《HyperLedger Fabric 实战》—— 四、Fabric Solo 单机多节点部署
《HyperLedger Fabric 实战》—— 四、Fabric Solo 单机多节点部署
1、环境清理
如果运行过上一篇的 e2e_cli 案例,需要进行此步
cd ~/fabric/examples/e2e_cli
bash network_setup.sh down
2、文件准备
备份 1.0 源码的 crypto-config.yaml 及 configtx.yaml 配置文件
cd ~/fabric
cp examples/e2e_cli/crypto-config.yaml ~/
cp examples/e2e_cli/configtx.yaml ~/
切换代码到 1.1 版,并传入 两个 yaml 文件
git checkout release-1.1
mkdir aberic/
mv ~/crypto-config.yaml ~/configtx.yaml aberic/
重新获取 1.1 版 二进制文件 及 docker 镜像
rm -rf ~/fabric/release/linux-amd64
rm -rf ~/fabric/scripts/bin
cd ~/fabric
./scripts/bootstrap.sh
复制二进制文件到 aberic 目录
cp -R ~/fabric/scripts/bin ~/fabric/aberic/
3、生成证书文件
在项目 fabric 文件夹下新建 aberic 目录,并前面准备好的特定二进制文件放置于 aberic/bin 目录下。
cd ~/fabric/aberic/
./bin/cryptogen generate --config=./crypto-config.yaml
4、生成创世区块
准备环境变量 和 目录
export FABRIC_CFG_PATH=~/fabric/aberic
mkdir -p ~/fabric/aberic/channel-artifacts
cd ~/fabric/aberic
生成创世区块
./bin/configtxgen -profile TwoOrgsOrdererGenesis -outputBlock \
./channel-artifacts/genesis.block
5、频道认证文件
./bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx \
./channel-artifacts/mychannel.tx -channelID mychannel
mychannel.tx 即为频道认证文件
6、部署 Orderer 节点
docker-orderer.yaml 启动文件
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic_default
# - ORDERER_GENERAL_LOGLEVEL=error
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
#- ORDERER_GENERAL_GENESISPROFILE=AntiMothOrdererGenesis
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
#- ORDERER_GENERAL_LEDGERTYPE=ram
#- ORDERER_GENERAL_LEDGERTYPE=file
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=false
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
networks:
default:
aliases:
- aberic
ports:
- 7050:7050
7、部署 peer0.org1 节点
docker-peer.yaml 启动文件
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb
# Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service,
# for example map it to utilize Fauxton User Interface in dev environments.
ports:
- 5984:5984
ca:
container_name: ca
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca
- FABRIC_CA_SERVER_TLS_ENABLED=false
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/ab7dca5e5f6b1cc24c2023764c5b34d1f78d8614d2a11e74178d2d5509bd3be8_sk
ports:
- 7054:7054
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/ab7dca5e5f6b1cc24c2023764c5b34d1f78d8614d2a11e74178d2d5509bd3be8_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer
environment:
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_NETWORKID=aberic
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic
# - CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic_default
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 7051:7051
- 7052:7052
- 7053:7053
depends_on:
- couchdb
networks:
default:
aliases:
- aberic
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# - CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ./chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/aberic/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org1.example.com
注意,文件中FABRIC_CA_SERVER_TLS_KEYFILE及command最后一部分,这两处的_sk文件名需要替换成之前生成的证书文件名,如遇错误“error: unexpected signal during runtime execution” 则 sudo vim /etc/resolv.conf,将options timeout:2 attempts:3 rotate single-request-reopen注掉。
关于如何确定_sk文件:进入目录~/fabric/aberic并执行find ./ -regex ".*peer.*org2.*ca/.*_sk.*",会找到如下两行记录,因为这里我们设置FABRIC_CA_SERVER_TLS_ENABLED=false,所以使用/ca/后面的字符串即可:
org2.example.com/ca/d749ca1...5d75685_sk
org2.example.com/tlsca/17e3c2b...b2bc1d7_sk
8、搭建 Fabric 网络
将docker-orderer.yaml及docker-peer.yaml文件放至aberic目录下。
由于docker-peer.yaml中 cli 客户端配置部分指定了合约路径,在 aberic 目录下创建与之对应的 chaincode,并在其下创建 go 文件夹,表示 go 语言的智能合约。
把官方 Demo 的 chaincode_example02 示例上传至 go 目录下,之后会以该合约为基础进行测试。
9、启动 Fabric 网络
docker-compose -f docker-orderer.yaml up -d
docker-compose -f docker-peer.yaml up -d
查看结果docker ps
(截图,重点哪些镜像启动了)
10、操作 channel 及 chaincode
进入 fabric-tools 的容器客户端
docker exec -it cli bash
cli 是 yaml 启动文件中定义的 container_name。
创建一个 channel
peer channel create -o orderer.example.com:7050 -c mychannel -t 50s -f ./channel-artifacts/mychannel.tx
之前创建 mychannel.tx 文件时,已经指定了 ChannelID 是 mychannel。
通过ls,查看是否已经创建 mychannel.block。之后通过 mychannel.block 来加入该 channel。
peer channel join -b mychannel.block
至此,一个最小单位的 Fabric 网络已经成功搭建起来了。
Fabric 网络搭建起来后,就需要在上面执行合适的智能合约来实现具体的功能,从而使现实中的项目落地。
11、安装智能合约
docker exec -it cli bash
peer chaincode install -n mychannel -p \
github.com/hyperledger/fabric/aberic/chaincode/go/chaincode_example02 -v 1.0
12、实例化 Chaincode
peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -n mychannel -c '{"Args":["init","A","10","B","10"]}' -P "OR ('Org1MSP.member')" -v 1.0
注:-P,加入背书方案,指明智能合约的 invoke 操作只有 Org1 执行才会成功。
-C,指定了智能合约初始化的参数,其适配于具体的智能合约。
Args 数组中第一个参数为方法名,后面的参数为方法将要接收的参数内容。
13、执行智能合约
调用合约 query 方法,查询账户 A 的资产
peer chaincode query -C mychannel -n mychannel -c '{"Args":["query","A"]}'
调用 invoke 方法,将 A 账户的 5个单位资产转移到 B 账户
peer chaincode invoke -C mychannel -n mychannel -c '{"Args":["invoke","A","B","5"]}'
之后可再次查询 A 账户的余额以检查转账交易的执行情况。
14、部署 peer0.org2 节点
编写 Org2 的 peer 专属 docker-peer1.yaml 启动文件。
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
peer0.org2.example.com:
container_name: peer0.org2.example.com
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_NETWORKID=aberic
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org2.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic
# - CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic_default
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 8051:7051
- 8052:7052
- 8053:7053
networks:
default:
aliases:
- aberic
由于是单机多节点,所以尽管容器内服务的端口都是一致的,但映射在物理机上却要不同。
15、启动 peer0.org2 节点
将 docker-peer1.yaml 文件放至于 …/fabric/aberic 目录下。
docker-compose -f docker-peer1.yaml up -d
Found orphan containers (orderer.example.com, cli, peer0.org1.example.com, couchdb) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
原因是你编写了docker-compose.yaml,但是其描述的 service 内没有你的 cli 和 couchdb,所以 docker 认为这两个容器是不属于服务的要被清理掉。
16、对 peer0.org2 执行频道加入,安装测试合约
进入 fabric-tools 的容器客户端,并修改全局变量。
docker exec -it cli bash
设置容器全局环境变量
CORE_PEER_ID=peer0.org2.example.com
CORE_PEER_ADDRESS=peer0.org2.example.com:7051
CORE_PEER_CHAINCODELISTENADDRESS=peer0.org2.example.com:7052
CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
CORE_PEER_LOCALMSPID=Org2MSP
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
加入频道、安装、查询
peer channel join -b mychannel.block
peer chaincode install -n mychannel -p github.com/hyperledger/fabric/aberic/chaincode/go/chaincode_example02 -v 1.0
peer chaincode query -C mychannel -n mychannel -c '{"Args":["query","A"]}'
因为之前已经执行过一次账户变更操作,所以现在查询的 A 资产应是变更后的值
下面执行 B 对 A 的转账
peer chaincode invoke -C mychannel -n mychannel -c '{"Args":["invoke","B","A","5"]}'
之后,再次查询 A 的资产,发现无变化,因为前面说过了,实例化智能合约时选择的背书组织为 Org1,所以 Org2 对资产的变更无法通过背书限定,因此无法生效,但 Org2 仍可以执行检索操作。