前言
在研究 Fabric 区块链平台的时候,搭建区块链网络是入门的第一步。
在本专栏中,关于环境的搭建,曾写过一下几篇文章:
01-HyperLedger 实战-快速搭建一个 Fabric1.0 环境
第一篇文章,是基于 Fabric 官方提供的脚本download-dockerimages.sh,该脚本的路径为~/go/src/ github . com/hyperledger/fabric/examples/e2e_cli/.
运行脚本能够自动下载搭建 Fabric 所需要的镜像文件。镜像文件下载好了之后,在运行该目录下的 network_setup.sh 来快速搭建一个 Fabric 区块链网络。04-HyperLedger 实战-手动搭建一个 Fabric 网络-基于 Docker 容器的方式
第二篇文章,是在镜像文件全部下载好了的前提下,手动执行 network_setup.sh 脚本中的 Fabric 网络中的逻辑。包括加密文件的生成、创世区块、通道配置文件的生成等等。紧接着是启动节点、创建通道、加入通道、安装和实例化链码等等。16-HyperLedger-Fabric 实战-手动搭建 fabric 网络-编译源码方式
第三篇文章,则进一步手动化。在第二篇文章中,虽然手动创建了加密文件、通道等等。但是,Orderer 节点,Peer 节点的启动,依赖的是 docker-compose 工具来启动的。所以,这篇文章,利用源码编译的方式,来搭建 fabric 网络。可以说是纯手动搭建 Fabric 网络。
这篇文章,就是基于以上的基础之上,进一步研究 Fabric 区块链网络的搭建。在这次实战中,是将 fabric 网络部署在阿里云服务器中。Fabric 网络的类型为单机多节点。
环境配置:
本次实战,笔者用到的是阿里云的轻量应用服务器。
阿里云轻量应用服务器操作系统:Ubuntu16.04
内核:4.4.0-93-generic
Go version : go1.9 linux/amd64
Fabric 镜像版本:1.1.0
在阿里云上部署之前,默认已经安装好了 go 语言环境(1.9.0 及以上版本),下载好了 Fabric1.1 的镜像等等。
Fabric1.1 镜像
go-version如果你之前安装的是 Fabric1.0 版本的镜像,可以用如下命令来删除之:
// 强制删除所有的镜像命令
docker rmi -f $(docker images -q)
// 删除指定镜像
docker rmi <image id>流程介绍:
在阿里云上部署单机多节点的 Fabric 网络,实际上和《HyperLedger 实战-手动搭建一个 Fabric 网络-基于 Docker 容器的方式 》该文中,十分的相似。但是,在这个过程中,也有些不同。在这一实战中,将通过两篇专栏文章来介绍如何部署此网络。
第一部分,是环境准备部分。除了讲解环境准备的基本知识,也会结合前面 18 篇文章,将这些知识点串接起来。本文结构如下:
全文结构阿里云部署单机多节点(一)| 环境准备
1、清空环境
运行 Fabric 区块链网络,需要一个干净的环境。常见的清空环境的命令有:
- docker 杀死所有正在运行的容器
docker kill $(docker ps -a -q)- docker 强制删除所有停止的容器
docker rm -f $( docker ps -a -q)2.创建环境搭建目录-network001
我们可以在 Ubuntu 下,创建一个区块链网络环境配置目录。因为 Fabric 是高度可插拔的,所以,可以很方便的通过配置文件,来配置不同的的区块链网络。在这里,我们在/root/go/src/ github .com/hyperledger/fabric 目录下,创建目录 network001:
cd ~/go/src/github.com/hyperledger/fabric
mkdir network0013.在 network001 目录下,准备配置生成工具。
在 fabric 网络的搭建过程中,需要很多配置文件,比如创世区块、各个节点需要相关的证书,创建通道时,需要通道配置文件等等。这些配置文件,都是由相关工具,利用对应的配置文件来生成的。
本文中,配置生成工具,本质上是 Fabric 平台上编译好了的二进制文件。所以,这里,我们直接从网上下载,然后将其放在 network001 目录下即可。
下载该文件命令如下:
curl https://nexus.hyperledger.org/content/repositories/releases/org/hyperledger/fabric/hyperledger-fabric/linux-amd64-1.1.0/hyperledger-fabric-linux-amd64-1.1.0.tar.gz | tar xz最终,在 network001 目录下,多了一个 bin 和一个 config 文件夹。
其中 bin 文件夹下,对应的工具有:
关于生成工具的详细内容可参考:
苏小乐:10-HyperLedger-Fabric 原理-配置管理工具介绍
在 config 文件夹中,是配置 Fabric 网络中的常用配置文件,该目录下的文件如下:
本次实验中,并不用下载的配置文件,而是自己新建对应的配置文件。但是,新建的配置文件的格式,都是用.yaml 文件来配置。
4.配置证书相关文件 | crypto-config.yaml & configtx.yaml
- crypto-config.yaml 文件
依赖配置文件crypto-config.yaml 指定了网络的拓扑结构。该文件的主要作用是:
1、通过配置模板信息,来定义组织成员对应的结构。
2、cryptogen 可以快速根据该配置文件自动批量生成所需要的密钥和证书文件。
在 network001 文件夹下, 创建 crypto-config.yaml 文件,文件内容如下:
crypto-config.yaml 内容如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
Template:
Count: 2
Users:
Count: 1
- 生成证书文件
terminal 进入 network001 目录下,使用如下命令,来生成相关的证书文件:
./bin/cryptogen generate --config=./crypto-config.yaml运行结果如下:
上述命令,生成了一个 crypto-config 目录。在该目录中,定义了两个组织,org1 以及 org2.所以该工具对应生成了两套证书文件。
- configtx.yaml
configtx.yaml 包含网络的定义,并给出了网络组件的拓扑结构还指出每个网络实体的加密材料的存储位置。用来编写配置系统通道初始区块文件,新建应用通道配置文件,锚节点配置更新交易文件等。
在 network001 文件夹下, 创建 configtx.yaml 文件,文件内容如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org1.example.com
Port: 7051
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org2.example.com
Port: 7051
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.example.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 98 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
- 生成创始区块文件
terminal 进入 network001 目录下,使用如下命令,来生成创始区块:
./bin/configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block如果报如下错误:
Error on outputBlock: Error writing genesis block: open ./channel-artifacts/genesis.block: no such file or directory
报错的意思是这里没有该文件夹。
在 network001 目录下,新建一个 channel-artifacts 文件夹即可。
运行成功后,如下所示:
可以看到 channel-artifacts 文件夹下,有了一个 genesis.block 文件。
- 生成通道配置文件
terminal 进入 network001 目录下,使用如下命令,来生成通道配置文件:
./bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID mychannel运行成功后,结果如下:
通过观察,可以发现,在 channel-artifacts 目录下,新建了一个名为 mychannel.tx 的文件。该文件会在 peer 节点加入到通道中 用到。
关于配置文件的详细分析,可参考:
苏小乐:3-HyperLedger-Fabric1.0 原理-Fabric 网络搭建过程之配置文件
5.部署配置 Orderer 节点
orderer 节点的配置,可以用.yaml 格式的文件来配置,最后可以用 docker-compose 来启动。
在 network001 目录下,创建一个 docker-orderer.yaml 启动文件,文件内容如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=aberic_default
# - ORDERER_GENERAL_LOGLEVEL=error
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
#- ORDERER_GENERAL_GENESISPROFILE=AntiMothOrdererGenesis
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
#- ORDERER_GENERAL_LEDGERTYPE=ram
#- ORDERER_GENERAL_LEDGERTYPE=file
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=false
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
networks:
default:
aliases:
- abericzai
ports:
- 7050:7050该配置文件中,设置了 Orderer 排序服务监听的端口号是 7050,以及关于 MSP 配置信息的文件证书配置等等。
6.部署配置 peer0.org1 节点
Orderer 节点有排序启动文件,对应的佩尔 peer 节点,也有对应的 docker-peer.yaml 文件。对于 dockers-peer.yaml 文件的内容如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb
# Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service,
# for example map it to utilize Fauxton User Interface in dev environments.
ports:
- "5984:5984"
ca:
container_name: ca
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca
- FABRIC_CA_SERVER_TLS_ENABLED=false
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/ab7dca5e5f6b1cc24c2023764c5b34d1f78d8614d2a11e74178d2d5509bd3be8_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/ab7dca5e5f6b1cc24c2023764c5b34d1f78d8614d2a11e74178d2d5509bd3be8_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer
environment:
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_NETWORKID=network001
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=network001
# - CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=network001_default
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 7051:7051
- 7052:7052
- 7053:7053
depends_on:
- couchdb
networks:
default:
aliases:
- network001
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# - CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ./chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/network001/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org1.example.com
peer 节点的启动文件包含的内容较多,包括了对 cli 客户端、Couch DB 插件以及 CA 服务端插件的配置。
在上述的文件中,有几个地方需要修改。
首先,是 CA 部分,有两处要修改:
-
- 一处是 FABRIC_CA_SERVER_TLS_KEYFILE
- 另一处是:command 最后一部分。
将这两处的 _sk 文件名称,替换成你所在主机环境
./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com下对应的 _sk 文件名即可。
其次,是斜体部分要更改。
斜体部分要改成与你自定义文件夹同名。这么做,主要是使用 compose 搭建网络时,使得 peer 节点能够加入到网络中。
斜体部分,主要是以下一些环境变量需要更改
– CORE_PEER_NETWORKID=network001
– CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=network001_default
aliases: – network001
关于 Orderer 节点以及 Peer 节点的配置文件详细介绍,可参考:
苏小乐:15-HyperLedger-Fabric 原理-docker 指令&yaml 文件详解
苏小乐:11-HyperLedger-Fabric 原理-MSP 详解(二)-Peer&Orderer 配置 MSP
至此,关于在阿里云上部署单机多节点的第一部分准备工作就到此结束。
第二部分,将主要是用到上述所生成的配置文件,来搭建网络。
关于本文所出现的配置文件,可在以下链接下载:
转自知乎 苏小乐 :https://www.zhihu.com/people/shan-de-ding-zhu/activities
