The FISCO-BCOS blockchain network environment was built and tested successfully
- foreword
- Target
- Download and install
- download
- Alliance chain initialization
- Institutions A and B build group 1
-
- Initialize agency A
- Initialize agency B
- Institution A modifies the configuration file
- Modify the configuration file of organization B
- Institution A generates and sends node information
- Institution B generates and sends node information
- Institution A generates the genesis block of group 1
- Institution A generates its own node
- Institution B generates its own node
- View the running status of group 1 nodes
- Certificate Authority Initialization Authority C
- Institutions A and C construct group 2
-
- Institution A sends node information
- Institution C modifies the configuration file
- Institution C generates and sends node information
- Institution C generates group 2 genesis block
- Institution C generates its own node
- Institution A initializes group 2 for existing nodes
- View the running status of group 2 nodes
foreword
Due to the needs of project technology selection, it is necessary to build a FISCO-BCOS blockchain network environment. This article records the loading process, or a pit encountered and its solution
Target
A networking mode of 6 nodes, 3 institutions, and 2 groups as shown in the figure. Institution B and Institution C are in Group 1 and Group 2, respectively. Institution A belongs to both Group 1 and Group 2
Reference article: FISCO-BCOS blockchain network environment construction
Download and install
download
cd ~/
git clone https://github.com/FISCO-BCOS/generator.git
# 若因为网络问题导致长时间无法下载,请尝试以下命令:
git clone https://gitee.com/FISCO-BCOS/generator.git
Install
This operation requires the user to have sudo privileges.
cd ~/generator && bash ./scripts/install.sh
Encountered the problem of pip version inequity, please refer to the blog post for details: pip not fond problem is solved
successfully, as shown in the figure below
Check whether the installation is successful, if successful, output usage: generator xxx
./generator -h
get node binary
Pull the latest fisco-bcos binary file to meta. If the network is poor, you can try to download fisco-bcos in other ways, or use the –cdn option, and place the downloaded binary file in the meta folder
./generator --download_fisco ./meta
./generator --download_fisco ./meta --cdn # 网络较差可用选项
Check the binary version
2.5 and earlier, if successful, output FISCO-BCOS Version: xxx-x
After version 2.6, directly output FISCO-BCOS Version: xxx-x
./meta/fisco-bcos -v
Alliance chain initialization
For the sake of simplicity, all operations in this example are performed on the same machine, and different directories are used to simulate different institutional environments. Use file copy operations to simulate network sending. After downloading and installing in the tutorial, please copy the generator to the generator directory of the corresponding institution.
Institution initialization
We use the generator downloaded in the tutorial as the certificate authority.
Initialize agency A
cp -r ~/generator ~/generator-A
Initialize agency B
cp -r ~/generator ~/generator-B
Initialize chain certificate
Since the FISCO BCOS node uses a non-national secret method when communicating with the SDK, the node needs to generate a non-national secret version of the certificate to
operate on the certificate authority. A consortium chain has unique chain certificates ca.crt and gmca.crt
for -- The generate_chain_certificate command generates a chain certificate
cd ~/generator # 在证书生成机构目录下操作
./generator --generate_chain_certificate ./dir_chain_ca -g # 生成国密证书
./generator --generate_chain_certificate ./dir_chain_ca_normal # 生成普通证书
ls ./dir_chain_ca # 查看链证书及私钥
# 上述命令解释
# 从左至右分别为链证书、链私钥
gmca.crt gmca.key
# 上述命令解释
# 从左至右分别为链证书、链私钥
ca.crt ca.key
Institutions A and B build group 1
Initialize agency A
In the tutorial, the agency certificate and private key are directly generated to simplify the operation. In actual application, the agency should generate the private key agency.key and gmagency.key locally, then generate the certificate request file, and obtain the agency certificate agency.crt and gmagency from the certificate issuing agency. .crt.
Operate under the directory of the certificate generation organization to generate the certificate of organization A:
./generator --generate_agency_certificate ./dir_agency_ca ./dir_chain_ca agencyA -g
./generator --generate_agency_certificate ./dir_agency_ca ./dir_chain_ca_normal agencyA_normal
View organization A certificate and private key:
ls dir_agency_ca/agencyA/
ls dir_agency_ca/agencyA_normal/
# 上述命令解释
# 从左至右分别为机构证书、机构私钥、链证书
gmagency.crt gmagency.key gmca.crt
# 上述命令解释
# 从左至右分别为机构证书、机构私钥、链证书
agency.crt agency.key ca.crt
Send the chain certificate, organization certificate, and organization private key to organization A. The example is to send the organization certificate from the certificate authority to the corresponding organization by copying the file, and put it in the meta subdirectory of the organization's working directory
cp ./dir_agency_ca/agencyA/* ~/generator-A/meta/
cp ./dir_agency_ca/agencyA_normal/* ~/generator-A/meta/
View Results
Initialize agency B
Steps are similar to institution A
cd ~/generator # 在证书生成机构目录下操作:
# 生成机构B证书:
./generator --generate_agency_certificate ./dir_agency_ca ./dir_chain_ca agencyB -g
./generator --generate_agency_certificate ./dir_agency_ca ./dir_chain_ca_normal agencyB_normal
Send the chain certificate, organization certificate, and organization private key to organization B. The example is to send the organization certificate from the certificate authority to the corresponding organization by copying the file, and put it in the meta subdirectory of the organization's working directory
cp ./dir_agency_ca/agencyB/* ~/generator-B/meta/
cp ./dir_agency_ca/agencyB_normal/* ~/generator-B/meta/
Important: Only one root certificate ca.crt can be used in a consortium chain. Do not generate multiple root certificates and private keys when deploying multiple servers. A group can only have one group genesis block group.x.genesis
Institution A modifies the configuration file
node_deployment.ini is a node configuration file, and the operation and maintenance deployment tool will generate relevant node certificates and node configuration folders according to the configuration under node_deployment.ini.
Institution A modifies node_deployment.ini under the conf folder as shown in the figure below:
Execute the following command in the ~/generator-A directory
cd ~/generator-A
cat > ./conf/node_deployment.ini << EOF
[group]
group_id=1
[node0]
; host ip for the communication among peers.
; Please use your ssh login ip.
p2p_ip=10.241.35.7
; listen ip for the communication between sdk clients.
; This ip is the same as p2p_ip for physical host.
; But for virtual host e.g. vps servers, it is usually different from p2p_ip.
; You can check accessible addresses of your network card.
; Please see https://tecadmin.net/check-ip-address-ubuntu-18-04-desktop/
; for more instructions.
rpc_ip=0.0.0.0
channel_ip=0.0.0.0
p2p_listen_port=30300
channel_listen_port=20200
jsonrpc_listen_port=8545
[node1]
p2p_ip=10.241.35.7
rpc_ip=0.0.0.0
channel_ip=0.0.0.0
p2p_listen_port=30301
channel_listen_port=20201
jsonrpc_listen_port=8546
EOF
Modify the configuration file of organization B
Institution B modifies node_deployment.ini under the conf folder as shown in the figure below:
Execute the following command in the ~/generator-B directory
cd ~/generator-B
Institution B configuration file modification
cat > ./conf/node_deployment.ini << EOF
[group]
group_id=1
[node0]
; host ip for the communication among peers.
; Please use your ssh login ip.
p2p_ip=10.241.35.7
; listen ip for the communication between sdk clients.
; This ip is the same as p2p_ip for physical host.
; But for virtual host e.g. vps servers, it is usually different from p2p_ip.
; You can check accessible addresses of your network card.
; Please see https://tecadmin.net/check-ip-address-ubuntu-18-04-desktop/
; for more instructions.
rpc_ip=0.0.0.0
channel_ip=0.0.0.0
p2p_listen_port=30302
channel_listen_port=20202
jsonrpc_listen_port=8547
[node1]
p2p_ip=10.241.35.7
rpc_ip=127.0.0.1
channel_ip=0.0.0.0
p2p_listen_port=30303
channel_listen_port=20203
jsonrpc_listen_port=8548
EOF
Institution A generates and sends node information
Execute the following command in the ~/generator-A directory
cd ~/generator-A
Institution A generates a node certificate and a P2P connection information file. This step requires the node_deployment.ini configured above, and the institution certificate and private key under the organization meta folder. Institution A generates a node certificate and a P2P connection information file
./generator --generate_all_certificates ./agencyA_node_info -g
# 查看生成文件:
ls ./agencyA_node_info
# 上述命令解释
# 从左至右分别为需要交互给机构A的节点证书,节点P2P连接地址文件(根据node_deployment.ini生成的本机构节点信息)
gmcert_127.0.0.1_30300.crt gmcert_127.0.0.1_30301.crt peers.txt
When an organization generates a node, it needs to specify the node P2P connection address of other nodes. Therefore, organization A needs to send the node P2P connection address file to organization B
cp ./agencyA_node_info/peers.txt ~/generator-B/meta/peersA.txt
Institution B generates and sends node information
Execute the following command in the ~/generator-B directory
cd ~/generator-B
Institution B generates node certificates and P2P connection information files:
./generator --generate_all_certificates ./agencyB_node_info -g
The institution that generates the genesis block needs a node certificate. In the example, institution A generates the genesis block, so in addition to sending the node P2P connection address file, institution B also needs to send the node certificate to institution A to send the certificate
cp ./agencyB_node_info/gmcert*.crt ~/generator-A/meta/
Send node P2P connection address file
cp ./agencyB_node_info/peers.txt ~/generator-A/meta/peersB.txt
Institution A generates the genesis block of group 1
Execute the following command in the ~/generator-A directory
cd ~/generator-A
Institution A modifies group_genesis.ini under the conf folder, and the configuration items can refer to the manual. :
cat > ./conf/group_genesis.ini << EOF
[group]
group_id=1
[nodes]
node0=10.241.35.7:30300
node1=10.241.35.7:30301
node2=10.241.35.7:30302
node3=10.241.35.7:30303
EOF
Explanation of the above command:
;命令解释
[group]
;群组id
group_id=1
[nodes]
;机构A节点p2p地址
node0=127.0.0.1:30300
;机构A节点p2p地址
node1=127.0.0.1:30301
;机构B节点p2p地址
node2=127.0.0.1:30302
;机构B节点p2p地址
node3=127.0.0.1:30303
In the tutorial, organization A is selected to generate the group genesis block. In actual production, it can be selected through the negotiation of the alliance chain committee.
This step will generate the group genesis block configured in group_genesis.ini according to the node certificate configured under the meta folder of institution A. In the tutorial, the meta of institution A needs to have the name gmcert_127.0.0.1_30300.crt, gmcert_127.0.0 .1_30301.crt, gmcert_127.0.0.1_30302.crt, gmcert_127.0.0.1_30303.crt node certificate, this step needs to use the node certificate of institution B.
./generator --create_group_genesis ./group -g
Distribute the genesis block of group 1 to organization B:
cp ./group/group.1.genesis ~/generator-B/meta
Institution A generates its own node
Execute the following command in the ~/generator-A directory
cd ~/generator-A
Generate the node to which organization A belongs. This command will generate the corresponding node configuration folder according to the node_deployment.ini file configured by the user:
Note that the node P2P connection information peers.txt specified in this step is the connection information of other nodes in the group, and it needs to be merged in the case of multiple organizations networking.
./generator --build_install_package ./meta/peersB.txt ./nodeA -g
Check out the build node configuration folder:
ls ./nodeA
# 命令解释 此处采用tree风格显示
# 生成的文件夹nodeA信息如下所示,
├── monitor # monitor脚本
├── node_127.0.0.1_30300 # 127.0.0.1服务器 端口号30300的节点配置文件夹
├── node_127.0.0.1_30301
├── scripts # 节点的相关工具脚本
├── start_all.sh # 节点批量启动脚本
└── stop_all.sh # 节点批量停止脚本
Institution A starts the node:
bash ./nodeA/start_all.sh
View node process:
ps -ef | grep fisco
# 命令解释
# 可以看到如下进程
fisco 15347 1 0 17:22 pts/2 00:00:00 ~/generator-A/nodeA/node_127.0.0.1_30300/fisco-bcos -c config.ini
fisco 15402 1 0 17:22 pts/2 00:00:00 ~/generator-A/nodeA/node_127.0.0.1_30301/fisco-bcos -c config.ini
Institution B generates its own node
Execute the following command in the ~/generator-B directory
cd ~/generator-B
Generate the node to which organization B belongs. This command will generate the corresponding node configuration folder according to the node_deployment.ini file configured by the user:
./generator --build_install_package ./meta/peersA.txt ./nodeB -g
Check out the build node configuration folder:
ls ./nodeB
Institution B starts the node:
bash ./nodeB/start_all.sh
View node process:
ps -ef | grep fisco
Note: The node startup only needs to push the node folder corresponding to the ip. For example, the server of 127.0.0.1 only needs the node configuration folder corresponding to node_127.0.0.1_port. When deploying on multiple machines, you only need to push the generated node folder to the corresponding server.
View the running status of group 1 nodes
View process:
ps -ef | grep fisco
# 命令解释
# 可以看到如下所示的进程
fisco 15347 1 0 17:22 pts/2 00:00:00 ~/generator-A/nodeA/node_127.0.0.1_30300/fisco-bcos -c config.ini
fisco 15402 1 0 17:22 pts/2 00:00:00 ~/generator-A/nodeA/node_127.0.0.1_30301/fisco-bcos -c config.ini
fisco 15457 1 0 17:22 pts/2 00:00:00 ~/generator-B/nodeB/node_127.0.0.1_30302/fisco-bcos -c config.ini
fisco 15498 1 0 17:22 pts/2 00:00:00 ~/generator-B/nodeB/node_127.0.0.1_30303/fisco-bcos -c config.ini
Check the node log:
tail -f ./node*/node*/log/log* | grep +++
The result is shown in the figure:
So far, we have completed the operation of establishing group 1 by organizations A and B as shown in the figure
Certificate Authority Initialization Authority C
Operate under the directory of the certificate generating authority:
cd ~/generator
Initialize organization C. Please note that there are chain certificates and private keys in the generator directory at this time. In the actual environment, organization C cannot obtain chain certificates and private keys.
cp -r ~/generator ~/generator-C
To generate an institution C certificate:
./generator --generate_agency_certificate ./dir_agency_ca ./dir_chain_ca agencyC -g
./generator --generate_agency_certificate ./dir_agency_ca ./dir_chain_ca_normal agencyC_normal
Send the chain certificate, organization certificate, and organization private key to organization C. The example is to send the organization certificate from the certificate authority to the corresponding organization by copying the file, and put it in the meta subdirectory of the organization's working directory
cp ./dir_agency_ca/agencyC/* ~/generator-C/meta/
cp ./dir_agency_ca/agencyC_normal/* ~/generator-C/meta/
Institutions A and C construct group 2
Next, organization C needs to establish a new group with A. In the example, C generates a genesis block as an example.
Institution A sends node information
Since organization A has already generated node certificates and peers files, it only needs to send the previously generated node P2P connection information and node certificates to organization C. The operation is as follows: Execute the following command
in the ~/generator-A directory
cd ~/generator-A
In the example, the group genesis block is generated by organization C, so the node certificate of organization A and the node P2P connection address file are required, and the above files are sent to organization C to send the certificate
cp ./agencyA_node_info/gmcert*.crt ~/generator-C/meta/
Send node P2P connection address file
cp ./agencyA_node_info/peers.txt ~/generator-C/meta/peersA.txt
Institution C modifies the configuration file
Institution C modifies node_deployment.ini under the conf folder as shown in the figure below:
Execute the following command in the ~/generator-C directory
cd ~/generator-C
cat > ./conf/node_deployment.ini << EOF
[group]
group_id=2
[node0]
; host ip for the communication among peers.
; Please use your ssh login ip.
p2p_ip=10.241.35.7
; listen ip for the communication between sdk clients.
; This ip is the same as p2p_ip for physical host.
; But for virtual host e.g. vps servers, it is usually different from p2p_ip.
; You can check accessible addresses of your network card.
; Please see https://tecadmin.net/check-ip-address-ubuntu-18-04-desktop/
; for more instructions.
rpc_ip=0.0.0.0
channel_ip=0.0.0.0
p2p_listen_port=30304
channel_listen_port=20204
jsonrpc_listen_port=8549
[node1]
p2p_ip=10.241.35.7
rpc_ip=0.0.0.0
channel_ip=0.0.0.0
p2p_listen_port=30305
channel_listen_port=20205
jsonrpc_listen_port=8550
EOF
Institution C generates and sends node information
Execute the following command in the ~/generator-C directory
cd ~/generator-C
Institution C generates node certificates and P2P connection information files:
./generator --generate_all_certificates ./agencyC_node_info -g
View generated files:
ls ./agencyC_node_info
# 上述命令解释
# 从左至右分别为需要交互给机构A的节点证书,节点P2P连接地址文件(根据node_deployment.ini生成的本机构节点信息)
gmcert_127.0.0.1_30304.crt gmcert_127.0.0.1_30305.crt peers.txt
When an organization generates a node, it needs to specify the node P2P connection address of other nodes. Therefore, organization C needs to send the node P2P connection address file to organization A
cp ./agencyC_node_info/peers.txt ~/generator-A/meta/peersC.txt
Institution C generates group 2 genesis block
Execute the following command in the ~/generator-C directory
cd ~/generator-C
Institution C modifies group_genesis.ini under the conf folder as shown in the figure below:
cat > ./conf/group_genesis.ini << EOF
[group]
group_id=2
[nodes]
node0=10.241.35.7:30300
node1=10.241.35.7:30301
node2=10.241.35.7:30304
node3=10.241.35.7:30305
EOF
After the command is executed, the ./conf/group_genesis.ini file will be modified:
;命令解释
[group]
group_id=2
[nodes]
node0=127.0.0.1:30300
;机构A节点p2p地址
node1=127.0.0.1:30301
;机构A节点p2p地址
node2=127.0.0.1:30304
;机构C节点p2p地址
node3=127.0.0.1:30305
;机构C节点p2p地址
In the tutorial, organization C is selected to generate the group genesis block. In actual production, it can be selected through the negotiation of the alliance chain committee.
In this step, the group genesis block configured in group_genesis.ini will be generated based on the node certificate configured under the meta folder of organization C.
./generator --create_group_genesis ./group -g
Distribute the genesis block of group 2 to organization A:
cp ./group/group.2.genesis ~/generator-A/meta/
Institution C generates its own node
Execute the following command in the ~/generator-C directory
cd ~/generator-C
./generator --build_install_package ./meta/peersA.txt ./nodeC -g
Institution C starts the node:
bash ./nodeC/start_all.sh
ps -ef | grep fisco
Institution A initializes group 2 for existing nodes
Execute the following command in the ~/generator-A directory
cd ~/generator-A
Add the group 2 configuration file to the existing node. This step adds the group 2 genesis block group.2.genesis to all nodes under ./nodeA:
./generator --add_group ./meta/group.2.genesis ./nodeA
Add the organization C node connection file peers to the existing node. This step adds the node P2P connection address of peersC.txt to all nodes under ./nodeA:
./generator --add_peers ./meta/peersC.txt ./nodeA
Restart organization A node:
bash ./nodeA/stop_all.sh
bash ./nodeA/start_all.sh
View the running status of group 2 nodes
View node process:
ps -ef | grep fisco
Check the node log:
Execute the following command in the ~/generator-C directory
cd ~/generator-C
tail -f ./node*/node*/log/log* | grep +++
# 命令解释
# log中打印的+++即为节点正常共识
info|2019-02-25 17:25:56.028692| [g:2][p:264][CONSENSUS][SEALER]++++++++++++++++ Generating seal on,blkNum=1,tx=0,myIdx=0,hash=833bd983...
info|2019-02-25 17:25:59.058625| [g:2][p:264][CONSENSUS][SEALER]++++++++++++++++ Generating seal on,blkNum=1,tx=0,myIdx=0,hash=343b1141...
info|2019-02-25 17:25:57.038284| [g:2][p:264][CONSENSUS][SEALER]++++++++++++++++ Generating seal on,blkNum=1,tx=0,myIdx=1,hash=ea85c27b...
So far, we have completed the construction of organization A and C building group 2 as shown in the figure: