fabric自定义多机集群服务架构搭建
基于官方架构,下面自己手动搭建一个1 orderer + 1 peer 架构的fabric网络
| orderer.example.com | 192.168.88.240 |
| peer0.demo.example.com | 192.168.88.170 |
1、orderer节点服务器配置
(1)在fabric目录中新建一个自定义文件夹orderer:
root@ubuntu:~/go/src/github.com/hyperledger/fabric/examples/orderer# pwd
/root/go/src/github.com/hyperledger/fabric/examples/orderer(2)准备fabric提供的二进制编译工具:
Fabric平台特定使用的二进制文件cryptogen,configtxgen,configtxlator, 以及peer。
我们可以通过configtxgen和cryptogen手动生成证书/密钥以及各项配置文件。也可通过e2c_cli例子中的generateArtifacts.sh自动生成,由于我们需要自定义各节点的域名,及联盟链的统一域名,下面手动生成。
通过generateArtifacts.sh脚本,找到fabric目录release/linux-amd64/bin中的二进制文件:
root@ubuntu:~/go/src/github.com/hyperledger/fabric/release/linux-amd64/bin# pwd
/root/go/src/github.com/hyperledger/fabric/release/linux-amd64/bin
root@ubuntu:~/go/src/github.com/hyperledger/fabric/release/linux-amd64/bin# ll
total 80044
drwxr-xr-x 2 root root 4096 Jul 5 23:57 ./
drwxr-xr-x 3 root root 4096 Jul 5 23:55 ../
-rwxr-xr-x 1 root root 15170657 Jul 5 23:56 configtxgen*
-rwxr-xr-x 1 root root 16334265 Jul 5 23:56 configtxlator*
-rwxr-xr-x 1 root root 7452967 Jul 5 23:56 cryptogen*
-rwxr-xr-x 1 root root 441 Jul 5 23:57 get-byfn.sh*
-rwxr-xr-x 1 root root 757 Jul 5 23:57 get-docker-images.sh*
-rwxr-xr-x 1 root root 19966961 Jul 5 23:57 orderer*
-rwxr-xr-x 1 root root 23016352 Jul 5 23:57 peer*
将bin目录复制到刚刚新建的文件夹目录中:
root@ubuntu:~/go/src/github.com/hyperledger/fabric/examples/orderer# ll
total 20
drwxr-xr-x 4 root root 4096 Aug 2 00:05 ./
drwxr-xr-x 9 root root 4096 Aug 1 01:33 ../
drwxr-xr-x 2 root root 4096 Aug 2 00:05 base/
drwxr-xr-x 4 root root 4096 Aug 2 00:10 bin/
(3)生成组织证书与私钥
在bin目录中新建crypto-config.yaml文件,可参照e2e_cli例子中的crypto-config.yaml。
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Demo
Domain: demo.example.com
Template:
Count: 1
Users:
Count: 1
文件定义了orderer节点以及peer节点的域名及数量等信息。我们组建一个名为example的联盟,且我们自己的组织名称为Demo,我们会创建一个Orderer排序服务节点,同时还会创建一个peer节点。
接下来,使用crytogen工具给我们不同的网络实体(peer/client)生成加密证书(X509 certs)。这些证书代表了身份,当我们的网络实体在进行通信以及transact的时候进行签名与验证身份。
crypto-config.yaml配置文件将被crytogen工具调用,文件中包括了网络拓扑,同时允许我们给organization(Demo)以及component(隶属于organization的组件)生成一个证书与私钥的集合。每一个organization(Demo)被分配一个唯一的根证书(绑定了隶属于organization(Demo)的具体的component,包括peers与orderers)。Hyperledger Fabric的transaction与通信均被节点的私钥(keystore)进行签名,截止被公钥进行验证(signcerts)。 这个配置文件中有一个计数(count)的变量,我们使用其定义organization(Demo)中peer的数量,在本例中我们定义Demo组织有一个peer。
在bin目录下执行命令:
./cryptogen generate --config=./crypto-config.yaml执行成功后,bin目录下生成crypto-config文件夹,其中会有ordererOrganizations和peerOrganizations两个目录:
root@ubuntu:~/go/src/github.com/hyperledger/fabric/examples/orderer/bin# ll crypto-config
total 16
drwxr-xr-x 4 root root 4096 Aug 1 18:06 ./
drwxr-xr-x 4 root root 4096 Aug 2 01:34 ../
drwxr-xr-x 3 root root 4096 Aug 1 18:06 ordererOrganizations/
drwxr-xr-x 3 root root 4096 Aug 1 18:06 peerOrganizations/
(4)定义configtx.yaml文件
使用configtxgen工具来执行configtx.yaml文件创建orderer Genesis block,在此之前需要为configtxgen工具指定configtx.yaml文件的路径,我们需要设置一个环境变量,进入bin目录,执行如下命令:
export FABRIC_CFG_PATH=$PWD在bin目录下创建channel-artifacts目录,用来存放各种渠道的源文件。
新建configtx.yaml文件,可参照e2e_cli中示例文件。
Profiles:
ExampleOrdererGenesis:
Orderer:
<<: *OrdererExample
Organizations:
- *OrdererDemo
Consortiums:
ExampleConsortium:
Organizations:
- *Demo
ExampleChannel:
Consortium: ExampleConsortium
Application:
<<: *ApplicationExample
Organizations:
- *Demo
Organizations:
- &OrdererDemo
Name: OrdererDemo
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Demo
Name: DemoMSP
ID: DemoMSP
MSPDir: crypto-config/peerOrganizations/demo.example.com/msp
AnchorPeers:
- Host: peer0.demo.example.com
Port: 7051
Orderer: &OrdererExample
OrdererType: solo
Addresses:
- orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Application: &ApplicationExample
Organizations:
在该文件中,我们定义了组织名称peer0.demo.anti-moth.com、组织排序服务名称、组织渠道名称、应用渠道名称、应用联盟名称等。
(5)生成初始区块
接下来,通过configtxgen工具生成初始区块genesis.block:
./configtxgen -profile ExampleOrdererGenesis -outputBlock ./channel-artifacts/genesis.block命令执行完成后,在bin目录下可见genesis.block文件。
(6)生成channel源文件
生成ID为examplechannel的通道文件:
./configtxgen -profile ExampleChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID examplechannel(7)生成channel下节点集合认证文件
为examplechannel通道生成ID为DemoMSP的认证文件DEMOMSPanchors.tx
./configtxgen -profile ExampleChannel -outputAnchorPeersUpdate ./channel-artifacts/DEMOMSPanchors.tx -channelID examplechannel -asOrg DemoMSP完成以上步骤后,bin目录下将生成orderer节点所需的所有配置文件:
channel-artifacts文件夹下文件:
root@ubuntu:~/go/src/github.com/hyperledger/fabric/examples/orderer/bin# ll channel-artifacts/
total 24
drwxr-xr-x 2 root root 4096 Aug 1 18:25 ./
drwxr-xr-x 4 root root 4096 Aug 2 01:46 ../
-rw-r--r-- 1 root root 354 Aug 1 18:13 channel.tx
-rw-r--r-- 1 root root 263 Aug 1 18:25 DEMOMSPanchors.tx
-rw-r--r-- 1 root root 6353 Aug 1 18:10 genesis.block2、orderer节点启动
在orderer目录下创建一个docker-compose-orderer.yaml文件:
version: '2'
services:
orderer.example.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com这里有一个协助启动文件,是位于base目录下的docker-compose-base.yaml文件,这个文件的参数配置如下:
version: '2'
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../bin/channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../bin/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ../bin/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
ports:
- 7050:7050随后在orderer目录下执行启动命令:
docker-compose -f docker-compose-orderer.yaml up -d查看docker容器启动情况:
root@ubuntu:~/go/src/github.com/hyperledger/fabric/examples/orderer# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ca17df655b68 hyperledger/fabric-orderer "orderer" 8 hours ago Up 8 hours 0.0.0.0:7050->7050/tcp orderer.example.comorderer节点启动成功。
3、peer节点配置及启动
通过scp将orderer节点在bin目录下的生成的channel-artifacts/目录和crypto-config/拷贝至peer节点的新建org/bin目录中。
新建docker-compose-org.yaml文件:
version: '2'
services:
peer0.demo.example.com:
container_name: peer0.demo.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.demo.example.com
extra_hosts:
- "orderer.example.com:192.168.88.240"
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.demo.example.com:7051
- CORE_PEER_LOCALMSPID=DemoMSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/demo.example.com/peers/peer0.demo.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/demo.example.com/peers/peer0.demo.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/demo.example.com/peers/peer0.demo.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/demo.example.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ../chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go
- ../bin/crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ../bin/channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.demo.example.com
extra_hosts:
- "orderer.example.com:192.168.88.240"
- "peer0.demo.example.com:192.168.88.170"这里与orderer不同,有两个协助启动文件,分别是位于base目录下的docker-compose-base.yaml和peer-base.yaml文件,这两个文件的参数配置分别如下:
docker-compose-base.yaml:
version: '2'
services:
peer0.demo.example.com:
container_name: peer0.demo.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.demo.example.com
- CORE_PEER_ADDRESS=peer0.demo.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.demo.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.demo.example.com:7051
- CORE_PEER_LOCALMSPID=DemoMSP
volumes:
- /var/run/:/host/var/run/
- ../bin/crypto-config/peerOrganizations/demo.example.com/peers/peer0.demo.example.com/msp:/etc/hyperledger/fabric/msp
- ../bin/crypto-config/peerOrganizations/demo.example.com/peers/peer0.demo.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 7051:7051
- 7052:7052
- 7053:7053
peer-base.yaml:
version: '2'
services:
peer-base:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=e2ecli_default
#- CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
启动peer节点:
docker-compose -f docker-compose-org.yaml up -d查看docker容器,启动了peer0.demo.anti-moth.com 和 cli 两个容器
root@ubuntu:~/go/src/github.com/hyperledger/fabric/examples/org# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
74d16920ef36 hyperledger/fabric-tools "/bin/bash" 2 hours ago Up 2 hours cli
a4cce3b3b78f hyperledger/fabric-peer "peer node start" 2 hours ago Up 2 hours 0.0.0.0:7051-7053->7051-7053/tcp peer0.demo.example.compeer节点启动成功。
4、创建并加入channel
执行生成channel id文件命令:
peer channel create -o orderer.example.com:7050 -c examplechannel -f ./channel-artifacts/channel.tx --tls $CORE_PEER_TLS_ENABLED --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem返回信息:
2018-08-02 11:24:31.315 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2018-08-02 11:24:31.315 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2018-08-02 11:24:31.422 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2018-08-02 11:24:31.437 UTC [msp] GetLocalMSP -> DEBU 004 Returning existing local MSP
2018-08-02 11:24:31.437 UTC [msp] GetDefaultSigningIdentity -> DEBU 005 Obtaining default signing identity
2018-08-02 11:24:31.437 UTC [msp] GetLocalMSP -> DEBU 006 Returning existing local MSP
2018-08-02 11:24:31.437 UTC [msp] GetDefaultSigningIdentity -> DEBU 007 Obtaining default signing identity
2018-08-02 11:24:31.437 UTC [msp/identity] Sign -> DEBU 008 Sign: plaintext: 0A8C060A0744656D6F4D53501280062D...78616D706C65436F6E736F727469756D
2018-08-02 11:24:31.455 UTC [msp/identity] Sign -> DEBU 009 Sign: digest: 503C8C2271DCA7C0D96B3D8A263FC5887BE8342DFE4BAD8F0B0E0F7328B7BC9C
2018-08-02 11:24:31.458 UTC [msp] GetLocalMSP -> DEBU 00a Returning existing local MSP
2018-08-02 11:24:31.458 UTC [msp] GetDefaultSigningIdentity -> DEBU 00b Obtaining default signing identity
2018-08-02 11:24:31.459 UTC [msp] GetLocalMSP -> DEBU 00c Returning existing local MSP
2018-08-02 11:24:31.459 UTC [msp] GetDefaultSigningIdentity -> DEBU 00d Obtaining default signing identity
2018-08-02 11:24:31.459 UTC [msp/identity] Sign -> DEBU 00e Sign: plaintext: 0AC8060A1A08021A0608EFD38BDB0522...24DCCE6A232BC8B452A5C33B378D3374
2018-08-02 11:24:31.459 UTC [msp/identity] Sign -> DEBU 00f Sign: digest: 5C26F8289B08052E39BAD16527F70FB8B1CF08096119DA2842145E64D4E57281
2018-08-02 11:24:31.560 UTC [msp] GetLocalMSP -> DEBU 010 Returning existing local MSP
2018-08-02 11:24:31.561 UTC [msp] GetDefaultSigningIdentity -> DEBU 011 Obtaining default signing identity
2018-08-02 11:24:31.561 UTC [msp] GetLocalMSP -> DEBU 012 Returning existing local MSP
2018-08-02 11:24:31.561 UTC [msp] GetDefaultSigningIdentity -> DEBU 013 Obtaining default signing identity
2018-08-02 11:24:31.561 UTC [msp/identity] Sign -> DEBU 014 Sign: plaintext: 0AC8060A1A08021A0608EFD38BDB0522...752F272E5E5112080A021A0012021A00
2018-08-02 11:24:31.561 UTC [msp/identity] Sign -> DEBU 015 Sign: digest: 654F1805FC97706ABEDB2BDFE36C063B34EE6ED5074E3457DBF850BFCEEBE4BA
2018-08-02 11:24:31.565 UTC [channelCmd] readBlock -> DEBU 016 Got status:*orderer.DeliverResponse_Status
2018-08-02 11:24:31.566 UTC [msp] GetLocalMSP -> DEBU 017 Returning existing local MSP
2018-08-02 11:24:31.566 UTC [msp] GetDefaultSigningIdentity -> DEBU 018 Obtaining default signing identity
2018-08-02 11:24:31.594 UTC [channelCmd] InitCmdFactory -> INFO 019 Endorser and orderer connections initialized
2018-08-02 11:24:31.795 UTC [msp] GetLocalMSP -> DEBU 01a Returning existing local MSP
2018-08-02 11:24:31.795 UTC [msp] GetDefaultSigningIdentity -> DEBU 01b Obtaining default signing identity
2018-08-02 11:24:31.796 UTC [msp] GetLocalMSP -> DEBU 01c Returning existing local MSP
2018-08-02 11:24:31.796 UTC [msp] GetDefaultSigningIdentity -> DEBU 01d Obtaining default signing identity
2018-08-02 11:24:31.796 UTC [msp/identity] Sign -> DEBU 01e Sign: plaintext: 0AC8060A1A08021A0608EFD38BDB0522...508F85B98AEB12080A021A0012021A00
2018-08-02 11:24:31.796 UTC [msp/identity] Sign -> DEBU 01f Sign: digest: 5B26A52D5BD9B29EC78C2053594457EB8A5C625BEDDEC383EC9CBF4461AD61F3
2018-08-02 11:24:31.856 UTC [channelCmd] readBlock -> DEBU 020 Received block:0
2018-08-02 11:24:31.856 UTC [main] main -> INFO 021 Exiting.....cli目录下生成examplechannel.block文件。
peer节点加入channel:
root@eed836728920:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel join -b examplechannel.block
2018-08-02 11:28:01.121 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2018-08-02 11:28:01.121 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2018-08-02 11:28:01.183 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2018-08-02 11:28:01.226 UTC [msp/identity] Sign -> DEBU 004 Sign: plaintext: 0A89070A5B08011A0B08C1D58BDB0510...04E8761D1DAA1A080A000A000A000A00
2018-08-02 11:28:01.226 UTC [msp/identity] Sign -> DEBU 005 Sign: digest: 4D269EB76EAB8AF5D08DC257DE1923ADDB9AD3F5FAC97A6CE6A67A11E637AB4E
2018-08-02 11:28:01.544 UTC [channelCmd] executeJoin -> INFO 006 Peer joined the channel!
2018-08-02 11:28:01.544 UTC [main] main -> INFO 007 Exiting.....