0.Hyperledger Fabric学习笔记目录
- Hyperledger Fabric的安装和体验
- 初识Hyperledger Fabric网络节点和交易流程
- Hyperledger Fabric 1.0的架构
- 构建第一个Hyperledger Fabric网络
通过前面学习,已经对Hyperledger Fabric的架构、网络节点、交易流程有了初步的认识,并且快速搭建和体验了一下fabric-samples-1.0.6中的basic-network示例。
学习也是一个不断迭代和深入的过程,本篇我们将按照Hyperledger Doc: Building Your First Network,体验fabric-samples-1.0.6中的first-network示例。
first-network这个示例的场景是由两个组织组成Hyperledger Fabric的网络,其中只有一个orderer节点,每个组织有2个peer节点。
1.预备环境
我们使用CentOS 7.4主机作为运行环境,已经安装好了docker和docker-compose。
同时需要下载好fabric-samples-1.0.6。
wget https://github.com/hyperledger/fabric-samples/archive/v1.0.6.tar.gz -O fabric-samples-v1.0.6.tar.gz
tar -zxvf fabric-samples-v1.0.6.tar.gz进入到first-network目录:
cd fabric-samples-1.0.6/first-network/
ls
base byfn.sh channel-artifacts configtx.yaml crypto-config.yaml docker-compose-cli.yaml docker-compose-couch.yaml docker-compose-e2e-template.yaml README.md scripts其中byfn.sh是一个完整的脚本,提供了快速引导启动4个分别属于两个不同组织的peer节点容器和一个排序服务orderer节点容器成的Hyperledger Fabric网络。这个脚本还将启动一个容器来运行将peer节点加入channel,部署实例化chaincode以及驱动以及部署的chaincode执行交易的脚本。
./byfn.sh -h
Usage:
byfn.sh -m up|down|restart|generate [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>] [-i <imagetag>]
byfn.sh -h|--help (print this message)
-m <mode> - one of 'up', 'down', 'restart' or 'generate'
- 'up' - bring up the network with docker-compose up
- 'down' - clear the network with docker-compose down
- 'restart' - restart the network
- 'generate' - generate required certificates and genesis block
-c <channel name> - channel name to use (defaults to "mychannel")
-t <timeout> - CLI timeout duration in microseconds (defaults to 10000)
-d <delay> - delay duration in seconds (defaults to 3)
-f <docker-compose-file> - specify which docker-compose file use (defaults to docker-compose-cli.yaml)
-s <dbtype> - the database backend to use: goleveldb (default) or couchdb
-i <imagetag> - pass the image tag to launch the network using the tag: 1.0.1, 1.0.2, 1.0.3, 1.0.4 (defaults to latest)
Typically, one would first generate the required certificates and
genesis block, then bring up the network. e.g.:
byfn.sh -m generate -c mychannel
byfn.sh -m up -c mychannel -s couchdb
byfn.sh -m up -c mychannel -s couchdb -i 1.0.6
byfn.sh -m down -c mychannel
Taking all defaults:
byfn.sh -m generate
byfn.sh -m up
byfn.sh -m down2.生成证书和创世区块
将前面在Hyperledger Fabric的安装和体验中下载的二进制文件cryptogen、configtxgen拷贝到first-network目录下。
执行./byfn.sh -m generate命令,并且伴随着yes/no的交互就可以生成证书和创世区块。
./byfn.sh -m generate
Generating certs and genesis block for with channel 'mychannel' and CLI timeout of '10'
Continue (y/n)? y
proceeding ...
/root/fabric-samples-1.0.6/first-network/cryptogen
##########################################################
##### Generate certificates using cryptogen tool #########
##########################################################
org1.example.com
org2.example.com
/root/fabric-samples-1.0.6/first-network/configtxgen
##########################################################
######### Generating Orderer Genesis block ##############
##########################################################
2018-03-11 18:14:39.277 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.314 CST [common/configtx/tool] doOutputBlock -> INFO 002 Generating genesis block
2018-03-11 18:14:39.315 CST [common/configtx/tool] doOutputBlock -> INFO 003 Writing genesis block
#################################################################
### Generating channel configuration transaction 'channel.tx' ###
#################################################################
2018-03-11 18:14:39.326 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.330 CST [common/configtx/tool] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
2018-03-11 18:14:39.330 CST [common/configtx/tool] doOutputChannelCreateTx -> INFO 003 Writing new channel tx
#################################################################
####### Generating anchor peer update for Org1MSP ##########
#################################################################
2018-03-11 18:14:39.346 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.351 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
2018-03-11 18:14:39.351 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update
#################################################################
####### Generating anchor peer update for Org2MSP ##########
#################################################################
2018-03-11 18:14:39.364 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.368 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
2018-03-11 18:14:39.368 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update2.1 证书生成器
cryptogen工具生成各种网络节点的证书,证书标识这些网络节点的身份,在进行通信和交易时网络节点将使用它们进行签名和身份认证。
cryptogen需要使用一个crypto-config.yaml配置文件,我们看一下first-network目录下的这个配置文件,下面的内容去掉了原文件中的注释:
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.example.com
Template:
Count: 2
Users:
Count: 1
- Name: Org2
Domain: org2.example.com
Template:
Count: 2
Users:
Count: 1生成的证书在crypto-config目录下:
tree crypto-config
crypto-config
├── ordererOrganizations
│ └── example.com
│ ├── ca
│ │ ├── 3edc86eff3a9a3b63349846076b3a6e291ec8642265855720bc5593879cbeec4_sk
│ │ └── ca.example.com-cert.pem
│ ├── msp
│ │ ├── admincerts
│ │ │ └── [email protected]
│ │ ├── cacerts
│ │ │ └── ca.example.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.example.com-cert.pem
│ ├── orderers
│ │ └── orderer.example.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── [email protected]
│ │ │ ├── cacerts
│ │ │ │ └── ca.example.com-cert.pem
│ │ │ ├── keystore
│ │ │ │ └── b89caf945a67154ecf7a9c57de32f66e86f59e29998206bf54c9df0067201c94_sk
│ │ │ ├── signcerts
│ │ │ │ └── orderer.example.com-cert.pem
│ │ │ └── tlscacerts
│ │ │ └── tlsca.example.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ ├── tlsca
│ │ ├── ef9eec33e81a1a3097be31c4bff01e516bb53cc4ca2d7e88e6f3c04f0cb78c40_sk
│ │ └── tlsca.example.com-cert.pem
│ └── users
│ └── [email protected]
│ ├── msp
│ │ ├── admincerts
│ │ │ └── [email protected]
│ │ ├── cacerts
│ │ │ └── ca.example.com-cert.pem
│ │ ├── keystore
│ │ │ └── bdbee7a5ce4c779e0f67e7d1baee2cc6ad4090604f02b2ae31ee613b4bb75569_sk
│ │ ├── signcerts
│ │ │ └── [email protected]
│ │ └── tlscacerts
│ │ └── tlsca.example.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
└── peerOrganizations
├── org1.example.com
│ ├── ca
│ │ ├── c2524b8b8eba23710f11e44947fa0a3eadeb888003a8bd79ee34941790276fb7_sk
│ │ └── ca.org1.example.com-cert.pem
│ ├── msp
│ │ ├── admincerts
│ │ │ └── [email protected]
│ │ ├── cacerts
│ │ │ └── ca.org1.example.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.org1.example.com-cert.pem
│ ├── peers
│ │ ├── peer0.org1.example.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── [email protected]
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.org1.example.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 8783f652b82eafb73350cf76a98b5b1156e1975605b00c6b2bad49912e93d276_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── peer0.org1.example.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.org1.example.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ └── peer1.org1.example.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── [email protected]
│ │ │ ├── cacerts
│ │ │ │ └── ca.org1.example.com-cert.pem
│ │ │ ├── keystore
│ │ │ │ └── 45c4785a5fb9eb2b45e560c5827162a8c52a960edc68d1daecfca9f089e06f2e_sk
│ │ │ ├── signcerts
│ │ │ │ └── peer1.org1.example.com-cert.pem
│ │ │ └── tlscacerts
│ │ │ └── tlsca.org1.example.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ ├── tlsca
│ │ ├── 719dbe0ab05f0a537bb20109a47ffe53f44373df0f67c1741d173b423006cea1_sk
│ │ └── tlsca.org1.example.com-cert.pem
│ └── users
│ ├── [email protected]
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── [email protected]
│ │ │ ├── cacerts
│ │ │ │ └── ca.org1.example.com-cert.pem
│ │ │ ├── keystore
│ │ │ │ └── af25ff531dd7dc81944f56511fb48b32a4e3fdab525bfebfd776d29630192166_sk
│ │ │ ├── signcerts
│ │ │ │ └── [email protected]
│ │ │ └── tlscacerts
│ │ │ └── tlsca.org1.example.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ └── [email protected]
│ ├── msp
│ │ ├── admincerts
│ │ │ └── [email protected]
│ │ ├── cacerts
│ │ │ └── ca.org1.example.com-cert.pem
│ │ ├── keystore
│ │ │ └── f8cbb26435bbcd1be6ac977ce017863349b313f9b52636e2a085ba96a3fd45d4_sk
│ │ ├── signcerts
│ │ │ └── [email protected]
│ │ └── tlscacerts
│ │ └── tlsca.org1.example.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
└── org2.example.com
├── ca
│ ├── 51e9045cf510bcdf462c0348df5f520c3ff3fba1d718f05fcd9793d30fe929ba_sk
│ └── ca.org2.example.com-cert.pem
├── msp
│ ├── admincerts
│ │ └── [email protected]
│ ├── cacerts
│ │ └── ca.org2.example.com-cert.pem
│ └── tlscacerts
│ └── tlsca.org2.example.com-cert.pem
├── peers
│ ├── peer0.org2.example.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── [email protected]
│ │ │ ├── cacerts
│ │ │ │ └── ca.org2.example.com-cert.pem
│ │ │ ├── keystore
│ │ │ │ └── e459cc7423369250cb580cef745b69cffc0f157f30227ed5a2e5bde0086e9211_sk
│ │ │ ├── signcerts
│ │ │ │ └── peer0.org2.example.com-cert.pem
│ │ │ └── tlscacerts
│ │ │ └── tlsca.org2.example.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ └── peer1.org2.example.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── [email protected]
│ │ ├── cacerts
│ │ │ └── ca.org2.example.com-cert.pem
│ │ ├── keystore
│ │ │ └── b324a608a243296348910776b6a9490add441722fa892b044d35ef3ea5a5436c_sk
│ │ ├── signcerts
│ │ │ └── peer1.org2.example.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.org2.example.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
├── tlsca
│ ├── 538884ef1875b1388e072a0d6eaa8e6ef9a3cf618305edd4fdfcdd759ae450e3_sk
│ └── tlsca.org2.example.com-cert.pem
└── users
├── [email protected]
│ ├── msp
│ │ ├── admincerts
│ │ │ └── [email protected]
│ │ ├── cacerts
│ │ │ └── ca.org2.example.com-cert.pem
│ │ ├── keystore
│ │ │ └── 6942266e617cdd51becb5719f7dcc7db00cbda42eec299fd9bdca4a96ab3c709_sk
│ │ ├── signcerts
│ │ │ └── [email protected]
│ │ └── tlscacerts
│ │ └── tlsca.org2.example.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
└── [email protected]
├── msp
│ ├── admincerts
│ │ └── [email protected]
│ ├── cacerts
│ │ └── ca.org2.example.com-cert.pem
│ ├── keystore
│ │ └── 5dea66d5f6468055771ab980629f12c384f9f436eb9aa383c1b7c0301b161c9d_sk
│ ├── signcerts
│ │ └── [email protected]
│ └── tlscacerts
│ └── tlsca.org2.example.com-cert.pem
└── tls
├── ca.crt
├── server.crt
└── server.key2.2 配置生成器
configtxgen工具用于生成配置,configtxgen使用configtx.yaml配置文件。
---
Profiles:
TwoOrgsOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Application: &ApplicationDefaults
Organizations:2.3 手动生成证书和配置
byfn.sh脚本调用cryptogen和configtxgen工具来生成证书、密钥和各种配置。如果需要手动生成,可以参考byfn.sh脚本中的generateCerts和generateChannelArtifacts函数。
3.启动网络
执行./byfn.sh -m up -i 1.0.6命令启动网络。
使用docker ps查看启动的容器:
docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
48f8a046333b dev-peer1.org2.example.com-mycc-1.0-26c2ef32838554aac4f7ad6f100aca865e87959c9a126e86d764c8d01f8346ab "chaincode -peer.add…" 13 minutes ago Up 13 minutes dev-peer1.org2.example.com-mycc-1.0
dc491209351b dev-peer0.org1.example.com-mycc-1.0-384f11f484b9302df90b453200cfb25174305fce8f53f4e94d45ee3b6cab0ce9 "chaincode -peer.add…" 13 minutes ago Up 13 minutes dev-peer0.org1.example.com-mycc-1.0
bb8745578985 dev-peer0.org2.example.com-mycc-1.0-15b571b3ce849066b7ec74497da3b27e54e0df1345daff3951b94245ce09c42b "chaincode -peer.add…" 14 minutes ago Up 14 minutes dev-peer0.org2.example.com-mycc-1.0
d6f8bbaf0bfa hyperledger/fabric-peer:x86_64-1.0.6 "peer node start" 15 minutes ago Up 15 minutes 0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp peer0.org2.example.com
9a403fba27c0 hyperledger/fabric-peer:x86_64-1.0.6 "peer node start" 15 minutes ago Up 15 minutes 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp peer0.org1.example.com
f742c65eea02 hyperledger/fabric-peer:x86_64-1.0.6 "peer node start" 15 minutes ago Up 15 minutes 0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp peer1.org1.example.com
bc0099fe09d3 hyperledger/fabric-peer:x86_64-1.0.6 "peer node start" 15 minutes ago Up 15 minutes 0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp peer1.org2.example.com
84febb72fea7 hyperledger/fabric-orderer:x86_64-1.0.6 "orderer" 15 minutes ago Up 15 minutes 0.0.0.0:7050->7050/tcp orderer.example.com精简一下输出的内容,只留下容器的名字:
dev-peer1.org2.example.com-mycc-1.0
dev-peer0.org1.example.com-mycc-1.0
dev-peer0.org2.example.com-mycc-1.0
peer0.org2.example.com
peer0.org1.example.com
peer1.org1.example.com
peer1.org2.example.com
orderer.example.com可以看到前3个是chaincode容器,后边4个是分属于org1和org2的peer节点容器,最后是一个orderer节点容器。
4.关闭网络
执行./byfn.sh -m down关闭网络。