 Okay, we'll get started. Thanks everyone for attending my session. Today I'm going to share with you about Baidu Cloud Blockchain Project's result. Hyper Ledger Fabric Operator. I want to build a faster and simpler blockchain consortium management tool. Okay, let me introduce myself first. Right now, I'm architect of Blockchain Cloud or Baidu. I joined Baidu in 2014. I've been working in POSN and other architecture work. Today I'm sharing with you about Fabric Operator. So it is related with Fabric. So I need to give you some background about what is Fabric, what is Operator. And ultimately it will be talking about achieving Fabric Operator through our design. And then we can also see the design and implementation of Fabric Operator. First, let's see what is Hyper Ledger Fabric Project. I think Fabric is the most popular blockchain architecture. It's also the number one machine blockchain. So this is a sub-project of Hyper Ledger. Baidu is also a senior member of that. And also we are looking at Fabric what can it bring to us. So I've listed several things. So it has the features of organization, abstraction, modularized structure, grouping of ledges, pluggable consensus. So we can see the consortium blockchain is based on organization. So you always need to join as an organization. And within the organization it's also modularized components. For example, we have the CA components which is doing the distribution of the credentials. And we also have a peer component which is to maintain ledger and maintain the transaction rules. Another one is about the audit module which is providing overall sequencing services. And the third one is about the channel. So the channel is actually providing the consortium blockchain with multiple ledger sharing. So between different chains they are separated through channels. The last feature I summarize here about the order is that it can be replaced real-time. Because order is providing independent services. That's why it's pluggable. Now we also have a PDFC, etc. And major thing is based on Kafka and others. So there are two abstract concepts that I need to explain here. First of all, about the fabric consortium blockchain is providing an identity services which is called MMSP. What it can do is to define what kind of identity is within the organization and how do these identities connected with each other. So it's used in digital credentials and PKI credentials. So we can see MMSP is a set of credentials. Another concept is about channel which is not a specific module. It's an abstract concept. Actually for its implementation you need to have a group of MMSP. So for one channel the MMSP will link to all the MMSP credentials within the organization. And for these credentials there will be different organizations who will host that. So this is about the operating structure. After we see the operating structure, let's see how is fabric deployed. So I have divided that into three steps. The first one you need to build organizational consortium. First you'll need to establish the CA. And then these organizations can be linked into a system channel. For the second step you need to build ledger channel because when you build the organization channel the ledgers cannot be shared between different channels. So you need to have a ledger channel which will be established by the organization admin. And when you build the channel you still cannot have a transaction or blockchain because the format of the ledger and transaction is not defined yet. So that's why you need to have the MMSP deployment. After you do these things the fabric consortium will be completed. So it seems to be very simple but actually there are a lot of operations included. I have two scenarios of operation process here. So this is the flow chart which is describing organization A and organization B wants to join a consortium. First each organization needs to build their CA node and then generates their credential system and order is in the independent organization. It also has its admin which collects MMSP credentials of different organizations and it will create an order configuration and the order generates a block and then organization A and organization B will also generate the peer nodes and when these nodes are initiated this consortium will be established actually is linking the MMSP of organization A and organization B and then second step is building a ledger channel. Both organization also needs to provide their MMSP and their description document and then the peer will issue a transaction and then the channel will be generated and organization A and organization B can proactively get the genesis block and create the anchor peer. Now let's look at another scenario because consortium will not always remain unchanged there will be some new organizations joining the consortium. So for a new organization also needs to build their CA node and then generate credential system and then they will generate the basic configuration of the organization and then they will need to update the system channel and organization A and organization B are both in the channel and then you can generate the ledger channel. So order is also taking organization C's credential document and create an updated transaction which needs to be signed by admin of org A and org B and then send to order to create this transaction and then in that it will include the configuration of org C and then org C will be able to start with the transaction. Actually when we are creating fabric manually there will be a lot of things including the command lines, operation, etc. Actually we also have several sessions focusing on these areas how do we reduce the complexity of this operation So I'm listing the official solutions provided the first one is the binary deployment proposals but this one is targeting for the developers if it is me deploying fabric normally we will need to use Docker compose which is a method described by the official tutorial I need to do that step by step according to the instructions but there were two problems first of all Docker compose is a single machine application tool inference and distributed system I need to log on on each machine for that operation and also Docker compose cannot include all the steps most of the steps still need to utilize the command lines or interfaces of fabric and the third solution is using cello which is an orchestration engine specifically for hyper ledger like fabric or other blockchain projects orchestration method for us it's a brand new platform at least for me is to have you wait so what we need to do is to understand about our needs by do cloud wants to launch a blockchain platform its goal is to manage the blockchain so there are two requirements one is how to run a fabric consulting blockchain in a sustainable way and second is how to open the necessary configuration for the administrators of the consulting blockchain to do the necessary deployment so for the first requirement to use Kubernetes to deploy fabric is a good way but we think that only by using Kubernetes to deploy fabric is not enough because while we are deploying fabric Kubernetes can help to start the container but also we need to rely on some other ways so what we want to do is to provide a consistent control so as to deploy the consulting blockchain so that is why we think that the operator can help this so what is the operator to compute it simple it is a kind of tool so what benefits it can bring to the customers so very quick control it can manage the self defined resources and also it can have access to look at the Kubernetes data and the Kubernetes the different functions can be realized like the crude watch and the third benefit is very cool for operator it can help users to monitor the resources and to correct the gaps between the current status and the expected status so if you have a fabric operator what can we benefit from first it is for the cluster administrators if they have the fabric operators they can track for what resources or which fabric organization it belongs to and also where the fabric operator it can judge the status of the fabric organization and the second benefit is for the consulting administrators that means where the commander lies they can realize the configurations of the organization via crude control and the third one is that we have integrated the fabric identity and authority to the K-8S system so for the Kubernetes operator how it can be realized so for the fabric operator there are some questions by the speakers not using the microphone please use the microphone you are talking about the certificate of peer and order to be managed by the Kubernetes it is the certificate of the administrators the certificate will contue the fabric operator later I will talk about that so for the K-8S operator there are two steps one is the CRD self-defined resources you can define it and then it is a kind of static structure to store the data but it cannot meet users' requirement to use the resources for example if I want to build a fabric resources it needs to have controller to realize controller have two tasks the first one is to define the following moves of API and the second is to satisfy the kind of co-ordinator mode it needs to watch Kubernetes API to observe the gaps between the current status and the expected status so as to try to make the two status the same so how to realize this operator here we are so the core is based on the event we are going to invoke some of the logics we can see that there is an informer the informer will feedback the event to the handle resource and reflector and then it will filter some events to put it into the work queue and then the worker will process the event think handler after getting the events they will first get the object of the event and then they will analyze the current status and the target status so as to work out the gap between the two status and at this time it will use the Kubernetes API so that is a closed loop process so how the fabric operators has been realized first it is a definition of the CRD the CRD is a self-defined resource so while we are thinking about splitting the resources the starting point is what resources the administrator is to manage and we found that during the real implementation there will be an organization which will initiate the establishment of a consortium and then this organism will have different followers so the organizer will become the orderer so we can see that for organizers and followers they are different in terms of their architecture so we will define two CRD organization which is established in the consortium we call it organism and then followers and channel it is a kind of virtual resource so the difference is for fabric channel there is one but this channel belongs to some organization so that means for fabric channel there is only one but for CRD there are two channel objects which is belonging to different organizations so how the CRD resource belongs or match to different resources of the Kubernetes so we can see that for organizer has the namespace and then we will deploy the PR and then orderer so all those modules are started via docker so we can see that for the dotted line it is about the network communication well for the solid line it is kind of like volume relations because as I have mentioned this is kind of certificate system the certificate will be distributed to the different modules so we are using this kind of mechanism to realize that while connecting to Baidu cloud it is via the BOS so another thing is job what does job do job will invoke some of the interface because controllers cannot directly invoke the fabric API that is why we need to rely on job to do it another one is for follower we can see that there is a leader peer it will invoke the orderer across the different namespaces so next let's talk about the question which has been raised so for the authority correlation we first let's see how to have the builder only have the operator resources that is how to limit the users to invoke fabric operators so we can see that we can define some model and also we can define that only the members of the organizations can have the authority to manage the fabric because we are using some certificate which can match the MSP certificate of the organization and the third one is for the keep as organization cluster how it can manage different resources it is under different namespaces so for this one let's start with the cluster administrator it is to define two different kind of things one is the role the role is like an organization administrator and the second is bundling of the role the user so the definition of the role are related to three factors one is the API groups so we have it as cloud.bydo.com and the second factor is what resources we are going to contue that is the CRD resources like organization followers and channels and the third is what we are going to do against the resources like the CRUD, the watch, the later and then the second is to break through the ideas of the certificates for artists can say that the recognize the certificate so that means you need to put it in the sequence and then to correspond to the fabric because fabric has the similar certificate so they too have the same identity for the different organizations so that means once a user has got the admin certificate and then will request the service and then they found that this certificate is valid and they will see that this ID can meet the requirement of this role and then they can use or can choose the different resources and then next is about the process so first it is a kind of like initial status first users will submit some files and then controllers will build the namespace, the storage and initiate say an order and then after starting NRM it will build some initial forward resources which are related to the system channels and then it will start till and then mark the organizer as running status so actually to mark it as running that means some of the stacks cannot be modified for example the name of the organizers cannot be changed by the peers the orders can still be changed or modified if there is any abnormalities the controller will be back to the work sequence or if it is too many times failures then it will mark it as error and the second typical process is to establish a new channel so first we need to define the configuration of the channel target and then we will add follower A in the channel and then follower B if it also wants to join the channel then the administrator needs to apply a request and then to establish the related channel resources but it needs to follow the signature of follower A and then it needs to submit the organization description and then follower B will provide this to the administrator of follower A and then after adding the organizations they will do the signature after the signature you will find the channel has been established and then you will be able to deploy the MSP so these are the configuration of both objectives similar to the native resources so we need to configure as app organizer and then we can name it the number of the nodes and also configuration of bus which is used for money or PV and in the right side is the channel definition and you need to link to textile and then you need to set the level and the other thing will be in the spec and for these organizations list is here and let's look at the static process of controller so I highlighted two major thing one is organizer the other is channel controller for organizer it will define related events and then when it is established in an organization it will also create jobs and deployment and those things will also be subscribed and it will also generate some events actually is calling API to create a default channel and for the event of the default channel will be captured by the channel controller and then it will subscribe the channels resource events and the other things will be jobs events so it is monitoring these two types of events these are the implementation of controllers next I'm going to talk about the design roles fully utilized and native resources so we let CRD create some natural roles and the list of resources needs to comply with the kids roles because it needs to be very clear and intuitive to the users and then about the processing logic we need to have very detailed and specific roles so that users can know and we also need to use more linked resources we can create a job, create a deployment so that we can have some async processing and through the secondary resource events we can monitor these events which can be put in the back end and then the controller needs to be outside of course we need to do some debugging of course you will not push that to the mirror always so that's all for my sharing today do you have any questions please please wait for the microphone first of all I want to know for your operator it's only in KADS yes in the production environment maybe there will be multiple organizations building a consortium blockchain different companies have the KBS clusters you won't be able to use actually you can use it because one organization can be using KADS but when you have between different consortiums you will be able to call that and you can also put that on the public cloud another question you didn't mention about the link code installation because according to the native fabric you cannot use that do you have the WM controller expansion that is in our plan I didn't mention that because we haven't done that yet we have done the first two steps of the three steps that's all for my question thank you hello I have a question so we'll operate have a deep understanding of the configuration information for example if you are converting three channels to four channels so the majority of the channels will need to agree that's why you need to collect two thirds of the signatures so for the operating process would you be able to understand that when any two organizations have completed the signature then you can submit the order to or you have other ways to process that we will create a job which will be responsible about the signature logic it will have a status of how many signatures we have collected according to the majority policy if that requirement is met then it will submit that we will have a cycle there thank you any other questions for the controller and the codes you are creating do you want to make it an open source yes we are going to make it an open source we are still doing the adjustment internally because we are also doing some channel developer my name is Li Tong I'm a channels committer I hope that we can support I hope that we can support operator what we are doing is using another method but we hope operator can be added okay I also want to do some advertisement here about what you have mentioned about different organizations how do you build and consortium blockchain one session will be talking about that which will take place at 9am okay I want to talk about the authorization linkage because you have org one so you need to have KLS doesn't mean that every signature needs to have that engagement every time when you have a new member you will have a subject linkage there will be a list where the new member will be added to that for org one admin is okay so you don't need to have a cluster admin of course you can also have that cluster admin can assign that to org one admin okay that's all for my part if you have any questions we can have offline discussion thank you