hyperledger v1.0.5 區塊鏈運維入門
hyperledger v1.0.5 區塊鏈運維入門
摘要
你網上搜索hyperledger大部分文章是講解開發環境的安裝與配置,沒有一篇關於怎樣運維區塊鏈的文章。當你配置好開發環境,寫好合約,怎樣落地呢?卻很少文章提及。
要將區塊鏈落地,我們必須依賴運維技術,這是IT基礎設施,區塊鏈應用將建立在這個基礎設施之上,否則區塊鏈就是浮雲,懸在空中無法落地。
目錄
- 1. 背景
- 2. 部署拓撲
- 2.1. 依賴關係
- 2.2. 準備物理機
- 3. 生成證書和創世區塊
- 3.2.1. 啟動 Docker 容器
- 3.2.2. 生成證書
- 3.2.3. 生成創世區塊
- 3.2.4. 生成通道配置檔案
- 3.2.5. generate anchor peer transaction
- 3.2.6. 清理 Docker 容器
- 3.1.1. crypto-config.yaml
- 3.1.2. configtx.yaml
- 3.1. 建立配置檔案
- 3.2. 啟動 fabric-tools 容器
- 4. CouchDB 節點
- 4.1. 安裝 CouchDB
- 4.2. 啟動 CouchDB
- 4.3. 備份與恢復 CouchDB
- 5. CA 節點安裝
- 5.1. docker-compose-ca.yml
- 5.2. 啟動 CA 節點
- 6. Orderer 節點安裝
- 6.1. docker-compose-orderer.yml
- 6.2. 啟動 Orderer 節點
- 7. Peer 節點安裝
- 7.1. docker-compose-peer.yml
- 7.2. 啟動 Peer 節點
- 7.3. 建立 Channel
- 8. Tools 節點安裝
- 8.1.
- 9. 驗收與測試
- 10. 總結
1. 背景
由於區塊鏈是區中心化,與傳統運維不同,所以之前你積累的經驗,不一定適用於區塊鏈。要想運維好區塊鏈專案,就必須理解去中心化這個概念。
首先談談傳統運維,總結為三個字“中心化”,當然有人反對並丟擲“分散式”感念,傳統運維的分散式仍然建立在中心化的基礎之上。
我們來看看傳統應用模式,決多數應用都可以概括為:
使用者 -> WEB -> Application -> Cache -> Database
可以在這個體系下面做靈活變化,例如加入所有引擎、分散式檔案系統,大資料等等應用,但都離不開這個模式。
區塊鏈完全不同,如果舉一個最接近的例子,我想可能與多資料中心遠端異地災備比較接近。
2. 部署拓撲
什麼是區塊鏈呢? 區塊鏈實際上就是資料庫,一個只能插入和查詢的資料庫,資料不能被修改和刪除,並且這個資料庫沒有DBA管理員角色。這麼一說你應該明白了把,實際上運維區塊鏈就是在維護一個分散式資料庫。
網上的絕大多數安裝例子中,均採用 docker 部署方案,但無一例外的是,全部安裝在一個物理機上。如果是生產環境,我們必須分開不是,首先要做的工作是化整為零,拆解應用,搞明白每個容器的功能和作用。然後我們將應用拆分,獨立部署到物理節點上去。
+---------------------------------+ | SDK | +---------------------------------+ | golang | nodejs | python | java | +---------------------------------+ | V +------------------------------+ | fabric-ca | +------------------------------+ | | V V +-------------------+ +-------------------+ | Peer | | Peer | +-------------------+ +-------------------+ | | | | V | | V +-----------+ | | +------------+ | Orderer | | | | Orderer | +-----------+ | | +------------+ V V +-------------------+ | Couchdb | +-------------------+
接下來我們要做的工作是將上面拓撲圖種的技術點分分擊破。
由於 Hyperledger Fabric 是建立在 Docker 基礎之上的。所以不建議你去除 Docker 轉而使用傳統的本地編譯安裝方式。我們仍然保持使用 Docker 在每個物理節點上,省去軟體的編譯和安裝環節。
2.1. 依賴關係
需要注意的是於其他傳統系統一樣,Hyperledger Fabric 的啟動也是有順序的,這是因為他們之間存在著依賴關係。
2.2. 準備物理機
物理機
- ca 節點,域名:ca.example.com,埠:7054
- orderer 節點,域名 orderer.example.com,埠:7050
- peer 節點,域名:peer.example.com,埠:7051、7053
- couchdb 節點,域名 couchdb.example.com,埠:5984
- tools 節點,域名:tools.example.com
3. 生成證書和創世區塊
這裡我們需要幾個命令(configtxgen configtxlator cryptogen),官方的安裝方式:
curl -sSL https://goo.gl/byy2Qj | bash -s 1.0.5
無論如何我都安裝不成功,可能是(https://goo.gl/byy2Qj)被天朝給牆了。不過我發現 fabric-tools 裡面有這個工具。
提示
經過訪問外國網站發現 https://goo.gl/byy2Qj 地址是 301 到下面地址:
https://raw.githubusercontent.com/hyperledger/fabric/v1.0.5/scripts/bootstrap.sh
[root@localhost ~]# mkdir netkiller
[root@localhost ~]# cd netkiller/
[root@localhost netkiller]# mkdir -p {chaincode,crypto-config,config,artifacts}
3.1. 建立配置檔案
3.1.1. crypto-config.yaml
建立證書
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.example.com
Template:
Count: 1
Users:
Count: 1
3.1.2. configtx.yaml
---
Profiles:
OneOrgOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
OneOrgChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Application: &ApplicationDefaults
Organizations:
3.2. 啟動 fabric-tools 容器
建立檔案 docker-compose-tools.yml
version: '2'
networks:
basic:
services:
tools:
container_name: tools
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
- CORE_CHAINCODE_KEEPALIVE=10
# working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
working_dir: /root/netkiller
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ~/netkiller:/root/netkiller
- ./chaincode/:/opt/gopath/src/github.com/
- ./crypto:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
networks:
- basic
3.2.1. 啟動 Docker 容器
啟動 Docker 容器
[root@localhost netkiller]# docker-compose -f docker-compose-tools.yml up -d
Creating tools
進入容器
[root@localhost netkiller]# docker-compose -f docker-compose-tools.yml exec tools bash
root@88e9040d2d2a:/opt/gopath/src/github.com/hyperledger/fabric/peer#
3.2.2. 生成證書
命令
cryptogen generate --config=./crypto-config.yaml
演示
root@8f467a88de99:~/netkiller# cryptogen generate --config=./crypto-config.yaml
org1.example.com
root@8f467a88de99:~/netkiller# ls -1 crypto-config
ordererOrganizations
peerOrganizations
3.2.3. 生成創世區塊
root@8f467a88de99:~/netkiller# export FABRIC_CFG_PATH=$PWD
root@8f467a88de99:~/netkiller# configtxgen -profile OneOrgOrdererGenesis -outputBlock ./config/genesis.block
2018-02-08 08:35:30.121 UTC [common/configtx/tool] main -> INFO 001 Loading configuration
2018-02-08 08:35:30.236 UTC [common/configtx/tool] doOutputBlock -> INFO 002 Generating genesis block
2018-02-08 08:35:30.238 UTC [common/configtx/tool] doOutputBlock -> INFO 003 Writing genesis block
3.2.4. 生成通道配置檔案
命令
CHANNEL_NAME=mychannel
configtxgen -profile OneOrgChannel -outputCreateChannelTx ./config/channel.tx -channelID $CHANNEL_NAME
操作演示
root@8f467a88de99:~/netkiller# CHANNEL_NAME=mychannel
root@8f467a88de99:~/netkiller# configtxgen -profile OneOrgChannel -outputCreateChannelTx ./config/channel.tx -channelID $CHANNEL_NAME
2018-02-08 08:41:08.010 UTC [common/configtx/tool] main -> INFO 001 Loading configuration
2018-02-08 08:41:08.020 UTC [common/configtx/tool] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
2018-02-08 08:41:08.020 UTC [common/configtx/tool] doOutputChannelCreateTx -> INFO 003 Writing new channel tx
3.2.5. generate anchor peer transaction
命令
CHANNEL_NAME=mychannel
configtxgen -profile OneOrgChannel -outputAnchorPeersUpdate ./config/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP
操作演示
root@8f467a88de99:~/netkiller# CHANNEL_NAME=mychannel
root@8f467a88de99:~/netkiller# configtxgen -profile OneOrgChannel -outputAnchorPeersUpdate ./config/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP
2018-02-08 08:46:19.162 UTC [common/configtx/tool] main -> INFO 001 Loading configuration
2018-02-08 08:46:19.176 UTC [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
2018-02-08 08:46:19.177 UTC [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update
3.2.6. 清理 Docker 容器
至此所需的證書與創世區塊都已生產完畢,fabric-tools 容易完成了它的使命,你可以繼續保留或者清理乾淨。
[root@localhost netkiller]# docker-compose -f docker-compose-tools.yml down
Stopping tools ... done
Removing tools ... done
Removing network netkiller_basic
清理 tools 容器
docker rm -f $(docker ps -qa)
4. CouchDB 節點
整個 Hyperledger Fabric 技術棧中只有這個 CouchDB 是個外來戶,看到 CouchDB 我就非常興奮,這是一個NoSQL資料庫(它與MongoDB十分類似),所以CouchDB 100%可以獨立執行,且最容易分離。
CouchDB 在這裡有兩個方案可以選擇。
- 採用 Docker 執行 CouchDB的方案。
- 採用傳統方式物理機上本地安裝 CouchDB
理論兩種方案對實際結果沒有什麼區別,只需提供IP地址,使用者名稱與密碼供其他節點訪問即可。但實際我們看到 Hyperledger Fabric 使用的映象是 hyperledger/fabric-couchdb 不清楚是否有修改過 CouchDB 資料庫。
如果你對 Docker 比較熟悉就採用 Docker 方案。如果不熟悉就採用本地安裝方式。總之選擇一種你能Hold住(掌控)的方案,一旦出現故障,你能第一時間排查並處理。
4.1. 安裝 CouchDB
下面是 Docker 方案
[root@localhost netkiller]# vim docker-compose-couchdb.yml
version: '3'
networks:
basic:
services:
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb
# Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
# for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode.
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=passw0rd
ports:
- 172.16.0.17:5984:5984
networks:
- basic
4.2. 啟動 CouchDB
啟動 Docker 容器
docker-compose -f docker-compose-couchdb.yml up -d
訪問CouchDB管理介面,http://172.16.0.17:5984/_utils/ 請使用上面設定的密碼進入。若想進入到容器內部可以使用下面命令:
docker-compose -f docker-compose-couchdb.yml exec couchdb bash
至此 CouchDB 節點部署完畢。
4.3. 備份與恢復 CouchDB
既然是運維區塊鏈,對於運維工作我們最關心的就是如何備份資料,在出現故障的時候恢復資料。
npm install --save couchdb-backup-restore
var cbr = require('couchdb-backup-restore');
var config = {credentials: 'http://localhost:5984'};
function done(err) {
if (err) {
return console.error(err);
}
console.log('all done!');
}
// backup
cbr.backup(config, done).pipe(fs.createWriteStream('./db-backup.tar.gz'))
// restore
fs.createReadStream('./db-backup.tar.gz').pipe(cbr.restore(config, done));
5. CA 節點安裝
CA 節點需要我們之前生成 crypto-config
5.1. docker-compose-ca.yml
version: '3'
networks:
basic:
services:
ca.example.com:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.example.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c_sk
ports:
- "XXX.XXX.XXX.XXX:7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.example.com
networks:
- basic
5.2. 啟動 CA 節點
docker-compose -f docker-compose-ca.yaml up -d
6. Orderer 節點安裝
6.1. docker-compose-orderer.yml
version: '3'
networks:
basic:
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- 7050:7050
volumes:
- ./config/:/etc/hyperledger/configtx
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/:/etc/hyperledger/msp/orderer
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/:/etc/hyperledger/msp/peerOrg1
networks:
- basic
6.2. 啟動 Orderer 節點
docker-compose -f docker-compose-orderer.yaml up -d
7. Peer 節點安裝
7.1. docker-compose-peer.yml
version: '3'
networks:
basic:
services:
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=peer0.org1.example.com
- CORE_LOGGING_PEER=debug
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
# # the following setting starts chaincode containers on the same
# # bridge network as the peers
# # https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_basic
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=172.16.0.17:5984
# The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
# provide the credentials for ledger to connect to CouchDB. The username and password must
# match the username and password set for the associated CouchDB.
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=passw0rd
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
# command: peer node start --peer-chaincodedev=true
ports:
- 7051:7051
- 7053:7053
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/msp/peer
- ./crypto-config/peerOrganizations/org1.example.com/users:/etc/hyperledger/msp/users
- ./config:/etc/hyperledger/configtx
#depends_on:
# - orderer.example.com
# - couchdb
networks:
- basic
Peer 需要連線到 CouchDB 注意配置項 CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=172.16.0.17:5984
同時連線CouchDB的使用者與密碼要正確
7.2. 啟動 Peer 節點
[root@localhost netkiller]# docker-compose -f docker-compose-peer.yaml up -d
7.3. 建立 Channel
進入 Peer 容器
docker-compose -f docker-compose-peer.yaml exec peer0.org1.example.com bash
新增 Orderer 節點並建立 Channel
CORE_PEER_LOCALMSPID=Org1MSP
CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/[email protected]/msp
peer channel create -o orderer.example.com:7050 -c mychannel -f /etc/hyperledger/configtx/channel.tx
加入到 mychannel
CORE_PEER_LOCALMSPID=Org1MSP
CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/users/[email protected]/msp
peer channel join -b mychannel.block
檢視通道
st t@f39764f58ff7:/opt/gopath/src/github.com/hyperledger/fabric# peer channel list
2018-02-09 08:12:46.454 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2018-02-09 08:12:46.454 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2018-02-09 08:12:46.456 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2018-02-09 08:12:46.457 UTC [msp/identity] Sign -> DEBU 004 Sign: plaintext: 0A8A070A5C08031A0C08FEAFF5D30510...631A0D0A0B4765744368616E6E656C73
2018-02-09 08:12:46.458 UTC [msp/identity] Sign -> DEBU 005 Sign: digest: E27446498819AA4FE8EE835ADEF16195489975377A3C18D89C36D37AA24E5CA2
2018-02-09 08:12:46.469 UTC [channelCmd] list -> INFO 006 Channels peers has joined to:
2018-02-09 08:12:46.469 UTC [channelCmd] list -> INFO 007 mychannel
2018-02-09 08:12:46.469 UTC [main] main -> INFO 008 Exiting.....
8. Tools 節點安裝
Tools 在生成創世區塊的時候我們就曾經使用,你可以沿用之前的 tools 簡單,或者建立一個 cli 節點,這個節點主要是用於管理區塊鏈叢集,例如合約部署,除錯等等。
8.1.
version: '3'
networks:
basic:
services:
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
- CORE_CHAINCODE_KEEPALIVE=10
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode/:/opt/gopath/src/github.com/
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
networks:
- basic
#depends_on:
# - orderer.example.com
# - peer0.org1.example.com
# - couchdb