEER IS BEING ADDED TO CONSORTIUM
./byn.sh addPeerInConsortium "$PEER_ORG_NME" "$AZURE_FLE_CONNECTION_STRNG"
# peer is being added to channel
./byn.sh addPeerInChannel "$PEER_ORG_NME" "$CHANNEL_NME" "$AZURE_FLE_CONNECTION_STRNG"

SWITCH_TO_AKS_CLUSTER $PEER_AKS_RESRCE_GRP $PEER_AKS_NME $PEER_AKS_SUBSCRIP
./byn.sh joinNodesInChannel "$CHANNEL_NME" "$ORDERER_END_POIN" "$AZURE_FLE_CONNECTION_STRNG"

By updating the peer AKS environment variables as per the needs of peer organization, more peers can be added to the channel.

Chaincode Management Commands

Following commands are executed for performing chaincode related operations on the demo chaincode.

The demo chaincode consists of two variables A and B, where A is initialized with 1000, and B with 2000. On each chaincode invocation, 10 units are transferred to B from A. The query operation on chaincode explains the world state of the variable A, and these commands will be run on the AKS cluster of the peer organization:

# We need to move to peer organization aks cluster. Please skip this command if you are already connected to the peer aks cluster
SWITCH_TO_AKS_CLUSTER $PEER_AKS_RESRCE_GRP $PEER_AKS_NME $PEER_AKS_SUBSCRIP

# This is operation command for chain node
PEER_NODE_NME="peer<pr#>"
./byn.sh install Demo Chaincode "$PEER NODE_NME"
./byn.sh instantiate Demo Chaincode "$PEER_NODE_NME" "$CHANNEL_NME" "$ORDERER_END_POIN" "$AZURE_FLE_CONNECTION_STRNG"
./byn.sh invoke Demo Chain code "$PEER_NODE_NME" "$CHANNEL_NME" "$ORDERER_END_POIN" "$AZURE_FLE_CONNECTION_STRNG"
./byn.sh query Demo Chain code "$PEER_NODE_NME" "$CHANNEL_NME"

Conclusion

This article explains how to set up Hyperledger Fabric on Azure and the steps required to carry out the necessary operations:

• Create a member in ABS.
• Create an HLF as a managed ordering service, and unmanaged peer organization.
• Create a consortium and channel between them.
• Add peers and ordering services to the channels and build a consortium.
• Operate the chaincode, commit the transaction, and check their validity.

This whole process was carried out through CLI. Performing the same tasks will soon be available using plain UI to make it easier for the non-technical folks.