使用Hyperledger Composer将业务网络部署到多个组织的Hyperledger Fabric区块链上
本文已在我的公众号Fabric技术分享原创首发。
转载请标明出处:
http://blog.csdn.net/qq_27818541/article/details/78727086
本文出自:【BigManing的博客】
-
-
- 前言
- 准备
- 一 、启动Fabric网络
- 二 、创建连接配置文件
- 三 、认识下每个组织的管理员
- 1、org1的管理员
- 2、org2的管理员
- 三 、为Org1的Hyperledger Fabric管理员创建business network card
- 1、 使用connection-org1-only.json配置文件
- 2、 使用connection-org1.json配置文件
- 四 、为Org2的Hyperledger Fabric管理员创建business network card
- 1、 使用connection-org2-only.json配置文件
- 2、 使用connection-org2.json配置文件
- 五 、 导入business network cards
- 六、 每个组织分别安装Hyperledger Composer runtime
- 七、 定义业务网络的认证策略
- 八、 生成各组织的业务网络管理员证书材料
- 九、 启动业务网络(business network)
- 1、 准备BNA文件,这里使用先前的文件
- 2、执行命令
- 十、 为各个组织生成访问业务网络的Business Network Card
- 1、org1
- 2、org2
- 3、查看此时的card列表
- 十一、生成REST API
-
前言
首先你必须有单组织部署的经验,然后再继续下面的文章。文中和
单组织部署相同的部分,就不做详细解析了,直接用代码来展示。
这个功能差不多是从Composer v0.15开始支持的, 官方的更新还是很给力的。它主要解决了多组织的
- 如何连接到网络
- 如何部署chaincode
- 如何设置认证策略
我的环境:
Ubuntu 16.04 //我的操作系统
Hyperledger Composer 0.16
Hyperledger Fabric 1.0.4
准备
停止以前的Fabric网络
cd ~/fabric-tools
./stopFabric.sh
./teardownFabric.sh下载fabric-samples ,这个是sstone1维护的示例
cd ~
git clone -b issue-6978 https://github.com/sstone1/fabric-samples.git一 、启动Fabric网络
定位到first-network目录,启动网络:
# 生成证书材料、channel材料
./byfn.sh -m generate
#启用couchdb作为world state 存储的媒介
./byfn.sh -m up -s couchdb -a运行成功后,docker ps:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a618b05fe741 dev-peer1.org2.example.com-mycc-1.0 "chaincode -peer.a..." 28 minutes ago Up 28 minutes dev-peer1.org2.example.com-mycc-1.0
076e43320a44 dev-peer0.org1.example.com-mycc-1.0 "chaincode -peer.a..." 28 minutes ago Up 28 minutes dev-peer0.org1.example.com-mycc-1.0
d29a758de28d dev-peer0.org2.example.com-mycc-1.0 "chaincode -peer.a..." 29 minutes ago Up 29 minutes dev-peer0.org2.example.com-mycc-1.0
a38167d7a39b hyperledger/fabric-tools "/bin/bash -c './s..." 29 minutes ago Up 29 minutes cli
8682cd2d0c1f hyperledger/fabric-peer "peer node start" 30 minutes ago Up 29 minutes 0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp peer1.org2.example.com
1cbe73e3cf71 hyperledger/fabric-peer "peer node start" 30 minutes ago Up 29 minutes 0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp peer0.org2.example.com
a946a790f0d5 hyperledger/fabric-peer "peer node start" 30 minutes ago Up 29 minutes 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp peer0.org1.example.com
c00f8a69b38b hyperledger/fabric-peer "peer node start" 30 minutes ago Up 30 minutes 0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp peer1.org1.example.com
c4d17a0b2305 hyperledger/fabric-ca "sh -c 'fabric-ca-..." 30 minutes ago Up 30 minutes 0.0.0.0:8054->7054/tcp ca_peerOrg2
2dd80d092779 hyperledger/fabric-couchdb "tini -- /docker-e..." 30 minutes ago Up 30 minutes 4369/tcp, 9100/tcp, 0.0.0.0:7984->5984/tcp couchdb2
54a410b83a23 hyperledger/fabric-orderer "orderer" 30 minutes ago Up 30 minutes 0.0.0.0:7050->7050/tcp orderer.example.com
8e5dbf668466 hyperledger/fabric-couchdb "tini -- /docker-e..." 30 minutes ago Up 30 minutes 4369/tcp, 9100/tcp, 0.0.0.0:6984->5984/tcp couchdb1
245dc07d87c5 hyperledger/fabric-couchdb "tini -- /docker-e..." 30 minutes ago Up 30 minutes 4369/tcp, 9100/tcp, 0.0.0.0:5984->5984/tcp couchdb0
fbc846f192e5 hyperledger/fabric-ca "sh -c 'fabric-ca-..." 30 minutes ago Up 30 minutes 0.0.0.0:7054->7054/tcp ca_peerOrg1
d9bbd213a460 hyperledger/fabric-couchdb "tini -- /docker-e..." 30 minutes ago Up 30 minutes 4369/tcp, 9100/tcp, 0.0.0.0:8984->5984/tcp 为了避免错误,清理缓存的card 身份:
composer card delete -n PeerAdmin@byfn-network-org1-only
composer card delete -n PeerAdmin@byfn-network-org1
composer card delete -n PeerAdmin@byfn-network-org2-only
composer card delete -n PeerAdmin@byfn-network-org2
composer card delete -n alice@tutorial-network
composer card delete -n bob@tutorial-network
composer card delete -n admin@tutorial-network
composer card delete -n PeerAdmin@fabric-network二 、创建连接配置文件
和单组织的配置文件不同,这里的每个组织需要两个配置文件。一个是只包含自己节点的配置文件,一个是包含org1和org2所有节点的配置文件。
定位到first-network目录下,新建connection文件夹并根据组织分别来创建配置文件:
org1对应的配置文件
connection-org1-only.json
{ "name": "byfn-network-org1-only", "type": "hlfv1", "mspID": "Org1MSP", "peers": [ { "requestURL": "grpcs://localhost:7051", "eventURL": "grpcs://localhost:7053", "cert": "../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt", "hostnameOverride": "peer0.org1.example.com" }, { "requestURL": "grpcs://localhost:8051", "eventURL": "grpcs://localhost:8053", "cert": "../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt", "hostnameOverride": "peer1.org1.example.com" } ], "ca": { "url": "https://localhost:7054", "name": "ca-org1", "cert": "../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt", "hostnameOverride": "ca.org1.example.com" }, "orderers": [ { "url" : "grpcs://localhost:7050", "cert": "../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt", "hostnameOverride": "orderer.example.com" } ], "channel": "mychannel", "timeout": 300 }connection-org1.json
{ "name": "byfn-network-org1", "type": "hlfv1", "mspID": "Org1MSP", "peers": [ { "requestURL": "grpcs://localhost:7051", "eventURL": "grpcs://localhost:7053", "cert": "../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt", "hostnameOverride": "peer0.org1.example.com" }, { "requestURL": "grpcs://localhost:8051", "eventURL": "grpcs://localhost:8053", "cert": "../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt", "hostnameOverride": "peer1.org1.example.com" }, { "requestURL": "grpcs://localhost:9051", "cert": "../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt", "hostnameOverride": "peer0.org2.example.com" }, { "requestURL": "grpcs://localhost:10051", "cert": "../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt", "hostnameOverride": "peer1.org2.example.com" } ], "ca": { "url": "https://localhost:7054", "name": "ca-org1", "cert": "../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt", "hostnameOverride": "ca.org1.example.com" }, "orderers": [ { "url" : "grpcs://localhost:7050", "cert": "../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt", "hostnameOverride": "orderer.example.com" } ], "channel": "mychannel", "timeout": 300 }org2对应的配置文件
connection-org2-only.json
{ "name": "byfn-network-org2-only", "type": "hlfv1", "mspID": "Org2MSP", "peers": [ { "requestURL": "grpcs://localhost:9051", "eventURL": "grpcs://localhost:9053", "cert": "../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt", "hostnameOverride": "peer0.org2.example.com" }, { "requestURL": "grpcs://localhost:10051", "eventURL": "grpcs://localhost:10053", "cert": "../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt", "hostnameOverride": "peer1.org2.example.com" } ], "ca": { "url": "https://localhost:8054", "name": "ca-org2", "cert": "../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt", "hostnameOverride": "ca.org2.example.com" }, "orderers": [ { "url" : "grpcs://localhost:7050", "cert": "../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt", "hostnameOverride": "orderer.example.com" } ], "channel": "mychannel", "timeout": 300 }connection-org2.json
{ "name": "byfn-network-org2", "type": "hlfv1", "mspID": "Org2MSP", "peers": [ { "requestURL": "grpcs://localhost:9051", "eventURL": "grpcs://localhost:9053", "cert": "../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt", "hostnameOverride": "peer0.org2.example.com" }, { "requestURL": "grpcs://localhost:10051", "eventURL": "grpcs://localhost:10053", "cert": "../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt", "hostnameOverride": "peer1.org2.example.com" }, { "requestURL": "grpcs://localhost:7051", "cert": "../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt", "hostnameOverride": "peer0.org1.example.com" }, { "requestURL": "grpcs://localhost:8051", "cert": "../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt", "hostnameOverride": "peer1.org1.example.com" } ], "ca": { "url": "https://localhost:8054", "name": "ca-org2", "cert": "../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt", "hostnameOverride": "ca.org2.example.com" }, "orderers": [ { "url" : "grpcs://localhost:7050", "cert": "../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt", "hostnameOverride": "orderer.example.com" } ], "channel": "mychannel", "timeout": 300 }
三 、认识下每个组织的管理员
记住下面的证书材料、私钥的位置,后续有用。
1、org1的管理员
2、org2的管理员
三 、为Org1的Hyperledger Fabric管理员创建business network card
1、 使用connection-org1-only.json配置文件
composer card create \
-p connection-org1-only.json \
-u PeerAdmin \
-c ../crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem \
-k ../crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/c1b7ad741cdbd81225bada7fdad24617457864396d81cbbbeebe07530a3cae30_sk \
-r PeerAdmin -r ChannelAdmin运行结果:
2、 使用connection-org1.json配置文件
composer card create \
-p connection-org1.json \
-u PeerAdmin \
-c ../crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/Admin@org1.example.com-cert.pem \
-k ../crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/c1b7ad741cdbd81225bada7fdad24617457864396d81cbbbeebe07530a3cae30_sk \
-r PeerAdmin -r ChannelAdmin运行结果:
四 、为Org2的Hyperledger Fabric管理员创建business network card
1、 使用connection-org2-only.json配置文件
composer card create \
-p connection-org2-only.json \
-u PeerAdmin \
-c ../crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem \
-k ../crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/keystore/434a5f909a77859a6a9dba06648ad828e947571e2f144692e4679b8174d278e7_sk \
-r PeerAdmin -r ChannelAdmin2、 使用connection-org2.json配置文件
composer card create \
-p connection-org2.json \
-u PeerAdmin \
-c ../crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/signcerts/Admin@org2.example.com-cert.pem \
-k ../crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/keystore/434a5f909a77859a6a9dba06648ad828e947571e2f144692e4679b8174d278e7_sk \
-r PeerAdmin -r ChannelAdmin运行结果:
最终多出了下面几个文件:
五 、 导入business network cards
上面生成的card并没有在composer维护的wallet中:
通过下面命令,把card导入到wallet中:
composer card import -f PeerAdmin@byfn-network-org1-only.card
composer card import -f PeerAdmin@byfn-network-org1.card
composer card import -f PeerAdmin@byfn-network-org2-only.card
composer card import -f PeerAdmin@byfn-network-org2.card执行成功后,查看card:
六、 每个组织分别安装Hyperledger Composer runtime
每个组织使用自己的管理员身份,同时指定一个业务网络的名称:
composer runtime install -c PeerAdmin@byfn-network-org1-only -n tutorial-network
composer runtime install -c PeerAdmin@byfn-network-org2-only -n tutorial-network
运行结果:
七、 定义业务网络的认证策略
请注意,用于业务网络的认可政策必须采用Hyperledger Fabric Node.js SDK使用的JSON格式。这与Hyperledger Fabric CLI使用的简单批注策略格式有所不同,您可以在Hyperledger Fabric文档中看到这种格式。
在v0.15之前是没有这个功能的,新增的这个功能更加贴近现实场景,使得composer功能更加强大。
在connection目录下新建文件endorsement-policy.json,编辑内容如下:
{
"identities": [
{
"role": {
"name": "member",
"mspId": "Org1MSP"
}
},
{
"role": {
"name": "member",
"mspId": "Org2MSP"
}
}
],
"policy": {
"2-of": [
{
"signed-by": 0
},
{
"signed-by": 1
}
]
}
}这个认证策略是所有的交易必须经过org1和org2成员的背书,然后才能被提交到区块链上。
八、 生成各组织的业务网络管理员证书材料
业务网络启动时,业务网络必须配置一组初始参与者。这些参与者将负责引导业务网络,并将其他参与者引入业务网络。在Hyperledger Composer中,我们将这些初始参与者称为业务网络管理员。
我们要设定 Org1的业务网络管理员将是Alice,而Org2的业务网络管理员将是Bob。
当业务网络启动时,所有业务网络管理员的证书(身份的公共部分)必须传递给执行命令的组织以启动业务网络。业务网络启动后,所有业务网络管理员都可以使用自己的身份与业务网络进行交互。
执行命令:
composer identity request -c PeerAdmin@byfn-network-org1-only -u admin -s adminpw -d alice
composer identity request -c PeerAdmin@byfn-network-org2-only -u admin -s adminpw -d bob运行结果:
九、 启动业务网络(business network)
1、 准备BNA文件,这里使用先前的文件
2、执行命令
只让org1来启动业务网络即可:
composer network start \
-c PeerAdmin@byfn-network-org1 \
-a tutorial-network.bna \
-o endorsementPolicyFile=endorsement-policy.json \
-A alice -C alice/admin-pub.pem \
-A bob -C bob/admin-pub.pem执行结果:
docker ps查看,多出了四个镜像。 这四个是composer部署的智能合约(业务网络),分别对应每个peer。
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
667218cb17b6 dev-peer0.org2.example.com-tutorial-network-0.16.2 "chaincode -peer.a..." 14 minutes ago Up 14 minutes dev-peer0.org2.example.com-tutorial-network-0.16.2
561aa195fbca dev-peer1.org2.example.com-tutorial-network-0.16.2 "chaincode -peer.a..." 14 minutes ago Up 14 minutes dev-peer1.org2.example.com-tutorial-network-0.16.2
f58e51bcb8fd dev-peer1.org1.example.com-tutorial-network-0.16.2 "chaincode -peer.a..." 14 minutes ago Up 14 minutes dev-peer1.org1.example.com-tutorial-network-0.16.2
9d84d7f04295 dev-peer0.org1.example.com-tutorial-network-0.16.2 "chaincode -peer.a..." 14 minutes ago Up 14 minutes dev-peer0.org1.example.com-tutorial-network-0.16.2
3c914b2745b0 dev-peer1.org2.example.com-mycc-1.0 "chaincode -peer.a..." 3 hours ago Up 3 hours dev-peer1.org2.example.com-mycc-1.0
6b8c7ad3de63 dev-peer0.org1.example.com-mycc-1.0 "chaincode -peer.a..." 3 hours ago Up 3 hours dev-peer0.org1.example.com-mycc-1.0
eecfcd21c857 dev-peer0.org2.example.com-mycc-1.0 "chaincode -peer.a..." 3 hours ago Up 3 hours dev-peer0.org2.example.com-mycc-1.0
ec4e856f351a hyperledger/fabric-tools "/bin/bash -c './s..." 3 hours ago Up 3 hours cli
6c390e2db6f2 hyperledger/fabric-peer "peer node start" 3 hours ago Up 3 hours 0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp peer0.org2.example.com
65ad7c67e695 hyperledger/fabric-peer "peer node start" 3 hours ago Up 3 hours 0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp peer1.org2.example.com
3edfd4635d79 hyperledger/fabric-peer "peer node start" 3 hours ago Up 3 hours 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp peer0.org1.example.com
d7e3bd8f3e02 hyperledger/fabric-peer "peer node start" 3 hours ago Up 3 hours 0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp peer1.org1.example.com
426be6f24ce8 hyperledger/fabric-orderer "orderer" 3 hours ago Up 3 hours 0.0.0.0:7050->7050/tcp orderer.example.com
1fb18693331d hyperledger/fabric-couchdb "tini -- /docker-e..." 3 hours ago Up 3 hours 4369/tcp, 9100/tcp, 0.0.0.0:7984->5984/tcp couchdb2
b7d5da5434b7 hyperledger/fabric-ca "sh -c 'fabric-ca-..." 3 hours ago Up 3 hours 0.0.0.0:8054->7054/tcp ca_peerOrg2
46eb39200ee3 hyperledger/fabric-couchdb "tini -- /docker-e..." 3 hours ago Up 3 hours 4369/tcp, 9100/tcp, 0.0.0.0:8984->5984/tcp couchdb3
993a8a9ab5f7 hyperledger/fabric-couchdb "tini -- /docker-e..." 3 hours ago Up 3 hours 4369/tcp, 9100/tcp, 0.0.0.0:5984->5984/tcp couchdb0
7d15e8dfd210 hyperledger/fabric-ca "sh -c 'fabric-ca-..." 3 hours ago Up 3 hours 0.0.0.0:7054->7054/tcp ca_peerOrg1
bfc01df48996 hyperledger/fabric-couchdb "tini -- /docker-e..." 3 hours ago Up 3 hours 4369/tcp, 9100/tcp, 0.0.0.0:6984->5984/tcp couchdb1十、 为各个组织生成访问业务网络的Business Network Card
业务网络启动后,Alice和Bob都能够访问业务网络,可以从其各自的组织中接受其他参与者。但是,Alice和Bob都必须创建新的业务网卡(需要第八步骤生成的证书),以便他们可以访问业务网络。
接下来的流程:生成Card–>导入Card–>测试是否通畅
1、org1
执行命令:
composer card create -p connection-org1.json -u alice -n tutorial-network -c alice/admin-pub.pem -k alice/admin-priv.pem
composer card import -f alice@tutorial-network.card
composer network ping -c alice@tutorial-network执行结果:
2、org2
执行命令:
composer card create -p connection-org2.json -u bob -n tutorial-network -c bob/admin-pub.pem -k bob/admin-priv.pem
composer card import -f bob@tutorial-network.card
composer network ping -c bob@tutorial-network
执行结果:
3、查看此时的card列表
图中那两个card是专门访问业务网络
十一、生成REST API
使用官方命令 :
composer-rest-server
执行结果:
rest api :
