0.Hyperledger Fabric学习笔记目录

  1. Hyperledger Fabric的安装和体验
  2. 初识Hyperledger Fabric网络节点和交易流程
  3. Hyperledger Fabric 1.0的架构
  4. 构建第一个Hyperledger Fabric网络

通过前面学习,已经对Hyperledger Fabric的架构、网络节点、交易流程有了初步的认识,并且快速搭建和体验了一下fabric-samples-1.0.6中的basic-network示例。 学习也是一个不断迭代和深入的过程,本篇我们将按照Hyperledger Doc: Building Your First Network,体验fabric-samples-1.0.6中的first-network示例。

first-network这个示例的场景是由两个组织组成Hyperledger Fabric的网络,其中只有一个orderer节点,每个组织有2个peer节点。

1.预备环境

我们使用CentOS 7.4主机作为运行环境,已经安装好了docker和docker-compose。

同时需要下载好fabric-samples-1.0.6

1
2
wget https://github.com/hyperledger/fabric-samples/archive/v1.0.6.tar.gz -O fabric-samples-v1.0.6.tar.gz
tar -zxvf fabric-samples-v1.0.6.tar.gz

进入到first-network目录:

1
2
3
4
cd fabric-samples-1.0.6/first-network/

ls
base  byfn.sh  channel-artifacts  configtx.yaml  crypto-config.yaml  docker-compose-cli.yaml  docker-compose-couch.yaml  docker-compose-e2e-template.yaml  README.md  scripts

其中byfn.sh是一个完整的脚本,提供了快速引导启动4个分别属于两个不同组织的peer节点容器和一个排序服务orderer节点容器成的Hyperledger Fabric网络。这个脚本还将启动一个容器来运行将peer节点加入channel,部署实例化chaincode以及驱动以及部署的chaincode执行交易的脚本。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
./byfn.sh -h
Usage:
  byfn.sh -m up|down|restart|generate [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>] [-i <imagetag>]
  byfn.sh -h|--help (print this message)
    -m <mode> - one of 'up', 'down', 'restart' or 'generate'
      - 'up' - bring up the network with docker-compose up
      - 'down' - clear the network with docker-compose down
      - 'restart' - restart the network
      - 'generate' - generate required certificates and genesis block
    -c <channel name> - channel name to use (defaults to "mychannel")
    -t <timeout> - CLI timeout duration in microseconds (defaults to 10000)
    -d <delay> - delay duration in seconds (defaults to 3)
    -f <docker-compose-file> - specify which docker-compose file use (defaults to docker-compose-cli.yaml)
    -s <dbtype> - the database backend to use: goleveldb (default) or couchdb
    -i <imagetag> - pass the image tag to launch the network using the tag: 1.0.1, 1.0.2, 1.0.3, 1.0.4 (defaults to latest)

Typically, one would first generate the required certificates and
genesis block, then bring up the network. e.g.:

        byfn.sh -m generate -c mychannel
        byfn.sh -m up -c mychannel -s couchdb
        byfn.sh -m up -c mychannel -s couchdb -i 1.0.6
        byfn.sh -m down -c mychannel

Taking all defaults:
        byfn.sh -m generate
        byfn.sh -m up
        byfn.sh -m down

2.生成证书和创世区块

将前面在Hyperledger Fabric的安装和体验中下载的二进制文件cryptogen、configtxgen拷贝到first-network目录下。

执行./byfn.sh -m generate命令,并且伴随着yes/no的交互就可以生成证书和创世区块。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
./byfn.sh -m generate
Generating certs and genesis block for with channel 'mychannel' and CLI timeout of '10'
Continue (y/n)? y
proceeding ...
/root/fabric-samples-1.0.6/first-network/cryptogen

##########################################################
##### Generate certificates using cryptogen tool #########
##########################################################
org1.example.com
org2.example.com

/root/fabric-samples-1.0.6/first-network/configtxgen
##########################################################
#########  Generating Orderer Genesis block ##############
##########################################################
2018-03-11 18:14:39.277 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.314 CST [common/configtx/tool] doOutputBlock -> INFO 002 Generating genesis block
2018-03-11 18:14:39.315 CST [common/configtx/tool] doOutputBlock -> INFO 003 Writing genesis block

#################################################################
### Generating channel configuration transaction 'channel.tx' ###
#################################################################
2018-03-11 18:14:39.326 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.330 CST [common/configtx/tool] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
2018-03-11 18:14:39.330 CST [common/configtx/tool] doOutputChannelCreateTx -> INFO 003 Writing new channel tx

#################################################################
#######    Generating anchor peer update for Org1MSP   ##########
#################################################################
2018-03-11 18:14:39.346 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.351 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
2018-03-11 18:14:39.351 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update

#################################################################
#######    Generating anchor peer update for Org2MSP   ##########
#################################################################
2018-03-11 18:14:39.364 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.368 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
2018-03-11 18:14:39.368 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update

2.1 证书生成器

cryptogen工具生成各种网络节点的证书,证书标识这些网络节点的身份,在进行通信和交易时网络节点将使用它们进行签名和身份认证。 cryptogen需要使用一个crypto-config.yaml配置文件,我们看一下first-network目录下的这个配置文件,下面的内容去掉了原文件中的注释:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
OrdererOrgs:
  - Name: Orderer
    Domain: example.com
    Specs:
      - Hostname: orderer
PeerOrgs:
  - Name: Org1
    Domain: org1.example.com
    Template:
      Count: 2
    Users:
      Count: 1
  - Name: Org2
    Domain: org2.example.com
    Template:
      Count: 2
    Users:
      Count: 1

生成的证书在crypto-config目录下:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
tree crypto-config
crypto-config
├── ordererOrganizations
│   └── example.com
│       ├── ca
│       │   ├── 3edc86eff3a9a3b63349846076b3a6e291ec8642265855720bc5593879cbeec4_sk
│       │   └── ca.example.com-cert.pem
│       ├── msp
│       │   ├── admincerts
│       │   │   └── Admin@example.com-cert.pem
│       │   ├── cacerts
│       │   │   └── ca.example.com-cert.pem
│       │   └── tlscacerts
│       │       └── tlsca.example.com-cert.pem
│       ├── orderers
│       │   └── orderer.example.com
│       │       ├── msp
│       │       │   ├── admincerts
│       │       │   │   └── Admin@example.com-cert.pem
│       │       │   ├── cacerts
│       │       │   │   └── ca.example.com-cert.pem
│       │       │   ├── keystore
│       │       │   │   └── b89caf945a67154ecf7a9c57de32f66e86f59e29998206bf54c9df0067201c94_sk
│       │       │   ├── signcerts
│       │       │   │   └── orderer.example.com-cert.pem
│       │       │   └── tlscacerts
│       │       │       └── tlsca.example.com-cert.pem
│       │       └── tls
│       │           ├── ca.crt
│       │           ├── server.crt
│       │           └── server.key
│       ├── tlsca
│       │   ├── ef9eec33e81a1a3097be31c4bff01e516bb53cc4ca2d7e88e6f3c04f0cb78c40_sk
│       │   └── tlsca.example.com-cert.pem
│       └── users
│           └── Admin@example.com
│               ├── msp
│               │   ├── admincerts
│               │   │   └── Admin@example.com-cert.pem
│               │   ├── cacerts
│               │   │   └── ca.example.com-cert.pem
│               │   ├── keystore
│               │   │   └── bdbee7a5ce4c779e0f67e7d1baee2cc6ad4090604f02b2ae31ee613b4bb75569_sk
│               │   ├── signcerts
│               │   │   └── Admin@example.com-cert.pem
│               │   └── tlscacerts
│               │       └── tlsca.example.com-cert.pem
│               └── tls
│                   ├── ca.crt
│                   ├── server.crt
│                   └── server.key
└── peerOrganizations
    ├── org1.example.com
    │   ├── ca
    │   │   ├── c2524b8b8eba23710f11e44947fa0a3eadeb888003a8bd79ee34941790276fb7_sk
    │   │   └── ca.org1.example.com-cert.pem
    │   ├── msp
    │   │   ├── admincerts
    │   │   │   └── Admin@org1.example.com-cert.pem
    │   │   ├── cacerts
    │   │   │   └── ca.org1.example.com-cert.pem
    │   │   └── tlscacerts
    │   │       └── tlsca.org1.example.com-cert.pem
    │   ├── peers
    │   │   ├── peer0.org1.example.com
    │   │   │   ├── msp
    │   │   │   │   ├── admincerts
    │   │   │   │   │   └── Admin@org1.example.com-cert.pem
    │   │   │   │   ├── cacerts
    │   │   │   │   │   └── ca.org1.example.com-cert.pem
    │   │   │   │   ├── keystore
    │   │   │   │   │   └── 8783f652b82eafb73350cf76a98b5b1156e1975605b00c6b2bad49912e93d276_sk
    │   │   │   │   ├── signcerts
    │   │   │   │   │   └── peer0.org1.example.com-cert.pem
    │   │   │   │   └── tlscacerts
    │   │   │   │       └── tlsca.org1.example.com-cert.pem
    │   │   │   └── tls
    │   │   │       ├── ca.crt
    │   │   │       ├── server.crt
    │   │   │       └── server.key
    │   │   └── peer1.org1.example.com
    │   │       ├── msp
    │   │       │   ├── admincerts
    │   │       │   │   └── Admin@org1.example.com-cert.pem
    │   │       │   ├── cacerts
    │   │       │   │   └── ca.org1.example.com-cert.pem
    │   │       │   ├── keystore
    │   │       │   │   └── 45c4785a5fb9eb2b45e560c5827162a8c52a960edc68d1daecfca9f089e06f2e_sk
    │   │       │   ├── signcerts
    │   │       │   │   └── peer1.org1.example.com-cert.pem
    │   │       │   └── tlscacerts
    │   │       │       └── tlsca.org1.example.com-cert.pem
    │   │       └── tls
    │   │           ├── ca.crt
    │   │           ├── server.crt
    │   │           └── server.key
    │   ├── tlsca
    │   │   ├── 719dbe0ab05f0a537bb20109a47ffe53f44373df0f67c1741d173b423006cea1_sk
    │   │   └── tlsca.org1.example.com-cert.pem
    │   └── users
    │       ├── Admin@org1.example.com
    │       │   ├── msp
    │       │   │   ├── admincerts
    │       │   │   │   └── Admin@org1.example.com-cert.pem
    │       │   │   ├── cacerts
    │       │   │   │   └── ca.org1.example.com-cert.pem
    │       │   │   ├── keystore
    │       │   │   │   └── af25ff531dd7dc81944f56511fb48b32a4e3fdab525bfebfd776d29630192166_sk
    │       │   │   ├── signcerts
    │       │   │   │   └── Admin@org1.example.com-cert.pem
    │       │   │   └── tlscacerts
    │       │   │       └── tlsca.org1.example.com-cert.pem
    │       │   └── tls
    │       │       ├── ca.crt
    │       │       ├── server.crt
    │       │       └── server.key
    │       └── User1@org1.example.com
    │           ├── msp
    │           │   ├── admincerts
    │           │   │   └── User1@org1.example.com-cert.pem
    │           │   ├── cacerts
    │           │   │   └── ca.org1.example.com-cert.pem
    │           │   ├── keystore
    │           │   │   └── f8cbb26435bbcd1be6ac977ce017863349b313f9b52636e2a085ba96a3fd45d4_sk
    │           │   ├── signcerts
    │           │   │   └── User1@org1.example.com-cert.pem
    │           │   └── tlscacerts
    │           │       └── tlsca.org1.example.com-cert.pem
    │           └── tls
    │               ├── ca.crt
    │               ├── server.crt
    │               └── server.key
    └── org2.example.com
        ├── ca
        │   ├── 51e9045cf510bcdf462c0348df5f520c3ff3fba1d718f05fcd9793d30fe929ba_sk
        │   └── ca.org2.example.com-cert.pem
        ├── msp
        │   ├── admincerts
        │   │   └── Admin@org2.example.com-cert.pem
        │   ├── cacerts
        │   │   └── ca.org2.example.com-cert.pem
        │   └── tlscacerts
        │       └── tlsca.org2.example.com-cert.pem
        ├── peers
        │   ├── peer0.org2.example.com
        │   │   ├── msp
        │   │   │   ├── admincerts
        │   │   │   │   └── Admin@org2.example.com-cert.pem
        │   │   │   ├── cacerts
        │   │   │   │   └── ca.org2.example.com-cert.pem
        │   │   │   ├── keystore
        │   │   │   │   └── e459cc7423369250cb580cef745b69cffc0f157f30227ed5a2e5bde0086e9211_sk
        │   │   │   ├── signcerts
        │   │   │   │   └── peer0.org2.example.com-cert.pem
        │   │   │   └── tlscacerts
        │   │   │       └── tlsca.org2.example.com-cert.pem
        │   │   └── tls
        │   │       ├── ca.crt
        │   │       ├── server.crt
        │   │       └── server.key
        │   └── peer1.org2.example.com
        │       ├── msp
        │       │   ├── admincerts
        │       │   │   └── Admin@org2.example.com-cert.pem
        │       │   ├── cacerts
        │       │   │   └── ca.org2.example.com-cert.pem
        │       │   ├── keystore
        │       │   │   └── b324a608a243296348910776b6a9490add441722fa892b044d35ef3ea5a5436c_sk
        │       │   ├── signcerts
        │       │   │   └── peer1.org2.example.com-cert.pem
        │       │   └── tlscacerts
        │       │       └── tlsca.org2.example.com-cert.pem
        │       └── tls
        │           ├── ca.crt
        │           ├── server.crt
        │           └── server.key
        ├── tlsca
        │   ├── 538884ef1875b1388e072a0d6eaa8e6ef9a3cf618305edd4fdfcdd759ae450e3_sk
        │   └── tlsca.org2.example.com-cert.pem
        └── users
            ├── Admin@org2.example.com
            │   ├── msp
            │   │   ├── admincerts
            │   │   │   └── Admin@org2.example.com-cert.pem
            │   │   ├── cacerts
            │   │   │   └── ca.org2.example.com-cert.pem
            │   │   ├── keystore
            │   │   │   └── 6942266e617cdd51becb5719f7dcc7db00cbda42eec299fd9bdca4a96ab3c709_sk
            │   │   ├── signcerts
            │   │   │   └── Admin@org2.example.com-cert.pem
            │   │   └── tlscacerts
            │   │       └── tlsca.org2.example.com-cert.pem
            │   └── tls
            │       ├── ca.crt
            │       ├── server.crt
            │       └── server.key
            └── User1@org2.example.com
                ├── msp
                │   ├── admincerts
                │   │   └── User1@org2.example.com-cert.pem
                │   ├── cacerts
                │   │   └── ca.org2.example.com-cert.pem
                │   ├── keystore
                │   │   └── 5dea66d5f6468055771ab980629f12c384f9f436eb9aa383c1b7c0301b161c9d_sk
                │   ├── signcerts
                │   │   └── User1@org2.example.com-cert.pem
                │   └── tlscacerts
                │       └── tlsca.org2.example.com-cert.pem
                └── tls
                    ├── ca.crt
                    ├── server.crt
                    └── server.key

2.2 配置生成器

configtxgen工具用于生成配置,configtxgen使用configtx.yaml配置文件。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
---
Profiles:

    TwoOrgsOrdererGenesis:
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
                    - *Org2
    TwoOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
Organizations:
    - &OrdererOrg
        Name: OrdererOrg
        ID: OrdererMSP
        MSPDir: crypto-config/ordererOrganizations/example.com/msp
    - &Org1
        Name: Org1MSP
        ID: Org1MSP
        MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
        AnchorPeers:
            - Host: peer0.org1.example.com
              Port: 7051
    - &Org2
        Name: Org2MSP
        ID: Org2MSP
        MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
        AnchorPeers:
            - Host: peer0.org2.example.com
              Port: 7051
Orderer: &OrdererDefaults
    OrdererType: solo
    Addresses:
        - orderer.example.com:7050
    BatchTimeout: 2s
    BatchSize:
        MaxMessageCount: 10
        AbsoluteMaxBytes: 99 MB
        PreferredMaxBytes: 512 KB
    Kafka:
        Brokers:
            - 127.0.0.1:9092
    Organizations:
Application: &ApplicationDefaults
    Organizations:

2.3 手动生成证书和配置

byfn.sh脚本调用cryptogen和configtxgen工具来生成证书、密钥和各种配置。如果需要手动生成,可以参考byfn.sh脚本中的generateCerts和generateChannelArtifacts函数。

3.启动网络

执行./byfn.sh -m up -i 1.0.6命令启动网络。

使用docker ps查看启动的容器:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
docker ps
CONTAINER ID        IMAGE                                                                                                  COMMAND                  CREATED             STATUS              PORTS                                              NAMES
48f8a046333b        dev-peer1.org2.example.com-mycc-1.0-26c2ef32838554aac4f7ad6f100aca865e87959c9a126e86d764c8d01f8346ab   "chaincode -peer.add…"   13 minutes ago      Up 13 minutes                                                          dev-peer1.org2.example.com-mycc-1.0
dc491209351b        dev-peer0.org1.example.com-mycc-1.0-384f11f484b9302df90b453200cfb25174305fce8f53f4e94d45ee3b6cab0ce9   "chaincode -peer.add…"   13 minutes ago      Up 13 minutes                                                          dev-peer0.org1.example.com-mycc-1.0
bb8745578985        dev-peer0.org2.example.com-mycc-1.0-15b571b3ce849066b7ec74497da3b27e54e0df1345daff3951b94245ce09c42b   "chaincode -peer.add…"   14 minutes ago      Up 14 minutes                                                          dev-peer0.org2.example.com-mycc-1.0
d6f8bbaf0bfa        hyperledger/fabric-peer:x86_64-1.0.6                                                                   "peer node start"        15 minutes ago      Up 15 minutes       0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp     peer0.org2.example.com
9a403fba27c0        hyperledger/fabric-peer:x86_64-1.0.6                                                                   "peer node start"        15 minutes ago      Up 15 minutes       0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp     peer0.org1.example.com
f742c65eea02        hyperledger/fabric-peer:x86_64-1.0.6                                                                   "peer node start"        15 minutes ago      Up 15 minutes       0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp     peer1.org1.example.com
bc0099fe09d3        hyperledger/fabric-peer:x86_64-1.0.6                                                                   "peer node start"        15 minutes ago      Up 15 minutes       0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp   peer1.org2.example.com
84febb72fea7        hyperledger/fabric-orderer:x86_64-1.0.6                                                                "orderer"                15 minutes ago      Up 15 minutes       0.0.0.0:7050->7050/tcp                             orderer.example.com

精简一下输出的内容,只留下容器的名字:

1
2
3
4
5
6
7
8
dev-peer1.org2.example.com-mycc-1.0
dev-peer0.org1.example.com-mycc-1.0
dev-peer0.org2.example.com-mycc-1.0
peer0.org2.example.com
peer0.org1.example.com
peer1.org1.example.com
peer1.org2.example.com
orderer.example.com

可以看到前3个是chaincode容器,后边4个是分属于org1和org2的peer节点容器,最后是一个orderer节点容器。

4.关闭网络

执行./byfn.sh -m down关闭网络。

参考