构建第一个Hyperledger Fabric网络
0.Hyperledger Fabric学习笔记目录
- Hyperledger Fabric的安装和体验
- 初识Hyperledger Fabric网络节点和交易流程
- Hyperledger Fabric 1.0的架构
- 构建第一个Hyperledger Fabric网络
通过前面学习,已经对Hyperledger Fabric的架构、网络节点、交易流程有了初步的认识,并且快速搭建和体验了一下fabric-samples-1.0.6中的basic-network示例。
学习也是一个不断迭代和深入的过程,本篇我们将按照Hyperledger Doc: Building Your First Network,体验fabric-samples-1.0.6中的first-network示例。
first-network这个示例的场景是由两个组织组成Hyperledger Fabric的网络,其中只有一个orderer节点,每个组织有2个peer节点。
1.预备环境
我们使用CentOS 7.4主机作为运行环境,已经安装好了docker和docker-compose。
同时需要下载好fabric-samples-1.0.6。
1wget https://github.com/hyperledger/fabric-samples/archive/v1.0.6.tar.gz -O fabric-samples-v1.0.6.tar.gz
2tar -zxvf fabric-samples-v1.0.6.tar.gz
进入到first-network目录:
1cd fabric-samples-1.0.6/first-network/
2
3ls
4base byfn.sh channel-artifacts configtx.yaml crypto-config.yaml docker-compose-cli.yaml docker-compose-couch.yaml docker-compose-e2e-template.yaml README.md scripts
其中byfn.sh是一个完整的脚本,提供了快速引导启动4个分别属于两个不同组织的peer节点容器和一个排序服务orderer节点容器成的Hyperledger Fabric网络。这个脚本还将启动一个容器来运行将peer节点加入channel,部署实例化chaincode以及驱动以及部署的chaincode执行交易的脚本。
1./byfn.sh -h
2Usage:
3 byfn.sh -m up|down|restart|generate [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>] [-i <imagetag>]
4 byfn.sh -h|--help (print this message)
5 -m <mode> - one of 'up', 'down', 'restart' or 'generate'
6 - 'up' - bring up the network with docker-compose up
7 - 'down' - clear the network with docker-compose down
8 - 'restart' - restart the network
9 - 'generate' - generate required certificates and genesis block
10 -c <channel name> - channel name to use (defaults to "mychannel")
11 -t <timeout> - CLI timeout duration in microseconds (defaults to 10000)
12 -d <delay> - delay duration in seconds (defaults to 3)
13 -f <docker-compose-file> - specify which docker-compose file use (defaults to docker-compose-cli.yaml)
14 -s <dbtype> - the database backend to use: goleveldb (default) or couchdb
15 -i <imagetag> - pass the image tag to launch the network using the tag: 1.0.1, 1.0.2, 1.0.3, 1.0.4 (defaults to latest)
16
17Typically, one would first generate the required certificates and
18genesis block, then bring up the network. e.g.:
19
20 byfn.sh -m generate -c mychannel
21 byfn.sh -m up -c mychannel -s couchdb
22 byfn.sh -m up -c mychannel -s couchdb -i 1.0.6
23 byfn.sh -m down -c mychannel
24
25Taking all defaults:
26 byfn.sh -m generate
27 byfn.sh -m up
28 byfn.sh -m down
2.生成证书和创世区块
将前面在Hyperledger Fabric的安装和体验中下载的二进制文件cryptogen、configtxgen拷贝到first-network目录下。
执行./byfn.sh -m generate命令,并且伴随着yes/no的交互就可以生成证书和创世区块。
1./byfn.sh -m generate
2Generating certs and genesis block for with channel 'mychannel' and CLI timeout of '10'
3Continue (y/n)? y
4proceeding ...
5/root/fabric-samples-1.0.6/first-network/cryptogen
6
7##########################################################
8##### Generate certificates using cryptogen tool #########
9##########################################################
10org1.example.com
11org2.example.com
12
13/root/fabric-samples-1.0.6/first-network/configtxgen
14##########################################################
15######### Generating Orderer Genesis block ##############
16##########################################################
172018-03-11 18:14:39.277 CST [common/configtx/tool] main -> INFO 001 Loading configuration
182018-03-11 18:14:39.314 CST [common/configtx/tool] doOutputBlock -> INFO 002 Generating genesis block
192018-03-11 18:14:39.315 CST [common/configtx/tool] doOutputBlock -> INFO 003 Writing genesis block
20
21#################################################################
22### Generating channel configuration transaction 'channel.tx' ###
23#################################################################
242018-03-11 18:14:39.326 CST [common/configtx/tool] main -> INFO 001 Loading configuration
252018-03-11 18:14:39.330 CST [common/configtx/tool] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
262018-03-11 18:14:39.330 CST [common/configtx/tool] doOutputChannelCreateTx -> INFO 003 Writing new channel tx
27
28#################################################################
29####### Generating anchor peer update for Org1MSP ##########
30#################################################################
312018-03-11 18:14:39.346 CST [common/configtx/tool] main -> INFO 001 Loading configuration
322018-03-11 18:14:39.351 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
332018-03-11 18:14:39.351 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update
34
35#################################################################
36####### Generating anchor peer update for Org2MSP ##########
37#################################################################
382018-03-11 18:14:39.364 CST [common/configtx/tool] main -> INFO 001 Loading configuration
392018-03-11 18:14:39.368 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
402018-03-11 18:14:39.368 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update
2.1 证书生成器
cryptogen工具生成各种网络节点的证书,证书标识这些网络节点的身份,在进行通信和交易时网络节点将使用它们进行签名和身份认证。
cryptogen需要使用一个crypto-config.yaml配置文件,我们看一下first-network目录下的这个配置文件,下面的内容去掉了原文件中的注释:
1OrdererOrgs:
2 - Name: Orderer
3 Domain: example.com
4 Specs:
5 - Hostname: orderer
6PeerOrgs:
7 - Name: Org1
8 Domain: org1.example.com
9 Template:
10 Count: 2
11 Users:
12 Count: 1
13 - Name: Org2
14 Domain: org2.example.com
15 Template:
16 Count: 2
17 Users:
18 Count: 1
生成的证书在crypto-config目录下:
1tree crypto-config
2crypto-config
3├── ordererOrganizations
4│ └── example.com
5│ ├── ca
6│ │ ├── 3edc86eff3a9a3b63349846076b3a6e291ec8642265855720bc5593879cbeec4_sk
7│ │ └── ca.example.com-cert.pem
8│ ├── msp
9│ │ ├── admincerts
10│ │ │ └── [email protected]
11│ │ ├── cacerts
12│ │ │ └── ca.example.com-cert.pem
13│ │ └── tlscacerts
14│ │ └── tlsca.example.com-cert.pem
15│ ├── orderers
16│ │ └── orderer.example.com
17│ │ ├── msp
18│ │ │ ├── admincerts
19│ │ │ │ └── [email protected]
20│ │ │ ├── cacerts
21│ │ │ │ └── ca.example.com-cert.pem
22│ │ │ ├── keystore
23│ │ │ │ └── b89caf945a67154ecf7a9c57de32f66e86f59e29998206bf54c9df0067201c94_sk
24│ │ │ ├── signcerts
25│ │ │ │ └── orderer.example.com-cert.pem
26│ │ │ └── tlscacerts
27│ │ │ └── tlsca.example.com-cert.pem
28│ │ └── tls
29│ │ ├── ca.crt
30│ │ ├── server.crt
31│ │ └── server.key
32│ ├── tlsca
33│ │ ├── ef9eec33e81a1a3097be31c4bff01e516bb53cc4ca2d7e88e6f3c04f0cb78c40_sk
34│ │ └── tlsca.example.com-cert.pem
35│ └── users
36│ └── [email protected]
37│ ├── msp
38│ │ ├── admincerts
39│ │ │ └── [email protected]
40│ │ ├── cacerts
41│ │ │ └── ca.example.com-cert.pem
42│ │ ├── keystore
43│ │ │ └── bdbee7a5ce4c779e0f67e7d1baee2cc6ad4090604f02b2ae31ee613b4bb75569_sk
44│ │ ├── signcerts
45│ │ │ └── [email protected]
46│ │ └── tlscacerts
47│ │ └── tlsca.example.com-cert.pem
48│ └── tls
49│ ├── ca.crt
50│ ├── server.crt
51│ └── server.key
52└── peerOrganizations
53 ├── org1.example.com
54 │ ├── ca
55 │ │ ├── c2524b8b8eba23710f11e44947fa0a3eadeb888003a8bd79ee34941790276fb7_sk
56 │ │ └── ca.org1.example.com-cert.pem
57 │ ├── msp
58 │ │ ├── admincerts
59 │ │ │ └── [email protected]
60 │ │ ├── cacerts
61 │ │ │ └── ca.org1.example.com-cert.pem
62 │ │ └── tlscacerts
63 │ │ └── tlsca.org1.example.com-cert.pem
64 │ ├── peers
65 │ │ ├── peer0.org1.example.com
66 │ │ │ ├── msp
67 │ │ │ │ ├── admincerts
68 │ │ │ │ │ └── [email protected]
69 │ │ │ │ ├── cacerts
70 │ │ │ │ │ └── ca.org1.example.com-cert.pem
71 │ │ │ │ ├── keystore
72 │ │ │ │ │ └── 8783f652b82eafb73350cf76a98b5b1156e1975605b00c6b2bad49912e93d276_sk
73 │ │ │ │ ├── signcerts
74 │ │ │ │ │ └── peer0.org1.example.com-cert.pem
75 │ │ │ │ └── tlscacerts
76 │ │ │ │ └── tlsca.org1.example.com-cert.pem
77 │ │ │ └── tls
78 │ │ │ ├── ca.crt
79 │ │ │ ├── server.crt
80 │ │ │ └── server.key
81 │ │ └── peer1.org1.example.com
82 │ │ ├── msp
83 │ │ │ ├── admincerts
84 │ │ │ │ └── [email protected]
85 │ │ │ ├── cacerts
86 │ │ │ │ └── ca.org1.example.com-cert.pem
87 │ │ │ ├── keystore
88 │ │ │ │ └── 45c4785a5fb9eb2b45e560c5827162a8c52a960edc68d1daecfca9f089e06f2e_sk
89 │ │ │ ├── signcerts
90 │ │ │ │ └── peer1.org1.example.com-cert.pem
91 │ │ │ └── tlscacerts
92 │ │ │ └── tlsca.org1.example.com-cert.pem
93 │ │ └── tls
94 │ │ ├── ca.crt
95 │ │ ├── server.crt
96 │ │ └── server.key
97 │ ├── tlsca
98 │ │ ├── 719dbe0ab05f0a537bb20109a47ffe53f44373df0f67c1741d173b423006cea1_sk
99 │ │ └── tlsca.org1.example.com-cert.pem
100 │ └── users
101 │ ├── [email protected]
102 │ │ ├── msp
103 │ │ │ ├── admincerts
104 │ │ │ │ └── [email protected]
105 │ │ │ ├── cacerts
106 │ │ │ │ └── ca.org1.example.com-cert.pem
107 │ │ │ ├── keystore
108 │ │ │ │ └── af25ff531dd7dc81944f56511fb48b32a4e3fdab525bfebfd776d29630192166_sk
109 │ │ │ ├── signcerts
110 │ │ │ │ └── [email protected]
111 │ │ │ └── tlscacerts
112 │ │ │ └── tlsca.org1.example.com-cert.pem
113 │ │ └── tls
114 │ │ ├── ca.crt
115 │ │ ├── server.crt
116 │ │ └── server.key
117 │ └── [email protected]
118 │ ├── msp
119 │ │ ├── admincerts
120 │ │ │ └── [email protected]
121 │ │ ├── cacerts
122 │ │ │ └── ca.org1.example.com-cert.pem
123 │ │ ├── keystore
124 │ │ │ └── f8cbb26435bbcd1be6ac977ce017863349b313f9b52636e2a085ba96a3fd45d4_sk
125 │ │ ├── signcerts
126 │ │ │ └── [email protected]
127 │ │ └── tlscacerts
128 │ │ └── tlsca.org1.example.com-cert.pem
129 │ └── tls
130 │ ├── ca.crt
131 │ ├── server.crt
132 │ └── server.key
133 └── org2.example.com
134 ├── ca
135 │ ├── 51e9045cf510bcdf462c0348df5f520c3ff3fba1d718f05fcd9793d30fe929ba_sk
136 │ └── ca.org2.example.com-cert.pem
137 ├── msp
138 │ ├── admincerts
139 │ │ └── [email protected]
140 │ ├── cacerts
141 │ │ └── ca.org2.example.com-cert.pem
142 │ └── tlscacerts
143 │ └── tlsca.org2.example.com-cert.pem
144 ├── peers
145 │ ├── peer0.org2.example.com
146 │ │ ├── msp
147 │ │ │ ├── admincerts
148 │ │ │ │ └── [email protected]
149 │ │ │ ├── cacerts
150 │ │ │ │ └── ca.org2.example.com-cert.pem
151 │ │ │ ├── keystore
152 │ │ │ │ └── e459cc7423369250cb580cef745b69cffc0f157f30227ed5a2e5bde0086e9211_sk
153 │ │ │ ├── signcerts
154 │ │ │ │ └── peer0.org2.example.com-cert.pem
155 │ │ │ └── tlscacerts
156 │ │ │ └── tlsca.org2.example.com-cert.pem
157 │ │ └── tls
158 │ │ ├── ca.crt
159 │ │ ├── server.crt
160 │ │ └── server.key
161 │ └── peer1.org2.example.com
162 │ ├── msp
163 │ │ ├── admincerts
164 │ │ │ └── [email protected]
165 │ │ ├── cacerts
166 │ │ │ └── ca.org2.example.com-cert.pem
167 │ │ ├── keystore
168 │ │ │ └── b324a608a243296348910776b6a9490add441722fa892b044d35ef3ea5a5436c_sk
169 │ │ ├── signcerts
170 │ │ │ └── peer1.org2.example.com-cert.pem
171 │ │ └── tlscacerts
172 │ │ └── tlsca.org2.example.com-cert.pem
173 │ └── tls
174 │ ├── ca.crt
175 │ ├── server.crt
176 │ └── server.key
177 ├── tlsca
178 │ ├── 538884ef1875b1388e072a0d6eaa8e6ef9a3cf618305edd4fdfcdd759ae450e3_sk
179 │ └── tlsca.org2.example.com-cert.pem
180 └── users
181 ├── [email protected]
182 │ ├── msp
183 │ │ ├── admincerts
184 │ │ │ └── [email protected]
185 │ │ ├── cacerts
186 │ │ │ └── ca.org2.example.com-cert.pem
187 │ │ ├── keystore
188 │ │ │ └── 6942266e617cdd51becb5719f7dcc7db00cbda42eec299fd9bdca4a96ab3c709_sk
189 │ │ ├── signcerts
190 │ │ │ └── [email protected]
191 │ │ └── tlscacerts
192 │ │ └── tlsca.org2.example.com-cert.pem
193 │ └── tls
194 │ ├── ca.crt
195 │ ├── server.crt
196 │ └── server.key
197 └── [email protected]
198 ├── msp
199 │ ├── admincerts
200 │ │ └── [email protected]
201 │ ├── cacerts
202 │ │ └── ca.org2.example.com-cert.pem
203 │ ├── keystore
204 │ │ └── 5dea66d5f6468055771ab980629f12c384f9f436eb9aa383c1b7c0301b161c9d_sk
205 │ ├── signcerts
206 │ │ └── [email protected]
207 │ └── tlscacerts
208 │ └── tlsca.org2.example.com-cert.pem
209 └── tls
210 ├── ca.crt
211 ├── server.crt
212 └── server.key
2.2 配置生成器
configtxgen工具用于生成配置,configtxgen使用configtx.yaml配置文件。
1---
2Profiles:
3
4 TwoOrgsOrdererGenesis:
5 Orderer:
6 <<: *OrdererDefaults
7 Organizations:
8 - *OrdererOrg
9 Consortiums:
10 SampleConsortium:
11 Organizations:
12 - *Org1
13 - *Org2
14 TwoOrgsChannel:
15 Consortium: SampleConsortium
16 Application:
17 <<: *ApplicationDefaults
18 Organizations:
19 - *Org1
20 - *Org2
21Organizations:
22 - &OrdererOrg
23 Name: OrdererOrg
24 ID: OrdererMSP
25 MSPDir: crypto-config/ordererOrganizations/example.com/msp
26 - &Org1
27 Name: Org1MSP
28 ID: Org1MSP
29 MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
30 AnchorPeers:
31 - Host: peer0.org1.example.com
32 Port: 7051
33 - &Org2
34 Name: Org2MSP
35 ID: Org2MSP
36 MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
37 AnchorPeers:
38 - Host: peer0.org2.example.com
39 Port: 7051
40Orderer: &OrdererDefaults
41 OrdererType: solo
42 Addresses:
43 - orderer.example.com:7050
44 BatchTimeout: 2s
45 BatchSize:
46 MaxMessageCount: 10
47 AbsoluteMaxBytes: 99 MB
48 PreferredMaxBytes: 512 KB
49 Kafka:
50 Brokers:
51 - 127.0.0.1:9092
52 Organizations:
53Application: &ApplicationDefaults
54 Organizations:
2.3 手动生成证书和配置
byfn.sh脚本调用cryptogen和configtxgen工具来生成证书、密钥和各种配置。如果需要手动生成,可以参考byfn.sh脚本中的generateCerts和generateChannelArtifacts函数。
3.启动网络
执行./byfn.sh -m up -i 1.0.6命令启动网络。
使用docker ps查看启动的容器:
1docker ps
2CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
348f8a046333b dev-peer1.org2.example.com-mycc-1.0-26c2ef32838554aac4f7ad6f100aca865e87959c9a126e86d764c8d01f8346ab "chaincode -peer.add…" 13 minutes ago Up 13 minutes dev-peer1.org2.example.com-mycc-1.0
4dc491209351b dev-peer0.org1.example.com-mycc-1.0-384f11f484b9302df90b453200cfb25174305fce8f53f4e94d45ee3b6cab0ce9 "chaincode -peer.add…" 13 minutes ago Up 13 minutes dev-peer0.org1.example.com-mycc-1.0
5bb8745578985 dev-peer0.org2.example.com-mycc-1.0-15b571b3ce849066b7ec74497da3b27e54e0df1345daff3951b94245ce09c42b "chaincode -peer.add…" 14 minutes ago Up 14 minutes dev-peer0.org2.example.com-mycc-1.0
6d6f8bbaf0bfa hyperledger/fabric-peer:x86_64-1.0.6 "peer node start" 15 minutes ago Up 15 minutes 0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp peer0.org2.example.com
79a403fba27c0 hyperledger/fabric-peer:x86_64-1.0.6 "peer node start" 15 minutes ago Up 15 minutes 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp peer0.org1.example.com
8f742c65eea02 hyperledger/fabric-peer:x86_64-1.0.6 "peer node start" 15 minutes ago Up 15 minutes 0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp peer1.org1.example.com
9bc0099fe09d3 hyperledger/fabric-peer:x86_64-1.0.6 "peer node start" 15 minutes ago Up 15 minutes 0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp peer1.org2.example.com
1084febb72fea7 hyperledger/fabric-orderer:x86_64-1.0.6 "orderer" 15 minutes ago Up 15 minutes 0.0.0.0:7050->7050/tcp orderer.example.com
精简一下输出的内容,只留下容器的名字:
1dev-peer1.org2.example.com-mycc-1.0
2dev-peer0.org1.example.com-mycc-1.0
3dev-peer0.org2.example.com-mycc-1.0
4peer0.org2.example.com
5peer0.org1.example.com
6peer1.org1.example.com
7peer1.org2.example.com
8orderer.example.com
可以看到前3个是chaincode容器,后边4个是分属于org1和org2的peer节点容器,最后是一个orderer节点容器。
4.关闭网络
执行./byfn.sh -m down关闭网络。