Fabric2.0 新特性实践:通道成员可扩展链码
承接上文:Hyperledger Fabric 2.0新特性,Fabric2.0版本允许组织去扩展链码,也就是说通道成员之间的链码包可能会不同,这么做的好处是每个组织可以根据自身利益增加自己的业务逻辑。
为测试这一特性,本文将会对比Fabric1.4版本和Fabric2.0版本,阅读过程中注意当前版本,及时切换到不同分支。
改造链码
测试网络选用:fabric-samples/first-network
链码选用:sacc
在本文中,我们基于sacc构建了另一个链码sacc-check,相对于sacc增加了一个条件校验:如果key为age,则返回错误。
进入fabric-samples/chaincode/sacc目录,sacc.go原代码:
// Set stores the asset (both key and value) on the ledger. If the key exists,
// it will override the value with the new one
func set(stub shim.ChaincodeStubInterface, args []string) (string, error) {
if len(args) != 2 {
return "", fmt.Errorf("Incorrect arguments. Expecting a key and a value")
}
err := stub.PutState(args[0], []byte(args[1]))
if err != nil {
return "", fmt.Errorf("Failed to set asset: %s", args[0])
}
return args[1], nil
}
我们稍作修改,增加前面提到的校验:
// Set stores the asset (both key and value) on the ledger. If the key exists,
// it will override the value with the new one
func set(stub shim.ChaincodeStubInterface, args []string) (string, error) {
if len(args) != 2 {
return "", fmt.Errorf("Incorrect arguments. Expecting a key and a value")
}
if args[0] == "age" {
return "",fmt.Errorf("错误的key")
}
err := stub.PutState(args[0], []byte(args[1]))
if err != nil {
return "", fmt.Errorf("Failed to set asset: %s", args[0])
}
return args[1], nil
}
基于1.4版本测试
按照上节修改链码
cd fabric-samples/chaincode
cp -r sacc sacc-check
cd sacc-check
vim sacc.go
进入fabric-samples/first-network目录执行,默认通道testchannel,链码mycc:
./byfn.sh up
peer0.org1.example.com安装链码sacc
docker exec cli peer chaincode install -n sacc -v 1.0 -p github.com/chaincode/sacc
peer0.org2.example.com安装链码sacc
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp -e CORE_PEER_ADDRESS=peer0.org2.example.com:9051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt cli peer chaincode install -n sacc -v 1.0 -p github.com/chaincode/sacc-check
可通过以下命令查看链码是否已安装成功,查询结果中Id是不同的。
# peer0.org1.example.com
docker exec cli peer chaincode list --installed
# peer0.org2.example.com
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp -e CORE_PEER_ADDRESS=peer0.org2.example.com:9051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt cli peer chaincode list --installed
实例化链码
docker exec cli peer chaincode instantiate -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C testchannel -n sacc -v 1.0 -c '{"Args": ["name","kc"]}' -P "AND('Org1MSP.member','Org2MSP.member')"
调用合约查询
# peer0.org1.example.com
docker exec cli peer chaincode query -C testchannel -n sacc -c '{"Args":["query","name"]}'
# peer0.org2.example.com
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp -e CORE_PEER_ADDRESS=peer0.org2.example.com:9051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt cli peer chaincode query -C testchannel -n sacc -c '{"Args":["query","name"]}'
在peer0.org1.example.com查询返回结果:kc,在peer0.org2.example.com返回错误:
Error: endorsement failure during query. response: status:500 message:"failed to execute transaction 0b0523dac965b32fff0fc0faadb3270646efc256198b6b8a42856006ccdb2ddd: [channel testchannel] failed to get chaincode container info for sacc:1.0: could not get chaincode code: chaincode fingerprint mismatch: data mismatch"
报错原因:链码不匹配。可见在1.4版本中是不支持组织安装不同链码的。
基于2.0.1版本测试
Fabric 2.0 启用了新的链码周期,我们按照下图进行测试:
测试网络仍然选择first-network,通道mychannel
cd fabric-samples/first-network
./byfn.sh up
首先按上文编辑链码:
cd fabric-samples/chaincode
cp -r sacc sacc-check
cd sacc-check
vim sacc.go
生成vendor目录:
cd chaincode/sacc
GO111MODULE=on go mod vendor
cd ../sacc-check
GO111MODULE=on go mod vendor
打包链码:
docker exec cli peer lifecycle chaincode package sacc.tar.gz --path github.com/hyperledger/fabric-samples/chaincode/sacc/ --label sacc_1
docker exec cli peer lifecycle chaincode package sacc-check.tar.gz --path github.com/hyperledger/fabric-samples/chaincode/sacc-check/ --label sacc_1
docker exec cli ls
执行结果如下图所示:
安装链码:
# peer0.org1.example.com
docker exec cli peer lifecycle chaincode install sacc.tar.gz
# peer0.org2.example.com
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp -e CORE_PEER_ADDRESS=peer0.org2.example.com:9051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt cli peer lifecycle chaincode install sacc-check.tar.gz
查询已安装链码,得到packageID(注意此处两个节点返回的packageID是不同的):
# peer0.org1.example.com
docker exec cli peer lifecycle chaincode queryinstalled
# peer0.org2.example.com
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp -e CORE_PEER_ADDRESS=peer0.org2.example.com:9051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt cli peer lifecycle chaincode queryinstalled
peer0.org1.example.com返回结果:Package ID:sacc_1:a615a5892af0e8ab0a17851e76f995582138f6e8853a2fa782f50a05c82390d2, Label: sacc_1
peer0.org2.example.com返回结果:Package ID:sacc_1:153bdd87b0d61052590bd154d6418acc9eaf7752b68b1ef40a231391172875ce, Label: sacc_1
组织同意链码定义:
#Org1
docker exec cli peer lifecycle chaincode approveformyorg --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --channelID mychannel --name sacc --version 1 --sequence 1 --waitForEvent --package-id sacc_1:a615a5892af0e8ab0a17851e76f995582138f6e8853a2fa782f50a05c82390d2
#Org2
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp -e CORE_PEER_ADDRESS=peer0.org2.example.com:9051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt cli peer lifecycle chaincode approveformyorg --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --channelID mychannel --name sacc --version 1 --sequence 1 --waitForEvent --package-id sacc_1:153bdd87b0d61052590bd154d6418acc9eaf7752b68b1ef40a231391172875ce
提交链码定义:
docker exec cli peer lifecycle chaincode commit -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt --channelID mychannel --name sacc --version 1 --sequence 1
调用合约,此处参数传入“name”:
docker exec cli peer chaincode invoke -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -C mychannel -n sacc -c '{"Args":["set","name","kc"]}'
合约调用成功后,执行查询操作:
# peer0.org1.example.com
docker exec cli peer chaincode query -C mychannel -n sacc -c '{"Args":["query","name"]}'
# peer0.org2.example.com
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp -e CORE_PEER_ADDRESS=peer0.org2.example.com:9051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt cli peer chaincode query -C mychannel -n sacc -c '{"Args":["query","name"]}'
查询结果如下图所示:
sacc-check/sacc.go我们做了校验:不能通道调用链码设置"age",我们这里做个测试
docker exec cli peer chaincode invoke -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -C mychannel -n sacc -c '{"Args":["set","age","30"]}'
下图显示了执行结果:这里报错“错误的key”,由此我们完成了测试。
总结
Fabric2.0这一特性,使得不同组织可以根据自身利益安装智能合约。当然最终合约调用是否成功和背书策略也有关系,在上节演示时,我们使用的是默认的背书策略即大多数组织同意,由于我们选用的是两组织的first-network网络,因此此处需要两个组织均同意,由此上节交易不能通过。在实际应用场景中,需要综合考虑相关问题。