一、意义:
在本节内容开始之前,我先跟读者朋友们一起分享一下公链、联盟链、私有链的优劣势。
1、公有链
任何节点都是向任何人开放的,每个人都可以参与到这个区块链中进行计算,而且任何人都可以下载获得完整区块链数据(全部账本)。比特币就是最典型的公有链。
优点:公有链最大的优点就是去中心化和安全性。目前像一般比较出名的数字货币:比特币、以太币、瑞波币等都是使用公有链来运行的。由此可见,这些数字货币安全性很高,同时也不受到谁的控制。
缺点:尽管公有链很好很安全,但是设想一下,这么多随意出入的节点是很难达成共识的(上一篇文章提到的共识)因为有些节点可能随时宕机,黑客也可能伪造很多虚假的节点。所以,公有链有一套很严格的共识机制,因此公有链最大的问题就是共识问题,共识问题直接导致了公有链处理数据的速度问题,因此如果你玩比特币就知道了,转账要很久才能到。
2、私有链
有些区块链的应用场景下,并不希望这个系统任何人都可以参与,任何人都可以查看所有数据,只有被许可的节点才可以参与并且查看所有数据,这种区块链结构我们称为私有链。
优点:私有链可以完全自己定制策略,因此速度极快
缺点:相比较而言,私有链不具备去中心化
3、联盟链
联盟链是指有若干机构或组织共同参与管理的区块链,他们各自运行着一个或多个节点,之中的数据只允许系统内不同的机构进行读取和发送交易,并且共同记录交易数据。R3组成的银行区块链联盟要构建的就是典型的联盟链。
优点:联盟链优点就是比公有链处理速度要快,因为节点的数量和身份都已经规定好了,所以可以使用相对松散的共识机制,因此数据的处理速度就会比公有链大大提高。目前,联盟链的发展速度很惊人。
缺点:尽管联盟链速度加快,但是相比公有链来说,联盟链并不是完全去中心化的。因为理论上联盟之间可以联合起来修改区块链数据。发币无意义。
从上述描述中,我们了解到了一点联盟链的优劣势。抛开这些争论,秉承存在即合理的原则。我们深入研究一下联盟链。目前联盟链大多数都是基于Hyper Ledger fabric来实现的。下面我们来认识一下Hyper Ledger fabric的概念。
二、HyperLedger fabric:
Hyperledger Fabric是Linux基金会所主导的Hyperledger(超级账本)的项目之一。Hyperledger Fabric旨在作为开发模块化体系结构的区块链应用程序的基础,以便诸如共识和会员服务等组件可以即插即用。它使用容器技术来托管构成系统应用逻辑的智能合约(也称为链代码)。 简而言之,Hyperledger Fabric就是开发联盟链应用的最好工具之一。
脚本安装Fabric(略)
由于fabric安装比较复杂,所以我单独写了一个文档。安装文档我将放入github中,待文章写毕,将安装文档上传github。
github链接:....
手动组件Fabric网络
1.生成模板,
cryptogen showtemplate > crypto-config.yaml
2.修改模板后生成
模板如下,请按照自己的需求修改
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs: # 排序节点组织信息
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer # 排序节点组织的名字
Domain: example.com # 根域名, 排序节点组织的根域名
Specs:
- Hostname: orderer # 访问这台orderer对应的域名为: orderer.example.com
- Hostname: order2 # 访问这台orderer对应的域名为: order2.example.com
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1 # 第一个组织的名字, 自己指定
Domain: org1.example.com # 访问第一个组织用到的根域名
EnableNodeOUs: true # 是否支持node.js
Template: # 模板, 根据默认的规则生成2个peer存储数据的节点
Count: 2 # 1. peer0.org1.example.com 2. peer1.org1.example.com
Users: # 创建的普通用户的个数
Count: 3
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: true
Template:
Count: 2
Specs:
- Hostname: hello
Users:
Count: 1
修改后为:
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: itcast.com
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: OrgGo
Domain: orggo.itcast.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 3
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: OrgCpp
Domain: orgcpp.itcast.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 3
运行
cryptogen generate --config=crypto-config.yaml
3.创始块文件和通道文件的生成(复制时请保存在txt文件中,再修改文件名,不然会乱码)
命令介绍:
$ configtxgen --help
# 输出创始块区块文件的路径和名字
`-outputBlock string`
# 指定创建的channel的名字, 如果没指定系统会提供一个默认的名字.
`-channelID string`
# 表示输通道文件路径和名字
`-outputCreateChannelTx string`
# 指定配置文件中的节点
`-profile string`
# 更新channel的配置信息
`-outputAnchorPeersUpdate string`
# 指定所属的组织名称
`-asOrg string`
# 要想执行这个命令, 需要一个配置文件 configtx.yaml
```
配置文件模板:
```yaml
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations: # 固定的不能改
- &OrdererOrg # 排序节点组织, 自己起个名字
Name: OrdererOrg # 排序节点的组织名
ID: OrdererMSP # 排序节点组织的ID
MSPDir: crypto-config/ordererOrganizations/example.com/msp # 组织的msp账号信息
- &Org1 # 第一个组织, 名字自己起
Name: Org1MSP # 第一个组织的名字
ID: Org1MSP # 第一个组织的ID
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers: # 锚节点
- Host: peer0.org1.example.com # 指定一个peer节点的域名
Port: 7051 # 端口不要改
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
################################################################################
#
# SECTION: Capabilities, 在fabric1.1之前没有, 设置的时候全部设置为true
#
################################################################################
Capabilities:
Global: &ChannelCapabilities
V1_1: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_2: true
################################################################################
#
# SECTION: Application
#
################################################################################
Application: &ApplicationDefaults
Organizations:
################################################################################
#
# SECTION: Orderer
#
################################################################################
Orderer: &OrdererDefaults
# Available types are "solo" and "kafka"
# 共识机制 == 排序算法
OrdererType: solo # 排序方式
Addresses: # orderer节点的地址
- orderer.example.com:7050 # 端口不要改
# BatchTimeout,MaxMessageCount,AbsoluteMaxBytes只要一个满足, 区块就会产生
BatchTimeout: 2s # 多长时间产生一个区块
BatchSize:
MaxMessageCount: 10 # 交易的最大数据量, 数量达到之后会产生区块, 建议100左右
AbsoluteMaxBytes: 99 MB # 数据量达到这个值, 会产生一个区块, 32M/64M
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
################################################################################
#
# Profile
#
################################################################################
Profiles: # 不能改
TwoOrgsOrdererGenesis: # 区块名字, 随便改
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium: # 这个名字可以改
Organizations:
- *Org1
- *Org2
TwoOrgsChannel: # 通道名字, 可以改
Consortium: SampleConsortium # 这个名字对应93行
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
```
配置文件修改(configtx.yaml)后为:
################################################################################
#
# Section: Organizations
#
################################################################################
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/itcast.com/msp
- &org_go
Name: OrgGoMSP
ID: OrgGoMSP
MSPDir: crypto-config/peerOrganizations/orggo.itcast.com/msp
AnchorPeers:
- Host: peer0.orggo.itcast.com
Port: 7051
- &org_cpp
Name: OrgCppMSP
ID: OrgCppMSP
MSPDir: crypto-config/peerOrganizations/orgcpp.itcast.com/msp
AnchorPeers:
- Host: peer0.orgcpp.itcast.com
Port: 7051
################################################################################
#
# SECTION: Capabilities
#
################################################################################
Capabilities:
Global: &ChannelCapabilities
V1_1: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_2: true
################################################################################
#
# SECTION: Application
#
################################################################################
Application: &ApplicationDefaults
Organizations:
################################################################################
#
# SECTION: Orderer
#
################################################################################
Orderer: &OrdererDefaults
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.itcast.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 100
AbsoluteMaxBytes: 32 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
################################################################################
#
# Profile
#
################################################################################
Profiles:
ItcastOrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *org_go
- *org_cpp
ItcastOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *org_go
- *org_cpp
Capabilities:
<<: *ApplicationCapabilities
生成创始块文件
configtxgen -profile ItcastOrgsOrdererGenesis -outputBlock ./genesis.block
- 在当前目录下得到一个文件: genesis.block
生成通道文件
configtxgen -profile ItcastOrgsChannel -outputCreateChannelTx channel.tx -channelID itcastchannel
若未指定channelID,则默认是mychannel
-生成锚节点更新文件( >这个操作是可选的)
# cpp组织锚节点文件
configtxgen -profile ItcastOrgsChannel -outputAnchorPeersUpdate CppMSPanchors.tx -channelID itcastchannel -asOrg OrgCppMSP
go组织锚节点文件
configtxgen -profile ItcastOrgsChannel -outputAnchorPeersUpdate GoMSPanchors.tx -channelID itcastchannel -asOrg OrgGoMSP
创建文件channel-artifacts文件夹, 并移动文件
mkdir channel-artifacts
mv *.tx *.block channel-artifacts
4. docker-compose文件的编写
1. 客户端角色需要使用的环境变量
```shell
# 客户端docker容器启动之后, go的工作目录
- GOPATH=/opt/gopath # 不需要修改
# docker容器启动之后, 对应的守护进程的本地套接字, 不需要修改
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=INFO # 日志级别
- CORE_PEER_ID=cli # 当前客户端节点的ID, 自己指定
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051 # 客户端连接的peer节点
- CORE_PEER_LOCALMSPID= # 组织ID
- CORE_PEER_TLS_ENABLED=true # 通信是否使用tls加密
- CORE_PEER_TLS_CERT_FILE= # 证书文件
/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE= # 私钥文件
/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
-CORE_PEER_TLS_ROOTCERT_FILE= # 根证书文件
/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
# 指定当前客户端的身份
- CORE_PEER_MSPCONFIGPATH= /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
```
2 orderer节点需要使用的环境变量
```shell
- ORDERER_GENERAL_LOGLEVEL=INFO # 日志级别
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 # orderer节点监听的地址
- ORDERER_GENERAL_GENESISMETHOD=file # 创始块的来源, 指定file来源就是文件中
# 创始块对应的文件, 这个不需要改
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP # orderer节点所属的组的ID
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp # 当前节点的msp账号路径
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true # 是否使用tls加密
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key # 私钥
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt # 证书
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] # 根证书
```
3 peer节点需要使用的环境变量
```shell
- CORE_PEER_ID=peer0.orggo.test.com # 当前peer节点的名字, 自己起
# 当前peer节点的地址信息
- CORE_PEER_ADDRESS=peer0.orggo.test.com:7051
# 启动的时候, 指定连接谁, 一般写自己就行
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orggo.test.com:7051
# 为了被其他节点感知到, 如果不设置别的节点不知有该节点的存在
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orggo.test.com:7051
- CORE_PEER_LOCALMSPID=OrgGoMSP
# docker的本地套接字地址, 不需要改
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# 当前节点属于哪个网络
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=network_default
- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true # 释放自动选举leader节点
- CORE_PEER_GOSSIP_ORGLEADER=false # 当前不是leader
- CORE_PEER_PROFILE_ENABLED=true # 在peer节点中有一个profile服务
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
```
4 相关配置文件
- **启动docker-compose使用的配置文件** - `docker-compose.yaml
# docker-compose.yaml
version: '2'
volumes:
orderer.itcast.com:
peer0.orggo.itcast.com:
peer1.orggo.itcast.com:
peer0.orgcpp.itcast.com:
peer1.orgcpp.itcast.com:
networks:
byfn:
services:
orderer.itcast.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.itcast.com
container_name: orderer.itcast.com
networks:
- byfn
peer0.orggo.itcast.com:
container_name: peer0.orggo.itcast.com
extends:
file: base/docker-compose-base.yaml
service: peer0.orggo.itcast.com
networks:
- byfn
peer1.orggo.itcast.com:
container_name: peer1.orggo.itcast.com
extends:
file: base/docker-compose-base.yaml
service: peer1.orggo.itcast.com
networks:
- byfn
peer0.orgcpp.itcast.com:
container_name: peer0.orgcpp.itcast.com
extends:
file: base/docker-compose-base.yaml
service: peer0.orgcpp.itcast.com
networks:
- byfn
peer1.orgcpp.itcast.com:
container_name: peer1.orgcpp.itcast.com
extends:
file: base/docker-compose-base.yaml
service: peer1.orgcpp.itcast.com
networks:
- byfn
cli:
container_name: cli
image: hyperledger/fabric-tools:latest
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
#- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.orggo.itcast.com:7051
- CORE_PEER_LOCALMSPID=OrgGoMSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/peers/peer0.orggo.itcast.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/peers/peer0.orggo.itcast.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/peers/peer0.orggo.itcast.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.itcast.com
- peer0.orggo.itcast.com
- peer1.orggo.itcast.com
- peer0.orgcpp.itcast.com
- peer1.orgcpp.itcast.com
networks:
- byfn
被`docker-compose.yaml`依赖的文件 - `base/docker-compose-base.yaml`
version: '2'
services:
orderer.itcast.com:
container_name: orderer.itcast.com
image: hyperledger/fabric-orderer:latest
environment:
- ORDERER_GENERAL_LOGLEVEL=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/itcast.com/orderers/orderer.itcast.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/itcast.com/orderers/orderer.itcast.com/tls/:/var/hyperledger/orderer/tls
- orderer.itcast.com:/var/hyperledger/production/orderer
# /var/lib/docker/volumes/order.itcast.com
ports:
- 7050:7050
peer0.orggo.itcast.com:
container_name: peer0.orggo.itcast.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.orggo.itcast.com
- CORE_PEER_ADDRESS=peer0.orggo.itcast.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.orggo.itcast.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orggo.itcast.com:7051
- CORE_PEER_LOCALMSPID=OrgGoMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orggo.itcast.com/peers/peer0.orggo.itcast.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orggo.itcast.com/peers/peer0.orggo.itcast.com/tls:/etc/hyperledger/fabric/tls
- peer0.orggo.itcast.com:/var/hyperledger/production
ports:
- 7051:7051
- 7053:7053
peer1.orggo.itcast.com:
container_name: peer1.orggo.itcast.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.orggo.itcast.com
- CORE_PEER_ADDRESS=peer1.orggo.itcast.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orggo.itcast.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orggo.itcast.com:7051
- CORE_PEER_LOCALMSPID=OrgGoMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orggo.itcast.com/peers/peer1.orggo.itcast.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orggo.itcast.com/peers/peer1.orggo.itcast.com/tls:/etc/hyperledger/fabric/tls
- peer1.orggo.itcast.com:/var/hyperledger/production
ports:
- 8051:7051
- 8053:7053
peer0.orgcpp.itcast.com:
container_name: peer0.orgcpp.itcast.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.orgcpp.itcast.com
- CORE_PEER_ADDRESS=peer0.orgcpp.itcast.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgcpp.itcast.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.orgcpp.itcast.com:7051
- CORE_PEER_LOCALMSPID=OrgCppMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orgcpp.itcast.com/peers/peer0.orgcpp.itcast.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orgcpp.itcast.com/peers/peer0.orgcpp.itcast.com/tls:/etc/hyperledger/fabric/tls
- peer0.orgcpp.itcast.com:/var/hyperledger/production
ports:
- 9051:7051
- 9053:7053
peer1.orgcpp.itcast.com:
container_name: peer1.orgcpp.itcast.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.orgcpp.itcast.com
- CORE_PEER_ADDRESS=peer1.orgcpp.itcast.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orgcpp.itcast.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgcpp.itcast.com:7051
- CORE_PEER_LOCALMSPID=OrgCppMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orgcpp.itcast.com/peers/peer1.orgcpp.itcast.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orgcpp.itcast.com/peers/peer1.orgcpp.itcast.com/tls:/etc/hyperledger/fabric/tls
- peer1.orgcpp.itcast.com:/var/hyperledger/production
ports:
- 10051:7051
- 10053:7053
被 ``docker-compose-base.yaml` 依赖的文件 - `base/peer-base.yaml`
version: '2'
services:
peer-base:
image: hyperledger/fabric-peer:latest
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=xxxx_byfn
- CORE_LOGGING_LEVEL=INFO
#- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
5 启动docker-compose
启动命令:
# 在docker-compose.yaml 文件目录下执行下边命令
docker-compose up -d
检测网络是否正常启动了:
docker-compose ps
如下,则代表成功:
Name Command State Ports
----------------------------------------------------------------------------------------------------
cli /bin/bash Up
orderer.itcast.com orderer Up 0.0.0.0:7050->7050/tcp
peer0.orgcpp.itcast.com peer node start Up 0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp
peer0.orggo.itcast.com peer node start Up 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp
peer1.orgcpp.itcast.com peer node start Up 0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp
peer1.orggo.itcast.com peer node start Up 0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp
6. Peer操作
1.创建通道,通过客户端来完成
进入cli容器:
docker exec -it cli /bin/bash
peer 创建命令,参数详情如下:
$ peer channel create [flags], 常用参数为:
`-o, --orderer: orderer节点的地址
`-c, --channelID: 要创建的通道的ID, 必须小写, 在250个字符以内
`-f, --file: 由configtxgen 生成的通道文件, 用于提交给orderer
-t, --timeout: 创建通道的超时时长, 默认为5s
`--tls: 通信时是否使用tls加密
`--cafile: 当前orderer节点pem格式的tls证书文件, 要使用绝对路径.
# orderer节点pem格式的tls证书文件路径参考:
crypto-config/ordererOrganizations/itcast.com/orderers/orderer.itcast.com/msp/tlscacerts/tlsca.itcast.com-cert.pem
创建通道,格式为:
peer channel create -o orderer节点地址:端口 -c 通道名 -f 通道文件 --tls true --cafile orderer节点pem格式的证书文件
创建通道:
peer channel create -o orderer.itcast.com:7050 -c itcastchannel -f ./channel-artifacts/channel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/itcast.com/msp/tlscacerts/tlsca.itcast.com-cert.pem
执行命令后,会在当前工作目录下生成一个文件: 通道名.block, 本例: itcastchannel.block
2 加入通道
默认节点、加入管道
$ peer channel join[flags], 常用参数为:
`-b, --blockpath: 通过 peer channel create 命令生成的通道文件
$ peer channel join -b 生成的通道block文件
$ peer channel join -b ./itcastchannel.block
其他的节点,加入通道
我们只需在cli容器中,设置以下环境变量,让节点连接到其他节点中,再执行peer channel join命令即可将节点加入到通道中。
比如:第二个节点(Go组织的 peer1)加入通道,我们只需赋值第二个节点的export内容,在cli容器中粘贴,然后执行加入通道的命令。加入节点命令如上:
```
# 第1个节点 Go组织的 peer0
export CORE_PEER_ADDRESS=peer0.orggo.itcast.com:7051
export CORE_PEER_LOCALMSPID=OrgGoMSP
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/users/[email protected]/msp
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/peers/peer0.orggo.itcast.com/tls/ca.crt
export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/peers/peer0.orggo.itcast.com/tls/server.crt
export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/peers/peer0.orggo.itcast.com/tls/server.key
# 第2个节点 Go组织的 peer1
export CORE_PEER_ADDRESS=peer1.orggo.itcast.com:7051
export CORE_PEER_LOCALMSPID=OrgGoMSP
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/users/[email protected]/msp
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/peers/peer1.orggo.itcast.com/tls/ca.crt
export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/peers/peer1.orggo.itcast.com/tls/server.crt
export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orggo.itcast.com/peers/peer1.orggo.itcast.com/tls/server.key
# 第3个节点 Cpp组织的 peer0 注意:cli为自己定义的客户端名称,根据自己的命名进行修改
export CORE_PEER_ID=cli
export CORE_PEER_ADDRESS=peer0.orgcpp.itcast.com:7051
export CORE_PEER_LOCALMSPID=OrgCppMSP
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgcpp.itcast.com/users/[email protected]/msp
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgcpp.itcast.com/peers/peer0.orgcpp.itcast.com/tls/ca.crt
export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgcpp.itcast.com/peers/peer0.orgcpp.itcast.com/tls/server.crt
export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgcpp.itcast.com/peers/peer0.orgcpp.itcast.com/tls/server.key
# 第4个节点 Cpp组织的 peer1 注意:cli为自己定义的客户端名称,根据自己的命名进行修改
export CORE_PEER_ID=cli
export CORE_PEER_ADDRESS=peer1.orgcpp.itcast.com:7051
export CORE_PEER_LOCALMSPID=OrgCppMSP
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgcpp.itcast.com/users/[email protected]/msp
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgcpp.itcast.com/peers/peer1.orgcpp.itcast.com/tls/ca.crt
export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgcpp.itcast.com/peers/peer1.orgcpp.itcast.com/tls/server.crt
export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgcpp.itcast.com/peers/peer1.orgcpp.itcast.com/tls/server.key
```
4 安装链码**
```shell
$ peer chaincode install [flags], 常用参数为:
-c, --ctor: JSON格式的构造参数, 默认是"{}"
`-l, --lang: 编写chaincode的编程语言, 默认值是 golang
`-n, --name: chaincode的名字
`-p, --path: chaincode源代码的目录, 从 $GOPATH/src 路径后开始写
`-v, --version: 当前操作的chaincode的版本, 适用这些命令install/instantiate/upgrade
$ peer chaincode install -n 链码的名字 -v 链码的版本 -l 链码的语言 -p 链码的位置
- 链码名字自己起
- 链码的版本, 自己根据实际情况指定
$ peer chaincode install -n testcc -v 1.0 -l golang -p github.com/chaincode
返回值 有下面这句话 则代表成功:
2020-03-19 07:25:26.416 UTC [chaincodeCmd] install -> INFO 005 Installed remotely response:<status:200 payload:"OK" >
5 链码初始化**
```shell
$ peer chaincode instantiate [flags], 常用参数为:
`-C,--channelID:当前命令运行的通道,默认值是“testchainid"。
`-c, --ctor:JSON格式的构造参数,默认值是“{}"
`-l,--lang:编写Chaincode的编程语言,默认值是golang
`-n,--name:Chaincode的名字。
`-P,--policy:当前Chaincode的背书策略。
`-v,--version:当前操作的Chaincode的版本,适用于install/instantiate/upgrade等命令
`--tls: 通信时是否使用tls加密
`--cafile: 当前orderer节点pem格式的tls证书文件, 要使用绝对路径.
$ peer chaincode instantiate -o orderer节点地址:端口 --tls true --cafile orderer节点pem格式的证书文件 -C 通道名称 -n 链码名称 -l 链码语言 -v 链码版本 -c 链码Init函数调用 -P 背书策略
peer chaincode instantiate -o orderer.itcast.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/itcast.com/msp/tlscacerts/tlsca.itcast.com-cert.pem -C itcastchannel -n testcc -l golang -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -P "AND ('OrgGoMSP.member', 'OrgCppMSP.member')"
森岛帆高