Abstract: Hyperledger Fabric, the most influential open source blockchain in the world, recently announced the official release of version 1.1, bringing a series of rich new functions and significant improvements in security, performance and scalability. The Alibaba Cloud Container Service blockchain solution was upgraded synchronously for the first time. Based on the new functions of v1.1, it provided enhancements such as elastic bare metal server (Shenlong), built-in containerized Explorer, and integrated Alibaba Cloud log service.
As one of the most influential projects in the global open source blockchain field, Hyperledger recently announced the official release of Hyperledger Fabric v1.1. This upgrade brings a wealth of new features and significant improvements in security, performance, and scalability. For more details, please refer to the following materials:
- Hyperledger Fabric v1.1 official release blog: https://www.hyperledger.org/blog/2018/03/20/hyperledger-fabric-v1-1-released
- Hyperledger Fabric GitHub source code project: https://github.com/hyperledger/fabric
- Hyperledger Fabric project roadmap: https://wiki.hyperledger.org/projects/fabric/roadmap
At the same time, as a support for the open source blockchain ecosystem, the Alibaba Cloud Container Service blockchain solution has also been upgraded synchronously. This upgrade not only supports Hyperledger Fabric v1.1.0 GA version on Kubernetes clusters for the first time, but also brings new functional enhancements and user experience optimization in the following aspects:
- Support the new Node.js type chaincode and related examples, as well as the adaptation in the domestic cloud environment
- Support new functions and related examples of ledger data encryption at the chaincode level
- Support for new connection profiles and automatic generation
- and support for other Hyperledger Fabric v1.1 new features
- Support Alibaba Cloud Elastic Bare Metal Server (Shenlong)
- Hyperledger Blockchain Explorer with built-in containerization
- Integrate Alibaba Cloud Log Service
- Data directory cleaning to optimize the blockchain network deletion process
This article will provide a technical interpretation of these major new features. Before we start, we have prepared a short video to give you a quick understanding of the general process of using this blockchain solution in the Kubernetes environment of Alibaba Cloud Container Service.
Get to know the latest version of the container service blockchain solution in one minute
The latest version of the blockchain solution supports one-click deployment from the acs-hyperledger-fabric GUI of the container service Kubernetes application catalog. In addition, on the parameter page, richer custom configurations can be achieved by direct editing, such as changing the blockchain network topology, specifying network ports, enabling/disabling functions, and so on.
In the above video demonstration, we performed the following steps in sequence:
- Configure and deploy a blockchain network with one click
- Container Service Kubernetes Console View and manage blockchain network services and containers
- Run a CLI test that simulates a transfer transaction smart contract
- Run a containerized, graphical blockchain browser
- Container service console to view the blockchain network operation log
It should be noted that the environment preparation work must be completed before the video demonstration operation. For specific steps, please refer to the relevant documentation guide .
New: Node.js Type Chaincode Support
In this upgrade of Hyperledger Fabric v1.1, on top of the original Golang type (Java type has not officially announced support), support for the popular Node.js programming language type of smart contracts (ie chaincode) has been added. This will further expand and enrich the application development ecosystem of Hyperledger Fabric, attracting more developers to join the innovation of blockchain applications.
On this basis, through the source code analysis of Fabric, we solve the problem that the Node.js type chaincode instantiation process that may be encountered in the domestic network environment fails in the blockchain solution, and the chaincode image cannot be created. limitations.
If you want to experience the chaincode of Node.js type, you can use the CLI method or the Client SDK method, and specify the chaincode language type through parameters. The solution provides a sample script based on the official cli-test.sh, and a client SDK sample program based on the official balance-transfer.
Node.js type chaincode example in CLI way
Node.js type example chaincode source code location:
Node.js type chaincode example in SDK way
It should be noted that due to the characteristics of the compilation and construction of the Node.js application itself, the chaincode instantiation time of Node.js type in Hyperledger Fabric is longer than that of Golang type, so you need to wait a little in this link.
New feature: Chaincode level encryption and signing of ledger data
Hyperledger Fabric v1.1 adds support for encrypting/decrypting, signing/verifying transaction data at the chaincode level (that is, the Value in the Key-Value in StateDB, which is passed in when calling chaincode). In this way, after business applications hand over commercial sensitive data to the blockchain, the data throughout the entire process (including landing on the ledger) is further protected by standard or user-extensible encryption algorithms and signature algorithms on top of the original security mechanism, further Improved data security.
The official documentation about this feature can be found here:
http://hyperledger-fabric.readthedocs.io/en/latest/chaincode4ade.html?highlight=chaincode%20encryption#chaincode-encryption
In the blockchain solution of container service, we provide the official EncCC sample program for running in the CLI environment, so that users can understand the use and working mechanism of this function. In this example, the value "value1" of the key "key1" is first encrypted and recorded on the ledger; then the key "key1" is read and its value is decrypted, and the output shows "value1"; then, the key "key2" The value "value2" is encrypted and digitally signed and recorded on the ledger. Finally, the key "key2" is read and decrypted and the signature is verified to obtain the final value. The output shows "value2".
It should be noted that before using the CLI sample program, please create the corresponding channel (for example, by running cli-tset.sh).
Example program source code reference:
https://github.com/hyperledger/fabric/tree/release-1.1/examples/chaincode/go/enccc_example
New: Connection Profile for Client SDK applications
In response to the problem that different types of blockchain applications have different description methods for blockchain network topology and connection information, in order to provide a more unified and standardized application connection configuration, Hyperledger Fabric v1.1 began to support Connection Profile, At present, it is mainly for Node.js type Client SDK applications, and it is expected to be extended to more types of SDK applications in the future.
In this blockchain solution upgrade, this function is also supported synchronously, and can be automatically generated according to the blockchain network topology configuration (channel, peer, orderer, ca, etc.), public network access address and port information entered by the user. Connection Profile applies the connection configuration file (ie network-config.yaml) and provides it to users for download. In our Client SDK example balancer-transfer-app , a script is also used to download all certificate keys and configuration files such as Connection Profile with one click.
An example of the location and part of the Connection Profile automatically generated by the solution is as follows:
For more information on the descriptions of the fields of the Connection Profile, please refer to the following document:
https://github.com/hyperledger/fabric-samples/blob/release-1.1/balance-transfer/artifacts/network-config.yaml
New feature: Support Alibaba Cloud Elastic Bare Metal Server (Shenlong)
This blockchain solution upgrade officially supports Hyperledger Fabric running on Alibaba Cloud Elastic Bare Metal Server (Shenlong) . Alibaba Cloud Elastic Bare Metal Server can provide high computing performance that is indistinguishable from ordinary physical machines, while also providing physical machine-level security isolation. These features bring a solid operating environment guarantee for improving the security risk prevention capability of blockchain-based business systems and strengthening the protection of data and privacy. On this basis, the high computing performance and elastic horizontal scaling capabilities of elastic bare metal servers, combined with the cost-level performance and scalability improvements of Hyperledger Fabric, are expected to further enhance the business processing capabilities of blockchain applications and systems.
从使用方式上,我们提供了基本无缝支持的体验,用户只需在创建容器服务Kubernetes集群中选择弹性裸金属服务器(现阶段需用户提前通过工单开通弹性裸金属服务器的按量付费类型选择的白名单)作为worker节点;然后按照标准的区块链解决方案的创建部署流程操作即可。
新功能:内置容器化的区块链浏览器
区块链解决方案支持基于标准SDK开发的区块链管控工具、浏览器等与区块链网络连接。在此次升级中,区块链解决方案进一步地将Hyperledger官方开源的Blockchain Explorer 进行了容器化改造,实现了Explorer本身以及其所依赖的MySQL数据库作为Kubernetes的service和deployment内置于解决方案中(默认启用,可设置禁用),随着区块链网络的创建实现自动配置、部署、启动和通过负载均衡(SLB)对外提供Web图形化的区块链网络业务交易监控服务。
需要说明的是,区块链浏览器的使用前提是先创建出channel(如通过cli-test.sh)。
新功能:集成阿里云日志服务
区块链解决方案原生支持容器服务控制台的日志功能,以及Kubernetes的kubectl logs命令查看功能。利用前者可以在Web界面上便捷地查看区块链网络中Peer、Orderer、CA、Kafka、Zookeeper等节点的容器日志信息,一个示例如下:
在此基础上,最新版的容器服务解决方案进一步支持与阿里云日志服务进行集成,为企业客户提供如日志存储、实时索引/查询/分析、日志告警、可视化报表等更高级的日志功能。集成的关键参数可在创建部署区块链网络的页面进行直接设置,具体使用方法可参考该方案的产品文档。
在阿里云日志服务控制台查询和分析日志的效果如下图所示。关于日志服务完整的查询分析语法以及更多高级功能说明, 可参考日志服务的产品文档。
New: Remove process data directory processing optimization
Considering that users of some blockchain solutions need to frequently create and delete blockchain networks in the development and testing environment, in order to further improve efficiency, this program upgrade optimizes the optimization of data directory cleaning. Specifically, when the blockchain network is deleted (for example, using the helm delete command), the corresponding data directory name will be automatically added with the following suffix: -deleted-当前时间戳. The reason why it is not directly deleted is mainly to prevent the risk of human error and to meet the purpose of some users who want to reuse the original data.
Suppose the original data directory is:
/data/fabric/network01After the blockchain network is deleted, the data directory will be renamed to something like the following:
/data/fabric/network01-deleted-2018-03-21-041756In this way, the user's operation experience on the blockchain creation-deletion-creation process can be further optimized (because some users need to perform such operations frequently for development and debugging). In addition, if you need to completely clean up the data directory to free up storage space, you can run the rm command manually or combine it with automated scripts.
Summarize
Since its official release in October 2017, the container service blockchain solution has been recognized and adopted by a large number of developers and enterprise users from retail, finance, manufacturing, multimedia and other industries. The blockchain development and testing environment quickly builds blockchain-based business innovation applications. With the upgrade of Hyperledger Fabric v1.1 and blockchain solutions, it will further help our users to create enterprise-level blockchain business with more complete functions, higher performance, stronger security and better usability application.