Fabric 1.4新特性介绍及环境搭建
第一部分:新特性介绍
Hyperledger Fabric v1.4重心是在稳定性和生产运维上,作为首个长期支持版本,v1.4版本可以无缝升级至后续有针对 v1.4 的补丁版本,因此 fabric v1.4 版本是推荐的生产应用版本。
1. 健康检查
peer和orderer节点提供了一种检查健康状况的机制,通过HTTP请求进行处理。请求GET / healthz进行操作,当服务器正常时,返回状态200 OK。运行状况检查失败时,服务器将使用503服务进行响应。
健康检查客户端代码:
/**
* get请求 健康检查
* @param args
* @throws IOException
* @throws ClientProtocolException
* @throws Exception
*/
public static HttpResponse get(String url) throws ClientProtocolException, IOException{
HttpClient httpClient = HttpClientBuilder.create().build();
HttpGet request =new HttpGet(url);
HttpResponse httpResponse=httpClient.execute(request);
return httpResponse;
}
public static void main(String[] args) throws Exception {
String url="http://192.168.0.107:8443/healthz";
System.out.println(get(url));
}
返回结果:HttpResponseProxy{HTTP/1.1 200 OK [Content-Type: application/json, X-Request-Id: b88ca51e-3e85-412d-b8c6-df83ed878667, Date: Wed, 16 Jan 2019 16:34:51 GMT, Content-Length: 60] ResponseEntityProxy{[Content-Type: application/json,Content-Length: 60,Chunked: false]}}
2. 动态日志级别
orderer 和 peer 提供了一种对日志级别进行获取或更新的机制。在运维节点上执行GET /logspec请求会返回一个包含活动日志规范的 JSON 数据。当一段形如{"spec":"the-log-spec"}的 JSON 数据被通过PUT /logspec请求发送后,活动的日志级别会被更新。
3. 记录gRPC交互
orderer 和 peer 节点提供协议为gRPC 的交易交互的日志(INFO 级别)记录
4. 非中断情况下获取 goroutine 栈信息
当 peer 或者 orderer 收到SIGUSR1信号后,所有 goroutine 的状态会被采集并用 INFO 级别日志记录。此收集过程不会中断进程。
5. 私有数据取回
允许已加入私有数据集的组织的 peer 节点能够在有资格获取先前交易所属的私有数据,此功能只支持在v1.4 之后加入通道的 peer 节点。
6. 私有数据客户端访问控制
基于客户端的组织成员身份在 chaincode 层面自动执行访问控制的能力,不需要额外编写特殊的 chaincode 逻辑。这个特性通过私有数据集配置的属性memberOnlyRead:true来配置。如果你有一个混合了 v1.4 版本的peer节点和之前发布版本的 peer 节点的网络,之前发布版本的 peer 节点不会对这个配置生效,直到它升级到 v1.4 为止
第二部分:环境搭建
第一章 准备阶段
1.1 win7 64位操作系统
1.2 虚拟机镜像:CentOS-7-x86_64-LiveGNOME-1804.iso
1.3 产品:VMware® Workstation 12 Pro 版本:12.5.9 build-7535481
第二章 虚拟机环境准备阶段
2.1 开启SSH服务
systemctl start sshd service
随系统一起启动SSH服务
systemctl enable sshd.service
关闭防火墙:systemctl stop firewalld.service
2.2 yum install update
2.3 CentOS升内核至最新
2.4 yum -y install zip unzip
2.5 yum install perl openssh git
2.6 yum -y install wget
2.7 下载golang
wget https://dl.google.com/go/go1.11.2.linux-amd64.tar.gz
需要上传或者下载,需要使用rz和sz命令,可以使用yum安装,运行命令sudo yum install lrzsz
2.8 sudo tar -C /usr/local -xzf go1.11.2.linux-amd64.tar.gz
2.9 sudo vi /etc/profile
export GOROOT=/usr/local/go
export PATH=$PATH:$GOROOT/bin
export GOPATH=/opt/gopath
2.10 source /etc/profile
2.11 yum install docker python-pip
2.12 下载pip
curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py" python get-pip.py
2.13 yum install docker python-pip
2.14 pip install --upgrade pip
2.15 pip install docker-compose
2.16 sudo service docker start
systemctl enable docker
2.17 sudo yum install gcc
2.18 导入镜像
docker pull hyperledger/fabric-baseimage:latest
docker pull hyperledger/fabric-baseos:latest
docker pull hyperledger/fabric-ccenv:latest
docker pull hyperledger/fabric-javaenv:latest
如果已经有docker 镜像
导入导出命令如下:
docker save -o nginx.tar nginx:latest
docker load -i nginx.tar
镜像删除:
docker ps -a
docker rm 65e94723f0ed
docker images
docker rmi 65e94723f0ed
第三章 区块链环境搭建
第一步:创建目录并下载代码
mkdir -p $GOPATH/src/github.com/hyperledger
cd $GOPATH/src/github.com/hyperledger
git clone https://github.com/hyperledger/fabric
查看版本:
cd fabric/
git branch -a (切换如:git checkout release-1.2)
第二步:安装相关依赖软件
go get github.com/golang/protobuf/protoc-gen-go
mkdir -p $GOPATH/src/github.com/hyperledger/fabric/build/docker/gotools/bin
cp $GOPATH/bin/protoc-gen-go $GOPATH/src/github.com/hyperledger/fabric/build/docker/gotools/bin
注意:go get 之后编译好的文件会存放到环境变量$GOBIN对应的目录中,如果没有设置$GOBIN的值,系统默认将生成的文体存放到$GOPATH/bin下面.
第三步:编译Fabric的模块
进入到Fabirc源码所在的文件夹,执行以下命令可以一次完成Fabric5个主要模块的编译过程,具体的命令如下所示:
cd $GOPATH/src/github.com/hyperledger/fabric
make release
make docker
对于Macos系统,在编译之前需要进行以下设置:
- 打开文件$GOPATH/src/github.com/hyperledger/fabric/Makefile
- 找到其中的第一个GO_LDFLAGS字符串的位置,在该字符串所在行的在行的末尾加上字符串-s
- 保存文件Makefile
上述命令执行完成之后,会自动将将编译好的二进制文件存放在以下路径中:
- Ubuntu和Centos系统的存放路径
$GOPATH/src/github.com/hyperledger/fabric/release/linux-amd64/bin
- Macos系统的存放路径
$GOPATH/src/github.com/hyperledger/fabric/release/darwin-amd64/bin
第四步:Fabric模块的安装
编译完成之后,这些模块已经已经可以被运行了,但是目前只能在编译文件所在的文件夹中运行这些模块,这样是非常不方便的。为了更加方便的使用这些模块,可以通过下面的命令将这些模块的可执行文件复制到系统目录中,这样在系统中的任何路径下面都运行这些可执行这些模块。
Ubuntu和Centos将Fabric模块编译后的文件复制到系统文件夹中的方法如下:
cp $GOPATH/src/github.com/hyperledger/fabric/release/linux-amd64/bin/* /usr/local/bin
Macos上面将Fabric模块编译后的文件复制到系统文件夹中的方法如下:
cp $GOPATH/src/github.com/hyperledger/fabric/release/darwin-amd64/bin/* /usr/local/bin
复制成功之后通过以下命令修改文件的执行权限,否则无法执行。
sudo chmod -R 775 /usr/local/bin/configtxgen
sudo chmod -R 775 /usr/local/bin/configtxlator
sudo chmod -R 775 /usr/local/bin/cryptogen
sudo chmod -R 775 /usr/local/bin/peer
sudo chmod -R 775 /usr/local/bin/orderer
通过上面这些命令之后,可以在系统的任何路径下面运行这些模块了。下面通过一组命令来进检查安装过程是否成功。
第五步: 检查安装步骤
采用 version 命令行选项
Fabric的模块
| 模块名称 |
功能 |
| peer |
主节点模块,负责存储区块链数据,运行维护链码 |
| orderer |
交易打包、排序模块 |
| cryptogen |
组织和证书生成模块 |
| configtxgedn |
区块和交易生成模块 |
| configtxlator |
区块和交易解析模块 |
快速启动Fabric一个Fabric应用
生成Fabric需要的证书文件
本例中我们将配置文件和生成的证书文件放在文件夹/opt/hyperledger/fabricconfig中。
创建存放证书的文件夹的命令如下所示:
mkdir -p /opt/hyperledger/fabricconfig
cryptogen提供了一个命令可以获取cryptogen模块所需要的配置文件的样式,该命令如下所示:
cryptogen showtemplate
可以把上述命令生成的内容复制到一个文件中稍加修改即可使用。本例中我们所使用的配置
文件的内容如下所示:
OrdererOrgs:
- Name: Orderer
Domain: qklszzn.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.qklszzn.com
Template:
Count: 2
Users:
Count: 3
- Name: Org2
Domain: org2.qklszzn.com
Template:
Count: 2
Users:
Count: 2
注意Domain属性
将上述文件的内容保存到文件夹/opt/hyperledger/fabricconfig中,配置文件命名为:crypto-config.yaml。保存之后执行如下命令:
cd /opt/hyperledger/fabricconfig
cryptogen generate --config=crypto-config.yaml --output ./crypto-config
该命令执行完成之后我们会发现在文件夹/opt/hyperledger/fabricconfig中会新增加一个文件夹crypto-config,里面存放有本例的相关配置文件,可以通过tree命令查看生成证书文件的内容。
执行 : yum install tree
执行命令 tree -L 5 显示如下:
├── crypto-config
│ ├── ordererOrganizations
│ │ └── qklszzn.com
│ │ ├── ca
│ │ ├── msp
│ │ ├── orderers
│ │ ├── tlsca
│ │ └── users
│ └── peerOrganizations
│ ├── org1.qklszzn.com
│ │ ├── ca
│ │ ├── msp
│ │ ├── peers
│ │ ├── tlsca
│ │ └── users
│ ├── org2.qklszzn.com
│ │ ├── ca
│ │ ├── msp
│ │ ├── peers
│ │ ├── tlsca
│ │ └── users
通过上述步骤所有的证书文件都已经生成完毕,现在需要将测试域名映射到本机的IP地址上面,否则后面的操作可能会出现错误。
执行以下命令以便提取相关的域名,
cd /opt/hyperledger/fabricconfig
tree -L 5
在上述命令显示的内容中提取出后缀为 qklszzn.com域名。本例中提取信息如下:
orderer.qklszzn.com
peer0.org1.qklszzn.com
peer1.org1.qklszzn.com
peer3.org1.qklszzn.com
peer0.org2.qklszzn.com
peer1.org2.qklszzn.com
打开端映射文件
vi /etc/hosts
在打开的文件中设置如下内容
192.168.0.107 orderer.qklszzn.com
192.168.0.107 peer0.org1.qklszzn.com
192.168.0.107 peer1.org1.qklszzn.com
192.168.0.107 peer3.org1.qklszzn.com
192.168.0.107 peer0.org2.qklszzn.com
192.168.0.107 peer1.org2.qklszzn.com
输入以上内容之后保存/etc/hosts文件,然后用ping命令测试以下配置是否正确。
注意:192.168.0.107为虚机的IP地址
第六步 : 创始块的生成
6.1系统创始块的生成
Fabric是基于区块链的分布式账本,每个账本都拥有自己的区块链,账本的区块链中会存储账本的交易,账本区块链中的第一个区块是个例外,该区块不存在交易数据而是存储配置信息,通常将账本的第一个区块成为创始块。综上所述,Fabric中账本的第一个区块是需要手动生成的。configtxgen模块是专门负责生成系统的创始块和Channel的创始块。configtxgen模块也需要一个配置文件来定义相关的属性。
在Fabric源码中提供的configtxgen模块所需要的配置文件的例子。该文件的路径是$GOPATH/src/github.com/hyperledger/fabric/sampleconfig,在这个目录下面有一个名为configtx.yaml的文件,对这个文件进行修即可使用。由于创始块文件是提供给Orderer节点使用,因此我们创建文件一个文件夹来存在Orderer节点相关的文件。文件夹创建之后把样例配置文件复制到该文件夹中。
创建存放configtxgen模块相关配置文件的文件夹的命令如下所示:
mkdir -p /opt/hyperledger/order/
cp -r $GOPATH/src/github.com/hyperledger/fabric/sampleconfig/configtx.yaml /opt/hyperledger/order
cd /opt/hyperledger/order
对configtx.yaml进行修改,修改后的内容如下所示:
注意:fabric v1.4和fabric v1.3相比,configtx.yaml缺少EtcdRaft配置(共识算法)
ETCD是用来实现服务发现和配置信息的存储,ETCD实现高可靠的基础在于Raft算法
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# ORGANIZATIONS
#
# This section defines the organizational identities that can be referenced
# in the configuration profiles.
#
################################################################################
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: /opt/hyperledger/fabricconfig/crypto-config/ordererOrganizations/qklszzn.com/msp
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/msp
Policies: &SampleOrgPolicies
Readers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
AnchorPeers:
- Host: peer0.org1.qklszzn.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org2.qklszzn.com/msp
Policies: &SampleOrgPolicies
Readers:
Type: Signature
Rule: "OR('Org2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
- Host: peer0.org2.qklszzn.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
ACLs: &ACLsDefault
# ACL policy for lscc's "getid" function
lscc/ChaincodeExists: /Channel/Application/Readers
# ACL policy for lscc's "getdepspec" function
lscc/GetDeploymentSpec: /Channel/Application/Readers
# ACL policy for lscc's "getccdata" function
lscc/GetChaincodeData: /Channel/Application/Readers
# ACL Policy for lscc's "getchaincodes" function
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
#---Query System Chaincode (qscc) function to policy mapping for access control---#
# ACL policy for qscc's "GetChainInfo" function
qscc/GetChainInfo: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByNumber" function
qscc/GetBlockByNumber: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByHash" function
qscc/GetBlockByHash: /Channel/Application/Readers
# ACL policy for qscc's "GetTransactionByID" function
qscc/GetTransactionByID: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByTxID" function
qscc/GetBlockByTxID: /Channel/Application/Readers
#---Configuration System Chaincode (cscc) function to policy mapping for access control---#
# ACL policy for cscc's "GetConfigBlock" function
cscc/GetConfigBlock: /Channel/Application/Readers
# ACL policy for cscc's "GetConfigTree" function
cscc/GetConfigTree: /Channel/Application/Readers
# ACL policy for cscc's "SimulateConfigTreeUpdate" function
cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
#---Miscellanesous peer function to policy mapping for access control---#
# ACL policy for invoking chaincodes on peer
peer/Propose: /Channel/Application/Writers
# ACL policy for chaincode to chaincode invocation
peer/ChaincodeToChaincode: /Channel/Application/Readers
#---Events resource to policy mapping for access control###---#
# ACL policy for sending block events
event/Block: /Channel/Application/Readers
# ACL policy for sending filtered block events
event/FilteredBlock: /Channel/Application/Readers
# Organizations lists the orgs participating on the application side of the
# network.
Organizations:
Policies: &ApplicationDefaultPolicies
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.qklszzn.com:7050
# Batch Timeout: The amount of time to wait before creating a batch.
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 10 MB
PreferredMaxBytes: 512 KB
# Max Channels is the maximum number of channels to allow on the ordering
# network. When set to 0, this implies no maximum number of channels.
MaxChannels: 0
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects. Edit
# this list to identify the brokers of the ordering service.
# NOTE: Use IP:port notation.
Brokers:
- 127.0.0.1:9092
# Organizations lists the orgs participating on the orderer side of the
# network.
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
TestTwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TestTwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
配置文件修改完成之后执行如下面命令生成创始块文件。
cd /opt/hyperledger/order
configtxgen -profile TestTwoOrgsOrdererGenesis -outputBlock ./orderer.genesis.block
上述命令执行完成之后会在文件夹/opt/hyperledger/order中生成文件orderer.genesis.block。这是Fabric系统的创始块文件。
6.2账本创始块的生成
创建Channel也是通过configtxgen模块完成的,创建Channel初始块的配置文件和创建系统初始块的配置文件是一样的,具体在本例中,Channel的创始块的配置信息已经定义在本节第一部分系统创始块的生成中生成的配置文件configtx.yaml中。
创建Channel的命令如下:
configtxgen -profile TestTwoOrgsChannel -outputCreateChannelTx ./roberttestchannel.tx -channelID roberttestchannel
上述命令执行完成之后会在目录生成文件roberttestchannel.tx,该文件用来生成Channel。除此之外还需要生成相关的锚点文件,生成锚点文件需要执行以下命令:
configtxgen -profile TestTwoOrgsChannel -outputAnchorPeersUpdate ./Org1MSPanchors.tx -channelID roberttestchannel -asOrg Org1MSP
configtxgen -profile TestTwoOrgsChannel -outputAnchorPeersUpdate ./Org2MSPanchors.tx -channelID roberttestchannel -asOrg Org2MSP
上面命令执行完成之后会在相应的文件夹下面生成文件Org1MSPanchors.tx和Org2MSPanchors.tx,这些文件在后面会被使用到。
6.3 Orderer节点的启动
Orderer节点负责交易的打包和区块的生成。Orderer节点的配置信息通常放在环境变量或者配置文件中,本例中的配置信息统一存放在配置文件中。在Fabric源码提供了Orderer启动所用到的配置文件的实例,将示例配置文件复制到Orderer的文件夹下面修改即可使用。
复制配置文件到Orderer文件夹的命令如下所示:
cd /opt/hyperledger/order
cp $GOPATH/src/github.com/hyperledger/fabric/sampleconfig/orderer.yaml /opt/hyperledger/order
在模板配置文件上稍加修改即可满足本例使用,由于篇幅本例中我们只列出需要修改的部分。修改后配置文件中发生变化的内容如下:
General:
LedgerType: file
ListenAddress: 0.0.0.0
ListenPort: 7050
TLS:
Enabled: false
PrivateKey: /opt/hyperledger/fabricconfig/crypto-config/ordererOrganizations/qklszzn.com/orderers/orderer.qklszzn.com/tls/server.key
Certificate: /opt/hyperledger/fabricconfig/crypto-config/ordererOrganizations/qklszzn.com/orderers/orderer.qklszzn.com/tls/server.crt
RootCAs:
- /opt/hyperledger/fabricconfig/crypto-config/ordererOrganizations/qklszzn.com/orderers/orderer.qklszzn.com/tls/ca.crt
ClientAuthEnabled: false
ClientRootCAs:
# v1.4新增集群配置
Cluster:
ClientCertificate:
ClientPrivateKey:
DialTimeout: 5s
RPCTimeout: 7s
RootCAs:
- tls/ca.crt
ReplicationBufferSize: 20971520 # 20MB
ReplicationPullTimeout: 5s
ReplicationRetryTimeout: 5s
# v1.4减配
#LogLevel: debug
#LogFormat: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
GenesisMethod: file
GenesisProfile: TestOrgsOrdererGenesis
GenesisFile: /opt/hyperledger/order/orderer.genesis.block
LocalMSPDir: /opt/hyperledger/fabricconfig/crypto-config/ordererOrganizations/qklszzn.com/orderers/orderer.qklszzn.com/msp
LocalMSPID: OrdererMSP
Profile:
Enabled: false
Address: 0.0.0.0:6060
BCCSP:
Default: SW
SW:
Hash: SHA2
Security: 256
FileKeyStore:
KeyStore:
FileLedger:
Location: /opt/hyperledger/order/production/orderer
Prefix: hyperledger-fabric-ordererledger
RAMLedger:
HistorySize: 1000
Debug:
BroadcastTraceDir:
DeliverTraceDir:
# v1.4新增运维配置
################################################################################
#
# Operations Configuration
#
# - This configures the operations server endpoint for the orderer
#
################################################################################
Operations:
# host and port for the operations server
ListenAddress: 0.0.0.0:8443
# TLS configuration for the operations endpoint
TLS:
# TLS enabled
Enabled: false
# Certificate is the location of the PEM encoded TLS certificate
Certificate:
# PrivateKey points to the location of the PEM-encoded key
PrivateKey:
# Require client certificate authentication to access all resources
ClientAuthRequired: false
# Paths to PEM encoded ca certificates to trust for client authentication
RootCAs: []
################################################################################
#
# Metrics Configuration
#
# - This configures metrics collection for the orderer
#
################################################################################
Metrics:
# The metrics provider is one of statsd, prometheus, or disabled
Provider: disabled
# The statsd configuration
Statsd:
# network type: tcp or udp
Network: udp
# the statsd server address
Address: 0.0.0.0:8125
# The interval at which locally cached counters and gauges are pushed
# to statsd; timings are pushed immediately
WriteInterval: 30s
# The prefix is prepended to all emitted statsd metrics
Prefix:
################################################################################
#
# Consensus Configuration
#
# - This section contains config options for a consensus plugin. It is opaque
# to orderer, and completely up to consensus implementation to make use of.
#
################################################################################
Consensus:
# The allowed key-value pairs here depend on consensus plugin. For etcd/raft,
# we use following options:
# WALDir specifies the location at which Write Ahead Logs for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
WALDir: /var/hyperledger/production/orderer/etcdraft/wal
# SnapDir specifies the location at which snapshots for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot
要注意配置文件中的相关路径
在配置文件orderer.yaml所在的目录执行如下命令启动orderer
orderer start
6.4 Peer节点的启动
Peer模块是Fabric的核心节点,所有的交易数据经过Orderer排序打包之后由Peer模块存储在区块链中。所有的Chaincode也是有Peer模块打包并且激活的。Peer模块的配置信息同样由环境变量和配置文件组成,本例中我们采用配置文的方式来配置peer节点的参数。在设定配置文件之前需要创建一个文件夹存放Peer模块的配置文件和区块数据。在Fabric源码中同样提供了Peer模块配置文件的示例,将示例配置文件复制到Peer模块的文件夹下面修改即可使用。
创建存储Peer模块的配置文件和区块数据的文件夹,并复制示例配置文件的命令如下所示:
mkdir -p /opt/hyperledger/peer
cd /opt/hyperledger/peer
cp $GOPATH/src/github.com/hyperledger/fabric/sampleconfig/core.yaml /opt/hyperledger/peer
在模板配置文件上稍加修改即可使用,由于篇幅本例中我们只列出需要修改的部分。修改后Peer模块配置文件中变化的内容如下所示:
# v1.4减配
#logging:
# peer: debug
# cauthdsl: warning
# gossip: warning
# ledger: info
# msp: warning
# policies: warning
# grpc: error
# format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} #-> %{level:.4s} %{id:03x}%{color:reset} %{message}'
peer:
id: peer0.org1.qklszzn.com
networkId: dev
listenAddress: 0.0.0.0:7051
chaincodeListenAddress: 0.0.0.0:7052
address: peer0.org1.qklszzn.com:7051
addressAutoDetect: false
gomaxprocs: -1
gossip:
bootstrap: 127.0.0.1:7051
useLeaderElection: true
orgLeader: false
membershipTrackerInterval: 5s #v1.4新增配置
endpoint:
maxBlockCountToStore: 100
maxPropagationBurstLatency: 10ms
maxPropagationBurstSize: 10
propagateIterations: 1
propagatePeerNum: 3
pullInterval: 4s
pullPeerNum: 3
requestStateInfoInterval: 4s
publishStateInfoInterval: 4s
stateInfoRetentionInterval:
publishCertPeriod: 10s
skipBlockVerification: false
dialTimeout: 3s
connTimeout: 2s
recvBuffSize: 20
sendBuffSize: 200
digestWaitTime: 1s
requestWaitTime: 1s
responseWaitTime: 2s
aliveTimeInterval: 5s
aliveExpirationTimeout: 25s
reconnectInterval: 2
externalEndpoint: peer0.org1.qklszzn.com:7051
election:
startupGracePeriod: 15s
membershipSampleInterval: 1s
leaderAliveThreshold: 10s
leaderElectionDuration: 5s
pvtData:
pullRetryThreshold: 60s
transientstoreMaxBlockRetention: 1000
pushAckTimeout: 3s
btlPullMargin: 10
reconcileBatchSize: 10
reconcileSleepInterval: 5m
reconciliationEnabled: true #v1.4新增配置
events:
address: 0.0.0.0:7053
buffersize: 100
timeout: 10ms
tls:
enabled: false
cert:
file: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/peers/peer0.org1.qklszzn.com/tls/server.crt
key:
file: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/peers/peer0.org1.qklszzn.com/tls/server.key
rootcert:
file: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/peers/peer0.org1.qklszzn.com/tls/ca.crt
serverhostoverride:
fileSystemPath: /opt/hyperledger/peer/production
BCCSP:
Default: SW
SW:
Hash: SHA2
Security: 256
FileKeyStore:
KeyStore:
mspConfigPath: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/peers/peer0.org1.qklszzn.com/msp
localMspId: Org1MSP
profile:
enabled: false
listenAddress: 0.0.0.0:6060
handlers:
authFilter: "DefaultAuth"
decorator: "DefaultDecorator
discovery:
enabled: true
authCacheEnabled: true
authCacheMaxSize: 1000
authCachePurgeRetentionRatio: 0.75
orgMembersAllowedAccess: false
vm:
endpoint: unix:///var/run/docker.soc
docker:
tls:
enabled: false
ca:
file: docker/ca.crt
cert:
file: docker/tls.crt
key:
file: docker/tls.key
attachStdout: false
hostConfig:
NetworkMode: host
Dns:
LogConfig:
Type: json-file
Config:
max-size: "50m"
max-file: "5"
Memory: 2147483648
chaincode:
peerAddress:
id:
path:
name:
builder: $(DOCKER_NS)/fabric-ccenv:$(ARCH)-$(PROJECT_VERSION)
golang:
runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION)
car:
runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION)
java:
Dockerfile: |
from $(DOCKER_NS)/fabric-javaenv:$(ARCH)-$(PROJECT_VERSION)
node:
runtime: $(BASE_DOCKER_NS)/fabric-baseimage:$(ARCH)-$(BASE_VERSION)
startuptimeout: 300s
executetimeout: 30s
mode: dev
keepalive: 0
system:
cscc: enable
lscc: enable
escc: enable
vscc: enable
qscc: enable
rscc: disable
logging:
level: info
shim: warning
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
ledger:
blockchain:
state:
stateDatabase: goleveldb
couchDBConfig:
couchDBAddress: 127.0.0.1:5984
username:
password:
maxRetries: 3
maxRetriesOnStartup: 10
requestTimeout: 35s
queryLimit: 10000
history:
enableHistoryDatabase: true
# v1.4新增运维配置
operations:
listenAddress: 0.0.0.0:9443
tls:
enabled: false
cert:
file:
key:
file:
clientAuthRequired: false
clientRootCAs:
files: []
metrics:
provider: disabled
statsd:
network: udp
address: 0.0.0.0:8125
writeInterval: 10s
prefix:
在配置文件core.yaml所在的文件夹中执行以下命令启动peer节点
export set FABRIC_CFG_PATH=/opt/hyperledger/peer
peer node start >> log_peer.log 2>&1 &
6.5 创建通道
现在我们可以创建通道,创建通道的过程一共需要三个步骤。
第一步: 创建通道
export set FABRIC_CFG_PATH=/opt/hyperledger/peer
export set CORE_PEER_LOCALMSPID=Org1MSP
export set CORE_PEER_MSPCONFIGPATH=/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/users/[email protected]/msp
cd /opt/hyperledger/order
peer channel create -o orderer.qklszzn.com:7050 -c roberttestchannel -f /opt/hyperledger/order/roberttestchannel.tx
创建通道完成之后,会在执行命令的当前目录生成名为roberttestchannel.block的通道创始块文件
第二步:让已经运行的Peer模块加入通道
export set CORE_PEER_LOCALMSPID=Org1MSP
export set CORE_PEER_ADDRESS=peer0.org1.qklszzn.com:7051
export set CORE_PEER_MSPCONFIGPATH=/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/users/[email protected]/msp
peer channel join -b /opt/hyperledger/order/roberttestchannel.block
在上述创建通道的命令中-b后面的参数为第一步中生成的文件roberttestchannel.block,需要注意这个文件的路径。
第三步:更新锚节点
export set FABRIC_CFG_PATH=/opt/hyperledger/peer
export set CORE_PEER_LOCALMSPID=Org1MSP
export set CORE_PEER_ADDRESS=peer0.org1.qklszzn.com:7051
export set CORE_PEER_MSPCONFIGPATH=/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/users/[email protected]/msp
peer channel update -o orderer.qklszzn.com:7050 -c roberttestchannel -f /opt/hyperledger/order/Org1MSPanchors.tx
6.6 Chaincode的部署和调用
现在可以部署一个Chaincode(关于Chaincode的详细内容在本书的第七章会有详细的介绍)来测试Peer节点和Orderer节点的部署是否正确。这里采用Fabric源码自带的例子来作为测试Chaincode。测试用Chaincode的源代码路径如下所示:
$GOPATH/src/github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02
Chaincode相关的测试一共有四个步骤。
查看docker 是否启动,如果没启动,要先启动
问题:manifest for docker.io/hyperledger/fabric-ccenv:x86_64-1.1.2-snapshot-ff996aa not found
docker tag hyperledger/fabric-ccenv:latest hyperledger/fabric-ccenv:x86_64-1.1.2-snapshot-ff996aa
//Fabric1.1 安装智能合约
peer chaincode install -n r_test_cc6 -v 1.0 -p github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02
//Fabric1.3官网安装智能合约,执行报错
Golang
peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go/
Node.js的
# this installs the Node.js chaincode
# make note of the -l flag; we use this to specify the language
peer chaincode install -n mycc -v 1.0 -l node -p /opt/gopath/src/github.com/chaincode/chaincode_example02/node/
Java的
需要下载fabric-samples,然后把目录fabric-samples/chaincode/chaincode_example02拷贝到目录/opt/gopath/src/github.com/chaincode/下
peer chaincode install -n mycc -v 1.0 -l java -p /opt/gopath/src/github.com/chaincode/chaincode_example02/java/
由于Fabric1.4的此目录不存在,所以需要自己导入智能合约,我是把fabric1.1的智能合约拿来用的
peer chaincode install -n r_test_cc6 -v 1.0 -p github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02/
第二步: 实例化chaincode代码
export set CORE_PEER_LOCALMSPID=Org1MSP
export set CORE_PEER_ADDRESS=peer0.org1.qklszzn.com:7051
export set CORE_PEER_MSPCONFIGPATH=/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/users/[email protected]/msp
peer chaincode instantiate -o orderer.qklszzn.com:7050 -C roberttestchannel -n r_test_cc6 -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -P "OR ('Org1MSP.member','Org2MSP.member')"
注意:组织Org1MSP的所有成员或者Org2MSP的所有成员任意一个背书,如果是and就是组织Org1MSP的所有成员或者Org2MSP的所有成员都要进行背书
第三步:通过chaincode写入数据
export set FABRIC_CFG_PATH=/opt/hyperledger/peer
export set CORE_PEER_LOCALMSPID=Org1MSP
export set CORE_PEER_ADDRESS=peer0.org1.qklszzn.com:7051
export set CORE_PEER_MSPCONFIGPATH=/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/users/[email protected]/msp
peer chaincode invoke -o orderer.qklszzn.com:7050 -C roberttestchannel -n r_test_cc6 -c '{"Args":["invoke","a","b","1"]}'
第四步:通过chaincode查询数据
export set CORE_PEER_LOCALMSPID=Org1MSP
export set CORE_PEER_ADDRESS=peer0.org1.qklszzn.com:7051
export set CORE_PEER_MSPCONFIGPATH=/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.qklszzn.com/users/[email protected]/msp
peer chaincode query -C roberttestchannel -n r_test_cc6 -c '{"Args":["query","a"]}'
如果上述命令都能正确执行,那么一个简单的Fabric系统就已经部署完成了。