github.com/hyperion-hyn/go-ethereum@v2.4.0+incompatible/docs/Permissioning/setup.md

github.com/hyperion-hyn/go-ethereum@v2.4.0+incompatible/docs/Permissioning/setup.md (about)

     1  # Set up
     2  The steps to enable new permissions model are as described below:
     3  
     4  ## New network
     5  
     6  * Bring up the initial set of nodes which will be part of the network
     7  * Deploy the `PermissionsUpgradable.sol` in the network. The deployment of this contract will require a guardian account to be given as a part of deployment. 
     8  * Deploy the rest of the contracts. All the other contracts will require the address of `PermissionsUpgradable.sol` contract as a part of deployment.
     9  * Once all the contracts are deployed create a file `permission-config.json` which will have the following construct:
    10  ```json
    11  {
    12      "upgradableAddress": "0x1932c48b2bf8102ba33b4a6b545c32236e342f34",
    13      "interfaceAddress": "0x4d3bfd7821e237ffe84209d8e638f9f309865b87",
    14      "implAddress": "0xfe0602d820f42800e3ef3f89e1c39cd15f78d283",
    15      "nodeMgrAddress": "0x8a5e2a6343108babed07899510fb42297938d41f",
    16      "accountMgrAddress": "0x9d13c6d3afe1721beef56b55d303b09e021e27ab",
    17      "roleMgrAddress": "0x1349f3e1b8d71effb47b840594ff27da7e603d17",
    18      "voterMgrAddress": "0xd9d64b7dc034fafdba5dc2902875a67b5d586420",
    19      "orgMgrAddress" : "0x938781b9796aea6376e40ca158f67fa89d5d8a18",
    20      "nwAdminOrg": "ADMINORG",
    21      "nwAdminRole" : "ADMIN",
    22      "orgAdminRole" : "ORGADMIN",
    23      "accounts":["0xed9d02e382b34818e88b88a309c7fe71e65f419d", "0xca843569e3427144cead5e4d5999a3d0ccf92b8e"],
    24      "subOrgBreadth" : 3,
    25      "subOrgDepth" : 4
    26  }
    27  ```
    28  > * `upgradableAddress` is the address of deployed contract `PermissionsUpgradable.sol`
    29  > * `interfaceAddress` is the address of deployed contract `PermissionsInterface.sol`
    30  > * `implAddress` is the address of deployed contract `PermissionsImplementation.sol`
    31  > * `nodeMgrAddress` is the address of deployed contract `NodeManager.sol`
    32  > * `accountMgrAddress` is the address of deployed contract `AccountManager.sol`
    33  > * `roleMgrAddress` is the address of deployed contract `RoleManager.sol`
    34  > * `voterMgrAddress` is the address of deployed contract `VoterManager.sol`
    35  > * `orgMgrAddress` is the address of deployed contract `OrgManager.sol`
    36  > * `nwAdminOrg` is the name of initial organization that will be created as a part of network boot up with new permissions model. This organization will own all the initial nodes which come at the time of network boot up and accounts which will be the network admin account
    37  > * `nwAdminRole` is role id which will have full access and will be network admin. This role will be assigned to the network admin accounts
    38  > * `orgAdminRole` is role id which will have full access and will manage organization level administration activities. This role will be assigned to the org admin account
    39  > * `accounts` holds the initial list of accounts which will be linked to the network admin organization and will be assigned the network admin role. These accounts will have complete control on the network and can propose and approve new organizations into the network
    40  > * `subOrgBreadth` indicates the number of sub organizations that any org can have
    41  > * `subOrgDepth` indicates the maximum depth of sub org hierarchy allowed in the network
    42  
    43  * Once the contracts are deployed, `init` in `PermissionsUpgradable.sol` need to be executed by the guardian account. This will link the interface and implementation contracts. A sample script for loading the upgradable contract at `geth` prompt is as given below
    44  ```javascript
    45  ac = eth.accounts[0];
    46  web3.eth.defaultAccount = ac;
    47  var abi = [{"constant":true,"inputs":[],"name":"getPermImpl","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_proposedImpl","type":"address"}],"name":"confirmImplChange","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"getGuardian","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"getPermInterface","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_permInterface","type":"address"},{"name":"_permImpl","type":"address"}],"name":"init","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"inputs":[{"name":"_guardian","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"constructor"}];
    48  var upgr = web3.eth.contract(abi).at("0x1932c48b2bf8102ba33b4a6b545c32236e342f34"); // address of the upgradable contracts
    49  var impl = "0xfe0602d820f42800e3ef3f89e1c39cd15f78d283" // address of the implementation contracts
    50  var intr = "0x4d3bfd7821e237ffe84209d8e638f9f309865b87" // address of the interface contracts
    51  ```
    52  * At `geth` prompt load the above script after replacing the contract addresses appropriately and execute `upgr.init(intr, impl, {from: <guardian account>, gas: 4500000})`
    53  * Bring down the all `geth` nodes in the network and copy `permission-config.json` into the data directory of each node
    54  
    55  ## Migrating from an earlier version
    56  The following steps needs to be followed when migrating from a earlier version for enabling permissions feature
    57  
    58  * Bring down the running network in the earlier version. 
    59  * The `maxCodeSize` attribute in `genesis.json` need to be set to 35. Update `genesis.json` to reflect the same
    60  ```javascript
    61    "config": {
    62      "homesteadBlock": 0,
    63      "byzantiumBlock": 0,
    64      "chainId": 10,
    65      "eip150Block": 0,
    66      "eip155Block": 0,
    67      "eip150Hash": "0x0000000000000000000000000000000000000000000000000000000000000000",
    68      "eip158Block": 0,
    69      "maxCodeSize" : 35,
    70      "isQuorum":
    71  ```
    72  * Execute `geth --datadir <<data dir path>> init genesis.json`
    73  * Bring up the network with latest geth and deploy the contracts as explained earlier in the set up. The rest of the steps will be similar to bringing up a new network
    74  
    75  !!! Note
    76      * It should be noted that the new permission model will be in force only when `permission-config.json` is present in data directory. If this file is not there and the node is brought up with `--permissioned` flag, node level permissions as per the earlier model will be effective.
    77      * Please ensure that `maxCodeSize` in `genesis.json` is set to 35