Tutorial How to create a permissioned Blockchain network with Hyperledger Besu
Create a controlled Ethereum network where you decide who can play and who can transact.
In his video, I'll show you how you can create a permission Ethereum network with Hyperledger Besu. The permissioned network will allow you to control not only which nodes are allowed to participate but also which Ethereum addresses are allowed to send transactions. Hey, I'm Julian, and on my channel, In the Blocks, I focus on blockchain development and how to find your first blockchain job.
Before we start this tutorial, there are two prerequisites. First, you need to have installed Besu; check out this video if you don't know how to do it. You also need to have curl installed or any utility that can send HTTP requests.
Now, let's create a permissioned network with three Ethereum nodes. In our project folder, we're going to create a folder for each node. Let's create a folder for the first node, then the same for the second node, and finally, the last node. Each node will be identified by an address, and we need to get the address of the first node to put it in the genesis file, which will be used to create the Genesis block, the first block of the blockchain.
To do this, you will go to the documentation of Besu for creating a permissioned network and scroll down until you reach the section titled Get address of node 1. We will copy the command here, which will export the address of the first node into a specified file. Let's go back to our terminal, navigate into node 1, and run the command. I'm not running it on my computer because I've already done it before, but you should see some output here. After that, if you check in the data folder for node address 1, you should see the address of the node.
Next, we connect back to the documentation of Besu to create the Genesis file. This file will be used to configure our blockchain and, in particular, help us create the Genesis block. Let's take a look at what we have inside. Here, we define the consensus protocol; we're going to use the Clique consensus protocol, which is a proof of authority protocol. This means that in order to add blocks to the blockchain, you need to be pre-approved, which is different from proof of work.
In this file, we also have extra data and a lock key that allows us to define some addresses and private keys to which we want to add some Ether. This setup allows you to have pre-funded accounts, similar to Ganache, making it easier for development. Here, we specify the balance, and that’s pretty much it. You will copy all of this, then in your terminal, you will create a file called click_genesis.json at the root of the project. After that, open it and paste the configuration inside.
In the extra data key, you need to replace the node one address. So, let's go back to node one and read the address of node one like this. I’m going to use a utility called pbcopy to copy it into my clipboard, but if you prefer, you can just copy it using any other method. Then, back to my file, I will paste this, ensuring to remove the 0x from the address. After making these adjustments, save and exit the file.
Next, let's return to the documentation of Besu and scroll down to create the permissions configuration files. In this file, we will define the Ethereum addresses that are allowed to send transactions to our private blockchain. We will copy the necessary information and create a file called permissions_config.toml. Let's open this file and copy everything into it, then place this file in the data folder of each node.
Now, back to the documentation of Besu, we will scroll down to start the different nodes. Here, we have the command to start the first node. We will go inside the folder of node 1, specify where the data of the blockchain should be saved inside the data folder, and indicate what the genesis file is. The two options, permission_node_config_file_enable and permission_account_config_file_enable, allow you to use the permissioning feature of Besu. Here, we enable the Sturm API of Ethereum and specify exactly which API we want. The important part is the Clique option, which is how we specify the Clique consensus protocol.
Setting up a blockchain network is all about the right configurations and connections; every node counts in creating a seamless experience.
Let's return to the documentation of Baizhu. We will scroll down and begin with the different nodes. First, we need to access the folder of Node 1. Here, we specify where the data of the blockchain should be saved inside the data folder. Next, we specify what the genesis file is.
In this section, we have two options: permission node config file enable and permission again config file enable. These two options allow you to use the permission feature of Baizhu. At the PHP level, we enable the sturm API of Ethereum, and here we specify exactly which API we want. The important part is the click option, which is how we specify the click consensus protocol.
Additionally, these two options mean that you can access your node from anywhere, but in a production environment, you would probably want to be more restrictive. We will copy this and back up to the terminal. Let me clear this, then go inside the folder of Node 1, paste our command, and run it. Now, Node 1 is starting.
Next, we will return to the documentation of Baizhu and scroll down to find the command for running Node 2. The command is almost the same as before, except that the port for the peer-to-peer protocol is different, as well as the port for the Ethereum API to avoid conflicts with the previous node.
Back at the terminal, we will create a new terminal, go inside the Node 2 folder, paste the command, and run it. Now, Node 2 is also running. We will continue this process for Node 3. We scroll down in the documentation, find the command for running Node 3, and once again, the options are the same as before, with different ports. We copy the command, create a new terminal, go inside the folder of Node 3, paste the command, and run it. Now all our nodes are running in our private network.
Next, we need to add the addresses of the different nodes to the permission file of each node. We will start with Node 1. We scroll up in the output until we find something called a node, copy this, and paste it somewhere. We will do the same for the node of Node 2 and then for Node 3.
Next, we go back to the documentation of Baizhu and scroll down until we find the instruction to add the e node URL for each node. There is one instruction for each node, and we will add the e node of the three nodes. We copy the instruction for Node 1, then do the same for Node 2 and Node 3, replacing the placeholder in each case with the real values. After copying the command, we run it for Node 1, and then we repeat the operation for Node 2 and Node 3.
Returning to the documentation of Baizhu, we scroll down to the next operation, which is to add nodes as peers. In our private network setup, there are no other nodes, so we need to inform each node about the other nodes in the network. For this, we will use the API admin add peer. You need to do this for Node 2 and then for Node 3.
First, you specify one node in the command and in the second instruction, you specify another node. It is not possible to send one command for both nodes because the method name here is @peer, which is singular. You copy this command, replace the placeholder, and run it in your terminal.
The final step is to confirm that the permission network is working. For this, you will copy a curl command and you should see a specific output. If you want to push this tutorial even further, you can try to send a transaction from an account that is inside the whitelist. You can check out another video where I explain how to use Baizhu and send transactions to it using Truffle.
Additionally, you can try to send a transaction that is not from an account in the whitelist, which should fail. Another interesting tutorial that will not be covered in this series is how to configure a network for private transactions. You can check out this tutorial that will show you how to do this. The prerequisite is that you first need to set up a network with the IDFT 2.0 protocol.
Another interesting aspect is how to configure your private network to not use any gas. Usually, in a private network, you use the proof of authority consensus, which eliminates the risk of your network being spammed. You can configure this by using specific settings in your genesis file.
If you are interested in the difference between click and IDFT 2.0, which are the two proof of authority consensus protocols offered by Baizhu, you can check out this explanation. If you haven't seen the other videos in the series on Hyperledger, I highly encourage you to check them out, as you will find a lot of really cool information there. I'll see you there!