Blockchain CBSA – Objectives – Hyperledger Part 7
- Hyperledger Composer Demo
Now what we want to do is add our protocols for web traffic, which is going to be Http and Https. Now port 80 is fine. We’re going to go ahead and leave this as the default. I’m going to add another rule. I’m going to go over here, put in Https and actually select Https and there we go. Those are the two ports that we need to have open to access, for example, web traffic to that VPC, but also any VMs inside of the EC Two instance that we’re running as well in the VPC.
Okay? Now the source, we can customize this. We could add a description if we want. We don’t need to make this harder than we need. I’m just going to go ahead and go save the rules. So I’m going to go ahead and close that. I’m going to double check that our inbound rules looks like the way we want it. You can see that we have our source and if we go over here, this explains the cedar notations as well and the address range as well. So I’m going to go outbound. Now for the outbound, what we want to do is just validate that all traffic is able to leave the EC Two instance out to the Internet in this case.
Now in reality, of course, you’re probably not going to want to configure this for your corporate network exactly like this. So it’s up to you to determine your security posture. But for development purposes, this is perfectly reasonable. And now what we want to do is go back to the VPC interface. And now what we want to do is launch an EC Two instance. Now before we launch the EC Two instance, we’re going to need to look out a few things here.
Now when we launch an EC Two instance, we’re going to want to configure a few things. We’re going to of course, want to configure our subnet information. We of course, need to discuss our AMI. We’re going to use we also need to understand the interface. We need to have an elastic IP. Now again, there’s more to this than what we could cover in a short class that’s focused on hyperledger, not AWS. So what I like to do is walk you through how to launch an EC Two instance. When we select launch EC Two, one of the things that comes up is you’ll see over here that it says Free Tier Eligible.
Now we can of course launch this on a free tier, but for those folks that are not familiar with Amazon, basically an image in Amazon is called an AMI. This is basically our VM image that’s going to be deployed to get our virtual machine up and running. And we could choose from different operating systems and different configs as well. So before we get started, when we consider deploying EC Two, we need to consider a few things. And with the blockchain template there’s also a few things we want to consider. So the first thing is can we deploy this with free tier or not? And also can we deploy this with Amazon Linux or can we deploy this with Dubonti Susay or Red Hat, et cetera.
And the answer is it depends. And the reason it depends is it really depends on what your requirements are. Is it for development or is it for production? In this case for test development and training we could just go ahead and select a free tier eligible AMI and it will be just fine. It would meet the requirements. There’s no issues of that. So what I’m going to do is I’m going to select the first AMI and as part of this I could use the T two micro.
Once again, if this is for serious development or production you probably don’t want to use the micro. I generally like to use the general purpose just because if I’m trying to run the Explorer or if I’m trying to run a transaction there’s that chance that latency could come up. So the T two small generally I’ve not had issues with, but in your case T Two micro could be just fine. So if you don’t want to get out of the free tier this will work just fine. Especially if you just want to play around and take a look and see how it works after. Okay, so I’m going to go ahead and leave it as that. I’m going to go to configure the instance. What I want to do now is I have to select the number of instances. In this case I only need one instance. I’m not going to create an auto scaling group.
Now an auto scaling group is basically a group of VMs that are going to be deployed together that will have the same configuration and we’ll adjust to the workload and it’s a little bit more than that but I’ll leave it up to you to determine what you want to do now. Spot instances probably not something you want to do now. A spot instance is going to be a lower cost instance that can be terminated at any time basically. So you usually don’t want to do that.
What I want to do now is I’m going to select the network that I created in the V PC and you can see that it pulled up the VPC subnet as well. As part of that I’m going to basically use a subnet setting. I want to enable that as well in this case. But again, if you want to have a deployment that’s going to last and be permanent or just use for testing for a few months, you probably want to talk to your security group, your AWS gurus, and figure out what is the proper config in your case. And I’m just going to go and skip over the rest. But I don’t really need to worry about any of this right now. I’m going to actually create a role. I already had some there, but in this case I’m going to skip over that. We’re going to go do that after and affiliate the EC Two with the role.
I’m going to go to Review and Launch, and it says that my configuration is not available for free tier usage, which again is just a warning saying that you’re going to pay for this. I’m going to go to launch now. Okay, now here is something we want to pay attention to. We need to create a key pair. Now, I already have some key pairs, but I’m going to create a new one. I’m going to call this hyperledger demo KP. Going to download the key pair.
Now, the key pair is going to be a Pimp file. And what I want to do here is make sure that I save this somewhere that I can get to it. Let me just leave it on my desktop just because I need to go back to that later. Okay? And then I’m going to go ahead and launch the instance. Now, the reason I need to have a Pimp file is I’m going to want to be able to SSH into that and access that and you need to have that key file to be able to do that. All right, so the instance is launching and what we want to do is go back over here to the EC Two instance, to the EC Two dashboard and you’ll see that this will come up as one running eventually. It may take a minute, so we’ll come back to that when it is ready.
Okay, now that we have our instance running, what we want to do now is go over here and just validate the status. Okay, that looks like we’re up and running. That’s great. Now what we want to do is go down here and select Elastic IP. We’re going to want to provision an Elastic IP. This is going to allow basically this instance to be accessed from the Internet, but also to access the Internet. It’s basically a publicly available IP and we want it to be static as well. So I have two elastic IPS.
There already. So what I want to do, just for the sake of sanity and make sure I don’t overlap anything, let me go ahead and release those IPS just to be safe. It’s pretty easy to get confused as well. So I’m just going to go back here, go to Actions, release the IP address. Okay, so now what I want to do, and especially if this is your first time doing this, this is what you’ll see. So allocate a new address. Now I have two options. I’m going to go with the Amazon pool because first of all, I don’t have any owned by me. And second, if I select this, you’ll see that I’ll need a custom pool. I didn’t set anything up in this case here. Amazon pool is good. It’s going to give me a brand new IP, and that’s the one we’re going to be using for the Elastic IP for that EC Two instance.
Now that we have our IP, we now have to worry about key pairs. So basically we saved our key pair and we need to have the key pair for SSH access. So what I want to do is go back to the ECT dashboard and you can see that I have key pairs there. So when I select key pairs, I’m going to go and select the key pair that I had just saved, which is this one here.
Now remember, down here you can see that there’s a Hyper ledger demo and it’s hard to see the pen file. That’s the key pair that I had created earlier. That’s what I’m going to use now in case you haven’t created a key pair, just go up here to create a keep here. Put in a name and it’ll go ahead and create that keep here for you. It’s very straightforward, to be honest. Okay, so we have our keypo ready to go. Create your own in the demo guide, I think it’s called Blockchain Book.
Whatever I named it, feel free to name it whatever makes sense in your case for the demo purposes, that’s the one I’m going to use right here. Now we now have our EC two instance up and running. We have our key file ready to go. We now have to allow access. And also too, we have our Elastic IP as well. And now what we have to do is I need to create another security group. And this security group is going to allow access for TCP.
So we need to allow access to get into the VM, for example, like port 22. So let’s go ahead and go up to the dashboard again. And what we want to do is go down actually to network insecurity, select security groups. Okay, so we had created one already called Hyperledger. Actually, this was the one I created for this one is Demo Sghp Fabric. And now what I need to do, and you can see there, this is for the demo class. Now what I want to do now is I have to create another security group.
So to do that is, again, fairly straightforward. We already did it, so let’s go create a security group. And I’m going to call this basically in this case, and again, if we go back here, I think I had again follow what I gave you. But for me, I’m just going off filter because I did have a couple of demos. I created one, so actually I’m going to call this a blockchain class. And this is the security group for inbound connections. Let’s say now we have to create an inbound rule. And I’m going to go ahead and add a couple of rules in here. So the first thing I’m going to want to add is go up and type in SSH that’ll add port 22 and then if I wanted to have a custom range I could or I could say anywhere or my IP.
Now what’s nice about my IP is that it’ll pick up the IP address that you’re using in Amazon web services already. So that’ll be the address that I’m currently using. Or you could just say anywhere if you want as well. That’s your call. So for the purposes of this exercise, I’m going to just leave it anywhere just in case because most providers do use DHCP and I don’t want to have any issues playing around. So I’ll just leave it open and then what I typically do is I just shut it off immediately. So that’s one rule. Let’s go ahead and add another rule. Now let’s say for example, I want to have monitoring, and if I want to have monitoring, I need to of course add whatever protocols for monitoring. In this case here, I’m going to say custom protocol. I’m going to put in Http and I’m going to actually say 80 80. So for example, if you wanted to use on prem Stackdriver or something, you could do that cloud Watch, it’s up to you. Once again, it’s your call on what you want to do and that is the inbound rule.
Now let’s go to outbound and you could just validate that the traffic says all traffic. Now remember, the first security group was for the virtual private cloud. The second security group here is for the EC two instance itself. So as I had stated earlier, there’s a lot of little details to get right before we could deploy anything. Okay? So let’s go create and that has just created that VPC. So let’s just double check our inbound rules, okay? And outbound should be all traffic. That looks good. And I also want to just clarify here as well that the inbound is correct there and outbound as well, just in case, okay? So that’s really the main thing we want to know for security groups. Okay? So we have some more work to do. We’re not done yet. What we want to do now is we need to set an Im policy. So let’s go over to Im and if we type in I Am, we’ll go over to Identity and Access Management.
- Hyperledger Composer Playground
Now we just went through hyperledger fabric Composer. So let’s talk about playground. Now, it’s also known as Composer Playground as well. We went through a demo, so let’s go ahead and just talk about it briefly. Now, basically the main difference is that Playground is an online version. And if you’re going to use Composer, it’s going to be local goal. You’re going to be downloading your docker containers and deploy them that way, or you deploy them in the cloud, whatever you prefer. The Composer playground is a free service provided by IBM. It’s on the Blue mix platform. And the goal is to allow you to test out and to deploy essentially from a high level perspective, essentially instances to see how they work. It’s going to go ahead and run this basically in your browser memory. So basically that’s one thing to keep in mind too. So Playground is again located online on Blue Mix. The demo showed you how to get there before.
If not, just go to Google and type in Composer Playground. It’ll bring it right to that utility. What’s nice about Playground is that it’s a sandbox. So think about it as a little own little private little instance in IBM cloud that you’re running your services to play around with the business network to see how it all works. And when you deploy a model, essentially you’re deploying what, a CTO file. Now what’s cool is you could save it, you could modify it, whatever you want to do. Remember to a banana file is going to be another term you might want to know as well. But with that said, we went through the demo earlier of Composer Playground for the exam. The main thing is to understand what Composer Playground is. It’s an online version and again allows you to deploy a model. That’s really the goal of it, allows you to cast out your business network. Let’s go ahead and move on.
- Objective – Hyperledger Chaincode
Let’s talk about hyper ledger fabric chain code. Now we already know that chain code is essentially a smart contract. This is IBM’s terminology for a smart contract, nothing more, nothing less. Now, when we’re writing chain code, one of the things that we want to realize is that we’re going to want to install go programming locally. If we’re going to develop it on our desktops or workstations, we want to make sure we create a directory as well. And here’s an example of chain code. Now once again, for the CVSA exam, you don’t need to know all this. I’m just sort of adding value to the course just to give folks that may be curious about chain code and what it looks like and how it works, et cetera. Now when we kick off chain code, we want to be aware that we need to kick it off.
And the way it’s kicked off is through what is called in it and it is called during the chain code initialization basically. And here’s an example of how it would be kicked off. Now if you take the hyper ledger exam you need to know for example, what shim chain code is, for example, step interface. For this exam you don’t I’m just again, just walking through a little bit extra just so you could see. Now here’s another example of invoke. So we have a knit and invoke. Those are the two functions. Now when invoke is kicked off, basically what will happen is that it’s going to go ahead and override the value and then function set the new one. And the way it doesn’t, that is right here. And here’s some additional practice questions if you like. So let’s go ahead and continue on to the next module which is actually going to be Aetherium.