Hyperledger Fabric BYFN之基础配置篇
参考https://hyperledger-fabric.readthedocs.io/en/release-1.2/build_network.html
http://www.javatree.cn/news/027b347e856e49589083282b5d01dccb
Build your first network是Hyperledger Fabric官方最详细的例子, 目录对应
fabric-samples/first-network, 动手时间到。
1. Hyperledger Fabric启动入口
复习下Hyperledger Fabric基础的网络篇,启动一个区块链网络首先要搭建什么?如果不清楚最好看完基础篇。答案是Orderer服务。
Hyperledger Fabric使用docker镜像fabric-orderer启动Orderder服务,BYFN的命令行为
docker-compose -f docker-compose-cli.yaml up -d
我们看下docker-compose-cli.yaml内容
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
volumes:
orderer.example.com:
peer0.org1.example.com:
peer1.org1.example.com:
peer0.org2.example.com:
peer1.org2.example.com:
networks:
byfn:
services:
orderer.example.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com
networks:
- byfn
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.example.com
networks:
- byfn
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org1.example.com
networks:
- byfn
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org2.example.com
networks:
- byfn
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: base/docker-compose-base.yaml
file: base/docker-compose-base.yaml
service: peer0.org2.example.com
networks:
- byfn
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org2.example.com
networks:
- byfn
cli:
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- CORE_LOGGING_LEVEL=DEBUG
- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer1.org1.example.com
- peer0.org2.example.com
- peer1.org2.example.com
networks:
SERVICES定义了1个orderer, 4个peer, 一个cli, 都基于docker-compose-base.yaml作为模板, 启动cli命令行(基于fabric-tool镜像),depends_on的依赖关系意味着cli启动的时候要先把orderer和4个peer服务都启动了。
看下order.example.com服务的配置:
Orderer服务的全称为orderer.example.com.
container_name定义在docker中的进程名.
networks定义归属byfn区块链网络.
extends定义继承使用docker-compose-base.yaml中orderer.example.com中的配置。
我们继续看下docker-compose-base.yaml中orderer.example.com的配置内容:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer:$IMAGE_TAG
environment:
- ORDERER_GENERAL_LOGLEVEL=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
- orderer.example.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
image定义了使用的docker镜像fabric-orderer.
environment定义了docker运行的容器中的环境变量,例如指定了日志级别,监听地址,生成创世块方式和路径,本地MSP路径,以及orderer开启TLS使用的私钥,自签名证书和CA证书。
其中ORDERER_GENERAL_GENSISFILE指定了创世块文件名字,orderer启动需要创世块。
working_dir定义容器中的工作目录.
command实际执行的orderer命令.
volumes定义的外部主机和容器的路径卷映射(需要了解下docker中存储的映射)。
ports定义了外部主机和内部容器的端口映射, 即7051是orderer的监听端口。
那么启动启动orderer依赖的TLS,MSP这些文件如何生成呢? 我们来介绍cryptogen这个命令
2. cryptogen命令生成相关密钥,证书和MSP
执行以下命令行提示生成两个组织
[root@localhost first-network]# cryptogen generate --config=./crypto-config.yaml
org1.example.com
org2.example.com
我们看下crypto-config.yaml内容
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
主要定义了两大类组织, OrdererOrgs归为一类, PeerOrgs归为一类.
Name标记组织唯一名称.
Domain定义所属域名.
Specs 定义各自配置项信息.
EnableNodeOUs定义节点是否支持组织单元,前面基础章节MSP会员身份有介绍。
PeerOrgs使用两种方式定义组织,一种是Specs具体指定每个主机peer节点, 另外一种方式是使用Template批量生成节点, 参考上面配置的注释。
上面例子定义了一个orderer, 两个组织, 每个组织下两个Peer.
具体生成了什么内容了, 我们看下当前目录下的crypto-config文件夹:
[root@localhost crypto-config]# pwd
/mnt/sda3/fabric-samples/first-network/crypto-config
[root@localhost crypto-config]# ll
总用量 8
drwxr-xr-x. 3 root root 4096 8月 24 23:19 ordererOrganizations
drwxr-xr-x. 4 root root 4096 8月 24 23:19 peerOrganizations
[root@localhost example.com]# pwd
/mnt/sda3/fabric-samples/first-network/crypto-config/ordererOrganizations/example.com
[root@localhost example.com]# ll
总用量 20
drwxr-xr-x. 2 root root 4096 8月 24 23:19 ca
drwxr-xr-x. 5 root root 4096 8月 24 23:19 msp
drwxr-xr-x. 3 root root 4096 8月 24 23:19 orderers
drwxr-xr-x. 2 root root 4096 8月 24 23:19 tlsca
drwxr-xr-x. 3 root root 4096 8月 24 23:19 users
[root@localhost peerOrganizations]# pwd
/mnt/sda3/fabric-samples/first-network/crypto-config/peerOrganizations
[root@localhost peerOrganizations]# ll
总用量 8
drwxr-xr-x. 7 root root 4096 8月 24 23:19 org1.example.com
drwxr-xr-x. 7 root root 4096 8月 24 23:19 org2.example.com
3. Orderer服务启动
再回头看下docker-compose-base.yaml中orderer.example.com的配置内容:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer:$IMAGE_TAG
environment:
- ORDERER_GENERAL_LOGLEVEL=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
- orderer.example.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
Server.key, server.crt, ca.crt都有了, 差创世块genesis.block文件了, 使用以下命令行创建
[root@localhost first-network]# export FABRIC_CFG_PATH=$PWD
[root@localhost first-network]# configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
2018-08-26 16:26:31.045 CST [common/tools/configtxgen] main -> WARN 001 Omitting the channel ID for configtxgen is deprecated. Explicitly passing the channel ID will be required in the future, defaulting to 'testchainid'.
2018-08-26 16:26:31.045 CST [common/tools/configtxgen] main -> INFO 002 Loading configuration
2018-08-26 16:26:31.067 CST [common/tools/configtxgen/encoder] NewChannelGroup -> WARN 003 Default policy emission is deprecated, please include policy specificiations for the channel group in configtx.yaml
2018-08-26 16:26:31.067 CST [common/tools/configtxgen/encoder] NewOrdererGroup -> WARN 004 Default policy emission is deprecated, please include policy specificiations for the orderer group in configtx.yaml
2018-08-26 16:26:31.068 CST [common/tools/configtxgen/encoder] NewOrdererOrgGroup -> WARN 005 Default policy emission is deprecated, please include policy specificiations for the orderer org group OrdererOrg in configtx.yaml
2018-08-26 16:26:31.111 CST [msp] getMspConfig -> INFO 006 Loading NodeOUs
2018-08-26 16:26:31.111 CST [common/tools/configtxgen/encoder] NewOrdererOrgGroup -> WARN 007 Default policy emission is deprecated, please include policy specificiations for the orderer org group Org1MSP in configtx.yaml
2018-08-26 16:26:31.123 CST [msp] getMspConfig -> INFO 008 Loading NodeOUs
2018-08-26 16:26:31.123 CST [common/tools/configtxgen/encoder] NewOrdererOrgGroup -> WARN 009 Default policy emission is deprecated, please include policy specificiations for the orderer org group Org2MSP in configtx.yaml
2018-08-26 16:26:31.123 CST [common/tools/configtxgen] doOutputBlock -> INFO 00a Generating genesis block
2018-08-26 16:26:31.125 CST [common/tools/configtxgen] doOutputBlock -> INFO 00b Writing genesis block
channel-artifacts文件夹下生成了genesis.block, 容器中映射为
/var/hyperledger/orderer/orderer.genesis.block
configtxgen命令实际读取的配置文件默认为configtxgen.yaml, 我们看下它对应的profile TwoOrgsOrdererGenesis, 对应蓝色字体。创世块是记账本的第一个区块,作用重大。配置有点啰嗦,但仔细过一遍。
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org1.example.com
Port: 7051
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org2.example.com
Port: 7051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both. Set the value of the capability to true to require it.
Global: &ChannelCapabilities
# V1.1 for Global is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running v1.0.x,
# but the modification of which would cause incompatibilities. Users
# should leave this flag set to true.
V1_1: true
# Orderer capabilities apply only to the orderers, and may be safely
# manipulated without concern for upgrading peers. Set the value of the
# capability to true to require it.
Orderer: &OrdererCapabilities
# V1.1 for Order is a catchall flag for behavior which has been
# determined to be desired for all orderers running v1.0.x, but the
# modification of which would cause incompatibilities. Users should
# leave this flag set to true.
V1_1: true
# Application capabilities apply only to the peer network, and may be safely
# manipulated without concern for upgrading orderers. Set the value of the
# capability to true to require it.
Application: &ApplicationCapabilities
# V1.2 for Application is a catchall flag for behavior which has been
# determined to be desired for all peers running v1.0.x, but the
# modification of which would cause incompatibilities. Users should
# leave this flag set to true.
V1_2: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.example.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
Profile TwoOrgsOrdererGenesis
定义了全局的通道兼容性ChannelCapabilities, 具体多看下注释, 貌似V1_1设置为true就可以兼容v1.0.x版本,一般默认吧。
定义了Order, 对应到OrdererDefaults配置内容,使用orderType是solo, 没用kafka, 还配置了solo相关的监听地址,批量处理最大值和超时时间等。在进阶配置篇我们再学习kafka配置。
定义了区块链网络的联盟Consortiums为SampleConsortium, 包含了组织Org1和Org2。其实打开genesis.block的内容看下, 注释包含了Org1和Org2证书相关的MSP信息,组织的Anchor Peer等信息打到区块中,确实容易让人误会以为配置文件里面有的内容都会打包到区块,实际上-outputBlock选项只是打包以上说的这些基础数据。
启动cli顺路都会启动orderer, 其实peer也会被启动, 因为docker-compose-cli.yaml定义了, 证书也都生成了,peer并未加入区块链网络。
[root@localhost first-network]# docker-compose -f docker-compose-cli.yaml up -d
Creating network "net_byfn" with the default driver
Creating volume "net_orderer.example.com" with default driver
Creating volume "net_peer0.org1.example.com" with default driver
Creating volume "net_peer1.org1.example.com" with default driver
Creating volume "net_peer0.org2.example.com" with default driver
Creating volume "net_peer1.org2.example.com" with default driver
Creating peer0.org1.example.com ... done
Creating peer0.org2.example.com ... done
Creating peer1.org2.example.com ... done
Creating peer1.org1.example.com ... done
Creating orderer.example.com ... done
Creating cli ... done
我们看下docker容器启动的进程
[root@localhost first-network]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f1f0fe5f2133 hyperledger/fabric-tools:latest "/bin/bash" 3 minutes ago Up 3 minutes cli
8816783a79ce hyperledger/fabric-orderer:latest "orderer" 3 minutes ago Up 3 minutes 0.0.0.0:7050->7050/tcp orderer.example.com
1b47b97495f0 hyperledger/fabric-peer:latest "peer node start" 3 minutes ago Up 3 minutes 0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp peer1.org2.example.com
51c166bdce76 hyperledger/fabric-peer:latest "peer node start" 3 minutes ago Up 3 minutes 0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp peer1.org1.example.com
b8112247baf6 hyperledger/fabric-peer:latest "peer node start" 3 minutes ago Up 3 minutes 0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp peer0.org2.example.com
0fc1e47832d5 hyperledger/fabric-peer:latest "peer node start" 3 minutes ago Up 3 minutes 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp peer0.org1.example.com
4. 创建通道和加入通道
区块链网络有了, orderer网络管理节点有了, peer是启动了,但没加入网络和通道,以下命令行验证下(验证完后请exit退出docker容器命令行)。
[root@localhost first-network]# docker exec -it cli bash
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel list
2018-08-26 09:35:02.325 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Channels peers has joined:
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# echo $CORE_PEER_ADDRESS
peer0.org1.example.com:7051
回想下区块链网络基础章节,orderer定义联盟SampleConsortium, 但是没有通道,需要向orderer发送一个配置的请求,使用configtxgen生成。
[root@localhost first-network]# export CHANNEL_NAME=mychannel
[root@localhost first-network]#
[root@localhost first-network]# configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
2018-08-26 17:53:10.167 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
2018-08-26 17:53:10.183 CST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
2018-08-26 17:53:10.183 CST [common/tools/configtxgen/encoder] NewApplicationGroup -> WARN 003 Default policy emission is deprecated, please include policy specificiations for the application group in configtx.yaml
2018-08-26 17:53:10.184 CST [msp] getMspConfig -> INFO 004 Loading NodeOUs
2018-08-26 17:53:10.184 CST [common/tools/configtxgen/encoder] NewApplicationOrgGroup -> WARN 005 Default policy emission is deprecated, please include policy specificiations for the application org group Org1MSP in configtx.yaml
2018-08-26 17:53:10.184 CST [msp] getMspConfig -> INFO 006 Loading NodeOUs
2018-08-26 17:53:10.184 CST [common/tools/configtxgen/encoder] NewApplicationOrgGroup -> WARN 007 Default policy emission is deprecated, please include policy specificiations for the application org group Org2MSP in configtx.yaml
2018-08-26 17:53:10.186 CST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 008 Writing new channel tx
[root@localhost first-network]# cd channel-artifacts/
[root@localhost channel-artifacts]# ll
总用量 20
-rw-r--r--. 1 root root 346 8月 26 17:53 channel.tx
-rw-r--r--. 1 root root 12655 8月 26 16:26 genesis.block
[root@localhost channel-artifacts]#
看到channel.tx即生成成功,同理也是用configtxgen生成,我们看下对应配置文件configtx.yaml中Profile TwoOrgsChannel 的配置。
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
主要配置所属联盟为SampleConsortium, 配置的通道可用的两个组织。 我们看下channel.tx的内容, 貌似也是简单的定义了通道名称,所属联盟,用到的MSP, 兼容性版本配置,Admin,读写权限等? -outputCreateChannelTx选项也只是生成配置文件中的部分内容。
我们需要进去到cli容器中创建通道
[root@192 first-network]# docker exec -it -e LINES=$(tput lines) -e COLUMNS=$(tput cols) cli bash
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# export CHANNEL_NAME=mychannel
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2018-08-30 17:10:28.077 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2018-08-30 17:10:28.124 UTC [cli/common] readBlock -> INFO 002 Got status: &{NOT_FOUND}
2018-08-30 17:10:28.130 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2018-08-30 17:10:28.339 UTC [cli/common] readBlock -> INFO 004 Received block: 0
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer#
加入通道并验证下是否加入成功
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel join -b mychannel.block
2018-08-30 17:19:27.903 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2018-08-30 17:19:27.964 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel list
2018-08-30 17:20:13.861 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Channels peers has joined:
mychannel
通道虽说是建立好了,实际上从配置文件configtx.yaml可看到,每个Org实际需要配置一个或多个Anchor Peer锚节点(用于跨组织的gossip通信协议,后面服务发现提到),下面我们把当前的peer节点设置为锚节点,先生成 tx文件。
[root@192 first-network]# export CHANNEL_NAME=mychannel
[root@192 first-network]# configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP
2018-08-31 01:38:34.650 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
2018-08-31 01:38:34.662 CST [common/tools/configtxgen] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
2018-08-31 01:38:34.662 CST [common/tools/configtxgen] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update
我们看下生成的Org1MSPanchors.tx文件
切到cli容器向orderer更新通道, orderer是区块链网络的管理节点。
[root@192 first-network]# docker exec -it -e LINES=$(tput lines) -e COLUMNS=$(tput cols) cli bash
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# export CHANNEL_NAME=mychannel
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2018-08-30 17:55:31.054 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2018-08-30 17:55:31.078 UTC [channelCmd] update -> INFO 002 Successfully submitted channel update
5. 安装和运行链码
在cli容器中执行
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go/
2018-08-30 18:08:22.619 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc
2018-08-30 18:08:22.619 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc
2018-08-30 18:08:24.760 UTC [chaincodeCmd] install -> INFO 003 Installed remotely response:
Hyperledger Fabric总能安装配置好, 但链码作为智能合同的实现,我们是必须详细学习的。
-n指定链码名称.
-v指定链码的版本.
-p指定链码的路径,默认是go语言实现.
初始化链码
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
2018-08-30 18:18:12.800 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc
2018-08-30 18:18:12.800 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc
为什么初始化链码的时候要和orderer通信?不是直接peer节点安装初始化使用吗? 复习下区块链网络的更新几个步骤,orderer需要验证更新的背书策略和采访权限,orderer需要知道这些信息, 实例化链码的时候就需要orderer知道了。 这个例子-P指定策略, 必须要Org1和Org2的背书节点通过才能更新。
调用链码
查询简单些
[root@192 first-network]# docker exec -it -e LINES=$(tput lines) -e COLUMNS=$(tput cols) cli bash
root@4b05aaca1028:/opt/gopath/src/github.com/hyperledger/fabric/peer# export CHANNEL_NAME=mychannel
root@4b05aaca1028:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
90
下面是更新例子
root@4b05aaca1028:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["invoke","a","b","10"]}'
2018-08-30 18:47:22.101 UTC [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200
链码这个调用最好./byfn.sh up那样完整的生成两个组织,四个节点, 需要干净的环境就使用./byfn.sh down清理再执行./byfn.sh up
更新这里指定了两个Peer, 一般指定对应的背书节点就好,当然发送个通道的所有Peer节点。
基础配置篇暂时到此,如果你心中有不少疑问就对了, BYFN毕竟只是个演示的demo, 如果用在商用可够呛。 更完善的使用和配置我们将在配置进阶篇中讲解。
更多请关注
