Hyperledger Fabric BYFN multi-machine deployment

Obviously, the difference between single-machine and multi-machine deployment is network configuration, that is, how to communicate between docker containers, so the key to multi-machine deployment is actually docker network communication.

Install HLF

Five servers, the system is Ubuntu16.04, ssh certificate has been configured to log in, assuming that the IP is respectively

10.22.1.12 # orderer.example.com, cli
10.22.1.13 # peer0.org1.example.com
10.22.1.14 # peer1.org1.example.com
10.22.1.15 # peer0.org2.example.com
10.22.1.16 # peer1.org2.example.com

If there is no special instructions, the following commands are carried out in 10.22.1.12the /home/myuser/directory on the machine .

Create a host.txtfile to facilitate dynamic modification and deployment to other machines:

vim hosts.txt 
10.22.1.12 # orderer.example.com, cli
10.22.1.13 # peer0.org1.example.com
10.22.1.14 # peer1.org1.example.com
10.22.1.15 # peer0.org2.example.com
10.22.1.16 # peer1.org2.example.com

Install the script of curl, docker, docker-composer, HLF image (version 1.3, if you need to replace the version number in the script by other versions) install.sh, you need the user password as the first parameter:

#!/bin/bash
if [ $# -eq 0 ]; then
    echo "please input password..."
    exit 1
fi

cat hosts.txt | while read host
do

echo ' '
echo ' '
echo ' '
echo '################################'
echo '##########' $host '##########'
echo '################################'
echo ' '
echo ' '
echo ' '


ssh myuser@$host  << end


echo $1 | sudo apt install curl -y
sudo -S  apt-get remove docker docker-engine docker.io containerd runc -y
docker -v
sudo apt-get update -y
sudo apt-get install \
    apt-transport-https \
    ca-certificates \
    curl \
    gnupg2 \
    software-properties-common -y
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"

sudo apt-get update -y

sudo apt-get install docker-ce docker-ce-cli containerd.io -y
docker run hello-world
docker -v
if [ $? -ne 0 ]; then
	echo "##################################################"
    echo "some wrong when install docker!"
    echo "##################################################"
    exit 1
fi


echo $1 | sudo -S curl -L "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose 
sudo chmod +x /usr/local/bin/docker-compose
sudo rm /usr/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose -v
if [ $? -ne 0 ]; then
	echo "##################################################"
    echo "some wrong when install docker-compose!"
    echo "##################################################"
    exit 1
fi

curl -sSL http://bit.ly/2ysbOFE | bash -s 1.3.0

if [ $? -ne 0 ]; then
	echo "##################################################"
    echo "some wrong when pull the images"
    echo "##################################################"
    exit 1
fi

end

done
echo done!

If there is no accident here, even if it is configured, you can go to the /home/myuser/fabric-samples/first-network/directory to test whether the installation is successful:
start the network:

./byfn.sh up

If you see the following output, the installation was successful:

90
===================== Query successful on peer1.org2 on channel 'mychannel' ===================== 

========= All GOOD, BYFN execution completed =========== 


 _____   _   _   ____   
| ____| | \ | | |  _ \  
|  _|   |  \| | | | | | 
| |___  | |\  | | |_| | 
|_____| |_| \_| |____/  

Shut down and clean up the network (remember to clean up before restarting the network, otherwise an error will be reported):

./byfn.sh down

Configure docker network

It is said that it can hostbe deployed using the mode, which is much simpler, but when I use the host mode, I always report an error when instantiating the chaincode. I did not find a solution, so I used the overlaymode.

docker swarm init --advertise-addr=10.22.1.12 # 在10.22.1.12上初始化swarm
docker swarm join-token manager # 这里会输出一个命令docker swarm join --token ... ，复制下来，去其他机器上执行
ssh [email protected]
docker swarm join --token ...
ssh [email protected]
docker swarm join --token ...
ssh [email protected]
docker swarm join --token ...
ssh [email protected]
docker swarm join --token ...
# 回到10.22.1.12
docker network create --attachable --driver overlay HLF # 创建一个overlay网络

At this time, check the docker network docker network ls, it will be like this:

NETWORK ID          NAME                DRIVER              SCOPE
ntubodu3k0fp        HLF                 overlay             swarm
31158df52877        bridge              bridge              local
54ad61772123        docker_gwbridge     bridge              local
d8b38ea6fbed        host                host                local
rlzokyfpla8r        ingress             overlay             swarm
e97a070185d2        none                null                local

The same is true on other machines, they are created automatically.

Create a startup file

/home/myuser/fabric-samples/first-networkThere is a docker-compose-cli.yamlfile in the directory , which is mainly modified according to this file.
Divide this file into five, one contains orderer and cli, and the other four are four peers.

.
├── base
│   ├── docker-compose-base.yaml
│   └── peer-base.yaml
├── docker-compose-cli.yaml
├── orderer_cli.yaml
├── peer01.yaml
├── peer02.yaml
├── peer11.yaml
└── peer12.yaml

The main modification is to modify the network to the network HLF we created earlier, but you need to pay attention to specifying external as true, otherwise docker will automatically recreate a network. Here are all the files:

orderer_cli.yaml:

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

volumes:
  orderer.example.com:

networks:
  HLF:
    external: true ## important!!!!!
services:

  orderer.example.com:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.example.com
    container_name: orderer.example.com
    #network_mode: overlay
    networks:
      - HLF
   # extra_hosts: 
   #   - "orderer.example.com:10.22.1.12" 
   #   - "peer0.org1.example.com:10.22.1.13"
   #   - "peer1.org1.example.com:10.22.1.14"
   #   - "peer0.org2.example.com:10.22.1.15"
   #   - "peer1.org2.example.com:10.22.1.16"
  cli:
    container_name: cli
    image: hyperledger/fabric-tools:$IMAGE_TAG
    tty: true
    stdin_open: true
    environment:
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      #- CORE_LOGGING_LEVEL=DEBUG
      - CORE_LOGGING_LEVEL=INFO
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        - ./../chaincode/:/opt/gopath/src/github.com/chaincode
        - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
        - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
    networks:
      - HLF
#    extra_hosts: 
#      - "orderer.example.com:10.22.1.12" 
#      - "peer0.org1.example.com:10.22.1.13"
#      - "peer1.org1.example.com:10.22.1.14"
#      - "peer0.org2.example.com:10.22.1.15"
#      - "peer1.org2.example.com:10.22.1.16"

peer01.yaml:

# Copyright IBM Corp. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

volumes:
  peer0.org1.example.com:


networks:
  HLF:
    external: true
services:

  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.org1.example.com
    #network_mode: overlay
    #networks:
    #  - byfn
    networks:
      - HLF

peer02.yaml:

# Copyright IBM Corp. All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

volumes:
  peer0.org1.example.com:


networks:
  HLF:
    external: true
services:

  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.org1.example.com
    #network_mode: overlay
    #networks:
    #  - byfn
    networks:
      - HLF

peer11.yaml:

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

volumes:
  peer0.org2.example.com:


networks:
  HLF:
    external: true

services:

  peer0.org2.example.com:
    container_name: peer0.org2.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.org2.example.com
    #network_mode: overlay
    #networks:
    #  - byfn
    networks:
      - HLF
#    extra_hosts: 
#      - "orderer.example.com:10.22.1.12" 
#      - "peer0.org1.example.com:10.22.1.13"
#      - "peer1.org1.example.com:10.22.1.14"
#      - "peer0.org2.example.com:10.22.1.15"
#      - "peer1.org2.example.com:10.22.1.16"

peer12.yaml:

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0

version: '2' 
volumes:
  peer1.org2.example.com:

networks:
  HLF:
    external: true

services:

  peer1.org2.example.com:
    container_name: peer1.org2.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer1.org2.example.com
    #network_mode: overlay
   # networks:
   #   - byfn
    networks:
      - HLF
#    extra_hosts: 
#      - "orderer.example.com:10.22.1.12" 
#      - "peer0.org1.example.com:10.22.1.13"
#      - "peer1.org1.example.com:10.22.1.14"
#      - "peer0.org2.example.com:10.22.1.15"
#      - "peer1.org2.example.com:10.22.1.16"

In addition /home/myuser/fabric-samples/first-network, two files in the directory need to be modified :

base
├── docker-compose-base.yaml
└── peer-base.yaml

The - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfnmodification in peer-base.yaml is - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=HLF.
Port mapping part in docker-compose-base.yaml:

- 7051:7051
- 7053:7053
- 8051:7051
- 8053:7053
- 9051:7051
- 9053:7053
- 10051:7051
- 10053:7053

change into

- 7051:7051
- 7053:7053
- 7051:7051
- 7053:7053
- 7051:7051
- 7053:7053
- 7051:7051
- 7053:7053

This modification is complete.
At this time, you can refer to the official website command to generate the certificate file and channel configuration file. The script is as follows:

#!/bin/zsh

cd /home/myuser/fabric-samples/first-network


# clear the old X.509
rm -rf crypto-config
rm -rf channel-artifacts/*

# generate X.509 using the default configuration
cryptogen generate --config=crypto-config.yaml

# tell the tool where to look for the configtx.yaml
export FABRIC_CFG_PATH=$PWD
export CHANNEL_NAME=mychannel

# create the orderer genesisi block
configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block  #-channelID $CHANNEL_NAME

# create a channel configuration transaction
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME

# define the anchor peer for Org1
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP

# define the anchor peer for Org2
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org2MSP

Transfer the modified 7 yaml files and certificates crypto-configto the corresponding machine through scp to the corresponding location.

run

Start script:./run.sh

#!/bin/bash

peer01=10.22.1.13
peer11=10.22.1.14
peer02=10.22.1.15
peer12=10.22.1.16

cd ~/fabric-samples/first-network
docker-compose -f orderer.yaml up -d

ssh myuser@$peer01 "cd fabric-samples/first-network; docker-compose -f peer01.yml up -d" 
ssh myuser@$peer11 "cd fabric-samples/first-network; docker-compose -f peer11.yml up -d" 
ssh myuser@$peer02 "cd fabric-samples/first-network; docker-compose -f peer02.yml up -d" 
ssh myuser@$peer12 "cd fabric-samples/first-network; docker-compose -f peer12.yml up -d" 

Enter cli容器:docker exec -it cli bash

In cli容器tests performed in the script: bash scripts/script.sh
see the following output shows a success:

90
===================== Query successful on peer1.org2 on channel 'mychannel' ===================== 

========= All GOOD, BYFN execution completed =========== 


 _____   _   _   ____   
| ____| | \ | | |  _ \  
|  _|   |  \| | | | | | 
| |___  | |\  | | |_| | 
|_____| |_| \_| |____/  

Possible errors

1. When pulling the mirror, you may report curl: (56) recv failure: connection reset by peer: will install.shthe curl -sSL http://bit.ly/2ysbOFE | bash -s 1.3.0change curl -sSL https://bit.ly/2ysbOFE | bash -s 1.3.0to
2. There cli容器may be various situations when the script is executed in the test. At this time, first check whether the network is connected, and then check the certificate file for problems, ...