Overview

Skill Level: Any Skill Level

In this recipe, you learn how to configure Hyperledger Iroha peer node and define the domain, role, permission, and account for its network.

Ingredients

To follow and complete this recipe, you need to have good knowledge of blockchain, Hyperledger transactions, JavaScript as well as basic knowledge of Linux.

Step-by-step

  1. Overview of Hyperledger Iroha

    Hyperledger Iroha is a general-purpose permissioned blockchain system hosted by The Linux Foundation. It was contributed by Soramitsu, Hitachi, NTT DATA, and Colu. Hyperledger Iroha is written in C++ and incorporates the BFT consensus algorithm, named Yet Another Consensus (YAC). Hyperledger Iroha consists of simple deployment and fast development. It can be used in applications that manage digital assets, identity, interbank payment, and so on.

    For those who are not familiar with Hyperledger project Intro to Hyperledger Family and Hyperledger Blockchain Ecosystem and Hyperledger Design Philosophy and Framework Architecture articles are strongly recommended.

    To better follow and understand this recipe, it is advisable to read and follow Install Hyperledger Iroha on AWS recipe in advance.
    In this recipe, we will learn how to configure the Iroha peer node and define the domain, role, permission, and account for the Iroha network.

  2. Configure Hyperledger Iroha Docker

    Before configuring the Iroha network, we will restart the Iroha network that was installed in the Installing Hyperledger Iroha on AWS recipe and install a text editor on the Iroha Docker container, which will be used to edit Iroha configuration files in this recipe:

    1. Restart the Iroha Docker containers that were installed in a previous recipe with the following commands:

    ubuntu@ip-172-31-90-67:~/iroha/iroha$ sudo docker start postgresDB postgresDB

    ubuntu@ip-172-31-90-67:~/iroha/iroha$ sudo docker start iroha iroha

    ubuntu@ip-172-31-90-67:~/iroha/iroha$ sudo docker exec -it iroha /bin/bash

    root@8a0356adcbe3:/opt/iroha_data# irohad –config config.docker — keypair_name node0
    [2018-11-10 02:04:43.703153002][th:19][info] MAIN start

    [2018-11-10 02:04:43.705004415][th:19][info] MAIN config initialized

    [2018-11-10 02:04:43.706783634][th:19][info] IROHAD created

    2. Install the nano text editor on the Iroha container:

    root@b551830ade0e:/opt/iroha_data# apt-get update

    Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]

    root@b551830ade0e:/opt/iroha_data# apt-get install nano Reading package lists… Done

  3. Configure Hyperledger Iroha Network

    Follow these steps to configure Hyperledger Iroha Network:

    1. Go to the bash Iroha container:

    sudo docker exec -it iroha /bin/bash

    2. Specify the Iroha network parameters in the config.docker configuration file:

    {

    “block_store_path” : “/tmp/block_store/”,
    “torii_port” : 50051,
    “internal_port” : 10001,
    “pg_opt” : “host=postgresDB port=5432 user=postgres password=mysecretpassword”,
    “max_proposal_size” : 10,
    “proposal_delay” : 5000,
    “vote_delay” : 5000,
    “mst_enable” : false

    }

    3. Specify the genesis configuration in the genesis.block file. This can be done by first adding a peer node when the network is created:

    “addPeer”:{

    “peer”:{

    “address”:”0.0.0.0:10001”,
    “peerKey”:”vd1YQE0TFeDrJ5AsXXyOsGAsFiOPAFdz30BrwZEwiSk=”

    }

    }

    4. Add the admin role:

    “createRole”:{

    “roleName”:”admin”,
    “permissions”:[
    “can_add_peer”,
    “can_add_signatory”,
    “can_create_account”,
    “can_create_domain”,
    “can_get_all_acc_ast”,
    “can_get_all_acc_ast_txs”,
    “can_get_all_acc_detail”,
    “can_get_all_acc_txs”,
    “can_get_all_accounts”,
    “can_get_all_signatories”,
    “can_get_all_txs”,
    “can_get_blocks”,
    “can_get_roles”,
    “can_read_assets”,
    “can_remove_signatory”,
    “can_set_quorum”

    ]

    }

    5. Add the domain:
    “createDomain”:{

    “domainId”:”ico”,

    “defaultRole”:”user”

    }

    6. Add the admin account and assign an admin role to the account:
    “createAccount”:{

    “accountName”:”admin”,
    “domainId”:”ico”,
    “publicKey”:”MToH5jhHdu2VRHcQ0V5ZFIRzzPwFKmgTF6cqafKkmRA=”

    }

    },

    “appendRole”:{

    “accountId”:”admin@ico”,
    “roleName”:”admin”

    }

  4. Put Things Together

    The Iroha daemon command (irohad) is used to start the Iroha peer node. The following parameters are set for this:

    • config: The configuration file for the block store path, client port, peer port, database, and so on.
    • keypair_name: The public and private key file name used by the peer.
    • genesis_block: The initial block in the network and domain, role, accounts, and so on to start the hedger. If you’re restarting an existing Iroha network, this parameter should be ignored.

    In the Iroha daemon configuration file, the parameters are as follows:

    block_store_path 

    Path to store blocks.

    torii_port

    Port for client (default 50051).

    internal_port

    Port for communication between peers (default 10001).

    pg_opt

    Connection to the PostgresSQL database.

    max_proposal_size

     Maximum size of the block proposal.

    vote_delay

    The period of time (in ms) to wait before sending a vote for consensus to the other peer nodes.

    mst_enable

    Switch multi-signatures transactions on/off.

     

    In the genesis_block file, peers, domain, role, permission, accounts, and so on can be specified. Hyperledger Iroha provides role-based permission control. The roles and accounts could be set up in the genesis_block file when starting the network. It could also be updated using built-in commands when the hedger is started.

    The following is a list of main permissions for different categories in the Iroha system:

    • Permissions for the account:

    can_create_account

    can_get_all_acc_detail

    can_get_domain_acc_ast

    can_set_detail

    can_get_domain_accounts

    can_get_all_acc_ast_txs

    can_get_all_accounts

    can_get_all_acc_ast

    can_get_domain_acc_ast_txs

     

    • Permissions for the roles:
    can_create_role

    https://iroha.readthedocs.io/en/latest/ maintenance/permissions.html#can-create-role

    can_append_role

    https://iroha.readthedocs.io/en/latest/ maintenance/permissions.html#can-append-role

    can_get_roles

    https://iroha.readthedocs.io/en/latest/ maintenance/permissions.html#can-get-roles

    • Permissions for the assets:

    can_create_asset

    https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-create-asset

    can_receive

    https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-receive

    can_transfer

    https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-transfer

     

    • ¬†Grantable permissions:

    can_set_my_account_detail

    https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-set-my-account-detail

     

    can_transfer_my_assets

    https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-transfer-my-assets

    can_get_my_acc_detail

    https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-get-my-acc-detail

     

    The admin accounts can update roles and permissions for other accounts, and the individual account can update grantable permissions for other accounts to access their assets, transactions, and so on to their account.
    Now that you learned how to configure the Hyperledger Iroha peer node and define the domain, role, permission, and account for the Iroha network, you can move on to Working with Hyperledger Iroha using CLI to Create Cryptocurrency recipe.
    This recipe is written in collaboration with Brian Wu who is a senior Hyperledger instructor at Coding Bootcamps school in Washington DC.

Join The Discussion