mirror of https://github.com/poanetwork/quorum.git
5.4 KiB
5.4 KiB
Set up
The steps to enable new permissions model are as described below:
- For a new network, bring up the initial set of nodes which will be part of the network
- Deploy the
PermissionsUpgradable.sol
in the network. The deployment of this contract will require a custodian account to be given as a part of deployment. - Deploy the rest of the contracts. All the other contracts will require the address of
PermissionsUpgradable.sol
contract as a part of deployment. - Once all the contracts are deployed create a file
permission-config.json
which will have the following construct:
{
"upgradableAddress": "0x1932c48b2bf8102ba33b4a6b545c32236e342f34",
"interfaceAddress": "0x4d3bfd7821e237ffe84209d8e638f9f309865b87",
"implAddress": "0xfe0602d820f42800e3ef3f89e1c39cd15f78d283",
"nodeMgrAddress": "0x8a5e2a6343108babed07899510fb42297938d41f",
"accountMgrAddress": "0x9d13c6d3afe1721beef56b55d303b09e021e27ab",
"roleMgrAddress": "0x1349f3e1b8d71effb47b840594ff27da7e603d17",
"voterMgrAddress": "0xd9d64b7dc034fafdba5dc2902875a67b5d586420",
"orgMgrAddress" : "0x938781b9796aea6376e40ca158f67fa89d5d8a18",
"nwAdminOrg": "ADMINORG",
"nwAdminRole" : "ADMIN",
"orgAdminRole" : "ORGADMIN",
"accounts":["0xed9d02e382b34818e88b88a309c7fe71e65f419d", "0xca843569e3427144cead5e4d5999a3d0ccf92b8e"],
"subOrgBreadth" : "3",
"subOrgDepth" : "4"
}
upgrdableAddress
is the address of deployed contractPermissionsUpgradable.sol
interfaceAddress
is the address of deployed contractPermissionsInterface.sol
implAddress
is the address of deployed contractPermissionsImplementation.sol
nodeMgrAddress
is the address of deployed contractNodeManager.sol
accountMgrAddress
is the address of deployed contractAccountManager.sol
roleMgrAddress
is the address of deployed contractRoleManager.sol
voterMgrAddress
is the address of deployed contractVoterManager.sol
orgMgrAddress
is the address of deployed contractOrgManager.sol
nwAdminOrg
is the name of initial organization that will be created as a part of network boot up with new permissions model. This organization will own all the initial nodes which come at the time of network boot up and accounts which will be the network admin accountnwAdminRole
is role id which will have full access and will be network admin. This role will be assigned to the network admin accountsorgAdminRole
is role id which will have full access and will manage organization level administration activities. This role will be assigned to the org admin accountaccounts
holds the initial list of accounts which will be linked to the network admin organization and will be assigned the network admin role. These accounts will have complete control on the network and can propose and approve new organizations into the networksubOrgBreadth
indicates the number of sub organizations that any org can havesubOrgDepth
indicates the maximum depth of sub org hierarchy allowed in the network
- Once the contracts are deployed
init
inPermissionsUpgradable.sol
need to be executed by the custodian account. This will link the interface and implementation contracts. A sample script for loading the upgradable contract atgeth
prompt is as given below
ac = eth.accounts[0];
web3.eth.defaultAccount = ac;
var abi = [{"constant":true,"inputs":[],"name":"getPermImpl","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_proposedImpl","type":"address"}],"name":"confirmImplChange","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"getCustodian","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"getPermInterface","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"_permInterface","type":"address"},{"name":"_permImpl","type":"address"}],"name":"init","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"inputs":[{"name":"_custodian","type":"address"}],"payable":false,"stateMutability":"nonpayable","type":"constructor"}];
var upgr = web3.eth.contract(abi).at("0x1932c48b2bf8102ba33b4a6b545c32236e342f34"); // address of the upgradable contracts
var impl = "0xfe0602d820f42800e3ef3f89e1c39cd15f78d283" // address of the implementation contracts
var intr = "0x4d3bfd7821e237ffe84209d8e638f9f309865b87" // address of the interface contracts
- At
geth
prompt load the above script after replacing the contract addresses appropriately and executeupgr.init(intr, impl, {from: <custodian account>, gas: 4500000})
- Bring down the all
geth
nodes in the network and copypermission-config.json
into the data directory of each node - In case migrating from an earlier version to current version, upgrade
geth
- Bring up all
geth
nodes in--permissioned
mode for the new permissions model to take effect
It should be noted that the new permission model will be in force only when permission-config.json
is present in data directory. If this file is not there and the node is brought up with --permissioned
flag, node level permissions as per the earlier model will be effective.