文章目录
- 区块链网络(Blockchain network)
- 什么是区块链网络(What is a blockchain network)?
- 网络样例(The sample network)
- 创建网络(Creating the Network)
- 增加网络管理员(Adding Network Administrators)
- 定义一个联盟(Defining a Consortium)
- 为联盟创建通道(Creating a channel for a consortium)
- 对等节点和账本(Peers and Ledgers)
- 应用程序和智能合约链代码(Applications and Smart Contract chaincode)
- 完整网络(Network completed)
- 简化视觉词汇(Simplifying the visual vocabulary)
- 增加另一个联盟定义(Adding another consortium definition)
- 增加一个新通道(Adding a new channel)
- 增加另一个节点(Adding another peer)
- 加入一个节点到多通道(Joining a peer to multiple channels)
- 网络彻底建好(Network fully formed)
- 网络摘要(Network summary)
区块链网络(Blockchain network)
This topic will describe, at a conceptual level, how Hyperledger Fabric allows organizations to collaborate in the formation of blockchain networks. If you’re an architect, administrator or developer, you can use this topic to get a solid understanding of the major structure and process components in a Hyperledger Fabric blockchain network. This topic will use a manageable worked example that introduces all of the major components in a blockchain network. After understanding this example you can read more detailed information about these components elsewhere in the documentation, or try building a sample network.
本主题将从概念层面描述Hyperledger Fabric如何允许组织在区块链网络的形成过程中进行协作。如果你是架构师、管理员或开发人员,您可以使用这个主题来深入了解Hyperledger Fabric区块链网络中的主要结构和过程组件。本主题将使用一个易于管理的示例,该示例介绍了区块链网络中的所有主要组件。在理解这个示例之后,您可以在文档的其他地方阅读关于这些组件的更详细信息,或者尝试构建一个示例网络。
After reading this topic and understanding the concept of policies, you will have a solid understanding of the decisions that organizations need to make to establish the policies that control a deployed Hyperledger Fabric network. You’ll also understand how organizations manage network evolution using declarative policies – a key feature of Hyperledger Fabric. In a nutshell, you’ll understand the major technical components of Hyperledger Fabric and the decisions organizations need to make about them.
阅读完本主题并理解了策略的概念之后,您将对组织需要做出的决策有一个坚实的了解,以建立控制部署Hyperledger Fabric网络的策略。您还将了解组织如何使用声明性策略管理网络进化——这是Hyperledger Fabric的一个关键特性。简单地说,您将了解Hyperledger Fabric的主要技术组件以及组织需要为此做出的决策。
什么是区块链网络(What is a blockchain network)?
A blockchain network is a technical infrastructure that provides ledger and smart contract (chaincode) services to applications. Primarily, smart contracts are used to generate transactions which are subsequently distributed to every peer node in the network where they are immutably recorded on their copy of the ledger. The users of applications might be end users using client applications or blockchain network administrators.
区块链网络是向应用程序提供帐本和智能合约(链代码)服务的技术基础设施。首先,智能合约用于生成交易,这些交易随后被分发到网络中的每个对等节点,并被不可变地记录在节点的账本副本上。应用程序的用户可能是使用客户端应用程序的最终用户或区块链网络管理员。
In most cases, multiple organizations come together as a consortium to form the network and their permissions are determined by a set of policies that are agreed by the consortium when the network is originally configured. Moreover, network policies can change over time subject to the agreement of the organizations in the consortium, as we’ll discover when we discuss the concept of modification policy.
在大多数情况下,多个组织合并成一个联盟组成网络,它们的许可由该联盟在网络初始配置时同意的一组策略 决定。此外,网络策略可以随着时间的变化而变化,这取决于联盟中组织的一致意见,我们将在讨论修改策略的概念时发现了解这一点。
网络样例(The sample network)
Before we start, let’s show you what we’re aiming at! Here’s a diagram representing the final state of our sample network.
在我们开始之前,让我们看看我们的目标是什么!这是一个表示样例网络最终状态的图。
Don’t worry that this might look complicated! As we go through this topic, we will build up the network piece by piece, so that you see how the organizations R1, R2, R3 and R4 contribute infrastructure to the network to help form it. This infrastructure implements the blockchain network, and it is governed by policies agreed by the organizations who form the network – for example, who can add new organizations. You’ll discover how applications consume the ledger and smart contract services provided by the blockchain network.
不要担心这看起来很复杂!在本主题中我们将逐步构建网络,以便你了解R1、R2、R3和R4这4个组织如何为网络贡献基础设施以帮助形成网络。这个基础结构实现了区块链网络,它由组成网络的组织们达成一致的策略控制——例如,谁可以添加新组织。您将了解应用程序如何使用由区块链网络提供的帐本和智能合约服务。
四个组织,R1, R2, R3和R4已经联合决定,并签署了协议,他们将建立并利用Hyperledger Fabric网络。R4被指定为网络发起者——它被赋予了建立网络初始版本的权力。R4无意在网络上执行业务交易。R1和R2需要在整个网络中进行私有通信,R2和R3也是如此。组织R1有一个客户端应用程序,可以在通道C1中执行业务交易。组织R2有一个客户端应用程序,可以在通道C1和C2中做类似的工作。组织R3有一个客户端应用程序可以在C2通道上实现这一点。对等节点P1维护与C1相关联的帐本L1副本。对等节点P2维护与C1相关联的帐本L1副本和与C2相关联的帐本L2副本。对等节点P3维护与C2相关联的帐本L2副本。网络按照网络配置NC4中指定的策略规则进行管理,网络由组织R1和R4控制。通道C1根据通道配置CC1中指定的策略规则进行管理;该通道由组织R1和R2控制。通道C2根据通道配置CC2中指定的策略规则进行管理;该通道由组织R2和R3控制。有一个排序服务O4,它作为N的网络管理点服务,并使用系统通道。排序服务还支持应用程序通道C1和C2,以便将交易排序到区块进行分发。这四个组织中的每个组织都有一个首选证书颁发机构
Four organizations, R1, R2, R3 and R4 have jointly decided, and written into an agreement, that they will set up and exploit a Hyperledger Fabric network. R4 has been assigned to be the network initiator – it has been given the power to set up the initial version of the network. R4 has no intention to perform business transactions on the network. R1 and R2 have a need for a private communications within the overall network, as do R2 and R3. Organization R1 has a client application that can perform business transactions within channel C1. Organization R2 has a client application that can do similar work both in channel C1 and C2. Organization R3 has a client application that can do this on channel C2. Peer node P1 maintains a copy of the ledger L1 associated with C1. Peer node P2 maintains a copy of the ledger L1 associated with C1 and a copy of ledger L2 associated with C2. Peer node P3 maintains a copy of the ledger L2 associated with C2. The network is governed according to policy rules specified in network configuration NC4, the network is under the control of organizations R1 and R4. Channel C1 is governed according to the policy rules specified in channel configuration CC1; the channel is under the control of organizations R1 and R2. Channel C2 is governed according to the policy rules specified in channel configuration CC2; the channel is under the control of organizations R2 and R3. There is an ordering service O4 that services as a network administration point for N, and uses the system channel. The ordering service also supports application channels C1 and C2, for the purposes of transaction ordering into blocks for distribution. Each of the four organizations has a preferred Certificate Authority.
创建网络(Creating the Network)
Let’s start at the beginning by creating the basis for the network:
让我们开始创建基本的网络:
The network is formed when an orderer is started. In our example network, N, the ordering service comprising a single node, O4, is configured according to a network configuration NC4, which gives administrative rights to organization R4. At the network level, Certificate Authority CA4 is used to dispense identities to the administrators and network nodes of the R4 organization.
当命令启动时,网络就形成了。在我们的示例网络N中,由单个节点O4组成的排序服务根据网络配置NC4进行配置,NC4赋予组织R4管理权限。在网络级,证书颁发机构CA4用于向R4组织的管理员和网络节点分配身份
We can see that the first thing that defines a network, N, is an ordering service, O4. It’s helpful to think of the ordering service as the initial administration point for the network. As agreed beforehand, O4 is initially configured and started by an administrator in organization R4, and hosted in R4. The configuration NC4 contains the policies that describe the starting set of administrative capabilities for the network. Initially this is set to only give R4 rights over the network. This will change, as we’ll see later, but for now R4 is the only member of the network.
我们可以看到,定义网络N的第一件事是排序服务O4。将排序服务看作是网络的初始管理点是很有帮助的。如前所述,O4最初是由组织R4中的管理员配置和启动的,并驻留在R4中。配置NC4包含描述网络初始管理功能集的策略。最初NC4被设置为在网络中只对R4授予权限。这将会改变,稍后我们将看到,但是目前R4是网络的唯一成员。
证书颁发机构(Certificate Authorities)
You can also see a Certificate Authority, CA4, which is used to issue certificates to administrators and network nodes. CA4 plays a a key role in our network because it dispenses X.509 certificates that can be used to identify components as belonging to organization R4. Certificates issued by CAs can also be used to sign transactions to indicate that an organization endorses the transaction result – a precondition of it being accepted onto the ledger. Let’s examine these two aspects of a CA in a little more detail.
你还可以看到一个证书颁发机构CA4,它用于向管理员和网络节点颁发证书。CA4在我们的网络中扮演着关键角色,因为它分发了X.509证书,可以用来识别属于组织R4的组件。CA颁发的证书也可以用来签署交易,以表明某个组织背书交易结果——这是交易结果被账本接受的前提条件。让我们更详细地研究一下CA的这两个方面。
Firstly, different components of the blockchain network use certificates to identify themselves to each other as being from a particular organization. That’s why there is usually more than one CA supporting a blockchain network – different organizations often use different CAs. We’re going to use four CAs in our network; one of for each organization. Indeed, CAs are so important that Hyperledger Fabric provides you with a built-in one (called Fabric-CA) to help you get going, though in practice, organizations will choose to use their own CA.
首先,区块链网络的不同组件使用证书相互标识自己来自某个特定组织。这就是为什么支持区块链网络的CA通常不止一个——不同的组织经常使用不同的CA。我们将在网络中使用4个CA;每个组织一个。CA是那么重要,实际上Hyperledger Fabric为你提供了一个内置的(称为Fabric-CA)CA来帮助你开始工作,尽管在实践中,组织会选择使用自己的CA。
The mapping of certificates to member organizations is achieved by via a structure called a Membership Services Provider (MSP). Network configuration NC4 uses a named MSP to identify the properties of certificates dispensed by CA4 which associate certificate holders with organization R4. NC4 can then use this MSP name in policies to grant actors from R4 particular rights over network resources. An example of such a policy is to identify the administrators in R4 who can add new member organizations to the network. We don’t show MSPs on these diagrams, as they would just clutter them up, but they are very important.
证书到成员组织的映射是通过一个名为成员服务提供者(MSP).的结构实现的。网络配置NC4使用一个命名的MSP来标识CA4分发的证书的属性,CA4将证书持有者与组织R4关联起来。然后,NC4可以在策略中使用这个MSP名称来从R4授予参与者对网络资源的特定权利。这种策略的一个示例是识别R4中的管理员,他们可以向网络添加新的成员组织。我们不会在这些图上显示MSP,因为它们会把图弄乱,但是它们非常重要。
Secondly, we’ll see later how certificates issued by CAs are at the heart of the transaction generation and validation process. Specifically, X.509 certificates are used in client application transaction proposals and smart contract transaction responses to digitally sign transactions. Subsequently the network nodes who host copies of the ledger verify that transaction signatures are valid before accepting transactions onto the ledger.
其次,稍后我们将看到CA颁发的证书是如何在交易发生和验证过程的核心。具体来说,X.509证书用于客户端应用程序交易提议和智能合约交易响应来对交易进行数字签名。随后,托管帐本副本的网络节点在接受交易进账本之前验证交易签名是有效的。
Let’s recap the basic structure of our example blockchain network. There’s a resource, the network N, accessed by a set of users defined by a Certificate Authority CA4, who have a set of rights over the resources in the network N as described by policies contained inside a network configuration NC4. All of this is made real when we configure and start the ordering service node O4.
让我们回顾一下示例区块链网络的基本结构。有一个资源,网络N,由证书颁发机构CA4定义的一组用户访问,这些用户对网络N中的资源拥有一组权限,由网络配置NC4中包含的策略描述。所有这些都在配置和启动排序服务节点O4时实现。
增加网络管理员(Adding Network Administrators)
NC4 was initially configured to only allow R4 users administrative rights over the network. In this next phase, we are going to allow organization R1 users to administer the network. Let’s see how the network evolves:
NC4最初配置为只允许R4用户对网络进行管理。在下一个阶段,我们将允许组织R1的用户管理网络。让我们看看网络是如何进化的:
Organization R4 updates the network configuration to make organization R1 an administrator too. After this point R1 and R4 have equal rights over the network configuration.
组织R4更新网络配置,使组织R1也成为管理员。在此之后,R1和R4对网络配置拥有同等的权利。
We see the addition of a new organization R1 as an administrator – R1 and R4 now have equal rights over the network. We can also see that certificate authority CA1 has been added – it can be used to identify users from the R1 organization. After this point, users from both R1 and R4 can administer the network.
我们看到一个新的组织R1作为管理员添加——R1和R4现在在网络上拥有平等的权利。我们还可以看到,已经添加了证书颁发机构CA1——它可以用来标识来自R1组织的用户。在此之后,R1和R4的用户都可以管理网络。
Although the orderer node, O4, is running on R4’s infrastructure, R1 has shared administrative rights over it, as long as it can gain network access. It means that R1 or R4 could update the network configuration NC4 to allow the R2 organization a subset of network operations. In this way, even though R4 is running the ordering service, and R1 has full administrative rights over it, R2 has limited rights to create new consortia.
尽管排序节点O4在R4的基础设施上运行,但R1共享了对其的管理权限,只要它能够获得网络访问权。这意味着R1或R4可以更新网络配置NC4,使R2组织成为子网运作。这样,即使R4正在运行排序服务,并且R1对其拥有完全的管理权限,R2也有受限的权限来创建新的联盟。
In its simplest form, the ordering service is a single node in the network, and that’s what you can see in the example. Ordering services are usually multi-node, and can be configured to have different nodes in different organizations. For example, we might run O4 in R4 and connect it to O2, a separate orderer node in organization R1. In this way, we would have a multi-site, multi-organization administration structure.
在最简单的形式中,排序服务是网络中是单个节点,你可以在示例中看到这一点。排序服务通常是多节点的,可以配置为在不同的组织中有不同的节点。例如,我们可以在R4中运行O4,并将其连接到组织R1中的另一个排序节点O2。这样,我们就会有一个多站点、多组织的管理结构。
We’ll discuss the ordering service a little more later in this topic, but for now just think of the ordering service as an administration point which provides different organizations controlled access to the network.
我们将在本主题稍后进一步讨论排序服务,但现在只需将排序服务看作是一个管理点,它为不同的组织提供对网络的控制访问。
定义一个联盟(Defining a Consortium)
Although the network can now be administered by R1 and R4, there is very little that can be done. The first thing we need to do is define a consortium. This word literally means “a group with a shared destiny”, so it’s an appropriate choice for a set of organizations in a blockchain network.
虽然网络现在可以由R1和R4管理,但是几乎没有什么可以做的。我们需要做的第一件事是定义一个联盟。这个词字面上的意思是“拥有共同命运的群体”,所以它是区块链网络中一组组织的合适选择。
Let’s see how a consortium is defined:
让我们看看一个联盟是如何定义的:
A network administrator defines a consortium X1 that contains two members, the organizations R1 and R2. This consortium definition is stored in the network configuration NC4, and will be used at the next stage of network development. CA1 and CA2 are the respective Certificate Authorities for these organizations.
网络管理员定义一个联盟X1,其中包含两个成员,即组织R1和R2。该联盟定义存储在网络配置NC4中,将在网络开发的下一个阶段使用。CA1和CA2分别是这俩组织的证书颁发机构。
Because of the way NC4 is configured, only R1 or R4 can create new consortia. This diagram shows the addition of a new consortium, X1, which defines R1 and R2 as its constituting organizations. We can also see that CA2 has been added to identify users from R2. Note that a consortium can have any number of organizational members – we have just shown two as it is the simplest configuration.
由于NC4已经配置好,只有R1或R4可以创建新的联盟。这个图显示了添加了一个新联盟X1,它定义R1和R2为其组成组织。我们还可以看到,添加CA2用来识别R2中的用户。请注意,一个联盟可以有任意数量的组织成员——我们刚刚展示了两个,因为它是最简单的配置。
Why are consortia important? We can see that a consortium defines the set of organizations in the network who share a need to transact with one another – in this case R1 and R2. It really makes sense to group organizations together if they have a common goal, and that’s exactly what’s happening.
为什么联盟很重要?我们可以看到,一个联盟定义了网络中的一组组织,它们需要相互进行交易——在本例中是R1和R2。如果组织有一个共同的目标,那么把它们组在一起是很有意义的,这就是正在发生的事情。
The network, although started by a single organization, is now controlled by a larger set of organizations. We could have started it this way, with R1, R2 and R4 having shared control, but this build up makes it easier to understand.
网络虽然是由单个组织发起的,但现在由更大的组织群控制。我们可以这样开始,R1、R2、R4共享控制,但是这种构建更容易理解。
We’re now going to use consortium X1 to create a really important part of a Hyperledger Fabric blockchain – a channel.
现在,我们将使用联盟 X1来创建Hyperledger Fabric区块链的一个非常重要的部分——通道。
为联盟创建通道(Creating a channel for a consortium)
So let’s create this key part of the Fabric blockchain network – a channel. A channel is a primary communications mechanism by which the members of a consortium can communicate with each other. There can be multiple channels in a network, but for now, we’ll start with one.
因此,让我们创建Fabric区块链网络的关键部分——通道。通道是一个主要的通信机制,通过它,一个联盟的成员可以互相通信。网络中可以有多个通道,但现在,我们先从一个通道开始。
Let’s see how the first channel has been added to the network:
让我们看看第一个通道是如何添加到网络的:
A channel C1 has been created for R1 and R2 using the consortium definition X1. The channel is governed by a channel configuration CC1, completely separate to the network configuration. CC1 is managed by R1 and R2 who have equal rights over C1. R4 has no rights in CC1 whatsoever.
使用联盟X1为R1和R2创建了通道C1。通道由通道配置CC1来管理,完全独立于网络配置。CC1由R1和R2管理,它们对C1拥有同等的权利。R4在CC1中没有任何权利。
The channel C1 provides a private communications mechanism for the consortium X1. We can see channel C1 has been connected to the ordering service O4 but that nothing else is attached to it. In the next stage of network development, we’re going to connect components such as client applications and peer nodes. But at this point, a channel represents the potential for future connectivity.
通道C1为联盟X1提供了一个私有通信机制。我们可以看到通道C1已经连接到排序服务O4,但是没有其他连接到它。在网络开发的下一个阶段,我们将连接诸如客户端应用程序和对等节点之类的组件。但在当前,通道为未来的连通性提供了潜力。
Even though channel C1 is a part of the network N, it is quite distinguishable from it. Also notice that organizations R3 and R4 are not in this channel – it is for transaction processing between R1 and R2. In the previous step, we saw how R4 could grant R1 permission to create new consortia. It’s helpful to mention that R4 also allowed R1 to create channels! In this diagram, it could have been organization R1 or R4 who created a channel C1. Again, note that a channel can have any number of organizations connected to it – we’ve shown two as it’s the simplest configuration.
尽管通道C1是网络N的一部分,但它与网络N有很大区别。还要注意,组织R3和R4不在这个通道中——它用于R1和R2之间的交易处理。在前面的步骤中,我们看到了R4如何授予R1权限来创建新的联盟。值得一提的是,R4还允许R1创建通道!在这个图中,可能是组织R1或R4创建了通道C1。同样,请注意,一个通道可以有任意数量的组织连接到它——我们已经展示了两个,因为这是最简单的配置。
Again, notice how channel C1 has a completely separate configuration, CC1, to the network configuration NC4. CC1 contains the policies that govern the rights that R1 and R2 have over the channel C1 – and as we’ve seen, R3 and R4 have no permissions in this channel. R3 and R4 can only interact with C1 if they are added by R1 or R2 to the appropriate policy in the channel configuration CC1. An example is defining who can add a new organization to the channel. Specifically, note that R4 cannot add itself to the channel C1 – it must, and can only, be authorized by R1 or R2.
再次注意,通道C1对于网络配置NC4有一个完全独立的配置CC1。CC1包含管理R1和R2在通道C1上的权限的策略——正如我们所见,R3和R4在这个通道中没有许可。R3和R4只有被R1或R2添加到通道配置CC1的适当策略中才能与C1交互。例如,定义谁可以向通道添加新组织。特别要注意的是,R4不能将自己添加到通道C1中——它必须并且只能由R1或R2授权。
Why are channels so important? Channels are useful because they provide a mechanism for private communications and private data between the members of a consortium. Channels provide privacy from other channels, and from the network. Hyperledger Fabric is powerful in this regard, as it allows organizations to share infrastructure and keep it private at the same time. There’s no contradiction here – different consortia within the network will have a need for different information and processes to be appropriately shared, and channels provide an efficient mechanism to do this. Channels provide an efficient sharing of infrastructure while maintaining data and communications privacy.
为什么通道如此重要?通道是有用的,因为它们为联盟成员之间的私有通信和私有数据提供了一种机制。通道提供对于其他通道和网络的隐私。Hyperledger Fabric在这方面非常强大,因为它允许组织们共享基础架构并同时保持私有。这里没有矛盾——网络中的不同联盟需要不同的信息和流程来进行适当地共享,而通道提供了一种有效的机制来实现这一点。通道提供了基础设施的高效共享,同时维护了数据和通信的隐私。
We can also see that once a channel has been created, it is in a very real sense “free from the network”. It is only organizations that are explicitly specified in a channel configuration that have any control over it, from this time forward into the future. Likewise, any updates to network configuration NC4 from this time onwards will have no direct effect on channel configuration CC1; for example if consortia definition X1 is changed, it will not affect the members of channel C1. Channels are therefore useful because they allow private communications between the organizations constituting the channel. Moreover, the data in a channel is completely isolated from the rest of the network, including other channels.
我们还可以看到,一旦创建了一个通道,它就真正感觉“脱离了网络”。只有在通道配置中显式指定的组织才能控制它,从现在到将来。同样,从现在开始对网络配置NC4的任何更新都不会对通道配置CC1产生直接影响;例如,如果联盟X1被更改,它将不会影响通道C1的成员。因此,通道是有用的,因为它们允许组成通道的组织之间进行私有通信。此外,通道中的数据与网络的其他部分(包括其他通道)完全隔离。
As an aside, there is also a special system channel defined for use by the ordering service. It behaves in exactly the same way as a regular channel, which are sometimes called application channels for this reason. We don’t normally need to worry about this channel, but we’ll discuss a little bit more about it later in this topic.
另外,还定义了一个特殊的系统通道供排序服务使用。它的工作方式与常规通道完全相同,由于这个原因有时也被称为应用程序通道。我们通常不需要担心这个通道,但是我们会在本主题稍后讨论它。
对等节点和账本(Peers and Ledgers)
Let’s now start to use the channel to connect the blockchain network and the organizational components together. In the next stage of network development, we can see that our network N has just acquired two new components, namely a peer node P1 and a ledger instance, L1.
现在让我们开始使用通道将区块链网络和组织组件连接起来。在网络开发的下一个阶段,我们可以看到我们的网络N刚刚获得了两个新的组件,即一个对等节点P1和一个账本实例L1。
A peer node P1 has joined the channel C1. P1 physically hosts a copy of the ledger L1. P1 and O4 can communicate with each other using channel C1.
对等节点P1已加入通道C1。P1物理上拥有一个账本L1的副本。P1和O4可以通过通道C1进行通信。
Peer nodes are the network components where copies of the blockchain ledger are hosted! At last, we’re starting to see some recognizable blockchain components! P1’s purpose in the network is purely to host a copy of the ledger L1 for others to access. We can think of L1 as being physically hosted on P1, but logically hosted on the channel C1. We’ll see this idea more clearly when we add more peers to the channel.
对等节点是承载区块链帐本副本的网络组件!最后,我们开始看到一些可识别的区块链组件!P1在网络上的目的纯粹是为了给其他人提供一个L1的副本。我们可以将L1看作被物理托管到P1上,但逻辑托管到C1上。当我们向通道中添加更多的对等点时,我们会更清楚地看到这个想法。
A key part of a P1’s configuration is an X.509 identity issued by CA1 which associates P1 with organization R1. Once P1 is started, it can join channel C1 using the orderer O4. When O4 receives this join request, it uses the channel configuration CC1 to determine P1’s permissions on this channel. For example, CC1 determines whether P1 can read and/or write information to the ledger L1.
P1配置的一个关键部分是CA1发出的X.509标识,该标识将P1与组织R1相关联。一旦P1启动,它就可以使用排序节点O4来加入通道C1。当O4接收到这个加入请求时,它使用通道配置CC1来确定P1在这个通道上的许可。例如,CC1决定P1是否可以读写L1信息。
Notice how peers are joined to channels by the organizations that own them, and though we’ve only added one peer, we’ll see how there can be multiple peer nodes on multiple channels within the network. We’ll see the different roles that peers can take on a little later.
请注意,拥有对等节点的组织是如何将对等节点加入到通道的,尽管我们只添加了一个对等节点,但我们将了解如何在网络中的多个通道上有多个对等节点。稍后我们将看到对等节点可以扮演的不同角色。
应用程序和智能合约链代码(Applications and Smart Contract chaincode)
Now that the channel C1 has a ledger on it, we can start connecting client applications to consume some of the services provided by workhorse of the ledger, the peer!
既然通道C1上有了一个帐本,我们就可以开始连接客户端应用程序去使用由帐本的负载工具对等节点提供的一些服务!
Notice how the network has grown:
注意网络如何成长:
A smart contract S5 has been installed onto P1. Client application A1 in organization R1 can use S5 to access the ledger via peer node P1. A1, P1 and O4 are all joined to channel C1, i.e. they can all make use of the communication facilities provided by that channel.
P1上安装了智能合约S5。组织R1中的客户端应用程序A1可以通过对等节点P1使用S5访问帐本。A1、P1、O4都已加入到通道C1,即都可以使用该频道提供的通信设施。
In the next stage of network development, we can see that client application A1 can use channel C1 to connect to specific network resources – in this case A1 can connect to both peer node P1 and orderer node O4. Again, see how channels are central to the communication between network and organization components. Just like peers and orderers, a client application will have an identity that associates it with an organization. In our example, client application A1 is associated with organization R1; and although it is outside the Fabric blockchain network, it is connected to it via the channel C1.
在网络开发的下一个阶段,我们可以看到客端应用程序A1可以使用通道C1连接到特定的网络资源——在这种情况下A1可以连接到对等节点P1和排序节点O4。同样,请查看通道对于网络和组织组件之间的通信是如何起中心作用的。与对等节点和排序节点一样,客户端应用程序将具有与组织相关联的标识。在我们的示例中,客户端应用程序A1与组织R1相关联;尽管它在Fabric区块链网络之外,它通过通道C1连接到网络。
It might now appear that A1 can access the ledger L1 directly via P1, but in fact, all access is managed via a special program called a smart contract chaincode, S5. Think of S5 as defining all the common access patterns to the ledger; S5 provides a well-defined set of ways by which the ledger L1 can be queried or updated. In short, client application A1 has to go through smart contract S5 to get to ledger L1!
现在看来A1可以通过P1直接访问帐本L1,但实际上,所有的访问都是通过一个名为智能合约链代码S5的特殊程序来管理的。可以认为S5定义了所有对帐本的通用访问模式;S5提供了一组定义良好的方法来查询或更新帐本L1。简而言之,客户端应用程序A1必须通过智能合约S5才能得到L1!
Smart contract chaincodes can be created by application developers in each organization to implement a business process shared by the consortium members. Smart contracts are used to help generate transactions which can be subsequently distributed to the every node in the network. We’ll discuss this idea a little later; it’ll be easier to understand when the network is bigger. For now, the important thing to understand is that to get to this point two operations must have been performed on the smart contract; it must have been installed, and then instantiated.
智能合约链代码可以由每个组织中的应用程序开发人员创建,以实现由联盟成员共享的业务流程。智能合约用于帮助生成交易,这些交易随后可以分发到网络中的每个节点。我们稍后会讨论这个观点;网络越大,就越容易理解。现在,要了解到的重要事情是,要达到这一点,必须对智能合约执行两个操作;它必须已经被安装,然后被实例化。
安装智能合约(Installing a smart contract)
After a smart contract S5 has been developed, an administrator in organization R1 must install it onto peer node P1. This is a straightforward operation; after it has occurred, P1 has full knowledge of S5. Specifically, P1 can see the implementation logic of S5 – the program code that it uses to access the ledger L1. We contrast this to the S5 interface which merely describes the inputs and outputs of S5, without regard to its implementation.
在开发了智能合约S5之后,组织R1中的管理员必须将其安装到对等节点P1上。这是一个直接了当的操作;之后,P1有了S5全面的知识。具体来说,P1可以看到S5的实现逻辑——它用来访问帐本L1的程序代码。我们将其与S5 接口进行对比,S5接口仅描述了S5的输入和输出,而不关心其实现。
When an organization has multiple peers in a channel, it can choose the peers upon which it installs smart contracts; it does not need to install a smart contract on every peer.
当一个组织在一个通道中有多个对等节点时,可以选择安装智能合约的对等节点;不需要在每个对等节点上都安装智能合约。
实例化智能合约(Instantiating a smart contract)
However, just because P1 has installed S5, the other components connected to channel C1 are unaware of it; it must first be instantiated on channel C1. In our example, which only has a single peer node P1, an administrator in organization R1 must instantiate S5 on channel C1 using P1. After instantiation, every component on channel C1 is aware of the existence of S5; and in our example it means that S5 can now be invoked by client application A1!
但是,仅仅因为P1安装了S5,连接到C1通道的其他组件都不知道;它必须首先在通道C1上实例化。在我们的示例中,只有一个对等节点P1,组织R1中的管理员必须使用P1在通道C1上实例化S5。实例化之后,通道C1上的每个组件都知道S5的存在;在我们的示例中,这意味着S5现在可以由客户UMD应用程序A1调用!
Note that although every component on the channel can now access S5, they are not able to see its program logic. This remains private to those nodes who have installed it; in our example that means P1. Conceptually this means that it’s the smart contract interface that is instantiated, in contrast to the smart contract implementation that is installed. To reinforce this idea; installing a smart contract shows how we think of it being physically hosted on a peer, whereas instantiating a smart contract shows how we consider it logically hosted by the channel.
注意,尽管通道上的每个组件现在都可以访问S5,但是它们不能看到它的程序逻辑。对于安装它的节点来说仍然是私有的;在我们的例子中是P1。从概念上讲,这意味着实例化的是智能合约接口,而不是安装的智能合约实现。强化这个观点;安装智能合约显示了我们如何把它物理托管到对等节点上,而实例化智能合约显示了我们如何认为它由通道逻辑托管。
背书策略(Endorsement policy)
The most important piece of additional information supplied at instantiation is an endorsement policy. It describes which organizations must approve transactions before they will be accepted by other organizations onto their copy of the ledger. In our sample network, transactions can be only be accepted onto ledger L1 if R1 or R2 endorse them.
在实例化时提供的最重要的附加信息是背书策略。它描述了哪些组织必须批准交易才能被其他组织接受到他们的帐本副本上。在我们的样例网络中,交易只有在R1或R2背书的情况下才能被接收到L1分类账。
The act of instantiation places the endorsement policy in channel configuration CC1; it enables it to be accessed by any member of the channel. You can read more about endorsement policies in the transaction flow topic.
实例化行为将背书策略放在通道配置CC1中;它允许通道的任何成员访问它。您可以在交易流程主题中阅读有关背书策略的更多信息。
调用智能合约(Invoking a smart contract)
Once a smart contract has been installed on a peer node and instantiated on a channel it can be invoked by a client application. Client applications do this by sending transaction proposals to peers owned by the organizations specified by the smart contract endorsement policy. The transaction proposal serves as input to the smart contract, which uses it to generate an endorsed transaction response, which is returned by the peer node to the client application.
一旦在对等节点上安装了智能合约并在通道上实例化,客户端应用程序就可以调用。客户端应用程序通过将交易提议发送给智能合约背书策略指定的组织所拥有的对等点来实现这一点。交易提议充当智能合约的输入,智能合约使用交易提议来生成经过背书的交易响应,由对等节点返回给客户端应用程序。
It’s these transactions responses that are packaged together with the transaction proposal to form a fully endorsed transaction, which can be distributed to the entire network. We’ll look at this in more detail later For now, it’s enough to understand how applications invoke smart contracts to generate endorsed transactions.
这些交易响应与交易提议打包在一起,形成一个已充分背书的交易,可以分发到整个网络。稍后我们将更详细地了解这一点,这足以理解应用程序如何调用智能合约来生成已背书的事务。
By this stage in network development we can see that organization R1 is fully participating in the network. Its applications – starting with A1 – can access the ledger L1 via smart contract S5, to generate transactions that will be endorsed by R1, and therefore accepted onto the ledger because they conform to the endorsement policy.
在网络开发的这个阶段,我们可以看到组织R1完全参与了网络。它的应用程序(从A1开始)可以通过智能合约S5访问帐本L1,生成由R1进行背书的交易,并因此被帐接受,因为它们符合背书政策。
完整网络(Network completed)
Recall that our objective was to create a channel for consortium X1 – organizations R1 and R2. This next phase of network development sees organization R2 add its infrastructure to the network.
回想一下,我们的目标是为联盟X1 -组织R1和R2创建一个通道。在网络开发的下一个阶段,组织R2将其基础设施添加到网络中。
Let’s see how the network has evolved:
让我们看看网络是如何进化的:
The network has grown through the addition of infrastructure from organization R2. Specifically, R2 has added peer node P2, which hosts a copy of ledger L1, and chaincode S5. P2 has also joined channel C1, as has application A2. A2 and P2 are identified using certificates from CA2. All of this means that both applications A1 and A2 can invoke S5 on C1 either using peer node P1 or P2.
通过增加组织R2中的基础设施,网络得到了成长。具体来说,R2添加了对等节点P2,其中包含一个帐本L1副本和链代码S5。P2也加入了通道C1,应用程序A2也是如此。A2和P2使用来自CA2的证书进行标识。所有这些都意味着,应用程序A1和A2都可以使用对等节点P1或P2在C1上调用S5。
We can see that organization R2 has added a peer node, P2, on channel C1. P2 also hosts a copy of the ledger L1 and smart contract S5. We can see that R2 has also added client application A2 which can connect to the network via channel C1. To achieve this, an administrator in organization R2 has created peer node P2 and joined it to channel C1, in the same way as an administrator in R1.
我们可以看到组织R2在通道C1上添加了对等节点P2。P2还包含了帐本L1的副本和智能合约S5。我们可以看到R2还添加了客户端应用程序A2,可以通过通道C1连接到网络。为了实现这一点,组织R2中的管理员创建了对等节点P2并将其连接到通道C1,方法与R1中的管理员相同。
We have created our first operational network! At this stage in network development, we have a channel in which organizations R1 and R2 can fully transact with each other. Specifically, this means that applications A1 and A2 can generate transactions using smart contract S5 and ledger L1 on channel C1.
我们已经创建了我们的第一个运营网络!在网络开发的这个阶段,我们有一个组织R1和R2可以完全相互交易的通道。具体来说,这意味着应用程序A1和A2可以在通道C1上使用智能合约S5和账本L1生成交易。
生成和接受交易(Generating and accepting transactions)
In contrast to peer nodes, which always host a copy of the ledger, we see that there are two different kinds of peer nodes; those which host smart contracts and those which do not. In our network, every peer hosts a copy of the smart contract, but in larger networks, there will be many more peer nodes that do not host a copy of the smart contract. A peer can only run a smart contract if it is installed on it, but it can know about the interface of a smart contract by being connected to a channel.
与总是拥有帐本副本的对等节点不同,我们看到有两种不同类型的对等节点;有些拥有智能合约,有些没有。在我们的网络中,每个对等点都承载一个智能合约的副本,但是在更大的网络中,将会有更多的对等节点不承载智能合约的副本。对等节点只有安装了智能合约才能运行它,但是它可以通过连接到通道来了解智能合约的接口。
You should not think of peer nodes which do not have smart contracts installed as being somehow inferior. It’s more the case that peer nodes with smart contracts have a special power – to help generate transactions. Note that all peer nodes can validate and subsequently accept or reject transactions onto their copy of the ledger L1. However, only peer nodes with a smart contract installed can take part in the process of transaction endorsement which is central to the generation of valid transactions.
您不应该认为没有安装智能合约的对等节点在某种程度上是劣等的。更确切地说,具有智能合约的对等节点具有一种特殊的能力——帮助生成交易。请注意,所有对等节点都可以验证,然后接受或拒绝交易到它们的帐本L1副本上。但是,只有安装了智能合约的对等节点才能参与交易背书的过程,这对于生成有效交易至关重要。
We don’t need to worry about the exact details of how transactions are generated, distributed and accepted in this topic – it is sufficient to understand that we have a blockchain network where organizations R1 and R2 can share information and processes as ledger-captured transactions. We’ll learn a lot more about transactions, ledgers, smart contracts in other topics.
在这个主题中,我们不需要担心交易是如何生成、分发和接受的确切细节——只要知道我们有一个区块链网络,组织R1和R2可以将信息和流程共享为账本已捕获的交易,就足够了。我们在其他主题将学习更多关于交易,账本,智能合约的内容。
对等节点类型(Types of peers)
In Hyperledger Fabric, while all peers are the same, they can assume multiple roles depending on how the network is configured. We now have enough understanding of a typical network topology to describe these roles.
在Hyperledger Fabric中,尽管所有对等节点都是相同的,但是它们可以根据网络的配置来承担多个角色。我们现在对典型的网络拓扑有了足够的了解,可以描述这些角色。
- Committing peer. Every peer node in a channel is a committing peer. It receives blocks of generated transactions, which are subsequently validated before they are committed to the peer node’s copy of the ledger as an append operation.
提交节点。通道中的每个对等节点都是提交对等节点。它接收生成交易的区块,这些交易在作为添加操作提交到对等节点的帐本副本之前经过验证。 - Endorsing peer. Every peer with a smart contract can be an endorsing peer if it has a smart contract installed. However, to actually be an endorsing peer, the smart contract on the peer must be used by a client application to generate a digitally signed transaction response. The term endorsing peer is an explicit reference to this fact.
背书节点。如果安装了智能合约,每个拥有智能合约的对等节点都可以成为背书节点。然而,要真正成为背书节点,节点上的智能合约必须由客户端应用程序使用,以生成数字签名的交易响应。“背书节点”一词明确提到了这一事实。
An endorsement policy for a smart contract identifies the organizations whose peer should digitally sign a generated transaction before it can be accepted onto a committing peer’s copy of the ledger.
智能合约的背书策略标识了组织,其节点应该在生成的交易被接受到提交节点的帐本副本之前对其进行数字签名。
These are the two major types of peer; there are two other roles a peer can adopt:
这有两种主要的节点类型;还可以扮演另外两个角色:
- Leader peer. When an organization has multiple peers in a channel, a leader peer is a node which takes responsibility for distributing transactions from the orderer to the other committing peers in the organization. A peer can choose to participate in static or dynamic leadership selection.
领导节点。当一个组织在一个通道中有多个节点时,领导节点是负责将交易从排序节点分发到组织中其他的提交节点。节点可以选择参与静态或动态的领导选择。
It is helpful, therefore to think of two sets of peers from leadership perspective – those that have static leader selection, and those with dynamic leader selection. For the static set, zero or more peers can be configured as leaders. For the dynamic set, one peer will be elected leader by the set. Moreover, in the dynamic set, if a leader peer fails, then the remaining peers will re-elect a leader.
因此从领导的角度考虑两组节点是很有帮助的——有静态领导选择的节点和有动态领导选择的节点。对于静态集合,可以将零或多个节点配置为leader。对于动态集合,一个节点将被该集合选举为领导者。此外,在动态集合中,如果领导节点故障,剩下的节点将重新选举一个领导节点。
It means that an organization’s peers can have one or more leaders connected to the ordering service. This can help to improve resilience and scalability in large networks which process high volumes of transactions.
这意味着组织可以有一个或多个连接到排序服务的领导节点。这有助于提高处理大量交易的大型网络的弹性和可伸缩性。
- Anchor peer. If a peer needs to communicate with a peer in another organization, then it can use one of the anchor peers defined in the channel configuration for that organization. An organization can have zero or more anchor peers defined for it, and an anchor peer can help with many different cross-organization communication scenarios.
主播节点。如果一个节点需要与另一个组织中的节点通信,那么它可以使用为该组织在通道配置中定义的一个主播节点。组织可以为其定义零个或多个主播节点,而主播节点可以帮助处理许多不同的跨组织通信场景。
Note that a peer can be a committing peer, endorsing peer, leader peer and anchor peer all at the same time! Only the anchor peer is optional – for all practical purposes there will always be a leader peer and at least one endorsing peer and at least one committing peer.
请注意,一个节点可以同时是一个提交节点、背书节点、领导节点和主播节点!只有主播节点是可选的——出于所有实际目的,总是会有一个领导节点,并且至少有一个背书节点,至少有一个提叫节点。
只安装不实例化(Install not instantiate)
In a similar way to organization R1, organization R2 must install smart contract S5 onto its peer node, P2. That’s obvious – if applications A1 or A2 wish to use S5 on peer node P2 to generate transactions, it must first be present; installation is the mechanism by which this happens. At this point, peer node P2 has a physical copy of the smart contract and the ledger; like P1, it can both generate and accept transactions onto its copy of ledger L1.
与组织R1类似,组织R2必须在其对等节点P2上安装智能合约S5。这是显而易见的——如果应用程序A1或A2希望在对等节点P2上使用S5来生成交易,那么它必须首先存在;安装是这种机制。此时,对等节点P2具有智能合约和帐本的物理副本;与P1一样,它可以在其帐本L1副本上生成并接受交易。
However, in contrast to organization R1, organization R2 does not need to instantiate smart contract S5 on channel C1. That’s because S5 has already been instantiated on the channel by organization R1. Instantiation only needs to happen once; any peer which subsequently joins the channel knows that smart contract S5 is available to the channel. This fact reflects the fact that ledger L1 and smart contract really exist in a physical manner on the peer nodes, and a logical manner on the channel; R2 is merely adding another physical instance of L1 and S5 to the network.
然而,与组织R1相比,组织R2不需要在通道C1上实例化智能合约S5。这是因为S5已经由组织R1在通道上实例化了。实例化只需要发生一次;随后加入通道的任何节点都知道该通道可以使用智能合约S5。这反映了帐本L1和智能合约在对等节点上以物理方式存在,在通道上以逻辑方式存在的事实;R2只是向网络中添加了另一个L1和S5的物理实例。
In our network, we can see that channel C1 connects two client applications, two peer nodes and an ordering service. Since there is only one channel, there is only one logical ledger with which these components interact. Peer nodes P1 and P2 have identical copies of ledger L1. Copies of smart contract S5 will usually be identically implemented using the same programming language, but if not, they must be semantically equivalent.
在我们的网络中,我们可以看到通道C1连接了两个客户端应用程序、两个对等节点和一个排序服务。因为只有一个通道,所以只有一个逻辑帐本与这些组件交互。对等节点P1和P2具有相同的帐本L1副本。智能合约S5的副本通常使用相同的编程语言实现,但如果不是这样,它们必须在语义上是等价的。
We can see that the careful addition of peers to the network can help support increased throughput, stability, and resilience. For example, more peers in a network will allow more applications to connect to it; and multiple peers in an organization will provide extra resilience in the case of planned or unplanned outages.
我们可以看到,仔细地在网络中添加对等节点可以帮助提高吞吐量、稳定性和恢复能力。例如,网络中更多的对等节点将允许更多的应用程序连接到它;组织中的多个对等节点将在计划或计划外停机的情况下提供额外的弹性。
It all means that it is possible to configure sophisticated topologies which support a variety of operational goals – there is no theoretical limit to how big a network can get. Moreover, the technical mechanism by which peers within an individual organization efficiently discover and communicate with each other – the gossip protocol – will accommodate a large number of peer nodes in support of such topologies.
这一切都意味着配置精细的拓扑来支持各种各样的操作目标是可能的——一个网络可以达到多大在理论上没有限制。此外,单个组织内的对等节点有效地发现和相互通信的技术机制——流言协议——将容纳大量的对等节点以支持这种拓扑。
The careful use of network and channel policies allow even large networks to be well-governed. Organizations are free to add peer nodes to the network so long as they conform to the policies agreed by the network. Network and channel policies create the balance between autonomy and control which characterizes a de-centralized network.
仔细地使用网络和通道策略,即使是大型网络也可以得到良好的管理。组织可以自由地向网络添加对等节点,只要它们符合网络约定的策略。网络和通道策略创造了自治和控制之间的平衡,这是分散式网络的特征。
简化视觉词汇(Simplifying the visual vocabulary)
We’re now going to simplify the visual vocabulary used to represent our sample blockchain network. As the size of the network grows, the lines initially used to help us understand channels will become cumbersome. Imagine how complicated our diagram would be if we added another peer or client application, or another channel?
现在我们将简化用于表示样例区块链网络的视觉词汇。随着网络规模的增长,最初用来帮助我们理解频道的线路将变得很麻烦。想象一下,如果我们添加另一个对等节点或客户端应用程序或另一个通道,我们的图表会有多复杂?
That’s what we’re going to do in a minute, so before we do, let’s simplify the visual vocabulary. Here’s a simplified representation of the network we’ve developed so far:
这就是我们接下来要做的,在我们做之前,我们先简化一下视觉词汇。下面是我们迄今为止开发的网络的简化表示:
The diagram shows the facts relating to channel C1 in the network N as follows: Client applications A1 and A2 can use channel C1 for communication with peers P1 and P2, and orderer O4. Peer nodes P1 and P2 can use the communication services of channel C1. Ordering service O4 can make use of the communication services of channel C1. Channel configuration CC1 applies to channel C1.
该图显示了网络N中与通道C1相关的事实如下:客户端应用程序A1和A2可以使用通道C1与对等端P1和P2,以及排序节点 O4通信。对等节点P1和P2可以使用通道C1的通信服务。排序服务O4可以利用通道C1的通信服务。通道配置CC1应用于通道C1。
Note that the network diagram has been simplified by replacing channel lines with connection points, shown as blue circles which include the channel number. No information has been lost. This representation is more scalable because it eliminates crossing lines. This allows us to more clearly represent larger networks. We’ve achieved this simplification by focusing on the connection points between components and a channel, rather than the channel itself.
注意,通过将通道线替换为连接点,网络图得到了简化,如图中蓝色圆圈所示,其中包含通道号。没有信息丢失。这种表示更容易扩展,因为它消除了交叉线。这使我们能够更清楚地表示更大的网络。我们通过关注组件和通道之间的连接点而不是通道本身来实现这种简化。
增加另一个联盟定义(Adding another consortium definition)
In this next phase of network development, we introduce organization R3. We’re going to give organizations R2 and R3 a separate application channel which allows them to transact with each other. This application channel will be completely separate to that previously defined, so that R2 and R3 transactions can be kept private to them.
在网络开发的下一个阶段,我们将介绍组织R3。我们将给组织R2和R3一个单独的应用通道,允许它们彼此进行交易。这个应用通道将完全独立于前面定义的通道,因此R2和R3的交易能保持私有。
Let’s return to the network level and define a new consortium, X2, for R2 and R3:
让我们回到网络级别,为R2和R3定义一个新的联盟X2:
A network administrator from organization R1 or R4 has added a new consortium definition, X2, which includes organizations R2 and R3. This will be used to define a new channel for X2.
来自组织R1或R4的网络管理员添加了一个新的联盟定义X2,其中包括组织R2和R3。这将用于定义X2的新通道。
Notice that the network now has two consortia defined: X1 for organizations R1 and R2 and X2 for organizations R2 and R3. Consortium X2 has been introduced in order to be able to create a new channel for R2 and R3.
注意,网络现在已经定义了两个联盟:组织R1、R2的X1和组织R2、R3的X2。为了能够创建R2和R3的新通道,引入了联盟X2。
A new channel can only be created by those organizations specifically identified in the network configuration policy, NC4, as having the appropriate rights to do so, i.e. R1 or R4. This is an example of a policy which separates organizations that can manage resources at the network level versus those who can manage resources at the channel level. Seeing these policies at work helps us understand why Hyperledger Fabric has a sophisticated tiered policy structure.
新通道只能由网络配置策略NC4中明确指定的具有适当权限(即R1或R4)的组织来创建。这是一个策略的例子,该策略将能够在网络级别管理资源的组织与能够在通道级别管理资源的组织区分开。看到这些政策在起作用帮助我们理解为什么Hyperledger Fabric有一个精细的分层策略结构。
In practice, consortium definition X2 has been added to the network configuration NC4. We discuss the exact mechanics of this operation elsewhere in the documentation.
在实践中,联盟X2被添加到网络配置NC4中。我们将在文档的其他部分讨论此操作的确切机制。
增加一个新通道(Adding a new channel)
Let’s now use this new consortium definition, X2, to create a new channel, C2. To help reinforce your understanding of the simpler channel notation, we’ve used both visual styles – channel C1 is represented with blue circular end points, whereas channel C2 is represented with red connecting lines:
现在让我们使用这个新的联盟X2来创建一个新的通道C2。为了加强你对更简单的通道符号的理解,我们使用了两种视觉样式——通道C1用蓝色圆形端点表示,而通道C2用红色连接线表示:
A new channel C2 has been created for R2 and R3 using consortium definition X2. The channel has a channel configuration CC2, completely separate to the network configuration NC4, and the channel configuration CC1. Channel C2 is managed by R2 and R3 who have equal rights over C2 as defined by a policy in CC2. R1 and R4 have no rights defined in CC2 whatsoever.
使用联盟X2为R2和R3创建了一个新的通道C2。该通道有一个通道配置CC2,完全独立于网络配置NC4和通道配置CC1。通道C2由R2和R3管理,R2和R3对C2享有同等的权利,这是由CC2中的策略定义的。R1和R4在CC2中没有定义任何权限。
The channel C2 provides a private communications mechanism for the consortium X2. Again, notice how organizations united in a consortium are what form channels. The channel configuration CC2 now contains the policies that govern channel resources, assigning management rights to organizations R2 and R3 over channel C2. It is managed exclusively by R2 and R3; R1 and R4 have no power in channel C2. For example, channel configuration CC2 can subsequently be updated to add organizations to support network growth, but this can only be done by R2 or R3.
通道C2为联盟X2提供了一种私有通信机制。再次注意组织们如何在一个联盟中联合,是创建了渠道。通道配置CC2现在包含管理通道资源的策略,将通道C2的管理权限分配给组织R2和R3。它只由R2和R3管理;R1和R4在通道C2中没有力量。例如,随后可以更新通道配置CC2,以增加组织来支持网络增长,但这只能由R2或R3来完成。
Note how the channel configurations CC1 and CC2 remain completely separate from each other, and completely separate from the network configuration, NC4. Again we’re seeing the de-centralized nature of a Hyperledger Fabric network; once channel C2 has been created, it is managed by organizations R2 and R3 independently to other network elements. Channel policies always remain separate from each other and can only be changed by the organizations authorized to do so in the channel.
注意,通道配置CC1和CC2是如何保持彼此完全独立、并且完全独立于网络配置NC4的。我们再一次看到Hyperledger Fabric网络的分散式本性;通道C2一旦创建,就由组织R2和R3独立于其他网络元素管理。通道策略始终保持相互独立,并且只能由在通道中已授权可以这样做的组织才能进行更改。
As the network and channels evolve, so will the network and channel configurations. There is a process by which this is accomplished in a controlled manner – involving configuration transactions which capture the change to these configurations. Every configuration change results in a new configuration block transaction being generated, and later in this topic, we’ll see how these blocks are validated and accepted to create updated network and channel configurations respectively.
随着网络和通道的进化,网络和通道配置也会发生变化。这过程是通过受控的方式完成的——这要涉及到捕获对这些配置的更改的配置交易。每次配置更改都会生成一个新的配置交易区块,本主题稍后,我们将看到如何验证和接受这些区块来分别创建更新的网络和通道配置。
网络和通道配置(Network and channel configurations)
Throughout our sample network, we see the importance of network and channel configurations. These configurations are important because they encapsulate the policies agreed by the network members, which provide a shared reference for controlling access to network resources. Network and channel configurations also contain facts about the network and channel composition, such as the name of consortia and its organizations.
在我们的样例网络中,我们看到了网络和通道配置的重要性。这些配置非常重要,因为它们封装了网络成员协商一致的策略,为控制对网络资源的访问提供了共享引用。网络和通道配置还包含关于网络和通道组成的事实,例如联盟及其组织的名称。
For example, when the network is first formed using the ordering service node O4, its behaviour is governed by the network configuration NC4. The initial configuration of NC4 only contains policies that permit organization R4 to manage network resources. NC4 is subsequently updated to also allow R1 to manage network resources. Once this change is made, any administrator from organization R1 or R4 that connects to O4 will have network management rights because that is what the policy in the network configuration NC4 permits. Internally, each node in the ordering service records each channel in the network configuration, so that there is a record of each channel created, at the network level.
例如,当网络刚形成时使用排序服务节点O4,其行为由网络配置NC4管理。NC4的初始配置只包含允许组织R4管理网络资源的策略。NC4随后被更新,允许R1管理网络资源。一旦进行了此更改,连接到O4的组织R1或R4的任何管理员都将拥有网络管理权,因为这是网络配置NC4中的策略所允许的。在内部,排序服务中的每个节点记录网络配置中的每个通道,这样,在网络级别上就有了一份每个创建的通道的记录。
It means that although ordering service node O4 is the actor that created consortia X1 and X2 and channels C1 and C2, the intelligence of the network is contained in the network configuration NC4 that O4 is obeying. As long as O4 behaves as a good actor, and correctly implements the policies defined in NC4 whenever it is dealing with network resources, our network will behave as all organizations have agreed. In many ways NC4 can be considered more important than O4 because, ultimately, it controls network access.
这意味着,尽管排序服务节点O4是创建联盟X1、X2以及通道C1、C2的参与者,但是网络的智能包含在O4所服从的网络配置NC4中。只要O4表现得像一个好的参与者,并且在处理网络资源时正确地实现NC4中定义的策略,我们的网络就会表现得像所有组织都同意的那样。在许多方面,NC4可以被认为比O4更重要,因为它最终控制网络访问。
The same principles apply for channel configurations with respect to peers. In our network, P1 and P2 are likewise good actors. When peer nodes P1 and P2 are interacting with client applications A1 or A2 they are each using the policies defined within channel configuration CC1 to control access to the channel C1 resources.
对于对等节点,同样的原则适用于通道配置。在我们的网络中,P1和P2也是很好的参与者。当对等节点P1和P2与客户端应用程序A1或A2交互时,它们各自使用通道配置CC1中定义的策略来控制对通道C1资源的访问。
For example, if A1 wants to access the smart contract chaincode S5 on peer nodes P1 or P2, each peer node uses its copy of CC1 to determine the operations that A1 can perform. For example, A1 may be permitted to read or write data from the ledger L1 according to policies defined in CC1. We’ll see later the same pattern for actors in channel and its channel configuration CC2. Again, we can see that while the peers and applications are critical actors in the network, their behaviour in a channel is dictated more by the channel configuration policy than any other factor.
例如,如果A1希望访问对等节点P1或P2上的智能合约链代码S5,则每个对等节点使用其CC1副本来确定A1可以执行的操作。例如,A1可以根据CC1中定义的策略从帐本L1中读取或写入数据。稍后我们将在通道及其通道配置CC2中看到相同的参与者模式。同样,我们可以看到,虽然对等节点和应用程序是网络中的关键角色,但它们在通道中的行为更多地取决于通道配置策略,而不是其他因素。
Finally, it is helpful to understand how network and channel configurations are physically realized. We can see that network and channel configurations are logically singular – there is one for the network, and one for each channel. This is important; every component that accesses the network or the channel must have a shared understanding of the permissions granted to different organizations.
最后,了解如何物理地实现网络和通道配置是很有帮助的。我们可以看到,网络和通道配置在逻辑上是单一的——网络有一个,每个通道有一个。这是很重要的;访问网络或通道的每个组件都必须对授予不同组织的权限有共同的理解。
Even though there is logically a single configuration, it is actually replicated and kept consistent by every node that forms the network or channel. For example, in our network peer nodes P1 and P2 both have a copy of channel configuration CC1, and by the time the network is fully complete, peer nodes P2 and P3 will both have a copy of channel configuration CC2. Similarly ordering service node O4 has a copy of the network configuration, but in a multi-node configuration, every ordering service node will have its own copy of the network configuration.
即使在逻辑上有一个单独的配置,它实际上被构成网络或通道的每个节点复制并保持一致。例如,在我们的网络对等节点P1和P2都有一个通道配置CC1的副本,当网络彻底完成时,对等节点P2和P3都有一个通道配置CC2的副本。类似地,排序服务节点O4具有网络配置的副本,但是在多节点配置中,每个排序服务节点都将拥有自己的网络配置副本。
Both network and channel configurations are kept consistent using the same blockchain technology that is used for user transactions – but for configuration transactions. To change a network or client configuration, an administrator must submit a configuration transaction to change the network or channel configuration. It must be signed by the organizations identified in the appropriate policy as being responsible for configuration change. This policy is called the mod_policy and we’ll discuss it later.
网络和通道配置都使用相同的区块链技术保持一致性,这种技术用于用户交易,但也用于配置交易。要更改网络或客户端配置,管理员必须提交一个配置交易来更改网络或通道配置。它必须由适当策略中指定的负责配置更改的组织来签名。这个策略称为变更策略,我们将稍后讨论。
Indeed, the ordering service nodes operate a mini-blockchain, connected via the system channel we mentioned earlier. Using the system channel ordering service nodes distribute network configuration transactions. These transactions are used to co-operatively maintain a consistent copy of the network configuration at each ordering service node. In a similar way, peer nodes in an application channel can distribute channel configuration transactions. Likewise, these transactions are used to maintain a consistent copy of the channel configuration at each peer node.
实际上,排序服务节点操作一个迷你区块链,通过我们前面提到的系统通道连接。使用系统通道排序服务节点分发网络配置交易。这些交易用于在每个排序服务节点上协同维护网络配置的一致副本。以类似的方式,应用通道中的对等节点可以分发通道配置交易。同样,这些交易用于在每个对等节点上维护通道配置的一致副本。
This balance between objects that are logically singular, by being physically distributed is a common pattern in Hyperledger Fabric. Objects like network configurations, that are logically single, turn out to be physically replicated among a set of ordering services nodes for example. We also see it with channel configurations, ledgers, and to some extent smart contracts which are installed in multiple places but whose interfaces exist logically at the channel level. It’s a pattern you see repeated time and again in Hyperledger Fabric, and enables Hyperledger Fabric to be both de-centralized and yet manageable at the same time.
在Hyperledger Fabric中,通过物理分布式而在逻辑上单一的对象之间的这种平衡是一种常见的模式。例如,逻辑上是单一的网络配置之类的对象,实际上是在一组排序服务节点之间进行物理复制的。我们还看到通道配置、账本以及某种程度上智能合约安装在多个地方,但其接口逻辑上存在于通道级别。这种模式在Hyperledger Fabric中反复出现,使Hyperledger Fabric既分散又易于管理。
增加另一个节点(Adding another peer)
Now that organization R3 is able to fully participate in channel C2, let’s add its infrastructure components to the channel. Rather than do this one component at a time, we’re going to add a peer, its local copy of a ledger, a smart contract and a client application all at once!
既然组织R3能够完全参与通道C2,那么让我们将其基础设施组件添加到通道中。不是一次只做一个组件,而是我们将一次过添加一个对等节点、它的本地账本副本、一个智能合约和一个客户端应用程序!
Let’s see the network with organization R3’s components added:
让我们看看组织R3的组件加入后的网络:
The diagram shows the facts relating to channels C1 and C2 in the network N as follows: Client applications A1 and A2 can use channel C1 for communication with peers P1 and P2, and ordering service O4; client applications A3 can use channel C2 for communication with peer P3 and ordering service O4. Ordering service O4 can make use of the communication services of channels C1 and C2. Channel configuration CC1 applies to channel C1, CC2 applies to channel C2.
图中显示了网络N中C1和C2通道的相关情况如下:客户端应用程序A1和A2可以使用C1通道与对等节点P1、P2以及排序服务O4通信;客户端应用程序A3可以使用通道C2与对等P3和排序服务O4通信。排序服务O4可以使用通道C1和C2的通信服务。通道配置CC1应用于通道C1, CC2应用于通道C2。
First of all, notice that because peer node P3 is connected to channel C2, it has a different ledger – L2 – to those peer nodes using channel C1. The ledger L2 is effectively scoped to channel C2. The ledger L1 is completely separate; it is scoped to channel C1. This makes sense – the purpose of the channel C2 is to provide private communications between the members of the consortium X2, and the ledger L2 is the private store for their transactions.
首先,请注意,由于对等节点P3连接到通道C2,所以它与使用通道C1的对等节点之间有一个不同的帐本L2。帐本L2有效地作用于C2通道。帐本L1是完全分开的;它的作用域是通道C1。这是有道理的——通道C2的目的是在联盟X2的成员之间提供私有通信,而帐本L2是他们交易的私有存储。
In a similar way, the smart contract S6, installed on peer node P3, and instantiated on channel C2, is used to provide controlled access to ledger L2. Application A3 can now use channel C2 to invoke the services provided by smart contract S6 to generate transactions that can be accepted onto every copy of the ledger L2 in the network.
类似地,安装在对等节点P3上并在通道C2上实例化的智能合约S6被用来提供对帐本L2的受控访问。应用程序A3现在可以使用通道C2来调用智能合约S6提供的服务,以生成可以在网络中每一份帐本L2副本都接受的交易。
At this point in time, we have a single network that has two completely separate channels defined within it. These channels provide independently managed facilities for organizations to transact with each other. Again, this is de-centralization at work; we have a balance between control and autonomy. This is achieved through policies which are applied to channels which are controlled by, and affect, different organizations.
此时,我们有一个单独的网络,其中定义了两个完全独立的通道。这些通道为组织之间的交易提供了独立管理的设施。再者,这是在工作中的非集中化;我们在控制和自治之间取得平衡。这是通过将政策应用于由不同组织控制和影响的通道来实现的。
加入一个节点到多通道(Joining a peer to multiple channels)
In this final stage of network development, let’s return our focus to organization R2. We can exploit the fact that R2 is a member of both consortia X1 and X2 by joining it to multiple channels:
在网络开发的最后阶段,让我们回到组织R2上来。我们可以利用R2同时是X1和X2联盟的成员这一事实,来将R2连接到多个通道:
The diagram shows the facts relating to channels C1 and C2 in the network N as follows: Client applications A1 can use channel C1 for communication with peers P1 and P2, and ordering service O4; client application A2 can use channel C1 for communication with peers P1 and P2 and channel C2 for communication with peers P2 and P3 and ordering service O4; client application A3 can use channel C2 for communication with peer P3 and ordering service O4. Ordering service O4 can make use of the communication services of channels C1 and C2. Channel configuration CC1 applies to channel C1, CC2 applies to channel C2.
图中显示了网络N中与通道C1、C2相关的事实如下:客户端应用程序A1可以使用通道C1与对等节点P1、P2以及排序服务O4通信;客户端应用程序A2可使用C1通道与对等节点P1、P2通信,使用C2通道与对等节点P2、P3以及订购服务O4通信;客户端应用程序A3可以使用C2通道与对等节点P3以及订购服务O4通信。订购服务O4可以利用通道C1和C2的通信服务。通道配置CC1应用于通道C1, CC2应用于通道C2。
We can see that R2 is a special organization in the network, because it is the only organization that is a member of two application channels! It is able to transact with organization R1 on channel C1, while at the same time it can also transact with organization R3 on a different channel, C2.
我们可以看到R2是网络中一个特殊的组织,因为它是唯一一个属于两个应用通道的组织!它可以在通道C1上与组织R1进行交易,同时也可以在另一个通道C2上与组织R3进行交易。
Notice how peer node P2 has smart contract S5 installed for channel C1 and smart contract S6 installed for channel C2. Peer node P2 is a full member of both channels at the same time via different smart contracts for different ledgers.
注意对等节点P2如何为通道C1安装了智能合约S5,为通道C2安装了智能合约S6。对等节点P2通过不同账本的不同智能合约同时成为两个通道的完整成员。
This is a very powerful concept – channels provide both a mechanism for the separation of organizations, and a mechanism for collaboration between organizations. All the while, this infrastructure is provided by, and shared between, a set of independent organizations.
这是一个非常强大的概念——通道既提供了组织隔离的机制,也提供了组织间协作的机制。一直以来,这个基础设施都是由一组独立组织提供的,并且在它们之间共享。
It is also important to note that peer node P2’s behaviour is controlled very differently depending upon the channel in which it is transacting. Specifically, the policies contained in channel configuration CC1 dictate the operations available to P2 when it is transacting in channel C1, whereas it is the policies in channel configuration CC2 that control P2’s behaviour in channel C2.
还需要注意的是,对等节点P2的行为被交易所在的通道控制得非常不同。具体来说,通道配置CC1中包含的策略指示P2在通道C1中进行交易时可用的操作,而通道配置CC2中的策略控制了通道C2中的P2行为。
Again, this is desirable – R2 and R1 agreed the rules for channel C1, whereas R2 and R3 agreed the rules for channel C2. These rules were captured in the respective channel policies – they can and must be used by every component in a channel to enforce correct behaviour, as agreed.
同样,这是合适的——R2和R1同意通道C1的规则,而R2和R3同意通道C2的规则。这些规则是在各自的通道策略中捕获的——它们可以而且必须由通道中的每个组件使用,以按照约定执行正确的行为。
Similarly, we can see that client application A2 is now able to transact on channels C1 and C2. And likewise, it too will be governed by the policies in the appropriate channel configurations. As an aside, note that client application A2 and peer node P2 are using a mixed visual vocabulary – both lines and connections. You can see that they are equivalent; they are visual synonyms.
类似地,我们可以看到客户端应用程序A2现在可以在通道C1和C2上进行事务处理。同样地,它也将受适当通道配置中的策略控制。顺便说一句,请注意客户机应用程序A2和对等节点P2使用的是混合的视觉词汇——包括行和连接。可以看到它们是等价的;它们是视觉同义词。
排序服务(The ordering service)
The observant reader may notice that the ordering service node appears to be a centralized component; it was used to create the network initially, and connects to every channel in the network. Even though we added R1 and R4 to the network configuration policy NC4 which controls the orderer, the node was running on R4’s infrastructure. In a world of de-centralization, this looks wrong!
用心的读者可能会注意到排序服务节点似乎是一个集中的组件;它最初用于创建网络,并连接到网络中的每个通道。尽管我们将R1和R4添加到控制排序节点的网络配置策略NC4中,节点运行在R4的基础设施上。在一个非集中化的世界里,这看起来是错误的!
Don’t worry! Our example network showed the simplest ordering service configuration to help you understand the idea of a network administration point. In fact, the ordering service can itself too be completely de-centralized! We mentioned earlier that an ordering service could be comprised of many individual nodes owned by different organizations, so let’s see how that would be done in our sample network.
别担心!我们的示例网络展示了最简单的排序服务配置,以帮助您理解网络管理方面的概念。事实上,排序服务本身也可以完全分散的!我们在前面提到过,排序服务可以由不同组织拥有的许多单独节点组成,因此让我们看看如何在我们的样例网络中实现这一点。
Let’s have a look at a more realistic ordering service node configuration:
让我们看看一个更现实的排序服务节点配置:
A multi-organization ordering service. The ordering service comprises ordering service nodes O1 and O4. O1 is provided by organization R1 and node O4 is provided by organization R4. The network configuration NC4 defines network resource permissions for actors from both organizations R1 and R4.
多组织排序服务。排序服务包排序服务节点O1和O4。O1由组织R1提供,节点O4由组织R4提供。网络配置NC4为来自组织R1和R4的参与者定义了网络资源许可。
We can see that this ordering service completely de-centralized – it runs in organization R1 and it runs in organization R4. The network configuration policy, NC4, permits R1 and R4 equal rights over network resources. Client applications and peer nodes from organizations R1 and R4 can manage network resources by connecting to either node O1 or node O4, because both nodes behave the same way, as defined by the policies in network configuration NC4. In practice, actors from a particular organization tend to use infrastructure provided by their home organization, but that’s certainly not always the case.
我们可以看到,这个排序服务完全分散的——它运行在组织R1中,运行在组织R4中。网络配置策略NC4允许R1和R4对网络资源享有同等的权利。来自组织R1和R4的客户端应用程序和对等节点可以通过连接到节点O1或节点O4来管理网络资源,因为这两个节点的行为是相同的,正如网络配置NC4中的策略所定义的那样。在实践中,来自特定组织的参与者倾向于使用其所在组织提供的基础设施,但事实并非总是如此。
分散式交易分发(De-centralized transaction distribution)
As well as being the management point for the network, the ordering service also provides another key facility – it is the distribution point for transactions. The ordering service is the component which gathers endorsed transactions from applications and orders them into transaction blocks, which are subsequently distributed to every peer node in the channel. At each of these committing peers, transactions are recorded, whether valid or invalid, and their local copy of the ledger updated appropriately.
作为网络的管理点,排序服务还提供了另一个关键设施——交易的分发点。排序服务是一个组件,它从应用程序中收集已背书的交易并将其排序为交易区块,然后将这些交易区块分发给通道中的每个对等节点。在每一个提交节点上,都记录了交易,无论是有效的还是无效的,并且适当地更新了它们的本地帐本副本。
Notice how the ordering service node O4 performs a very different role for the channel C1 than it does for the network N. When acting at the channel level, O4’s role is to gather transactions and distribute blocks inside channel C1. It does this according to the policies defined in channel configuration CC1. In contrast, when acting at the network level, O4’s role is to provide a management point for network resources according to the policies defined in network configuration NC4. Notice again how these roles are defined by different policies within the channel and network configurations respectively. This should reinforce to you the importance of declarative policy based configuration in Hyperledger Fabric. Policies both define, and are used to control, the agreed behaviours by each and every member of a consortium.
请注意,排序服务节点O4如何为通道C1充当与网络N不同的角色。在通道级别操作时,O4的角色是收集交易并在通道C1中分发区块。它根据通道配置CC1中定义的策略执行此操作。相反,在网络级别执行操作时,O4的角色是根据网络配置NC4中定义的策略为网络资源提供管理点。再次注意,这些角色分别由通道和网络配置中的不同策略定义。这应该向您强调Hyperledger Fabric中基于声明性策略的配置的重要性。策略定义并用于控制联盟中每个成员商定的行为。
We can see that the ordering service, like the other components in Hyperledger Fabric, is a fully de-centralized component. Whether acting as a network management point, or as a distributor of blocks in a channel, its nodes can be distributed as required throughout the multiple organizations in a network.
我们可以看到,排序服务与Hyperledger Fabric中的其他组件一样,是一个完全分散式的组件。无论是作为网络管理点,还是作为通道中的区块分发者,其节点都可以根据需要在网络中的多个组织中分布。
变更策略(Changing policy)
Throughout our exploration of the sample network, we’ve seen the importance of the policies to control the behaviour of the actors in the system. We’ve only discussed a few of the available policies, but there are many that can be declaratively defined to control every aspect of behaviour. These individual policies are discussed elsewhere in the documentation.
在我们探索样例网络的过程中,我们看到了控制系统参与者行为的策略的重要性。我们只讨论了一些可用的策略,但是还有许多策略可以用声明性地定义来控制行为的每个方面。这些单独的策略将在文档的其他部分进行讨论。
Most importantly of all, Hyperledger Fabric provides a uniquely powerful policy that allows network and channel administrators to manage policy change itself! The underlying philosophy is that policy change is a constant, whether it occurs within or between organizations, or whether it is imposed by external regulators. For example, new organizations may join a channel, or existing organizations may have their permissions increased or decreased. Let’s investigate a little more how change policy is implemented in Hyperledger Fabric.
最重要的是,Hyperledger Fabric提供了一个独特的强大策略,允许网络和通道管理员管理策略更改本身!其基本理念是,无论策略变化是发生在组织内部还是组织之间,还是由外部监管机构强制实施,都是一个不变的过程。例如,新组织可以加入一个通道,或者现有组织的许可可能增加或减少。让我们进一步研究如何在Hyperledger Fabric中实现变更策略。
They key point of understanding is that policy change is managed by a policy within the policy itself. The modification policy, or mod_policy for short, is a first class policy within a network or channel configuration that manages change. Let’s give two brief examples of how we’ve already used mod_policy can be used to manage change in our network!
他们理解的关键点是策略变更是策略在策略内部管理的。变更策略,或简称mod_policy,是管理变更的网络或通道配置中的一级策略。让我们举两个简单的例子,说明如何已经准备好使用mod_policy管理网络中的变更!
The first example was when the network was initially set up. At this time, only organization R4 was allowed to manage the network. In practice, this was achieved by making R4 the only organization defined in the network configuration NC4 with permissions to network resources. Moreover, the mod_policy for NC4 only mentioned organization R4 – only R4 was allowed to change this configuration.
第一个例子是网络最初建立的时候。此时,只允许组织R4管理网络。实际上,这是通过使R4成为网络配置NC4中唯一具有网络资源权限的组织来实现的。此外,NC4的mod_policy只提到了组织R4 -只允许R4改变这个配置。
We then evolved the network N to also allow organization R1 to administer the network. R4 did this by adding R1 to the policies for channel creation and consortium creation. Because of this change, R1 was able to define the consortia X1 and X2, and create the channels C1 and C2. R1 had equal administrative rights over the channel and consortium policies in the network configuration.
然后,我们进化了网络N,以允许组织R1管理网络。R4通过在通道创建和联盟创建的策略中添加R1来实现这一点。由于这种变化,R1能够定义联盟X1和X2,并创建通道C1和C2。R1在网络配置中对通道和联盟策略拥有同等的管理权利。
R4 however, could grant even more power over the network configuration to R1! R4 could add R1 to the mod_policy such that R1 would be able to manage change of the network policy too.
但是,R4可以授予R1更多的网络配置权限!R4可以将R1添加到mod_policy中,这样R1也可以管理网络策略的更改。
This second power is much more powerful than the first, because now R1 now has full control over the network configuration NC4! This means that R1 can, in principle remove R4’s management rights from the network. In practice, R4 would configure the mod_policy such that R4 would need to also approve the change, or that all organizations in the mod_policy would have to approve the change. There’s lots of flexibility to make the mod_policy as sophisticated as it needs to be to support whatever change process is required.
第二个能力比第一个强大得多,因为现在R1可以完全控制网络配置NC4了!这意味着R1原则上可以从网络中删除R4的管理权限。实际上,R4将配置mod_policy,也需要R4批准变更,或者mod_policy中的所有组织都必须批准变更。有很多灵活性可以使mod_policy像它所需要的那样精细,以支持所需的任何变更过程。
This is mod_policy at work – it has allowed the graceful evolution of a basic configuration into a sophisticated one. All the time this has occurred with the agreement of all organization involved. The mod_policy behaves like every other policy inside a network or channel configuration; it defines a set of organizations that are allowed to change the mod_policy itself.
这就是mod_policy的工作原理——它允许基本配置优雅地演变成精细的配置。任何时候都是在所有有关组织的一致同意下发生的。mod_policy的行为类似于网络或通道配置中的其他策略;它定义了一组允许更改mod_policy本身的组织。
We’ve only scratched the surface of the power of policies and mod_policy in particular in this subsection. It is discussed at much more length in the policy topic, but for now let’s return to our finished network!
在本小节中,我们只讨论了策略和mod_policy的威力。在政策主题中讨论要更长,但现在让我们回到已完成的网络!
网络彻底建好(Network fully formed)
Let’s recap what our network looks like using a consistent visual vocabulary. We’ve re-organized it slightly using our more compact visual syntax, because it better accommodates larger topologies:
让我们用一致的视觉词汇来回顾一下我们的网络是什么样子的。我们稍微用更紧凑的视觉语法重新组织了一下,因为它能更好地容纳更大的拓扑:
In this diagram we see that the Fabric blockchain network consists of two application channels and one ordering channel. The organizations R1 and R4 are responsible for the ordering channel, R1 and R2 are responsible for the blue application channel while R2 and R3 are responsible for the red application channel. Client applications A1 is an element of organization R1, and CA1 is its certificate authority. Note that peer P2 of organization R2 can use the communication facilities of the blue and the red application channel. Each application channel has its own channel configuration, in this case CC1 and CC2. The channel configuration of the system channel is part of the network configuration, NC4.
在这个图中,我们可以看到Fabric区块链网络由两个应用通道和一个排序通道组成。组织R1和R4负责排序通道,R1和R2负责蓝色应用通道,R2和R3负责红色应用通道。客户端应用程序A1是组织R1的一个元素,CA1是其证书颁发机构。注意,组织R2的节点P2可以使用蓝色和红色应用通道的通信设备。每个应用通道都有自己的通道配置,在本例中是CC1和CC2。系统通道的通道配置是网络配置NC4的一部分。
We’re at the end of our conceptual journey to build a sample Hyperledger Fabric blockchain network. We’ve created a four organization network with two channels and three peer nodes, with two smart contracts and an ordering service. It is supported by four certificate authorities. It provides ledger and smart contract services to three client applications, who can interact with it via the two channels. Take a moment to look through the details of the network in the diagram, and feel free to read back through the topic to reinforce your knowledge, or go to a more detailed topic.
我们即将结束构建一个样例Hyperledger Fabric区块链网络的概念之旅。我们已经创建了有四个组织的网络,有两个通道和三个对等节点,有两个智能合约和一个排序服务。它由四个证书颁发机构支持。它为三个客户端应用程序提供帐本和智能合同服务,客户端应用程序可以通过这两个通道与它们交互。花点时间浏览一下图表中网络的细节,然后随意地读一遍主题来巩固你的知识,或者去看一个更详细的主题。
网络组建摘要(Summary of network components)
Here’s a quick summary of the network components we’ve discussed:
下面是我们讨论过的网络组件的一个快速摘要:
- Ledger. One per channel. Comprised of the Blockchain and the World state
账本。每个通道一个。由区块链和世界状态组成 - Smart contract (aka chaincode)
智能合约 (又叫作链代码) - Peer nodes
对等节点 - Ordering service
排序服务 - Channel
通道 - Certificate Authority
证书颁发机构
网络摘要(Network summary)
In this topic, we’ve seen how different organizations share their infrastructure to provide an integrated Hyperledger Fabric blockchain network. We’ve seen how the collective infrastructure can be organized into channels that provide private communications mechanisms that are independently managed. We’ve seen how actors such as client applications, administrators, peers and orderers are identified as being from different organizations by their use of certificates from their respective certificate authorities. And in turn, we’ve seen the importance of policy to define the agreed permissions that these organizational actors have over network and channel resources.
在这个主题中,我们看到了不同的组织如何共享他们的基础设施以提供一个集成的Hyperledger Fabric区块链网络。我们已经看到了如何将集体的基础设施组织成提供独立管理的私有通信机制的通道。我们已经了解了如何通过使用来自各自证书颁发机构的证书来识别来自不同组织的参与者,如客户端应用程序、管理员、对等节点和排序节点。反过来,我们也看到了定义这些组织参与者通过网络和通道资源拥有的商定许可的策略的重要性。