user guide - support.huaweicloud.com · l entrust a huawei cloud account or cloud service to...
TRANSCRIPT
Blockchain Service
User Guide
Date 2018-10-29
Contents
1 Outline of BCS Usage................................................................................................................... 1
2 Permissions Management............................................................................................................32.1 Basic Concepts............................................................................................................................................................... 32.2 Creating a User and Granting Permissions.....................................................................................................................32.3 Syntax of RBAC Policies............................................................................................................................................... 9
3 Service Deployment....................................................................................................................113.1 Using a CCE Cluster.....................................................................................................................................................113.2 Using an Edge Cluster.................................................................................................................................................. 163.3 Inviting Tenants to a Consortium Blockchain.............................................................................................................. 18
4 Blockchain Management............................................................................................................204.1 Chaincode Management............................................................................................................................................... 204.2 Block Browser.............................................................................................................................................................. 25
5 BCS Access....................................................................................................................................27
6 Service Management...................................................................................................................31
7 Channel Management.................................................................................................................34
8 Member Management.................................................................................................................36
9 Notification Management..........................................................................................................37
10 O&M Center............................................................................................................................... 3810.1 Setting Web Disk Space Alarms.................................................................................................................................3810.2 Disk Metrics............................................................................................................................................................... 43
Blockchain ServiceUser Guide Contents
2018-10-29 ii
1 Outline of BCS Usage
The HUAWEI CLOUD Blockchain Service (BCS) provides functions such as servicedeployment, blockchain management, channel management, member management, andnotification management. The following figure outlines the BCS usage.
Blockchain ServiceUser Guide 1 Outline of BCS Usage
2018-10-29 1
Figure 1-1 Outline of BCS usage
Blockchain ServiceUser Guide 1 Outline of BCS Usage
2018-10-29 2
2 Permissions Management
2.1 Basic Concepts
2.2 Creating a User and Granting Permissions
2.3 Syntax of RBAC Policies
2.1 Basic ConceptsThis chapter describes the fine-grained permissions management provided by Identity andAccess Management (IAM) for your BCS services. With IAM, you can:
l Create IAM users for employees based on the organizational structure of your enterprise.Each IAM user has their own security credentials, providing access to BCS resources.
l Grant only the permissions required for users to perform a task.l Entrust a HUAWEI CLOUD account or cloud service to perform professional and
efficient O&M on your BCS resources.
If your HUAWEI CLOUD account does not need individual IAM users, then you may skipover this chapter.
The following sections describe the common IAM operations, including creating a user anduser group, granting permissions to a user group, and creating a custom policy. For other IAMoperations, see the IAM User Guide.
2.2 Creating a User and Granting PermissionsThis section describes how to use a group to grant permissions to a user. The following figureshows the process for granting permissions.
Blockchain ServiceUser Guide 2 Permissions Management
2018-10-29 3
Process Flow
Figure 2-1 Process for granting BCS permissions
1. Create a user group and grant permissions to it.Create a user group on the IAM console, and assign the BCS Administrator policy tothe group.
2. Create a user.Create a user on the IAM console and add the user to the group created in 1.
3. Log in and verify permissions.Log in to the BCS console as the created user, and verify that it has the permissions forBCS Administrator.
PrerequisitesBefore assigning permissions to user groups, you should learn about the system policies listedin the Permissions Management chapter of the BCS Service Overview. For the systempolicies of other services, see Permission Policy.
Step 1: Create a User Group and Grant PermissionsUser groups facilitate centralized user management and streamlined permissions management.Users in the same user group have the same permissions. Users created in IAM inheritpermissions from the groups to which they belong. To create a user group and grant itpermissions, perform the following steps:
Step 1 Log in to HUAWEI CLOUD using an account.
Blockchain ServiceUser Guide 2 Permissions Management
2018-10-29 4
Step 2 On the management console, click the username in the upper right corner and then chooseIdentity and Access Management.
Step 3 On the IAM console, choose User Groups in the navigation pane. Then click Create UserGroup.
Step 4 Enter a user group name (for example, Developers), and click OK.
The user group is displayed in the user group list.
Step 5 In the same row as the user group, choose Modify. Then click Modify next to the region forwhich you want to assign permissions to the user group.
Blockchain ServiceUser Guide 2 Permissions Management
2018-10-29 5
BCS is a project-level service. Therefore, you need to assign permissions in the projects inwhich users in the group need to access BCS resources.
Step 6 In the Modify Policy dialog box, search for and select BCS Administrator. For details aboutthe system permissions, see Permissions Management in the BTS Service Overview.
Step 7 Use the same method to select the policies that BCS Administrator depends on, includingSWR Admin, CCE Administrator, VPC Administrator, SFS Administrator, BSSAdministrator, APM Admin, DMS Administrator, and RDS Administrator.
Step 8 Click OK.
----End
Step 2: Create an IAM User
IAM users can be created for employees or applications of an enterprise. Each IAM user hastheir own security credentials, and inherits permissions from the groups it is a member of. Tocreate an IAM user, perform the following steps:
Blockchain ServiceUser Guide 2 Permissions Management
2018-10-29 6
Step 1 In the navigation pane of the IAM console, choose Users. Then click Create User.
Step 2 Set user information and click Next.
l Username: Used for logging in to HUAWEI CLOUD. For this example, enter James.l Credential Type: Identity credential for authentication. For this example, select
Password.– Password: Used for accessing HUAWEI CLOUD using the console or
development tools (including APIs, CLI, and SDKs).– Access Key: Used for logging to HUAWEI CLOUD using development tools. This
credential type is more secure, and is recommended if the user does not need to usethe console.
l (Optional) User Groups: Select Developers. The user will inherit the permissionsgranted to the user group. The default user group is admin, which has the administratorpermissions and all of the permissions required to use all cloud resources.
l (Optional) Description: Description of the user.
Step 3 On the next page, set required parameters, and click OK.
The following password types are available:
l Set at first login: Select this option if you are not the entity using user James. Jameswill receive a one-time login URL by email and can set a password at first login.
l Automatically generated: Select this option if James accesses HUAWEI CLOUD usinga development tool. HUAWEI CLOUD will generate a random 10-digit password.
l Set manually: Select this option if you are the entity using user James. Then set apassword for login.
----End
Step 3: Log In and Verify PermissionsAfter the user is created, use the username and identity credential to log in to HUAWEICLOUD, and verify that the user has the permissions defined by the BCS Administratorpolicy.
Step 1 On the HUAWEI CLOUD login page, click IAM User Login.
Blockchain ServiceUser Guide 2 Permissions Management
2018-10-29 7
Step 2 Enter the account name, username, and password, and click Log In.
l The account name is the name of the HUAWEI CLOUD account that created the IAMuser.
l The username and password are those set by the account when creating the IAM user.
Step 3 After successful login, switch to a region where the user has been granted permissions on themanagement console. The default region is Hong Kong.
Step 4 Choose Service List > Blockchain Service. Check whether the BCS services created by theaccount are listed on the BCS console. If yes, the BCS Administrator policy has alreadytaken effect.
----End
Blockchain ServiceUser Guide 2 Permissions Management
2018-10-29 8
2.3 Syntax of RBAC PoliciesPolicy Structure
An RBAC policy consists of a Version, a Statement, and Depends.
Figure 2-2 Policy structure
Policy SyntaxThe BCS Administrator policy is used as an example to describe the syntax of RBACpolicies.
Blockchain ServiceUser Guide 2 Permissions Management
2018-10-29 9
{ "Version": "1.0", "Statement": [ { "Effect": "Allow", "Action": [ "BCS:*:*" ] } ], "Depends": [ { "catalog": "SWR", "display_name": "SWR Admin" }, { "catalog": "CCE", "display_name": "CCE Administrator" }, { "catalog": "VPC", "display_name": "VPC Administrator" }, { "catalog": "NFS", "display_name": "SFS Administrator" } ]}
Table 2-1 Parameter description
Parameter Meaning Value
Version Policy version. The value is fixed to 1.0.
Statement
Action Operations to beperformed on BCS.
Format: Service name:Resourcetype:Operation.BCS:*:*: Permissions forperforming all operations on allresource types in BCS.
Effect Determines whether theoperation defined in anaction is allowed.
l Allowl Deny
Depends
catalog Name of the service towhich dependencies ofa policy belong.
Service nameExample: SWR
display_name Name of a dependentpolicy.
Policy name.Example: SWR Admin
Blockchain ServiceUser Guide 2 Permissions Management
2018-10-29 10
3 Service Deployment
3.1 Using a CCE Cluster
3.2 Using an Edge Cluster
3.3 Inviting Tenants to a Consortium Blockchain
3.1 Using a CCE ClusterA BCS service can be deployed on a CCE cluster or an edge cluster. This section describeshow to deploy a BCS service using a CCE cluster.
l Using a CCE cluster: Both the service instance and blockchain data are stored on theHUAWEI CLOUD. If you do not have available hardware, you can purchase HUAWEICLOUD resources and use a CCE cluster to deploy a BCS service.
l Uing an edge cluster: The blockchain data is stored on your own node, that is, on edgenodes. The BCS provides only the blockchain management capabilities. If the requiredhardware is available, you can use this method to reduce resource waste and investments.
PrerequisitesIf you use an account created by a tenant, grant the permissions of the following policies tothe account: BCS Administrator, CCE Administrator, SWR Admin, VPC Administrator, SFSAdministrator, BSS Administrator, ECS Admin, AOM Admin, APM Admin, DMSAdministrator, and RDS Admin.
For details, see 2.2 Creating a User and Granting Permissions.
PreparationBefore using a BCS service, you need to prepare the environment. The preparation includesCCE cluster creation, elastic IP address (EIP) binding, and Scalable File Service (SFS) filesystem creation for storage (in sequence).
Blockchain ServiceUser Guide 3 Service Deployment
2018-10-29 11
l You can bind EIPs when creating a cluster. Each VM in the cluster must be bound with anEIP.
l When creating a cluster, you need to purchase VM resources. For details, see thesuggestions on VM purchase.
l Create a CCE cluster.BCS services are deployed on container clusters. Therefore, you need to create a clusteron the CCE console. For details about how to create a VM cluster, see Creating aHybrid Cluster.
l Bind an EIP.If you have not bound EIPs to VMs when creating the cluster, apply for an EIP and bindit to an Elastic Cloud Server (ECS) to enable the ECS to access the Internet. For detailsabout how to bind an EIP, see Assigning an EIP and Binding It to an ECS.
l Create an SFS file system for storage.A Scalable File Service (SFS) file system is required to store the BCS service data. Fordetails about how to create an SFS file system, see Using SFS File Systems for Storage.
Deploying a BCS Service
After the environment is prepared, perform the following steps to purchase and deploy a BCSservice:
Step 1 Log in to the BCS console.
Figure 3-1 BCS console
Step 2 Click Buy BCS Service in the upper right corner of the Dashboard page.
Figure 3-2 Button for BCS service purchase
Step 3 Set the BCS service parameters on the purchase page.
Blockchain ServiceUser Guide 3 Service Deployment
2018-10-29 12
l Billing Mode: Two options are available, yearly/monthly and pay per use. For example,select Pay per use.
l Region: Select the region where the blockchain infrastructure is located. You are advisedto select the same region as the service application system. For example, you can selectCN North-Beijing1.
Figure 3-3 Parameter configuration 1
l Service Name: A service name can contain 4 to 24 characters, including letters, digits,and hyphens (-). It must not start with a hyphen (-). For example, enter bcs-igtaym.
l Edition: The BCS provides the basic, professional, and premium editions. For detailsabout the differences between the editions, see Edition Specifications. For example,select Professional.
l Blockchain Type: A private blockchain is used only by the tenant that deploys the BCSservice. A consortium blockchain can be used by the initiator and the tenants that theinitiator invites to join the consortium. For example, select Consortium.
l Cluster Type: Select CCE cluster.
l Container Cluster: Specify a container cluster where the BCS service is to be deployed.Only one BCS service can be deployed in a single container cluster. Select the CCEcluster created during environment preparation.
Figure 3-4 Parameter configuration 2
l Network Storage: Select the SFS file system created during environment preparation.
l Ledger Storage: Multiple types of databases can be used for ledger storage. For detailsabout their differences, see the tips on the BCS service purchase page. For example,select File database (goleveldb).
Blockchain ServiceUser Guide 3 Service Deployment
2018-10-29 13
NOTE
If Ledger Storage is set to Relational database (MySQL), only Golang is supported forchaincodes. If Ledger Storage is set otherwise, both Golang and Node.js are supported.
l Peer Organization: Add a peer organization for the BCS service. For example, createthree peer organizations xxx1, xxx2, and xxx3 each with two peers.
Figure 3-5 Parameter configuration 3
l Consensus Mechanism: The supported mechanisms for blockchain nodes reachingconsensus include Solo (for testing), fast Byzantine fault tolerance (FBFT), and Kafka(crash fault tolerant). They differ in features and application scenarios. For details, seeFunctions. For example, select FBFT.
l Enable Data Aging on Orderers: When the amount of data on an orderer reaches athreshold, the system automatically deletes the earliest data to prevent exceptions causedby insufficient storage space. If Consensus Mechanism is set to Kafka (CFT), thisfunction can be enabled. For example, select No.
l Number of Orderers: If the FBFT ordering service is used, four orderers areconfigured.
l Security Mechanism: Select the encryption algorithm used to ensure data security. TheElliptic Curve Digital Signature Algorithm (ECDSA) and Chinese cryptographicalgorithms are supported. For example, select ECDSA.
l Version: Specify the BCS service version.l Blockchain Mgmt. Initial Password: Set the password for the user admin to log in to
the blockchain management page.l If you need to use RESTful APIs to invoke chaincodes, select Yes. For example, select
No.
Blockchain ServiceUser Guide 3 Service Deployment
2018-10-29 14
Figure 3-6 Parameter configuration 4
l Channel Configuration: Channels isolate business in a consortium blockchain.Business participants (some or all of the organizations in a consortium) are channelmembers. Each channel can be regarded as a sub-chain and corresponds to one ledger.For example, create a channel named testchannel, and add the peer organizations xxx1,xxx2, and xxx3 to the channel.
Figure 3-7 Parameter configuration 5
Step 4 Click Next, confirm the configuration, and click Submit.
Wait for several minutes. After a message indicating successful installation is displayed,check the status of the service and organizations. If they are Normal, the BCS servicedeployment is completed.
Blockchain ServiceUser Guide 3 Service Deployment
2018-10-29 15
Figure 3-8 Successful deployment
----End
Subsequent Operations (Optional)You can configure an anti-affinity label for the cluster node where the BCS service isdeployed. This label can be used to isolate the service from other applications in the samecluster to ensure normal running of the system.
Step 1 Log in to the CCE console. In the navigation pane, choose Resource Management > NodeManagement. The node list is displayed. Click Manage Label in the Operation column.
Step 2 Click Add Label. Set Key to nodeScope and Value to userApplication for the label to beadded.
Step 3 Click OK. After Label updated successfully. is displayed, click Manage Label. Then youcan see the label that you have added.
For details, see Managing Node Labels in the CCE Help Center.
----End
3.2 Using an Edge ClusterA BCS service can be deployed on a CCE cluster or an edge cluster. This section describeshow to deploy a BCS service using an edge cluster.
Blockchain ServiceUser Guide 3 Service Deployment
2018-10-29 16
Node Requirements
Table 3-1 Edge Node Specification Requirements
Item Specifications
OS Ubuntu 16.04 LTS (Xenial Xerus), Ubuntu 18.04 LTS (Bionic Beaver),CentOS 7, or RHEL 7The kernel version must be 3.10.0 or later.
Memory ≥ 8 GB
CPU 4 or more vCPUs
Hard disk ≥ 1 TB
GPU(optional)
The GPU models on the same edge node must be the same.
Others The glibc version must be later than 2.17.The Docker version must be later than 17.06.
Configuring Nodes
Edge nodes usually reside in the enterprise intranet and are isolated from the Internet.Required software may not be installed on the nodes. Therefore, you need to configure all theedge nodes as follows:
Step 1 Use the remote login tool to log in to an edge node.
Step 2 Run the following commands to configure the HTTP proxy to enable the edge node tocommunicate with the Internet (the IP address and port number must be set as required):export https_proxy=ip:port export http_proxy=ip:port
Step 3 Run the following commands to install Docker:yum install epel-releaseyum install docker
Step 4 Configure the Docker proxy.
1. Create a directory and file.mkdir /etc/systemd/system/docker.service.dvim /etc/systemd/system/docker.service.d/http-proxy.conf
2. Add the following content to the http-proxy.conf file:[Service]Environment="HTTP_PROXY=http://proxy_id:proxy_port"
3. Load the configuration and restart Docker.systemctl daemon-reloadsystemctl restart docker
4. Check whether the variables have been loaded successfully.systemctl show docker --property Environment
----End
Blockchain ServiceUser Guide 3 Service Deployment
2018-10-29 17
Creating/Managing Edge NodesSee Node Management in the IEF User Guide.
Deploying a BCS ServiceSee Deploying a BCS Service. Set Cluster Type to Edge cluster.
3.3 Inviting Tenants to a Consortium BlockchainAfter creating a consortium blockchain, you can invite tenants to join it.
PrerequisitesA BCS instance of the consortium blockchain has been created.
Inviting a Tenant
Step 1 Log in to the BCS console.
Step 2 Choose Member Management in the navigation pane on the left. Click Invite Tenant in theupper right corner of the page.
Figure 3-9 Button for inviting a tenant to the consortium blockchain
Step 3 In the Invite Tenant window, select your BCS service and channel, and enter the invitedtenant's name and email address (optional).
Figure 3-10 Inviting a tenant
NOTE
A consortium blockchain can be set up across regions. That is, tenants in different regions can join thesame consortium blockchain.
Step 4 (Optional) Click Add Tenant to invite multiple tenants.
Blockchain ServiceUser Guide 3 Service Deployment
2018-10-29 18
Step 5 Click OK. An invitation notification is sent to the invited tenant. If you have entered thetenant's email address, the invitation notification will be sent to the email address.
----End
Accepting/Declining an InvitationWhen you receive an invitation to join a consortium blockchain, you will receive anotification. You can either accept or decline it.
Step 1 Log in to the BCS console.
Step 2 Choose Notification Management in the navigation tree on the left. On the NotificationManagement page, locate the notification and click View Details in the Operation column.l To accept the invitation, select the organization that you want to add to the consortium,
and then click Accept.l To decline the invitation, click Decline.
NOTE
– If you have not created a BCS service, click Create BCS Service to create a service beforeselecting an organization. Otherwise, you cannot join the consortium.
Figure 3-11 Creating a BCS service after receiving an invitation
– For details about how to create a BCS service, see Deploying a BCS Service. To successfullyjoin a consortium blockchain, certain parameters of your service must have the same settingsas the inviting party's BCS service, such as the blockchain type, consensus mechanism, andsecurity mechanism. Therefore, these parameters are dimmed on the service configurationpage and cannot be modified.
----End
Blockchain ServiceUser Guide 3 Service Deployment
2018-10-29 19
4 Blockchain Management
4.1 Chaincode Management
4.2 Block Browser
4.1 Chaincode ManagementYou can manage chaincodes on the web, including chaincode installation, instantiation, andupdate, and develop chaincodes using an online editor.
Installing a Chaincode
Step 1 Log in to the Blockchain Management console.
1. Log in to the BCS console.2. Click Manage Blockchain in the Operation column of the service list.3. Enter the username, password, and verification code, and click Log In.
NOTE
– The username is admin, and the initial login password is the password set when you buy theBCS service. To ensure the system security, change the password periodically.
– If you use the Internet Explorer, you may fail to open the Blockchain Management loginpage and see a message indicating that the certificate is untrusted. In this case, you can clickhere to resolve the problem.
Step 2 On the Chaincode Management page, click Install Chaincode.
Step 3 On the Install Chaincode dialog box, enter the chaincode name and version number, selectthe peers where the chaincode is to be installed, select the chaincode programming language,and add the chaincode file, as shown in the following figure.
Blockchain ServiceUser Guide 4 Blockchain Management
2018-10-29 20
Figure 4-1 Installing a chaincode
NOTE
If Ledger Storage is set to Relational database (MySQL), only Golang is supported for chaincodes. IfLedger Storage is set otherwise, both Golang and Node.js are supported.
Step 4 Click Install.
----End
Instantiating a Chaincode
After a chaincode is installed, it must be instantiated on the channel so that the peers caninteract with each other using the distributed ledger and the chaincode container.
Step 1 Click Instantiate in the Operation column of the chaincode list.
Step 2 Specify the channel for instantiation, chaincode version, endorsement policy, endorsingorganizations, initialization function and chaincode parameters.
Blockchain ServiceUser Guide 4 Blockchain Management
2018-10-29 21
Figure 4-2 Instantiating a chaincode
Step 3 Click Instantiate.
If chaincode instantiation fails, you can refer to Chaincode Instantiation Error Codes todetermine the cause.
----End
Updating a ChaincodeIf your chaincode is updated, you need to install and instantiate it again to meet new businessrequirements.
Step 1 Click Update in the Operation column of the chaincode list.
Step 2 Fill in the chaincode version, select peers, add a chaincode file, and click Update.
Blockchain ServiceUser Guide 4 Blockchain Management
2018-10-29 22
Figure 4-3 Updating a chaincode
Step 3 Instantiate the updated chaincode. For details, see Instantiating a Chaincode.
Step 4 (Optional) Click in front of the chaincode name. You can see details about this chaincode,including the versions and installation and instantiation information.
----End
NOTE
The BCS provides an online chaincode editor. You can click Edit Chaincode on the ChaincodeManagement page to edit, debug, and run a chaincode. The chaincode editor contains many Golang andFabric APIs to facilitate development. For details about chaincode development, see the BCS DeveloperGuide.
Chaincode Instantiation Error Codes
Chaincode instantiation may fail due to various causes. When confronted with an instantiationfailure, you can refer to the following table to determine the cause.
Table 4-1 Error codes
Error Code Message
6001 Instantiation timed out.
Blockchain ServiceUser Guide 4 Blockchain Management
2018-10-29 23
Error Code Message
6999 Unknown error.
6701 Client failed to connect to a peer.
6703 Endorsement signature failed verification.
6704 Failed to pull the ccenv image during chaincode compilation.
6705 Chaincode compilation failed.
6707 Failed to build a chaincode image.
6708 Failed to create a chaincode container.
6709 Failed to register the chaincode container.
6710 Client failed to connect to an orderer.
6712 Transaction recording in ledgers failed.
6713 Request error determined by the orderer.
6715 Instantiation failed because instantiation of another chaincodehas already been started.
6716 Error detected in the init() function parameters.
6717 Error detected in the invoke() function parameters.
6720 Failed to create a chaincode certificate.
6721 Chaincode container startup timed out.
6722 Transaction timed out because init() execution abnormallyterminates after startup of the chaincode container.
6723 A chaincode with the same schema has already been instantiatedon this channel.
6901 Instantiation failed. The chaincode to be instantiated mustcontain all the tables in the previously instantiated chaincode.
6902 Instantiation failed. The chaincode to be instantiated mustcontain all the fields in the previously instantiated chaincode.
6903 Instantiation failed. The chaincode to be instantiated must notcontain any changes to the field attributes included in thepreviously instantiated chaincode.
6904 The schema file of the instantiated chaincode does not exist.
6905 Failed to resolve the schema file.
Blockchain ServiceUser Guide 4 Blockchain Management
2018-10-29 24
4.2 Block BrowserYou can query blockchain information required for maintenance, including the block quantity,transaction quantity, block details, transaction details, performance, and peer statuses.
Procedure
Step 1 Open the block browser page.
1. Log in to the BCS console.2. Click Manage Chaincode & Block in the Operation column of the service list.3. Enter the username, password, and verification code, and click Login.4. Choose Block Browser in the navigation tree on the left.
Step 2 Select a channel from the Channel drop-down list box. Real-time data is displayed in thelower part of the page.
Step 3 You can view the following data in the block browser.
Table 4-2 Data
Item Description
Peers Number of peers in the selected channel
Chaincodes Number of chaincodes in the selected channel, that is, the number of thechaincode versions
Blocks Number of generated blocks
Transactions Number of transactions that have been performed
Block details l Click Last 10 Blocks to view the detailed information about thelatest 10 blocks, such as the block hash, data hash, and creation time.
l Click View more in the upper right corner of the table to learn detailsabout more blocks.
Transactiondetails
l Click Last 10 Transactions to view the information about the last 10transactions such as the transaction IDs, creators' MSPs, and creationtime.
l Click View Details in the Operation column of the transaction list toview more details about the transaction.
l Click View more in the upper right corner of the table to view detailsabout more transactions.
Blockchain ServiceUser Guide 4 Blockchain Management
2018-10-29 25
Item Description
Performanceanalysis
The line charts show the trends of performance data, helping you knowthe performance status.l Block performance: Click Block to view changes in the block
quantity. Move the pointer along the curve to view the number ofblocks at different time points.
l Transaction performance: Click Transaction to view changes in thetransaction quantity. Move the pointer along the curve to view thenumber of transactions at different time points.
NOTEYou can select a time granularity (hours or minutes) in the upper right corner ofthe chart.
Transactionquantity oforganizations
The pie chart shows the percentage of each organization's transactions.NOTE
Move the pointer on the pie chart to view the transaction quantity and percentageof each organization.
Peer status You can view the running statuses of all peers in the selected channel todetect exceptions of peers in time.
----End
Blockchain ServiceUser Guide 4 Blockchain Management
2018-10-29 26
5 BCS Access
BCS supports operations such as chaincode execution and query through the community-native Fabric software development kits (SDKs). Before developing an application, you needto download the certificates and SDK configuration. The SDKs can use the configuration fileto easily access the blockchain network and complete transactions. You do not need tomanually configure the SDKs.
Downloading Certificates
Two types of certificates are now supported: administrator certificate and user certificate. Theadministrator certificate is required to create, join, and upgrade a channel, and install,instantiate, update, and delete a chaincode. For transactions and query, you are advised to usethe user certificate. Download the certificates of a service on the Service Management page.
The administrator certificate differs between an orderer and a peer. For management within achannel, you need to use the administrator certificate for peers instead of that for orderers.
Step 1 On the Service Management page, click prior to the target service name and downloadthe certificates in the Operation column of the organization list, as shown in the followingfigure.
Figure 5-1 Downloading certificates
Blockchain ServiceUser Guide 5 BCS Access
2018-10-29 27
Step 2 Decompress the downloaded certificate packages and store the files in an applicationdirectory for the application to access.
----End
Downloading the SDK Configuration
Step 1 On the Service Management page, choose More > Download SDK Configuration, asshown in the following figure.
Figure 5-2 Downloading the SDK configuration
Step 2 Configure the SDK file parameters, as shown in the following figure.
Blockchain ServiceUser Guide 5 BCS Access
2018-10-29 28
Figure 5-3 Configuring the SDK file
Table 5-1 Parameters
Parameter Setting
ChaincodeName
Set it as required.
ChaincodeVersion
Set it as required.
Certificate RootPath
Enter the root path of the certificates specified during applicationcompilation.
Channel Select a channel.
Peer Select peers in the channel.
Step 3 Click Download. The downloaded file package can be named test-sdk-config.zip.
Step 4 Decompress the file package and store the retrieved test-sdk-config.yaml file.
----End
Developing an Application
Use the downloaded certificate files and SDK configuration file to develop an application.
Blockchain ServiceUser Guide 5 BCS Access
2018-10-29 29
l If you are familiar with the SDKs, directly use the downloaded configuration file fordevelopment.
l If you are not familiar with the SDKs, refer to the following example programs:Java SDK DemoNodejs SDK Demo
Blockchain ServiceUser Guide 5 BCS Access
2018-10-29 30
6 Service Management
You can manage BCS services and the organizations in each service.
Procedure
Step 1 Log in to the BCS console. Click Service Management in the navigation tree on the left.
Step 2 Perform management operations.
Table 6-1 Operation list
Subject
Operation Description
Service
Managingblockchain
This operation is available only after an EIP is bound. ClickManage Blockchain in the Operation column of the servicelist. On the displayed Block Management page, you can view,install, instantiate, update, and delete chaincodes.
Upgrading theversion
Choose More > Upgrade Version in the Operation column ofthe service list to view the current service version and upgradethe version.
Modifyingspecifications
BCS provides three editions with different specifications. Ifthe edition you selected during deployment cannot meet yourbusiness requirements, click More > Change Specificationsin the Operation column of the service list to change theedition, for example, from Professional to Premium.
Downloadingthe SDKconfiguration
Choose More > Download SDK Configuration in theOperation column of the service list. On the Download SDKConfiguration page, set the parameters and click Download.The downloaded SDK configuration will be used forapplication development.
Resetting theblockchainmanagementpassword
Choose More > Reset Password for BlockchainManagement in the Operation column of the service list toreset the login password for blockchain management.
Blockchain ServiceUser Guide 6 Service Management
2018-10-29 31
Subject
Operation Description
Changing theelastic IPaddress (EIP) ofthe service
Choose More > Change Service EIP in the Operationcolumn of the service list, select a new EIP, and click Change.
Hibernating aservice
Choose More > Hibernate in the Operation column of theservice list, and then click OK.NOTE
l Pay-per-use services can be hibernated, and yearly/monthlyservices cannot.
l Only services in normal state can be hibernated.
l A service in hibernation does not incur management fees until it iswoken.
Waking aservice
Choose More > Wake in the Operation column of the servicelist, and then click OK.NOTE
l Pay-per-use services in hibernation can be woken, and yearly/monthly services cannot be hibernated or woken.
l After a service is woken, management fees are charged.
Viewing servicedetails
Choose More > View Service Details in the Operationcolumn of the service list to view the information about thecurrent BCS service, including the cluster name, networkstorage instance, consensus mechanism, and securitymechanism.
Enablingsupport forRESTful APIs
If you select No for Enable Support for RESTful APIs whenyou deploy a BCS service, you can choose More > EnableSupport for RESTful APIs in the Operation column of theservice list and click Install in the displayed dialog box toinstall RESTful APIs.
Deleting orunsubscribingfrom a service
l To delete a pay-per-use service, choose More > Delete inthe Operation column of the service list.
l To unsubscribe from a yearly/monthly service, chooseMore > Unsubscribe in the Operation column of theservice list. After the unsubscription application isapproved, the remaining fees paid for the service will berefunded.
Organization
Adding anorganization
Click in front of a service name to display the service
information. Click . Enter theorganization name and number of peers, then click Next.NOTE
After organization addition, the price will change. Pay attention to thenotes on the upper part of the page and the price at the bottom.
Blockchain ServiceUser Guide 6 Service Management
2018-10-29 32
Subject
Operation Description
Downloadingtheadministratorcertificate
Click in front of a service name to display the serviceinformation. You can download the administrator certificate inthe Operation column of the organization list to perform otheroperations on the node.
Downloading auser certificate
Click in front of a service name to display the serviceinformation. Then, choose More > Download UserCertificate in the Operation column of the organization list.
Downloadingthe CAcertificate
Click in front of a service name to display the serviceinformation. Then, choose More > Download CA Certificatein the Operation column of the organization list.
Adding a peer Click in front of a service name to display the serviceinformation. Click Add Peer in the Operation column of theorganization list. Enter the number of peers, and click Next.NOTE
After peer addition, the price will change. Pay attention to the notes onthe upper part of the page and the price at the bottom.
Others Increasingquota
By default, you can create a maximum of five services. If thequota is insufficient, you can click Increase Quota above theservice list.
----End
Blockchain ServiceUser Guide 6 Service Management
2018-10-29 33
7 Channel Management
Nodes communicate through channels. The channel management function enables you tocreate a channel or add peers to an existing channel.
Creating a Channel
Step 1 Log in to the BCS console.
Step 2 Choose Channel Management in the navigation pane on the left. Click Create Channel inthe upper right corner of the page.
Figure 7-1 Creating a channel
NOTE
l The maximum number of channels for each service differs with the edition, which is 1 for the basicedition, 2 for professional, and 10 for premium.
l Channels cannot be created for a service created by a tenant invited to a consortium blockchain.
Step 3 On the Create Channel dialog box, select a service, enter a channel name and description,and click OK.
----End
Adding a Peer
Step 1 After the channel is created, click Add Peer in the Operation column of the channel list.
Step 2 On the displayed Add Peer dialog box, select an organization, and specify the number ofpeers to be added to the channel.
Step 3 Click OK.
----End
Blockchain ServiceUser Guide 7 Channel Management
2018-10-29 34
Other Operations
Table 7-1 Other operations
Operation Description
Queryingchannels
A channel list is displayed on the Channel Management page. Youcan view the information such as the channel name, name of theservice for which the channel is used, and peers in the channel.
Viewing a peer Click View Peer in the Operation column of the channel list to viewpeer information by organization, including the Membership ServiceProvider (MSP) ID, floating IP address (if bound), port number, peername, domain of each peer, and whether the peer has been added tothe channel.
Blockchain ServiceUser Guide 7 Channel Management
2018-10-29 35
8 Member Management
You can invite tenants to become blockchain consortium members, view invitation, anddeleting invitations.
l To invite a tenant, see Inviting a Tenant.l To view an invitation, click View Invitation in the Operation column on the Member
Management page.l To delete an invitation, click Delete Invitation in the Operation column on the
Member Management page. After that, the invitation you have sent to a tenant iswithdrawn. This operation can be done only if the invited party has not accepted theinvitation.
Blockchain ServiceUser Guide 8 Member Management
2018-10-29 36
9 Notification Management
When another tenant invites you to join a consortium blockchain, you will receive aninvitation notification. Then, you can view the invitation on the Notification Managementpage.
l To accept the invitation, click View Details in the Operation column of the notificationlist, select a BCS service and organization, and click Accept.
l To decline the invitation, click View Details in the Operation column of the notificationlist, and click Decline.
l To delete a notification, click Delete Notification in the Operation column of thenotification list
l To postpone the processing of an invitation, click View Details in the Operation columnof the notification list, and click Process Later.
NOTE
l If you have not created a BCS service, click Create BCS Service to create a service before selectingan organization. Otherwise, you cannot join the consortium.
l Notification statuses include:
l Unprocessed: You have not processed the invitation notification. You can click View Detailsto accept or decline the invitation.
l Finished: You have accepted the invitation to join the consortium blockchain.
l Canceled: The inviting party has deleted the service before you accept the invitation. Youcannot join the consortium blockchain.
l Declined: You have declined the invitation to join the consortium blockchain.
l Quit: You have accepted the invitation and joined the consortium blockchain but later quit theconsortium.
l Dismissed: The inviting party has deleted the service after you joined the consortiumblockchain. As a result, the blockchain is dismissed.
l Frozen: The inviting party's account is frozen.
l Upgraded: A service in the consortium blockchain has been upgraded successfully after youjoin the blockchain.
Blockchain ServiceUser Guide 9 Notification Management
2018-10-29 37
10 O&M Center
10.1 Setting Web Disk Space Alarms
10.2 Disk Metrics
10.1 Setting Web Disk Space Alarms
Background
The O&M center of BCS is connected to the Application Operations Management (AOM).AOM is a one-stop platform for O&M personnel to monitor the application and resourceoperating state in real time. By analyzing metrics, alarms, and logs, you can quickly locateroot causes to ensure smooth running of services.
The following section describe how to use the AOM service to monitor the web disk status(file storage) of a BCS instance. After receiving an alarming notification indicating that thedisk space is insufficient, O&M personnel need to expand the disk capacity. Otherwise,services may become abnormal. For details about AOM-related operations, see AOM HelpCenter.
Set Alarms
When OM personnel need to check the web disk metrics, they can use the AOM service to setalarm generation thresholds for the disk metrics. If a metric exceeds the threshold, the systemautomatically sends an alarming short message or email.
Step 1 Create a topic in the Simple Message Notification (SMN) console and add a subscriber.
If you need to obtain resource change information in real time, create a topic and addsubscribers to this topic. That is, add the email address or mobile number of a recipient of thechange information to the system. Then, you can select the recipient when establishingthreshold rules.
1. Create a topic.
a. For details about how to create a topic, click Creating a Topic.
Blockchain ServiceUser Guide 10 O&M Center
2018-10-29 38
Figure 10-1 Creating a topic
b. Configure a topic policy.
Select APM for Services that can publish messages to this topic, as shown in thefollowing figure. Otherwise, notifications will fail to be sent. For details, seeConfiguring Topic Policies.
Figure 10-2 Configuring a topic policy
2. Add subscribers to the topic. For details about how to add subscribers to a topic, clickAdd a Subscription
Figure 10-3 Adding a subscription task
Step 2 Click O&M Center on the left of the BCS console. On the displayed AOM console, establisha threshold rule.
Blockchain ServiceUser Guide 10 O&M Center
2018-10-29 39
1. In the navigation pane on the left, choose Alarm Center > Threshold Rules. Then,click Add Single-resource Threshold, expand the host in the cluster with BCSdeployed, select metrics of the mapper file system, set parameters including Time Rangeand Statistic Method, and click Next. (To ensure security, you are advised to set analarming threshold rule for each mapper file system.) The following figure shows thedisk space available to BCS as an example.
Figure 10-4 Selecting metrics
2. Configure the basic information about the threshold rule and enable notification. Forexample, if you want to receive a notification when the available disk space is less than2048 MB, configure the threshold-based alarming criterion by referring to the followingfigure.
Blockchain ServiceUser Guide 10 O&M Center
2018-10-29 40
Figure 10-5 Specifying a threshold
Recommended disk threshold rule for BCS: An alarm is reported if the disk usageexceeds 90% or the available disk space is lower than 10%.
----End
Handle AlarmsAfter receiving an alarming notification indicating that the disk space is insufficient, O&Mpersonnel need to expand the disk capacity. Otherwise, services may become abnormal.
Step 1 Choose Service List > Storage > Scalable File Service on the console.
Blockchain ServiceUser Guide 10 O&M Center
2018-10-29 41
Figure 10-6 Access to Scalable File Service (SFS)
Step 2 In the SFS file system list, locate the file system used for the cluster where the BCS service isdeployed.
Step 3 Click Resize in the Operation column.
Step 4 Set New Capacity (GB), and click OK.
Figure 10-7 Resizing the file system
----End
Blockchain ServiceUser Guide 10 O&M Center
2018-10-29 42
10.2 Disk MetricsAfter metric thresholds and alarming criteria related to disk usage are configured, alarmingshort messages or emails can be sent to O&M personnel. In this way, O&M personnel candetect and handle service exceptions in a timely manner to reduce the loss caused byexceptions. The following table lists the metrics related to disks used for BCS services.
Table 10-1 Node metrics
Metrics Description Meaning Value Range Unit
diskAvailableCapacity
Available diskspace
Disk space thatis not used
≥ 0 MB
diskCapacity Disk capacity Total diskcapacity
≥ 0 MB
diskReadRate Disk read rate Data volumeread from thedisk per second
≥ 0 KB/s
diskRWStatus Disk read/writestatus
Read/writestatus of thedisk on a node
0 (read andwrite) and 1(read-only).
None
diskUsedRate Disk usage Percentage ofthe used diskspace to thetotal disk space
≥ 0 Percentage
diskWriteRate Disk write rate Data volumewritten into thedisk per second
≥ 0 KB/s
Disk metrics can be calculated on the following bases.
Table 10-2 Metric measurement bases
Basis Description
clusterId Cluster ID
clusterName Cluster name
hostID Node ID
namespace Cluster namespace
nodeIP IP addresses of a node
nodeName Node name
Blockchain ServiceUser Guide 10 O&M Center
2018-10-29 43