這篇文章是繼聯盟鏈Quorum(基於raft共識)部署流程(一)的續篇,上一篇文章只是把基礎的Quorum節點運行起來,但是隱私模塊還沒有部署上去,所以本篇主要內容是 Tessera。
我的演示系統環境時 Ubuntu 18.04 LTS。
環境要求:
jdk11 (ubuntu推薦安裝方法:sudo apt install openjdk-11-jre-headless)
步驟1:
獲取Tessera安裝包
wget https://oss.sonatype.org/service/local/repositories/releases/content/com/jpmorgan/quorum/tessera-app/0.10.4/tessera-app-0.10.4-app.jar
或者直接訪問https://github.com/jpmorganchase/tessera/releases下載文件tessera-app-0.**.*-app.jar
我是下載到/mnt/volume_nyc1_02目錄下的,大家應該發現了,我的操作基本都是在/mnt/volume_nyc1_02目錄下的,爲了方便操作。
重命名down下來的tessera文件也是爲方便操作
mv tessera-app-0.10.4-app.jar tessera.jar
步驟2:
接下來創建tessera數據存放文件夾
mkdir node1t
mkdir node2t
....
創建每個節點tessera的key文件並放在各個節點目錄下,節點2,3,4一樣照做
java -jar tessera.jar -keygen -filename t1
//t1是文件名,後面的兩個提示是輸入密碼,成功後會獲得兩個文件t1.pub,t1.key
java -jar tessera.jar -keygen -filename t2
.....
mv t1.* node1t
//複製以t1.開頭的文件到 node1t目錄下
mv t2.* node2t
.....
步驟3:
接下來是要創建node1t(節點1Tessera模塊)的配置文件node1t/config.json
{
"useWhiteList": false,
"jdbc": {
"username": "sa",
"password": "",
"url": "jdbc:h2:/mnt/volume_nyc1_02/node1t/db;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0",
"autoCreateTables": true
},
"serverConfigs":[
{
"app":"ThirdParty",
"enabled": true,
"serverAddress": "http://localhost:9081",
"communicationType" : "REST"
},
{
"app":"Q2T",
"enabled": true,
"serverAddress":"unix:/mnt/volume_nyc1_02/node1t/tm.ipc",
"communicationType" : "REST"
},
{
"app":"P2P",
"enabled": true,
"serverAddress":"http://localhost:9001",
"sslConfig": {
"tls": "OFF"
},
"communicationType" : "REST"
}
],
"peer": [
{
"url": "http://localhost:9001"
},
{
"url": "http://localhost:9002"
},
{
"url": "http://localhost:9003"
},
{
"url": "http://localhost:9004"
}
],
"keys": {
"passwords": [],
"keyData": [
{
"privateKeyPath": "/mnt/volume_nyc1_02/node1t/t1.key",
"publicKeyPath": "/mnt/volume_nyc1_02/node1t/t1.pub"
}
]
},
"alwaysSendTo": []
}
這裏需要修改目錄/mnt/volume_nyc1_02/node1t,這是我的目錄,需要更換你的目錄信息,peer裏也是換上自己所有節點的ip+port,以及下面的keydata目錄
步驟4:
啓動對應節點1的Tessera模塊
cd node1t
java -jar ../tessera.jar -configfile config.json >> tessera.log 2>&1 &
查看node1t目錄,如果有tm.ipc,說明啓動運行成功了
步驟5:
接下來修改節點1的啓動文件 startnode1.sh
PRIVATE_CONFIG=/mnt/volume_nyc1_02/node1t/tm.ipc nohup geth --datadir node1 --nodiscover --verbosity 5 --networkid 31337 --raft --raftport 50001 --rpc --rpcaddr 0.0.0.0 --rpcport 22001 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,raft --emitcheckpoints --port 21001 >> node1.log 2>&1 &
更換原目錄下的ignore 爲tm.ipc的文件地址
執行node1下的startnode.sh文件重啓節點1,特別說明:如果遇到服務器重啓,需要先啓動tessera程序,知道出現tm.ipc文件生成,在執行startnode.sh文件啓動節點即可。
部署其他節點,其實就是重複步驟5開始就不細說了。
下面展示一個我的節點2的config.json供大家參考,方便大家後面修改
{
"useWhiteList": false,
"jdbc": {
"username": "sa",
"password": "",
"url": "jdbc:h2:/mnt/volume_nyc1_02/node2t/db;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0",
"autoCreateTables": true
},
"serverConfigs":[
{
"app":"ThirdParty",
"enabled": true,
"serverAddress": "http://localhost:9082",
"communicationType" : "REST"
},
{
"app":"Q2T",
"enabled": true,
"serverAddress":"unix:/mnt/volume_nyc1_02/node2t/tm.ipc",
"communicationType" : "REST"
},
{
"app":"P2P",
"enabled": true,
"serverAddress":"http://localhost:9002",
"sslConfig": {
"tls": "OFF"
},
"communicationType" : "REST"
}
],
"peer": [
{
"url": "http://localhost:9001"
},
{
"url": "http://localhost:9002"
},
{
"url": "http://localhost:9003"
},
{
"url": "http://localhost:9004"
}
],
"keys": {
"passwords": [],
"keyData": [
{
"privateKeyPath": "/mnt/volume_nyc1_02/node2t/t2.key",
"publicKeyPath": "/mnt/volume_nyc1_02/node2t/t2.pub"
}
]
},
"alwaysSendTo": []
}
下面是節點2的startnode.sh修改信息
PRIVATE_CONFIG=/mnt/volume_nyc1_02/node2t/tm.ipc nohup geth --datadir node1 --nodiscover --verbosity 5 --networkid 31337 --raft --raftport 50002 --rpc --rpcaddr 0.0.0.0 --rpcport 22002 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,raft --emitcheckpoints --port 21002 >> node2.log 2>&1 &
4個節點都部署完之後就可以測試部署結果。
現在拿節點1跟節點2來做一個測試,測試隱私管理是否部署成功和Quorum鏈運行是否成功。
步驟6:
獲取節點2的Tessera公鑰node2t/t2.pub內容
cat node2t/2t.pub
zVmaEIIjS8bJuUP5cZ1H/+wA4KQp51dUk28FUYnpUX0=
還是在/mnt/volume_nyc1_02/目錄下,創建一個private-contract.js的文件
a = eth.accounts[0]
web3.eth.defaultAccount = a;
// abi and bytecode generated from simplestorage.sol:
// > solcjs --bin --abi simplestorage.sol
var abi = [{"constant":true,"inputs":[],"name":"storedData","outputs":[{"name":"","type":"uint256"}],"payable":false,"type":"function"},{"constant":false,"inputs":[{"name":"x","type":"uint256"}],"name":"set","outputs":[],"payable":false,"type":"function"},{"constant":true,"inputs":[],"name":"get","outputs":[{"name":"retVal","type":"uint256"}],"payable":false,"type":"function"},{"inputs":[{"name":"initVal","type":"uint256"}],"payable":false,"type":"constructor"}];
var bytecode = "0x6060604052341561000f57600080fd5b604051602080610149833981016040528080519060200190919050505b806000819055505b505b610104806100456000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632a1afcd914605157806360fe47b11460775780636d4ce63c146097575b600080fd5b3415605b57600080fd5b606160bd565b6040518082815260200191505060405180910390f35b3415608157600080fd5b6095600480803590602001909190505060c3565b005b341560a157600080fd5b60a760ce565b6040518082815260200191505060405180910390f35b60005481565b806000819055505b50565b6000805490505b905600a165627a7a72305820d5851baab720bba574474de3d09dbeaabc674a15f4dd93b974908476542c23f00029";
var simpleContract = web3.eth.contract(abi);
var simple = simpleContract.new(42, {from:web3.eth.accounts[0], data: bytecode, gas: 0x47b760, privateFor: ["zVmaEIIjS8bJuUP5cZ1H/+wA4KQp51dUk28FUYnpUX0="]}, function(e, contract) {
if (e) {
console.log("err creating contract", e);
} else {
if (!contract.address) {
console.log("Contract transaction send: TransactionHash: " + contract.transactionHash + " waiting to be mined...");
} else {
console.log("Contract mined! Address: " + contract.address);
console.log(contract);
}
}
});
修改privateFor值爲自己剛剛獲取的節點2的Tessera的公鑰
步驟7:
打開節點的geth控制檯,執行以下內容
geth attach node1/geth.ipc
> personal.unlockAccount(eth.accounts[0])
Unlock account 0xbb9ef512675df6d2c1f7874c259143d9e660ce2d
Passphrase: //輸入創建剛賬戶的密碼
true //返回true爲成功,必須成功才能繼續下面的操作
> loadScript("private-contract.js") //加載private-contract.js,部署合約
Contract transaction send: TransactionHash: 0x2470656d4c8fd21b6442247703d1b27e58f88e7e5d8dae0e6b6bbb42ba6390ff waiting to be mined...
true //返回true,合約部署成功
> Contract mined! Address: 0x688581d60e57148fcc81e48c4ce152001c25dbec
那麼Tessera隱私管理器也部署完成了。
到這裏其實我們的Quorum鏈已經全部部署完成鏈,但是爲了方便我們的日常開發,我們還需要一個簡單的區塊鏈瀏覽器,這樣可以方便許多查詢工作等等。
下一章聯盟鏈Quorum(基於raft共識)部署流程(三)- 部署基於Quorum鏈的區塊鏈瀏覽器,我會演示關於在本機部署一個簡單區塊鏈瀏覽器流程。