建立超级账本网络(hyperledger fabric)
参考http://www.cnblogs.com/preminem/p/7755411.html
这次部署的是2peer+1orderer的架构。
order | 192.168.155.6 |
peer0 | 192.168.155.4 |
pee1 | 192.168.155.5 |
一、生成MSP证书
使用cryptogen工具生成证书。MSP证书是超级账本网络实体的身份标识,实体在通信和交易时使用证书进行签名和验证。生产证书需要crypto-config.yaml文件。关于此文件的内容介绍和最终修改结果如下:
# --------------------------------------------------------------------------- # "OrdererOrgs" - 定义排序节点的组织 # --------------------------------------------------------------------------- OrdererOrgs: # --------------------------------------------------------------------------- # 排序节点的名称和域名 # --------------------------------------------------------------------------- - Name: Orderer Domain: example.com # --------------------------------------------------------------------------- # "Specs" - 手动定义节点名称,命名规范:{{.hostname}}.{{.Domain}} # --------------------------------------------------------------------------- Specs: - Hostname: orderer # --------------------------------------------------------------------------- # "PeerOrgs" - 定义Peer节点的组织 # --------------------------------------------------------------------------- PeerOrgs: # --------------------------------------------------------------------------- # Org1 # --------------------------------------------------------------------------- - Name: Org1 Domain: org1.example.com # --------------------------------------------------------------------------- # "Template" 按模板生成peer节点的MSP证书,默认生成的peer节点名称为:peer{{.Index}}.{{.Domain}} # Index是从start到count-1,默认为0 # --------------------------------------------------------------------------- Template: Count: 1 # Start: 5 # Hostname: {{.Prefix}}{{.Index}} # default # --------------------------------------------------------------------------- # "Users" # --------------------------------------------------------------------------- # Count: 除了admin,默认生成的用户数 # --------------------------------------------------------------------------- Users: Count: 1 # --------------------------------------------------------------------------- # Org2: # --------------------------------------------------------------------------- - Name: Org2 Domain: org2.example.com Template: Count: 1 Users: Count: 1
根据这个文件可以为组织和其中的成员生成数字证书和签名密钥,生成的文件都保存到crypto-config文件夹:
cryptogen generate --config=./crypto-config.yaml
二、生成排序服务的创世区块
生成创世区块依赖文件configtx.yaml。configtx.yaml这个文件里面配置了由2个Org参与的Orderer共识配置TwoOrgsOrdererGenesis,以及由2个Org 参与的Channel配置:TwoOrgsChannel。Orderer可以设置共识的算法是Solo还是Kafka,以及共识时区块大小,超时时间 等,我们使用默认值即可,不用更改。而Peer节点的配置包含了MSP的配置,锚节点的配置。如果我们有更多的Org,或者有更多的Channel,那么 就可以根据模板进行对应的修改。
export FABRIC_CFG_PATH=$PWD
configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
TwoOrgsOrdererGenesis为configtx.yaml中的profiles之一。
./channel-artifacts/genesis.block为生成的创世块的文件名及保存位置。
三、生成通道配置创世区块
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID mychannel
mychannel为通道名称
TwoOrgsChannel为configtx.yaml中的profiles之一。
四、生成组织锚节点
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID mychannel -asOrg Org1MSP
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID mychannel -asOrg Org2MSP
其中Org1MSP,Org2MSP为组织名称,在configtx.yaml中有设置。
最终,我们在channel-artifacts文件夹中,应该是能够看到4个文件。
channel-artifacts/
├── channel.tx
├── genesis.block
├── Org1MSPanchors.tx
└── Org2MSPanchors.tx
五、启动超级账本网络
使用docker-compose启动超级账本网络。需要用到的配置文件是docker-compose-cli.yaml。通过修改此文件使其满足需求,该文件定义了1个排序服务节点,4个peer节点,一个命令行容器cli。默认通过和peer0.org1.example.com通信。通过切换环境变量来和其他节点通信。
1 、修改基础配置文件
peer和orderder的基础配置文件在base文件里面。
因为我们只有两个组织,每个组织只有一个peer,所以只需修改base/docker-compose-base.yaml文件,删除 peer1.org1.example.com和peer1.org2.example.com。另外在单击模式下,4个peer会映射主机不同的端口, 但是我们在多机部署的时候是不需要映射不同端口的,所以将所有peer的端口映射都改为相同的,修改完成的docker-compose- base.yaml文件如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
ports:
- 7050:7050
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 7051:7051
- 7052:7052
- 7053:7053
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org2.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 7051:7051
- 7052:7052
- 7053:7053
2、设置orderer节点的docker-compose文件
cp docker-compose-cli.yaml docker-compose-orderer.yaml
orderer服务器上我们只需要保留order设置,其他peer和cli设置都可以删除。orderer配置文件如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
orderer.example.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com
3、设置peer节点的docker-compose文件
先为peer0.org1.example.com配置,与创建orderer的配置文件类似,我们也复制一个yaml文件出来进行修改:
cp docker-compose-cli.yaml docker-compose-peer0org1.yaml
去掉orderer的配置,只保留一个peer和cli,因为我们要多级部署,节点与节点之前又是通过主机名通讯,所以需要修改容器中的host文 件,也就是extra_hosts设置。因为之后我们要连接couchdb,所以这里加入couchdb的配置,这里的192.168.155.4:5984是我 映射CouchDB后的Linux的IP地址和IP,然后是设置用户名和密码。
同样,cli也需要能够和各个节点通讯,所以cli下面也需要添加extra_hosts设置,去掉无效的依赖,并且去掉command这一行,因为我们是每个peer都会有个对应的客户端,也就是cli,所以我只需要去手动执行一次命令,而不是自动运行。
修改后的配置文件如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
peer0.org1.example.com:
container_name: peer0.org1.example.com
environment:
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=192.168.155.4:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=password
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.example.com
extra_hosts:
- "orderer.example.com:192.168.155.6"
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ../chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org1.example.com
extra_hosts:
- "orderer.example.com:192.168.155.6"
- "peer0.org1.example.com:192.168.155.4"
- "peer0.org2.example.com:192.168.155.5"
为peer0.org2.example.com配置文件,根据peer0.org1.example.com修改即可
cp docker-compose-peer0org1.yaml docker-compose-peer0org2.yaml
修改后的配置文件如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
peer0.org2.example.com:
container_name: peer0.org2.example.com
environment:
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=192.168.155.5:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=password
extends:
file: base/docker-compose-base.yaml
service: peer0.org2.example.com
extra_hosts:
- "orderer.example.com:192.168.155.6"
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ../chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org2.example.com
extra_hosts:
- "orderer.example.com:192.168.155.6"
- "peer0.org1.example.com:192.168.155.4"
- "peer0.org2.example.com:192.168.155.5"
六、启动orderer节点
在orderer服务器上运行:
cd ~/go/src/github.com/hyperledger/fabric/examples/e2e_cli
docker-compose -f docker-compose-orderer.yaml up -d
运行完毕后我们可以使用docker ps看到运行了一个名字为orderer.example.com的容器。
七、启动peer节点
1、安装和运行couchdb
docker run -p 5984:5984 -d --name my-couchdb -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -v ~/couchdb:/opt/couchdb/data klaemo/couchdb
启动后我们打开浏览器,访问peer0.org1的IP的5984端口的URL,peer0.org1的IP是192.168.155.4,那么URL是:
http://192.168.155.4:5984/_utils
这个时候我们就可以看到CouchDB的Web管理界面了。输入用户名admin密码password即可进入。
2、启动peer节点和CLI容器
命令为:
cd ~/go/src/github.com/hyperledger/fabric/examples/e2e_cli
docker-compose -f docker-compose-peer0org1.yaml up –d
运行完毕后我们使用docker ps应该可以看到3个正在运行的容器。
接下来到peer0.org2.example.com服务器。运行相同的命令:
mkdir couchdb
docker run -p 5984:5984 -d --name my-couchdb -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -v ~/couchdb:/opt/couchdb/data klaemo/couchdb
cd ~/go/src/github.com/hyperledger/fabric/examples/e2e_cli
docker-compose -f docker-compose-peer0org2.yaml up –d
现在我们整个Fabric网络已经成型,接下来是创建channel和运行ChainCode。
八、创建channel
我们到peer0.org1.example.com服务器上,使用该服务器上的cli来运行创建Channel和运行ChainCode的操作。先用以下命令进入CLI内部Bash:
docker exec -it cli bash
创建Channel的命令是peer channel create,我们前面创建Channel的配置区块时,指定了Channel的名字是mychannel,那么这里我们必须创建同样名字的Channel。
ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem peer channel create -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/channel.tx --tls true --cafile $ORDERER_CA
执行该命令后,系统会提示:
2017-10-30 18:30:35.210 UTC [channelCmd] readBlock -> DEBU 020 Received block:0
系统会在cli内部的当前目录创建一个mychannel.block文件,这个文件非常重要,接下来其他节点要加入这个Channel就必须使用这个文件。
九、各个peer加入channel
还是在peer0.org1的CLI上,我们要将这个Peer加入mychannel就很简单,只需要运行如下命令:
peer channel join -b mychannel.block
系统返回消息:
2017-10-30 18:40:21.405 UTC [channelCmd] executeJoin -> INFO 006 Peer joined the channel!
修改cli的环境变量,使其指向peer0.org2
CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051
peer channel join -b mychannel.block
这样peer0.org1和peer0.org2就都已经加入channel了。
注:这一切都是我在peer0.org1的cli内完成的,这是由于加入channel依赖 [channel-ID].block文件,而且在peer0.org1服务器的cli内也留有了peer0.org2的证书文件,因此两个节点的加入都在一个cli内完成了。其实当一个节点创建channel以后可以把[channel-ID].block文件从容器内拷贝到主机,再分发给其他节点,这样其他节点就可以通过[channel-ID].block加入channel了。当cli容器被销毁时该容器下所有的文件都会被销毁,但是如果备份了[channel-ID].block,那么即使所有的peer和cli被销毁了,也可以再次通过[channel-ID].block加入channel、同步区块。
十、更新锚节点
关于AnchorPeer,其实我的每个组织只有一个peer节点,所以更新不更新锚节点也不重要。
对于Org1来说,peer0.org1是锚节点,我们需要切换到peer0.org1服务器上并更新锚节点:
另外对于Org2,peer0.org2是锚节点,切换到peer0.org2服务器上然后执行如下命令:
CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp CORE_PEER_ADDRESS=peer0.org2.example.com:7051 peer channel update -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/Org2MSPanchors.tx --tls true --cafile $ORDERER_CA
结束。