基于Hyperledger Fabric1.4 自定义搭建自己的区块链(一)
在已经基本跑通Hyperledger Fabric1.4 中 fabric-sample中first-network情况下,需要更进一步搭建自定义的fabric区块链,脱离example的限制
一、拷贝first-network为my-network
[root@mike fabric-samples]# cp first-network my-network
[root@mike fabric-samples]# cd my-network/二、生成Certs并保存于crypto-config中
参考byfn.sh的generateCerts()函数,修改my-network网络下的crypto-config.yaml(密钥配置文件)。在配置文件crypto-config.yaml,需要配置两个类型的组织:Orderer和Peer。根据配置生成各组织和用户所需要的证书即密钥
OrdererOrgs中,定义了Orderer的域名和主机名,orderer.mikechain.com就是Orderer的地址。
PeerOrgs中,定义了两个组织:OrgA和OrgB,并定义了每个组织的域名,Template表示该组织下有两个节点,默认两个子节点的名字分别为peer0,peer1,多个节点名字依次顺延,Users表示每个组织下有两个用户,默认两个用户名为User0,User1,多个用户名字依次顺延,此外,还会有一个Admin账户。
crypto-config.yaml配置如下(省略了注释):
OrdererOrgs:
- Name: Orderer
Domain: mikechain.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: OrgA
Domain: orga.mikechain.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 2
- Name: OrgB
Domain: orgb.mikechain.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 2
三、生成Certs并保存于crypto-config中
在replacePrivateKey()这个函数中,会替换 docker-compose-e2e-template.yaml 文件中的 CA1_PRIVATE_KEY 为当前目录 crypto- config/peerOrganizationsorg1.example.com/ca/ 下的以 _sk 结尾的文件名,同时替换 CA2_PRIVATE_KEY 为当前目录crypto-config/peerOrganizationsorg2.example.com/ca/ 下的以 _sk 结尾的文件名。
最终生成的新文件被创建在当前文件夹下并命名为 docker-compose-e2e.yaml,在该文件中定义了 CA 的 CERTFILE 及 KEYFILE,同时也通过 command 内置参数显示启动了 Fabric-CA 服务端。
3.1替换对应的节点dockers-compose-e2e-template.yaml。包括组织名和domain名与crypto-config.yaml对应
version: '2'
volumes:
orderer.mikechain.com:
peer0.orga.mikechain.com:
peer1.orga.mikechain.com:
peer0.orgb.mikechain.com:
peer1.orgb.mikechain.com:
networks:
byfn:
services:
ca0:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-orga
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orga.mikechain.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/CA1_PRIVATE_KEY
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.orga.mikechain.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/CA1_PRIVATE_KEY -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/orga.mikechain.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrga
networks:
- byfn
ca1:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-orgb
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.orgb.mikechain.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/CA2_PRIVATE_KEY
ports:
- "8054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.orgb.mikechain.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/CA2_PRIVATE_KEY -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org2.mikechain.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrgb
networks:
- byfn
orderer.mikechain.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.mikechain.com
container_name: orderer.mikechain.com
networks:
- byfn
peer0.orga.mikechain.com:
container_name: peer0.orga.mikechain.com
extends:
file: base/docker-compose-base.yaml
service: peer0.orga.mikechain.com
networks:
- byfn
peer1.orga.mikechain.com:
container_name: peer1.orga.mikechain.com
extends:
file: base/docker-compose-base.yaml
service: peer1.orga.mikechain.com
networks:
- byfn
peer0.orgb.mikechain.com:
container_name: peer0.orgb.mikechain.com
extends:
file: base/docker-compose-base.yaml
service: peer0.orgb.mikechain.com
networks:
- byfn
peer1.orgb.mikechain.com:
container_name: peer1.orgb.mikechain.com
extends:
file: base/docker-compose-base.yaml
service: peer1.orgb.mikechain.com
networks:
- byfn
3.2修改docker-compose-base.yaml文件,修改对应的services下的路径
version: '2'
services:
orderer.mikechain.com:
container_name: orderer.mikechain.com
image: hyperledger/fabric-orderer:$IMAGE_TAG
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/mikechain.com/orderers/orderer.mikechain.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/mikechain.com/orderers/orderer.mikechain.com/tls/:/var/hyperledger/orderer/tls
- orderer.mikechain.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
peer0.orga.mikechain.com:
container_name: peer0.orga.mikechain.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.orga.mikechain.com
- CORE_PEER_ADDRESS=peer0.orga.mikechain.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.orga.mikechain.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orga.mikechain.com:7051
- CORE_PEER_LOCALMSPID=orgaMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orga.mikechain.com/peers/peer0.orga.mikechain.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orga.mikechain.com/peers/peer0.orga.mikechain.com/tls:/etc/hyperledger/fabric/tls
- peer0.orga.mikechain.com:/var/hyperledger/production
ports:
- 7051:7051
- 7053:7053
peer1.orga.mikechain.com:
container_name: peer1.orga.mikechain.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.orga.mikechain.com
- CORE_PEER_ADDRESS=peer1.orga.mikechain.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orga.mikechain.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orga.mikechain.com:7051
- CORE_PEER_LOCALMSPID=OrgaMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orga.mikechain.com/peers/peer1.orga.mikechain.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orga.mikechain.com/peers/peer1.orga.mikechain.com/tls:/etc/hyperledger/fabric/tls
- peer1.orga.mikechain.com:/var/hyperledger/production
ports:
- 8051:7051
- 8053:7053
peer0.orgb.mikechain.com:
container_name: peer0.orgb.mikechain.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.orgb.mikechain.com
- CORE_PEER_ADDRESS=peer0.orgb.mikechain.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgb.mikechain.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.orgb.mikechain.com:7051
- CORE_PEER_LOCALMSPID=OrgbMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orgb.mikechain.com/peers/peer0.orgb.mikechain.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orgb.mikechain.com/peers/peer0.orgb.mikechain.com/tls:/etc/hyperledger/fabric/tls
- peer0.orgb.mikechain.com:/var/hyperledger/production
ports:
- 9051:7051
- 9053:7053
peer1.orgb.mikechain.com:
container_name: peer1.orgb.mikechain.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.orgb.mikechain.com
- CORE_PEER_ADDRESS=peer1.orgb.mikechain.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orgb.mikechain.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgb.mikechain.com:7051
- CORE_PEER_LOCALMSPID=OrgbMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orgb.mikechain.com/peers/peer1.orgb.mikechain.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orgb.mikechain.com/peers/peer1.orgb.mikechain.com/tls:/etc/hyperledger/fabric/tls
- peer1.orgb.mikechain.com:/var/hyperledger/production
ports:
- 10051:7051
- 10053:70533.3 修改byfn.sh中的replacePrivatekey函数
function replacePrivateKey() {
# sed on MacOSX does not support -i flag with a null extension. We will use
# 't' for our back-up's extension and delete it at the end of the function
ARCH=$(uname -s | grep Darwin)
if [ "$ARCH" == "Darwin" ]; then
OPTS="-it"
else
OPTS="-i"
fi
# Copy the template to the file that will be modified to add the private key
cp docker-compose-e2e-template.yaml docker-compose-e2e.yaml
# The next steps will replace the template's contents with the
# actual values of the private key file names for the two CAs.
CURRENT_DIR=$PWD
cd crypto-config/peerOrganizations/orga.mikechain.com/ca/
PRIV_KEY=$(ls *_sk)
cd "$CURRENT_DIR"
sed $OPTS "s/CA1_PRIVATE_KEY/${PRIV_KEY}/g" docker-compose-e2e.yaml
cd crypto-config/peerOrganizations/orgb.mikechain.com/ca/
PRIV_KEY=$(ls *_sk)
cd "$CURRENT_DIR"
sed $OPTS "s/CA2_PRIVATE_KEY/${PRIV_KEY}/g" docker-compose-e2e.yaml
# If MacOSX, remove the temporary backup of the docker-compose file
if [ "$ARCH" == "Darwin" ]; then
rm docker-compose-e2e.yamlt
fi
}