6 Provision an Instance
Before You Create an Oracle Blockchain Platform Instance
Before you provision Oracle Blockchain Platform, decide if a developer or enterprise instance meets your needs.
Deciding Which Provisioning Shape to Use
When provisioning an instance, you choose between two configurations. Migration between these options isn't supported currently.
Configuration | Features |
---|---|
Developer Recommended use for this starter shape is development and evaluation. |
|
Enterprise Highly available instance configuration, suitable for small-to-medium production deployments of Founder and Participant instances with performance requirements in tens of transactions per second (TPS) single digit TPS rate. |
|
Provision an Instance using the Blockchain Platform Manager
To create a blockchain founder or participant instance in Blockchain Platform Manager, use the Create New Instance wizard.
-
Founder organization: a complete blockchain environment, including a new network to which participants can join later on.
-
Participant instance: if there is already a founder organization you want to join, you can create a participant instance if your credentials provide you with access to the network.
If you plan to use a hardware security module (HSM) to manage keys, you must configure an HSM client on each VM before you provision an instance. For more information, see Configure a Hardware Security Module Client.
Provision an Instance Using REST APIs
You can provision an Oracle Blockchain Platform instance using a REST API.
The following example shows how to create an Oracle Blockchain
Platform instance that uses a hardware security module (HSM) by using the REST API. For
instances that do not use HSM, set useHSM
to
false and do not specify the
hsmConfiguration
object.
curl -X POST \
-u <username>:<password> \
https://localhost:7443/api/v1/blockchainPlatforms/instances \
-H "Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW' \
-F 'payload={
"name": "obpinstance1",
"desc": "test instance",
"platformRole": "founder",
"configuration": "Developer",
"peer": 4,
"cluster": {
"platformHosts": [
"10.182.73.23",
"10.182.73.20"
],
"crcHosts": [
"10.182.73.23",
"10.182.73.20"
]
},
"additionalConfiguration": {
"instanceFQDN": "domain.host.com"
"startPort": 0,
"enableTLS": true,
"useHSM": true,
"hsmConfiguration": {
"library": "/etc/hyperledger/fabric/dpod/fabric/libs/64/libCryptoki2.so",
"label": "fabric",
"pin": "password",
"chrystokiConf": "/etc/hyperledger/fabric/dpod/fabric"
}
}
}'
name
- Must contain one or more characters.
- Must not exceed 15 characters.
- Must start with an ASCII letter:
a
toz
. - Must contain only ASCII letters or numbers.
- Must not contain a hyphen.
- Must not contain any other special characters.
- Must be unique within the identity domain.
desc
- Optional: Enter a description of the instance
platformRole
- Must be set to
developer
orfounder
- Must be set to
configuration
Developer
: 3 Raft orderers and 3 OCPU total in 1 VMEnterprise
: A 3 node Raft cluster and 3 X VM
peer
- Specify the number of peer nodes that will be initially created in this service instance.
- 1 to 14 peer nodes can be created.
cluster
- Enter the information for your cluster:
platformHosts
: the VMs hosting your platform clustercrcHosts
: the VMs hosting the chaincode
- Enter the information for your cluster:
additionalConfiguration
- Enter additional information to support load balancers or
hardware security modules.
instanceFQDN
: The fully qualified domain name of your external load balancer. This is used exclusively for external load balancers - if you're not using an external load balancer, you don't need to specify this parameter.startPort
enableTLS
useHSM
: Set to true to use a hardware security module to manage keys.hsmconfiguration
: Specify thelibrary
(the path to thelibCryptoki2.so
orlibCryptoki2_64.so
file),label
(the partition label to use for key management),pin
(the Crypto Officer PIN), andchrystokiConf
(the directory that contains theChrystoki.conf
file).
- Enter additional information to support load balancers or
hardware security modules.
Postrequisites When Using an External Load Balancer
New in version 21.1.2 and later, the load balancer must be installed before provisioning your instance, TLS root CA certificates must be uploaded, and ports configured on the load balancer before the Oracle Blockchain Platform instance is created. After provisioning you can configure your load balancer for high availability.
Configuring High Availability
To achieve high availability in an Enterprise-shaped instance with distinct VMs, you can configure the external load balancer to add a list of all platform VMs in the cluster (the Raft and ZooKeeper VMs are already highly available) as an upstream (backend) list.
a.example.com
b.example.com
c.example.com
...
stream {
upstream rest_proxy_backend_servers
{
server a.example.com:10001;
server b.example.com:10001;
server c.example.com:10001;
}
server
{
listen *:10003 ssl;
ssl_certificate /etc/nginx/server.pem; # use your own certificate/key
ssl_certificate_key /etc/nginx/serverkey.pem;
proxy_pass rest_proxy_backend_servers;
}
...
stream {
upstream peer0_backend_servers
{
server a.example.com:10036;
server b.example.com:10036;
server c.example.com:10036;
}
server {
listen *:10036 ssl;
ssl_certificate /etc/nginx/server.pem; # use your own certificate/key
ssl_certificate_key /etc/nginx/serverkey.pem;
proxy_pass peer0_backend_servers;
}
...
Each externally available port in the instance cluster is published on each VM and routes to the proper service automatically (console, membership/CA, orderers, peers, REST proxy).
Ensure that all ports listed via the LBR Port Map button are routed in this way.
$ docker node ls
This will return the list of nodes in the cluster. For example: [oracle@dhcp-10-144-63-180 ~]$ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
fz1ksoxysyorz754x0hswnird dhcp-10-144-62-149.usdhcp.oraclecorp.com Ready Active 18.09.1-ol
rayhna7vdiup5p7tkmxxepyex * dhcp-10-144-63-180.usdhcp.oraclecorp.com Ready Active Leader 18.09.1-ol
For each node that has no manager status, promote the nodes using a command similar to the following example:$ docker node promote dhcp-10-144-62-149.usdhcp.oraclecorp.com
Ensure that a minimum of three nodes are promoted in this manner.