fabric環(huán)境安裝,設(shè)置全局訪問 -
手動組建Fabric網(wǎng)絡(luò)
一:生成fabric證書
1.JPG
1.在根目錄下,創(chuàng)建項目目錄
mkdir testfabric
cd testfabric
2.模板內(nèi)容重定向到指定文件中
#名字自己起, 叫什么都行, 一般叫: crypto-config.yaml (官方給的例子叫這個)
cryptogen showtemplate > crypto-config.yaml
3.配置文件的模板
vi crypto-config.yaml
OrdererOrgs:
- Name: Orderer # 1.排序節(jié)點組織的名字
Domain: itcast.com # 2.訪問排序節(jié)點組織的域名, 測試網(wǎng)中隨便寫, 真實的網(wǎng)絡(luò), 需要注冊
Specs:
- Hostname: orderer
# 3.其中以orderer節(jié)點的名字
# 4.得到了訪問這個orderer節(jié)點的地址: orderer.itcast.com
PeerOrgs:
- Name: OrgGo # 6.當(dāng)前組織的名字
Domain: orggo.itcast.com # 7.當(dāng)前組織的根域名
EnableNodeOUs: true # 8.在msp目錄會有一個config.yaml的配置文件
Template: # 使用模板生成peer節(jié)點的證書
Count: 2
# 9.使用模板生成2個peer節(jié)點的證書
# 10.訪問域名: 第一個peer: peer0.orggo.itcast.com
# 11.訪問域名: 第二個peer: peer1.orggo.itcast.com
Users:
Count: 3 # 12.生成3個普通用戶賬號, 和1個 管理員用戶
- Name: OrgCpp
Domain: orgcpp.itcast.com
EnableNodeOUs: false
Template:
Count: 2
Users:
Count: 3
4.根據(jù)配置文件生成證書
cryptogen generate --config=crypto-config.yaml
# 在crypto-config文件夾中生成了一些賬號:
1.JPG
5.錨節(jié)點
每個組織選擇一個peer節(jié)點,代表當(dāng)前組織和其他組織通信,這個節(jié)點叫錨節(jié)點,在配置文件中指定誰是錨節(jié)點,一個組織里,最多只能有一個錨節(jié)點
二:創(chuàng)始塊文件和通道文件的生成
1.模板在什么地方?
(1)官方給的例子: first-network -> configtx.yaml
(2)找到這個文件之后, 不要改名字, 如果改名, 命令就加載不到這個配置文件了
(3)主要修改三部分內(nèi)容:
- 配置組織信息
- orderer組織
- peer組織
- go
- cpp
- 配置 orderer節(jié)點的屬性
- 如何生成一個區(qū)塊
- 時間頻率
- 塊大小
- 消息條數(shù)
- 如何生成一個區(qū)塊
- 對網(wǎng)絡(luò)的總結(jié):
- 如何生成創(chuàng)始區(qū)塊文件
- 如何生成通道文件
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
- &OrdererOrg # OrdererOrg變量名, 自己起名, 不要重復(fù)
Name: OrdererOrg # orderer組織的名字, 自己起名
ID: OrdererMSP # orderer組織的ID, 自己指定, Name和ID可以相同
# 當(dāng)前orderer組織的組織賬號目錄
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1 # peer組織1, Org1變量名, 自己起名, 不要重復(fù)
Name: Org1MSP # 不能重復(fù), 不能和其他組織一樣
ID: Org1MSP
# 當(dāng)前組織1的組織賬號目錄
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers: # 設(shè)置組織的錨節(jié)點
- Host: peer0.org1.example.com # 錨節(jié)點的訪問地址
Port: 7051 # peer節(jié)點運行在容器中, 開發(fā)的端口7051, 用于數(shù)據(jù)通信
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
################################################################################
#
# SECTION: Capabilities, 在fabric1.1之前沒有, 設(shè)置的時候全部設(shè)置為true
# 設(shè)置為true,讓新版本兼容舊版本
#
################################################################################
Capabilities:
Global: &ChannelCapabilities
V1_1: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_2: true
################################################################################
#
# SECTION: Application
#
################################################################################
Application: &ApplicationDefaults
Organizations:
################################################################################
#
# SECTION: Orderer
#
################################################################################
Orderer: &OrdererDefaults # OrdererDefaults是變量, 隨便起名
# Available types are "solo" and "kafka"
# 使用的共識機制(排序算法)
# solo: 測試用, kafka: 工作場景用
OrdererType: solo
Addresses: # orderer排序節(jié)點的地址
# orderer.example.com 參考crypto-config.yaml orderer組織配置
# 7050是orderer容器開放的端口, 通信
- orderer.example.com:7050
# 生成區(qū)塊的三個條件: 只要有一滿足條件就可以
# BatchTimeout, MaxMessageCount, AbsoluteMaxBytes
BatchTimeout: 2s # 每隔多長時間生成一個區(qū)塊
BatchSize:
MaxMessageCount: 100 # 消息>=100條, 會生成一個區(qū)塊
AbsoluteMaxBytes: 99 MB # 消息的總大小 >=99M, 會生成一個區(qū)塊, 32m, 64m
PreferredMaxBytes: 512 KB # 建議的區(qū)塊大小
# OrdererType: solo , kafka設(shè)置不會生效
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
################################################################################
#
# Profile
#
################################################################################
Profiles: # 關(guān)鍵字
TwoOrgsOrdererGenesis: # 創(chuàng)始區(qū)塊信息, TwoOrgsOrdererGenesis隨便起名
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums: # 聯(lián)盟-關(guān)鍵字
SampleConsortium: # SampleConsortium聯(lián)盟的名字, 可以改
Organizations: # 說的是peer組織
- *Org1
- *Org2
TwoOrgsChannel: # 關(guān)于通道的信息, 創(chuàng)建通道時候使用, TwoOrgsChannel-隨便起
Consortium: SampleConsortium # 當(dāng)前通道屬于哪個聯(lián)盟
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
2.賦值模板到自己的項目
1.JPG
3.修改模板:
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: itcast.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: OrgGo
Domain: orggo.itcast.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "CA"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of the CA for this
# organization. This entry is a Spec. See "Specs" section below for details.
# ---------------------------------------------------------------------------
# CA:
# Hostname: ca # implicitly ca.org1.example.com
# Country: US
# Province: California
# Locality: San Francisco
# OrganizationalUnit: Hyperledger Fabric
# StreetAddress: address for org # default nil
# PostalCode: postalCode for org # default nil
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# - SANS: (Optional) Specifies one or more Subject Alternative Names
# to be set in the resulting x509. Accepts template
# variables {{.Hostname}}, {{.Domain}}, {{.CommonName}}. IP
# addresses provided here will be properly recognized. Other
# values will be taken as DNS names.
# NOTE: Two implicit entries are created for you:
# - {{ .CommonName }}
# - {{ .Hostname }}
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# SANS:
# - "bar.{{.Domain}}"
# - "altfoo.{{.Domain}}"
# - "{{.Hostname}}.org6.net"
# - 172.16.10.31
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# SANS:
# - "{{.Hostname}}.alt.{{.Domain}}"
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 3
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: OrgCpp
Domain: orgcpp.itcast.com
EnableNodeOUs: false
Template:
Count: 2
Users:
Count: 3
itcast@itcast:~/testfabric$ ls
configtx.yaml crypto-config crypto-config.yaml
itcast@itcast:~/testfabric$ cat configtx.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/itcast.com/msp
- &OrgGo
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrgGoMSP
# ID to load the MSP definition as
ID: OrgGoMSP
MSPDir: crypto-config/peerOrganizations/orggo.itcast.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.orggo.itcast.com
Port: 7051
- &OrgCpp
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrgCppMSP
# ID to load the MSP definition as
ID: OrgCppMSP
MSPDir: crypto-config/peerOrganizations/orgcpp.itcast.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.orgcpp.itcast.com
Port: 7051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both. Set the value of the capability to true to require it.
Global: &ChannelCapabilities
# V1.1 for Global is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running v1.0.x,
# but the modification of which would cause incompatibilities. Users
# should leave this flag set to true.
V1_1: true
# Orderer capabilities apply only to the orderers, and may be safely
# manipulated without concern for upgrading peers. Set the value of the
# capability to true to require it.
Orderer: &OrdererCapabilities
# V1.1 for Order is a catchall flag for behavior which has been
# determined to be desired for all orderers running v1.0.x, but the
# modification of which would cause incompatibilities. Users should
# leave this flag set to true.
V1_1: true
# Application capabilities apply only to the peer network, and may be safely
# manipulated without concern for upgrading orderers. Set the value of the
# capability to true to require it.
Application: &ApplicationCapabilities
# V1.2 for Application is a catchall flag for behavior which has been
# determined to be desired for all peers running v1.0.x, but the
# modification of which would cause incompatibilities. Users should
# leave this flag set to true.
V1_2: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.itcast.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 100
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 32 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
Genesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *OrgGo
- *OrgCpp
Channel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *OrgGo
- *OrgCpp
Capabilities:
<<: *ApplicationCapabilities
4.通過命令生成創(chuàng)始區(qū)塊和通道文件
(1).生成創(chuàng)始塊文件
configtxgen -profile Genesis -outputBlock genesis.block
(2)生成通道文件
# -outputCreateChannelTx: 指定通道文件的名字
# -channelID : 指定要生成的通道的通道名字
# 如果沒有通過該參數(shù)指定, 創(chuàng)建的通道有默認(rèn)的名字: mychannel
configtxgen -profile Channel -outputCreateChannelTx channel.tx -channelID itcastchannel
(3)生成更新錨節(jié)點的文件
# 一般情況下不需要更新, 除非是要替換到現(xiàn)有的指定的錨節(jié)點
# 不同組織的錨節(jié)點更新數(shù)據(jù)放到不同的文件中
# -outputAnchorPeersUpdate: 指定錨節(jié)點文件的名字
# -asOrg: 組織的名字, configtx.yaml中組織的name中找
# 1.更新go組織的錨節(jié)點
configtxgen -profile Channel -outputAnchorPeersUpdate goAnchor.tx -channelID itcastchannel -asOrg OrgGoMSP
# 2.更新cpp組織的錨節(jié)點
configtxgen -profile Channel -outputAnchorPeersUpdate cppAnchor.tx -channelID itcastchannel -asOrg OrgCppMSP
5.啟動節(jié)點
2個組織,每個組織有一個客戶端,1個order,4個peer,一共7個docker
寫docker-compose
官方給的例子:~/hyperledger-fabric/fabric-samples/first-network/docker-compose-cli.yaml
cp docker-compose-cli.yaml ~/testfabric/
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
#數(shù)據(jù)卷掛載(特殊的掛載方式)
volumes:
orderer.example.com:
peer0.org1.example.com:
peer1.org1.example.com:
peer0.org2.example.com:
peer1.org2.example.com:
networks: #docker要加入的網(wǎng)絡(luò)
byfn:
services: #服務(wù),每個服務(wù)對應(yīng)一個要啟動的容器
orderer.example.com: #服務(wù)名
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com
networks:
- byfn
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.example.com
networks:
- byfn
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org1.example.com
networks:
- byfn
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org2.example.com
networks:
- byfn
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org2.example.com
networks:
- byfn
cli: #客戶端
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- CORE_LOGGING_LEVEL=DEBUG
- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer1.org1.example.com
- peer0.org2.example.com
- peer1.org2.example.com
networks:
- byfn
cp base ~/testfabric/ -r
啟動
docker-compose -f docker-compose-cli.yaml up -d
docker-compose -f docker-compose-cli.yaml ps
容器啟動之后:
客戶端節(jié)點
peer節(jié)點
order節(jié)點
1.要創(chuàng)建通道
2.將所有的組織的所有結(jié)點,加入到創(chuàng)建的通道中
3.給所有的結(jié)點(peer)安裝鏈碼
4.不同組織的結(jié)點,鏈碼是不一樣的
5.初始化鏈碼,在任意節(jié)點初始化一次,數(shù)據(jù)會自動同步到其他節(jié)點上
6.鏈碼調(diào)用,讀,寫
創(chuàng)建通道
docker exec -it cli bash
tlsfile=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/itcast.com/tlsca/tlsca.itcast.com-cert.pem
peer channel create -o orderer.itcast.com:7050 --tls true --cafile $tlsfile -c itcastchannel -f ./channel-artifacts/channel.tx
加入通道:
peer channel join -b itcastchannel.block
鏈碼安裝:
peer chaincode install -n itcastcc -v 1.0 -p github.com/chaincode
鏈碼的打包 -> 建議(多機多節(jié)點部署)
peer chaincode package -n itcastcc -v 1.0 -p github.com/chaincode chaincode.out
鏈碼打包之后, 得到一個打包文件, 進行鏈碼安裝的時候可以使用這個文件直接進行鏈碼安裝
如何安裝
$ peer chaincode install 文件名(對鏈碼打包之后得到的文件)
tlsfile=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/itcast.com/orderers/orderer.itcast.com/msp/tlscacerts/tlsca.itcast.com-cert.pem
tlsfile -C itcastchannel -n itcastcc -v 1.0 -P "AND ('OrgGoMSP.member', 'OrgCppMSP.member')" -c '{"Args":["init", "a", "100", "b", "200"]}'
