Installing Hyperledger Sawtooth 1.0.5 on Alibaba Cloud ECS

$ chmod 400 alikeys.pem
$ ssh -i ~/nodejs/alikeys.pem
Welcome to Ubuntu 16.04.5 LTS (GNU/Linux 4.4.0-117-generic x86_64) * Documentation:
* Management:
* Support:
Welcome to Alibaba Cloud Elastic Compute Service !
$ adduser devb
$ usermod -aG sudo devb
$ su - devb
# -- This will ensure your instance is upto date 
$ sudo apt update
# -- Install Apache webserver now
$ sudo apt-get install apache2
# -- Ensure SSL, headers and proxying is ready for Apache
$ a2enmod ssl
$ a2enmod headers
$ a2enmod proxy_http
# -- /var/www
# -- change the attributes of the web root folder
$ sudo chmod -R 755 /var/www
$ cd /var/www
$ sudo chown root:devb *
$ cd /etc/apache2/sites-available
$ nano 000-default.conf
$ systemctl restart apache2
# -- if you have an earlier installation or even a failed installation
$ sudo rm /var/lib/dpkg/lock
# -- on with the Sawtooth installation
$ sudo apt-key adv --keyserver hkp:// --recv-keys 8AA7AF1F1091A5FD
$ sudo add-apt-repository 'deb xenial universe'
# -- ensure your instance is upto date with the suggested repository
$ sudo apt update
$ sudo apt-get install -y sawtooth
# -- clean up
$ sudo apt autoremove
$ sudo apt search sawtooth
# -- response 
Sorting... Done
Full Text Search... Done
python3-sawtooth-block-info/xenial 1.0.5-1 all
Sawtooth Block Info Transaction Processor
python3-sawtooth-cli/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth CLI
python3-sawtooth-ias-client/xenial 1.0.5-1 all
Sawtooth Intel Attestation Service Client
python3-sawtooth-ias-proxy/xenial 1.0.5-1 all
Sawtooth Intel Attestation Service Proxy
python3-sawtooth-identity/xenial 1.0.5-1 all
Sawtooth Identity Transaction Processor
python3-sawtooth-intkey/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth Intkey Python Example
python3-sawtooth-manage/xenial 0.8.8-1 all
Sawtooth Lake Management Library
python3-sawtooth-poet-cli/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth PoET CLI
python3-sawtooth-poet-common/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth PoET Common Modules
python3-sawtooth-poet-core/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth Core Consensus Module
python3-sawtooth-poet-families/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth Transaction Processor Families
python3-sawtooth-poet-sgx/xenial 1.0.5-1 amd64
Sawtooth PoET SGX Enclave
python3-sawtooth-poet-simulator/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth PoET Simulator Enclave
python3-sawtooth-rest-api/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth REST API
python3-sawtooth-sdk/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth Python SDK
python3-sawtooth-settings/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth Settings Transaction Processor
python3-sawtooth-signing/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth Signing Library
python3-sawtooth-validator/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth Validator
python3-sawtooth-xo/xenial,now 1.0.5-1 all [installed,automatic]
Sawtooth XO Example
sawtooth/xenial,now 1.0.5 all [installed]
Hyperledger Sawtooth Distributed Ledger
sawtooth-intkey-tp-go/xenial 1.0.5 all
Sawtooth Intkey TP Go
sawtooth-noop-tp-go/xenial 1.0.5 all
Sawtooth Noop TP Go
sawtooth-sabre/xenial 0.1.2 amd64
Sawtooth Sabre Transaction Processor
sawtooth-smallbank-tp-go/xenial 1.0.5 all
Sawtooth Smallbank TP Go
sawtooth-xo-tp-go/xenial 1.0.5 all
Sawtooth Go XO TP
$ sawtooth keygen
# -- response
# -- creating key directory: /home/devb/.sawtooth/keys
# -- private key
# -- writing file: /home/devb/.sawtooth/keys/devb.priv
# -- public certificate
# -- writing file: /home/devb/.sawtooth/keys/
$ sudo sawset genesis --key ~/.sawtooth/keys/devb.priv
# -- response
# -- Generated config-genesis.batch
$ sudo sawadm keygen
# -- response
# -- writing file: /etc/sawtooth/keys/validator.priv
# -- writing file: /etc/sawtooth/keys/
  • By default, the config directory is /etc/sawtooth/
  • Sawtooth installation adds a few example files in that folder
  • Its a good start to view the folder and rename or copy the files as extension TOML.
  • TOML files are the same as YAML files. Toml convention used is similar to YAML files. Edit the toml files as necessary.
$ cd /etc/sawtooth
$ sudo cp cli.toml.example cli.toml
$ sudo cp path.toml.example path.toml
$ sudo cp rest_api.toml.example rest_api.toml
$ sudo cp log_config.toml.example log_config.toml
$ sudo cp settings.toml.example settings.toml
$ sudo cp validator.toml.example validator.toml
$ sudo cp xo.toml.example xo.toml
$ sudo systemctl stop sawtooth-validator.service
$ sudo systemctl stop sawtooth-rest-api.service
$ sudo systemctl stop sawtooth-settings-tp.service
$ sudo systemctl stop sawtooth-poet-validator-registry-tp.service
$ exit
$ reboot
$ ssh -i ~/nodejs/alikeys.pem
$ su – devb
# - change the owner of this folder to the user
$ cd /etc/sawtooth
$ sudo chown devb:devb ./
$ sudo chown devb:devb *
$ sudo chown devb:devb .
$ sudo sawtooth-validator -v --endpoint localhost:8800
$ sawtooth-rest-api -v
$ curl http://localhost:8008/blocks
$ netstat -a
# -- Response
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost:8800 *:* LISTEN
tcp 0 0 localhost:4004 *:* LISTEN
tcp 0 0 localhost:8008 *:* LISTEN

Install LetsEncrypt certificates

# --- install lets encrypt
$ sudo apt-get update
$ sudo apt-get autoclean
# --- ./certbot-auto
$ sudo apt-get install letsencrypt
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot
# --- Now get the certificates
$ sudo certbot certonly --webroot -w /var/www/html -d
# --- certificates stored at
# -- /etc/letsencrypt/live/
# -- /etc/letsencrypt/live/

Edit the apache configuration file.

$ sudo nano /etc/apache2/sites-enabled/000-default.conf<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName localhost<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAlias *
ServerAdmin sawtooth@sawtooth
DocumentRoot /var/www/html
RequestHeader set X-Forwarded-Proto "https" Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
ProxyPass /sawtooth http://localhost:8008
ProxyPassReverse /sawtooth http://localhost:8008
RequestHeader set X-Forwarded-Path "/sawtooth"

Now set the Apache with the new sertificates

Restart Apache

$ sudo certbot --apache -d -d
$ sudo apachectl restart


If the validator and REST-API do not show up, it maybe necessary to bring down the services, regenerate the keys and rerun the services.

$ sudo systemctl stop sawtooth-settings-tp
$ sudo systemctl enable sawtooth-settings-tp
$ sudo systemctl stop sawtooth-poet-validator-registry-tp
$ sudo systemctl enable sawtooth-poet-validator-registry-tp
$ sudo systemctl stop sawtooth-validator
$ sudo systemctl enable sawtooth-validator
$ sudo systemctl stop sawtooth-rest-api.service
$ sudo systemctl enable sawtooth-rest-api.service
$ sudo sawadm keygen --force
$ sudo sawadm genesis
$ sudo sawtooth-validator -v --endpoint localhost:8800
$ sawtooth-rest-api -v


Besides installing Hyperledger Sawtooth, this article also walks you through the steps needed to setup Apache and TLS / SSL certificates so you can access the site safely. Sawtooth as such is intended to run behind Apache and does not expose to the external world. Through the reverse proxy you can set the communications to the Sawtooth REST service.

Original Source



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website: