Fabric:搭建自定义网络

Hyperledger Fabric: V2.5.4

写在最前

  从本篇博客开始,将陆续介绍使用Fabric搭建自定义网络及部署执行链码的过程。本篇主要介绍如何搭建网络。
  由于前文在安装Fabric的时候,已经将目录fabric-samples/bin加入到了环境变量PATH中,所以正文用到cryptogenconfigtxgen等工具已经可以在系统全局使用。

1 生成证书

1.1 生成模板文件

先在~/go/src下创建一个文件夹finance_network用来保存网络和通道的所有配置文件,并在该文件下使用cryptogen工具生成crypto-config.yaml模板文件。具体如下:

cd ~/go/src
mkdir finance_network
cd finance_network
cryptogen showtemplate > crypto-config.yaml

这时,会在finance_network目录下生成一个crypto-config.yaml文件。

1.2 自定义修改文件

可以根据要搭建的网络的需求在在crypto-config.yaml文件中修改相关的配置。假设搭建的网络的需求如下:

  • 两个组织:Org1, Org2。Org1中有2个peer节点,而Org2中有2个peer节点,另外还有1个orderer节点。
  • 每个peer节点允许的用户数为2。
  • 将字符串finance加入所有Orderer组织、peer节点的域名中。

根据这些要求修改crypto-config.yaml文件,具体如下:

OrdererOrgs:
  - Name: Orderer							# orderer组织的名称
    Domain: finance.com					# orderer组织的根域名
    EnableNodeOUs: true						# 是否使用组织单元
    Specs:
      - Hostname: orderer					# 可以通过hostname设置多个orderer节点
        SANS:                               #备用主机名
          - localhost
      
    # Hostname + Domain组成该orderer节点的完整域名

PeerOrgs:									# 一个PeerOrgs设置多个peer组织
  - Name: Org1								# peer组织的名称
    Domain: org1.finance.com			    # peer组织的域名
    EnableNodeOUs: true		
    Template:								# 节点的数量
      Count: 2
    Users:									# 用户的数量
      Count: 2

  - Name: Org2
    Domain: org2.finance.com
    EnableNodeOUs: true
    Template:
      Count: 1
    Users:
      Count: 2

另外,在PeerOrgs中可以给每个组织指定CA机构(把相关语句的注释去掉就可以了)。

1.3 生成证书

修改好配置文件之后,就可以使用如下命令生成加密材料。具体如下:

cryptogen genenrate --config=crypto-config.yaml --output="organizations"

命令执行成功会显示如下信息:
在这里插入图片描述
运行完之后会在当前文件夹下生成一个名为organizations的文件夹,该文件下保存的便是所有节点和组织的加密材料(可以使用tree命令查看这个文件夹的目录结构)。这些加密材料主要用于创建和管理Fabric网络的身份验证和加密。主要包括:

  • 每个组织的根证书和私钥。每个组织将有一个唯一的“MSP ID”,用于标识其在网络中的身份。
  • 每个组织的证书颁发机构(CA)的根证书和私钥。CA用于颁发和管理组织成员的证书和身份。
  • 每个组织的每个peer节点生成证书和私钥,用于节点之间的通信和身份验证。
  • 网络中的orderer节点的证书和私钥。

2 链码链接配置

链码链接配置(Chaincode Connection Profile, CCP)文件包含了与链码相关的连接信息和配置,包括网络的URL、TLS证书、通道、链码名称和版本等。如果步配置CCP文件,客户端应用程序可能无法找到或连接到目标链码,也就无法执行与链码相关的操作,如查询数据、提交交易等。
Fabric中需要给每个组织Org配置一个ccp文件,其存放位置在organizations/
可以从fabric-samples\test-network\organizations中拷贝出ccp-template.yamlccp-generate.sh文件并放到finance_network\organization\peerOrganizations下的两个目录下,具体如下:

#假设现在所在目录为finance_network下,fabric-sample的目录根据自己的情况进行调整
cp ~/go/src/github.com/hyperledger/fabric/scripts/test-network/organizations/ccp-template.yaml organizations/peerOrganizations/org1.finance.com/connection-org1.yaml
cp ~/go/src/github.com/hyperledger/fabric/scripts/test-network/organizations/ccp-template.yaml organizations/peerOrganizations/org2.finance.com/connection-org2.yaml
cp ~/go/src/github.com/hyperledger/fabric/scripts/test-network/organizations/ccp-generate.sh organizations/ccp-generate.sh

接着需要根据实际情况修改文件:connection-org1.yaml,connection-org2.yaml。由于组织Org1中有2个peer节点,而Org2中只有1个peer节点,现成的ccp-generate.sh文件无法完成这两个文件的生成。这里分两部进行操作:

  • 第1步:手动完成connection-org1.yaml,connection-org2.yaml文件中组织、节点及端口号等信息的填充。具体如下:
    修改后的connection-org1.yaml
name: test-network-org1
version: 1.0.0
client:
  organization: Org1
  connection:
    timeout:
      peer:
        edorser: '300'
organizations:
  Org1: #设置Org1
    mspid: Org1MSP
    peers: #列出Org中的所有peer节点
    - peer0.org1.finance.com
    - peer1.org2.finance.com
    certificateAuthorities:
    - ca.org1.finance.com
peers:
  peer0.org1.finance.com:
    url: grpcs://localhost:7051 #指定peer0的端口号
    tlsCACerts:
    #将organizations/peerOrganizations/org1.finance.com/tlsca/tlsca.org1.finance.com-cert.pem中的内容复制到此处,还要注意缩进
      pem: | 
         ${PEERPEM}
    grpcOptions:
      ssl-target-name-override: peer0.org1.finance.com
      hostnameOverride: peer0.org1.finance.com

  peer1.org1.finance.com:
    url: grpcs://localhost:8051 #peer节点的端口号不能一样
    tlsCACerts:
    #同上
      pem: |
          ${PEERPEM}    
    grpcOptions:
      ssl-target-name-override: peer1.org1.finance.com
      hostnameOverride: peer1.org1.finance.com

certificateAuthorities:
  ca.org1.finance.com:
    url: https://localhost:7054
    caName: ca-org1
    tlsCACerts:

      pem: 
        - |
          ${CAPEM}
    httpOptions:
      verify: false

修改后的connection-org2.yaml

name: test-network-org2
version: 1.0.0
client:
  organization: Org2
  connection:
    timeout:
      peer:
        endorser: '300'
organizations:
  Org2:
    mspid: Org2MSP
    peers:
    - peer0.org2.finance.com
    certificateAuthorities:
    - ca.org2.finance.com
peers:
  peer0.org2.finance.com:
    url: grpcs://localhost:9051
    tlsCACerts:
      pem: |
         ${PEERPEM}
    grpcOptions:
      ssl-target-name-override: peer0.org2.finance.com
      hostnameOverride: peer0.org2.finance.com
certificateAuthorities:
  ca.org2.finance.com:
    url: https://localhost:9054
    caName: ca-org2
    tlsCACerts:
      pem:
        - |
          ${CAPEM}
    httpOptions:
      verify: false
  • 第2步:修改ccp-generate.sh文件将TLS证书的信息插入进去。
#!/bin/bash

function one_line_pem {
    echo "`awk 'NF {sub(/\\n/, ""); printf "%s\\\\\\\n",$0;}' $1`"
}

function yaml_ccp {
    local PP=$(one_line_pem $1)
    local CP=$(one_line_pem $2)
    sed -e "s#\${PEERPEM}#$PP#" \
        -e "s#\${CAPEM}#$CP#" \
        $3 | sed -e $'s/\\\\n/\\\n          /g'
}

PEERPEM=organizations/peerOrganizations/org1.finance.com/tlsca/tlsca.org1.finance.com-cert.pem
CAPEM=organizations/peerOrganizations/org1.finance.com/ca/ca.org1.finance.com-cert.pem
CONNECTION_FILE=organizations/peerOrganizations/org1.finance.com/connection-org1.yaml
echo "$(yaml_ccp $PEERPEM $CAPEM $CONNECTION_FILE)" > organizations/peerOrganizations/org1.finance.com/connection-org1.yaml

PEERPEM=organizations/peerOrganizations/org2.finance.com/tlsca/tlsca.org2.finance.com-cert.pem
CAPEM=organizations/peerOrganizations/org2.finance.com/ca/ca.org2.finance.com-cert.pem
CONNECTION_FILE=organizations/peerOrganizations/org2.finance.com/connection-org2.yaml
echo "$(yaml_ccp $PEERPEM $CAPEM $CONNECTION_FILE)" > organizations/peerOrganizations/org2.finance.com/connection-org2.yaml

接着执行如下命令即可生成ccp文件。

#先跳转到finance_network目录下,ccp-generate.sh文件在finance_network/organizations里
./organizations/ccp-generate.sh

关于ccp文件的配置有以下几点说明注意:

  • 需要给每一个组织配置ccp文件。
  • 该组织Org中的所有peer节点的信息都要设置。

3 启动docker容器

接下来使用docker-compose命令启动和管理docker容器。从fabric-samples/test-network/compose文件下的compose-test-net.yaml文件和docker\peercfg文件下的所有的内容复制到finance_network/compose文件夹下。具体操作如下:

#先使用cd命令跳转到~/go/src/finance_network下
#test-network的具体目录没有写全,根据自己的实际安装情况补全即可
mkdir compose
cd compose
cp fabric-samples/test-network/compose/compose-test-net.yaml compose.yaml
cp -r fabric-samples/test-network/compose/docker/peercfg docker/peercfg
cp fabric-samples/test-network/compose/docker/docker-compose-test-net.yaml docker/docker-compose.yaml

最后compose文件夹的目录如下:
Fabric:搭建自定义网络_第1张图片
这里compose\docker\core.yaml文件不需要修改,所以就不介绍了。先修改compose.yaml文件,具体如下:

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '3.7'
volumes: 
#所有的orderer节点和每个peer节点都需要设置
  orderer.finance.com:
  peer0.org1.finance.com:
  peer1.org1.finance.com:
  peer0.org2.finance.com:

networks:
  test:
    name: fabric_finance #这里可以根据自己的需要修改名称

services:
  orderer.finance.com:
    container_name: orderer.finance.com
    image: hyperledger/fabric-orderer:latest
    labels:
      service: hyperledger-fabric
    environment:
      - FABRIC_LOGGING_SPEC=INFO
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_LISTENPORT=7050
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_GENERAL_BOOTSTRAPMETHOD=none
      - ORDERER_CHANNELPARTICIPATION_ENABLED=true
      - ORDERER_ADMIN_TLS_ENABLED=true
      - ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      #orderer节点的管理监听地址
      - ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053
      #orderer节点的操作监听地址
      - ORDERER_OPERATIONS_LISTENADDRESS=orderer.finance.com:9443
      - ORDERER_METRICS_PROVIDER=prometheus
    working_dir: /root
    command: orderer
    volumes:
    	#主要修改这一部分,注意相对路径
        - ../organizations/ordererOrganizations/finance.com/orderers/orderer.finance.com/msp:/var/hyperledger/orderer/msp
        - ../organizations/ordererOrganizations/finance.com/orderers/orderer.finance.com/tls/:/var/hyperledger/orderer/tls
        - orderer.finance.com:/var/hyperledger/production/orderer
    ports: #将容器的端口映射到主机上的端口
      - 7050:7050
      - 7053:7053
      - 9443:9443
    networks:
      - test

  peer0.org1.finance.com:
    container_name: peer0.org1.finance.com
    image: hyperledger/fabric-peer:latest
    labels:
      service: hyperledger-fabric
    environment:
      - FABRIC_CFG_PATH=/etc/hyperledger/peercfg
      - FABRIC_LOGGING_SPEC=INFO
      #- FABRIC_LOGGING_SPEC=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_PROFILE_ENABLED=false
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      # Peer specific variables- 需要根据自己的情况修改
      - CORE_PEER_ID=peer0.org1.finance.com
      - CORE_PEER_ADDRESS=peer0.org1.finance.com:7051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:7051
      - CORE_PEER_CHAINCODEADDRESS=peer0.org1.finance.com:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.finance.com:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.finance.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
      - CORE_OPERATIONS_LISTENADDRESS=peer0.org1.finance.com:9444
      - CORE_METRICS_PROVIDER=prometheus
      - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"}
      - CORE_CHAINCODE_EXECUTETIMEOUT=300s
    volumes:
      - ../organizations/peerOrganizations/org1.finance.com/peers/peer0.org1.finance.com:/etc/hyperledger/fabric
      - peer0.org1.finance.com:/var/hyperledger/production
    working_dir: /root
    command: peer node start
    ports:
      - 7051:7051
      - 9444:9444
    networks:
      - test

  peer1.org1.finance.com:
    container_name: peer1.org1.finance.com
    image: hyperledger/fabric-peer:latest
    labels:
      service: hyperledger-fabric
    environment:
      - FABRIC_CFG_PATH=/etc/hyperledger/peercfg
      - FABRIC_LOGGING_SPEC=INFO
      #- FABRIC_LOGGING_SPEC=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_PROFILE_ENABLED=false
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      # Peer specific variables- 需要根据自己的情况修改
      - CORE_PEER_ID=peer1.org1.finance.com
      - CORE_PEER_ADDRESS=peer1.org1.finance.com:8051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:8051
      - CORE_PEER_CHAINCODEADDRESS=peer1.org1.finance.com:8052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.finance.com:8051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.finance.com:8051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
      - CORE_OPERATIONS_LISTENADDRESS=peer1.org1.finance.com:9446
      - CORE_METRICS_PROVIDER=prometheus
      - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer1org1"}
      - CORE_CHAINCODE_EXECUTETIMEOUT=300s
    volumes:
      - ../organizations/peerOrganizations/org1.finance.com/peers/peer0.org1.finance.com:/etc/hyperledger/fabric
      - peer1.org1.finance.com:/var/hyperledger/production
    working_dir: /root
    command: peer node start
    ports:
      - 8051:8051
      - 9446:9446
    networks:
      - test

  peer0.org2.finance.com:
    container_name: peer0.org2.finance.com
    image: hyperledger/fabric-peer:latest
    labels:
      service: hyperledger-fabric
    environment:
      - FABRIC_CFG_PATH=/etc/hyperledger/peercfg
      - FABRIC_LOGGING_SPEC=INFO
      #- FABRIC_LOGGING_SPEC=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_PROFILE_ENABLED=false
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      # Peer specific variables
      - CORE_PEER_ID=peer0.org2.finance.com
      - CORE_PEER_ADDRESS=peer0.org2.finance.com:9051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:9051
      - CORE_PEER_CHAINCODEADDRESS=peer0.org2.finance.com:9052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.finance.com:9051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.finance.com:9051
      - CORE_PEER_LOCALMSPID=Org2MSP
      - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
      - CORE_OPERATIONS_LISTENADDRESS=peer0.org2.finance.com:9445
      - CORE_METRICS_PROVIDER=prometheus
      - CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"}
      - CORE_CHAINCODE_EXECUTETIMEOUT=300s
    volumes:
      - ../organizations/peerOrganizations/org2.finance.com/peers/peer0.org2.finance.com:/etc/hyperledger/fabric
      - peer0.org2.finance.com:/var/hyperledger/production
    working_dir: /root
    command: peer node start
    ports:
      - 9051:9051
      - 9445:9445
    networks:
      - test

  cli:
    container_name: cli
    image: hyperledger/fabric-tools:latest
    labels:
      service: hyperledger-fabric
    tty: true
    stdin_open: true
    environment:
      - GOPATH=/opt/gopath
      - FABRIC_LOGGING_SPEC=INFO
      - FABRIC_CFG_PATH=/etc/hyperledger/peercfg
      - CORE_PEER_TLS_ENABLED=true #这一句是新增的
      #- FABRIC_LOGGING_SPEC=DEBUG
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
      - ../channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts      #这一句是新增的
      - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations
      - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
    depends_on:
      - peer0.org1.finance.com
      - peer1.org1.finance.com
      - peer0.org2.finance.com
    networks:
      - test

修改docker-compose.yaml文件:

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '3.7'
services:
  peer0.org1.finance.com:
    container_name: peer0.org1.finance.com
    image: hyperledger/fabric-peer:latest
    labels:
      service: hyperledger-fabric
    environment:
      #Generic peer variables
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_finance #这个网络名称要跟着compose.yaml文件中指定的名称一起修改
    volumes:
      - ./docker/peercfg:/etc/hyperledger/peercfg
      - ${DOCKER_SOCK}:/host/var/run/docker.sock

  peer1.org1.finance.com:
    container_name: peer1.org1.finance.com
    image: hyperledger/fabric-peer:latest
    labels:
      service: hyperledger-fabric
    environment:
      #Generic peer variables
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_finance
    volumes:
      - ./docker/peercfg:/etc/hyperledger/peercfg
      - ${DOCKER_SOCK}:/host/var/run/docker.sock

  peer0.org2.finance.com:
    container_name: peer0.org2.finance.com
    image: hyperledger/fabric-peer:latest
    labels:
      service: hyperledger-fabric
    environment:
      #Generic peer variables
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_finance
    volumes:
      - ./docker/peercfg:/etc/hyperledger/peercfg
      - ${DOCKER_SOCK}:/host/var/run/docker.sock
  
  cli:
    container_name: cli
    image: hyperledger/fabric-tools:latest
    volumes:
      - ./docker/peercfg:/etc/hyperledger/peercfg

接着使用如下命令创建docker容器:

#先进入finance_network/compose目录
sudo DOCKER_SOCK="/var/run/docker.sock" docker-compose -f compose.yaml -f docker/docker-compose.yaml up -d

结果如下:
Fabric:搭建自定义网络_第2张图片
接下来可以使用docker ps -a命令以及docker logs --details 查看容器有没有提示错误信息。
至此,Fabric上的自定义网络已经搭建完成。

参考资料

  1. https://hyperledger-fabric.readthedocs.io/en/latest/create_channel/create_channel_test_net.html
  2. https://blog.csdn.net/qq_28052455/article/details/125473299
  3. https://zhuanlan.zhihu.com/p/613633111
  4. https://blog.csdn.net/weixin_46878177/article/details/128700555

你可能感兴趣的:(#,Hyperledger,Fabric,fabric)