[toc]
Hyperledger Fabric 1.0部署与使用
1.环境构建与测试
本文中用到的宿主环境是CentOS,版本为CentOS.x86_64(7.4);
通过Dcoker容器来运行Fabric的节点,版本为v1.0;
因此,启动Fabric网络的节点需要先安装 Docker、Docker-compose和Go语言环境;
然后在网上摘取相关的Docker镜像,再能过配置compose文件来启动各个节点;
1.1: CentOS yum源的配置
公司内网,可以让服务器以桥接方式接入网络;
a、备份原有的yum源配置
# 注:若系统环境是初始化安装的,最好先安装以下软件包
# yum -y install wget screen vim
# cd /etc/yum.repos.d/ && mkdir bak
# mv *repo bak
b、设置阿里yum源
# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
c、清理缓存并生成新的缓存
# yum clean all
# yum makecache
d、更新yum库
# yum update
此操作的目的是为更新所有的内置库到最新版;
因为docker最新版的安装需要所对应的依赖都是最新版;
为了避免安装时软件包依赖的坑,故如此操作;
1.2: Docker安装
a、GetDocker—> CentOS —> Get CE 社区版 —> Get Docker CE on CentOS —> Install Docker CE on CentOS.
b、若服务器上存在旧的docker版本,需要先执行以下操作:
# yum -y remove docker docker-common docker-selinux docker-engine
c、随后开始安装Docker CE
目前Docker官方最新版为docker-ce-17.12.1.ce-1.el7.centos.x86_64.rpm;
可以在docker rpm包中下载并安装
# mkdir -p /tmp/rpm/docker
# cd /tmp/rpm/docker
# wget https://download.docker.com/linux/centos/7/x86_64/stable/Packages/docker-ce-17.12.1.ce-1.el7.centos.x86_64.rpm
# yum -y install *docker*rpm
d、检查docker是否安装成功
# docker --version
Docker version 17.12.1-ce, build 7390fc6
e、启动docker服务
# systemctl start docker
f、设置docker为开机自启
# systemctl enable docker
1.3: Docker-Compose安装
Docker-Compose的离线安装相对于curl安装比较麻烦;
需要在官网提供的github中下载最新的docker-compose;
将其clone /tmp/rpm/docker/下;
a、执行以下命令后完成安装
# curl -L https://github.com/docker/compose/releases/download/1.20.0-rc1/docker-compose-`uname -s`-`uname -m` -o /tmp/rpm/docker/docker-compose
b、移植docker-compose到PATH变量环境中
# chmod +x docker-compose
# cp -a docker-compose /usr/bin/
c、移植后查看安装的版本信息
# docker-compose --version
docker-compose version 1.20.0-rc1, build 86428af
到此docker环境已准备完毕
1.4 Go环境准备
a、参照go官网,下载最新的Go语言包;
b、直接通过链接下载 Go官网连接
# mkdir -p /tmp/rpm/go && cd /tmp/rpm/go
# wget https://test-inner.transfereasy.com/go1.8.3.linux-amd64.tar.gz
# 注: 目前这个包已经置于内网环境中
# 注: 可以通过ssjinyao网站下载
# wget https://rjyy.ssjinyao.com/go1.8.3.linux-amd64.tar.gz
c、解压二进制程序到/usr/local目录下;
# tar -xvf go1.8.3.linux-amd64.tar.gz -C /usr/local/
# ll /usr/local/go/
总用量 136
drwxr-xr-x. 2 root root 205 5月 25 2017 api
-rw-r--r--. 1 root root 33243 5月 25 2017 AUTHORS
drwxr-xr-x. 2 root root 42 5月 25 2017 bin
drwxr-xr-x. 4 root root 37 5月 25 2017 blog
-rw-r--r--. 1 root root 1366 5月 25 2017 CONTRIBUTING.md
-rw-r--r--. 1 root root 45710 5月 25 2017 CONTRIBUTORS
drwxr-xr-x. 8 root root 4096 5月 25 2017 doc
-rw-r--r--. 1 root root 5686 5月 25 2017 favicon.ico
drwxr-xr-x. 3 root root 18 5月 25 2017 lib
-rw-r--r--. 1 root root 1479 5月 25 2017 LICENSE
drwxr-xr-x. 14 root root 190 5月 25 2017 misc
-rw-r--r--. 1 root root 1303 5月 25 2017 PATENTS
drwxr-xr-x. 7 root root 87 5月 25 2017 pkg
-rw-r--r--. 1 root root 1399 5月 25 2017 README.md
-rw-r--r--. 1 root root 26 5月 25 2017 robots.txt
drwxr-xr-x. 46 root root 4096 5月 25 2017 src
drwxr-xr-x. 17 root root 8192 5月 25 2017 test
-rw-r--r--. 1 root root 7 5月 25 2017 VERSION
d、配置go环境变量
# echo "export PATH=$PATH:/usr/local/go/bin" > /etc/profile.d/go.sh
# echo "export GOPATH=/opt/gopath" >> /etc/profile.d/go.sh
# chmod +x /etc/profile.d/go.sh
# source /etc/profile.d/go.sh
# echo $PATH
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/srv/jdk1.8.0_66/bin:/root/bin:/usr/local/go/bin
# go version
go version go1.8.3 linux/amd64
至此go环境变量已经配置完毕
2.Fabric源码及镜像文件处理
2.1下载Fabric源码
下载Fabric源是因为要用到源码中提到的例子和工具;
工具编译需要用到go语言环境;
因此需要把源码目录放到$GOPATH环境变量下;
通过1.4中的安装配置 $GOPATH设置为/opt/gopath;
这里,我们可以使用git clone源码也可以使用go get 命令
# go get github.com/hyperledger/fabric
或者是
# mkdir -p /opt/gopath/src/github.com/hyperledger/
# cd /opt/gopath/src/github.com/hyperledger/ && git clone https://github.com/hyperledger/fabric.git
# cd /opt/gopath/src/github.com/hyperledger/fabric && git checkout -b v1.0.0
# 最后的工程结构如下
# cd /opt/gopath/src/github.com/hyperledger
# tree -L 1 fabric/
fabric/
├── bccsp
├── bddtests
├── CHANGELOG.md
├── ci.properties
├── common
├── CONTRIBUTING.md
├── core
├── devenv
├── docker-env.mk
├── docs
├── events
├── examples
├── gossip
├── gotools
├── images
├── LICENSE
├── Makefile
├── mkdocs.yml
├── msp
├── orderer
├── peer
├── proposals
├── protos
├── README.md
├── release
├── release_notes
├── sampleconfig
├── scripts
├── settings.gradle
├── test
├── unit-test
└── vendor
23 directories, 9 files
2.2下载Fabric相关镜像文件
该操作有多种方式进行,如果是测试Fabric集群方案;
直接进入fabric/examples/e2e_cli目录下,运行./dowload-dockerimages.sh;
即可下载该工程必要的镜像文件;
一般情况下,为了保证镜像与下载到hyperledger中的源码demo版本号相对应;
该处方法属于较为妥当的方案;
检索 HyperLedger,以hyperledger/fabric-peer为例,进入下载页面;
官方给出的下载方式如下:
# docker pull hyperledger/fabric-peer
但由于docker镜像下载在没有给出tag的情况下会默认使用latest;
所以该方案最终可能会下载失败,因此需在fabric-peer下载页选中其tags标签;
查看当前fabric-peer最新版本号,根据我们所使用的操作系统情况,选择x86_64-1.0.0版本;
故最终执行的docker下载命令如下:
# docker pull hyperledger/fabric-peer:x86_64-1.0.0
x86_64-1.0.0: Pulling from hyperledger/fabric-peer
aafe6b5e13de: Pull complete
0a2b43a72660: Pull complete
18bdd1e546d2: Pull complete
8198342c3e05: Pull complete
f56970a44fd4: Pull complete
e32b597e7839: Pull complete
a6e362fc71c4: Pull complete
f107ea6d90f4: Pull complete
72c8e84de237: Pull complete
776cc74c9f73: Pull complete
Digest: sha256:b7c1c2a6b356996c3dbe2b9554055cd2b63194cd7a492a83de2dbabf7f7e3c65
Status: Downloaded newer image for hyperledger/fabric-peer:x86_64-1.0.0
根据上述方案,可以将这些必要的镜像由docker服务全部下载至本地;
并最终使用docker-compose来启动对应的镜像服务;
为了方便docker-compose的配置,将甩的镜像tag都改为latest,执行如下格式;
# docker tag IMAGEID(镜像id) REPOSITORY:TAG(仓库:标签)
# cd /opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli/
# bash download-dockerimages.sh 注:也可以用后面所提到shell建立
# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
hyperledger/fabric-peer x86_64-1.0.0 6830dcd7b9b5 8 months ago 182MB
hyperledger/fabric-tools latest ae6b0f53cb70 9 months ago 1.32GB
hyperledger/fabric-tools x86_64-1.0.0-beta ae6b0f53cb70 9 months ago 1.32GB
hyperledger/fabric-couchdb latest 31bbbec3d853 9 months ago 1.48GB
hyperledger/fabric-couchdb x86_64-1.0.0-beta 31bbbec3d853 9 months ago 1.48GB
hyperledger/fabric-kafka latest c4ac1c9a4797 9 months ago 1.3GB
hyperledger/fabric-kafka x86_64-1.0.0-beta c4ac1c9a4797 9 months ago 1.3GB
hyperledger/fabric-zookeeper latest 2c4ebacb6f00 9 months ago 1.31GB
hyperledger/fabric-zookeeper x86_64-1.0.0-beta 2c4ebacb6f00 9 months ago 1.31GB
hyperledger/fabric-orderer latest 11ff350dd297 9 months ago 179MB
hyperledger/fabric-orderer x86_64-1.0.0-beta 11ff350dd297 9 months ago 179MB
hyperledger/fabric-peer latest e01c2b645f11 9 months ago 182MB
hyperledger/fabric-peer x86_64-1.0.0-beta e01c2b645f11 9 months ago 182MB
hyperledger/fabric-javaenv latest 61c188dca542 9 months ago 1.42GB
hyperledger/fabric-javaenv x86_64-1.0.0-beta 61c188dca542 9 months ago 1.42GB
hyperledger/fabric-ccenv latest 7034cca1918d 9 months ago 1.29GB
hyperledger/fabric-ccenv x86_64-1.0.0-beta 7034cca1918d 9 months ago 1.29GB
hyperledger/fabric-ca latest e549e8c53c2e 9 months ago 238MB
hyperledger/fabric-ca x86_64-1.0.0-beta e549e8c53c2e 9 months ago 238MB
2.3补充镜像备份和迁移
上述HperLedger/Fabric 镜像数量较多且容量需求大,一套基本的服务镜像可达10G左右;
如果在多台服务器上部署,会耽误很多时间。因此,对于上述已下载的镜像;
我们需要使用docker save命令来备份,并通过scp命令来把这些文件拷贝至其它服务器;
# cat dk_image_bak.sh
#!/bin/bash
## 开始自动备份镜像
im=`docker images | grep latest | wc -l`
for i in `seq $im` ;do
id=` docker images | grep latest | grep fabric | awk '{print $3}' | sed -n $i\p`
fn=` docker images | grep latest | grep fabric | awk -F "/" '{print $2}' | awk '{print $1}' | sed -n $i\p `
dir=` docker images | grep latest | grep fabric | awk -F "/" '{print $1}'`
mkdir -p /tmp/images/docker/$dir/
docker save $id > /tmp/images/docker/$dir/$fn.gz
done
## 至此id已经保存镜像完毕
## 开始远程同步与迁移
ssh root@10.180.55.126 "mkdir -p /tmp/images/docker/$dir/"
scp /tmp/images/docker/$fn/*gz root@10.180.55.126:/tmp/images/docker/$dir/
当远端服务器接收到所有的镜像之后,可以执行如下命令来加载这些镜像文件
# docker load < /tmp/images/docker/hyperledger/fabric-ccenv.gz
以上2.3镜像的备份和迁移是可选方案;
3.运行测试e2e
3.1 运行fabric-sample的问题
一般情况下,我们会参照官网来完成第一个网络测试;
在该在线文档中会让我们去下载一个fabric-sample;
下载地址在github上;
我们需要将其下载至本地是一个fabric-sample-release的文件,将其更名为fabric-samples
随后将其移到opt/gopath/src目录下;
按照官网提示执行的命令是无法运行起first-network这个项目;
该demo需要先下载Platform-specific Binaries(特定的二进制文件);
按照官文档中的描述,需要执行如下命令;
官方提供bash脚本如下
# cd /root/ && vim dk_bin.sh
加入以下执行程序
#!/bin/bash
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# current version of fabric released
export VERSION=${1:-1.0.4}
# current version of fabric-ca released
export CA_VERSION=${2:-$VERSION}
# current version of thirdparty images (couchdb, kafka and zookeeper) released
export THIRDPARTY_IMAGE_VERSION=0.4.6
export ARCH=$(echo "$(uname -s|tr '[:upper:]' '[:lower:]'|sed 's/mingw64_nt.*/windows/')-$(uname -m | sed 's/x86_64/amd64/g')" | awk '{print tolower($0)}')
#Set MARCH variable i.e ppc64le,s390x,x86_64,i386
MARCH=`uname -m`
dockerFabricPull() {
local FABRIC_TAG=$1
for IMAGES in peer orderer ccenv javaenv tools; do
echo "==> FABRIC IMAGE: $IMAGES"
echo
docker pull hyperledger/fabric-$IMAGES:$FABRIC_TAG
docker tag hyperledger/fabric-$IMAGES:$FABRIC_TAG hyperledger/fabric-$IMAGES
done
}
dockerThirdPartyImagesPull() {
local THIRDPARTY_TAG=$1
for IMAGES in couchdb kafka zookeeper; do
echo "==> THIRDPARTY DOCKER IMAGE: $IMAGES"
echo
docker pull hyperledger/fabric-$IMAGES:$THIRDPARTY_TAG
docker tag hyperledger/fabric-$IMAGES:$THIRDPARTY_TAG hyperledger/fabric-$IMAGES
done
}
dockerCaPull() {
local CA_TAG=$1
echo "==> FABRIC CA IMAGE"
echo
docker pull hyperledger/fabric-ca:$CA_TAG
docker tag hyperledger/fabric-ca:$CA_TAG hyperledger/fabric-ca
}
: ${CA_TAG:="$MARCH-$CA_VERSION"}
: ${FABRIC_TAG:="$MARCH-$VERSION"}
: ${THIRDPARTY_TAG:="$MARCH-$THIRDPARTY_IMAGE_VERSION"}
echo "===> Downloading platform specific fabric binaries"
curl https://nexus.hyperledger.org/content/repositories/releases/org/hyperledger/fabric/hyperledger-fabric/${ARCH}-${VERSION}/hyperledger-fabric-${ARCH}-${VERSION}.tar.gz | tar xz
echo "===> Downloading platform specific fabric-ca-client binary"
curl https://nexus.hyperledger.org/content/repositories/releases/org/hyperledger/fabric-ca/hyperledger-fabric-ca/${ARCH}-${VERSION}/hyperledger-fabric-ca-${ARCH}-${VERSION}.tar.gz | tar xz
if [ $? != 0 ]; then
echo
echo "------> $VERSION fabric-ca-client binary is not available to download (Avaialble from 1.1.0-rc1) <----"
echo
fi
echo "===> Pulling fabric Images"
dockerFabricPull ${FABRIC_TAG}
echo "===> Pulling fabric ca Image"
dockerCaPull ${CA_TAG}
echo "===> Pulling thirdparty docker images"
dockerThirdPartyImagesPull ${THIRDPARTY_TAG}
echo
echo "===> List out hyperledger docker images"
docker images | grep hyperledger*
# chmod + x /root/dk_bin.sh
# bash /root/dk_bin.sh
运行时效果如下; 注:若是内网环境,则可能执行时间较长;
# bash /root/dk_bin.sh
===> Downloading platform specific fabric binaries
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
18 22.6M 18 4312k 0 0 6860 0 0:57:45 0:10:43 0:47:02 5364
3.2运行e2e_cli项目
进入到/opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli/目录;
a、目录结构如下图;
# tree ../e2e_cli/
../e2e_cli/
├── base
│ ├── docker-compose-base.yaml
│ └── peer-base.yaml
├── channel-artifacts
├── configtx.yaml
├── crypto-config.yaml
├── docker-compose-cli.yaml
├── docker-compose-couch.yaml
├── docker-compose-e2e-template.yaml
├── docker-compose-e2e.yaml
├── download-dockerimages.sh
├── end-to-end.rst
├── examples
│ └── chaincode
│ └── go
│ └── chaincode_example02
│ └── chaincode_example02.go
├── generateArtifacts.sh
├── network_setup.sh
└── scripts
└── script.sh
7 directories, 14 files
network_setup.sh是一个测试脚本,该脚本启动5个docker容器;
其中4个容器运行peer节点和1个容器运行orderer节点,它组成一个fabric集群;
另外还有一个cli容器用于创建channle、加入channel、安装和执行chaincode等操作;
测试用的chaincode定义了两个变量,在实例化的时候会给这两个变量赋予了初始值;
并能过invoke操作可以使用两个变量的值发生变化;
b、通过以下命令进行测试;
# cd /opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli/
# bash network_setup.sh up
c、当出现以下界面时,说明已经测试通了
2018-03-13 09:38:21.185 UTC [main] main -> INFO 008 Exiting.....
===================== Query on PEER3 on channel 'mychannel' is successful =====================
===================== All GOOD, End-2-End execution completed =====================
_____ _ _ ____ _____ ____ _____
| ____| | \ | | | _ \ | ____| |___ \ | ____|
| _| | \| | | | | | _____ | _| __) | | _|
| |___ | |\ | | |_| | |_____| | |___ / __/ | |___
|_____| |_| \_| |____/ |_____| |_____| |_____|
d、如果上一步有报错,若没有部署其它应用,可以考虑将内核升级;
# rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
# rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
# yum --disablerepo="*" --enablerepo="elrepo-kernel" list available
# yum --enablerepo=elrepo-kernel install kernel-ml
# vim /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR="$(sed 's, release .*$,,g' /etc/system-release)"
GRUB_DEFAULT=0
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT="console"
GRUB_CMDLINE_LINUX="crashkernel=auto rd.lvm.lv=centos/root rd.lvm.lv=centos/swap rhgb quiet"
GRUB_DISABLE_RECOVERY="true"
# grub2-mkconfig -o /boot/grub2/grub.cfg
4.创建Fabric多节点集群
4.1配置说明
首先可以根据官方Fabric自带的e2e_cli例子中的集群方案来生成集群;
与案例不同的是我们需要把容器分配到不同的服务器上;
各容器之间通过网络来进行通信,网络构建完成后进行相关的channel和chanincode操作;
目前用有五台服务器, 所有的服务器均是按照上述e2e_cli环境与测试步骤配置;
计划其中的四台服务器运行peer节点,另外一台服务器运行orderer节点;
为其它四个节点提供order服务;
| 名称 | ip | 节点标识 | 节点Hostname | Organization |
|---|---|---|---|---|
| Hyperledger | 10.180.55.123 | orderer | orderer.example.com | Orderer |
| Fabric1 | 10.180.55.124 | sp0 | peer0.org1.example.com | Org1 |
| Fabric2 | 10.180.55.125 | sp1 | peer1.org1.example.com | Org1 |
| Fabric3 | 10.180.55.126 | sp2 | peer0.org2.example.com | Org2 |
| Fabric4 | 10.180.55.128 | sp3 | peer0.org3.example.com | Org2 |
环境如下
4.2 生成公私钥、证书、创巨区块
公/私钥和证书是用于Server与Server之间的安全通信;
另外要创建channel并让其它节点加入channle就需要创世区块;
这些必要文件都可以通过一条命令生,并且官方已经给出脚本;
脚本在以下目录中;
# cd /opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli/
# ls generateArtifacts.sh
使generateArtifacts.sh生成证书和config.tx,具体执行命令如下;
# bash generateArtifacts.sh mychannel
这里创建了3台服务器,在任意一台服务器的该目录下执行此项命令即可;
将会生成两个目录,分别为channel-artifacs、crypto-config
channel-artifacts/
├── channel.tx
├── genesis.block
├── Org1MSPanchors.tx
└── Org2MSPanchors.tx
0 directories, 4 files
在上述目录里的文件用于orderer创建channle,它们根据configex.yaml的配置生成;
crypto-config
├── ordererOrganizations
└── peerOrganizations
2 directories, 0 files
在上述目录里有orderer和peer的证书、私钥和用于通信的加密的tls证书文件;
它通过configex.yaml配置文件生成;
4.3 配置多服务器
根据4.2的方案,以及之前所述的gopath目录等配置方案;
我们假定所有的服务器都按照该文档的配置来操作;
所有服务器都有Fabric源码,且目录为
如4.2所述,该命令只需要在某一台服务器上运行一次即可,其它服务器无需再次运行;
在运行该命令的服务器/opt/gopath/src/github.com/hyperledger/fabric/example/e2e_cli;
该目录下会生成channel-artifacts和crypto-config目录;
需要把它们拷贝至其它服务器相同的e2e_cli目录下,如果在其它服务器中已经在该目录,则需要先把它删除;
当所有服务器都有同一个channel-artifacts和crypto-config目录后;
开始配置compose文件;
开始向其它两个服务器同步以上两个目录;
# cd /opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli/
# tar -cvf ctfile.tar.gz channel-artifacts crypto-config
# scp ctfile.tar.gz root@10.180.55.124:/opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli
# scp ctfile.tar.gz root@10.180.55.125:/opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli
# ssh root@10.180.55.124 "cd /opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli && tar -xvf ctfile.tar.gz"
# ssh root@10.180.55.125 "cd /opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli && tar -xvf ctfile.tar.gz"
4.4 设置peer0.arg1.example.com节点的docker-compose文件
e2e_cli中提供了多个yaml文件,我们可以基于docker-compose-cli.yaml文件创建;
修改docker-compose-peer.yaml,去掉orderer的配置;
只保留一个peer和cli,因为需要多级部署,节点与节点之间又是通过主机名通讯;
所以需要修改容器中的host文件,也就是xtra_hosts设置;
修改后的peer配置如下;
同样的,cli也需要能够和各个节点通讯,所以cli下面也需要添加extra_hosts设置;
去掉无效的依赖,并且去掉command这一行,因为每个peer都会有个对应的客户端;
也是就是cli; 所以只需要去手动执行一次命令,而不是自动执行;
# cd base/
# cp docker-compose-base.yaml{,.bak}
# vim base/docker-compose-base.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.example.com
extra_hosts:
- "orderer.example.com:10.180.55.123"
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ../chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org1.example.com
extra_hosts:
- "orderer.example.com:10.180.55.123"
- "peer0.org1.example.com:10.180.55.124"
- "peer1.org1.example.com:10.180.55.125"
- "peer0.org2.example.com:10.180.55.126"
- "peer1.org2.example.com:10.180.55.128"
在3.2示例单机模式下,4个peer支映射主机不同的端口;
但是在多机部署的时候不需要映射不同端口的;
所以需要修改base/docker-compose-base.yaml文件,将所有peer的端口映射都改为相同的;
# cd base/
# cp docker-compose-base.yaml{,.bak}
# vim base/docker-compose-base.yaml
ports:
- 7051:7051
- 7052:7052
- 7053:7053
4.5、 设置peer1.org1.example.com节点的docker-compose文件
与peer0.org1.example.com节点compose文件配置一样;
不过压岁要将启动的容器改为peer1.org1.example.com;
并且添加peer0.org1.example.com的IP映射;
对应的cli中改成对peer1.org1.example.com的依赖;
修改如下
# cd /opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli/
# cp docker-compose-cli.yaml docker-compose-peer.yaml
# vim docker-compose-peer.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org1.example.com
extra_hosts:
- "orderer.example.com:10.180.55.123"
- "peer0.org1.example.com:10.180.55.124"
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ../chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer1.org1.example.com
extra_hosts:
- "orderer.example.com:10.180.55.123"
- "peer0.org1.example.com:10.180.55.124"
- "peer1.org1.example.com:10.180.55.125"
- "peer0.org2.example.com:10.180.55.126"
- "peer1.org2.example.com:10.180.55.128"
# cd base/
# cp docker-compose-base.yaml{,.bak}
# vim base/docker-compose-base.yaml
ports:
- 7051:7051
- 7052:7052
- 7053:7053
org2的两个结点配置文件
# cat docker-compose-peer.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org2.example.com
extra_hosts:
- "orderer.example.com:10.180.55.123"
- "peer0.org1.example.com:10.180.55.124"
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ../chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org2.example.com
extra_hosts:
- "orderer.example.com:10.180.55.123"
- "peer0.org1.example.com:10.180.55.124"
- "peer1.org1.example.com:10.180.55.125"
- "peer0.org2.example.com:10.180.55.126"
- "peer1.org2.example.com:10.180.55.128"
# cat docker-compose-peer.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org2.example.com
extra_hosts:
- "orderer.example.com:10.180.55.123"
- "peer0.org1.example.com:10.180.55.124"
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ../chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer1.org2.example.com
extra_hosts:
- "orderer.example.com:10.180.55.123"
- "peer0.org1.example.com:10.180.55.124"
- "peer1.org1.example.com:10.180.55.125"
- "peer0.org2.example.com:10.180.55.126"
- "peer1.org2.example.com:10.180.55.128"
4.6 设置order节点的docker-compose文件
与创建peer的配置文件类似,需要复制一个yaml文件出来修改;
# cd /opt/gopath/src/github.com/hyperledger/fabric/examples/e2e_cli
# cp docker-compose-cli.yaml docker-compose-orderer.yaml
orderer服务器上我们只需要保留order设置;
其他peer和cli设置都可以删除。order可以不设置extra_hosts;
orderer.example.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com
#启动报错,单纯的报命令调用用法错误
docker rm -f $(docker ps -aq)
若部署环境在内网,则需要修改5台服务器的/etc/hosts文件;
确保服务器之间可以基于主机名互相通信;
# vim /etc/hosts
10.180.55.123 orderer.example.com
10.180.55.124 peer0.org1.example.com
10.180.55.125 peer1.org1.example.com
10.180.55.126 peer0.org2.example.com
10.180.55.128 peer1.org2.example.com
5.启动Fabric多节点集群
5.1启动orderere节点服务
操作完成后,此时节点的compose配置文件及证书难目录都已经准备完成;
可以开始尝试启动多机Fabric集群;
首先要启orderer节点,切换至orderer.example.com服务器;
即前文指定的10.180.55.123的服务器,执行如下命令进入启docker进程;
# docker-compose -f docker-compose-orderer.yaml up -d
运行完毕后我们可以使用docker ps看到运行了一个名字为orderer.example.com的节点;
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f188590553b7 hyperledger/fabric-orderer "orderer" 25 seconds ago Up 22 seconds 0.0.0.0:7050->7050/tcp orderer.example.com
5.2启动peer节点服务
切换到peer0.org1.example.com服务器,即前文指定的10.180.55.124服务器;
启动本服务器的peer节点和cli;
# docker-compose -f docker-compose-peer.yaml up -d
# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2f49281a48c9 hyperledger/fabric-tools "/bin/bash" 38 minutes ago Up 38 minutes cli
8ef009a57457 hyperledger/fabric-peer "peer node start" 38 minutes ago Up 38 minutes 0.0.0.0:7051-7053->7051-7053/tcp peer0.org1.example.com
注: 其它三个peer结点与以上结点的启动/验证方式相同遇到的坑:在CentOS中要把iptables关闭;selinux为开机关闭确保5个结点间域名和端口都能telnet 通;
例telnet peer1.org2.example.com 7051;
现在整个Fabric4+1服务器网络已经成型;
5.3创建channle和运行chaincode
切换到peer0.org1.example.com服务器上;
使用该服务器的cli来运行创建Channel和运行ChainCode的操作;
# docker exec -it cli bash
进入容器后
root@078471f17d9a:/opt/gopath/src/github.com/hyperledger/fabric/peer# ./scripts/script.sh mychannel
该脚本会一步步的完成创建通道,将其他节点加入通道,更新锚节点;
创建ChainCode,初始化帐户,查询,转帐,再次查询等链上操作的自动化;
2018-03-19 03:00:03.146 UTC [main] main -> INFO 007 Exiting.....
===================== Query on PEER3 on channel 'mychannel' is successful =====================
===================== All GOOD, End-2-End execution completed =====================
_____ _ _ ____ _____ ____ _____
| ____| | \ | | | _ \ | ____| |___ \ | ____|
| _| | \| | | | | | _____ | _| __) | | _|
| |___ | |\ | | |_| | |_____| | |___ / __/ | |___
|_____| |_| \_| |____/ |_____| |_____| |_____|
出现以上结果出明4+1的Fabric多级部署已经成功;
在peer0.org1.example.com的cli容器内;
之前的2个容器,已经因ChainCode创建了3个容器;
E2E 运行后查询与转帐测试
# 查询
# docker exec -it cli bash
root@078471f17d9a:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
# 转帐20到b
# peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n mycc -c '{"Args":["invoke","a","b","20"]}'
