家蛙树

Hyperledger Fabric BYFN之配置基础篇

Zealot
区块链
2018-08-31

参考https://hyperledger-fabric.readthedocs.io/en/release-1.2/build_network.html
Build your first network是Hyperledger Fabric官方最详细的例子, 目录对应
fabric-samples/first-network, 动手时间到。

1.Hyperledger Fabric启动入口
复习下Hyperledger Fabric基础的网络篇,启动一个区块链网络首先要搭建什么?如果不清楚最好看完基础篇。答案是Orderer服务。

Hyperledger Fabric使用docker镜像fabric-orderer启动Orderder服务,BYFN的命令行为
docker-compose -f docker-compose-cli.yaml up -d

我们看下docker-compose-cli.yaml内容

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

volumes:
  orderer.example.com:
  peer0.org1.example.com:
  peer1.org1.example.com:
  peer0.org2.example.com:
  peer1.org2.example.com:

networks:
  byfn:

services:

  orderer.example.com:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.example.com
    container_name: orderer.example.com
    networks:
      - byfn

  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.org1.example.com
    networks:
      - byfn

  peer1.org1.example.com:
    container_name: peer1.org1.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer1.org1.example.com
    networks:
      - byfn

  peer0.org2.example.com:
    container_name: peer0.org2.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.org2.example.com
    networks:
      - byfn

  peer1.org2.example.com:
    container_name: peer1.org2.example.com
    extends:
      file:  base/docker-compose-base.yaml
      file:  base/docker-compose-base.yaml
      service: peer0.org2.example.com
    networks:
      - byfn

  peer1.org2.example.com:
    container_name: peer1.org2.example.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer1.org2.example.com
    networks:
      - byfn

  cli:
    container_name: cli
    image: hyperledger/fabric-tools:$IMAGE_TAG
    tty: true
    stdin_open: true
    environment:
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      #- CORE_LOGGING_LEVEL=DEBUG
      - CORE_LOGGING_LEVEL=INFO
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        - ./../chaincode/:/opt/gopath/src/github.com/chaincode
        - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
        - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
    depends_on:
      - orderer.example.com
      - peer0.org1.example.com
      - peer1.org1.example.com
      - peer0.org2.example.com
      - peer1.org2.example.com
    networks:

SERVICES定义了1个orderer, 4个peer, 一个cli, 都基于docker-compose-base.yaml作为模板, 启动cli命令行(基于fabric-tool镜像),depends_on的依赖关系意味着cli启动的时候要先把orderer和4个peer服务都启动了。

看下order.example.com服务的配置:
Orderer服务的全称为orderer.example.com.
container_name定义在docker中的进程名.
networks定义归属byfn区块链网络.
extends定义继承使用docker-compose-base.yaml中orderer.example.com中的配置。

我们继续看下docker-compose-base.yaml中orderer.example.com的配置内容:

  orderer.example.com:
    container_name: orderer.example.com
    image: hyperledger/fabric-orderer:$IMAGE_TAG
    environment:
      - ORDERER_GENERAL_LOGLEVEL=INFO
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
    - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
    - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
    - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
    - orderer.example.com:/var/hyperledger/production/orderer
    ports:
      - 7050:7050

image定义了使用的docker镜像fabric-orderer.

environment定义了docker运行的容器中的环境变量,例如指定了日志级别,监听地址,生成创世块方式和路径,本地MSP路径,以及orderer开启TLS使用的私钥,自签名证书和CA证书。
其中ORDERER_GENERAL_GENSISFILE指定了创世块文件名字,orderer启动需要创世块。

working_dir定义容器中的工作目录.

command实际执行的orderer命令.

volumes定义的外部主机和容器的路径卷映射(需要了解下docker中存储的映射)。

ports定义了外部主机和内部容器的端口映射, 即7051是orderer的监听端口。

那么启动启动orderer依赖的TLS,MSP这些文件如何生成呢? 我们来介绍cryptogen这个命令

2.cryptogen命令生成相关密钥,证书和MSP
执行以下命令行提示生成两个组织
[root@localhost first-network]# cryptogen generate —config=./crypto-config.yaml
org1.example.com
org2.example.com

我们看下crypto-config.yaml内容

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
  # ---------------------------------------------------------------------------
  # Orderer
  # ---------------------------------------------------------------------------
  - Name: Orderer
    Domain: example.com
    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
  # ---------------------------------------------------------------------------
  # Org1
  # ---------------------------------------------------------------------------
  - Name: Org1
    Domain: org1.example.com
    EnableNodeOUs: true
    # ---------------------------------------------------------------------------
    # "Specs"
    # ---------------------------------------------------------------------------
    # Uncomment this section to enable the explicit definition of hosts in your
    # configuration.  Most users will want to use Template, below
    #
    # Specs is an array of Spec entries.  Each Spec entry consists of two fields:
    #   - Hostname:   (Required) The desired hostname, sans the domain.
    #   - CommonName: (Optional) Specifies the template or explicit override for
    #                 the CN.  By default, this is the template:
    #
    #                              "{{.Hostname}}.{{.Domain}}"
    #
    #                 which obtains its values from the Spec.Hostname and
    #                 Org.Domain, respectively.
    # ---------------------------------------------------------------------------
    # Specs:
    #   - Hostname: foo # implicitly "foo.org1.example.com"
    #     CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
    #   - Hostname: bar
    #   - Hostname: baz
    # ---------------------------------------------------------------------------
    # "Template"
    # ---------------------------------------------------------------------------
    # Allows for the definition of 1 or more hosts that are created sequentially
    # from a template. By default, this looks like "peer%d" from 0 to Count-1.
    # You may override the number of nodes (Count), the starting index (Start)
    # or the template used to construct the name (Hostname).
    #
    # Note: Template and Specs are not mutually exclusive.  You may define both
    # sections and the aggregate nodes will be created for you.  Take care with
    # name collisions
    # ---------------------------------------------------------------------------
    Template:
      Count: 2
      # Start: 5
      # Hostname: {{.Prefix}}{{.Index}} # default
    # ---------------------------------------------------------------------------
    # "Users"
    # ---------------------------------------------------------------------------
    # Count: The number of user accounts _in addition_ to Admin
    # ---------------------------------------------------------------------------
    Users:
      Count: 1
  # ---------------------------------------------------------------------------
  # Org2: See "Org1" for full specification
  # ---------------------------------------------------------------------------
  - Name: Org2
    Domain: org2.example.com
    EnableNodeOUs: true
    Template:
      Count: 2
    Users:
      Count: 1

主要定义了两大类组织, OrdererOrgs归为一类, PeerOrgs归为一类.
Name标记组织唯一名称.
Domain定义所属域名.
Specs 定义各自配置项信息.
EnableNodeOUs定义节点是否支持组织单元,前面基础章节MSP会员身份有介绍。

PeerOrgs使用两种方式定义组织,一种是Specs具体指定每个主机peer节点, 另外一种方式是使用Template批量生成节点, 参考上面配置的注释。

上面例子定义了一个orderer, 两个组织, 每个组织下两个Peer.

具体生成了什么内容了, 我们看下当前目录下的crypto-config文件夹:

[root@localhost crypto-config]# pwd
/mnt/sda3/fabric-samples/first-network/crypto-config
[root@localhost crypto-config]# ll
总用量 8
drwxr-xr-x. 3 root root 4096 8月  24 23:19 ordererOrganizations
drwxr-xr-x. 4 root root 4096 8月  24 23:19 peerOrganizations

[root@localhost example.com]# pwd
/mnt/sda3/fabric-samples/first-network/crypto-config/ordererOrganizations/example.com
[root@localhost example.com]# ll
总用量 20
drwxr-xr-x. 2 root root 4096 8月  24 23:19 ca
drwxr-xr-x. 5 root root 4096 8月  24 23:19 msp
drwxr-xr-x. 3 root root 4096 8月  24 23:19 orderers
drwxr-xr-x. 2 root root 4096 8月  24 23:19 tlsca
drwxr-xr-x. 3 root root 4096 8月  24 23:19 users

[root@localhost peerOrganizations]# pwd
/mnt/sda3/fabric-samples/first-network/crypto-config/peerOrganizations
[root@localhost peerOrganizations]# ll
总用量 8
drwxr-xr-x. 7 root root 4096 8月  24 23:19 org1.example.com
drwxr-xr-x. 7 root root 4096 8月  24 23:19 org2.example.com

3.Orderer服务启动
再回头看下docker-compose-base.yaml中orderer.example.com的配置内容:

 orderer.example.com:
    container_name: orderer.example.com
    image: hyperledger/fabric-orderer:$IMAGE_TAG
    environment:
      - ORDERER_GENERAL_LOGLEVEL=INFO
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
    - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
    - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
    - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
    - orderer.example.com:/var/hyperledger/production/orderer
    ports:
      - 7050:7050

Server.key, server.crt, ca.crt都有了, 差创世块genesis.block文件了, 使用以下命令行创建

[root@localhost first-network]# export FABRIC_CFG_PATH=$PWD
[root@localhost first-network]# configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
2018-08-26 16:26:31.045 CST [common/tools/configtxgen] main -> WARN 001 Omitting the channel ID for configtxgen is deprecated.  Explicitly passing the channel ID will be required in the future, defaulting to 'testchainid'.
2018-08-26 16:26:31.045 CST [common/tools/configtxgen] main -> INFO 002 Loading configuration
2018-08-26 16:26:31.067 CST [common/tools/configtxgen/encoder] NewChannelGroup -> WARN 003 Default policy emission is deprecated, please include policy specificiations for the channel group in configtx.yaml
2018-08-26 16:26:31.067 CST [common/tools/configtxgen/encoder] NewOrdererGroup -> WARN 004 Default policy emission is deprecated, please include policy specificiations for the orderer group in configtx.yaml
2018-08-26 16:26:31.068 CST [common/tools/configtxgen/encoder] NewOrdererOrgGroup -> WARN 005 Default policy emission is deprecated, please include policy specificiations for the orderer org group OrdererOrg in configtx.yaml
2018-08-26 16:26:31.111 CST [msp] getMspConfig -> INFO 006 Loading NodeOUs
2018-08-26 16:26:31.111 CST [common/tools/configtxgen/encoder] NewOrdererOrgGroup -> WARN 007 Default policy emission is deprecated, please include policy specificiations for the orderer org group Org1MSP in configtx.yaml
2018-08-26 16:26:31.123 CST [msp] getMspConfig -> INFO 008 Loading NodeOUs
2018-08-26 16:26:31.123 CST [common/tools/configtxgen/encoder] NewOrdererOrgGroup -> WARN 009 Default policy emission is deprecated, please include policy specificiations for the orderer org group Org2MSP in configtx.yaml
2018-08-26 16:26:31.123 CST [common/tools/configtxgen] doOutputBlock -> INFO 00a Generating genesis block
2018-08-26 16:26:31.125 CST [common/tools/configtxgen] doOutputBlock -> INFO 00b Writing genesis block

channel-artifacts文件夹下生成了genesis.block, 容器中映射为
/var/hyperledger/orderer/orderer.genesis.block

configtxgen命令实际读取的配置文件默认为configtxgen.yaml, 我们看下它对应的profile TwoOrgsOrdererGenesis, 对应蓝色字体。创世块是记账本的第一个区块,作用重大。配置有点啰嗦,但仔细过一遍。


# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

---
################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################
Organizations:

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &OrdererOrg
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrdererOrg

        # ID to load the MSP definition as
        ID: OrdererMSP

        # MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/example.com/msp

    - &Org1
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: Org1MSP

        # ID to load the MSP definition as
        ID: Org1MSP

        MSPDir: crypto-config/peerOrganizations/org1.example.com/msp

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.org1.example.com
              Port: 7051

    - &Org2
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: Org2MSP

        # ID to load the MSP definition as
        ID: Org2MSP

        MSPDir: crypto-config/peerOrganizations/org2.example.com/msp

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.org2.example.com
              Port: 7051

################################################################################
#
#   SECTION: Capabilities
#
#   - This section defines the capabilities of fabric network. This is a new
#   concept as of v1.1.0 and should not be utilized in mixed networks with
#   v1.0.x peers and orderers.  Capabilities define features which must be
#   present in a fabric binary for that binary to safely participate in the
#   fabric network.  For instance, if a new MSP type is added, newer binaries
#   might recognize and validate the signatures from this type, while older
#   binaries without this support would be unable to validate those
#   transactions.  This could lead to different versions of the fabric binaries
#   having different world states.  Instead, defining a capability for a channel
#   informs those binaries without this capability that they must cease
#   processing transactions until they have been upgraded.  For v1.0.x if any
#   capabilities are defined (including a map with all capabilities turned off)
#   then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
    # Channel capabilities apply to both the orderers and the peers and must be
    # supported by both.  Set the value of the capability to true to require it.
    Global: &ChannelCapabilities
        # V1.1 for Global is a catchall flag for behavior which has been
        # determined to be desired for all orderers and peers running v1.0.x,
        # but the modification of which would cause incompatibilities.  Users
        # should leave this flag set to true.
        V1_1: true

    # Orderer capabilities apply only to the orderers, and may be safely
    # manipulated without concern for upgrading peers.  Set the value of the
    # capability to true to require it.
    Orderer: &OrdererCapabilities
        # V1.1 for Order is a catchall flag for behavior which has been
        # determined to be desired for all orderers running v1.0.x, but the
        # modification of which  would cause incompatibilities.  Users should
        # leave this flag set to true.
        V1_1: true

    # Application capabilities apply only to the peer network, and may be safely
    # manipulated without concern for upgrading orderers.  Set the value of the
    # capability to true to require it.
    Application: &ApplicationCapabilities
        # V1.2 for Application is a catchall flag for behavior which has been
        # determined to be desired for all peers running v1.0.x, but the
        # modification of which would cause incompatibilities.  Users should
        # leave this flag set to true.
        V1_2: true

################################################################################
#
#   SECTION: Application
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults

    # Organizations is the list of orgs which are defined as participants on
    # the application side of the network
    Organizations:

################################################################################
#
#   SECTION: Orderer
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults

    # Orderer Type: The orderer implementation to start
    # Available types are "solo" and "kafka"
    OrdererType: solo

    Addresses:
        - orderer.example.com:7050

    # Batch Timeout: The amount of time to wait before creating a batch
    BatchTimeout: 2s

    # Batch Size: Controls the number of messages batched into a block
    BatchSize:

        # Max Message Count: The maximum number of messages to permit in a batch
        MaxMessageCount: 10

        # Absolute Max Bytes: The absolute maximum number of bytes allowed for
        # the serialized messages in a batch.
        AbsoluteMaxBytes: 99 MB

        # Preferred Max Bytes: The preferred maximum number of bytes allowed for
        # the serialized messages in a batch. A message larger than the preferred
        # max bytes will result in a batch larger than preferred max bytes.
        PreferredMaxBytes: 512 KB

    Kafka:
        # Brokers: A list of Kafka brokers to which the orderer connects
        # NOTE: Use IP:port notation
        Brokers:
            - 127.0.0.1:9092

    # Organizations is the list of orgs which are defined as participants on
    # the orderer side of the network
    Organizations:

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

    TwoOrgsOrdererGenesis:
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
                    - *Org2
    TwoOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
            Capabilities:
                <<: *ApplicationCapabilities

Profile TwoOrgsOrdererGenesis

定义了全局的通道兼容性ChannelCapabilities, 具体多看下注释, 貌似V1_1设置为true就可以兼容v1.0.x版本,一般默认吧。

定义了Order, 对应到OrdererDefaults配置内容,使用orderType是solo, 没用kafka, 还配置了solo相关的监听地址,批量处理最大值和超时时间等。在进阶配置篇我们再学习kafka配置。

定义了区块链网络的联盟Consortiums为SampleConsortium, 包含了组织Org1和Org2。其实打开genesis.block的内容看下, 注释包含了Org1和Org2证书相关的MSP信息,组织的Anchor Peer等信息打到区块中,确实容易让人误会以为配置文件里面有的内容都会打包到区块,实际上-outputBlock选项只是打包以上说的这些基础数据。

启动cli顺路都会启动orderer, 其实peer也会被启动, 因为docker-compose-cli.yaml定义了, 证书也都生成了,peer并未加入区块链网络。


[root@localhost first-network]# docker-compose -f docker-compose-cli.yaml up -d
Creating network "net_byfn" with the default driver
Creating volume "net_orderer.example.com" with default driver
Creating volume "net_peer0.org1.example.com" with default driver
Creating volume "net_peer1.org1.example.com" with default driver
Creating volume "net_peer0.org2.example.com" with default driver
Creating volume "net_peer1.org2.example.com" with default driver
Creating peer0.org1.example.com ... done
Creating peer0.org2.example.com ... done
Creating peer1.org2.example.com ... done
Creating peer1.org1.example.com ... done
Creating orderer.example.com    ... done
Creating cli                    ... done

我们看下docker容器启动的进程

[root@localhost first-network]# docker ps
CONTAINER ID        IMAGE                               COMMAND             CREATED             STATUS              PORTS                                              NAMES
f1f0fe5f2133        hyperledger/fabric-tools:latest     "/bin/bash"         3 minutes ago       Up 3 minutes                                                           cli
8816783a79ce        hyperledger/fabric-orderer:latest   "orderer"           3 minutes ago       Up 3 minutes        0.0.0.0:7050->7050/tcp                             orderer.example.com
1b47b97495f0        hyperledger/fabric-peer:latest      "peer node start"   3 minutes ago       Up 3 minutes        0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp   peer1.org2.example.com
51c166bdce76        hyperledger/fabric-peer:latest      "peer node start"   3 minutes ago       Up 3 minutes        0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp     peer1.org1.example.com
b8112247baf6        hyperledger/fabric-peer:latest      "peer node start"   3 minutes ago       Up 3 minutes        0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp     peer0.org2.example.com
0fc1e47832d5        hyperledger/fabric-peer:latest      "peer node start"   3 minutes ago       Up 3 minutes        0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp     peer0.org1.example.com

4.创建通道和加入通道
区块链网络有了, orderer网络管理节点有了, peer是启动了,但没加入网络和通道,以下命令行验证下(验证完后请exit退出docker容器命令行)。

[root@localhost first-network]# docker exec -it cli bash
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel list      
2018-08-26 09:35:02.325 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Channels peers has joined: 
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# echo $CORE_PEER_ADDRESS
peer0.org1.example.com:7051

回想下区块链网络基础章节,orderer定义联盟SampleConsortium, 但是没有通道,需要向orderer发送一个配置的请求,使用configtxgen生成。

[root@localhost first-network]# export CHANNEL_NAME=mychannel  
[root@localhost first-network]# 
[root@localhost first-network]# configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
2018-08-26 17:53:10.167 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
2018-08-26 17:53:10.183 CST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
2018-08-26 17:53:10.183 CST [common/tools/configtxgen/encoder] NewApplicationGroup -> WARN 003 Default policy emission is deprecated, please include policy specificiations for the application group in configtx.yaml
2018-08-26 17:53:10.184 CST [msp] getMspConfig -> INFO 004 Loading NodeOUs
2018-08-26 17:53:10.184 CST [common/tools/configtxgen/encoder] NewApplicationOrgGroup -> WARN 005 Default policy emission is deprecated, please include policy specificiations for the application org group Org1MSP in configtx.yaml
2018-08-26 17:53:10.184 CST [msp] getMspConfig -> INFO 006 Loading NodeOUs
2018-08-26 17:53:10.184 CST [common/tools/configtxgen/encoder] NewApplicationOrgGroup -> WARN 007 Default policy emission is deprecated, please include policy specificiations for the application org group Org2MSP in configtx.yaml
2018-08-26 17:53:10.186 CST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 008 Writing new channel tx

[root@localhost first-network]# cd channel-artifacts/
[root@localhost channel-artifacts]# ll
总用量 20
-rw-r--r--. 1 root root   346 8月  26 17:53 channel.tx
-rw-r--r--. 1 root root 12655 8月  26 16:26 genesis.block
[root@localhost channel-artifacts]#

看到channel.tx即生成成功,同理也是用configtxgen生成,我们看下对应配置文件configtx.yaml中Profile TwoOrgsChannel 的配置。

 TwoOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
            Capabilities:
                <<: *ApplicationCapabilities

主要配置所属联盟为SampleConsortium, 配置的通道可用的两个组织。 我们看下channel.tx的内容, 貌似也是简单的定义了通道名称,所属联盟,用到的MSP, 兼容性版本配置,Admin,读写权限等? -outputCreateChannelTx选项也只是生成配置文件中的部分内容。

t_1b6804f26def4d3bb7f88da3060f4c0a.png
我们需要进去到cli容器中创建通道

[root@192 first-network]# docker exec -it -e LINES=$(tput lines) -e COLUMNS=$(tput cols) cli bash
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# export CHANNEL_NAME=mychannel
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2018-08-30 17:10:28.077 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2018-08-30 17:10:28.124 UTC [cli/common] readBlock -> INFO 002 Got status: &{NOT_FOUND}
2018-08-30 17:10:28.130 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2018-08-30 17:10:28.339 UTC [cli/common] readBlock -> INFO 004 Received block: 0
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer#

加入通道并验证下是否加入成功

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel join -b mychannel.block
2018-08-30 17:19:27.903 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2018-08-30 17:19:27.964 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel list
2018-08-30 17:20:13.861 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Channels peers has joined: 
mychannel

通道虽说是建立好了,实际上从配置文件configtx.yaml可看到,每个Org实际需要配置一个或多个Anchor Peer锚节点(用于跨组织的gossip通信协议,后面服务发现提到),下面我们把当前的peer节点设置为锚节点,先生成 tx文件。

[root@192 first-network]# export CHANNEL_NAME=mychannel
[root@192 first-network]# configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP
2018-08-31 01:38:34.650 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
2018-08-31 01:38:34.662 CST [common/tools/configtxgen] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
2018-08-31 01:38:34.662 CST [common/tools/configtxgen] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update

我们看下生成的Org1MSPanchors.tx文件

t_dc3d1ea2faa64a3697ce76f04aa5a64b.png
切到cli容器向orderer更新通道, orderer是区块链网络的管理节点。

[root@192 first-network]# docker exec -it -e LINES=$(tput lines) -e COLUMNS=$(tput cols) cli bash
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# export CHANNEL_NAME=mychannel
root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2018-08-30 17:55:31.054 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2018-08-30 17:55:31.078 UTC [channelCmd] update -> INFO 002 Successfully submitted channel update

5.安装和运行链码
在cli容器中执行

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go/ 
2018-08-30 18:08:22.619 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc
2018-08-30 18:08:22.619 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc
2018-08-30 18:08:24.760 UTC [chaincodeCmd] install -> INFO 003 Installed remotely response:<status:200 payload:"OK" >

Hyperledger Fabric总能安装配置好, 但链码作为智能合同的实现,我们是必须详细学习的。
-n指定链码名称.
-v指定链码的版本.
-p指定链码的路径,默认是go语言实现.

初始化链码

root@f1f0fe5f2133:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
2018-08-30 18:18:12.800 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc
2018-08-30 18:18:12.800 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc

为什么初始化链码的时候要和orderer通信?不是直接peer节点安装初始化使用吗? 复习下区块链网络的更新几个步骤,orderer需要验证更新的背书策略和采访权限,orderer需要知道这些信息, 实例化链码的时候就需要orderer知道了。 这个例子-P指定策略, 必须要Org1和Org2的背书节点通过才能更新。

调用链码
查询简单些

[root@192 first-network]# docker exec -it -e LINES=$(tput lines) -e COLUMNS=$(tput cols) cli bash
root@4b05aaca1028:/opt/gopath/src/github.com/hyperledger/fabric/peer# export CHANNEL_NAME=mychannel
root@4b05aaca1028:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
90

下面是更新例子

root@4b05aaca1028:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["invoke","a","b","10"]}'
2018-08-30 18:47:22.101 UTC [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200

链码这个调用最好./byfn.sh up那样完整的生成两个组织,四个节点, 需要干净的环境就使用./byfn.sh down清理再执行./byfn.sh up

更新这里指定了两个Peer, 一般指定对应的背书节点就好,当然发送个通道的所有Peer节点。

基础配置篇暂时到此,如果你心中有不少疑问就对了, BYFN毕竟只是个演示的demo, 如果用在商用可够呛。 更完善的使用和配置我们将在配置进阶篇中讲解。

点赞 0
0条评论
其他心得
Zealot · 38天前 
对于Fabric的权限和MSP配置这块,可能大家实际部署会给一堆msp目录绕晕,我们回过头来梳理一下。 1.Peer节点如何控制用户的采访权限?我们以first-network为例, 先看下peer0的启动配置docker-compose-cli.yaml。 引用到base/docker-compose-base.yaml peer0.org1.example.com: container_name: peer0.org1.example.com extends: fi
Fabric在半天前发布1.3版本,参考 https://github.com/hyperledger/fabric/releases 介绍下1.3的新特性,参考 https://hyperledger-fabric.readthedocs.io/en/release-1.3/whatsnew.html 1.MSP新实现方式,使用身份混合器/Identify Mixer 通过使用零知识证明(zero-knowledge proofs), 可实现身份的匿名和不可连接。 开发环境提供了
Zealot · 88天前 
Hyperledger Fabric当前最新版本为1.2, 自行参考官方安装文档 https://hyperledger-fabric.readthedocs.io/en/release-1.2/prereqs.html 以Centos7安装为例, 简单说明注意事项。 1.安装或更新curl yum install curlyum update curl保证尽量新的版本, 后面步骤安装脚本使用curl下载文件 2.docker安装 (1)Docker CE安装参考官
Zealot · 52天前 
1.基于Hyperledger Cello Cello的定位是为Fabric提供一个BaaS平台,使用Web UI方便的管理区块链网络,节点和链码。 理想丰满,希望兼容K8s,swarm等多容器,提供了安装网络,简单监控,安装链码,调用等基本功能,可惜bugs一堆,又得兼顾Fabric快速迭代的版本。还有一点,以docker为例,实际Work Node使用remote docker访问模式,需要在Master的管理平台手工输入所有的worker node ip和端口,有些维护
1.Consistency 一致性 一致性是分布式系统需要解决的基础问题,一致性是对外呈现的一致的状态或结果,一致性为什么很重要,举个扫码支付的例子。 小明到商场想玩夹娃娃机,他爸爸扫码支付了10元,娃娃取币机正常情况下需要弹出10个币,假设取币机出了问题,没接收到支付成功的通知,没弹出币就让人抓狂了。两个系统中订单状态不一致了,支付系统认为是支付成功,娃娃取币机认为订单待支付。 1.1一致性模型 一致性的模型定义,只列出一些常见的,一起学习研究。(1)Strict Consist