SlideShare a Scribd company logo

[2019.1] 하이퍼레저 패브릭 v1.3, v1.4 새로운 기능

H
Hyperledger Korea User Group

The document discusses new features in Hyperledger Fabric versions 1.3 and 1.4, including: - Identity Mixer for anonymous transactions and state-based endorsement in v1.3. - Java chaincode support, operational metrics, health check endpoints, and dynamic log levels in v1.4. - Private data reconciliation allows peers to retrieve private data they were entitled to but did not receive due to network failures.

1 of 38
Hyperledger Fabric - v1.3, 1.4 New Features Hyperledger Korea User Group
Agenda 2 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control Ref. - https://hyperledger- fabric.readthedocs.io/en/release-1.4
3 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
Idemix(ref. IBM Identity Mixer) 4 • Idemix is a cryptographic protocol suite, which provides strong authentication as well as privacy-preserving features such as anonymity, the ability to transact without revealing the identity of the transactor, and unlinkability, the ability of a single identity to send multiple transactions without revealing that the transactions were sent by the same identity. • works in a similar way as client certificates in a classical public-key infrastructure(PKI), but with two important differences - Flexible public keys - Flexible credentials 출처 - https://www.zurich.ibm.com/identity_mixer
Idemix(ref. IBM Identity Mixer) 5
Idemix(ref. IBM Identity Mixer) 6 • Fabric 1.3 이상(Java SDK 1.3) • CA 를 통한 MSP 생성. Idemixgen 툴 X • Idemix MSP(key, Cert) 생성 # --id.affiliation 옵션을 통해 Organizational Unit(OU) 설정, CA Server에 설정된 목록 내.. # --id.attrs role=2 1(Member), 2(Admin) $ fabric-ca-client register -u "http://localhost:7054" --id.name "idemix.org1.hlkug" --id.secret "org1pw" --id.type "idemix" --id.affiliation org1.department1 --id.attrs role=2 $ fabric-ca-client enroll -u "http://idemix.org1.hlkug:org1pw@localhost:7054" --csr.cn "idemix.org1.hlkug" --csr.names="C=KR,O=hlkug,L=Seoul" --csr.hosts="idemix.org1.hlkug" -M out/idemix.org1.hlkug/msp
Idemix(ref. IBM Identity Mixer) 7 • Idemix 설정 (configtx.yaml)
Idemix(ref. IBM Identity Mixer) 8 • Java SDK를 사용한 Idemix Enrollment 생성 (Private Key, OU값 포함된 Cert) CA Peer Endorser ① CA Info질의 ② Nonce 값 질의 ③ Idemix Credential 요청 하기 ④ Idemix Enrollment 생성 ⑤ Proposal 서명 ⑥ 서명된 Proposal 전송
Idemix(ref. IBM Identity Mixer) 9 • Idemix Enrollment 생성 - Issuer PublicKey, Issuer Revocation PublicKey, MSP ID(for Idemix), User Secret Key, Credential, Credential Revocation Information(CRI), Organizational Unit(OU), Role • Transaction 요청 시 서명 방법 - X.509  By Private Key - Idemix  By Secret Key, Pseudonym(Secret Key, Issuer Public Key), Issuer Public Key
Idemix(ref. IBM Identity Mixer) 10 • Transaction의 Creator 항목에 포함되는 내용 - X.509  MSP ID, Cert - Idemix (pseudonym은 public key로써 서명 검증에 사용됨.)  ou, role, nym_x, nym_y, proof 출처 - https://blockchain-fabric.blogspot.com/2017/04/hyperledger-fabric-v10-block- structure.html
11 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
State-based endorsement 12 • Endorsement policies are specified for a channel’s chaincode at instantiation or upgrade time. • However, there are cases where it may be necessary for a particular state (a particular key-value pair, in other words) to have a different endorsement policy. This state-based endorsement allows the default chaincode-level endorsement policies to be overridden by a different policy for the specified keys. • If a key is modified and a key-level endorsement policy is present, the key- level endorsement policy overrides the chaincode-level endorsement policy. • If a key’s endorsement policy is removed (set to nil), the chaincode-level endorsement policy becomes the default again.
State-based endorsement 13 • Shim API(Go) - SetStateValidationParameter(key string, ep []byte) error - GetStateValidationParameter(key string) ([]byte, error) - SetPrivateDataValidationParameter(collection string, key string, ep []byte) error - GetPrivateDataValidationParameter(collection string, key string) ([]byte, error) • key는 먼저 Ledger에 저장 후 State-based endorsement를 적용 - putState(key, value) -> SetStateValidationParameter(key, ep) • Endorsement Policy에 설정할 수 있는 Role은 member, peer만 가능. 예> Org1MSP.member, Org2MSP.peer
State-based endorsement 14
State-based endorsement 15 $ peer chaincode instantiate -o $ORDERER_ADDRESS --tls --cafile $ORDERER_CA -C $CHANNEL_ID -n basiccc -v 1.0 -c '{"Args":[]}' -P "OR ('Org1MSP.member','Org2MSP.member’)” $ peer chaincode invoke -o $ORDERER_ADDRESS --tls --cafile $ORDERER_CA -C $CHANNEL_ID -n basiccc -c '{"Args":["put","a","1"]}’ $ peer chaincode invoke -o $ORDERER_ADDRESS --tls --cafile $ORDERER_CA -C $CHANNEL_ID -n basiccc -c '{"Args":["putEP","a","AND ('''Org1MSP.member''', '''Org2MSP.member''')"]}’ $ peer chaincode query -C $CHANNEL_ID -n basiccc -c '{"Args":["getEP","a"]}’ $ peer chaincode invoke -o $ORDERER_ADDRESS --tls --cafile $ORDERER_CA -C $CHANNEL_ID -n basiccc -c '{"Args":["put","a","100"]}' --waitForEvent --peerAddresses peer1.org1.hlkug:7051 --tlsRootCertFiles $PEER1_ORG1_TLS_ROOT_CERT
16 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
Java chaincode support 17 • Prerequisites: Java 8, Gradle 4.4/Maven • 샘플 체인코드 다운로드 $ git clone –b v1.4.0 https://github.com/hyperledger/fabric-chaincode-java • 체인코드 개발 (with Eclipse) 1. Workspace내 특정 폴더로 샘플 소스 복사 $ cd fabric-chaincode-java/fabric-chaincode-example-maven/ $ cp –rf pom.xml src ${eclipse.workspace}/fabric-java-chaincode-basic 2. Eclipse: Import -> Existing Maven Projects 3. Eclipse: Run -> maven clean, Run -> maven install 4. Eclipse: 정상적으로 target(jar파일)이 생성된 경우 pom.xml, src 폴더를 체인코드 배포 디렉토리로 복사
Java chaincode support 18 • 체인코드 배포 및 Instantiate $ export CC_SRC_PATH=/opt/gopath/src/hlkug.org/chaincode/java/basiccc $ peer chaincode install -n basiccc_java -v 1.0 -l java -p $CC_SRC_PATH $ peer chaincode instantiate -o $ORDERER_ADDRESS --tls --cafile $ORDERER_CA -C $CHANNEL_ID -n basiccc_java -v 1.0 -l java -c '{"Args":[]}’ -P "OR ('Org1MSP.member')"
19 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
Operation Service 20 • The API exposes the following capabilities: - Log level management(FAB-12265 – Dynamic log levels) - Health checks(FAB-10851 Health check endpoint) - Prometheus target for operational metrics (when configured)(FAB-3388 – Operational metrics for Fabric components) • Docker 환경 설정 - CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443 - CORE_METRICS_PROVIDER=prometheus # prometheus(PULL), statd(Push)
Operation Service • Prometheus - 음악 유통 플랫폼 제공자인 SoundCloud사 를 중심으로 개발하는 시계열 데이터 베이스 • Grafana - 다양한 데이터 소스에 직접 연결하여 실시간으로 시각화해 주는 오픈 소스 대시 보드 Prometheus Grafana Peer /metrics /logspec /healthz 출처 - http://www.opennaru.com/apm/open-source-monitoring-to
Operation Service – Log level management 22 • Path: /logspec • 로그 레벨 질의 - 요청: GET /logspec - 응답: { "spec": "info" } • 로그 레벨 변경 - 요청: PUT /logspec { "spec": "debug" } - 응답: 204 “No Content” 또는 400 “Bad Request”
Operation Service – Health Checks 23 • Path: /healthz • 상태 질의 - 요청: GET /healthz - 응답  정상: 200 OK {"status": "OK", "time": "2019-01-21T17:00:22.459948538Z”}  오류: 503 “Service Unavailable” {"status": "Service Unavailable", "time": "2009-11-10T23:00:00Z", "failed_checks": [{ "component": "docker", "reason": "failed to connect to Docker daemon: invalid endpoint" }]}
Operation Service – Metrics (계속) 24 • Path: /metrics • Metrics 질의 - 요청: GET /metrics
Operation Service – Metrics (계속) 25 • Metrics Reference - https://hyperledger-fabric.readthedocs.io/en/release-1.4/metrics_reference.html
Operation Service – Metrics (계속) 26 • Docker Compose 구성 (계속) - Prometheus: prom/prometheus - Grafana: grafana/grafana
Operation Service – Metrics (계속) 27 • Docker Compose 구성 - Prometheus 구성  데이터 디렉토리 생성: mkdir –p prometheus/data; chmod 777 prometheus/data;  설정 파일: prometheus/promethues.yml
Operation Service – Metrics (계속) 28 • Prometheus 구성 확인 - http://x.x.x.x:9090/targets
Operation Service – Metrics (계속) 29 • Grafana 구성 - Data Source 생성
Operation Service – Metrics (계속) 30 • Grafana 구성 - http://x.x.x.x:3000 - Dashboard 생성  Block Height  # of Tx  Blockstorage Commit Time  StateDB Commit Time  Block Processing Time  Chaincode Duration Time
31 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
Private data reconciliation 32 • Starting in v1.4, a background process allows peers who are part of a collection to receive data they were entitled to receive but did not yet receive — because of a network failure, for example — by keeping track of private data that was “missing” at the time of block commit. The peer will periodically attempt to fetch the private data from other collection member peers that are expected to have it. • This “reconciliation” also applies to peers of new organizations that are added to an existing collection. The same background process described above will also attempt to fetch private data that was committed before they joined the collection. • Note that this private data reconciliation feature only works on peers running v1.4 or later of Fabric.
33 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
Private data client access control 34 • Until version 1.3, access control to private data based on collection membership was enforced for peers only. Access control based on the organization of the chaincode proposal submitter was required to be encoded in chaincode logic. [ Collection Definition ] PeerClient peer1.org1.hlkug Org1MSP peer1.org2.hlkug Org2MSP Invoke / Query?? OK
Private data client access control 35 • Starting in v1.4 a collection configuration option memberOnlyRead can automatically enforce access control based on the organization of the chaincode proposal submitter. • a value of true indicates that peers automatically enforce that only clients belonging to one of the collection member organizations are allowed read access to private data. • a value of false if you would like to encode more granular access control within individual chaincode functions. • ‘memberOnlyRead’ 설정에서 member의 의미는 Org에 포함된 member(peer,client,…)
Private data client access control 36 • if memberOnlyRead == false, • if memberOnlyRead == true, PeerClient peer1.org1.hlkug Org1MSP peer1.org2.hlkug Org2MSP Invoke / Query?? OK PeerClient peer1.org1.hlkug Org1MSP peer1.org2.hlkug Org2MSP Invoke / Query?? Invoke OK Query Fail
37 v1.4 LTS (Jan 2019) • Operational metrics for Fabric components • Health check endpoint • Dynamic log levels • Private data reconciliation • Private data client access control
Hyperledger Fabric 2.0 38 • https://jira.hyperledger.org/secure/Dashboard.jspa?selectPageId=10 104#Filter-Results/12436 - FAB-13209 Token - Improve Performance - FAB-12267 Token (base support) - Support Approve & TransferFrom Operations - FAB-11964 Token (base support) - Support Atomic Swap Operation - FAB-11169 Token - Configurable Token System (lifecycle) - FAB-11153 Token - Client Wallet Library (including SDKs) - FAB-11149 Token (base support) - Prover Peer GRPC Service - FAB-11144 Token (base support) - Support Issue, Transfer, and Redeem Token Operations - FAB-6135 Raft Consensus (etcd/raft)

More Related Content

[2019.1] 하이퍼레저 패브릭 v1.3, v1.4 새로운 기능

  • 1. Hyperledger Fabric - v1.3, 1.4 New Features Hyperledger Korea User Group
  • 2. Agenda 2 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control Ref. - https://hyperledger- fabric.readthedocs.io/en/release-1.4
  • 3. 3 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
  • 4. Idemix(ref. IBM Identity Mixer) 4 • Idemix is a cryptographic protocol suite, which provides strong authentication as well as privacy-preserving features such as anonymity, the ability to transact without revealing the identity of the transactor, and unlinkability, the ability of a single identity to send multiple transactions without revealing that the transactions were sent by the same identity. • works in a similar way as client certificates in a classical public-key infrastructure(PKI), but with two important differences - Flexible public keys - Flexible credentials 출처 - https://www.zurich.ibm.com/identity_mixer
  • 6. Idemix(ref. IBM Identity Mixer) 6 • Fabric 1.3 이상(Java SDK 1.3) • CA 를 통한 MSP 생성. Idemixgen 툴 X • Idemix MSP(key, Cert) 생성 # --id.affiliation 옵션을 통해 Organizational Unit(OU) 설정, CA Server에 설정된 목록 내.. # --id.attrs role=2 1(Member), 2(Admin) $ fabric-ca-client register -u "http://localhost:7054" --id.name "idemix.org1.hlkug" --id.secret "org1pw" --id.type "idemix" --id.affiliation org1.department1 --id.attrs role=2 $ fabric-ca-client enroll -u "http://idemix.org1.hlkug:org1pw@localhost:7054" --csr.cn "idemix.org1.hlkug" --csr.names="C=KR,O=hlkug,L=Seoul" --csr.hosts="idemix.org1.hlkug" -M out/idemix.org1.hlkug/msp
  • 7. Idemix(ref. IBM Identity Mixer) 7 • Idemix 설정 (configtx.yaml)
  • 8. Idemix(ref. IBM Identity Mixer) 8 • Java SDK를 사용한 Idemix Enrollment 생성 (Private Key, OU값 포함된 Cert) CA Peer Endorser ① CA Info질의 ② Nonce 값 질의 ③ Idemix Credential 요청 하기 ④ Idemix Enrollment 생성 ⑤ Proposal 서명 ⑥ 서명된 Proposal 전송
  • 9. Idemix(ref. IBM Identity Mixer) 9 • Idemix Enrollment 생성 - Issuer PublicKey, Issuer Revocation PublicKey, MSP ID(for Idemix), User Secret Key, Credential, Credential Revocation Information(CRI), Organizational Unit(OU), Role • Transaction 요청 시 서명 방법 - X.509  By Private Key - Idemix  By Secret Key, Pseudonym(Secret Key, Issuer Public Key), Issuer Public Key
  • 10. Idemix(ref. IBM Identity Mixer) 10 • Transaction의 Creator 항목에 포함되는 내용 - X.509  MSP ID, Cert - Idemix (pseudonym은 public key로써 서명 검증에 사용됨.)  ou, role, nym_x, nym_y, proof 출처 - https://blockchain-fabric.blogspot.com/2017/04/hyperledger-fabric-v10-block- structure.html
  • 11. 11 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
  • 12. State-based endorsement 12 • Endorsement policies are specified for a channel’s chaincode at instantiation or upgrade time. • However, there are cases where it may be necessary for a particular state (a particular key-value pair, in other words) to have a different endorsement policy. This state-based endorsement allows the default chaincode-level endorsement policies to be overridden by a different policy for the specified keys. • If a key is modified and a key-level endorsement policy is present, the key- level endorsement policy overrides the chaincode-level endorsement policy. • If a key’s endorsement policy is removed (set to nil), the chaincode-level endorsement policy becomes the default again.
  • 13. State-based endorsement 13 • Shim API(Go) - SetStateValidationParameter(key string, ep []byte) error - GetStateValidationParameter(key string) ([]byte, error) - SetPrivateDataValidationParameter(collection string, key string, ep []byte) error - GetPrivateDataValidationParameter(collection string, key string) ([]byte, error) • key는 먼저 Ledger에 저장 후 State-based endorsement를 적용 - putState(key, value) -> SetStateValidationParameter(key, ep) • Endorsement Policy에 설정할 수 있는 Role은 member, peer만 가능. 예> Org1MSP.member, Org2MSP.peer
  • 15. State-based endorsement 15 $ peer chaincode instantiate -o $ORDERER_ADDRESS --tls --cafile $ORDERER_CA -C $CHANNEL_ID -n basiccc -v 1.0 -c '{"Args":[]}' -P "OR ('Org1MSP.member','Org2MSP.member’)” $ peer chaincode invoke -o $ORDERER_ADDRESS --tls --cafile $ORDERER_CA -C $CHANNEL_ID -n basiccc -c '{"Args":["put","a","1"]}’ $ peer chaincode invoke -o $ORDERER_ADDRESS --tls --cafile $ORDERER_CA -C $CHANNEL_ID -n basiccc -c '{"Args":["putEP","a","AND ('''Org1MSP.member''', '''Org2MSP.member''')"]}’ $ peer chaincode query -C $CHANNEL_ID -n basiccc -c '{"Args":["getEP","a"]}’ $ peer chaincode invoke -o $ORDERER_ADDRESS --tls --cafile $ORDERER_CA -C $CHANNEL_ID -n basiccc -c '{"Args":["put","a","100"]}' --waitForEvent --peerAddresses peer1.org1.hlkug:7051 --tlsRootCertFiles $PEER1_ORG1_TLS_ROOT_CERT
  • 16. 16 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
  • 17. Java chaincode support 17 • Prerequisites: Java 8, Gradle 4.4/Maven • 샘플 체인코드 다운로드 $ git clone –b v1.4.0 https://github.com/hyperledger/fabric-chaincode-java • 체인코드 개발 (with Eclipse) 1. Workspace내 특정 폴더로 샘플 소스 복사 $ cd fabric-chaincode-java/fabric-chaincode-example-maven/ $ cp –rf pom.xml src ${eclipse.workspace}/fabric-java-chaincode-basic 2. Eclipse: Import -> Existing Maven Projects 3. Eclipse: Run -> maven clean, Run -> maven install 4. Eclipse: 정상적으로 target(jar파일)이 생성된 경우 pom.xml, src 폴더를 체인코드 배포 디렉토리로 복사
  • 18. Java chaincode support 18 • 체인코드 배포 및 Instantiate $ export CC_SRC_PATH=/opt/gopath/src/hlkug.org/chaincode/java/basiccc $ peer chaincode install -n basiccc_java -v 1.0 -l java -p $CC_SRC_PATH $ peer chaincode instantiate -o $ORDERER_ADDRESS --tls --cafile $ORDERER_CA -C $CHANNEL_ID -n basiccc_java -v 1.0 -l java -c '{"Args":[]}’ -P "OR ('Org1MSP.member')"
  • 19. 19 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
  • 20. Operation Service 20 • The API exposes the following capabilities: - Log level management(FAB-12265 – Dynamic log levels) - Health checks(FAB-10851 Health check endpoint) - Prometheus target for operational metrics (when configured)(FAB-3388 – Operational metrics for Fabric components) • Docker 환경 설정 - CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443 - CORE_METRICS_PROVIDER=prometheus # prometheus(PULL), statd(Push)
  • 21. Operation Service • Prometheus - 음악 유통 플랫폼 제공자인 SoundCloud사 를 중심으로 개발하는 시계열 데이터 베이스 • Grafana - 다양한 데이터 소스에 직접 연결하여 실시간으로 시각화해 주는 오픈 소스 대시 보드 Prometheus Grafana Peer /metrics /logspec /healthz 출처 - http://www.opennaru.com/apm/open-source-monitoring-to
  • 22. Operation Service – Log level management 22 • Path: /logspec • 로그 레벨 질의 - 요청: GET /logspec - 응답: { "spec": "info" } • 로그 레벨 변경 - 요청: PUT /logspec { "spec": "debug" } - 응답: 204 “No Content” 또는 400 “Bad Request”
  • 23. Operation Service – Health Checks 23 • Path: /healthz • 상태 질의 - 요청: GET /healthz - 응답  정상: 200 OK {"status": "OK", "time": "2019-01-21T17:00:22.459948538Z”}  오류: 503 “Service Unavailable” {"status": "Service Unavailable", "time": "2009-11-10T23:00:00Z", "failed_checks": [{ "component": "docker", "reason": "failed to connect to Docker daemon: invalid endpoint" }]}
  • 24. Operation Service – Metrics (계속) 24 • Path: /metrics • Metrics 질의 - 요청: GET /metrics
  • 25. Operation Service – Metrics (계속) 25 • Metrics Reference - https://hyperledger-fabric.readthedocs.io/en/release-1.4/metrics_reference.html
  • 26. Operation Service – Metrics (계속) 26 • Docker Compose 구성 (계속) - Prometheus: prom/prometheus - Grafana: grafana/grafana
  • 27. Operation Service – Metrics (계속) 27 • Docker Compose 구성 - Prometheus 구성  데이터 디렉토리 생성: mkdir –p prometheus/data; chmod 777 prometheus/data;  설정 파일: prometheus/promethues.yml
  • 28. Operation Service – Metrics (계속) 28 • Prometheus 구성 확인 - http://x.x.x.x:9090/targets
  • 29. Operation Service – Metrics (계속) 29 • Grafana 구성 - Data Source 생성
  • 30. Operation Service – Metrics (계속) 30 • Grafana 구성 - http://x.x.x.x:3000 - Dashboard 생성  Block Height  # of Tx  Blockstorage Commit Time  StateDB Commit Time  Block Processing Time  Chaincode Duration Time
  • 31. 31 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
  • 32. Private data reconciliation 32 • Starting in v1.4, a background process allows peers who are part of a collection to receive data they were entitled to receive but did not yet receive — because of a network failure, for example — by keeping track of private data that was “missing” at the time of block commit. The peer will periodically attempt to fetch the private data from other collection member peers that are expected to have it. • This “reconciliation” also applies to peers of new organizations that are added to an existing collection. The same background process described above will also attempt to fetch private data that was committed before they joined the collection. • Note that this private data reconciliation feature only works on peers running v1.4 or later of Fabric.
  • 33. 33 • Hyperledger Fabric v1.3 New Features - Identity Mixer for anonymous transactions - State-base endorsement - Java chaincode support • Hyperledger Fabric v1.4 New Features - Operational metrics for Fabric components - Health check endpoint - Dynamic log levels - Private data reconciliation - Private data client access control
  • 34. Private data client access control 34 • Until version 1.3, access control to private data based on collection membership was enforced for peers only. Access control based on the organization of the chaincode proposal submitter was required to be encoded in chaincode logic. [ Collection Definition ] PeerClient peer1.org1.hlkug Org1MSP peer1.org2.hlkug Org2MSP Invoke / Query?? OK
  • 35. Private data client access control 35 • Starting in v1.4 a collection configuration option memberOnlyRead can automatically enforce access control based on the organization of the chaincode proposal submitter. • a value of true indicates that peers automatically enforce that only clients belonging to one of the collection member organizations are allowed read access to private data. • a value of false if you would like to encode more granular access control within individual chaincode functions. • ‘memberOnlyRead’ 설정에서 member의 의미는 Org에 포함된 member(peer,client,…)
  • 36. Private data client access control 36 • if memberOnlyRead == false, • if memberOnlyRead == true, PeerClient peer1.org1.hlkug Org1MSP peer1.org2.hlkug Org2MSP Invoke / Query?? OK PeerClient peer1.org1.hlkug Org1MSP peer1.org2.hlkug Org2MSP Invoke / Query?? Invoke OK Query Fail
  • 37. 37 v1.4 LTS (Jan 2019) • Operational metrics for Fabric components • Health check endpoint • Dynamic log levels • Private data reconciliation • Private data client access control
  • 38. Hyperledger Fabric 2.0 38 • https://jira.hyperledger.org/secure/Dashboard.jspa?selectPageId=10 104#Filter-Results/12436 - FAB-13209 Token - Improve Performance - FAB-12267 Token (base support) - Support Approve & TransferFrom Operations - FAB-11964 Token (base support) - Support Atomic Swap Operation - FAB-11169 Token - Configurable Token System (lifecycle) - FAB-11153 Token - Client Wallet Library (including SDKs) - FAB-11149 Token (base support) - Prover Peer GRPC Service - FAB-11144 Token (base support) - Support Issue, Transfer, and Redeem Token Operations - FAB-6135 Raft Consensus (etcd/raft)