With the scale-down operation, you can remove the Replica and Client nodes from the existing VMware Blockchain topology when they are not needed.

The supported node configuration for scaling down is from n=10(f=3) to n=7(f=2) or n=4 (f=1). The Concord operator container must generate the new configuration for the selected nodes to scale down the number of nodes in a Replica Network. The new reconfiguration contains IP addresses, public keys, and certificates for the remaining Replica and Client nodes.

The scale down process is not successful under the following scenarios:

  • The TLS keys have changed

  • Replica node VMs have moved to a different VM



  1. SSH into the VMware Blockchain Orchestrator appliance.
  2. Enter the login credentials for the blockchain user account.
  3. Navigate to the /home/blockchain directory.
  4. Create a reconfigure scale down descriptor JSON file and set the parameter values in the descriptor directory.
  5. Validate your deployment descriptor file semantics against the deployment-descriptor-v1.schema.
  6. Validate that the credentials, network name, and folder name are correctly populated to avoid errors.
    docker-compose -f docker-compose-orchestrator.yml up
  7. Encrypt and redirect the infrastructure and the deployment descriptor files for added security.
    1. Encrypt the infrastructure_descriptor.json file.
      $HOME/descriptors > ansible-vault encrypt infrastructure_descriptor.json
      New Vault password:
      Confirm New Vault password:
      Encryption successful
    2. Encrypt the deployment_descriptor.json file.
      $HOME/descriptors > ansible-vault encrypt deployment_descriptor.json
      New Vault password:
      Confirm New Vault password:
      Encryption successful
    3. Configure the two environment variable values.
      • ORCHESTRATOR_OUTPUT_DIR - The output directory where the output file is written.


    4. Run the secure-orchestrator.sh script from the orchestrator_runtime directory.

      The script creates temporary files.

      • /dev/shm/orchestrator-awsIGoa0JA/infra_descriptor

      • /dev/shm/orchestrator-awsIGoa0JA/deployment_descriptor

    5. Redirect the decrypted infrastructure_descriptor.json to the infrastructure_descriptor file location.

      Use the vault password used to encrypt the infrastructure_descriptor.json file.

      ansible-vault view $HOME/descriptors/infrastructure_descriptor.json > /dev/shm/orchestrator-awsIGoa0JA/infra_descriptor
    6. Redirect the decrypted deployment_descriptor.json to the deployment_descriptor file location.

      Use the vault password used to encrypt the deployment_descriptor.json file.

      ansible-vault view $HOME/descriptors/deployment_descriptor.json > /dev/shm/orchestrator-awsIGoa0JA/deployment_descriptor

      After the script completes running, the temporary files are deleted.

    7. (Optional) If the script fails or the secure_orchestrator.sh script is terminated, delete the temporary folder under the /dev/shm/orchestrator-* directory.
  8. Run the VMware Blockchain Orchestrator reconfigure script.
    docker-compose -f docker-compose-orchestrator.yml up

    The VMware Blockchain Orchestrator output file includes the session ID for the new node configuration.

  9. Stop all the applications that invoke the connection requests to the Daml Ledger in the original deployment.
  10. Stop the Client nodes.
    curl -X POST
  11. Identify the reconfiguration ID in the /home/blockchain/output directory.

    Reconfiguration Id: 626fdcfc-9c9c-4c25-b210-9e71c471e3cb

  12. Replace the old configuration ID with the reconfiguration ID in the /config/agent/config.json file.
  13. Log in to the scaled down blockchain configuration.

    The command stops the Replica nodes and downloads the new configuration on the Replica nodes.

    ./concop network-reconf addRemove-execute --configuration NEW_CONFIGURATION_ID \
                                              --auto \     #get the new configuration
                                              --restart \  #restart the replicas automatically
                                           #  --bft     \   # if you need n-f reconfiguration 
                                           #  --tokens   "{ \"node1_id\" : \"token\", \"node2_id\" : \"token\", ...}"
  14. Stop and shut down the Replica nodes removed from the blockchain topology.
    curl -X POST
    docker stop agent
    sudo shutdown -h
  15. Shut down the agent on the Client nodes removed from the blockchain topology.
    docker stop agent
    sudo shutdown -h
  16. Start the remaining Client nodes and agents.
    curl -X POST
    docker restart agent
  17. Download the new configuration on the Client nodes.
    curl -ik -X POST<new-config-ID>
  18. Start the Client node containers.
    curl -ik -X POST -H "content-type: application/json" --data '{ "containerNames" : ["all"] }' http://localhost:8546/api/node/restart

    If the containers do not start, use the start command curl -X POST