聯盟鏈Quorum（基於raft共識）部署流程（二）- 部署隱私模塊Tessera

這篇文章是繼聯盟鏈Quorum（基於raft共識）部署流程（一）的續篇，上一篇文章只是把基礎的Quorum節點運行起來，但是隱私模塊還沒有部署上去，所以本篇主要內容是 Tessera。

我的演示系統環境時 Ubuntu 18.04 LTS。

環境要求：

jdk11 （ubuntu推薦安裝方法：sudo apt install openjdk-11-jre-headless)

步驟1:

獲取Tessera安裝包

wget https://oss.sonatype.org/service/local/repositories/releases/content/com/jpmorgan/quorum/tessera-app/0.10.4/tessera-app-0.10.4-app.jar

或者直接訪問https://github.com/jpmorganchase/tessera/releases下載文件tessera-app-0.**.*-app.jar

我是下載到/mnt/volume_nyc1_02目錄下的，大家應該發現了，我的操作基本都是在/mnt/volume_nyc1_02目錄下的，爲了方便操作。

重命名down下來的tessera文件也是爲方便操作

mv tessera-app-0.10.4-app.jar tessera.jar

步驟2：

接下來創建tessera數據存放文件夾

mkdir node1t
mkdir node2t
....

創建每個節點tessera的key文件並放在各個節點目錄下，節點2，3，4一樣照做

java -jar tessera.jar -keygen -filename t1
//t1是文件名，後面的兩個提示是輸入密碼，成功後會獲得兩個文件t1.pub,t1.key
java -jar tessera.jar -keygen -filename t2
.....

mv t1.* node1t
//複製以t1.開頭的文件到 node1t目錄下
mv t2.* node2t
.....

步驟3:

接下來是要創建node1t（節點1Tessera模塊）的配置文件node1t/config.json

{
   "useWhiteList": false,
   "jdbc": {
       "username": "sa",
       "password": "",
       "url": "jdbc:h2:/mnt/volume_nyc1_02/node1t/db;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0",
       "autoCreateTables": true
   },
   "serverConfigs":[
       {
           "app":"ThirdParty",
           "enabled": true,
           "serverAddress": "http://localhost:9081",
           "communicationType" : "REST"
       },
       {
           "app":"Q2T",
           "enabled": true,
            "serverAddress":"unix:/mnt/volume_nyc1_02/node1t/tm.ipc",
           "communicationType" : "REST"
       },
       {
           "app":"P2P",
           "enabled": true,
           "serverAddress":"http://localhost:9001",
           "sslConfig": {
               "tls": "OFF"
           },
           "communicationType" : "REST"
       }
   ],
   "peer": [
       {
           "url": "http://localhost:9001"
       },
       {
           "url": "http://localhost:9002"
       },
       {
           "url": "http://localhost:9003"
       },
       {
           "url": "http://localhost:9004"
       }
   ],
   "keys": {
       "passwords": [],
       "keyData": [
           {
               "privateKeyPath": "/mnt/volume_nyc1_02/node1t/t1.key",
               "publicKeyPath": "/mnt/volume_nyc1_02/node1t/t1.pub"
           }
       ]
   },
   "alwaysSendTo": []
}

這裏需要修改目錄/mnt/volume_nyc1_02/node1t，這是我的目錄，需要更換你的目錄信息，peer裏也是換上自己所有節點的ip+port，以及下面的keydata目錄

步驟4：

啓動對應節點1的Tessera模塊

cd node1t
java -jar ../tessera.jar -configfile config.json >> tessera.log 2>&1 &

查看node1t目錄，如果有tm.ipc，說明啓動運行成功了

步驟5:

接下來修改節點1的啓動文件 startnode1.sh

PRIVATE_CONFIG=/mnt/volume_nyc1_02/node1t/tm.ipc nohup geth --datadir node1 --nodiscover --verbosity 5 --networkid 31337 --raft --raftport 50001 --rpc --rpcaddr 0.0.0.0 --rpcport 22001 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,raft --emitcheckpoints --port 21001 >> node1.log 2>&1 &

更換原目錄下的ignore 爲tm.ipc的文件地址

執行node1下的startnode.sh文件重啓節點1，特別說明：如果遇到服務器重啓，需要先啓動tessera程序，知道出現tm.ipc文件生成，在執行startnode.sh文件啓動節點即可。

部署其他節點，其實就是重複步驟5開始就不細說了。

下面展示一個我的節點2的config.json供大家參考，方便大家後面修改

{
   "useWhiteList": false,
   "jdbc": {
       "username": "sa",
       "password": "",
       "url": "jdbc:h2:/mnt/volume_nyc1_02/node2t/db;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0",
       "autoCreateTables": true
   },
   "serverConfigs":[
       {
           "app":"ThirdParty",
           "enabled": true,
           "serverAddress": "http://localhost:9082",
           "communicationType" : "REST"
       },
       {
           "app":"Q2T",
           "enabled": true,
            "serverAddress":"unix:/mnt/volume_nyc1_02/node2t/tm.ipc",
           "communicationType" : "REST"
       },
       {
           "app":"P2P",
           "enabled": true,
           "serverAddress":"http://localhost:9002",
           "sslConfig": {
               "tls": "OFF"
           },
           "communicationType" : "REST"
       }
   ],
   "peer": [
       {
           "url": "http://localhost:9001"
       },
       {
           "url": "http://localhost:9002"
       },
       {
           "url": "http://localhost:9003"
       },
       {
           "url": "http://localhost:9004"
       }
   ],
   "keys": {
       "passwords": [],
       "keyData": [
           {
               "privateKeyPath": "/mnt/volume_nyc1_02/node2t/t2.key",
               "publicKeyPath": "/mnt/volume_nyc1_02/node2t/t2.pub"
           }
       ]
   },
   "alwaysSendTo": []
}

下面是節點2的startnode.sh修改信息

PRIVATE_CONFIG=/mnt/volume_nyc1_02/node2t/tm.ipc nohup geth --datadir node1 --nodiscover --verbosity 5 --networkid 31337 --raft --raftport 50002 --rpc --rpcaddr 0.0.0.0 --rpcport 22002 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,raft --emitcheckpoints --port 21002 >> node2.log 2>&1 &

4個節點都部署完之後就可以測試部署結果。

現在拿節點1跟節點2來做一個測試，測試隱私管理是否部署成功和Quorum鏈運行是否成功。

步驟6:

獲取節點2的Tessera公鑰node2t/t2.pub內容

cat node2t/2t.pub
zVmaEIIjS8bJuUP5cZ1H/+wA4KQp51dUk28FUYnpUX0=

還是在/mnt/volume_nyc1_02/目錄下，創建一個private-contract.js的文件

a = eth.accounts[0]
web3.eth.defaultAccount = a;

// abi and bytecode generated from simplestorage.sol:
// > solcjs --bin --abi simplestorage.sol
var abi = [{"constant":true,"inputs":[],"name":"storedData","outputs":[{"name":"","type":"uint256"}],"payable":false,"type":"function"},{"constant":false,"inputs":[{"name":"x","type":"uint256"}],"name":"set","outputs":[],"payable":false,"type":"function"},{"constant":true,"inputs":[],"name":"get","outputs":[{"name":"retVal","type":"uint256"}],"payable":false,"type":"function"},{"inputs":[{"name":"initVal","type":"uint256"}],"payable":false,"type":"constructor"}];

var bytecode = "0x6060604052341561000f57600080fd5b604051602080610149833981016040528080519060200190919050505b806000819055505b505b610104806100456000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632a1afcd914605157806360fe47b11460775780636d4ce63c146097575b600080fd5b3415605b57600080fd5b606160bd565b6040518082815260200191505060405180910390f35b3415608157600080fd5b6095600480803590602001909190505060c3565b005b341560a157600080fd5b60a760ce565b6040518082815260200191505060405180910390f35b60005481565b806000819055505b50565b6000805490505b905600a165627a7a72305820d5851baab720bba574474de3d09dbeaabc674a15f4dd93b974908476542c23f00029";

var simpleContract = web3.eth.contract(abi);
var simple = simpleContract.new(42, {from:web3.eth.accounts[0], data: bytecode, gas: 0x47b760, privateFor: ["zVmaEIIjS8bJuUP5cZ1H/+wA4KQp51dUk28FUYnpUX0="]}, function(e, contract) {
    if (e) {
        console.log("err creating contract", e);
    } else {
        if (!contract.address) {
            console.log("Contract transaction send: TransactionHash: " + contract.transactionHash + " waiting to be mined...");
        } else {
            console.log("Contract mined! Address: " + contract.address);
            console.log(contract);
        }
    }
});

修改privateFor值爲自己剛剛獲取的節點2的Tessera的公鑰

步驟7:

打開節點的geth控制檯,執行以下內容

geth attach node1/geth.ipc 

> personal.unlockAccount(eth.accounts[0])
Unlock account 0xbb9ef512675df6d2c1f7874c259143d9e660ce2d
Passphrase:                                 //輸入創建剛賬戶的密碼
true                                        //返回true爲成功，必須成功才能繼續下面的操作

> loadScript("private-contract.js")          //加載private-contract.js，部署合約
Contract transaction send: TransactionHash: 0x2470656d4c8fd21b6442247703d1b27e58f88e7e5d8dae0e6b6bbb42ba6390ff waiting to be mined...
true                                         //返回true，合約部署成功

> Contract mined! Address: 0x688581d60e57148fcc81e48c4ce152001c25dbec

那麼Tessera隱私管理器也部署完成了。

到這裏其實我們的Quorum鏈已經全部部署完成鏈，但是爲了方便我們的日常開發，我們還需要一個簡單的區塊鏈瀏覽器，這樣可以方便許多查詢工作等等。

下一章聯盟鏈Quorum（基於raft共識）部署流程（三）- 部署基於Quorum鏈的區塊鏈瀏覽器，我會演示關於在本機部署一個簡單區塊鏈瀏覽器流程。