Deploy a highly available and disaster recovery capable IBM Blockchain Platform network on IBM Cloud

Introduction

Hyperledger Fabric, from Linux Foundation, is an enterprise quality permissioned/private distributed ledger technology platform that features plug-and-play modularity designed for a wide variety of permissioned blockchain industry use cases. The IBM Blockchain Platform is a collection of capabilities that are offered as hosted managed (IBM Blockchain Platform SaaS) or unmanaged (IBM Blockchain Platform software) service offerings in the form of a blockchain/SaaS distributed ledger technology network.

This tutorial takes you through the steps to deploy a basic IBM Blockchain Platform network using Ansible to automate the process. You can choose to deploy all the components required to run an industrial strength Hyperledger Fabric blockchain network hosted on a Containers-as-a-service (CaaS) Kubernetes cluster either as an IBM Cloud Kubernetes Service or RedHat OpenShift Container Platform as a service. This tutorial also teaches you how to build a Travis pipeline to bootstrap the network, deploy a reference use case sample named commercial paper, and validate the end-to-end flow by submitting query and invoke transactions using the recommended toolchain and IBM Blockchain Platform Extension for Visual Studio Code. You can apply the concepts that you learn here to perform deployments to any cloud platform.

Prerequisites

To complete this tutorial, you need:

Estimated Time

  • 60 minutes: Review the end-to-end process flow of the tutorial and critically understand the concepts
  • 25-30 minutes: Deploy the Kubernetes cluster
  • 5 minutes: Deploy the IBM Blockchain Platform
  • 25 minutes: Verify performance

Steps

This tutorial requires the following network components at a minimum:

  • 1 channel that includes 2 peer orgs and 1 orderer org
  • Each peer org has:

    • 1 Membership Service Provider (MSP)
    • 1 certificate authority (CA)
    • 3 peers (this is recommended assuming that 1 peer is not available and another peer is being serviced at the same time)
  • The orderer has 1 order CA

Step 1. Set up the IBM Blockchain Platform

Ansible is a tool that automates the deployment and tear down of blockchain networks by enabling infrastructure as code. It reduces errors, allows for version control, and is a declarative human-readable automation best practice. These steps apply to all releases of IBM Blockchain Platform version 2.5. An Ingress Kubernetes API resource object facilitates access to private services of a Kubernetes private network (non-Internet routable) externally using HTTP. Ingress provides for capabilities such as load balancing, SSL termination, and name-based virtual hosting. By default, IBM Cloud provides for Ingress capabilities. However, solutions can bring in their own custom Ingress capabilities/functionality. Learn more about Ingress and bringing your own Ingress controller.

  1. Install Ansible.
  2. Create a new Ansible playbook file named install-ibp.yml. Refer to the repositories with Ansible playbooks for both Kubernetes and Red Hat OpenShift deployments. Copy and paste the content for Kubernetes or Red Hat OpenShift into this new playbook, depending on the type of cluster that you are using:
ansible-galaxy collection install ibm.blockchain_platform:0.0.28 –force
ansible-playbook install-ibp.yml

Step 2. Generate an IBM Blockchain Platform API key version 2

  1. Create the IBM Blockchain Platform API key for the playbook.

Step 3. Install ibm_blockchain_platform_manager for Ansible

This automates the deployment of the network.

  1. Set up blockchain_platform_manager.
ansible-galaxy install ibm.blockchain_platform_manager

Step 4. Deploy the network using the Ansible playbook

  1. For RedHat OpenShift Container Platform and IBM Kubernetes Service, change the infrastructure to software and insert the API key from Step 2 in the playbook.yml.
  2. Specify the smart contract in the playbook.yml.
ansible-playbook playbook.yml

This step can take up to 30 minutes. If it fails, retry.

Step 5. Verify available node information using the Visual Studio Code extension

The IBM Blockchain Platform developer tooling features IBM Blockchain Platform VS Code extension – enabling developers to undertake iterative and incremental test driven development, local and remote deployment, polyglot programming capabilities for multiple and supported programming languages [smart contract logic as well as middleware business logic], automated test case generation using templates and boilerplate code, integration with source code repositories, discovery capabilities of remote target runtime environments and many more.

  1. Connect your Hyperledger Fabric instance to the Visual Studio Code extension.

Step 6. Invoke a sample transaction using the IBM Blockchain Platform VS Code extension

  1. Select a Fabric gateway from Fabric environment panel.
  2. Select the credentials to connect as (admin).
  3. Navigate to the contract.
  4. Right-click the issue and click Submit Transaction.
  5. Enter the transaction information (for example, using commercial paper: [“Magnetocorp”, “00001”, “2020-05-31”, “2020-11-30”, “5000000”]).

Once submitted, you should see success in the console.

Step 7. Tear down the network

To tear down the network and remove the deployed resources in the playbook, change the state to absent in the playbook.yml. There’s a good chance the persistent volumes will not be removed, so you might need to remove them manually.

Summary

This tutorial showed you the steps to create your blockchain network, create an Ansible playbook, deploy the blockchain network in an automated fashion using the playbook, and verify the capabilities of the network using the IBM Blockchain Platform VS Code extension. If you want to update the Kubernetes cluster or the underlying operating system on which it runs, you can go forward with the general updates to the deployed instance with automation. Otherwise, you can go forward with manual upgrades via the IBM Cloud console or command line.

As a follow-on step to successfully bootstrapping a blockchain network with a hosted end-to-end application running (such as the commercial paper), you can begin to undertake HA/DR testing by bringing down a subset of component microservices one at a time and making sure that the application is still available (such as bringing down one zone at a time in a rolling sequence mode).

As a related and relevant topic, in connection with secrets management and for safeguarding sensitive information when externalizing passwords, OAuth tokens, and ssh keys, it is recommended to use a Kubernetes secrets object encoded in base64 encoding. Sensitive information should not be stored in clear text, in an image, a deployment configuration YAML/JSON file, or injected through an environment variable and utmost care should be taken to protect this information. The kubectl “create secret” command enables creation and packaging of sensitive information into a Kubernetes object. For enhanced protection of sensitive data being stored at rest in etcd object store, encryption at rest of secret technique of encoded secret data can be employed.

Acknowledgements

We thank all those and more who were a part of the OpenShift Everywhere experiential endeavors: Buddy Ballentine, Eravimangalath P Naveen, Soumyadeep Paul, Nagesh Subrahmanyam, Boddapati Datta Sindhoora, Nagaraj Chinni1, Crystal L Conner, Priti Srikrishnan, Bhagyashree Jayaram, Arjun S Babu, Abhijit Paul, Amitava Parial, Diptiman Dasgupta, Sudip Dutta, and Srinivasa G Raghavan, Syed Ahmad, Neil Delima, and Mary Ferguson.

A special thank you to our leadership and sponsors who have supported us in our efforts: KHV Prasad, Benjamin Duignan, Nagarajan Seshadri, Ram Viswanathan, and Blaine Dolph.