github.com/kaituanwang/hyperledger@v2.0.1+incompatible/docs/source/enable_cc_lifecycle.md (about) 1 # Enabling the new chaincode lifecycle 2 3 Users upgrading from v1.4.x to v2.0 will have to edit their channel configurations to enable the new lifecycle features. This process involves a series of [channel configuration updates](./config_update.html) the relevant users will have to perform. 4 5 Note that the `Channel` and `Application` [capabilities](./capabilities_concept.html) of your application channels will have to be updated to `V2_0` for the new chaincode lifecycle to work. Check out [Considerations for getting to 2.0](./upgrade_to_newest_version.html#chaincode-lifecycle) for more information. 6 7 Updating a channel configuration is, at a high level, a three step process (for each channel): 8 9 1. Get the latest channel config 10 2. Create a modified channel config 11 3. Create a config update transaction 12 13 We will be performing these channel configuration updates by leveraging a file called `enable_lifecycle.json`, which contains all of the updates we will be making in the channel configurations. Note that in a production setting it is likely that multiple users would be making these channel update requests. However, for the sake of simplicity, we are presenting all of the updates as how they would appear in a single file. 14 15 ## Create `enable_lifecycle.json` 16 17 Note that in addition to using `enable_lifecycle.json`, this tutorial also uses `jq` to apply the edits to the modified config file. The modified config can also be edited manually (after it has been pulled, translated, and scoped). Check out this [sample channel configuration](./config_update.html#sample-channel-configuration) for reference. 18 19 However, the process described here (using a JSON file and a tool like `jq`) does have the advantage of being scriptable, making it suitable for proposing configuration updates to a large number of channels, and is the recommended process for editing a channel configuration. 20 21 Note that the `enable_lifecycle.json` uses sample values, for example `org1Policies` and the `Org1ExampleCom`, which will be specific to your deployment): 22 23 ``` 24 { 25 "org1Policies": { 26 "Endorsement": { 27 "mod_policy": "Admins", 28 "policy": { 29 "type": 1, 30 "value": { 31 "identities": [ 32 { 33 "principal": { 34 "msp_identifier": "Org1ExampleCom", 35 "role": "PEER" 36 }, 37 "principal_classification": "ROLE" 38 } 39 ], 40 "rule": { 41 "n_out_of": { 42 "n": 1, 43 "rules": [ 44 { 45 "signed_by": 0 46 } 47 ] 48 } 49 }, 50 "version": 0 51 } 52 }, 53 "version": "0" 54 } 55 }, 56 "org2Policies": { 57 "Endorsement": { 58 "mod_policy": "Admins", 59 "policy": { 60 "type": 1, 61 "value": { 62 "identities": [ 63 { 64 "principal": { 65 "msp_identifier": "Org2ExampleCom", 66 "role": "PEER" 67 }, 68 "principal_classification": "ROLE" 69 } 70 ], 71 "rule": { 72 "n_out_of": { 73 "n": 1, 74 "rules": [ 75 { 76 "signed_by": 0 77 } 78 ] 79 } 80 }, 81 "version": 0 82 } 83 }, 84 "version": "0" 85 } 86 }, 87 "appPolicies": { 88 "Endorsement": { 89 "mod_policy": "Admins", 90 "policy": { 91 "type": 3, 92 "value": { 93 "rule": "MAJORITY", 94 "sub_policy": "Endorsement" 95 } 96 }, 97 "version": "0" 98 }, 99 "LifecycleEndorsement": { 100 "mod_policy": "Admins", 101 "policy": { 102 "type": 3, 103 "value": { 104 "rule": "MAJORITY", 105 "sub_policy": "Endorsement" 106 } 107 }, 108 "version": "0" 109 } 110 }, 111 "acls": { 112 "_lifecycle/CheckCommitReadiness": { 113 "policy_ref": "/Channel/Application/Writers" 114 }, 115 "_lifecycle/CommitChaincodeDefinition": { 116 "policy_ref": "/Channel/Application/Writers" 117 }, 118 "_lifecycle/QueryChaincodeDefinition": { 119 "policy_ref": "/Channel/Application/Readers" 120 }, 121 "_lifecycle/QueryChaincodeDefinitions": { 122 "policy_ref": "/Channel/Application/Readers" 123 } 124 } 125 } 126 ``` 127 128 **Note: the "role" field of these new policies should say `'PEER'` if [NodeOUs](./msp.html#organizational-units) are enabled for the org, and `'MEMBER'` if they are not.** 129 130 ## Edit the channel configurations 131 132 ### System channel updates 133 134 Because configuration changes to the system channel to enable the new lifecycle only involve parameters inside the configuration of the peer organizations within the channel configuration, each peer organization being edited will have to sign the relevant channel configuration update. 135 136 However, by default, the system channel can only be edited by system channel admins (typically these are admins of the ordering service organizations and not peer organizations), which means that the configuration updates to the peer organizations in the consortium will have to be proposed by a system channel admin and sent to the relevant peer organization to be signed. 137 138 You will need to export the following variables: 139 140 * `CH_NAME`: the name of the system channel being updated. 141 * `CORE_PEER_LOCALMSPID`: the MSP ID of the organization proposing the channel update. This will be the MSP of one of the ordering service organizations. 142 * `CORE_PEER_MSPCONFIGPATH`: the absolute path to the MSP representing your organization. 143 * `TLS_ROOT_CA`: the absolute path to the root CA certificate of the organization proposing the system channel update. 144 * `ORDERER_CONTAINER`: the name of an ordering node container. When targeting the ordering service, you can target any particular node in the ordering service. Your requests will be forwarded to the leader automatically. 145 * `ORGNAME`: the name of the organization you are currently updating. 146 * `CONSORTIUM_NAME`: the name of the consortium being updated. 147 148 Once you have set the environment variables, navigate to [Step 1: Pull and translate the config](./config_update.html#step-1-pull-and-translate-the-config). 149 150 Once you have a `modified_config.json`, add the lifecycle organization policy (as listed in `enable_lifecycle.json`) using this command: 151 152 ``` 153 jq -s ".[0] * {\"channel_group\":{\"groups\":{\"Consortiums\":{\"groups\": {\"$CONSORTIUM_NAME\": {\"groups\": {\"$ORGNAME\": {\"policies\": .[1].${ORGNAME}Policies}}}}}}}}" config.json ./enable_lifecycle.json > modified_config.json 154 ``` 155 156 Then, follow the steps at [Step 3: Re-encode and submit the config](./config_update.html#step-3-re-encode-and-submit-the-config). 157 158 As stated above, these changes will have to be proposed by a system channel admin and sent to the relevant peer organization for signature. 159 160 ### Application channel updates 161 162 #### Edit the peer organizations 163 164 We need to perform a similar set of edits to all of the organizations on all 165 application channels. 166 167 Note that unlike the system channel, peer organizations are able to make configuration update requests to application channels. If you are making a configuration change to your own organization, you will be able to make these changes without needing the signature of other organizations. However, if you are attempting to make a change to a different organization, that organization will have to approve the change. 168 169 You will need to export the following variables: 170 171 * `CH_NAME`: the name of the application channel being updated. 172 * `ORGNAME`: The name of the organization you are currently updating. 173 * `TLS_ROOT_CA`: the absolute path to the TLS cert of your ordering node. 174 * `CORE_PEER_MSPCONFIGPATH`: the absolute path to the MSP representing your organization. 175 * `CORE_PEER_LOCALMSPID`: the MSP ID of the organization proposing the channel update. This will be the MSP of one of the peer organizations. 176 * `ORDERER_CONTAINER`: the name of an ordering node container. When targeting the ordering service, you can target any particular node in the ordering service. Your requests will be forwarded to the leader automatically. 177 178 Once you have set the environment variables, navigate to [Step 1: Pull and translate the config](./config_update.html#step-1-pull-and-translate-the-config). 179 180 Once you have a `modified_config.json`, add the lifecycle organization policy (as listed in `enable_lifecycle.json`) using this command: 181 182 ``` 183 jq -s ".[0] * {\"channel_group\":{\"groups\":{\"Application\": {\"groups\": {\"$ORGNAME\": {\"policies\": .[1].${ORGNAME}Policies}}}}}}" config.json ./enable_lifecycle.json > modified_config.json 184 ``` 185 186 Then, follow the steps at [Step 3: Re-encode and submit the config](./config_update.html#step-3-re-encode-and-submit-the-config). 187 188 #### Edit the application channels 189 190 After all of the application channels have been [updated to include V2_0 capabilities](./upgrade_to_newest_version.html#capabilities), 191 endorsement policies for the new chaincode lifecycle must be added to each 192 channel. 193 194 You can set the same environment you set when updating the peer organizations. Note that in this case you will not be updating the configuration of an org in the configuration, so the `ORGNAME` variable will not be used. 195 196 Once you have set the environment variables, navigate to [Step 1: Pull and translate the config](./config_update.html#step-1-pull-and-translate-the-config). 197 198 Once you have a `modified_config.json`, add the channel endorsement policy (as listed in `enable_lifecycle.json`) using this command: 199 200 ``` 201 jq -s '.[0] * {"channel_group":{"groups":{"Application": {"policies": .[1].appPolicies}}}}' config.json ./enable_lifecycle.json > modified_config.json 202 ``` 203 204 Then, follow the steps at [Step 3: Re-encode and submit the config](./config_update.html#step-3-re-encode-and-submit-the-config). 205 206 For this channel update to be approved, the policy for modifying the `Channel/Application` section of the configuration must be satisfied. By default, this is a `MAJORITY` of the peer organizations on the channel. 207 208 #### Edit channel ACLs (optional) 209 210 The following [Access Control List (ACL)](./access_control.html) in `enable_lifecycle.json` are the default values for the new lifecycle, though you have the option to change them depending on your use case. 211 212 ``` 213 "acls": { 214 "_lifecycle/CheckCommitReadiness": { 215 "policy_ref": "/Channel/Application/Writers" 216 }, 217 "_lifecycle/CommitChaincodeDefinition": { 218 "policy_ref": "/Channel/Application/Writers" 219 }, 220 "_lifecycle/QueryChaincodeDefinition": { 221 "policy_ref": "/Channel/Application/Readers" 222 }, 223 "_lifecycle/QueryChaincodeDefinitions": { 224 "policy_ref": "/Channel/Application/Readers" 225 ``` 226 227 You can leave the same environment in place as when you previously edited application channels. 228 229 Once you have the environment variables set, navigate to [Step 1: Pull and translate the config](./config_update.html#step-1-pull-and-translate-the-config). 230 231 Once you have a `modified_config.json`, add the ACLs (as listed in `enable_lifecycle.json`) using this command: 232 233 ``` 234 jq -s '.[0] * {"channel_group":{"groups":{"Application": {"values": {"ACLs": {"value": {"acls": .[1].acls}}}}}}}' config.json ./scripts/policies.json > modified_config.json 235 ``` 236 237 Then, follow the steps at [Step 3: Re-encode and submit the config](./config_update.html#step-3-re-encode-and-submit-the-config). 238 239 For this channel update to be approved, the policy for modifying the `Channel/Application` section of the configuration must be satisfied. By default, this is a `MAJORITY` of the peer organizations on the channel. 240 241 ## Enable new lifecycle in `core.yaml` 242 243 If you follow [the recommended process](./upgrading_your_components.html#overview) for using a tool like `diff` to compare the new version of `core.yaml` packaged with the binaries with your old one, you will not need to whitelist `_lifecycle: enable` because the new `core.yaml` has added it under `chaincode/system`. 244 245 However, if you are updating your old node YAML file directly, you will have to add `_lifecycle: enable` to the system chaincodes whitelist. 246 247 For more information about upgrading nodes, check out [Upgrading your components](./upgrading_your_components.html). 248 249 <!--- Licensed under Creative Commons Attribution 4.0 International License 250 https://creativecommons.org/licenses/by/4.0/ -->