博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

Hyperledger fabric 1.3版本的安装部署(原创多机多Orderer部署

Posted on 2018-10-27 11:29  懒人ABC  阅读(3084)  评论(0编辑  收藏  举报

首先,我们在安装前,要考虑一个问题

Hyperledger Fabric,通过指定的节点进行背书授权,才能完成交易的存储

延伸开来,就是为了实现容错、高并发、易扩展,需要zookeeper来选择排序引擎处理记账的唯一性

我们这里选择kafka排序引擎并通过Kafka集群和zookeeper集群保证数据的一致性,实现排序功能

同时,为了排序服务器的稳定,采取多Orderer集群实现容错空间,

为此,我们采用了最基础的配置方案:两个组织,四个节点

两个CA服务器,三个Zookeeper服务器,四个Kafka服务器,3个Orderer服务器,4个Peer服务器

大家一看到这么多服务器,可能会吓一跳,那我们就把这些服务器优化一下,变成如下:

192.168.10.10:

ca.org1.chaincode.yourdomain,zookeeper0,kafka0,orderer0.chaincode.yourdomain,peer0.org1.chaincode.yourdomain

192.168.10.11:

ca.org2.chaincode.yourdomain,zookeeper1,kafka1,orderer1.chaincode.yourdomain,peer0.org2.chaincode.yourdomain

192.168.10.12:

zookeeper2,kafka2,orderer2.chaincode.yourdomain,peer1.org1.chaincode.yourdomain

192.168.10.13:

kafka3,peer1.org2.chaincode.yourdomain

这样就只要4台服务器了

其中分成两个组织,主要目的是告诉你,这个东西是可以把群体进行划分的,就像三层交换机里的vlan一样,

另外两个ca服务器主要是为了把组织的访问权限分离出来控制

还有就是把账本节点分别设置为peer0.org1,peer1.org1属于组织1,peer0.org2,peer1.org2属于组织2

如果比较难理解,那就把公司里的电脑当做peer,org当做不同部门,只要权限有,peer0.org1,peer0.org2,peer1.org1,peer1.org2是互通的(当然在业务范围内,这里只是举个例子),同时大家都可以保存同一个文件,

这里有一个细节,那就是要指定背书节点,否则公司里电脑太多了,你要每台电脑都去判断一下某一个文件有没有被修改,是不太合理的。这里我们会指定peer0.org1,peer0.org2作为背书节点,其他的自动同步新的更新(如果是跨公司有同一个业务,也可以指定各自公司的背书节点,防止一方对数据进行篡改)。

说了整体的框架,那么下面我们就来部署吧:

一、基础资料安装

首先我的服务器是Centos7.0,所以大家相关的命令自己调整哦

因为该服务器有两个磁盘,分别用于区块链和工作代码
挂载数据盘
fdisk -l 查看磁盘状态
fdisk /dev/vdb 格式化第一个数据盘
根据提示,输入n,p,1,回车,回车,wq
紧接着输入命令mkfs.ext3 /dev/vdb1,格式化磁盘,耐心等待即可
挂载数据盘到指定目录
mkdir /chaincode,然后输入mount /dev/vdb1 /chaincode
然后写入分区表:echo '/dev/vdb1 /chaincode ext3 defaults 0 0'>>/etc/fstab
磁盘挂载成功
fdisk /dev/vdc 格式化第一个数据盘
根据提示,输入n,p,1,回车,回车,wq
紧接着输入命令mkfs.ext3 /dev/vdc1,格式化磁盘,耐心等待即可
挂载数据盘到指定目录
mkdir /workspace,然后输入mount /dev/vdc1 /workspace
然后写入分区表:echo '/dev/vdc1 /workspace ext3 defaults 0 0'>>/etc/fstab
磁盘挂载成功
 
步骤1:关闭防火墙
#systemctl stop firewalld.service
#systemctl disable firewalld.service
设置安全
vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
#SELINUXTYPE=targeted
步骤2:更新系统
yum update
步骤2:删除旧版本的docker
yum remove docker  docker-common docker-selinux docker-engine
步骤3:安装需要的软件包, yum-util 提供yum-config-manager功能,另外两个是devicemapper驱动依赖的
yum install -y yum-utils device-mapper-persistent-data lvm2 wget unzip
安装上传下载工具
yum install lrzsz
步骤4:设置yum源
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
步骤5:查看所有仓库中所有DOCKER版本
yum list docker-ce --showduplicates | sort -r
步骤6:安装最新版本DOCKER社区版本
yum install docker-ce -y
2.安装docker-compose(一个部署多个容器的简单但是非常必要的工具, (用于 docker 容器服务统一管理 编排))
步骤1:确认是否已经python-pip
pip -V
步骤2:安装python-pip
yum -y install epel-release
yum install python-pip -y
pip install --upgrade pip
步骤3:安装docker-compose
[root@localhost ~]#pip install docker-compose
[root@localhost ~]# docker-compose -version
docker-compose version 1.22.0, build f46880f
[root@localhost ~]#systemctl start docker
[root@peer0org1 ~]# systemctl enable docker
3.安装git-2.3.0
mkdir /opt/soft
cd /opt/soft
# yum install curl-devel expat-devel gettext-devel openssl-devel zlib-devel gcc perl-ExtUtils-MakeMaker
# wget https://github.com/git/git/archive/v2.3.0.zip
# unzip v2.3.0.zip
# cd git-2.3.0/
# make prefix=/usr/local/git all
# make prefix=/usr/local/git install
# vi /etc/profile
然后在文件的最后一行,添加下面的内容,然后保存退出。
export PATH=/usr/local/git/bin:$PATH
# source /etc/profile
# git version
git version 2.3.0
4.Golang (用于 fabric cli 服务的调用, ca 服务证书生成 )
[root@localhost ~]# mkdir -p /opt/soft/golang
[root@localhost golang]# wget https://studygolang.com/dl/golang/go1.11.linux-amd64.tar.gz
[root@localhost golang]#  tar -C /usr/local -xzf go1.11.linux-amd64.tar.gz

[root@localhost ~]# vi /etc/profile
添加如下
# golang env
export PATH=$PATH:/usr/local/go/bin
export GOROOT=/usr/local/go
export GOPATH=/workspace/golang
export PATH=/usr/local/git/bin:$PATH
[root@localhost ~]# source /etc/profile
[root@localhost ~]# go version
go version go1.10 linux/amd64

接下来配置各个服务器的域名解析:

vi /etc/hosts

写入以下内容:

192.168.10.10 ca.org1.chaincode.yourdomain orderer0.chaincode.yourdomain peer0.org1.chaincode.yourdomain
192.168.10.11 ca.org2.chaincode.yourdomain orderer1.chaincode.yourdomain peer0.org2.chaincode.yourdomain
192.168.10.12 orderer2.chaincode.yourdomain peer1.org1.chaincode.yourdomain
192.168.10.13 peer1.org2.chaincode.yourdomain

红色部分改成你自己的域名哦

/etc/init.d/network restart

 

5.下载fabric源码
[root@localhost ~]# mkdir -p /workspace/golang/src/github.com/hyperledger
[root@localhost ~]# cd /workspace/golang/src/github.com/hyperledger
[root@localhost hyperledger]# git clone https://github.com/hyperledger/fabric.git
[root@localhost hyperledger]# cd fabric/
[root@localhost fabric]# git checkout v1.3.0
显示如下:
Note: checking out 'v1.3.0'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
  git checkout -b new_branch_name
HEAD 目前位于 5017e4d... FAB-12206 Hyperledger Fabric 1.3.0 release
 
6.镜像下载
步骤1:启动docker服务
[root@localhost hyperledger_cli]# systemctl restart docker
# systemctl enable docker
步骤2:下载镜像
因为下载的Fabric源码里的download-dockerimages.sh里的版本是老的,所以改成下面我写的

我们开始使用fabric,要下载指定版本的源码以及配套的指定版本的镜像文件。
首先打开网址   https://hub.docker.com/r/hyperledger/
例如,可以看到所有的hyperledger的镜像,点击fabric-peer,跳转到
https://hub.docker.com/r/hyperledger/fabric-peer/
点击页面中的tag,可以看到历史的tag 纪录 
我们取最新的tag    amd64-1.3.0
在docker环境中执行 docker pull hyperledger/fabric-peer:amd64-1.3.10
即可下载指定tag的镜像文件了。
[root@localhost fabric]# cd examples/e2e_cli/
[root@localhost e2e_cli]# source download-dockerimages.sh -c latest -f latest

因为直接执行download-dockerimages.sh脚本会在下载fabric-javaenv:latest这个镜像时会卡住,
这是因为目前hyperledger的镜像仓库里的fabric-javaenv镜像还没有latest的tag,
可以自行在docker.hub下搜索fabric-javaenv下最新的tag,
我已经把所有要下载的镜像都重新定义了:
dockerFabricPull() {
  echo "==> FABRIC IMAGE: peer"
  echo
  docker pull hyperledger/fabric-peer:amd64-1.3.0
  docker tag hyperledger/fabric-peer:amd64-1.3.0 hyperledger/fabric-peer
  echo "==> FABRIC IMAGE: orderer"
  echo
  docker pull hyperledger/fabric-orderer:amd64-1.3.0
  docker tag hyperledger/fabric-orderer:amd64-1.3.0 hyperledger/fabric-orderer
  echo "==> FABRIC IMAGE: couchdb"
  echo
  docker pull hyperledger/fabric-couchdb:amd64-0.4.14
  docker tag hyperledger/fabric-couchdb:amd64-0.4.14 hyperledger/fabric-couchdb
  echo "==> FABRIC IMAGE: ccenv"
  echo
  docker pull hyperledger/fabric-ccenv:amd64-1.3.0
  docker tag hyperledger/fabric-ccenv:amd64-1.3.0 hyperledger/fabric-ccenv
  echo "==> FABRIC IMAGE: javaenv"
  echo
  docker pull hyperledger/fabric-javaenv:amd64-1.3.0
  docker tag hyperledger/fabric-javaenv:amd64-1.3.0 hyperledger/fabric-javaenv 
 
  echo "==> FABRIC IMAGE: kafka"
  echo
  docker pull hyperledger/fabric-kafka:amd64-0.4.14
  docker tag hyperledger/fabric-kafka:amd64-0.4.14 hyperledger/fabric-kafka 
   
  echo "==> FABRIC IMAGE: tools"
  echo
  docker pull hyperledger/fabric-tools:amd64-1.3.0
  docker tag hyperledger/fabric-tools:amd64-1.3.0 hyperledger/fabric-tools  
 
  echo "==> FABRIC IMAGE: zookeeper"
      echo
  docker pull hyperledger/fabric-zookeeper:amd64-0.4.14
  docker tag hyperledger/fabric-zookeeper:amd64-0.4.14 hyperledger/fabric-zookeeper
 
}
替换后,然后重新执行就可以拉取到所需的全部镜像
 
如果要删除镜像,可以执行以下命令:
[root@localhost e2e_cli]# docker rmi -f  $(docker images -q)

7. 打包并压缩镜像

每台机器上都要下载这些镜像,因为不同的机器按照我们的规划,要部署不同的服务上去,偷懒一点就所有的都复制过去吧
[root@localhost e2e_cli]# docker save $(docker images | grep latest |awk {'print $1'} ) -o images

8. 传送给其他服务器(peer0.org2,peer1.org1,peer1.org2)
[root@localhost e2e_cli]# scp images root@192.168.10.11:/root/
[root@localhost e2e_cli]# scp images root@192.168.10.12:/root/
[root@localhost e2e_cli]# scp images root@192.168.10.13:/root/

在各自服务器上执行

docker load -i images

就可以加载所有镜像了,不过这个images的路径根据你自己执行的位置进行改动吧

9. 接下来,我们就要创建公私钥、证书、创世区块等

目录结构说明:
base
存放配置提炼的公有部分,有两个文件,分别为docker-compose-base.yaml和peer-base.yaml
channel-artifacts
存放生成的通道和创世纪块等文件,包括有channel.tx、genesis.block、Org1MSPanchors.tx和Org2MSPanchors.tx
crypto-config
存放生成的公私钥和证书等文件
scripts
只有一个script.sh文件,该文件是案例的运行功能的集合,运行后会自动执行全部功能,直到完成
configtx.yaml
通道配置文件
crypto-config.yaml
生成的公私钥和证书的配置文件
docker-compose-cli.yaml
Fabric网络Docker运行配置文件
download-dockerimages.sh
下载Fabric镜像执行文件
generateArtifacts.sh
生成公私钥和证书的执行文件
network_setup.sh
案例运行的入口文件

这些看懂了就好,

在orderer0.chaincode.jzyb2b.com节点上,执行以下命令:
[root@orderer e2e_cli]# source generateArtifacts.sh xinhong.test
将会生成channel-artifacts文件夹,里面包含了mychannel这个通道相关的文件,另外还有一个crypto-config文件夹,里面包含了各个节点的公私钥和证书的信息。
Generate certificates using cryptogen tool
org1.chaincode.jzyb2b.com
org2.chaincode.jzyb2b.com
Generate idemix crypto material using idemixgen tool
Generating Orderer Genesis block
Generating channel configuration transaction 'channel.tx'
Generating anchor peer update for Org1MSP
Generating anchor peer update for Org2MSP
它是如何工作的?
Cryptogen使用crypto-config.yaml,并允许我们为组织和属于这些组织的组件生成一组证书和密钥。
每个组织都配置了唯一的根证书(ca-cert),它将特定组件(peers和orders)绑定到该组织。
通过为每一个组织分配唯一的CA证书,我们正在模仿一个典型的网络,这个网络中的成员将使用自己的证书颁发机构。
Hyperledger Fabric中的交易和通信是通过存储在keystore中的实体的私钥签名,然后通过公钥手段进行验证(signcerts)。
你将注意到在这个文件里有一个count变量。我们将使用它来指定每个组织中peer的数量;在我们的例子中,每个组织有两个peer。
这里贴一下相关配置信息,免得你们忘了,最后执行不成功:
crypto-config.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
  # ---------------------------------------------------------------------------
  # Orderer
  # ---------------------------------------------------------------------------
  - Name: Orderer
    Domain: chaincode.yourdomain
    CA:
        Country: CN
        Province: Zhejiang
        Locality: Yiwu
    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer0
      - Hostname: orderer1
      - Hostname: orderer2
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
  # ---------------------------------------------------------------------------
  # Org1
  # ---------------------------------------------------------------------------
  - Name: Org1
    Domain: org1.chaincode.yourdomain
    EnableNodeOUs: true
    CA:
        Country: CN
        Province: Zhejiang
        Locality: Yiwu
    # ---------------------------------------------------------------------------
    # "Specs"
    # ---------------------------------------------------------------------------
    # Uncomment this section to enable the explicit definition of hosts in your
    # configuration.  Most users will want to use Template, below
    #
    # Specs is an array of Spec entries.  Each Spec entry consists of two fields:
    #   - Hostname:   (Required) The desired hostname, sans the domain.
    #   - CommonName: (Optional) Specifies the template or explicit override for
    #                 the CN.  By default, this is the template:
    #
    #                              "{{.Hostname}}.{{.Domain}}"
    #
    #                 which obtains its values from the Spec.Hostname and
    #                 Org.Domain, respectively.
    # ---------------------------------------------------------------------------
    # Specs:
    #   - Hostname: foo # implicitly "foo.org1.example.com"
    #     CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
    #   - Hostname: bar
    #   - Hostname: baz
    # ---------------------------------------------------------------------------
    # "Template"
    # ---------------------------------------------------------------------------
    # Allows for the definition of 1 or more hosts that are created sequentially
    # from a template. By default, this looks like "peer%d" from 0 to Count-1.
    # You may override the number of nodes (Count), the starting index (Start)
    # or the template used to construct the name (Hostname).
    #
    # Note: Template and Specs are not mutually exclusive.  You may define both
    # sections and the aggregate nodes will be created for you.  Take care with
    # name collisions
    # ---------------------------------------------------------------------------
    Template:
      Count: 2
      # Start: 5
      # Hostname: {{.Prefix}}{{.Index}} # default
    # ---------------------------------------------------------------------------
    # "Users"
    # ---------------------------------------------------------------------------
    # Count: The number of user accounts _in addition_ to Admin
    # ---------------------------------------------------------------------------
    Users:
      Count: 2
  # ---------------------------------------------------------------------------
  # Org2: See "Org1" for full specification
  # ---------------------------------------------------------------------------
  - Name: Org2
    Domain: org2.chaincode.yourdomain
    EnableNodeOUs: true
    CA:
        Country: CN
        Province: Zhejiang
        Locality: Yiwu
    Template:
      Count: 2
    Users:
      Count: 2

  configtx.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

---
################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################
Organizations:

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &OrdererOrg
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrdererOrg

        # ID to load the MSP definition as
        ID: OrdererMSP

        # MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/chaincode.jzyb2b.com/msp

        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('OrdererMSP.admin')"

    - &Org1
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: Org1MSP

        # ID to load the MSP definition as
        ID: Org1MSP

        MSPDir: crypto-config/peerOrganizations/org1.chaincode.jzyb2b.com/msp

        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('Org1MSP.admin')"

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.org1.chaincode.jzyb2b.com
              Port: 7051

    - &Org2
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: Org2MSP

        # ID to load the MSP definition as
        ID: Org2MSP

        MSPDir: crypto-config/peerOrganizations/org2.chaincode.jzyb2b.com/msp

        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('Org2MSP.admin')"

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.org2.chaincode.jzyb2b.com
              Port: 7051

################################################################################
#
#   SECTION: Capabilities
#
#   - This section defines the capabilities of fabric network. This is a new
#   concept as of v1.1.0 and should not be utilized in mixed networks with
#   v1.0.x peers and orderers.  Capabilities define features which must be
#   present in a fabric binary for that binary to safely participate in the
#   fabric network.  For instance, if a new MSP type is added, newer binaries
#   might recognize and validate the signatures from this type, while older
#   binaries without this support would be unable to validate those
#   transactions.  This could lead to different versions of the fabric binaries
#   having different world states.  Instead, defining a capability for a channel
#   informs those binaries without this capability that they must cease
#   processing transactions until they have been upgraded.  For v1.0.x if any
#   capabilities are defined (including a map with all capabilities turned off)
#   then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
    # Channel capabilities apply to both the orderers and the peers and must be
    # supported by both.
    # Set the value of the capability to true to require it.
    Channel: &ChannelCapabilities
        # V1.3 for Channel is a catchall flag for behavior which has been
        # determined to be desired for all orderers and peers running at the v1.3.x
        # level, but which would be incompatible with orderers and peers from
        # prior releases.
        # Prior to enabling V1.3 channel capabilities, ensure that all
        # orderers and peers on a channel are at v1.3.0 or later.
        V1_3: true

    # Orderer capabilities apply only to the orderers, and may be safely
    # used with prior release peers.
    # Set the value of the capability to true to require it.
    Orderer: &OrdererCapabilities
        # V1.1 for Orderer is a catchall flag for behavior which has been
        # determined to be desired for all orderers running at the v1.1.x
        # level, but which would be incompatible with orderers from prior releases.
        # Prior to enabling V1.1 orderer capabilities, ensure that all
        # orderers on a channel are at v1.1.0 or later.
        V1_1: true

    # Application capabilities apply only to the peer network, and may be safely
    # used with prior release orderers.
    # Set the value of the capability to true to require it.
    Application: &ApplicationCapabilities
        # V1.3 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.3.
        V1_3: true
        # V1.2 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.2 (note, this need not be set if
        # later version capabilities are set)
        V1_2: false
        # V1.1 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.1 (note, this need not be set if
        # later version capabilities are set).
        V1_1: false

################################################################################
#
#   SECTION: Application
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults

    # Organizations is the list of orgs which are defined as participants on
    # the application side of the network
    Organizations:

    # Policies defines the set of policies at this level of the config tree
    # For Application policies, their canonical path is
    #   /Channel/Application/<PolicyName>
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    # Capabilities describes the application level capabilities, see the
    # dedicated Capabilities section elsewhere in this file for a full
    # description
    Capabilities:
        <<: *ApplicationCapabilities

################################################################################
#
#   SECTION: Orderer
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults

    # Orderer Type: The orderer implementation to start
    # Available types are "solo" and "kafka"
    OrdererType: kafka

    Addresses:
        - orderer0.chaincode.yourdomain:7050
        - orderer1.chaincode.yourdomain:7050
        - orderer2.chaincode.yourdomain:7050        

    # Batch Timeout: The amount of time to wait before creating a batch
    BatchTimeout: 2s

    # Batch Size: Controls the number of messages batched into a block
    BatchSize:

        # Max Message Count: The maximum number of messages to permit in a batch
        MaxMessageCount: 10

        # Absolute Max Bytes: The absolute maximum number of bytes allowed for
        # the serialized messages in a batch.
        AbsoluteMaxBytes: 98 MB

        # Preferred Max Bytes: The preferred maximum number of bytes allowed for
        # the serialized messages in a batch. A message larger than the preferred
        # max bytes will result in a batch larger than preferred max bytes.
        PreferredMaxBytes: 512 KB

    Kafka:
        # Brokers: A list of Kafka brokers to which the orderer connects. Edit
        # this list to identify the brokers of the ordering service.
        # NOTE: Use IP:port notation.
        Brokers:
            - kafka0:9092
            - kafka1:9092
            - kafka2:9092
            - kafka3:9092

    # Organizations is the list of orgs which are defined as participants on
    # the orderer side of the network
    Organizations:

    # Policies defines the set of policies at this level of the config tree
    # For Orderer policies, their canonical path is
    #   /Channel/Orderer/<PolicyName>
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        # BlockValidation specifies what signatures must be included in the block
        # from the orderer for the peer to validate it.
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"

    # Capabilities describes the orderer level capabilities, see the
    # dedicated Capabilities section elsewhere in this file for a full
    # description
    Capabilities:
        <<: *OrdererCapabilities

################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
    # Policies defines the set of policies at this level of the config tree
    # For Channel policies, their canonical path is
    #   /Channel/<PolicyName>
    Policies:
        # Who may invoke the 'Deliver' API
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        # Who may invoke the 'Broadcast' API
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        # By default, who may modify elements at this config level
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"


    # Capabilities describes the channel level capabilities, see the
    # dedicated Capabilities section elsewhere in this file for a full
    # description
    Capabilities:
        <<: *ChannelCapabilities

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

    TwoOrgsOrdererGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
                    - *Org2
                    
    TwoOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2

base/docker-compose-base.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:
  zookeeper:
    image: hyperledger/fabric-zookeeper
    restart: always
    ports:
      - 2181:2181
      - 2888:2888
      - 3888:3888
    extra_hosts:
      - "zookeeper0:192.168.10.10"
      - "zookeeper1:192.168.10.11"
      - "zookeeper2:192.168.10.12"
      - "kafka0:192.168.10.10"
      - "kafka1:192.168.10.11"
      - "kafka2:192.168.10.12"
      - "kafka3:192.168.10.13"
      
  kafka:
    image: hyperledger/fabric-kafka
    restart: always
    environment:
      - KAFKA_MESSAGE_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
      - KAFKA_REPLICA_FETCH_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
      - KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
    ports:
      - 9092:9092
    extra_hosts:
      - "zookeeper0:192.168.10.10"
      - "zookeeper1:192.168.10.11"
      - "zookeeper2:192.168.10.12"
      - "kafka0:192.168.10.10"
      - "kafka1:192.168.10.11"
      - "kafka2:192.168.10.12"
      - "kafka3:192.168.10.13"      

  orderer0.chaincode.yourdomain:
    container_name: orderer0.chaincode.yourdomain
    image: hyperledger/fabric-orderer
    environment:
      - ORDERER_GENERAL_LOGLEVEL=debug
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_KAFKA_RETRY_LONGINTERVAL=10s 
      - ORDERER_KAFKA_RETRY_LONGTOTAL=100s      
      - ORDERER_KAFKA_RETRY_SHORTINTERVAL=1s
      - ORDERER_KAFKA_RETRY_SHORTTOTAL=30s
      - ORDERER_KAFKA_VERBOSE=true
    working_dir: /workspace/golang/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
    - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
    - ../crypto-config/ordererOrganizations/chaincode.yourdomain/orderers/orderer0.chaincode.yourdomain/msp:/var/hyperledger/orderer/msp
    - ../crypto-config/ordererOrganizations/chaincode.yourdomain/orderers/orderer0.chaincode.yourdomain/tls/:/var/hyperledger/orderer/tls
    ports:
      - 7050:7050
    extra_hosts:
      - "orderer0:192.168.10.10"
      - "orderer1:192.168.10.11"
      - "orderer2:192.168.10.12"    
      - "kafka0:192.168.10.10"
      - "kafka1:192.168.10.11"
      - "kafka2:192.168.10.12"
      - "kafka3:192.168.10.13"      
      
  orderer1.chaincode.yourdomain:
    container_name: orderer1.chaincode.yourdomain
    image: hyperledger/fabric-orderer
    environment:
      - ORDERER_GENERAL_LOGLEVEL=debug
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_KAFKA_RETRY_LONGINTERVAL=10s 
      - ORDERER_KAFKA_RETRY_LONGTOTAL=100s      
      - ORDERER_KAFKA_RETRY_SHORTINTERVAL=1s
      - ORDERER_KAFKA_RETRY_SHORTTOTAL=30s
      - ORDERER_KAFKA_VERBOSE=true
    working_dir: /workspace/golang/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
    - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
    - ../crypto-config/ordererOrganizations/chaincode.yourdomain/orderers/orderer1.chaincode.yourdomain/msp:/var/hyperledger/orderer/msp
    - ../crypto-config/ordererOrganizations/chaincode.yourdomain/orderers/orderer1.chaincode.yourdomain/tls/:/var/hyperledger/orderer/tls
    ports:
      - 7050:7050
    extra_hosts:
      - "orderer0:192.168.10.10"
      - "orderer1:192.168.10.11"
      - "orderer2:192.168.10.12"
      - "kafka0:192.168.10.10"
      - "kafka1:192.168.10.11"
      - "kafka2:192.168.10.12"
      - "kafka3:192.168.10.13"

  orderer2.chaincode.yourdomain:
    container_name: orderer2.chaincode.yourdomain
    image: hyperledger/fabric-orderer
    environment:
      - ORDERER_GENERAL_LOGLEVEL=debug
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_KAFKA_RETRY_LONGINTERVAL=10s 
      - ORDERER_KAFKA_RETRY_LONGTOTAL=100s      
      - ORDERER_KAFKA_RETRY_SHORTINTERVAL=1s
      - ORDERER_KAFKA_RETRY_SHORTTOTAL=30s
      - ORDERER_KAFKA_VERBOSE=true
    working_dir: /workspace/golang/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
    - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
    - ../crypto-config/ordererOrganizations/chaincode.yourdomain/orderers/orderer2.chaincode.yourdomain/msp:/var/hyperledger/orderer/msp
    - ../crypto-config/ordererOrganizations/chaincode.yourdomain/orderers/orderer2.chaincode.yourdomain/tls/:/var/hyperledger/orderer/tls
    ports:
      - 7050:7050    
    extra_hosts:
      - "orderer0:192.168.10.10"
      - "orderer1:192.168.10.11"
      - "orderer2:192.168.10.12"
      - "kafka0:192.168.10.10"
      - "kafka1:192.168.10.11"
      - "kafka2:192.168.10.12"
      - "kafka3:192.168.10.13"      

  peer0.org1.chaincode.yourdomain:
    container_name: peer0.org1.chaincode.yourdomain
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer0.org1.chaincode.yourdomain
      - CORE_PEER_ADDRESS=peer0.org1.chaincode.yourdomain:7051
      - CORE_PEER_CHAINCODEADDRESS=peer0.org1.chaincode.yourdomain:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.chaincode.yourdomain:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/org1.chaincode.yourdomain/peers/peer0.org1.chaincode.yourdomain/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/org1.chaincode.yourdomain/peers/peer0.org1.chaincode.yourdomain/tls:/etc/hyperledger/fabric/tls
    ports:
      - 7051:7051
      - 7052:7052
      - 7053:7053
    extra_hosts:   
      - "orderer0.chaincode.yourdomain:192.168.10.10"
      - "orderer1.chaincode.yourdomain:192.168.10.11"
      - "orderer2.chaincode.yourdomain:192.168.10.12"         

  peer1.org1.chaincode.yourdomain:
    container_name: peer1.org1.chaincode.yourdomain
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer1.org1.chaincode.yourdomain
      - CORE_PEER_ADDRESS=peer1.org1.chaincode.yourdomain:7051
      - CORE_PEER_CHAINCODEADDRESS=peer1.org1.chaincode.yourdomain:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.chaincode.yourdomain:7051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.chaincode.yourdomain:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/org1.chaincode.yourdomain/peers/peer1.org1.chaincode.yourdomain/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/org1.chaincode.yourdomain/peers/peer1.org1.chaincode.yourdomain/tls:/etc/hyperledger/fabric/tls

    ports:
      - 7051:7051
      - 7052:7052
      - 7053:7053
    extra_hosts:   
      - "orderer0.chaincode.yourdomain:192.168.10.10"
      - "orderer1.chaincode.yourdomain:192.168.10.11"
      - "orderer2.chaincode.yourdomain:192.168.10.12"  

  peer0.org2.chaincode.yourdomain:
    container_name: peer0.org2.chaincode.yourdomain
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer0.org2.chaincode.yourdomain
      - CORE_PEER_ADDRESS=peer0.org2.chaincode.yourdomain:7051
      - CORE_PEER_CHAINCODEADDRESS=peer0.org2.chaincode.yourdomain:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.chaincode.yourdomain:7051
      - CORE_PEER_LOCALMSPID=Org2MSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/org2.chaincode.yourdomain/peers/peer0.org2.chaincode.yourdomain/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/org2.chaincode.yourdomain/peers/peer0.org2.chaincode.yourdomain/tls:/etc/hyperledger/fabric/tls
    ports:
      - 7051:7051
      - 7052:7052
      - 7053:7053
    extra_hosts:   
      - "orderer0.chaincode.yourdomain:192.168.10.10"
      - "orderer1.chaincode.yourdomain:192.168.10.11"
      - "orderer2.chaincode.yourdomain:192.168.10.12" 

  peer1.org2.chaincode.yourdomain:
    container_name: peer1.org2.chaincode.yourdomain
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer1.org2.chaincode.yourdomain
      - CORE_PEER_ADDRESS=peer1.org2.chaincode.yourdomain:7051
      - CORE_PEER_CHAINCODEADDRESS=peer1.org2.chaincode.yourdomain:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.chaincode.yourdomain:7051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.chaincode.yourdomain:7051
      - CORE_PEER_LOCALMSPID=Org2MSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/org2.chaincode.yourdomain/peers/peer1.org2.chaincode.yourdomain/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/org2.chaincode.yourdomain/peers/peer1.org2.chaincode.yourdomain/tls:/etc/hyperledger/fabric/tls
    ports:
      - 7051:7051
      - 7052:7052
      - 7053:7053
    extra_hosts:   
      - "orderer0.chaincode.yourdomain:192.168.10.10"
      - "orderer1.chaincode.yourdomain:192.168.10.11"
      - "orderer2.chaincode.yourdomain:192.168.10.12"

  以上这个docker-compose-base.yaml文件需要在每台服务器上的base目录下替换成同一个,否则后面执行会失败哦

  重要的事情:把192.168.10.10服务器的hyperledger/fabric/examples/e2e_cli目录下channel_artifacts/*,crypto-config/*拷贝到其他三台服务器的同一个目录下

 
在192.168.10.10服务器上先配置docker-compose-ca.yaml
先查看是否已经有镜像运行在那里,如果有,则需要先停止,然后移除,最后在执行下面的步骤
CHANNEL_NAME=xinhong.test TIMEOUT=10000 docker-compose -f docker-compose-ca.yaml stop
CHANNEL_NAME=xinhong.test TIMEOUT=10000 docker-compose -f docker-compose-ca.yaml rm

CHANNEL_NAME=xinhong.test TIMEOUT=10000 docker-compose -f docker-compose-ca.yaml up -d 2>&1
以上红色部分是通道名称,随便你自己改吧,好像不能是大写哦。最好中规中矩一点,不要另类
 
如果这个命令执行时错误了,试试下面几个命令:
报警告:
RequestsDependencyWarning: urllib3 (1.22) or chardet (2.2.1) doesn't match a supported version!
执行如下三个命令:
pip uninstall urllib3   
pip uninstall  chardet
pip install requests
 
这样,我们的ca服务器就启动起来了,同时把docker-compose-ca.yaml里的环境变量也组装到了docker容器里
可能有人会问,docker-compose-ca.yaml从哪里来?
我们在上一步操作生产证书时,已经把docker-compose-e2e.yaml里的证书部分内容替换过了,只需要把里面的ca0服务拷贝出来,复制到192.168.10.10上
192.168.10.10服务器上的docker-compose-ca.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:
  ca0:
    image: hyperledger/fabric-ca
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org1
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.chaincode.jzyb2b.com-cert.pem
      - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/67ae2160f54652ddb1c0cfffe1efef2dsfsdfsdfsds5d0591084c55d37a39a21a_sk
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.chaincode.jzyb2b.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/67ae2160f54652ddb1c0cfffe1efef2fghfhfghfh0591084c55d37a39a21a_sk -b admin:adminpw -d'
    volumes:
      - ./crypto-config/peerOrganizations/org1.chaincode.jzyb2b.com/ca/:/etc/hyperledger/fabric-ca-server-config
    container_name: ca_peerOrg1

  注意:你的和我的,是不一样的,别拷贝我这份,拷贝了也没有用,因为我的证书不会给你啊

 

接下来配置Zookeeper,因为超级账本的启动顺序是zookeeper,kafka,orderer,peer

在192.168.199.184服务器上先配置docker-compose-zookeeper.yaml
在配置docker-compose-zookeeper时,要注意一个地方,那就是容器自身会有一个ip(比如:127.0.0.1),与实际的宿主服务器不是同一个(比如192.168.0.1)
所以需要为服务添加hostname,以及extra_hosts,来映射相互的关系
/*
有必要的话执行如下操作
systemctl stop firewalld          # 关闭centos7自带防火墙
yum install iptables-services     # 安装iptables-services软件包 
systemctl enable iptables         # 开机自启动iptables服务       
systemctl start iptables      # 开启iptables服务
这样就可以使用service  iptables save/stop/restart/start 功能管理iptables配置了
*/
iptables -A INPUT -p tcp --dport 2181 -j ACCEPT
iptables -A INPUT -p tcp --dport 2888 -j ACCEPT
iptables -A INPUT -p tcp --dport 3888 -j ACCEPT
iptables -A INPUT -p tcp --dport 9092 -j ACCEPT
iptables -A INPUT -p tcp --dport 7050 -j ACCEPT
iptables -A INPUT -p tcp --dport 9093 -j ACCEPT
iptables -A INPUT -p tcp --dport 7051 -j ACCEPT
iptables -A INPUT -p tcp --dport 7052 -j ACCEPT
iptables -A INPUT -p tcp --dport 7053 -j ACCEPT
iptables -A INPUT -p tcp --dport 6060 -j ACCEPT
 
因为在启动zookeeper,kafka,orderer时,会自动访问其他三台服务器的,不配置可能会造成访问拒绝
同时,如果是在阿里云上部署的,那么安全策略那里也需要把各个端口加上去哦,如下:

 


CHANNEL_NAME=xinhong.test TIMEOUT=10000 docker-compose -f docker-compose-zookeeper.yaml up -d 2>&1
 
这里有一个小技巧,如果你想看看执行的过程,可以把上面这个命令的-d 2>&1去掉,就可以看到整个的调试过程
如果看完了,再ctrl+z结束掉,重新执行一遍也没有问题的
这时,你可以通过docker ps命令查看服务是否启动
 
 docker-compose-zookeeper.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:
  zookeeper0:
    container_name: zookeeper0
    hostname: zookeeper0
    extends:
      file: base/docker-compose-base.yaml
      service: zookeeper
    environment:
      - ZOO_MY_ID=1
      - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888

  注意:每台机器的hostname,container_name,zoo_my_id是不一样的,别搞错了

接下来

再配置docker-compose-kafka.yaml
CHANNEL_NAME=xinhong.test TIMEOUT=10000 docker-compose -f docker-compose-kafka.yaml up -d 2>&1
docker-compose-kafka.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:
  kafka0:
    container_name: kafka0
    hostname: kafka0
    extends:
      file: base/docker-compose-base.yaml
      service: kafka
    environment:
      - KAFKA_BROKER_ID=1
      - KAFKA_MIN_INSYNC_REPLICAS=2
      - KAFKA_DEFAULT_REPLICATION_FACTOR=3
      - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181

 注意:每台机器的hostname,container_name,kafka_broker_id是不一样的,别搞错了 

接下来,再配置docker-compose-orderer.yaml
CHANNEL_NAME=xinhong.test TIMEOUT=10000 docker-compose -f docker-compose-orderer.yaml up -d 2>&1
这时会报fatal error: unexpected signal during runtime execution
只需要修改 /etc/resolv.conf 配置,将 options timeout:2 attempts:3 rotate single-request-reopen 内容注释掉
http://www.dongcoder.com/detail-1046674.html
http://www.iyeele.com/731.html
 
docker-compose-orderer.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:
  orderer0.chaincode.yourdomain:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer0.chaincode.yourdomain
    container_name: orderer0.chaincode.yourdomain
 
再配置docker-compose-peer.yaml
CHANNEL_NAME=xinhong.test TIMEOUT=10000 docker-compose -f docker-compose-peer.yaml up -d 2>&1

docker-compose-peer.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:     
  peer0.org1.chaincode.yourdomain:
    container_name: peer0.org1.chaincode.yourdomain
    hostname: peer0.org1.chaincode.yourdomain
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.org1.chaincode.yourdomain

  再给每个终端建立服务Cli
CHANNEL_NAME=xinhong.test TIMEOUT=10000 docker-compose -f docker-compose-cli.yaml up -d 2>&1
注意,配置文件里的command都需要先注释掉,下一步等的zo每台机器的okeeper,kafka,orderer,peer都部署好了,然后在第一台机器上进入cli需要创建channel,其他的都只需要把创建的xinhong.test.block复制过去就进行了,然后所有peer加入channel后,再安装智能合约以及实例化

docker-compose-cli.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:     

# 每一台Peer的以下配置不相同   
# 主要体现在  CORE_PEER_ADDRESS=peer0.org1.chaincode.yourdomain:7051 
  cli:
    container_name: cli
    image: hyperledger/fabric-tools
    tty: true
    environment:
      - GOPATH=/workspace/golang
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org1.chaincode.yourdomain:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_LOCALMSPTYPE=bccsp
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.chaincode.yourdomain/peers/peer0.org1.chaincode.yourdomain/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.chaincode.yourdomain/peers/peer0.org1.chaincode.yourdomain/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.chaincode.yourdomain/peers/peer0.org1.chaincode.yourdomain/tls/ca.crt
      - CORE_PEER_MSPCONFIGPATH=/workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.chaincode.yourdomain/users/Admin@org1.chaincode.yourdomain/msp
    working_dir: /workspace/golang/src/github.com/hyperledger/fabric/peer
    #command: /bin/bash -c './scripts/script.sh ${CHANNEL_NAME}; sleep $TIMEOUT'
    volumes:
        - /var/run/:/host/var/run/
        - ../chaincode/go/:/workspace/golang/src/github.com/hyperledger/fabric/examples/chaincode/go
        - ./crypto-config:/workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/
        - ./scripts:/workspace/golang/src/github.com/hyperledger/fabric/peer/scripts/
        - ./channel-artifacts:/workspace/golang/src/github.com/hyperledger/fabric/peer/channel-artifacts
    extra_hosts:
      - "orderer0.chaincode.yourdomain:192.168.10.10"
      - "orderer1.chaincode.yourdomain:192.168.10.11"
      - "orderer2.chaincode.yourdomain:192.168.10.12"
      - "peer0.org1.chaincode.yourdomain:192.168.10.10"
      - "peer0.org2.chaincode.yourdomain:192.168.10.11"
      - "peer1.org1.chaincode.yourdomain:192.168.10.12" 
      - "peer1.org2.chaincode.yourdomain:192.168.10.13"

  

 

 

 

 然后按照一样的方式把192.168.10.11,192.168.10.12,192.168.10.13都重新部署一遍

192.168.10.11:

docker-compose-ca.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:
  ca1:
    image: hyperledger/fabric-ca
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org2
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.chaincode.jzyb2b.com-cert.pem
      - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/19846ce7eab8886312dceeadd4564564576aede848e158610ea2a50089_sk
    ports:
      - "8054:7054"
    command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org2.chaincode.jzyb2b.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/19846ce7eab8886312dceeyjumj77cf6b9e6aede848e158610ea2a50089_sk -b admin:adminpw -d'
    volumes:
      - ./crypto-config/peerOrganizations/org2.chaincode.yourdomain/ca/:/etc/hyperledger/fabric-ca-server-config
    container_name: ca_peerOrg2

  docker-compose-zookeeper.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:
  zookeeper1:
    container_name: zookeeper1
    hostname: zookeeper1
    extends:
      file: base/docker-compose-base.yaml
      service: zookeeper
    environment:
      - ZOO_MY_ID=2
      - ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888

  docker-compose-kafka.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:
  kafka1:
    container_name: kafka1
    hostname: kafka1
    extends:
      file: base/docker-compose-base.yaml
      service: kafka
    environment:
      - KAFKA_BROKER_ID=2
      - KAFKA_MIN_INSYNC_REPLICAS=2
      - KAFKA_DEFAULT_REPLICATION_FACTOR=3
      - KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181

  docker-compose-orderer.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:
  orderer1.chaincode.yourdomain:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer1.chaincode.yourdomain
    container_name: orderer1.chaincode.yourdomain

  docker-compose-peer.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:     
  peer0.org2.chaincode.yourdomain:
    container_name: peer0.org2.chaincode.yourdomain
    hostname: peer0.org2.chaincode.yourdomain
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.org2.chaincode.yourdomain

  docker-compose-cli.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

services:     

# 每一台Peer的以下配置不相同   
# 主要体现在  CORE_PEER_ADDRESS=peer0.org2.chaincode.yourdomain:7051 
  cli:
    container_name: cli
    image: hyperledger/fabric-tools
    tty: true
    environment:
      - GOPATH=/workspace/golang
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org2.chaincode.yourdomain:7051
      - CORE_PEER_LOCALMSPID=Org2MSP
      - CORE_PEER_LOCALMSPTYPE=bccsp
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.chaincode.yourdomain/peers/peer0.org2.chaincode.yourdomain/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.chaincode.yourdomain/peers/peer0.org2.chaincode.yourdomain/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.chaincode.yourdomain/peers/peer0.org2.chaincode.yourdomain/tls/ca.crt
      - CORE_PEER_MSPCONFIGPATH=/workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.chaincode.yourdomain/users/Admin@org2.chaincode.yourdomain/msp
    working_dir: /workspace/golang/src/github.com/hyperledger/fabric/peer
    #command: /bin/bash -c './scripts/script.sh ${CHANNEL_NAME}; sleep $TIMEOUT'
    volumes:
        - /var/run/:/host/var/run/
        - ../chaincode/go/:/workspace/golang/src/github.com/hyperledger/fabric/examples/chaincode/go
        - ./crypto-config:/workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/
        - ./scripts:/workspace/golang/src/github.com/hyperledger/fabric/peer/scripts/
        - ./channel-artifacts:/workspace/golang/src/github.com/hyperledger/fabric/peer/channel-artifacts
    extra_hosts:
      - "orderer0.chaincode.yourdomain:192.168.10.10"
      - "orderer1.chaincode.yourdomain:192.168.10.11"
      - "orderer2.chaincode.yourdomain:192.168.10.12"
      - "peer0.org1.chaincode.yourdomain:192.168.10.10"
      - "peer0.org2.chaincode.yourdomain:192.168.10.11"
      - "peer1.org1.chaincode.yourdomain:192.168.10.12" 
      - "peer1.org2.chaincode.yourdomain:192.168.10.13"

  

 

192.168.10.12

部署zookeeper2,kafka2,orderer2,peer1.org1,cli

192.168.10.13

部署kafka3,peer1.org2,cli

 

以上服务都部署完毕后,我们再来创建区块链信息

在192.168.10.10上

进入hyperledger/fabric/examples/e2e_cli目录

执行,docker exec -it cli bash

进入cli的容器

创建通道
peer channel create -o orderer0.chaincode.yourdomain:7050 -c xinhong.test -f ./channel-artifacts/channel.tx --tls --cafile /workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/chaincode.yourdomain/orderers/orderer0.chaincode.yourdomain/msp/tlscacerts/tlsca.chaincode.yourdomian-cert.pem >&log.txt

成功之后,把生成的xinhong.test.block拷贝到当前目录的channel-artifacts里,等待传递到其他服务器

docker ps
通过docker ps命令找到fabric-tools的容器ID,然后执行复制操作
docker cp 52918b37014c:/workspace/golang/src/github.com/hyperledger/fabric/peer/xinhong.test.block /workspace/golang/src/github.com/hyperledger/fabric/examples/e2e_cli/channel-artifacts/
执行peer0.org1,peer0.org2,peer1.org1,peer1.org2的join channel操作
peer channel join -b xinhong.test.block  >&log.txt
上面红色的字符替换成你自己的fabric-tools的容器ID
该操作如果上一步没有把xinhong.test.block文件拷过来是执行不了的哦
 
 
安装智能合约(在每台服务器上都安装一下智能合约吧)
# docker exec -it cli bash
peer chaincode install -n mycc -v 1.0 -p github.com/hyperledger/fabric/examples/chaincode/go/example02/cmd >&log.txt
 
实例化智能合约(在1921.68.10.10服务器上操作)
区块初始化数据为a为100,b为200
peer chaincode instantiate -o orderer0.chaincode.yourdomain:7050 --tls --cafile /workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/chaincode.yourdomain/orderers/orderer0.chaincode.yourdomain/msp/tlscacerts/tlsca.chaincode.yourdomain-cert.pem -C xinhong.test -n mycc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -P "AND ('Org1MSP.peer','Org2MSP.peer')" >&log.txt

 Peer上查询a,显示100
# peer chaincode query -C xinhong.test -n mycc -c '{"Args":["query","a"]}'

 

执行192.168.10.12的终端(别弄错了,是peer1.org1,所以是10.12这台服务器),
 Peer上进行a向b转10交易
这里需要两个节点进行背书(peer0.org1,peer0.org2)
peer chaincode invoke -o orderer2.chaincode.yourdomain:7050  --tls --cafile /workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/chaincode.yourdomain/orderers/orderer2.chaincode.yourdomain/msp/tlscacerts/tlsca.chaincode.yourdomain-cert.pem -C xinhong.test -n mycc --peerAddresses peer0.org1.chaincode.yourdomain:7051 --tlsRootCertFiles /workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.chaincode.yourdomain/peers/peer0.org1.chaincode.yourdomain/tls/ca.crt --peerAddresses peer0.org2.chaincode.yourdomain:7051 --tlsRootCertFiles /workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.chaincode.yourdomain/peers/peer0.org2.chaincode.yourdomain/tls/ca.crt -c '{"Args":["invoke","a","b","10"]}' >&log.txt

 

执行192.168.10.11的终端(peer0.org2),
 Peer上查询a,显示90
# peer chaincode query -C xinhong.test -n mycc -c '{"Args":["query","a"]}'
 Peer上进行a向b转50交易
这里需要两个节点进行背书
peer chaincode invoke -o orderer1.chaincode.yourdomain:7050  --tls --cafile /workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/chaincode.yourdomain/orderers/orderer1.chaincode.yourdomain/msp/tlscacerts/tlsca.chaincode.yourdomain-cert.pem -C xinhong.test -n mycc --peerAddresses peer0.org1.chaincode.yourdomain:7051 --tlsRootCertFiles /workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.chaincode.yourdomain/peers/peer0.org1.chaincode.yourdomain/tls/ca.crt --peerAddresses peer0.org2.chaincode.yourdomain:7051 --tlsRootCertFiles /workspace/golang/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.chaincode.yourdomain/peers/peer0.org2.chaincode.yourdomain/tls/ca.crt -c '{"Args":["invoke","a","b","50"]}' >&log.txt
 
执行peer1.org2的终端(192.168.10.13),
 Peer上查询a,显示40
# peer chaincode query -C xinhong.test -n mycc -c '{"Args":["query","a"]}'
Peer上查询b,显示260
# peer chaincode query -C xinhong.test -n mycc -c '{"Args":["query","b"]}'
 
以上操作,如果执行失败,唯一的问题:
就是你自己配置文件没有改对,不要来问我中间的错误,先核对这个哦!
 
QQ:1033536868