Skip to content

Commit

Permalink
[FAB-16754] Upgrade doc
Browse files Browse the repository at this point in the history 
A number of docs here doing different things
as the upgrade process has now been split
up into various documents that are more
future proofed. Also, all related docs have
been converted to markdown.

Change-Id: Idfc3b19f40e907b2c07cf3719f5c936c40796b37
Signed-off-by: joe-alewine <Joe.Alewine@ibm.com>
  • Loading branch information
@denyeart
joe-alewine authored and denyeart committed Dec 12, 2019
1 parent 339e682 commit 5e4ede7
Show file tree
Hide file tree
Showing 14 changed files with 1,232 additions and 916 deletions.
3 changes: 2 additions & 1 deletion docs/source/architecture.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,11 @@ Architecture Reference
.. toctree::
:maxdepth: 1

txflow
Hyperledger Fabric CA's User Guide <http://hyperledger-fabric-ca.readthedocs.io/en/latest>
fabric-sdks
txflow
discovery-overview
capability_requirements
channels
couchdb_as_state_database
peer_event_services
Expand Down
23 changes: 6 additions & 17 deletions docs/source/chaincode4noah.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,17 +32,9 @@ lifecycle to perform the following tasks:
- [Deployment Scenarios](#deployment-scenarios)
- [Migrate to the new Fabric lifecycle](#migrate-to-the-new-fabric-lifecycle)

*Note: The new Fabric chaincode lifecycle in the v2.0 Alpha release is not yet
feature complete. Specifically, be aware of the following limitations in the
Alpha release:*

- *Service Discovery is not yet supported*
- *Chaincodes defined with the new lifecycle are not yet discoverable
via service discovery*

*These limitations will be resolved after the Alpha release. To use the old
lifecycle model to install and instantiate a chaincode, visit the v1.4 version
of the [Chaincode for Operators tutorial](https://hyperledger-fabric.readthedocs.io/en/release-1.4/chaincode4noah.html).*
If you are upgrading from a v1.4.x network and need to edit your channel
configurations to enable the new lifecycle, check out
[Enabling the new chaincode lifecycle](./enable_cc_lifecycle.html).

## Install and define a chaincode

Expand Down Expand Up @@ -465,12 +457,9 @@ while MYCC2 has an endorsement policy of 2 out of 2.*

## Migrate to the new Fabric lifecycle

You can use the Fabric chaincode lifecycle by creating a new channel and setting
the channel capabilities to `V2_0`. You will not be able to use the previous
lifecycle to install, instantiate, or update a chaincode on a channels with
`V2_0` capabilities enabled. There is no upgrade support to the v2.0 Alpha
release, and no intended upgrade support from the the Alpha release to future
versions of v2.x.
For information about migrating to the new lifecycle, check out [Considerations for getting to v2.0](./upgrade_to_newest_version.html#chaincode-lifecycle).

If you need to update your channel configurations to enable the new lifecycle, check out [Enabling the new chaincode lifecycle](./enable_cc_lifecycle.html).

<!--- Licensed under Creative Commons Attribution 4.0 International License
https://creativecommons.org/licenses/by/4.0/ -->
727 changes: 355 additions & 372 deletions docs/source/config_update.md
View file

Large diffs are not rendered by default.

244 changes: 244 additions & 0 deletions docs/source/enable_cc_lifecycle.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,244 @@
# Enabling the new chaincode lifecycle

Users upgrading from v1.4.x to v2.0 will have to edit their channel configurations to enable the new lifecycle features. This process involves a series of [channel configuration updates](./config_update.html) the relevant users will have to perform.

Note that the `Channel` and `Application` [capabilities](./capabilities_concept.html) of your application channels will have to be updated to `V2_0` for the new chaincode lifecycle to work. Check out [Considerations for getting to 2.0](./upgrade_to_newest_version.html#chaincode-lifecycle) for more information.

Updating a channel configuration is, at a high level, a three step process (for each channel):

1. Get the latest channel config
2. Create a modified channel config
3. Create a config update transaction

We will be performing these channel configuration updates by leveraging a file called `enable_lifecycle.json`, which contains all of the updates we will be making in the channel configurations. Note that in a production setting it is likely that multiple users would be making these channel update requests. However, for the sake of simplicity, we are presenting all of the updates as how they would appear in a single file.

## Create `enable_lifecycle.json`

Note that in addition to using `enable_lifecycle.json`, this tutorial also uses `jq` to apply the edits to the modified config file. The modified config can also be edited manually (after it has been pulled, translated, and scoped). Check out this [sample channel configuration](./config_update.html#sample-channel-configuration) for reference.

However, the process described here (using a JSON file and a tool like `jq`) does have the advantage of being scriptable, making it suitable for proposing configuration updates to a large number of channels, and is the recommended process for editing a channel configuration.

Note that the `enable_lifecycle.json` uses sample values, for example `org1Policies` and the `Org1ExampleCom`, which will be specific to your deployment):

```
{
"org1Policies": {
"Endorsement": {
"mod_policy": "Admins",
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "Org1ExampleCom",
"role": "PEER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
"version": "0"
}
},
"org2Policies": {
"Endorsement": {
"mod_policy": "Admins",
"policy": {
"type": 1,
"value": {
"identities": [
{
"principal": {
"msp_identifier": "Org2ExampleCom",
"role": "PEER"
},
"principal_classification": "ROLE"
}
],
"rule": {
"n_out_of": {
"n": 1,
"rules": [
{
"signed_by": 0
}
]
}
},
"version": 0
}
},
"version": "0"
}
},
"appPolicies": {
"Endorsement": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Endorsement"
}
},
"version": "0"
},
"LifecycleEndorsement": {
"mod_policy": "Admins",
"policy": {
"type": 3,
"value": {
"rule": "MAJORITY",
"sub_policy": "Endorsement"
}
},
"version": "0"
}
},
"acls": {
"_lifecycle/CommitChaincodeDefinition": {
"policy_ref": "/Channel/Application/Writers"
},
"_lifecycle/QueryChaincodeDefinition": {
"policy_ref": "/Channel/Application/Readers"
},
"_lifecycle/QueryNamespaceDefinitions": {
"policy_ref": "/Channel/Application/Readers"
}
}
}
```

**Note: the "role" field of these new policies should say `'PEER'` if [NodeOUs](./msp.html#organizational-units) are enabled for the org, and `'MEMBER'` if they are not.**

## Edit the channel configurations

### System channel updates

Because configuration changes to the system channel to enable the new lifecycle only involve parameters inside the configuration of the peer organizations within the channel configuration, each peer organization being edited will have to sign the relevant channel configuration update.

However, by default, the system channel can only be edited by system channel admins (typically these are admins of the ordering service organizations and not peer organizations), which means that the configuration updates to the peer organizations in the consortium will have to be proposed by a system channel admin and sent to the relevant peer organization to be signed.

You will need to export the following variables:

* `CH_NAME`: the name of the system channel being updated.
* `CORE_PEER_LOCALMSPID`: the MSP ID of the organization proposing the channel update. This will be the MSP of one of the ordering service organizations.
* `CORE_PEER_MSPCONFIGPATH`: the absolute path to the MSP representing your organization.
* `TLS_ROOT_CA`: the absolute path to the root CA certificate of the organization proposing the system channel update.
* `ORDERING_NODE_ADDRESS`: the url of an ordering node. For example, `orderer.example.com:7050`. When targeting the ordering service, you can target any particular node in the ordering service. Your requests will be forwarded to the leader automatically.
* `ORGNAME`: the name of the organization you are currently updating.
* `CONSORTIUM_NAME`: the name of the consortium being updated.

Once you have set the environment variables, navigate to [Step 1: Pull and translate the config](./config_update.html#step-1-pull-and-translate-the-config).

Once you have a `modified_config.json`, add the lifecycle organization policy (as listed in `enable_lifecycle.json`) using this command:

```
jq -s ".[0] * {\"channel_group\":{\"groups\":{\"Consortiums\":{\"groups\": {\"$CONSORTIUM_NAME\": {\"groups\": {\"$ORGNAME\": {\"policies\": .[1].${ORGNAME}Policies}}}}}}}}" config.json ./enable_lifecycle.json > modified_config.json
```

Then, follow the steps at [Step 3: Re-encode and submit the config](./config_update.html#step-3-re-encode-and-submit-the-config).

As stated above, these changes will have to be proposed by a system channel admin and sent to the relevant peer organization for signature.

### Application channel updates

#### Edit the peer organizations

We need to perform a similar set of edits to all of the organizations on all
application channels.

Note that unlike the system channel, peer organizations are able to make configuration update requests to application channels. If you are making a configuration change to your own organization, you will be able to make these changes without needing the signature of other organizations. However, if you are attempting to make a change to a different organization, that organization will have to approve the change.

You will need to export the following variables:

* `CH_NAME`: the name of the application channel being updated.
* `ORGNAME`: The name of the organization you are currently updating.
* `TLS_ROOT_CA`: the absolute path to the TLS cert of your ordering node.
* `CORE_PEER_MSPCONFIGPATH`: the absolute path to the MSP representing your organization.
* `CORE_PEER_LOCALMSPID`: the MSP ID of the organization proposing the channel update. This will be the MSP of one of the peer organizations.
* `ORDERING_NODE_ADDRESS`: the url of an ordering node. For example, `orderer.example.com:7050`. When targeting the ordering service, you can target any particular node in the ordering service. Your requests will be forwarded to the leader automatically.

Once you have set the environment variables, navigate to [Step 1: Pull and translate the config](./config_update.html#step-1-pull-and-translate-the-config).

Once you have a `modified_config.json`, add the lifecycle organization policy (as listed in `enable_lifecycle.json`) using this command:

```
jq -s ".[0] * {\"channel_group\":{\"groups\":{\"Application\": {\"groups\": {\"$ORGNAME\": {\"policies\": .[1].${ORGNAME}Policies}}}}}}" config.json ./enable_lifecycle.json > modified_config.json
```

Then, follow the steps at [Step 3: Re-encode and submit the config](./config_update.html#step-3-re-encode-and-submit-the-config).

#### Edit the application channels

After all of the application channels have been [updated to include V2_0 capabilities](./upgrade_to_newest_version.html#capabilities),
endorsement policies for the new chaincode lifecycle must be added to each
channel.

You can set the same environment you set when updating the peer organizations. Note that in this case you will not be updating the configuration of an org in the configuration, so the `ORGNAME` variable will not be used.

Once you have set the environment variables, navigate to [Step 1: Pull and translate the config](./config_update.html#step-1-pull-and-translate-the-config).

Once you have a `modified_config.json`, add the channel endorsement policy (as listed in `enable_lifecycle.json`) using this command:

```
jq -s '.[0] * {"channel_group":{"groups":{"Application": {"policies": .[1].appPolicies}}}}' config.json ./enable_lifecycle.json > modified_config.json
```

Then, follow the steps at [Step 3: Re-encode and submit the config](./config_update.html#step-3-re-encode-and-submit-the-config).

For this channel update to be approved, the policy for modifying the `Channel/Application` section of the configuration must be satisfied. By default, this is a `MAJORITY` of the peer organizations on the channel.

#### Edit channel ACLs (optional)

The following [Access Control List (ACL)](./access_control.html) in `enable_lifecycle.json` are the default values for the new lifecycle, though you have the option to change them depending on your use case.

```
"acls": {
"_lifecycle/CommitChaincodeDefinition": {
"policy_ref": "/Channel/Application/Writers"
},
"_lifecycle/QueryChaincodeDefinition": {
"policy_ref": "/Channel/Application/Readers"
},
"_lifecycle/QueryNamespaceDefinitions": {
"policy_ref": "/Channel/Application/Readers"
```

You can leave the same environment in place as when you previously edited application channels.

Once you have the environment variables set, navigate to [Step 1: Pull and translate the config](./config_update.html#step-1-pull-and-translate-the-config).

Once you have a `modified_config.json`, add the ACLs (as listed in `enable_lifecycle.json`) using this command:

```
jq -s '.[0] * {"channel_group":{"groups":{"Application": {"values": {"ACLs": {"value": {"acls": .[1].acls}}}}}}}' config.json ./scripts/policies.json > modified_config.json
```

Then, follow the steps at [Step 3: Re-encode and submit the config](./config_update.html#step-3-re-encode-and-submit-the-config).

For this channel update to be approved, the policy for modifying the `Channel/Application` section of the configuration must be satisfied. By default, this is a `MAJORITY` of the peer organizations on the channel.

## Enable new lifecycle in `core.yaml`

If you follow [the recommended process](./upgrading_your_components.html#overview) for using a tool like `diff` to compare the new version of `core.yaml` packaged with the binaries with your old one, you will not need to whitelist `_lifecycle: enable` because the new `core.yaml` has added it under `chaincode/system`.

However, if you are updating your old node YAML file directly, you will have to add `_lifecycle: enable` to the system chaincodes whitelist.

For more information about upgrading nodes, check out [Upgrading your components](./upgrading_your_components.html).

<!--- Licensed under Creative Commons Attribution 4.0 International License
https://creativecommons.org/licenses/by/4.0/ -->
Binary file added docs/source/images/sample_config.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions docs/source/index.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ modularity and versatility for a broad set of industry use cases.
developapps/developing_applications
tutorials
ops_guide
upgrade
command_ref
architecture
Fabric-FAQ
Expand Down
3 changes: 0 additions & 3 deletions docs/source/ops_guide.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,10 @@ Operations Guides
.. toctree::
:maxdepth: 1

upgrade_to_newest_version
orderer_deploy
config_update
msp
hsm.md
configtx
capability_requirements
endorsement-policies
pluggable_endorsement_and_validation
access_control.md
Expand Down
15 changes: 8 additions & 7 deletions docs/source/tutorials.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,19 +5,20 @@ We offer tutorials to get you started with Hyperledger Fabric.
The first is oriented to the Hyperledger Fabric **application developer**,
:doc:`write_first_app`. It takes you through the process of writing your first
blockchain application for Hyperledger Fabric using the Hyperledger Fabric
`Node SDK <https://github.com/hyperledger/fabric-sdk-node>`__.
`Node SDK <https://github.com/hyperledger/fabric-sdk-node>`_. For a more developer
focused experience for developing apps, check out :doc:`developapps/developing_applications`.

The second tutorial is oriented towards the Hyperledger Fabric network
We also have a tutorial oriented towards the Hyperledger Fabric network
operators, :doc:`build_network`. This one walks you through the process of
establishing a blockchain network using Hyperledger Fabric and provides
a basic sample application to test it out.

There are also tutorials for updating your channel, :doc:`channel_update_tutorial`, and
upgrading your network to a later version of Hyperledger Fabric, :doc:`upgrading_your_network_tutorial`.
There are two tutorials for updating a channel: :doc:`config_update` and
:doc:`updating_capabilities`, while :doc:`upgrading_your_components` shows how
to upgrade components like peers, ordering nodes, SDKs, and more.

Finally, we offer two chaincode tutorials. One oriented to developers,
:doc:`chaincode4ade`, and the other oriented to operators,
:doc:`chaincode4noah`.
:doc:`chaincode4ade`, and the other oriented to operators, :doc:`chaincode4noah`.

.. note:: If you have questions not addressed by this documentation, or run into
issues with any of the tutorials, please visit the :doc:`questions`
Expand All @@ -30,8 +31,8 @@ Finally, we offer two chaincode tutorials. One oriented to developers,
write_first_app
tutorial/commercial_paper
build_network
config_update.md
channel_update_tutorial
upgrading_your_network_tutorial
private_data_tutorial
chaincode
chaincode4ade
Expand Down
Loading

0 comments on commit 5e4ede7

Please sign in to comment.