我對hyperledger fabric1.1.0的執著(四):部署單機多節點網路
1、生成證書檔案
(1.1)環境清理
接上一篇,已跑通e2e_cli案例,此處需要執行以下命令進行環境清理:
cd /opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli
bash network_setup.sh down
然後依次執行以下命令檢視環境:
# docker ps -a
# docker images
# docker-compose version
# go version
最終結果如圖:
(1.2)在Fabric原始碼下建立aberic目錄,來作為即將執行的單機多節點專案目錄。最終目錄如圖:
(1.3)將前面下載的hyperledger-fabric-linux-amd64-1.1.0.tar.gz(內含二進位制檔案)包上傳至該目錄並解壓,得到bin和config。刪除config目錄,只保留bin。然後從fabric1.0版本中複製examples/e2e_cli目錄下的configtx.yaml和crypto-config.yaml檔案到aberic目錄(此處注意我的bin為1.1.0版本的,而configtx.yaml和crypto-config.yaml為1.0版本的,因為1.0的啟動型別是solo,而1.1之後啟動型別為kafka,這裡選用solo進行單機部署),最後tree一下目錄結構如圖:
(1.4)生成證書檔案
進入aberic目錄:
cd /opt/gopath/src/github.com/hyperledger/fabric/aberic
執行以下命令來生成專案所需檔案,如圖:
# ./bin/cryptogen generate --config=./crypto-config.yaml
若提示許可權不足,如圖:
對二進位制檔案進行授權操作:
chmod +x ./bin/cryptogen
然後檢視:
ll ./bin/cryptogen
再執行檔案生成命令:./bin/cryptogen generate --config=./crypto-config.yaml
在ftp中會看到生成一個新目錄crypto-config,其中包含ordererOrganizations和peerOrganizations兩個目錄。如圖:
(1.5)為configtxgen工具指定configtx.yaml檔案的路徑,設定環境變數,執行以下命令:
設定環境變數:
export FABRIC_CFG_PATH=$PWD
然後檢視該目錄是否正確:
echo $PWD
最終結果如圖:
(1.6)在aberic資料夾下建立資料夾channel-artifacts。
(1.6)根據configtx.yaml生成chua創世塊以及頻道認證檔案:
# ./bin/configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
通過ftp可以看到已建立成功:
生成channelID為mychannel(可自定義)的tx檔案:
./bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/mychannel.tx -channelID mychannel
再看channel-artifacts目錄多了mychannel.tx檔案:
2、部署orderer節點,編寫docker-order.yaml檔案,如下(注意空格):
version: '2'
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic_default
# - ORDERER_GENERAL_LOGLEVEL=error
- OEDERER_GENERAL_LOGLEVEL=debug
- OEDERER_GENERAL_LISTENADDRESS=0.0.0.0
- OEDERER_GENERAL_LISTENPORT=7050
#- OEDERER_GENERAL_GENESISPROFILE=AntiMothOrdererGenesis
- OEDERER_GENERAL_GENESISMETHOD=file
- OEDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- OEDERER_GENERAL_LOCALMSPID=OrdererMSP
- OEDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=false
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
networks:
default:
aliases:
- aberic
ports:
- 7050:7050
3、部署peer0.org1jied節點,編寫docker-peer.yaml檔案ruxi如下(注意空格):
version: '2'
services:
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb
ports:
- "5984:5984"
ca:
container_name: ca
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca
- FABRIC_CA_SERVER_TLS_ENABLED=false
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABEIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/8ae7bc9222d051e43cd7f0354c3ba027be91efc1b6c5e9b3619a0988ae6929c1_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/8ae7bc9222d051e43cd7f0354c3ba027be91efc1b6c5e9b3619a0988ae6929c1_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config/
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer
environment:
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_NETWORKID=aberic
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic
- CORE_LOGGING_LEVEL=DEBUG
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic_default
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_GOSSIP_USELEADERELECTTON=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 7051:7051
- 7052:7052
- 7053:7053
depends_on:
- couchdb
networks:
default:
aliases:
- aberic
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ./chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/aberic/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org1.example.com
注意:CA有兩部分需要修改,一個是FABEIC_CA_SERVER_TLS_KEYFILE,另一處是command中zuih最後一部分。這兩處的_sk檔名稱需要替換成之前生成是檔名稱。其實這裡的主要目的是建立CA並登入CA使用者。檔案路徑為:/opt/gopath/src/github.com/hyperledger/fabric/aberic/crypto-config/peerOrganizations/org1.example.com/ca,如圖:
將兩處_sk替換即可。
4、搭建Fabric網路
(4.1)將編寫好的docker-orderer.yaml和docker-peer.yaml檔案上傳至aberic目錄下。
(4.2)在aberic目錄下建立資料夾chaincode,再在chaincode資料夾下建立資料夾go。將官方demo(我用的fabric1.0版本)中的chaincode_example02示例上傳到go目錄下。最終結果如圖:
(4.3)分別執行以下命令啟動orderer和peer(按照順序應該先啟動排序服務),如圖:
docker-compose -f docker-orderer.yaml up -d
docker-compose -f docker-peer.yaml up -d
我這裡有個警告,沒影響後面執行就暫時先me啟動沒管它。接下來執行docker ps檢視容器是否啟動,如圖:
可以看到所有容器都已成功啟動,接下來是對channel和chaincode執行操作了。
(4.4)進入客戶端對channel進行相關操作:
docker exec -it cli bash
注:上述命令是對docker容器的常規操作,cli則是YAML啟動檔案中定義的container_name(容器名稱),通過修改上述命令中的cli為其它容器名稱,可以開啟所寫容器的內部服務。(退出容器的操作為ctrl+p+q)
(4.5)建立channel:
peer channel create -o orderer.example.com:7050 -c mychannel -t 50 -f ./channel-artifacts/mychannel.tx
(4.6)通過channel.block檔案來加入該channel,以便後續可以安裝例項化並測試只能合約。
peer channel join -b mychannel.block
至此,已經完成了channel的建立併成功加入該channel,即一個最小單位的Fabric網路已經成功搭建起來了。