Step-by-step
-
Overview of Hyperledger Iroha
Hyperledger Iroha is a general-purpose permissioned blockchain system hosted by The Linux Foundation. It was contributed by Soramitsu, Hitachi, NTT DATA, and Colu. Hyperledger Iroha is written in C++ and incorporates the BFT consensus algorithm, named Yet Another Consensus (YAC). Hyperledger Iroha consists of simple deployment and fast development. It can be used in applications that manage digital assets, identity, interbank payment, and so on.
For those who are not familiar with Hyperledger project Intro to Hyperledger Family and Hyperledger Blockchain Ecosystem and Hyperledger Design Philosophy and Framework Architecture articles are strongly recommended.
To better follow and understand this recipe, it is advisable to read and follow Install Hyperledger Iroha on AWS recipe in advance.
In this recipe, we will learn how to configure the Iroha peer node and define the domain, role, permission, and account for the Iroha network. -
Configure Hyperledger Iroha Docker
Before configuring the Iroha network, we will restart the Iroha network that was installed in the Installing Hyperledger Iroha on AWS recipe and install a text editor on the Iroha Docker container, which will be used to edit Iroha configuration files in this recipe:
1. Restart the Iroha Docker containers that were installed in a previous recipe with the following commands:
ubuntu@ip-172-31-90-67:~/iroha/iroha$ sudo docker start postgresDB postgresDB
ubuntu@ip-172-31-90-67:~/iroha/iroha$ sudo docker start iroha iroha
ubuntu@ip-172-31-90-67:~/iroha/iroha$ sudo docker exec -it iroha /bin/bash
root@8a0356adcbe3:/opt/iroha_data# irohad –config config.docker — keypair_name node0
[2018-11-10 02:04:43.705004415][th:19][info] MAIN config initialized [2018-11-10 02:04:43.706783634][th:19][info] IROHAD created
[2018-11-10 02:04:43.703153002][th:19][info] MAIN start2. Install the nano text editor on the Iroha container:
root@b551830ade0e:/opt/iroha_data# apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]
root@b551830ade0e:/opt/iroha_data# apt-get install nano Reading package lists… Done
-
Configure Hyperledger Iroha Network
Follow these steps to configure Hyperledger Iroha Network:
1. Go to the bash Iroha container:
sudo docker exec -it iroha /bin/bash
2. Specify the Iroha network parameters in the config.docker configuration file:
{
“block_store_path” : “/tmp/block_store/”,
“torii_port” : 50051,
“internal_port” : 10001,
“pg_opt” : “host=postgresDB port=5432 user=postgres password=mysecretpassword”,
“max_proposal_size” : 10,
“proposal_delay” : 5000,
“vote_delay” : 5000,
“mst_enable” : false}
3. Specify the genesis configuration in the genesis.block file. This can be done by first adding a peer node when the network is created:
“addPeer”:{
“peer”:{
“address”:”0.0.0.0:10001”,
“peerKey”:”vd1YQE0TFeDrJ5AsXXyOsGAsFiOPAFdz30BrwZEwiSk=”}
}
4. Add the admin role:
“createRole”:{
“roleName”:”admin”,
“permissions”:[
“can_add_peer”,
“can_add_signatory”,
“can_create_account”,
“can_create_domain”,
“can_get_all_acc_ast”,
“can_get_all_acc_ast_txs”,
“can_get_all_acc_detail”,
“can_get_all_acc_txs”,
“can_get_all_accounts”,
“can_get_all_signatories”,
“can_get_all_txs”,
“can_get_blocks”,
“can_get_roles”,
“can_read_assets”,
“can_remove_signatory”,
“can_set_quorum”]
}
5. Add the domain:
“createDomain”:{“domainId”:”ico”,
“defaultRole”:”user”
}
6. Add the admin account and assign an admin role to the account:
“createAccount”:{“accountName”:”admin”,
“domainId”:”ico”,
“publicKey”:”MToH5jhHdu2VRHcQ0V5ZFIRzzPwFKmgTF6cqafKkmRA=”}
},
“appendRole”:{
“accountId”:”admin@ico”,
“roleName”:”admin”}
-
Put Things Together
The Iroha daemon command (irohad) is used to start the Iroha peer node. The following parameters are set for this:
- config: The configuration file for the block store path, client port, peer port, database, and so on.
- keypair_name: The public and private key file name used by the peer.
- genesis_block: The initial block in the network and domain, role, accounts, and so on to start the hedger. If you’re restarting an existing Iroha network, this parameter should be ignored.
In the Iroha daemon configuration file, the parameters are as follows:
block_store_path Path to store blocks.
torii_port
Port for client (default 50051).
internal_port
Port for communication between peers (default 10001).
pg_opt
Connection to the PostgresSQL database.
max_proposal_size
 Maximum size of the block proposal.
vote_delay
The period of time (in ms) to wait before sending a vote for consensus to the other peer nodes.
mst_enable
Switch multi-signatures transactions on/off.
Â
In the genesis_block file, peers, domain, role, permission, accounts, and so on can be specified. Hyperledger Iroha provides role-based permission control. The roles and accounts could be set up in the genesis_block file when starting the network. It could also be updated using built-in commands when the hedger is started.
The following is a list of main permissions for different categories in the Iroha system:
- Permissions for the account:
can_create_account
can_get_all_acc_detail
can_get_domain_acc_ast
can_set_detail
can_get_domain_accounts
can_get_all_acc_ast_txs
can_get_all_accounts
can_get_all_acc_ast
can_get_domain_acc_ast_txs
Â
- Permissions for the roles:
can_create_role https://iroha.readthedocs.io/en/latest/ maintenance/permissions.html#can-create-role
can_append_role
https://iroha.readthedocs.io/en/latest/ maintenance/permissions.html#can-append-role
can_get_roles
https://iroha.readthedocs.io/en/latest/ maintenance/permissions.html#can-get-roles
- Permissions for the assets:
can_create_asset
https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-create-asset
can_receive
https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-receive
can_transfer
https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-transfer
Â
- Â Grantable permissions:
can_set_my_account_detail
https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-set-my-account-detail
Â
can_transfer_my_assets
https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-transfer-my-assets
can_get_my_acc_detail
https://iroha.readthedocs.io/en/latest/maintenance/permissions.html#can-get-my-acc-detail
Â
The admin accounts can update roles and permissions for other accounts, and the individual account can update grantable permissions for other accounts to access their assets, transactions, and so on to their account.
Now that you learned how to configure the Hyperledger Iroha peer node and define the domain, role, permission, and account for the Iroha network, you can move on to Working with Hyperledger Iroha using CLI to Create Cryptocurrency recipe.
This recipe is written in collaboration with Brian Wu who is a senior Hyperledger instructor at Coding Bootcamps school in Washington DC.