poanetwork
/
quorum
mirror of https://github.com/poanetwork/quorum.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
quorum/docs/Permissioning/setup.md

5.4 KiB
Raw Blame History

Set up

The steps to enable new permissions model are as described below:

  • For a new network, bring up the initial set of nodes which will be part of the network
  • Deploy the PermissionsUpgradable.sol in the network. The deployment of this contract will require a custodian account to be given as a part of deployment.
  • Deploy the rest of the contracts. All the other contracts will require the address of PermissionsUpgradable.sol contract as a part of deployment.
  • Once all the contracts are deployed create a file permission-config.json which will have the following construct:
{
           "upgradableAddress": "0x1932c48b2bf8102ba33b4a6b545c32236e342f34",
           "interfaceAddress": "0x4d3bfd7821e237ffe84209d8e638f9f309865b87",
           "implAddress": "0xfe0602d820f42800e3ef3f89e1c39cd15f78d283",
           "nodeMgrAddress": "0x8a5e2a6343108babed07899510fb42297938d41f",
           "accountMgrAddress": "0x9d13c6d3afe1721beef56b55d303b09e021e27ab",
           "roleMgrAddress": "0x1349f3e1b8d71effb47b840594ff27da7e603d17",
           "voterMgrAddress": "0xd9d64b7dc034fafdba5dc2902875a67b5d586420",
           "orgMgrAddress" : "0x938781b9796aea6376e40ca158f67fa89d5d8a18",
           "nwAdminOrg": "ADMINORG",
           "nwAdminRole" : "ADMIN",
           "orgAdminRole" : "ORGADMIN",
           "accounts":["0xed9d02e382b34818e88b88a309c7fe71e65f419d", "0xca843569e3427144cead5e4d5999a3d0ccf92b8e"],
           "subOrgBreadth" : "3",
           "subOrgDepth" : "4"
}
  • upgrdableAddress is the address of deployed contract PermissionsUpgradable.sol
  • interfaceAddress is the address of deployed contract PermissionsInterface.sol
  • implAddress is the address of deployed contract PermissionsImplementation.sol
  • nodeMgrAddress is the address of deployed contract NodeManager.sol
  • accountMgrAddress is the address of deployed contract AccountManager.sol
  • roleMgrAddress is the address of deployed contract RoleManager.sol
  • voterMgrAddress is the address of deployed contract VoterManager.sol
  • orgMgrAddress is the address of deployed contract OrgManager.sol
  • nwAdminOrg is the name of initial organization that will be created as a part of network boot up with new permissions model. This organization will own all the initial nodes which come at the time of network boot up and accounts which will be the network admin account
  • nwAdminRole is role id which will have full access and will be network admin. This role will be assigned to the network admin accounts
  • orgAdminRole is role id which will have full access and will manage organization level administration activities. This role will be assigned to the org admin account
  • accounts holds the initial list of accounts which will be linked to the network admin organization and will be assigned the network admin role. These accounts will have complete control on the network and can propose and approve new organizations into the network
  • subOrgBreadth indicates the number of sub organizations that any org can have
  • subOrgDepth indicates the maximum depth of sub org hierarchy allowed in the network
  • Once the contracts are deployed init in PermissionsUpgradable.sol need to be executed by the custodian account. This will link the interface and implementation contracts. A sample script for loading the upgradable contract at geth prompt is as given below
ac = eth.accounts[0];
web3.eth.defaultAccount = ac;
var abi = [{"constant":true,"inputs":[],"name":"getPermImpl","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_proposedImpl","type":"address"}],"name":"confirmImplChange","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"getCustodian","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"getPermInterface","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_permInterface","type":"address"},{"name":"_permImpl","type":"address"}],"name":"init","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"inputs":[{"name":"_custodian","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"constructor"}];
var upgr = web3.eth.contract(abi).at("0x1932c48b2bf8102ba33b4a6b545c32236e342f34"); // address of the upgradable contracts
var impl = "0xfe0602d820f42800e3ef3f89e1c39cd15f78d283" // address of the implementation contracts
var intr = "0x4d3bfd7821e237ffe84209d8e638f9f309865b87" // address of the interface contracts
  • At geth prompt load the above script after replacing the contract addresses appropriately and execute upgr.init(intr, impl, {from: <custodian account>, gas: 4500000})
  • Bring down the all geth nodes in the network and copy permission-config.json into the data directory of each node
  • In case migrating from an earlier version to current version, upgrade geth
  • Bring up all geth nodes in --permissioned mode for the new permissions model to take effect

It should be noted that the new permission model will be in force only when permission-config.json is present in data directory. If this file is not there and the node is brought up with --permissioned flag, node level permissions as per the earlier model will be effective.