Fabric official documentation: https://hyperledger-fabric.readthedocs.io/en/release-2.2/
0.Preface
After completing the study of the previous concepts and architecture, this section will focus more on practicality and build a real production network step by step.
1. Use cryptogen to create a certificate file
1.1 Preparation work
First, don't forget to turn off the fabric network in the previous section, and then create a new folder in the appropriate place to complete our network setup.
./network.sh down
mkdir myfabric
cd myfabric
First, we need to use a CA to create an identity. Here we use the command cryptogen provided in the official documentation, which has a total of 5 subcommands.
- help
- generate
- showtemplate
- extend
- version
1.2 Create template
We can create a configuration template with the showtemplate command.
cryptogen showtemplate > crypto-config.yaml
Note : Before using this command, we must ensure that the bin directory in fabric-samples has been loaded into the environment directory!
After opening with the VIM command, the following picture includes the relevant configuration information of the sorting node, including name, domain (root domain name, the root domain name of the sorting node organization. In the actual development environment, you need to use the real registered domain name. In the test environment, you can create it by yourself . Yes ), whether to configure OU (OU is an organizational unit, which can be simply understood as a special group of people in an organization. If not configured, all identities in the MSP (pointed out by the root CA and intermediate CA folders) will be considered members of the organization). Here change false to true.
Similarly, there is relevant configuration information of the peer node at the bottom. We also modify ou to true.
In the template here, count indicates how many nodes there are in the organization. We select a node here.
At the bottom there is information about Organization 2. Here we also change the OU to true and open.
1.3 Generate certificate file according to configuration
We use the generation command in crypotogen and can see the command input format. We enter the command as required.
cryptogen generate --config=crypto-config.yaml
After generation, we can view the directory structure and generate the certificate specified in the configuration file.
2. Create a channel
We use the configtx.yaml model in fabric-samples to build the channel.
2.1 Copy configtx.yaml
Use the cp command to copy configtx.yaml to the current folder:
cp ../fabric-samples/test-network/configtx/configtx.yaml ./
Then we modify the configuration file:
Change all mspdir to the correct path:
The raft-related paths must also be modified.
**Note:** After version 2.3, the final Profile will be a little different. If the domain in the node information configured earlier is not the default example.com, you also need to modify the host value.
2.2 Use configtxgen to generate channels and genesis blocks
We can see the usage of the configtxgen command:
Use the following command to create a channel:
//创建创世块
configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block -channelID fabric-channel
//创建通道
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID mychannel
//创建锚节点
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID mychannel -asOrg Org1MSP
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID mychannel -asOrg Org2MSP
After creation, the directory information can be viewed and we have created the genesis block and channel.
**Note:** If an Error on inspectChannelCreateTx: org 'Org1MSP' does not have any anchor peers defined error occurs, you need to reconfigure the configuration file just now and add:
AnchorPeers:
- Host: peer0.org2.yucoding.club
Port: 7051
3. Configure and deploy peer nodes and sorting nodes
3.1 Node operating environment: docker
Both peer nodes and sorting nodes run in docker containers, so if we want to start the nodes, we need docker. We can first go to the docker official website to see the introduction of starting nodes in the fabric-peer image.
Enter the docker official website https://hub.docker.com/, search for the hyperledger project, and find fabric-peer. There is a very detailed introduction in it. Let’s take a look at three necessary points:
- core.yaml is required
- msp file related configuration
- tls related configuration (if configured)
First, you need to get the necessary core.yaml. After checking the official website, I was lucky enough to find that core.yaml is built into fabric and has a default value. If we have no special needs, there is no need to write additional core.yaml configuration. The specific file content and configuration analysis can be viewed on the following website:
https://github.com/hyperledger/fabric/blob/main/sampleconfig/core.yaml
**Note,** If you do not want to use the default core.yaml for node deployment. You need to write a docker startup configuration file to override some of the default definitions when starting a node. The specific definition is as follows:
- Environment variables are inferred from parameters in the core.yaml file using all caps, underscores and prefixes between relevant phrases. For example, a peer configuration variable called
peer.localMSPid(which islocalMSPidinside the mutablepeerstructure section)core.yamlwill be rendered as a so-called environment variableCORE_PEER_LOCALMSPID, while an ordering service environment variableGeneral.LocalMSPIDinGeneralthe sectionorderer.yamlof the configuration file will be rendered as a so-called environment variableORDERER_GENERAL_LOCALMSPID.
3.2 Write deployment code
We modify it directly based on the yaml file in the officially provided fabric-samples. The file link is as follows:
https://github.com/hyperledger/fabric-samples/blob/main/test-network/docker/docker-compose-test-net.yaml
The modified code is as follows:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
volumes:
orderer.yucoding.club:
peer0.org1.yucoding.club:
peer0.org2.yucoding.club:
cli1:
cli2:
networks: # 节点所属的网络
yzy_test:
services:
orderer.yucoding.club:
container_name: orderer.yucoding.club
image: hyperledger/fabric-orderer:latest
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/yucoding.club/orderers/orderer.yucoding.club/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/yucoding.club/orderers/orderer.yucoding.club/tls/:/var/hyperledger/orderer/tls
- orderer.yucoding.club:/var/hyperledger/production/orderer #卷标挂载
ports:
- 7050:7050
- 7053:7053
networks:
- yzy_test
peer0.org1.yucoding.club:
container_name: peer0.org1.yucoding.club
image: hyperledger/fabric-peer:latest
environment:
#Generic peer variables
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=yzy_test
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variabes
- CORE_PEER_ID=peer0.org1.yucoding.club
- CORE_PEER_ADDRESS=peer0.org1.yucoding.club:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org1.yucoding.club:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.yucoding.club:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.yucoding.club:7051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- /var/run/docker.sock:/host/var/run/docker.sock
- ./crypto-config/peerOrganizations/org1.yucoding.club/peers/peer0.org1.yucoding.club/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org1.yucoding.club/peers/peer0.org1.yucoding.club/tls:/etc/hyperledger/fabric/tls
- peer0.org1.yucoding.club:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 7051:7051
networks:
- yzy_test
peer0.org2.yucoding.club:
container_name: peer0.org2.yucoding.club
image: hyperledger/fabric-peer:latest
environment:
#Generic peer variables
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=yzy_test
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variabes
- CORE_PEER_ID=peer0.org2.yucoding.club
- CORE_PEER_ADDRESS=peer0.org2.yucoding.club:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org2.yucoding.club:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.yucoding.club:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.yucoding.club:7051
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- /var/run/docker.sock:/host/var/run/docker.sock
- ./crypto-config/peerOrganizations/org2.yucoding.club/peers/peer0.org2.yucoding.club/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org2.yucoding.club/peers/peer0.org2.yucoding.club/tls:/etc/hyperledger/fabric/tls
- peer0.org2.yucoding.club:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 9051:9051
networks:
- yzy_test
# 配置两个客户端节点1
cli1:
container_name: cli1
image: hyperledger/fabric-tools:latest
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ADDRESS=peer0.org1.yucoding.club:7051
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_LOCALMSPID="Org1MSP"
# 根目录证书
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.yucoding.club/peers/peer0.yucoding.club/tls/ca.crt
# 指定当前客户端的身份,用户的证书
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.yucoding.club/users/[email protected]/msp
# 私钥文件
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.yucoding.club/peers/peer0.yucoding.club/tls/server.key
# 证书文件 这些文件对应的是客户端要连接peer节点的证书目录
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.yucoding.club/peers/peer0.yucoding.club/tls/server.crt
# - FABRIC_LOGGING_SPEC=DEBUG
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org1.yucoding.club
networks:
- yzy_test
# 配置两个客户端节点2
cli2:
container_name: cli2
image: hyperledger/fabric-tools:latest
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ADDRESS=peer0.org2.yucoding.club:9051
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_LOCALMSPID="Org2MSP"
# 根目录证书
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.yucoding.club/peers/peer0.yucoding.club/tls/ca.crt
# 指定当前客户端的身份,用户的证书
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.yucoding.club/users/[email protected]/msp
# 私钥文件
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.yucoding.club/peers/peer0.yucoding.club/tls/server.key
# 证书文件 这些文件对应的是客户端要连接peer节点的证书目录
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.yucoding.club/peers/peer0.yucoding.club/tls/server.crt
#- FABRIC_LOGGING_SPEC=DEBUG
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org2.yucoding.club
networks:
- yzy_test
run
docker-compose up -d
See the operation is successful
