hyperledger fabric 1.4 官方示例實踐(二)
- 2020 年 12 月 25 日
- 筆記
- hyperldeger fabric, Hyperledger Fabric, 全手動
hyperledger fabric 1.4 官方示例實踐(二)
1、fabric核心模塊及常用命令
1.1、核心模塊
| 模塊名詞 | 功能 |
|---|---|
| peer | 主節點模塊,負責存儲區塊鏈數據,運行維護代碼 |
| order | 交易打包,排序模塊 |
| cryptogen | 組織和證書生成模塊 |
| configtxgen | 區塊和交易生成模塊 |
| configtxlator | 區塊和交易解析模塊 |
其中peer和order屬於系統模塊,cryptogen,configtxgen,configtxlator屬於工具模塊,工具模塊負責證書文件,區塊鏈創始塊,通道創始塊等相關文件和證書的生成工作,不參與系統的運行。
將下載的模塊複製到/usr/local/bin/文件下,便於後續在任何文件下運行,複製命令:
sudo cp configtxlator /usr/local/bin/configtxlator #其他命令類似
核心模塊都是通過命令行運行,需要熟悉相關命令–help
其他概念:
1、錨節點:組織中唯一一個節點,在生成創始塊文件和通道文件時在配置文件中指定,負責組織之間的通信,一個組織唯一指定一個,其他組織的節點就可以將Gossip消息發送到這個Anchor Peer上,進而Anchor Peer將獲得整個網絡信息,區塊廣播到本組織內。
2、leader節點:組織選舉出的節點,可以強制性指定,也可以fabric自動選取,用於和order節點通信,接受區塊信息,向組織其他節點傳播。
1.2、常用命令
#設置環境變量
$ export CHANNEL_NAME=mychannel
#查看環境變量
$ echo $CHANNEL_NAME
#查看docker-compose運行的容器
$ docker-compose -f docker-compose-cli.yaml ps
#shell指令
#輸出當前路徑
$ pwd
#輸出當前docker鏡像文件
$ docker images
2、cryptogen
cryptogen模塊主要用於生成組織結構和賬號相關文件,任何fabric系統的開發都是從cryptogen模塊開始,在系統設計完成後首要工作就是根據系統設計編寫cryptogen的配置文件。
2.1、模塊命令
通過cryptogen –help可以顯示相關命令
cryptogen --help
]usage: cryptogen [<flags>] <command> [<args> ...]
Utility for generating Hyperledger Fabric key material
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
Commands:
help [<command>...]
Show help.
#根據配置文件生成證書信息
generate [<flags>]
Generate key material
#顯示系統默認的cryptogen模塊配置文件信息
showtemplate
Show the default configuration template
#顯示版本號
version
Show version information
#擴展現有網絡
extend [<flags>]
Extend existing network
cryptogen generate --help
usage: cryptogen generate [<flags>]
Generate key material
Flags:
--help Show context-sensitive help (also try --help-long
and --help-man).
#指定
--output="crypto-config" The output directory in which to place artifacts
--config=CONFIG The configuration template to use
- 配置文件模板crypto-config.yaml
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs: #排序節點組織
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer #名稱
Domain: example.com #根域名,排序節點組織的根域名
EnableNodeOUs: false
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer #子域名,可訪問 orderer.example.com,對應一個排序節點
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs: #peer節點
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com #組織1根域名
EnableNodeOUs: false
Template: #模板,根據默認規則生成幾個peer存儲數據的節點
Count: 2 #訪問域名 peer0.org1.example.com
# Start: 5
Users: #創建普通用戶的個數
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: false
Template:
Count: 2
Users:
Count: 1
修改後crypto-config.yaml
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: test.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Orga
Domain: orga.test.com
EnableNodeOUs: true
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# SANS:
# - "{{.Hostname}}.alt.{{.Domain}}"
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Orgb
Domain: orgb.test.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
3、生成證書文件
-
新建工程目錄文件夾fabricnewsample
mkdir fabricnewsample/ -
step1 生成配置文件
#將模版文件重定向生成配置文件
cryptogen showtemplate > crypto-config.yaml
-
step2 修改配置文件 crypto-config.yaml
-
step3 生成證書文件
cryptogen generate --config=crypto-config.yaml #進入文件夾,可查看目錄文件 tree ordererOrganizations/ #查看peer文件 tree peerOrganizations/peerOrganizations/Sepcs和Template指定用戶的區別(可分開使用,也可以聯合使用)
-
Sepcs是可以指出確定的域名
-
Template是按照0開始排列 peer0,peer1
Specs: - Hostname: orderer #子域名,可訪問 orderer.example.com,對應一個節點 Template: Count: 1 -
4、configtxgen
4.1、模塊命令
configtxgen --help #通過該命令查詢相關參數
運行結果如下:
Usage of configtxgen:
#指定所屬的組織
-asOrg string
Performs the config generation as a particular organization (by name), only including values in the write set that org (likely) has privilege to set
#
-channelCreateTxBaseProfile string
Specifies a profile to consider as the orderer system channel current state to allow modification of non-application parameters during channel create tx generation. Only valid in conjuction with 'outputCreateChannelTx'.
#指定創建channel的名字,如果沒指定會提供一個特定的名字
-channelID string
The channel ID to use in the configtx
#執行命令要加載的配置文件的路徑,不指定會在當前目錄下尋找
-configPath string
The path containing the configuration to use (if set)
#打印指定區塊文件中的配置內容,,string:查看的區塊文件的名字
-inspectBlock string
Prints the configuration contained in the block at the specified path
#打印指定路徑中創建通道的交易的配置文件內容
-inspectChannelCreateTx string
Prints the configuration contained in the transaction at the specified path
#更新channel的配置信息
-outputAnchorPeersUpdate string
Creates an config update to update an anchor peer (works only with the default channel creation, and only for the first update)
#輸出區塊文件的路徑
-outputBlock string
The path to write the genesis block to (if set)
#輸出通道文件的路徑和名字
-outputCreateChannelTx string
The path to write a channel creation configtx to (if set)
#輸出組織的定義以json形式打印
-printOrg string
Prints the definition of an organization as JSON. (useful for adding an org to a channel manually)
#指定配置文件中的節點
-profile string
The profile from configtx.yaml to use for generation. (default "SampleInsecureSolo")
-version
Show version information
5、排序服務的創始塊文件與通道文件的生成
5.1、編寫配置文件configtx.yaml
文件名固定為configtx.yaml
將之前下載的示例下的
configtx.yaml拷貝到當前目錄下:
cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/configtx.yaml ~/fabricnewsample/
configtx.yaml文件內容為
# configtx.yaml文件
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################組織 ,兩個部分,排序組織和peer組織
Organizations: #固定不能變
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg #排序節點組織,可修改名稱
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg #組織名
# ID to load the MSP definition as
ID: OrdererMSP #排序節點ID
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp #身份信息路徑
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1 #組織1,可修改,後面會引用
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP #第一個組織名
# ID to load the MSP definition as
ID: Org1MSP #第一個組織ID
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp #組織身份路徑
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
# leave this flag set to true.
AnchorPeers: #錨節點,任意一個節點都可以作為錨節點,但只能為一個,負責組織之間的交互
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org1.example.com #指定peer節點域名
Port: 7051 #端口,不可修改
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org2.example.com
Port: 9051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities: #通常全部設置為true
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V1.4.3 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v1.4.3
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V1.4.3 channel capabilities, ensure that all
# orderers and peers on a channel are at v1.4.3 or later.
V1_4_3: true
# V1.3 for Channel enables the new non-backwards compatible
# features and fixes of fabric v1.3
V1_3: false
# V1.1 for Channel enables the new non-backwards compatible
# features and fixes of fabric v1.1
V1_1: false
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.4.2 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.4.2
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V1.4.2 orderer capabilities, ensure that all
# orderers on a channel are at v1.4.2 or later.
V1_4_2: true
# V1.1 for Orderer enables the new non-backwards compatible
# features and fixes of fabric v1.1
V1_1: false
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V1.4.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.4.2.
V1_4_2: true
# V1.3 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.3.
V1_3: false
# V1.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.2 (note, this need not be set if
# later version capabilities are set)
V1_2: false
# V1.1 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.1 (note, this need not be set if
# later version capabilities are set).
V1_1: false
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo","kafka" and "etcdraft"
OrdererType: solo #排序算法,或者共識機制,sofo適合測試環境,kafka適合生產 環境
Addresses: #排序節點域名,如果為kafka,需要添加其他排序節點域名
- orderer.example.com:7050
#BatchTimeout,MaxMessageCount,AbsoluteMaxBytes,滿足其中一種就會產生區塊
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s #產生區塊的時間
# Batch Size: Controls the number of messages batched into a block
BatchSize: #產生區塊的大小
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10 #交易的最大條數
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB #允許區塊的最大容量
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers: #和order節點相連的kafka的broker的IP
- 127.0.0.1:9092
# EtcdRaft defines configuration which must be set when the "etcdraft"
# orderertype is chosen.
EtcdRaft:
# The set of Raft replicas for this network. For the etcd/raft-based
# implementation, we expect every replica to also be an OSN. Therefore,
# a subset of the host:port items enumerated in this list should be
# replicated under the Orderer.Addresses key above.
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles: #對之前分散的部分一個總結,這個名不能改
TwoOrgsOrdererGenesis: #區塊名,可修改
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg #和前面呼應,前面修改,此處也要改
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium: #可修改,但和下方對應,此處改,$$$也要改
Organizations:
- *Org1
- *Org2
TwoOrgsChannel: #通道名,可修改
Consortium: SampleConsortium #$$$上面改,此處也要改
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
SampleDevModeKafka:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Kafka:
Brokers:
- kafka.example.com:9092
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
Addresses:
- orderer.example.com:7050
- orderer2.example.com:7050
- orderer3.example.com:7050
- orderer4.example.com:7050
- orderer5.example.com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
修改之後的configtx.yaml文件內容為:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/test.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Orga
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrgaMSP
# ID to load the MSP definition as
ID: OrgaMSP
MSPDir: crypto-config/peerOrganizations/orga.test.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrgaMSP.admin', 'OrgaMSP.peer', 'OrgaMSP.client')"
Writers:
Type: Signature
Rule: "OR('OrgaMSP.admin', 'OrgaMSP.client')"
Admins:
Type: Signature
Rule: "OR('OrgaMSP.admin')"
# leave this flag set to true.
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.orga.test.com
Port: 7051
- &Orgb
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrgbMSP
# ID to load the MSP definition as
ID: OrgbMSP
MSPDir: crypto-config/peerOrganizations/orgb.test.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrgbMSP.admin', 'OrgbMSP.peer', 'OrgbMSP.client')"
Writers:
Type: Signature
Rule: "OR('OrgbMSP.admin', 'OrgbMSP.client')"
Admins:
Type: Signature
Rule: "OR('OrgbMSP.admin')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.orgb.test.com
Port: 9051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V1.4.3 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v1.4.3
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V1.4.3 channel capabilities, ensure that all
# orderers and peers on a channel are at v1.4.3 or later.
V1_4_3: true
# V1.3 for Channel enables the new non-backwards compatible
# features and fixes of fabric v1.3
V1_3: true
# V1.1 for Channel enables the new non-backwards compatible
# features and fixes of fabric v1.1
V1_1: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.4.2 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.4.2
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V1.4.2 orderer capabilities, ensure that all
# orderers on a channel are at v1.4.2 or later.
V1_4_2: true
# V1.1 for Orderer enables the new non-backwards compatible
# features and fixes of fabric v1.1
V1_1: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V1.4.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.4.2.
V1_4_2: true
# V1.3 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.3.
V1_3: true
# V1.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.2 (note, this need not be set if
# later version capabilities are set)
V1_2: true
# V1.1 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.1 (note, this need not be set if
# later version capabilities are set).
V1_1: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo","kafka" and "etcdraft"
OrdererType: solo
Addresses:
- orderer.test.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# EtcdRaft defines configuration which must be set when the "etcdraft"
# orderertype is chosen.
EtcdRaft:
# The set of Raft replicas for this network. For the etcd/raft-based
# implementation, we expect every replica to also be an OSN. Therefore,
# a subset of the host:port items enumerated in this list should be
# replicated under the Orderer.Addresses key above.
Consenters:
- Host: orderer.test.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/server.crt
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Orga
- *Orgb
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Orga
- *Orgb
Capabilities:
<<: *ApplicationCapabilities
SampleDevModeKafka:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Kafka:
Brokers:
- kafka.example.com:9092
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Orga
- *Orgb
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
Addresses:
- orderer.example.com:7050
- orderer2.example.com:7050
- orderer3.example.com:7050
- orderer4.example.com:7050
- orderer5.example.com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Orga
- *Orgb
5.2、生成排序服務的創始塊文件
-
首先在主文件夾fabricnewsample下創建channel-artifacts文件夾(為後面docker-compose作準備)
mkdir channel-artifacts -
在主文件下之執行生成創始塊命令(一定要在configtx.yaml文件的同級目錄下),生成genesis.block文件
-
根據文件最後配置的不同,選擇不同的profile,比如官方命令為:
-
此處的通道ID和之後的通道ID名不能一樣,此處也可以不設置,默認為
testchainidFABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block -channelID firstchannel
5.3、生成通道文件
-
主文件夾下執行生成通道文件的命令,生成channel.tx文件,可指定channelD,通道名字,如果不指定默認為
mychannel#設置當前通道ID export CHANNEL_NAME=secondchannel #查詢是否設置成功 echo $CHANNEL_NAME #生成通道文件 FABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
5.4、生成錨節點更新文件
-
需要為每個組織各生成一份錨節點更新文件
FABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/aMSPanchors.tx -channelID $CHANNEL_NAME -asOrg OrgaMSPFABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/bMSPanchors.tx -channelID $CHANNEL_NAME -asOrg OrgbMSP
命名解讀:
- -profile:指定configtx.yaml文件中profiles中的組織名
- -outputAnchorPeersUpdate:指定生成錨節點更新文件的文件名
- -channelID: 指定錨節點所屬通道,通道名為之前生成通道文件時命名的
- -asOrg: 指定錨節點所屬的組織名
6、docker-compose
首先將文件複製到工程目錄下
#將docker-compose-cli.yaml複製到工程目錄下
sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/docker-compose-cli.yaml ~/fabricnewsample/docker-compose-cli.yaml
cd ~/fabricnewsample
#工程目錄下創建base文件,用於存儲下面兩個文件
mkdir base
sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/base/docker-compose-base.yaml ~/fabricnewsample/base/docker-compose-base.yaml
sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/base/peer-base.yaml ~/fabricnewsample/base/peer-base.yaml
#如果文件沒有權限,設置一下文件權限
sudo chmod 777 ~/fabricnewsample/docker-compose-cli.yaml
sudo chmod 777 ~/fabricnewsample/base/docker-compose-base.yaml
sudo chmod 777 ~/fabricnewsample/base/peer-base.yaml
6.1、docker-compose-cli,修改客戶端配置
客戶端角色使用的環境變量
#docker-compose-cli.yaml文件
cli:
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- SYS_CHANNEL=$SYS_CHANNEL
#客戶端docker容器啟動之後,Go的工作目錄,不需要修改
- GOPATH=/opt/gopath
#docker容器啟動之後,對應的守護進程的本地套接字,不需要修改
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_SPEC=INFO #日誌級別
- CORE_PEER_ID=cli #當前客戶端節點的ID,自己指定
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051 #客戶端鏈接的peer節點
- CORE_PEER_LOCALMSPID=Org1MSP #鏈接的peer節點的所屬的組織ID
- CORE_PEER_TLS_ENABLED=true #通信是否需要加密
#與客戶端鏈接對應的peer節點的3個文件
#證書文件
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
#私鑰文件
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
#根證書文件
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
#指定當前客戶端身份,此處設置為用戶中的管理員身份
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
#如果為當前文件下,需要修改文件路徑為./chaincode/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer1.org1.example.com
- peer0.org2.example.com
- peer1.org2.example.com
networks:
- byfn
本實例修改之後的cli內容為:
#docker-compose-cli.yaml文件
cli:
container_name: cli
image: hyperledger/fabric-tools:latest
tty: true
stdin_open: true
environment:
- SYS_CHANNEL=$SYS_CHANNEL
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.orga.test.com:7051
- CORE_PEER_LOCALMSPID=OrgaMSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.test.com
- peer0.orga.test.com
- peer1.orga.test.com
- peer0.orgb.test.com
- peer1.orgb.test.com
networks:
- byfn
6.2、修改docker中order節點配置
修改三處文件
- docker-compose-cli.yaml
- docker-compose-base.yaml
- peer-base.yaml
1、修改docker-compose-cli.yaml
orderer.test.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.test.com
container_name: orderer.test.com
networks:
- byfn
2、修改
#docker-compose-base.yaml文件修改後
services:
orderer.test.com:
container_name: orderer.test.com
extends:
file: peer-base.yaml
service: orderer-base
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/:/var/hyperledger/orderer/tls
- orderer.test.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
3、修改peer-base.yaml文件
#peer-base.yaml文件解釋及修改
#僅需修改一處,第二行修改為 image: hyperledger/fabric-orderer:latest
orderer-base:
image: hyperledger/fabric-orderer:latest
environment:
- FABRIC_LOGGING_SPEC=INFO #日誌級別
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 #orderer節點監聽的地址
- ORDERER_GENERAL_GENESISMETHOD=file #創始塊來源,file為來源於文件中
#創始塊對應的文件,這個不需要改,因為已經掛在到docker鏡像中
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP #order節點所屬的組的ID
#不需要修改,已經掛載在指定路徑
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp #當前節點的MSP賬號路徑
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true #是否使用tls加密
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key #私鑰
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt #證書
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] #根證書
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
6.3、修改docker中peer節點配置
1、修改peer-base.yaml
代碼中解析環境變量
peer-base:
#主要修改此處,修改為latest
image: hyperledger/fabric-peer:latest
environment:
#docker的本地套接字地址,不需要修改
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# //docs.docker.com/compose/networking/
#該peer所屬的網絡,此處為byfn,與docker-compose-cli中每個peer的networks呼應
#此處${COMPOSE_PROJECT_NAME}為docker-compose-cli.yaml所處的文件名。
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
#修改為CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=test-fabric_byfn
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
#是否通信加密
- CORE_PEER_TLS_ENABLED=true
#是否採用fabric規則選取leader peer,如果為true,則下一個必須為false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
#是否強制指定為leader peer
- CORE_PEER_GOSSIP_ORGLEADER=false
#peer節點的中profile服務,不需要修改
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
2、修改docker-compose-cli.yaml文件
orderer.test.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.test.com
container_name: orderer.test.com
networks:
- byfn
peer0.orga.test.com:
container_name: peer0.orga.test.com
extends:
file: base/docker-compose-base.yaml
service: peer0.orga.test.com
networks:
- byfn
peer1.orga.test.com:
container_name: peer1.orga.test.com
extends:
file: base/docker-compose-base.yaml
service: peer1.orga.test.com
networks:
- byfn
peer0.orgb.test.com:
container_name: peer0.orgb.test.com
extends:
file: base/docker-compose-base.yaml
service: peer0.orgb.test.com
networks:
- byfn
peer1.orgb.test.com:
container_name: peer1.orgb.test.com
extends:
file: base/docker-compose-base.yaml
service: peer1.orgb.test.com
networks:
- byfn
3、修改docker-compose-base.yaml文件,對每個peer文件進行細心修改
version: '2'
services:
orderer.test.com:
container_name: orderer.test.com
extends:
file: peer-base.yaml
service: orderer-base
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/:/var/hyperledger/orderer/tls
- orderer.test.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
peer0.orga.test.com:
container_name: peer0.orga.test.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.orga.test.com
- CORE_PEER_ADDRESS=peer0.orga.test.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.orga.test.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
#啟動時,選擇鏈接哪個節點,可以鏈接自己或其他節點,但必須為同一組織
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.orga.test.com:8051
#對外顯示的自己的地址,如果不設置,則該結點不可見
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orga.test.com:7051
- CORE_PEER_LOCALMSPID=OrgaMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls:/etc/hyperledger/fabric/tls
- peer0.orga.test.com:/var/hyperledger/production
ports:
- 7051:7051
peer1.orga.test.com:
container_name: peer1.orga.test.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.orga.test.com
- CORE_PEER_ADDRESS=peer1.orga.test.com:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer1.orga.test.com:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orga.test.com:8051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orga.test.com:7051
- CORE_PEER_LOCALMSPID=OrgaMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls:/etc/hyperledger/fabric/tls
- peer1.orga.test.com:/var/hyperledger/production
ports:
- 8051:8051
peer0.orgb.test.com:
container_name: peer0.orgb.test.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.orgb.test.com
- CORE_PEER_ADDRESS=peer0.orgb.test.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgb.test.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgb.test.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.orgb.test.com:10051
- CORE_PEER_LOCALMSPID=OrgbMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls:/etc/hyperledger/fabric/tls
- peer0.orgb.test.com:/var/hyperledger/production
ports:
- 9051:9051
peer1.orgb.test.com:
container_name: peer1.orgb.test.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.orgb.test.com
- CORE_PEER_ADDRESS=peer1.orgb.test.com:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer1.orgb.test.com:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orgb.test.com:10051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgb.test.com:9051
- CORE_PEER_LOCALMSPID=OrgbMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls:/etc/hyperledger/fabric/tls
- peer1.orgb.test.com:/var/hyperledger/production
ports:
- 10051:10051
6.4、啟動docker compose
執行docker-compose默認執行
docker-compose.yml文件,因此需要將docker-compose-cli.yaml文件重新命名為docker-compose.yml文件放在主文件下。
如果沒有設置docker-compose.yml文件則為以下命令
$ docker-compose -f docker-compose-cli.yaml up -d
執行結果
WARNING: The SYS_CHANNEL variable is not set. Defaulting to a blank string.
Creating network "fabricnewsample_byfn" with the default driver
Creating volume "fabricnewsample_orderer.test.com" with default driver
Creating volume "fabricnewsample_peer0.orga.test.com" with default driver
Creating volume "fabricnewsample_peer1.orga.test.com" with default driver
Creating volume "fabricnewsample_peer0.orgb.test.com" with default driver
Creating volume "fabricnewsample_peer1.orgb.test.com" with default driver
Creating orderer.test.com ... done
Creating peer1.orgb.test.com ... done
Creating peer0.orgb.test.com ... done
Creating peer0.orga.test.com ... done
Creating peer1.orga.test.com ... done
Creating cli ... done
可以使用以下命令查看網絡是否啟動成功
$ docker-compose -f docker-compose-cli.yaml ps
運行結果顯示每個port都有對應的端口即為啟動成功
Name Command State Ports
----------------------------------------------------------------------------
cli /bin/bash Up
orderer.test.com orderer Up 0.0.0.0:7050->7050/tcp
peer0.orga.test.com peer node start Up 0.0.0.0:9051->9051/tcp
peer0.orgb.test.com peer node start Up 0.0.0.0:7051->7051/tcp
peer1.orga.test.com peer node start Up 0.0.0.0:10051->10051/tcp
peer1.orgb.test.com peer node start Up 0.0.0.0:8051->8051/tcp
7、channel管理
7.1、通過客戶端操作各節點
-
進入客戶端容器中進行通道管理
$ docker exec -it cli bash顯示結果為:
root@e0514821f4dd:/opt/gopath/src/github.com/hyperledger/fabric/peer#
7.2、創建通道
-
peer命令生成通道,將channel.tx複製到channel-artifacts文件夾下
#設置並查看通道名 export CHANNEL_NAME=secondchannel echo $CHANNEL_NAME #生成通道 peer channel create -o orderer.test.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/test.com/orderers/orderer.test.com/msp/tlscacerts/tlsca.test.com-cert.pem運行結果:
2020-08-03 07:14:06.722 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized 2020-08-03 07:14:06.899 UTC [cli.common] readBlock -> INFO 002 Received block: 0運行結果生成secondchannel.block文件,可以當前目錄下使用
ll命令查看total 40 drwxr-xr-x 5 root root 4096 Aug 3 07:14 ./ drwxr-xr-x 3 root root 4096 Aug 3 07:08 ../ drwxr-xr-x 2 1000 1000 4096 Aug 3 07:03 channel-artifacts/ drwxr-xr-x 4 1000 1000 4096 Aug 3 06:53 crypto/ -rw-r--r-- 1 root root 17973 Aug 3 07:14 secondchannel.block drwxr-xr-x 2 root root 4096 Aug 3 07:08 scripts/
7.3、各節點加入通道
-
將每個組織的每個節點分別加入通道中,通過客戶端完成
-
客戶端每次只能鏈接一個peer節點,因此需要不斷的重新設置環境變量
首先將當前節點加入通道中
peer channel join -b secondchannel.block切換每個節點的環境變量,然後將節點加入到通道中
#將orga的peer1節點加入通道 export CORE_PEER_ADDRESS=peer1.orga.test.com:8051 export CORE_PEER_LOCALMSPID=OrgaMSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/users/[email protected]/msp export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls/server.crt export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls/server.key export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls/ca.crt peer channel join -b secondchannel.block #將org2的peer0節點加入通道 export CORE_PEER_ADDRESS=peer0.orgb.test.com:9051 export CORE_PEER_LOCALMSPID=OrgbMSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/users/[email protected]/msp export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls/server.crt export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls/server.key export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls/ca.crt peer channel join -b secondchannel.block #將org2的peer1節點加入通道 export CORE_PEER_ADDRESS=peer1.orgb.test.com:10051 export CORE_PEER_LOCALMSPID=OrgbMSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/users/[email protected]/msp export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls/server.crt export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls/server.key export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls/ca.crt peer channel join -b secondchannel.block
-
7.4、更新錨節點
-
(如果錨節點沒有更新,則不需要執行此步)
通道更新,它會傳遞到通道的定義中去。實際上,我們在通道創世區塊的頭部添加了額外的配置信息。注意我們沒有編輯創世區塊,但是簡單的把將會定義錨節點的增量添加到了鏈中。
更新通道定義,將 Orga 的錨節點定義為
peer0.orga.test.com#配置組織1的環境變量 export CORE_PEER_ADDRESS=peer0.orga.test.com:7051 export CORE_PEER_LOCALMSPID=OrgaMSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/users/[email protected]/msp export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.crt export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.key export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/ca.crt #更新錨節點 peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem將Org2的錨節點定義為
peer0.org2.example.com#配置組織2的環境變量 export CORE_PEER_ADDRESS=peer0.org2.example.com:9051 export CORE_PEER_LOCALMSPID=Org2MSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt #更新錨節點 peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org2MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
7.5、安裝及初始化鏈碼
-
給每個peer節點安裝智能合約->鏈代碼
-
可選語言Golang,java,Node.js
#設置文件權限 sudo chmod 777 chaincode sudo chmod 777 scripts #將官方提供的鏈碼文件copy到工程目錄下 sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/chaincode/chaincode_example02/go/chaincode_example02.go ~/fabricnewsample/chaincode/ #設置鏈碼文件權限 sudo chmod 777 ./chaincode/chaincode_example02.go #客戶端容器中安裝鏈碼,重新設置環境變量,需要的背書節點都要執行一遍安裝鏈碼 $ peer chaincode install -n 鏈碼的名字 -v 鏈碼的版本 -l 鏈碼的語言 -p 鏈碼的位置 peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/運行結果
2020-08-03 16:39:48.709 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc 2020-08-03 16:39:48.710 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc 2020-08-03 16:39:50.540 UTC [chaincodeCmd] install -> INFO 003 Installed remotely response:<status:200 payload:"OK" > -
對智能合約進行初始化,對應智能合約中的init函數
-
只需要在任意節點初始化一次即可,數據會自動同步到各個組織的各個節點
peer chaincode instantiate -o orderer節點地址:端口 --tls --cafile orderer節點的pem格式的證書文件 -C 通道名稱 -n 鏈碼名稱 -l 鏈碼語言 -v 鏈碼版本 -c 鏈碼函數調用 -P 背書策略 peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
-
7.6、查詢,調用鏈碼轉賬
#查詢賬戶
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
#轉賬交易
peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["invoke","a","b","10"]}'
