Fabric hyperledger 2.0 first-network 手动部署执行
前期准备
操作系统:CentOS 7
Fabric版本: 2.0.1
| 软件/依赖 | 版本 |
|---|---|
| go | 1.14.x |
| git | 最新版本 |
| curl | 最新版本 |
| docker | 17.06.2-ce及以上版本 |
| docker-compose | 1.14及以上 |
下载fabric-samples源码:下载地址
证书,创世块生成
手工生成证书: 确保已下载对应版本二进制工具,放置在$GOPATH/src/github.com/hyperledger/fabric-samples/bin/目录并赋于可执行权限。
cd $GOPATH/src/github.com/hyperledger/fabric-samples/bin/
chmod a+x *
进入first-network目录:
cd $GOPATH/src/github.com/hyperledger/fabric-samples/first-network
../bin/cryptogen generate --config=./crypto-config.yaml
生成创世块: 设置FABRIC_CFG_PATH变量为当前目录(configtxgen工具将在FABRIC_CFG_PATH寻找configtx.yaml文件)
export FABRIC_CFG_PATH=$PWD #设置环境变量 FABRIC_CFG_PATH为configtx.yaml所在目录
../bin/configtxgen -profile SampleMultiNodeEtcdRaft -channelID byfn-sys-channel -outputBlock ./channel-artifacts/genesis.block
创建通道,配置交易: 创世块及后续生成的锚节点配置文件默认存放到first-network的channel-artifacts目录。-outputCreateChannelTx :输出tx文件路径 -channelID: 通道ID
export CHANNEL_NAME=mychannel && ../bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
锚节点配置: 此博客示例为两组织(Org1MSP,Org2MSP),多组织同理生成。
../bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP
../bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org2MSP
启动网络
如果要查看网络的实时日志,请不要提供-d标志。再打开一个shell以执行CLI调用。
docker-compose -f docker-compose-cli.yaml -f docker-compose-etcdraft2.yaml up -d
创建,加入通道
docker exec -it cli bash #进入cli窗口
默认当前节点为peer0.org1.example.com,当需要切换到其它节点执行,修改下面的四个变量的配置,本篇文章使用peer0.org1.example.com,peer0.org2.example.com两个节点进行手动测试,如需两组织四节点测试,修改配置按照实例执行命令即可。
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
创建通道: -c指定我们的通道名称,-f指定生成的通道配置文件(tx后缀的文件)路径及名称, 通道名称必须全部为小写字母,少于250个字符,并且与正则表达式[a-z] [a-z0-9 .-] 相匹配
export CHANNEL_NAME=mychannel #设置环境变量,避免每次输入变量
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
节点peer0.org1.example.com加入通道:
peer channel join -b mychannel.block
节点peer0.org2.example.com加入通道:
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp CORE_PEER_ADDRESS=peer0.org2.example.com:9051 CORE_PEER_LOCALMSPID="Org2MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peer channel join -b mychannel.block
更新锚节点
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
#更新组织二的锚节点
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
CORE_PEER_ADDRESS=peer0.org2.example.com:9051
CORE_PEER_LOCALMSPID="Org2MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org2MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
链码周期2.0
peer lifecycle chaincode命令
| 命令 | 含义 |
|---|---|
| peer lifecycle chaincode package | 打包链码 |
| peer lifecycle chaincode getinstalledpackage | 从节点中获取已经安装的链码包 |
| peer lifecycle chaincode install | 安装链码 |
| peer lifecycle chaincode queryinstalled | 查询节点已经安装的链码 |
| peer lifecycle chaincode approveformyorg | 同意智能合约定义 |
| peer lifecycle chaincode commit | 提交合约定义到指定通道 |
| peer lifecycle chaincode querycommitted | 查询节点上已提交的链码定义 |
| peer lifecycle chaincode checkcommitreadiness | 检查合约是否在通道上已经定义 |
package
打包链码:
peer lifecycle chaincode package mycc.tar.gz --path github.com/hyperledger/fabric-samples/chaincode/abstore/go/ --lang golang --label mycc_1
参数说明:
| 参数 | 含义 |
|---|---|
| path | 智能合约路径 |
| lang | 智能合约语言 支持golang、node、java |
| label | 智能合约标签,描述作用 |
peer lifecycle chaincode package 命令完整参数:
Package a chaincode and write the package to a file.
Usage:
peer lifecycle chaincode package [outputfile] [flags]
Flags:
--connectionProfile string The fully qualified path to the connection profile that provides the necessary connection information for the network. Note: currently only supported for providing peer connection information
-h, --help help for package
--label string The package label contains a human-readable description of the package
-l, --lang string Language the chaincode is written in (default "golang")
-p, --path string Path to the chaincode
--peerAddresses stringArray The addresses of the peers to connect to
--tlsRootCertFiles stringArray If TLS is enabled, the paths to the TLS root cert files of the peers to connect to. The order and number of certs specified should match the --peerAddresses flag
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--certfile string Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
--clientauth Use mutual TLS when communicating with the orderer endpoint
--connTimeout duration Timeout for client to connect (default 3s)
--keyfile string Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
-o, --orderer string Ordering service endpoint
--ordererTLSHostnameOverride string The hostname override to use when validating the TLS connection to the orderer.
--tls Use TLS when communicating with the orderer endpoint
install
peer0.org1.example.com节点安装链码
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
peer lifecycle chaincode install mycc.tar.gz
查看已安装的链码:
peer lifecycle chaincode queryinstalled
返回结果:PackageID:mycc_1:c62d60b38372d28e3e08032d10712d769a533da3f705421f52ece3f7dc788aa6, Label: mycc_1
把查询已安装链码得到的packageID作为环境变量给保存起来:
CC_PACKAGE_ID=mycc_1:c62d60b38372d28e3e08032d10712d769a533da3f705421f52ece3f7dc788aa6
切换到peer0.org2.example.com:
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
CORE_PEER_ADDRESS=peer0.org2.example.com:9051
CORE_PEER_LOCALMSPID="Org2MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
安装链码
peer lifecycle chaincode install mycc.tar.gz
peer lifecycle chaincode install命令完整参数:
Install a chaincode on a peer.
Usage:
peer lifecycle chaincode install [flags]
Flags:
--connectionProfile string The fully qualified path to the connection profile that provides the necessary connection information for the network. Note: currently only supported for providing peer connection information
-h, --help help for install
--peerAddresses stringArray The addresses of the peers to connect to
--tlsRootCertFiles stringArray If TLS is enabled, the paths to the TLS root cert files of the peers to connect to. The order and number of certs specified should match the --peerAddresses flag
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--certfile string Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
--clientauth Use mutual TLS when communicating with the orderer endpoint
--connTimeout duration Timeout for client to connect (default 3s)
--keyfile string Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
-o, --orderer string Ordering service endpoint
--ordererTLSHostnameOverride string The hostname override to use when validating the TLS connection to the orderer.
--tls Use TLS when communicating with the orderer endpoint
approve
接上面那条命令,当前身份为peer0.org2.example.com,执行以下命令:
peer lifecycle chaincode approveformyorg --channelID $CHANNEL_NAME --name mycc --version 1.0 --init-required --package-id $CC_PACKAGE_ID --sequence 1 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
注:一定要用–package-id指定package ID, --init-required去要求在实现链码的时候必须执行init函数
还提供了–signature-policy和–channel-config-policy参数去设置背书策略.背书策略规定了对于一个给定的链码需要不同通道成员的多少Peer去验证一个交易.这里因为未设置策略,mycc将会使用默认的背书策略,提交交易时需要大多数通道成员认可.这意味着新增或者删除组织时,背书策略要求的背书数量会自动更新.
执行下面命令,查看当前合约是否已被认可
peer lifecycle chaincode checkcommitreadiness --channelID mychannel --name mycc --version 1.0 --sequence 1 --output json --init-required
切换到peer0.org1.example.com
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
组织一同意链码
peer lifecycle chaincode approveformyorg --channelID $CHANNEL_NAME --name mycc --version 1.0 --init-required --package-id $CC_PACKAGE_ID --sequence 1 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer lifecycle chaincode approveformyorg命令完整参数:
Approve the chaincode definition for my organization.
Usage:
peer lifecycle chaincode approveformyorg [flags]
Flags:
--channel-config-policy string The endorsement policy associated to this chaincode specified as a channel config policy reference
-C, --channelID string The channel on which this command should be executed
--collections-config string The fully qualified path to the collection JSON file including the file name
--connectionProfile string The fully qualified path to the connection profile that provides the necessary connection information for the network. Note: currently only supported for providing peer connection information
-E, --endorsement-plugin string The name of the endorsement plugin to be used for this chaincode
-h, --help help for approveformyorg
--init-required Whether the chaincode requires invoking 'init'
-n, --name string Name of the chaincode
--package-id string The identifier of the chaincode install package
--peerAddresses stringArray The addresses of the peers to connect to
--sequence int The sequence number of the chaincode definition for the channel (default 1)
--signature-policy string The endorsement policy associated to this chaincode specified as a signature policy
--tlsRootCertFiles stringArray If TLS is enabled, the paths to the TLS root cert files of the peers to connect to. The order and number of certs specified should match the --peerAddresses flag
-V, --validation-plugin string The name of the validation plugin to be used for this chaincode
-v, --version string Version of the chaincode
--waitForEvent Whether to wait for the event from each peer's deliver filtered service signifying that the transaction has been committed successfully (default true)
--waitForEventTimeout duration Time to wait for the event from each peer's deliver filtered service signifying that the 'invoke' transaction has been committed successfully (default 30s)
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--certfile string Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
--clientauth Use mutual TLS when communicating with the orderer endpoint
--connTimeout duration Timeout for client to connect (default 3s)
--keyfile string Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
-o, --orderer string Ordering service endpoint
--ordererTLSHostnameOverride string The hostname override to use when validating the TLS connection to the orderer.
--tls Use TLS when communicating with the orderer endpoint
Commit
peer lifecycle chaincode commit -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --channelID mychannel --name mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt --version 1.0 --sequence 1 --init-required
参数含义
–tls 是否启动tls
–cafile证书路径
–channelID 智能合约安装通道
–name 合约名
–version 合约版本
–package-id queryinstalled查询的合约ID
–sequence 序列号
–waitForEvent 等待peer提交交易返回
–init-required 合约是否必须执行init
–peerAddresses 节点路径
–tlsRootCertFiles 节点ca根证书路径(–peerAddresses --tlsRootCertFiles 连用,可多个节点,多个节点即将合约部署到对应节点集合上)
查看节点已提交合约
peer lifecycle chaincode querycommitted --channelID mychannel --name mycc
peer lifecycle chaincode commit命令完整参数:
Commit the chaincode definition on the channel.
Usage:
peer lifecycle chaincode commit [flags]
Flags:
--channel-config-policy string The endorsement policy associated to this chaincode specified as a channel config policy reference
-C, --channelID string The channel on which this command should be executed
--collections-config string The fully qualified path to the collection JSON file including the file name
--connectionProfile string The fully qualified path to the connection profile that provides the necessary connection information for the network. Note: currently only supported for providing peer connection information
-E, --endorsement-plugin string The name of the endorsement plugin to be used for this chaincode
-h, --help help for commit
--init-required Whether the chaincode requires invoking 'init'
-n, --name string Name of the chaincode
--peerAddresses stringArray The addresses of the peers to connect to
--sequence int The sequence number of the chaincode definition for the channel (default 1)
--signature-policy string The endorsement policy associated to this chaincode specified as a signature policy
--tlsRootCertFiles stringArray If TLS is enabled, the paths to the TLS root cert files of the peers to connect to. The order and number of certs specified should match the --peerAddresses flag
-V, --validation-plugin string The name of the validation plugin to be used for this chaincode
-v, --version string Version of the chaincode
--waitForEvent Whether to wait for the event from each peer's deliver filtered service signifying that the transaction has been committed successfully (default true)
--waitForEventTimeout duration Time to wait for the event from each peer's deliver filtered service signifying that the 'invoke' transaction has been committed successfully (default 30s)
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--certfile string Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
--clientauth Use mutual TLS when communicating with the orderer endpoint
--connTimeout duration Timeout for client to connect (default 3s)
--keyfile string Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
-o, --orderer string Ordering service endpoint
--ordererTLSHostnameOverride string The hostname override to use when validating the TLS connection to the orderer.
--tls Use TLS when communicating with the orderer endpoint
Init
所有的链码都包含一个初始化函数来初始化链码。默认情况下,这个函数永远不会执行。但可以使用chaincode定义设定是否需要执行Init(前面设定需要执行:–init-required),此处我们执行链码中的Init函数.
peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt --isInit -c '{"Args":["Init","a","100","b","100"]}'
操作合约
主要有invoke和query,此处与1.x完全一致,不再赘述。例如执行query函数
peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
链码升级
篇幅过长,转移至Fabric 2.0 之链码升级