构建第一个Hyperledger Fabric网络

2018-03-11 阅读: Hyperledger Fabric

0.Hyperledger Fabric学习笔记目录

  1. Hyperledger Fabric的安装和体验
  2. 初识Hyperledger Fabric网络节点和交易流程
  3. Hyperledger Fabric 1.0的架构
  4. 构建第一个Hyperledger Fabric网络

通过前面学习,已经对Hyperledger Fabric的架构、网络节点、交易流程有了初步的认识,并且快速搭建和体验了一下fabric-samples-1.0.6中的basic-network示例。 学习也是一个不断迭代和深入的过程,本篇我们将按照Hyperledger Doc: Building Your First Network,体验fabric-samples-1.0.6中的first-network示例。

first-network这个示例的场景是由两个组织组成Hyperledger Fabric的网络,其中只有一个orderer节点,每个组织有2个peer节点。

1.预备环境

我们使用CentOS 7.4主机作为运行环境,已经安装好了docker和docker-compose。

同时需要下载好fabric-samples-1.0.6

wget https://github.com/hyperledger/fabric-samples/archive/v1.0.6.tar.gz -O fabric-samples-v1.0.6.tar.gz
tar -zxvf fabric-samples-v1.0.6.tar.gz

进入到first-network目录:

cd fabric-samples-1.0.6/first-network/

ls
base  byfn.sh  channel-artifacts  configtx.yaml  crypto-config.yaml  docker-compose-cli.yaml  docker-compose-couch.yaml  docker-compose-e2e-template.yaml  README.md  scripts

其中byfn.sh是一个完整的脚本,提供了快速引导启动4个分别属于两个不同组织的peer节点容器和一个排序服务orderer节点容器成的Hyperledger Fabric网络。这个脚本还将启动一个容器来运行将peer节点加入channel,部署实例化chaincode以及驱动以及部署的chaincode执行交易的脚本。

./byfn.sh -h
Usage:
  byfn.sh -m up|down|restart|generate [-c <channel name>] [-t <timeout>] [-d <delay>] [-f <docker-compose-file>] [-s <dbtype>] [-i <imagetag>]
  byfn.sh -h|--help (print this message)
    -m <mode> - one of 'up', 'down', 'restart' or 'generate'
      - 'up' - bring up the network with docker-compose up
      - 'down' - clear the network with docker-compose down
      - 'restart' - restart the network
      - 'generate' - generate required certificates and genesis block
    -c <channel name> - channel name to use (defaults to "mychannel")
    -t <timeout> - CLI timeout duration in microseconds (defaults to 10000)
    -d <delay> - delay duration in seconds (defaults to 3)
    -f <docker-compose-file> - specify which docker-compose file use (defaults to docker-compose-cli.yaml)
    -s <dbtype> - the database backend to use: goleveldb (default) or couchdb
    -i <imagetag> - pass the image tag to launch the network using the tag: 1.0.1, 1.0.2, 1.0.3, 1.0.4 (defaults to latest)

Typically, one would first generate the required certificates and
genesis block, then bring up the network. e.g.:

        byfn.sh -m generate -c mychannel
        byfn.sh -m up -c mychannel -s couchdb
        byfn.sh -m up -c mychannel -s couchdb -i 1.0.6
        byfn.sh -m down -c mychannel

Taking all defaults:
        byfn.sh -m generate
        byfn.sh -m up
        byfn.sh -m down

2.生成证书和创世区块

将前面在Hyperledger Fabric的安装和体验中下载的二进制文件cryptogen、configtxgen拷贝到first-network目录下。

执行./byfn.sh -m generate命令,并且伴随着yes/no的交互就可以生成证书和创世区块。

./byfn.sh -m generate
Generating certs and genesis block for with channel 'mychannel' and CLI timeout of '10'
Continue (y/n)? y
proceeding ...
/root/fabric-samples-1.0.6/first-network/cryptogen

##########################################################
##### Generate certificates using cryptogen tool #########
##########################################################
org1.example.com
org2.example.com

/root/fabric-samples-1.0.6/first-network/configtxgen
##########################################################
#########  Generating Orderer Genesis block ##############
##########################################################
2018-03-11 18:14:39.277 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.314 CST [common/configtx/tool] doOutputBlock -> INFO 002 Generating genesis block
2018-03-11 18:14:39.315 CST [common/configtx/tool] doOutputBlock -> INFO 003 Writing genesis block

#################################################################
### Generating channel configuration transaction 'channel.tx' ###
#################################################################
2018-03-11 18:14:39.326 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.330 CST [common/configtx/tool] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
2018-03-11 18:14:39.330 CST [common/configtx/tool] doOutputChannelCreateTx -> INFO 003 Writing new channel tx

#################################################################
#######    Generating anchor peer update for Org1MSP   ##########
#################################################################
2018-03-11 18:14:39.346 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.351 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
2018-03-11 18:14:39.351 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update

#################################################################
#######    Generating anchor peer update for Org2MSP   ##########
#################################################################
2018-03-11 18:14:39.364 CST [common/configtx/tool] main -> INFO 001 Loading configuration
2018-03-11 18:14:39.368 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
2018-03-11 18:14:39.368 CST [common/configtx/tool] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update

2.1 证书生成器

cryptogen工具生成各种网络节点的证书,证书标识这些网络节点的身份,在进行通信和交易时网络节点将使用它们进行签名和身份认证。 cryptogen需要使用一个crypto-config.yaml配置文件,我们看一下first-network目录下的这个配置文件,下面的内容去掉了原文件中的注释:

OrdererOrgs:
  - Name: Orderer
    Domain: example.com
    Specs:
      - Hostname: orderer
PeerOrgs:
  - Name: Org1
    Domain: org1.example.com
    Template:
      Count: 2
    Users:
      Count: 1
  - Name: Org2
    Domain: org2.example.com
    Template:
      Count: 2
    Users:
      Count: 1

生成的证书在crypto-config目录下:

tree crypto-config
crypto-config
├── ordererOrganizations
│   └── example.com
│       ├── ca
│       │   ├── 3edc86eff3a9a3b63349846076b3a6e291ec8642265855720bc5593879cbeec4_sk
│       │   └── ca.example.com-cert.pem
│       ├── msp
│       │   ├── admincerts
│       │   │   └── Admin@example.com-cert.pem
│       │   ├── cacerts
│       │   │   └── ca.example.com-cert.pem
│       │   └── tlscacerts
│       │       └── tlsca.example.com-cert.pem
│       ├── orderers
│       │   └── orderer.example.com
│       │       ├── msp
│       │       │   ├── admincerts
│       │       │   │   └── Admin@example.com-cert.pem
│       │       │   ├── cacerts
│       │       │   │   └── ca.example.com-cert.pem
│       │       │   ├── keystore
│       │       │   │   └── b89caf945a67154ecf7a9c57de32f66e86f59e29998206bf54c9df0067201c94_sk
│       │       │   ├── signcerts
│       │       │   │   └── orderer.example.com-cert.pem
│       │       │   └── tlscacerts
│       │       │       └── tlsca.example.com-cert.pem
│       │       └── tls
│       │           ├── ca.crt
│       │           ├── server.crt
│       │           └── server.key
│       ├── tlsca
│       │   ├── ef9eec33e81a1a3097be31c4bff01e516bb53cc4ca2d7e88e6f3c04f0cb78c40_sk
│       │   └── tlsca.example.com-cert.pem
│       └── users
│           └── Admin@example.com
│               ├── msp
│               │   ├── admincerts
│               │   │   └── Admin@example.com-cert.pem
│               │   ├── cacerts
│               │   │   └── ca.example.com-cert.pem
│               │   ├── keystore
│               │   │   └── bdbee7a5ce4c779e0f67e7d1baee2cc6ad4090604f02b2ae31ee613b4bb75569_sk
│               │   ├── signcerts
│               │   │   └── Admin@example.com-cert.pem
│               │   └── tlscacerts
│               │       └── tlsca.example.com-cert.pem
│               └── tls
│                   ├── ca.crt
│                   ├── server.crt
│                   └── server.key
└── peerOrganizations
    ├── org1.example.com
    │   ├── ca
    │   │   ├── c2524b8b8eba23710f11e44947fa0a3eadeb888003a8bd79ee34941790276fb7_sk
    │   │   └── ca.org1.example.com-cert.pem
    │   ├── msp
    │   │   ├── admincerts
    │   │   │   └── Admin@org1.example.com-cert.pem
    │   │   ├── cacerts
    │   │   │   └── ca.org1.example.com-cert.pem
    │   │   └── tlscacerts
    │   │       └── tlsca.org1.example.com-cert.pem
    │   ├── peers
    │   │   ├── peer0.org1.example.com
    │   │   │   ├── msp
    │   │   │   │   ├── admincerts
    │   │   │   │   │   └── Admin@org1.example.com-cert.pem
    │   │   │   │   ├── cacerts
    │   │   │   │   │   └── ca.org1.example.com-cert.pem
    │   │   │   │   ├── keystore
    │   │   │   │   │   └── 8783f652b82eafb73350cf76a98b5b1156e1975605b00c6b2bad49912e93d276_sk
    │   │   │   │   ├── signcerts
    │   │   │   │   │   └── peer0.org1.example.com-cert.pem
    │   │   │   │   └── tlscacerts
    │   │   │   │       └── tlsca.org1.example.com-cert.pem
    │   │   │   └── tls
    │   │   │       ├── ca.crt
    │   │   │       ├── server.crt
    │   │   │       └── server.key
    │   │   └── peer1.org1.example.com
    │   │       ├── msp
    │   │       │   ├── admincerts
    │   │       │   │   └── Admin@org1.example.com-cert.pem
    │   │       │   ├── cacerts
    │   │       │   │   └── ca.org1.example.com-cert.pem
    │   │       │   ├── keystore
    │   │       │   │   └── 45c4785a5fb9eb2b45e560c5827162a8c52a960edc68d1daecfca9f089e06f2e_sk
    │   │       │   ├── signcerts
    │   │       │   │   └── peer1.org1.example.com-cert.pem
    │   │       │   └── tlscacerts
    │   │       │       └── tlsca.org1.example.com-cert.pem
    │   │       └── tls
    │   │           ├── ca.crt
    │   │           ├── server.crt
    │   │           └── server.key
    │   ├── tlsca
    │   │   ├── 719dbe0ab05f0a537bb20109a47ffe53f44373df0f67c1741d173b423006cea1_sk
    │   │   └── tlsca.org1.example.com-cert.pem
    │   └── users
    │       ├── Admin@org1.example.com
    │       │   ├── msp
    │       │   │   ├── admincerts
    │       │   │   │   └── Admin@org1.example.com-cert.pem
    │       │   │   ├── cacerts
    │       │   │   │   └── ca.org1.example.com-cert.pem
    │       │   │   ├── keystore
    │       │   │   │   └── af25ff531dd7dc81944f56511fb48b32a4e3fdab525bfebfd776d29630192166_sk
    │       │   │   ├── signcerts
    │       │   │   │   └── Admin@org1.example.com-cert.pem
    │       │   │   └── tlscacerts
    │       │   │       └── tlsca.org1.example.com-cert.pem
    │       │   └── tls
    │       │       ├── ca.crt
    │       │       ├── server.crt
    │       │       └── server.key
    │       └── User1@org1.example.com
    │           ├── msp
    │           │   ├── admincerts
    │           │   │   └── User1@org1.example.com-cert.pem
    │           │   ├── cacerts
    │           │   │   └── ca.org1.example.com-cert.pem
    │           │   ├── keystore
    │           │   │   └── f8cbb26435bbcd1be6ac977ce017863349b313f9b52636e2a085ba96a3fd45d4_sk
    │           │   ├── signcerts
    │           │   │   └── User1@org1.example.com-cert.pem
    │           │   └── tlscacerts
    │           │       └── tlsca.org1.example.com-cert.pem
    │           └── tls
    │               ├── ca.crt
    │               ├── server.crt
    │               └── server.key
    └── org2.example.com
        ├── ca
        │   ├── 51e9045cf510bcdf462c0348df5f520c3ff3fba1d718f05fcd9793d30fe929ba_sk
        │   └── ca.org2.example.com-cert.pem
        ├── msp
        │   ├── admincerts
        │   │   └── Admin@org2.example.com-cert.pem
        │   ├── cacerts
        │   │   └── ca.org2.example.com-cert.pem
        │   └── tlscacerts
        │       └── tlsca.org2.example.com-cert.pem
        ├── peers
        │   ├── peer0.org2.example.com
        │   │   ├── msp
        │   │   │   ├── admincerts
        │   │   │   │   └── Admin@org2.example.com-cert.pem
        │   │   │   ├── cacerts
        │   │   │   │   └── ca.org2.example.com-cert.pem
        │   │   │   ├── keystore
        │   │   │   │   └── e459cc7423369250cb580cef745b69cffc0f157f30227ed5a2e5bde0086e9211_sk
        │   │   │   ├── signcerts
        │   │   │   │   └── peer0.org2.example.com-cert.pem
        │   │   │   └── tlscacerts
        │   │   │       └── tlsca.org2.example.com-cert.pem
        │   │   └── tls
        │   │       ├── ca.crt
        │   │       ├── server.crt
        │   │       └── server.key
        │   └── peer1.org2.example.com
        │       ├── msp
        │       │   ├── admincerts
        │       │   │   └── Admin@org2.example.com-cert.pem
        │       │   ├── cacerts
        │       │   │   └── ca.org2.example.com-cert.pem
        │       │   ├── keystore
        │       │   │   └── b324a608a243296348910776b6a9490add441722fa892b044d35ef3ea5a5436c_sk
        │       │   ├── signcerts
        │       │   │   └── peer1.org2.example.com-cert.pem
        │       │   └── tlscacerts
        │       │       └── tlsca.org2.example.com-cert.pem
        │       └── tls
        │           ├── ca.crt
        │           ├── server.crt
        │           └── server.key
        ├── tlsca
        │   ├── 538884ef1875b1388e072a0d6eaa8e6ef9a3cf618305edd4fdfcdd759ae450e3_sk
        │   └── tlsca.org2.example.com-cert.pem
        └── users
            ├── Admin@org2.example.com
            │   ├── msp
            │   │   ├── admincerts
            │   │   │   └── Admin@org2.example.com-cert.pem
            │   │   ├── cacerts
            │   │   │   └── ca.org2.example.com-cert.pem
            │   │   ├── keystore
            │   │   │   └── 6942266e617cdd51becb5719f7dcc7db00cbda42eec299fd9bdca4a96ab3c709_sk
            │   │   ├── signcerts
            │   │   │   └── Admin@org2.example.com-cert.pem
            │   │   └── tlscacerts
            │   │       └── tlsca.org2.example.com-cert.pem
            │   └── tls
            │       ├── ca.crt
            │       ├── server.crt
            │       └── server.key
            └── User1@org2.example.com
                ├── msp
                │   ├── admincerts
                │   │   └── User1@org2.example.com-cert.pem
                │   ├── cacerts
                │   │   └── ca.org2.example.com-cert.pem
                │   ├── keystore
                │   │   └── 5dea66d5f6468055771ab980629f12c384f9f436eb9aa383c1b7c0301b161c9d_sk
                │   ├── signcerts
                │   │   └── User1@org2.example.com-cert.pem
                │   └── tlscacerts
                │       └── tlsca.org2.example.com-cert.pem
                └── tls
                    ├── ca.crt
                    ├── server.crt
                    └── server.key

2.2 配置生成器

configtxgen工具用于生成配置,configtxgen使用configtx.yaml配置文件。

---
Profiles:

    TwoOrgsOrdererGenesis:
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
                    - *Org2
    TwoOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
Organizations:
    - &OrdererOrg
        Name: OrdererOrg
        ID: OrdererMSP
        MSPDir: crypto-config/ordererOrganizations/example.com/msp
    - &Org1
        Name: Org1MSP
        ID: Org1MSP
        MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
        AnchorPeers:
            - Host: peer0.org1.example.com
              Port: 7051
    - &Org2
        Name: Org2MSP
        ID: Org2MSP
        MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
        AnchorPeers:
            - Host: peer0.org2.example.com
              Port: 7051
Orderer: &OrdererDefaults
    OrdererType: solo
    Addresses:
        - orderer.example.com:7050
    BatchTimeout: 2s
    BatchSize:
        MaxMessageCount: 10
        AbsoluteMaxBytes: 99 MB
        PreferredMaxBytes: 512 KB
    Kafka:
        Brokers:
            - 127.0.0.1:9092
    Organizations:
Application: &ApplicationDefaults
    Organizations:

2.3 手动生成证书和配置

byfn.sh脚本调用cryptogen和configtxgen工具来生成证书、密钥和各种配置。如果需要手动生成,可以参考byfn.sh脚本中的generateCerts和generateChannelArtifacts函数。

3.启动网络

执行./byfn.sh -m up -i 1.0.6命令启动网络。

使用docker ps查看启动的容器:

docker ps
CONTAINER ID        IMAGE                                                                                                  COMMAND                  CREATED             STATUS              PORTS                                              NAMES
48f8a046333b        dev-peer1.org2.example.com-mycc-1.0-26c2ef32838554aac4f7ad6f100aca865e87959c9a126e86d764c8d01f8346ab   "chaincode -peer.add…"   13 minutes ago      Up 13 minutes                                                          dev-peer1.org2.example.com-mycc-1.0
dc491209351b        dev-peer0.org1.example.com-mycc-1.0-384f11f484b9302df90b453200cfb25174305fce8f53f4e94d45ee3b6cab0ce9   "chaincode -peer.add…"   13 minutes ago      Up 13 minutes                                                          dev-peer0.org1.example.com-mycc-1.0
bb8745578985        dev-peer0.org2.example.com-mycc-1.0-15b571b3ce849066b7ec74497da3b27e54e0df1345daff3951b94245ce09c42b   "chaincode -peer.add…"   14 minutes ago      Up 14 minutes                                                          dev-peer0.org2.example.com-mycc-1.0
d6f8bbaf0bfa        hyperledger/fabric-peer:x86_64-1.0.6                                                                   "peer node start"        15 minutes ago      Up 15 minutes       0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp     peer0.org2.example.com
9a403fba27c0        hyperledger/fabric-peer:x86_64-1.0.6                                                                   "peer node start"        15 minutes ago      Up 15 minutes       0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp     peer0.org1.example.com
f742c65eea02        hyperledger/fabric-peer:x86_64-1.0.6                                                                   "peer node start"        15 minutes ago      Up 15 minutes       0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp     peer1.org1.example.com
bc0099fe09d3        hyperledger/fabric-peer:x86_64-1.0.6                                                                   "peer node start"        15 minutes ago      Up 15 minutes       0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp   peer1.org2.example.com
84febb72fea7        hyperledger/fabric-orderer:x86_64-1.0.6                                                                "orderer"                15 minutes ago      Up 15 minutes       0.0.0.0:7050->7050/tcp                             orderer.example.com

精简一下输出的内容,只留下容器的名字:

dev-peer1.org2.example.com-mycc-1.0
dev-peer0.org1.example.com-mycc-1.0
dev-peer0.org2.example.com-mycc-1.0
peer0.org2.example.com
peer0.org1.example.com
peer1.org1.example.com
peer1.org2.example.com
orderer.example.com

可以看到前3个是chaincode容器,后边4个是分属于org1和org2的peer节点容器,最后是一个orderer节点容器。

4.关闭网络

执行./byfn.sh -m down关闭网络。

参考

标题:构建第一个Hyperledger Fabric网络
本文链接:https://blog.frognew.com/2018/03/hyperledger-fabric-building-first-network.html
转载请注明出处。

目录