在跑通fabric给出的e2e实例后尝试搭建了fabric的单机多节点网络,本次实验环境为Ubuntu。
1.基本文件的准备
在/home/docker/github.com/hyperledger/fabric文件夹下创建此次的实验环境文件aberic以方便以后的项目管理。
需要将Fabric1.0版本平台特定的二进制文件(bin)上传至本文件夹。bin文件夹的位置和内容如下图所示,只需要复制到aberic文件夹中即可,这其中包括接下来生成证书所必须的配置文件。
此外还需要将fabric1.0版本下的configtx.yaml和crypto-config.yaml两个文件拷贝至aberic文件夹。
准备好基础文件后,aberic文件夹中应有上图三个文件。
2生成证书文件
接下来我们就可以开始生成所需证书文件了,我们执行相关命令需要指定执行文件的路径,为了方便,直接进入aberic项目目录下进行操作,随后执行如下命令生成我们项目所需文件:
./bin/cryptogen generate --config=./crypto-config.yaml
运行结果如下:
之后在crypto-config文件夹中将有两个文件夹:orderOrganizations和peerOrganizations
3.生成创世区块
生成创世区块之前我们在/home/docker/github.com/hyperledger/fabric/aberic目录下手动创建一个channel-artifacts文件夹,之后根据configtx.yaml来生成创世区块,具体命令及结果截图如下:
./bin/configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
创世区块是为了orderer启动时用到的,peer在启动后需要创建的channel配置文件在这里也一并生成,执行具体命令和结果示图如下:
./bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/mychannel.tx -channelID mychannel
该命令是生成了一个channelID为mychannel的tx文件,通过该文件,peer可以执行channel的创建工作。
命令执行完成后在channel-artifacts目录下生成一个mychannel.tx通道文件:
4.order节点的处理
单机多节点部署,此次试验采用的共识模式的solo。我们需要编写一份docker-orderer.yaml文件放入aberic文件夹。
docker-orderer.yaml具体内容如下:
version: '2'
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic_default
# - ORDERER_GENERAL_LOGLEVEL=error
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
#- ORDERER_GENERAL_GENESISPROFILE=AntiMothOrdererGenesis
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
#- ORDERER_GENERAL_LEDGERTYPE=ram
#- ORDERER_GENERAL_LEDGERTYPE=file
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=false
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
networks:
default:
aliases:
- aberic
ports:
- 7050:7050
5.peer节点的处理
有了orderer启动文件,我们还需要docker-peer.yaml启动文件,orderer和peer的启动yaml文件名称可以自己规定,docker-peer.yaml源码如下:
version: '2'
services:
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb
# Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service,
# for example map it to utilize Fauxton User Interface in dev environments.
ports:
- "5984:5984"
ca:
container_name: ca
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca
- FABRIC_CA_SERVER_TLS_ENABLED=false
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/3049813e39cf4f8e302759d50d473bdd812347153616489c82499415ff009e83_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/3049813e39cf4f8e302759d50d473bdd812347153616489c82499415ff009e83_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer
environment:
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_NETWORKID=aberic
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic
# - CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic_default
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 7051:7051
- 7052:7052
- 7053:7053
depends_on:
- couchdb
networks:
default:
aliases:
- aberic
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# - CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ./chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/aberic/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org1.example.com
peer的这份启动文件是目前所写的最全文件,里面有cli客户端、couchdb插件以及ca插件。
有两个地方需要注意修改下,一处是FABRIC_CA_SERVER_TLS_KEYFILE的ca,另一处是command中最后一部分的ca,这两处的_sk文件名称需要替换成之前生成的证书文件名称,其实这里的主要目的是加载ca并生成ca用户。
源码中15d53ba909ffe5ef0038b1125b58e0ebc521f6693e43652307a92ee1c9c9d258_sk需要替换成你刚刚生成的证书文件名称
路径:
详细替换部分如下图:
在cli客户端配置中我们指定了智能合约的部署路径,故此,我们在aberic目录下创建与之对应的chaincode文件夹,并在该文件夹下创建go文件夹,表示合约目录下以go语言为基础的合约目录。之后将官方demo中的chaincode_example02示例也一并上传到go目录下,本次实验以该合约为基础进行测试。
6.搭建Fabric网络
在服务器命令行中分别执行如下命令启动orderer和peer:
docker-compose -f docker-orderer.yaml up -d
docker-compose -f docker-peer.yaml up -d
channel创建加盟
对peer的操作基本都需要依赖客户端完成,这里我们没有用sdk,但安装了tools镜像,即cli客户端,可以通过如下命令进入客户端进行channel的相关操作:
docker exec -it cli bash
随后执行如下命令创建一个channel
peer channel create -o orderer.example.com:7050 -c mychannel -t 50 -f ./channel-artifacts/mychannel.tx
此处两部运行结果如下:
创建完channel后,我们需要通过mychannel.block文件来加入该channel,以便后续可以安装实例化并测试智能合约。具体命令和结果如下:
peer channel join -b mychannel.block
7.chaincode安装部署实例化、测试
在之前我们上传了官方的chaincode demo到go目录下,合约目录为/home/docker/github.com/hyperledger/fabric/aberic/chaincode/go/chaincode_example02,这个目录也是我们即将安装的智能合约路径。
首先安装智能合约,具体命令和执行结果如下所示:
peer chaincode install -n mychannel -p github.com/hyperledger/fabric/aberic/chaincode/go/chaincode_example02 -v 1.0
之后进行实例化chaincode,执行如下命令并有如下视图:
peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -n mychannel -c '{"Args":["init","A","10","B","10"]}' -P "OR ('Org1MSP.member')" -v 1.0
使用query方法,查询看看实例化后A的余额:
peer chaincode query -C mychannel -n mychannel -c '{"Args":["query","A"]}'
查到A的余额为10,符合初始化init时候的传参,继续执行如下命令查询B的余额:
peer chaincode query -C mychannel -n mychannel -c '{"Args":["query","B"]}'
根据合约内容,让A给B转5快钱,执行如下命令:
peer chaincode invoke -C mychannel -n mychannel -c '{"Args":["invoke", "A", "B", "5"]}'
运行结果如下:
8.部署peer0.org2节点
在aberic目录下,为Org2的peer节点编写docker-peer1.yaml启动文件,源码如下:
version: '2'
services:
peer0.org2.example.com:
container_name: peer0.org2.example.com
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_NETWORKID=aberic
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org2.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic
# - CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic_default
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 8051:7051
- 8052:7052
- 8053:7053
networks:
default:
aliases:
- aberic
进入aberic目录执行以下命令启动docker-peer1.yaml:
docker-compose -f docker-peer1.yaml up -d
结果如下:
接下来需要针对peer0org2执行频道加入,安装合约,测试合约以及背书验证的操作。
进入cli客户端进行全局变量的更改:
docker exec -it cli bash
随后进入该容器进行一系列当前容器全局变量赋值操作,分别执行以下命令:
CORE_PEER_ID=peer0.org2.example.com
CORE_PEER_ADDRESS=peer0.org2.example.com:7051
CORE_CHAINCODELISTENADDRESS=peer0.org2.example.com:7052
CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
CORE_PEER_LOCALMSPID=Org2MSP
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
运行结果如下:
cli容器内全局变量修改完成后即可以开始对peer0org2进行操作,与peer0org1一样,首先执行peer0org2加入频道,具体命令如下:
peer channel join -b mychannel.block
peer chaincode install -n mychannel -p github.com/hyperledger/fabric/aberic/chaincode/go/chaincode_example02 -v 1.0
执行结果如下:
在peer0org2加入频道安装智能合约后执行以下命令测试合约是否已经成功运行:
peer chaincode query -C mychannel -n mychannel -c '{"Args":["query","A"]}'
查询到A的余额为5
因为之前执行过一次账户变更,A的余额为5,此时在当前容器中执行一次A给B价值2的资产转移:
peer chaincode invoke -C mychannel -n mychannel -c '{"Args":["invoke", "A", "B", "2"]}'
之后再次对A进行查询,此时发现A的资产还为5
这是因为实例化智能合约操作时选择的背书组织为org1,而后加入的org2所有操作都未经过背书,不具备效力。
9.实验总结
本次实验讲述了如何生成各节点证书及配置文件生成创始区块和频道证书文件,也分析了生成这些文件所需要配置文件的编写方案。同时也通过yaml配置文件的编写启动了orderer排序服务节点及peer节点,并实现了一次伪动态加盟的操作。其中对频道的新建加入等操作有过实践,对智能合约的基本概念有了更进一步认识。
参考文章
https://blog.csdn.net/guoqingshuang/article/details/89153147
https://www.cnblogs.com/aberic/p/8618556.html
