規劃
所有的節點分離部署, 每臺主機上有一個節點
名稱 | IP | Hostname | 組織機構 |
orderer | 192.168.220.31 | orderer.test.com | Orderer |
goPeer0 | 192.168.220.32 | peer0.orgGo.com | OrgGo |
cppPeer0 | 192.168.220.33 | peer0.orgCpp.com | OrgCpp |
ps:安裝Fabric一機多節點和配置證書詳情等請看上一節文檔。
一、必要配置以及準備
1. n臺主機需要創建一個名字相同的工作目錄
# 192.168.220.31
mkdir ~/testwork
# 192.168.220.32
mkdir ~/testwork
# 192.168.220.33
mkdir ~/testwork
關閉防火牆:
systemctl stop firewalld
systemctl disable firewalld
2.安裝Fabric1.4單機版,並將bin文件中的可執行文件拷貝至/usr/local/bin中,(單機版教程請參考上一節)
cd ....//fabric 1.4fabric-sample中的bin文件
cp * /usr/local/bin
3.編寫配置文件 -> 生成證書(只在orderer節點上運行)
vim crypto-config.yaml
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: test.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: OrgGo
Domain: orgGo.test.com
EnableNodeOUs: false
# ---------------------------------------------------------------------------
# "CA"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of the CA for this
# organization. This entry is a Spec. See "Specs" section below for details.
# ---------------------------------------------------------------------------
# CA:
# Hostname: ca # implicitly ca.org1.example.com
# Country: US
# Province: California
# Locality: San Francisco
# OrganizationalUnit: Hyperledger Fabric
# StreetAddress: address for org # default nil
# PostalCode: postalCode for org # default nil
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# - SANS: (Optional) Specifies one or more Subject Alternative Names
# to be set in the resulting x509. Accepts template
# variables {{.Hostname}}, {{.Domain}}, {{.CommonName}}. IP
# addresses provided here will be properly recognized. Other
# values will be taken as DNS names.
# NOTE: Two implicit entries are created for you:
# - {{ .CommonName }}
# - {{ .Hostname }}
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# SANS:
# - "bar.{{.Domain}}"
# - "altfoo.{{.Domain}}"
# - "{{.Hostname}}.org6.net"
# - 172.16.10.31
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# SANS:
# - "{{.Hostname}}.alt.{{.Domain}}"
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: OrgCpp
Domain: orgCpp.test.com
EnableNodeOUs: false
Template:
Count: 2
Users:
Count: 1
運行(只在orderer節點上運行)
cryptogen generate --config=crypto-config.yaml
- 生成通道文件和創始塊文件(只在orderer節點上運行)
# vim configtx.yaml -> 名字不能變
################################################################################
#
# Section: Organizations
#
################################################################################
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/test.com/msp
- &OrgGo
Name: OrgGoMSP
ID: OrgGoMSP
MSPDir: crypto-config/peerOrganizations/orgGo.test.com/msp
AnchorPeers:
- Host: peer0.orgGo.test.com
Port: 7051
- &OrgCpp
Name: OrgCppMSP
ID: OrgCppMSP
MSPDir: crypto-config/peerOrganizations/orgCpp.test.com/msp
AnchorPeers:
- Host: peer0.orgCpp.test.com
Port: 7051
################################################################################
#
# SECTION: Capabilities
#
################################################################################
Capabilities:
Global: &ChannelCapabilities
V1_1: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_2: true
################################################################################
#
# SECTION: Application
#
################################################################################
Application: &ApplicationDefaults
Organizations:
################################################################################
#
# SECTION: Orderer
#
################################################################################
Orderer: &OrdererDefaults
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.test.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 100
AbsoluteMaxBytes: 32 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
################################################################################
#
# Profile
#
################################################################################
Profiles:
ItcastOrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *OrgGo
- *OrgCpp
ItcastOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *OrgGo
- *OrgCpp
Capabilities:
<<: *ApplicationCapabilities
創建channel-artifacts目錄(只在orderer節點上運行)
mkdir channel-artifacts
生成創始塊文件(只在orderer節點上運行)
configtxgen -profile ItcastOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
生成通道文件(只在orderer節點上運行)
configtxgen -profile ItcastOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID testchannel
若未指定channelID,則默認是mychannel
二、部署
1.部署order節點(只在orderer中執行)
- 編寫orderer節點啓動的docker-compose.yaml配置文件
version: '2'
services:
orderer.test.com:
container_name: orderer.test.com
image: hyperledger/fabric-orderer:latest
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=testwork_default
- ORDERER_GENERAL_LOGLEVEL=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/:/var/hyperledger/orderer/tls
networks:
default:
aliases:
- testwork # 這個名字使用當前配置文件所在的目錄 的名字
ports:
- 7050:7050
部署文件:
docker-compose -f docker-compose.yaml up -d
查看是否成功:
[root@node2 testwork]# docker-compose -f docker-compose.yaml ps
Name Command State Ports
-----------------------------------------------------------
orderer.test.com orderer Up 0.0.0.0:7050->7050/tcp
2.部署goPeer0節點(切換主機、只在goPeer0中執行)
1.拷貝ordder節點中testwork目錄下的channel-artifacts、crypto-config至goPeer0中
#使用ssh
scp (文件名) [email protected]:/home{目標path}
scp -r channel-artifacts crypto-config [email protected]:/root/testwork
2.修改docker-compose.yaml
version: '2'
services:
peer0.orgGo.test.com:
container_name: peer0.orgGo.test.com
image: hyperledger/fabric-peer:latest
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=testwork_default
- CORE_LOGGING_LEVEL=INFO
#- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_LOCALMSPID=OrgGoMSP
- CORE_PEER_ID=peer0.orgGo.test.com
- CORE_PEER_ADDRESS=peer0.orgGo.test.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgGo.test.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgGo.test.com:7051
# TLS
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/orgGo.test.com/peers/peer0.orgGo.test.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/orgGo.test.com/peers/peer0.orgGo.test.com/tls:/etc/hyperledger/fabric/tls
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
networks:
default:
aliases:
- testwork
ports:
- 7051:7051
- 7053:7053
extra_hosts: # 聲明域名和IP的對應關係
- "orderer.test.com:192.168.220.31"
cli:
container_name: cli
image: hyperledger/fabric-tools:latest
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- CORE_LOGGING_LEVEL=DEBUG
- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.orgGo.test.com:7051
- CORE_PEER_LOCALMSPID=OrgGoMSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgGo.test.com/peers/peer0.orgGo.test.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgGo.test.com/peers/peer0.orgGo.test.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgGo.test.com/peers/peer0.orgGo.test.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgGo.test.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on: # 啓動順序
- peer0.orgGo.test.com
networks:
default:
aliases:
- testwork
extra_hosts:
- "orderer.test.com:192.168.220.31"
- "peer0.orgGo.test.com:192.168.220.32"
3.在testwork目錄下創建chaincode目錄,並將鏈代碼放入其中
mkdir chaincode
鏈代碼地址:https://github.com/lsy-zhaoshuaiji/faricInstall
4.運行docker-compose文件
docker-compose -f docker-compose.yaml up -d
執行命令後,若無報錯,則代表成功。
5.進入到Cli容器中, 創建通道
peer channel create -o orderer.test.com:7050 -c testchannel -f ./channel-artifacts/channel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/test.com/msp/tlscacerts/tlsca.test.com-cert.pem
若沒error,則代表成功。
6.將當前節點加入到通道中
peer channel join -b testchannel.block
7.安裝鏈碼
peer chaincode install -n testcc -v 1.0 -l golang -p github.com/chaincode
3.部署cppPeer0節點(切換主機、只在cppPeer0中執行)
1.拷貝ordder節點中testwork目錄下的channel-artifacts、crypto-config至cppPeer0中
#使用ssh
scp (文件名) [email protected]:/home{目標path}
scp -r channel-artifacts crypto-config [email protected]:/root/testwork
2.從GoPeer0中拷貝通道文件到該宿主機:(在gopeer0上執行)
docker cp cli:/opt/gopath/src/github.com/hyperledger/fabric/peer/testchannel.block ./
scp testchannel.block [email protected]:/root/testwork/
3.修改docker-compose.yaml
version: '2'
services:
peer0.orgCpp.test.com:
container_name: peer0.orgCpp.test.com
image: hyperledger/fabric-peer:latest
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=testwork_default
- CORE_LOGGING_LEVEL=INFO
#- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_LOCALMSPID=OrgCppMSP
- CORE_PEER_ID=peer0.orgCpp.test.com
- CORE_PEER_ADDRESS=peer0.orgCpp.test.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgCpp.test.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgCpp.test.com:7051
# TLS
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/orgCpp.test.com/peers/peer0.orgCpp.test.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/orgCpp.test.com/peers/peer0.orgCpp.test.com/tls:/etc/hyperledger/fabric/tls
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
networks:
default:
aliases:
- testwork
ports:
- 7051:7051
- 7053:7053
extra_hosts: # 聲明域名和IP的對應關係
- "orderer.test.com:192.168.220.31"
- "peer0.orgGo.test.com:192.168.220.32"
cli:
container_name: cli
image: hyperledger/fabric-tools:latest
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- CORE_LOGGING_LEVEL=DEBUG
- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.orgCpp.test.com:7051
- CORE_PEER_LOCALMSPID=OrgCppMSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgCpp.test.com/peers/peer0.orgCpp.test.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgCpp.test.com/peers/peer0.orgCpp.test.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgCpp.test.com/peers/peer0.orgCpp.test.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgCpp.test.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on: # 啓動順序
- peer0.orgCpp.test.com
networks:
default:
aliases:
- testwork
extra_hosts:
- "orderer.test.com:192.168.220.31"
- "peer0.orgGo.test.com:192.168.220.32"
- "peer0.orgCpp.test.com:192.168.220.33"
3.運行docker-compose文件
docker-compose -f docker-compose.yaml up -d
執行命令後,若無報錯,則代表成功。
5.進入Cli容器中,將當前節點加入到通道中
fabric/peer# peer channel join -b ./channel-artifacts/testchannel.block
6.安裝鏈碼
peer chaincode install -n testcc -v 1.0 -l golang -p github.com/chaincode
7.初始化鏈碼:
$ peer chaincode instantiate -o orderer節點地址:端口 --tls true --cafile orderer節點pem格式的證書文件 -C 通道名稱 -n 鏈碼名稱 -l 鏈碼語言 -v 鏈碼版本 -c 鏈碼Init函數調用 -P 背書策略
peer chaincode instantiate -o orderer.test.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/test.com/msp/tlscacerts/tlsca.test.com-cert.pem -C testchannel -n testcc -l golang -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -P "AND ('OrgGoMSP.member', 'OrgCppMSP.member')"
8.通過查詢進行驗證
peer chaincode query -C testchannel -n testcc -c '{"Args":["query","a"]}'
若返回值中有100則代表驗證成功!
9.調用方法修改數據進行驗證(可略)
peer chaincode invoke -o orderer.test.com:7050 -C testchannel -n testcc --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/test.com/orderers/orderer.test.com/msp/tlscacerts/tlsca.test.com-cert.pem --peerAddresses peer0.OrgGo.test.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgGo.test.com/peers/peer0.orgGo.test.com/tls/ca.crt --peerAddresses peer0.orgCpp.test.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgCpp.test.com/peers/peer0.orgCpp.test.com/tls/ca.crt -c '{"Args":["invoke","a","b","10"]}'
10.鏈碼的打包(可略)
我們在進行多機多節點部署的時候, 所有的peer節點都需要安裝鏈碼, 有時候會出現鏈碼安裝失敗的問題, 提示鏈碼的指紋(哈希)不匹配,我們可以通過以下方法解決
1. 通過客戶端在第1個peer節點中安裝好鏈碼之後, 將鏈碼打包
peer chaincode package -n testcc -p github.com/chaincode -v 1.0 mycc.1.0.out
-n: 鏈碼的名字
-p: 鏈碼的路徑
-v: 鏈碼的版本號
-mycc.1.0.out: 打包之後生成的文件
2. 將打包之後的鏈碼從容器中拷貝出來
$ docker cp cli:/xxxx/mycc.1.0.out ./
3. 將得到的打包之後的鏈碼文件拷貝到其他的peer節點上
4. 通過客戶端在其他peer節點上安裝鏈碼
peer chaincode install mycc.1.0.out