fabric环境安装,设置全局访问 -
手动组建Fabric网络
一:生成fabric证书
1.JPG
1.在根目录下,创建项目目录
mkdir testfabric
cd testfabric
2.模板内容重定向到指定文件中
#名字自己起, 叫什么都行, 一般叫: crypto-config.yaml (官方给的例子叫这个)
cryptogen showtemplate > crypto-config.yaml
3.配置文件的模板
vi crypto-config.yaml
OrdererOrgs:
- Name: Orderer # 1.排序节点组织的名字
Domain: itcast.com # 2.访问排序节点组织的域名, 测试网中随便写, 真实的网络, 需要注册
Specs:
- Hostname: orderer
# 3.其中以orderer节点的名字
# 4.得到了访问这个orderer节点的地址: orderer.itcast.com
PeerOrgs:
- Name: OrgGo # 6.当前组织的名字
Domain: orggo.itcast.com # 7.当前组织的根域名
EnableNodeOUs: true # 8.在msp目录会有一个config.yaml的配置文件
Template: # 使用模板生成peer节点的证书
Count: 2
# 9.使用模板生成2个peer节点的证书
# 10.访问域名: 第一个peer: peer0.orggo.itcast.com
# 11.访问域名: 第二个peer: peer1.orggo.itcast.com
Users:
Count: 3 # 12.生成3个普通用户账号, 和1个 管理员用户
- Name: OrgCpp
Domain: orgcpp.itcast.com
EnableNodeOUs: false
Template:
Count: 2
Users:
Count: 3
4.根据配置文件生成证书
cryptogen generate --config=crypto-config.yaml
# 在crypto-config文件夹中生成了一些账号:
1.JPG
5.锚节点
每个组织选择一个peer节点,代表当前组织和其他组织通信,这个节点叫锚节点,在配置文件中指定谁是锚节点,一个组织里,最多只能有一个锚节点
二:创始块文件和通道文件的生成
1.模板在什么地方?
(1)官方给的例子: first-network -> configtx.yaml
(2)找到这个文件之后, 不要改名字, 如果改名, 命令就加载不到这个配置文件了
(3)主要修改三部分内容:
- 配置组织信息
- orderer组织
- peer组织
- go
- cpp
- 配置 orderer节点的属性
- 如何生成一个区块
- 时间频率
- 块大小
- 消息条数
- 如何生成一个区块
- 对网络的总结:
- 如何生成创始区块文件
- 如何生成通道文件
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
- &OrdererOrg # OrdererOrg变量名, 自己起名, 不要重复
Name: OrdererOrg # orderer组织的名字, 自己起名
ID: OrdererMSP # orderer组织的ID, 自己指定, Name和ID可以相同
# 当前orderer组织的组织账号目录
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1 # peer组织1, Org1变量名, 自己起名, 不要重复
Name: Org1MSP # 不能重复, 不能和其他组织一样
ID: Org1MSP
# 当前组织1的组织账号目录
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers: # 设置组织的锚节点
- Host: peer0.org1.example.com # 锚节点的访问地址
Port: 7051 # peer节点运行在容器中, 开发的端口7051, 用于数据通信
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
################################################################################
#
# SECTION: Capabilities, 在fabric1.1之前没有, 设置的时候全部设置为true
# 设置为true,让新版本兼容旧版本
#
################################################################################
Capabilities:
Global: &ChannelCapabilities
V1_1: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_2: true
################################################################################
#
# SECTION: Application
#
################################################################################
Application: &ApplicationDefaults
Organizations:
################################################################################
#
# SECTION: Orderer
#
################################################################################
Orderer: &OrdererDefaults # OrdererDefaults是变量, 随便起名
# Available types are "solo" and "kafka"
# 使用的共识机制(排序算法)
# solo: 测试用, kafka: 工作场景用
OrdererType: solo
Addresses: # orderer排序节点的地址
# orderer.example.com 参考crypto-config.yaml orderer组织配置
# 7050是orderer容器开放的端口, 通信
- orderer.example.com:7050
# 生成区块的三个条件: 只要有一满足条件就可以
# BatchTimeout, MaxMessageCount, AbsoluteMaxBytes
BatchTimeout: 2s # 每隔多长时间生成一个区块
BatchSize:
MaxMessageCount: 100 # 消息>=100条, 会生成一个区块
AbsoluteMaxBytes: 99 MB # 消息的总大小 >=99M, 会生成一个区块, 32m, 64m
PreferredMaxBytes: 512 KB # 建议的区块大小
# OrdererType: solo , kafka设置不会生效
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
################################################################################
#
# Profile
#
################################################################################
Profiles: # 关键字
TwoOrgsOrdererGenesis: # 创始区块信息, TwoOrgsOrdererGenesis随便起名
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums: # 联盟-关键字
SampleConsortium: # SampleConsortium联盟的名字, 可以改
Organizations: # 说的是peer组织
- *Org1
- *Org2
TwoOrgsChannel: # 关于通道的信息, 创建通道时候使用, TwoOrgsChannel-随便起
Consortium: SampleConsortium # 当前通道属于哪个联盟
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
2.赋值模板到自己的项目
1.JPG
3.修改模板:
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: itcast.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: OrgGo
Domain: orggo.itcast.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "CA"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of the CA for this
# organization. This entry is a Spec. See "Specs" section below for details.
# ---------------------------------------------------------------------------
# CA:
# Hostname: ca # implicitly ca.org1.example.com
# Country: US
# Province: California
# Locality: San Francisco
# OrganizationalUnit: Hyperledger Fabric
# StreetAddress: address for org # default nil
# PostalCode: postalCode for org # default nil
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# - SANS: (Optional) Specifies one or more Subject Alternative Names
# to be set in the resulting x509. Accepts template
# variables {{.Hostname}}, {{.Domain}}, {{.CommonName}}. IP
# addresses provided here will be properly recognized. Other
# values will be taken as DNS names.
# NOTE: Two implicit entries are created for you:
# - {{ .CommonName }}
# - {{ .Hostname }}
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# SANS:
# - "bar.{{.Domain}}"
# - "altfoo.{{.Domain}}"
# - "{{.Hostname}}.org6.net"
# - 172.16.10.31
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# SANS:
# - "{{.Hostname}}.alt.{{.Domain}}"
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 3
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: OrgCpp
Domain: orgcpp.itcast.com
EnableNodeOUs: false
Template:
Count: 2
Users:
Count: 3
itcast@itcast:~/testfabric$ ls
configtx.yaml crypto-config crypto-config.yaml
itcast@itcast:~/testfabric$ cat configtx.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/itcast.com/msp
- &OrgGo
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrgGoMSP
# ID to load the MSP definition as
ID: OrgGoMSP
MSPDir: crypto-config/peerOrganizations/orggo.itcast.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.orggo.itcast.com
Port: 7051
- &OrgCpp
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrgCppMSP
# ID to load the MSP definition as
ID: OrgCppMSP
MSPDir: crypto-config/peerOrganizations/orgcpp.itcast.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.orgcpp.itcast.com
Port: 7051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both. Set the value of the capability to true to require it.
Global: &ChannelCapabilities
# V1.1 for Global is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running v1.0.x,
# but the modification of which would cause incompatibilities. Users
# should leave this flag set to true.
V1_1: true
# Orderer capabilities apply only to the orderers, and may be safely
# manipulated without concern for upgrading peers. Set the value of the
# capability to true to require it.
Orderer: &OrdererCapabilities
# V1.1 for Order is a catchall flag for behavior which has been
# determined to be desired for all orderers running v1.0.x, but the
# modification of which would cause incompatibilities. Users should
# leave this flag set to true.
V1_1: true
# Application capabilities apply only to the peer network, and may be safely
# manipulated without concern for upgrading orderers. Set the value of the
# capability to true to require it.
Application: &ApplicationCapabilities
# V1.2 for Application is a catchall flag for behavior which has been
# determined to be desired for all peers running v1.0.x, but the
# modification of which would cause incompatibilities. Users should
# leave this flag set to true.
V1_2: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.itcast.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 100
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 32 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
Genesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *OrgGo
- *OrgCpp
Channel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *OrgGo
- *OrgCpp
Capabilities:
<<: *ApplicationCapabilities
4.通过命令生成创始区块和通道文件
(1).生成创始块文件
configtxgen -profile Genesis -outputBlock genesis.block
(2)生成通道文件
# -outputCreateChannelTx: 指定通道文件的名字
# -channelID : 指定要生成的通道的通道名字
# 如果没有通过该参数指定, 创建的通道有默认的名字: mychannel
configtxgen -profile Channel -outputCreateChannelTx channel.tx -channelID itcastchannel
(3)生成更新锚节点的文件
# 一般情况下不需要更新, 除非是要替换到现有的指定的锚节点
# 不同组织的锚节点更新数据放到不同的文件中
# -outputAnchorPeersUpdate: 指定锚节点文件的名字
# -asOrg: 组织的名字, configtx.yaml中组织的name中找
# 1.更新go组织的锚节点
configtxgen -profile Channel -outputAnchorPeersUpdate goAnchor.tx -channelID itcastchannel -asOrg OrgGoMSP
# 2.更新cpp组织的锚节点
configtxgen -profile Channel -outputAnchorPeersUpdate cppAnchor.tx -channelID itcastchannel -asOrg OrgCppMSP
5.启动节点
2个组织,每个组织有一个客户端,1个order,4个peer,一共7个docker
写docker-compose
官方给的例子:~/hyperledger-fabric/fabric-samples/first-network/docker-compose-cli.yaml
cp docker-compose-cli.yaml ~/testfabric/
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
#数据卷挂载(特殊的挂载方式)
volumes:
orderer.example.com:
peer0.org1.example.com:
peer1.org1.example.com:
peer0.org2.example.com:
peer1.org2.example.com:
networks: #docker要加入的网络
byfn:
services: #服务,每个服务对应一个要启动的容器
orderer.example.com: #服务名
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com
networks:
- byfn
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.example.com
networks:
- byfn
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org1.example.com
networks:
- byfn
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org2.example.com
networks:
- byfn
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org2.example.com
networks:
- byfn
cli: #客户端
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- CORE_LOGGING_LEVEL=DEBUG
- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer1.org1.example.com
- peer0.org2.example.com
- peer1.org2.example.com
networks:
- byfn
cp base ~/testfabric/ -r
启动
docker-compose -f docker-compose-cli.yaml up -d
docker-compose -f docker-compose-cli.yaml ps
容器启动之后:
客户端节点
peer节点
order节点
1.要创建通道
2.将所有的组织的所有结点,加入到创建的通道中
3.给所有的结点(peer)安装链码
4.不同组织的结点,链码是不一样的
5.初始化链码,在任意节点初始化一次,数据会自动同步到其他节点上
6.链码调用,读,写
创建通道
docker exec -it cli bash
tlsfile=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/itcast.com/tlsca/tlsca.itcast.com-cert.pem
peer channel create -o orderer.itcast.com:7050 --tls true --cafile $tlsfile -c itcastchannel -f ./channel-artifacts/channel.tx
加入通道:
peer channel join -b itcastchannel.block
链码安装:
peer chaincode install -n itcastcc -v 1.0 -p github.com/chaincode
链码的打包 -> 建议(多机多节点部署)
peer chaincode package -n itcastcc -v 1.0 -p github.com/chaincode chaincode.out
链码打包之后, 得到一个打包文件, 进行链码安装的时候可以使用这个文件直接进行链码安装
如何安装
$ peer chaincode install 文件名(对链码打包之后得到的文件)
tlsfile=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/itcast.com/orderers/orderer.itcast.com/msp/tlscacerts/tlsca.itcast.com-cert.pem
tlsfile -C itcastchannel -n itcastcc -v 1.0 -P "AND ('OrgGoMSP.member', 'OrgCppMSP.member')" -c '{"Args":["init", "a", "100", "b", "200"]}'