[go: up one dir, main page]

CN115694821A - BaaS network implementation method and device for alliance node certificate security - Google Patents

BaaS network implementation method and device for alliance node certificate security Download PDF

Info

Publication number
CN115694821A
CN115694821A CN202110844547.XA CN202110844547A CN115694821A CN 115694821 A CN115694821 A CN 115694821A CN 202110844547 A CN202110844547 A CN 202110844547A CN 115694821 A CN115694821 A CN 115694821A
Authority
CN
China
Prior art keywords
baas
alliance
network
module
node certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110844547.XA
Other languages
Chinese (zh)
Inventor
张锐
方建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202110844547.XA priority Critical patent/CN115694821A/en
Publication of CN115694821A publication Critical patent/CN115694821A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明提供一种联盟节点证书安全的BaaS网络实现方法及装置。其中,联盟节点证书安全的BaaS网络实现方法,包括:联盟链的各组织获取通过结合kubernetes的RABC权限控制以及kubernetes的operator开发框架;各组织基于所述开发框架,通过操作图形界面进行联盟节点的部署;各组织基于所述开发框架,进行各自管理自己的节点证书、账户证书。本发明通过基于Kubernetes的BaaS网络实现方案,实现了网络部署的方便快捷,用户只需要操作图形界面即可完成基础的网络部署,实现了真正去中心化的部署,每个组织自己管理自己的机密数据,不需要提供数据给第三方。同时,通过该BaaS平台部署的网络还可以通过平台的监控随时掌握网络的运行情况,并设定相应的预警规则及报警机制,实现自动运维。

Figure 202110844547

The invention provides a BaaS network implementation method and device for alliance node certificate security. Among them, the BaaS network implementation method of alliance node certificate security includes: each organization of the alliance chain obtains the RABC authority control combined with kubernetes and the operator development framework of kubernetes; Deployment; each organization manages its own node certificates and account certificates based on the development framework. The present invention realizes the convenient and fast network deployment through the BaaS network implementation scheme based on Kubernetes. The user only needs to operate the graphical interface to complete the basic network deployment, and realizes the truly decentralized deployment. Each organization manages its own secrets data, no need to provide data to third parties. At the same time, the network deployed through the BaaS platform can also monitor the operation of the network at any time through the monitoring of the platform, and set corresponding early warning rules and alarm mechanisms to realize automatic operation and maintenance.

Figure 202110844547

Description

联盟节点证书安全的BaaS网络实现方法及装置BaaS network implementation method and device for alliance node certificate security

技术领域technical field

本发明涉及区块链相关技术领域,具体涉及一种联盟节点证书安全的BaaS网络实现方法及装置。The present invention relates to the technical field related to blockchain, in particular to a BaaS network implementation method and device for alliance node certificate security.

背景技术Background technique

区块链作为一种新型的技术实现,通过去中心化、多节点的共识和记账,解决了组织之间的信任问题,可以提供可追溯、不可篡改、降低信任成本等独特特性的技术解决方案。As a new type of technology, blockchain solves the problem of trust between organizations through decentralization, multi-node consensus and accounting, and can provide technical solutions with unique characteristics such as traceability, non-tampering, and reduced trust costs. plan.

在区块链网络搭建的时候,需要在不同的组织进行节点的部署和连接的建立,如果由不同的组织独立部署,需要不同的组织都有非常专业的技术人员进行独立的操作,且沟通协调成本非常高,会造成网络部署的周期长,且后续的维护非常困难;如果由统一的第三方进行统一部署,第三方需要接触到不同组织的机密数据(比如证书数据、比如企业网络内部环境),需要不同组织都信任该第三方,违背了区块链网络构建去信任网络的初衷,大大降低了网络的安全系数。When building a blockchain network, it is necessary to deploy nodes and establish connections in different organizations. If they are deployed independently by different organizations, it is necessary for different organizations to have very professional technicians to carry out independent operations and communicate and coordinate. The cost is very high, which will result in a long period of network deployment and subsequent maintenance is very difficult; if a unified third-party is deployed in a unified manner, the third party needs to have access to confidential data of different organizations (such as certificate data, such as the internal environment of the enterprise network) , requires different organizations to trust the third party, which violates the original intention of the blockchain network to build a trustless network, and greatly reduces the security factor of the network.

发明内容Contents of the invention

有鉴于此,提供一种联盟节点证书安全的BaaS网络实现方法及装置,以解决相关技术中的问题。In view of this, a BaaS network implementation method and device for federated node certificate security are provided to solve problems in related technologies.

本发明采用如下技术方案:The present invention adopts following technical scheme:

第一方面,本发明实施例提供了一种联盟节点证书安全的BaaS网络实现方法,包括:In the first aspect, the embodiment of the present invention provides a BaaS network implementation method for alliance node certificate security, including:

基于kubernetes的RABC权限控制和kubernetes operator的baas平台开发框架;RABC authority control based on kubernetes and baas platform development framework of kubernetes operator;

联盟链的各组织基于所述开发框架,所述联盟链的各组织基于所述开发框架,通过操作图形界面进行联盟节点的部署;Each organization of the alliance chain is based on the development framework, and each organization of the alliance chain deploys alliance nodes by operating a graphical interface based on the development framework;

联盟链的各组织基于所述开发框架,进各自管理自己的节点证书、账户证书。Each organization of the consortium chain manages its own node certificates and account certificates based on the development framework described above.

可选的,所述联盟链的各组织基于所述开发框架,通过操作图形界面进行联盟节点的部署;包括:Optionally, each organization of the alliance chain deploys alliance nodes by operating a graphical interface based on the development framework; including:

通过Kubernetes进行网络的部署,以在新的环境下部署系统并实现自动运维,屏蔽了硬件的物理差异。Deploy the network through Kubernetes to deploy the system in a new environment and realize automatic operation and maintenance, shielding the physical differences of hardware.

可选的,所述联盟链的各组织基于所述开发框架,通过操作图形界面进行联盟节点的部署;包括:Optionally, each organization of the alliance chain deploys alliance nodes by operating a graphical interface based on the development framework; including:

Docker镜像和Helm Chart仓库采用了云端存储的模式,以通过部署脚本进行系统的部署。The Docker image and the Helm Chart warehouse adopt the cloud storage mode to deploy the system through deployment scripts.

可选的,所述开发框架包括:baas-crd模块、baas-operator模块、baas-api模块,和baas-frontend模块;Optionally, the development framework includes: baas-crd module, baas-operator module, baas-api module, and baas-frontend module;

其中,所述baas-crd模块和所述baas-operator模块,以开源代码的形式共享给所有联盟的组织。Wherein, the baas-crd module and the baas-operator module are shared with all alliance organizations in the form of open source code.

可选的,所述开发框架包括:Optionally, the development framework includes:

联盟链的各组织在进行baas-operator模块和baas-crd模块的部署和安装时,增加自己的检查代码,使得本地部署的baas-operator模块和baas-crd模块有更强的安全性。When deploying and installing the baas-operator module and baas-crd module, each organization of the consortium chain adds its own inspection code, so that the locally deployed baas-operator module and baas-crd module have stronger security.

可选的,所述组织基于预设的证书管理界面查看、新增和管理证书。Optionally, the organization views, adds and manages certificates based on a preset certificate management interface.

可选的,预设的BaaS系统提供预设的通用的智能合约供用户快速选择或预设的BaaS系统获取用户编写上传的智能合约进行部署。Optionally, the preset BaaS system provides preset general-purpose smart contracts for users to quickly select or the preset BaaS system obtains smart contracts written and uploaded by users for deployment.

第二方面,本申请提供一种联盟节点证书安全的BaaS网络实现装置,包括:In the second aspect, this application provides a BaaS network implementation device for alliance node certificate security, including:

获取模块,用于获取联盟链的各组织获取通过结合kubernetes的RABC权限控制以及kubernetes的operator开发框架;The acquisition module is used to obtain the organizations of the consortium chain by combining the RABC authority control of kubernetes and the operator development framework of kubernetes;

部署模块,用于供联盟链的各组织基于所述开发框架,所述联盟链的各组织基于所述开发框架,通过操作图形界面进行联盟节点的部署;The deployment module is used for each organization of the alliance chain to deploy the alliance nodes by operating a graphical interface based on the development framework, and each organization of the alliance chain is based on the development framework;

管理模块,用于供联盟链的各组织基于所述开发框架,进行各自管理自己的节点证书、账户证书。The management module is used for each organization of the consortium chain to manage their own node certificates and account certificates based on the development framework.

第三方面,一种联盟节点证书安全的BaaS网络实现设备,包括:In the third aspect, a BaaS network implementation device for alliance node certificate security, including:

处理器,以及与所述处理器相连接的存储器;a processor, and a memory connected to the processor;

所述存储器用于存储计算机程序,所述计算机程序至少用于执行本申请第一方面所述的联盟节点证书安全的BaaS网络实现方法;The memory is used to store computer programs, and the computer programs are at least used to implement the BaaS network implementation method for federation node certificate security described in the first aspect of the present application;

所述处理器用于调用并执行所述存储器中的所述计算机程序。The processor is used to call and execute the computer program in the memory.

第四方面,本申请提供一种存储介质,所述存储介质存储有计算机程序,所述计算机程序被处理器执行时,实现如本申请第一方面所述的联盟节点证书安全的BaaS网络实现方法中各个步骤。In a fourth aspect, the present application provides a storage medium, the storage medium stores a computer program, and when the computer program is executed by a processor, the BaaS network implementation method for alliance node certificate security as described in the first aspect of the application is implemented in each step.

本发明通过基于Kubernetes的BaaS网络实现方案,实现了网络部署的方便快捷,用户只需要操作图形界面即可完成基础的网络部署,实现了真正去中心化的部署,每个组织自己管理自己的机密数据,不需要提供数据给第三方,提高网络的安全系数。The present invention realizes the convenient and fast network deployment through the Kubernetes-based BaaS network implementation scheme, and the user only needs to operate the graphical interface to complete the basic network deployment, realizing a truly decentralized deployment, and each organization manages its own secrets Data, no need to provide data to third parties, improve the security factor of the network.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention or the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1是本发明实施例提供的一种联盟节点证书安全的BaaS网络实现方法的流程图;Fig. 1 is a flow chart of a BaaS network implementation method for alliance node certificate security provided by an embodiment of the present invention;

图2是本发明实施例提供的实施例中多集群部署示意图;FIG. 2 is a schematic diagram of multi-cluster deployment in an embodiment provided by an embodiment of the present invention;

图3是本发明实施例提供的一种联盟节点证书安全的BaaS网络实现装置的结构示意图;FIG. 3 is a schematic structural diagram of a BaaS network implementing device for alliance node certificate security provided by an embodiment of the present invention;

图4是本发明实施例提供的一种联盟节点证书安全的BaaS网络实现设备的结构示意图。FIG. 4 is a schematic structural diagram of a BaaS network implementation device for federated node certificate security provided by an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案和优点更加清楚,下面将对本发明的技术方案进行详细的描述。显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所得到的所有其它实施方式,都属于本发明所保护的范围。In order to make the purpose, technical solution and advantages of the present invention clearer, the technical solution of the present invention will be described in detail below. Apparently, the described embodiments are only some of the embodiments of the present invention, but not all of them. Based on the embodiments of the present invention, all other implementations obtained by persons of ordinary skill in the art without making creative efforts fall within the protection scope of the present invention.

首先对本发明实施例的应用场景进行说明,区块链作为一种新型的技术实现,通过去中心化、多节点的共识和记账,解决了组织之间的信任问题,可以提供可追溯、不可篡改、降低信任成本等独特特性的技术解决方案。在区块链网络搭建的时候,需要在不同的组织进行节点的部署和连接的建立,如果由不同的组织独立部署,需要不同的组织都有非常专业的技术人员进行独立的操作,且沟通协调成本非常高,会造成网络部署的周期长,且后续的维护非常困难;如果由统一的第三方进行统一部署,第三方需要接触到不同组织的机密数据(比如证书数据、比如企业网络内部环境),需要不同组织都信任该第三方,违背了区块链网络构建去信任网络的初衷,大大降低了网络的安全系数。本申请针对这一问题提出了对应的解决方案。Firstly, the application scenario of the embodiment of the present invention is explained. As a new type of technology, the blockchain solves the problem of trust between organizations through decentralization, multi-node consensus and bookkeeping, and can provide traceable, unreliable Technical solutions with unique characteristics such as tampering and reducing the cost of trust. When building a blockchain network, it is necessary to deploy nodes and establish connections in different organizations. If they are deployed independently by different organizations, it is necessary for different organizations to have very professional technicians to carry out independent operations and communicate and coordinate. The cost is very high, which will result in a long period of network deployment and subsequent maintenance is very difficult; if a unified third-party is deployed in a unified manner, the third party needs to have access to confidential data of different organizations (such as certificate data, such as the internal environment of the enterprise network) , requires different organizations to trust the third party, which violates the original intention of the blockchain network to build a trustless network, and greatly reduces the security factor of the network. This application proposes a corresponding solution to this problem.

实施例Example

图1为本发明实施例提供的一种联盟节点证书安全的BaaS网络实现方法的流程图;该方法可以由本发明实施例提供的联盟节点证书安全的BaaS网络实现方法来执行。图2是本发明实施例提供的实施例中多集群部署示意图;参考图1和图2,该方法具体可以包括如下步骤:FIG. 1 is a flowchart of a BaaS network implementation method for federated node certificate security provided by an embodiment of the present invention; the method can be executed by the BaaS network implemented method for federated node certificate security provided by an embodiment of the present invention. Fig. 2 is a schematic diagram of multi-cluster deployment in the embodiment provided by the embodiment of the present invention; referring to Fig. 1 and Fig. 2, the method may specifically include the following steps:

S101、联盟链的各组织获取通过结合kubernetes的RABC权限控制以及kubernetes的operator开发框架;S101. Each organization of the consortium chain obtains by combining the RABC authority control of kubernetes and the operator development framework of kubernetes;

S102、联盟链的各组织基于所述开发框架,通过操作图形界面进行联盟节点的部署;S102. Based on the development framework, each organization of the alliance chain deploys alliance nodes by operating a graphical interface;

S103、联盟链的各组织基于所述开发框架,进行各自管理自己的节点证书、账户证书。S103. Each organization of the consortium chain manages its own node certificates and account certificates based on the development framework.

本发明提出了一种基于kubernetes的BaaS网络实现方案,通过结合kubernetes的RABC权限控制以及kubernetes的operator开发框架,既实现了网络的统一部署和运维,也保证了联盟网络的各个组织各自管理自己的节点证书、账户证书;通过将网络的部署和证书使用分离,既提升了联盟链网络的部署效率(分钟级),也保证了所有联盟参与组织的数据安全。The present invention proposes a BaaS network implementation scheme based on kubernetes. By combining the RABC authority control of kubernetes and the operator development framework of kubernetes, it not only realizes the unified deployment and operation and maintenance of the network, but also ensures that each organization of the alliance network manages itself Node certificates and account certificates; by separating the deployment of the network from the use of certificates, it not only improves the deployment efficiency of the alliance chain network (minute level), but also ensures the data security of all alliance participating organizations.

具体的,本发明的主要技术模块包括:Specifically, the main technical modules of the present invention include:

baas-crd模块,主要实现CRD部署和权限设置;该模块主要实现了如下的功能:自定义CRD,实现链部署和链访问的自定义kubernetes资源定义,比如:链节点启动、共识节点启动、子链安装、合约安装等功能crd;基于自定义CRD的权限定义;CRD的自动化安装和权限设置;The baas-crd module mainly realizes CRD deployment and permission setting; this module mainly realizes the following functions: custom CRD, realizes custom kubernetes resource definitions for chain deployment and chain access, such as: chain node startup, consensus node startup, child Chain installation, contract installation and other functions crd; permission definition based on custom CRD; automatic installation and permission setting of CRD;

baas-operator模块,基于kubernetes的operator-sdk的二次开发;baas-operator实现了如下的主要功能:基于自定义CRD的功能实现,封装的kubernetes功能服务,包括pod创建、service创建、secret访问、功能流程脚本等;节点证书和账户证书生成;baas-operator的安装、启动和升级;The baas-operator module is the secondary development of operator-sdk based on kubernetes; baas-operator implements the following main functions: function implementation based on custom CRD, encapsulated kubernetes functional services, including pod creation, service creation, secret access, Functional process scripts, etc.; generation of node certificates and account certificates; installation, startup and upgrade of baas-operator;

baas-api模块,基于kubernetes用户接口的部署和运维平台;该模块实现了baas平台操作和运维功能,支持联盟组织的注册、联盟网络部署、联盟网络运维等主要功能。The baas-api module is a deployment and operation and maintenance platform based on the kubernetes user interface; this module realizes the operation and operation and maintenance functions of the baas platform, and supports the registration of alliance organizations, alliance network deployment, alliance network operation and maintenance and other main functions.

baas-frontend模块,基于React框架实现的BaaS前端页面;该模块主要实现为:通过对用户友好的交互页面,实现用户对BaaS平台的界面化部署和管理,让用户通过界面操作就可以完成对网络的控制,不需要关心底层的实现细节。The baas-frontend module is a BaaS front-end page implemented based on the React framework; the main realization of this module is: through user-friendly interactive pages, the user can implement interface-based deployment and management of the BaaS platform, allowing users to complete the network through interface operations control without having to care about the underlying implementation details.

其中:baas-crd模块和baas-operator模块,以开源代码的形式共享给所有联盟的组织,联盟组织可以对代码实现进行安全审查;在进行baas-operator和baas-crd部署和安装的时候,可以直接使用源代码编译,并能够增加自己的检查代码,使得本地部署的baas-operator和baas-crd有更强的安全性。Among them: the baas-crd module and baas-operator module are shared with all alliance organizations in the form of open source code, and alliance organizations can conduct security reviews on code implementation; when deploying and installing baas-operator and baas-crd, you can Directly use the source code to compile, and can add your own inspection code, so that the locally deployed baas-operator and baas-crd have stronger security.

在baas-crd的权限定义中,定义了CRD的操作和访问权限,baas-api在进行部署和运维的时候,只能对自定义的CRD进行操作,无法直接使用kubernetes的pod、service、ingress等基础资源服务接口,也无法直接访问到用户的secret(只能在用户本地通过operator进行访问,baas-api无法读取到任何secret信息),从而保证了用户网络和用户证书的安全。In the permission definition of baas-crd, the operation and access rights of CRD are defined. When baas-api is deployed and maintained, it can only operate on custom CRD, and cannot directly use pod, service and ingress of kubernetes And other basic resource service interfaces, and cannot directly access the user's secret (it can only be accessed locally through the operator, and the baas-api cannot read any secret information), thus ensuring the security of the user network and user certificate.

baas-crd和baas-operator模块以开源的形式发布,用户通过审查相关的代码和流程,从来能确定是否有对用户网络访问和操作的安全漏洞,例如不受控制的权限访问、secret泄露等。The baas-crd and baas-operator modules are released in the form of open source. By reviewing the relevant codes and processes, users can always determine whether there are security holes in user network access and operations, such as uncontrolled permission access and secret leakage.

本发明通过基于Kubernetes的BaaS网络实现方案,实现了网络部署的方便快捷,用户只需要操作图形界面即可完成基础的网络部署,实现了真正去中心化的部署,每个组织自己管理自己的机密数据,不需要提供数据给第三方。同时,通过该BaaS平台部署的网络还可以通过平台的监控随时掌握网络的运行情况,并设定相应的预警规则及报警机制,实现自动运维。The present invention realizes the convenient and fast network deployment through the Kubernetes-based BaaS network implementation scheme, and the user only needs to operate the graphical interface to complete the basic network deployment, realizing a truly decentralized deployment, and each organization manages its own secrets data, no need to provide data to third parties. At the same time, the network deployed through the BaaS platform can also monitor the operation of the network at any time through the monitoring of the platform, and set corresponding early warning rules and alarm mechanisms to realize automatic operation and maintenance.

本发明提出了一种基于kubernetes的联盟节点证书安全的BaaS网络实现,并说明了实现证书安全及网络部署的关键模块和作用,在具体的实施过程中,我们通过Kubernetes进行网络的部署,通过Kubernetes可以快速地在新的环境下部署系统并实现自动运维,很好地屏蔽了硬件的物理差异。Docker镜像和Helm Chart仓库我们都采用了云端存储的模式,这样,只需要能连接到互联网就能通过简单的部署脚本进行系统的部署。The present invention proposes a BaaS network implementation based on kubernetes-based alliance node certificate security, and illustrates the key modules and functions for realizing certificate security and network deployment. In the specific implementation process, we deploy the network through Kubernetes, and use Kubernetes It can quickly deploy the system in a new environment and realize automatic operation and maintenance, which well shields the physical differences of hardware. Both the Docker image and the Helm Chart warehouse have adopted the cloud storage model, so that the system can be deployed through simple deployment scripts only by being able to connect to the Internet.

下面给出了一些具体的实施例,来说明如何实现联盟节点证书安全的BaaS网络:Some specific examples are given below to illustrate how to implement a BaaS network with federated node certificate security:

网络部署分为区块链部署模块、证书管理模块、节点管理模块和合约模块,将网络部署和证书管理分离的方式,证书类型分为用户证书、peer证书、orderer证书,用户可以单独增加和管理对应的证书,在部署网络时,选择对应的证书进行部署。Network deployment is divided into blockchain deployment module, certificate management module, node management module and contract module, which separates network deployment and certificate management. The types of certificates are divided into user certificates, peer certificates, and orderer certificates. Users can add and manage them separately The corresponding certificate, when deploying the network, select the corresponding certificate for deployment.

目前支持部署的Fabric网络版本有1.4、2.0和2.1,用户在初始一个联盟链时,需要选择对应的Fabric版本,并填入部署的参数设置,系统通过Kubernetes和Operator配合的方式,选择对应的配置模版,生成对应的模版文件自动化实现部署过程。在部署过程中,证书文件由用户提供。Currently, the Fabric network versions that support deployment are 1.4, 2.0, and 2.1. When users initialize a consortium chain, they need to select the corresponding Fabric version and fill in the deployment parameter settings. The system selects the corresponding configuration through the cooperation of Kubernetes and Operator. Template, generate the corresponding template file to automate the deployment process. During deployment, the certificate file is provided by the user.

其中,邀请参与方加入联盟链的方式如下:Among them, the way to invite participants to join the alliance chain is as follows:

一个业务通常由多方参与,创建初始联盟链后,需要邀请其他业务方加入到该联盟链中,一起参与该联盟链的治理,在该BaaS系统中,一个节点对应了一个实体组织,每个组织都以节点加入到联盟链中,新节点的证书文件也由各个组织自行选择,并自行管理该证书文件,保证了所有联盟参与组织的数据安全。A business is usually participated by multiple parties. After creating the initial consortium chain, other business parties need to be invited to join the consortium chain and participate in the governance of the consortium chain. In this BaaS system, a node corresponds to an entity organization, and each organization All nodes are added to the alliance chain, and the certificate files of new nodes are also selected by each organization, and the certificate files are managed by themselves, ensuring the data security of all alliance participating organizations.

合约管理的方式如下:The contract management method is as follows:

BaaS系统会提供一些较为通用的智能合约供用户快速选择,用户可以通过页面查看已安装的智能合约,并且可以通过编写智能合约并手动上传的方式部署智能合约。The BaaS system will provide some common smart contracts for users to quickly select. Users can view the installed smart contracts through the page, and deploy smart contracts by writing smart contracts and uploading them manually.

节点管理的方式如下:The way of node management is as follows:

通过界面方便用户查看联盟中的peer节点状态和orderer节点状态,并对权限范围内的peer或orderer节点进行编辑等操作。Through the interface, it is convenient for users to view the status of peer nodes and orderer nodes in the alliance, and to edit peer or orderer nodes within the scope of authority.

证书管理的方式如下:The certificate management method is as follows:

用户可以在证书管理界面查看已有的证书,可以通过简单的页面操作新增一个用户证书,在部署联盟链时,可以自行选择自动生成证书或是从用户已有的证书中选择,将部署和证书分离的方式,保证了组织的数据安全性。Users can view the existing certificates on the certificate management interface, and can add a user certificate through simple page operations. When deploying the consortium chain, they can choose to automatically generate a certificate or choose from the user's existing certificates. The deployment and The certificate separation method ensures the data security of the organization.

图3是本发明实施例提供的一种联盟节点证书安全的BaaS网络实现装置的结构示意图;参照图3,本申请提供的联盟节点证书安全的BaaS网络实现装置包括:FIG. 3 is a schematic structural diagram of a BaaS network implementation device for federated node certificate security provided by an embodiment of the present invention; referring to FIG. 3 , the BaaS network implementation device for federated node certificate security provided by this application includes:

获取模块31,用于获取联盟链的各组织获取通过结合kubernetes的RABC权限控制以及kubernetes的operator开发框架;The obtaining module 31 is used to obtain the various organizations of the consortium chain by combining the RABC authority control of kubernetes and the operator development framework of kubernetes;

部署模块32,用于供联盟链的各组织基于所述开发框架,所述联盟链的各组织基于所述开发框架,通过操作图形界面进行联盟节点的部署;The deployment module 32 is used for each organization of the alliance chain to deploy alliance nodes by operating a graphical interface based on the development framework, and each organization of the alliance chain is based on the development framework;

管理模块33,用供联盟链的各组织基于所述开发框架,进行各自管理自己的节点证书、账户证书。The management module 33 is used by each organization of the consortium chain to manage their own node certificates and account certificates based on the development framework.

图4是本发明实施例提供的一种联盟节点证书安全的BaaS网络实现设备的结构示意图。参照图4,本申请提供的一种联盟节点证书安全的BaaS网络实现设备包括:FIG. 4 is a schematic structural diagram of a BaaS network implementation device for federated node certificate security provided by an embodiment of the present invention. Referring to Figure 4, a BaaS network implementation device for alliance node certificate security provided by this application includes:

处理器,以及与所述处理器相连接的存储器;a processor, and a memory connected to the processor;

所述存储器用于存储计算机程序,所述计算机程序至少用于执行本申请提供的联盟节点证书安全的BaaS网络实现方法;The memory is used to store a computer program, and the computer program is at least used to implement the BaaS network implementation method for alliance node certificate security provided by this application;

所述处理器用于调用并执行所述存储器中的所述计算机程序。The processor is used to call and execute the computer program in the memory.

本申请还提供一种存储介质,所述存储介质存储有计算机程序,所述计算机程序被处理器执行时,实现如本申请提供的联盟节点证书安全的BaaS网络实现方法中各个步骤。The present application also provides a storage medium, the storage medium stores a computer program, and when the computer program is executed by a processor, each step in the BaaS network implementation method for alliance node certificate security as provided in the present application is implemented.

可以理解的是,上述各实施例中相同或相似部分可以相互参考,在一些实施例中未详细说明的内容可以参见其他实施例中相同或相似的内容。It can be understood that, the same or similar parts in the above embodiments can be referred to each other, and the content that is not described in detail in some embodiments can be referred to the same or similar content in other embodiments.

需要说明的是,在本发明的描述中,术语“第一”、“第二”等仅用于描述目的,而不能理解为指示或暗示相对重要性。此外,在本发明的描述中,除非另有说明,“多个”的含义是指至少两个。It should be noted that, in the description of the present invention, the terms "first", "second" and so on are only used for description purposes, and should not be understood as indicating or implying relative importance. In addition, in the description of the present invention, unless otherwise specified, the meaning of "plurality" means at least two.

流程图中或在此以其他方式描述的任何过程或方法描述可以被理解为,表示包括一个或更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本发明的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本发明的实施例所属技术领域的技术人员所理解。Any process or method descriptions in flowcharts or otherwise described herein may be understood to represent modules, segments or portions of code comprising one or more executable instructions for implementing specific logical functions or steps of the process , and the scope of preferred embodiments of the invention includes alternative implementations in which functions may be performed out of the order shown or discussed, including substantially concurrently or in reverse order depending on the functions involved, which shall It is understood by those skilled in the art to which the embodiments of the present invention pertain.

应当理解,本发明的各部分可以用硬件、软件、固件或它们的组合来实现。在上述实施方式中,多个步骤或方法可以用存储在存储器中且由合适的指令执行系统执行的软件或固件来实现。例如,如果用硬件来实现,和在另一实施方式中一样,可用本领域公知的下列技术中的任一项或他们的组合来实现:具有用于对数据信号实现逻辑功能的逻辑门电路的离散逻辑电路,具有合适的组合逻辑门电路的专用集成电路,可编程门阵列(PGA),现场可编程门阵列(FPGA)等。It should be understood that various parts of the present invention can be realized by hardware, software, firmware or their combination. In the embodiments described above, various steps or methods may be implemented by software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented by any one or combination of the following techniques known in the art: Discrete logic circuits, ASICs with suitable combinational logic gates, programmable gate arrays (PGAs), field programmable gate arrays (FPGAs), etc.

本技术领域的普通技术人员可以理解实现上述实施例方法携带的全部或部分步骤是可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,该程序在执行时,包括方法实施例的步骤之一或其组合。Those of ordinary skill in the art can understand that all or part of the steps carried by the methods of the above embodiments can be completed by instructing related hardware through a program, and the program can be stored in a computer-readable storage medium. During execution, one or a combination of the steps of the method embodiments is included.

此外,在本发明各个实施例中的各功能单元可以集成在一个处理模块中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。所述集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,也可以存储在一个计算机可读取存储介质中。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing module, each unit may exist separately physically, or two or more units may be integrated into one module. The above-mentioned integrated modules can be implemented in the form of hardware or in the form of software function modules. If the integrated modules are realized in the form of software function modules and sold or used as independent products, they can also be stored in a computer-readable storage medium.

上述提到的存储介质可以是只读存储器,磁盘或光盘等。The storage medium mentioned above may be a read-only memory, a magnetic disk or an optical disk, and the like.

在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of this specification, descriptions referring to the terms "one embodiment", "some embodiments", "example", "specific examples", or "some examples" mean that specific features described in connection with the embodiment or example , structure, material or characteristic is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

尽管上面已经示出和描述了本发明的实施例,可以理解的是,上述实施例是示例性的,不能理解为对本发明的限制,本领域的普通技术人员在本发明的范围内可以对上述实施例进行变化、修改、替换和变型。Although the embodiments of the present invention have been shown and described above, it can be understood that the above embodiments are exemplary and should not be construed as limiting the present invention, those skilled in the art can make the above-mentioned The embodiments are subject to changes, modifications, substitutions and variations.

Claims (10)

1. A BaaS network implementation method for security of an allied node certificate is characterized by comprising the following steps:
a alliance chain baas network development framework based on kubernets RABC authority control and kubernets operator deployment and maintenance;
based on the development framework, each organization of the alliance chain deploys alliance nodes through an operation graphical interface;
and each organization of the alliance chain manages the node certificate and the account certificate of the organization based on the development framework.
2. The BaaS network implementation method for security of the alliance node certificate as claimed in claim 1, wherein each organization of the alliance chain deploys alliance nodes through an operation graphical interface based on the development framework; the method comprises the following steps:
the network is deployed through Kubernetes, so that the system is deployed in a new environment, automatic operation and maintenance are realized, and physical differences of hardware are shielded.
3. The BaaS network implementation method for security of the alliance node certificate of claim 2, wherein each organization of the alliance chain deploys alliance nodes through an operation graphical interface based on the development framework; the method comprises the following steps:
the Docker mirror image and the Helm Chart warehouse adopt a cloud storage mode so as to deploy the system through a deployment script.
4. A federation node certificate secure BaaS network implementation method as claimed in claim 1, wherein the development framework comprises: a bas-crd module, a bas-operator module, a bas-api module and a bas-front module;
wherein, the baas-crd module and the baas-operator module are shared to all organizations of the alliance in the form of open source codes.
5. A federation node certificate secure BaaS network implementation method as claimed in claim 1, wherein the development framework comprises:
when the organizations of the alliance chain deploy and install the base-operator module and the base-crd module, the organizations increase their own check codes, so that the locally deployed base-operator module and the base-crd module have stronger safety.
6. The BaaS network implementation method for federation node certificate security of claim 1, wherein the organization views, adds and manages certificates based on a preset certificate management interface.
7. The BaaS network implementation method for federation node certificate security according to claim 1, wherein the preset BaaS system provides a preset general intelligent contract for a user to quickly select or the preset BaaS system obtains an intelligent contract written and uploaded by the user to deploy.
8. A BaaS network implementation device for security of an alliance node certificate is characterized by comprising:
the system comprises an acquisition module, a management module and a management module, wherein the acquisition module is used for acquiring RABC authority control combined with kubernets and operator development frames of the kubernets by all organizations of a union chain;
the deployment module is used for enabling all organizations of the alliance chain to be based on the development framework, and all organizations of the alliance chain are based on the development framework and deploy alliance nodes through an operation graphical interface;
and the management module is used for managing the node certificate and the account certificate of each organization of the alliance chain based on the development framework.
9. A BaaS network implementation device for federation node certificate security is characterized by comprising:
a processor, and a memory coupled to the processor;
the memory is configured to store a computer program for performing at least the league node certificate secure, baaS network-enabled method of any of claims 1-7;
the processor is used for calling and executing the computer program in the memory.
10. A storage medium storing a computer program which, when executed by a processor, implements each step in a leas network implementation method for federation node certificate security as recited in any one of claims 1 to 7.
CN202110844547.XA 2021-07-26 2021-07-26 BaaS network implementation method and device for alliance node certificate security Pending CN115694821A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110844547.XA CN115694821A (en) 2021-07-26 2021-07-26 BaaS network implementation method and device for alliance node certificate security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110844547.XA CN115694821A (en) 2021-07-26 2021-07-26 BaaS network implementation method and device for alliance node certificate security

Publications (1)

Publication Number Publication Date
CN115694821A true CN115694821A (en) 2023-02-03

Family

ID=85044611

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110844547.XA Pending CN115694821A (en) 2021-07-26 2021-07-26 BaaS network implementation method and device for alliance node certificate security

Country Status (1)

Country Link
CN (1) CN115694821A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108108223A (en) * 2017-11-30 2018-06-01 国网浙江省电力公司信息通信分公司 Container Management platform based on Kubernetes
CN109213568A (en) * 2018-08-16 2019-01-15 北京京东尚科信息技术有限公司 A kind of block chain network service platform and its dispositions method, storage medium
CN109462508A (en) * 2018-11-30 2019-03-12 北京百度网讯科技有限公司 Node deployment method, device and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108108223A (en) * 2017-11-30 2018-06-01 国网浙江省电力公司信息通信分公司 Container Management platform based on Kubernetes
CN109213568A (en) * 2018-08-16 2019-01-15 北京京东尚科信息技术有限公司 A kind of block chain network service platform and its dispositions method, storage medium
CN109462508A (en) * 2018-11-30 2019-03-12 北京百度网讯科技有限公司 Node deployment method, device and storage medium

Similar Documents

Publication Publication Date Title
US11023301B1 (en) Unified API platform
CN107005422B (en) System and method for topology-based management of next day operations
CN107005421B (en) Topology-based management methods, systems and media utilizing stage and version policies
US20220086055A1 (en) Model driven process for automated deployment of domain 2.0 virtualized services and applications on cloud infrastructure
KR101954480B1 (en) Automated build-out of a cloud-computing stamp
Ferry et al. Towards model-driven provisioning, deployment, monitoring, and adaptation of multi-cloud systems
US11579950B2 (en) Configuring an API to provide customized access constraints
CN108369532B (en) System and method for packaging tools for first and third party component deployment
JP2019525653A (en) Network service design and deployment process for NFV systems
CN105593835A (en) Managing a number of secondary clouds by a master cloud service manager
CN109474508B (en) VPN networking method, VPN networking system, VPN master node equipment and VPN master node medium
JP2010517175A (en) System management policy certification, distribution, and formulation
CN115827008A (en) A cloud-native big data component management system based on cloud-native platform Kubernetes
CN113505996A (en) Authority management method and device
CN102123040A (en) Method and device for configuring data
Khumaidi Implementation of DevOps method for automation of server management using Ansible
CN104378240A (en) Method for flexibly customizing topology view for monitoring
CN118535169A (en) Container orchestration platform automated deployment method, system and electronic device
Bwalya et al. An SDN approach to mitigating network management challenges in traditional networks
US11663349B2 (en) System and method for managing data object creation
CN115694821A (en) BaaS network implementation method and device for alliance node certificate security
CN111858044A (en) A method, system, device and medium for single-machine multi-instance deployment and management
CN102571392B (en) Method and device for configuring data of data communication device
Casola et al. Model-based deployment of secure multi-cloud applications
Sadtler et al. IBM Workload Deployer: Pattern-based Application and Middleware Deployments in a Private Cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination