Fabric solo模式的部署
本次部署基于
solo模式部署,准备一台虚拟机就可以了。
环境准备
这一步主要是去初始化虚拟机的环境,拉取镜像和下载相关的工具。(做过这一步的同学可以略过这一步)
参考我的博客:Fabric部署环境初始化
下载工具
工具下载:hyperledger-fabric-linux-amd64-1.4.1.tar.gz
下载之后解压,在其文件夹中的"bin"目录下有"cryptogen"和"configtxgen"等工具。(复制到"fabric_solo/bin"目录中)
拉取镜像
# 下载脚本(没有安装curl命令,请自行安装-<yum install -y curl>)
curl -sS https://raw.githubusercontent.com/hyperledger/fabric/master/scripts/bootstrap.sh -o ./bootstrap.sh
# 赋予脚本执行权限
chmod +x ./bootstrap.sh
# 执行脚本来克隆fabric-samples库
# 镜像我们在前面的课程拉取过,这里跳过特定平台二进制文件的下载(很慢,自行通过浏览器下载,再上传到虚拟机)
./bootstrap.sh 1.4.1 1.4.1 0.4.15 -s -b
目录结构
fabric_solo
.
├── bin
│ ├── configtxgen
│ └── cryptogen
├── bootstrap.sh
├── channel-artifacts
│ └── ...
├── docker-solo.yaml
└── e2e-Orgs
├── configtx.yaml
├── crypto-config
│ └── ...
└── crypto-config.yaml
编写、生成配置
- 编写crypto-config.yaml
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
CA:
Country: US
Province: California
Locality: San Francisco
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
CA:
Country: US
Province: California
Locality: San Francisco
# Template:
# Count: 2
Users:
Count: 1
Specs:
- Hostname: peer0
- Hostname: peer1
- 编写configtx.yaml
################################################################################
#
# ORGANIZATIONS
#
################################################################################
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
################################################################################
#
# CAPABILITIES
#
################################################################################
Capabilities:
Channel: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
################################################################################
#
# APPLICATION
#
################################################################################
Application: &ApplicationDefaults
ACLs: &ACLsDefault
#---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#
# ACL policy for lscc's "getid" function
lscc/ChaincodeExists: /Channel/Application/Readers
# ACL policy for lscc's "getdepspec" function
lscc/GetDeploymentSpec: /Channel/Application/Readers
# ACL policy for lscc's "getccdata" function
lscc/GetChaincodeData: /Channel/Application/Readers
# ACL Policy for lscc's "getchaincodes" function
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
#---Query System Chaincode (qscc) function to policy mapping for access control---#
# ACL policy for qscc's "GetChainInfo" function
qscc/GetChainInfo: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByNumber" function
qscc/GetBlockByNumber: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByHash" function
qscc/GetBlockByHash: /Channel/Application/Readers
# ACL policy for qscc's "GetTransactionByID" function
qscc/GetTransactionByID: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByTxID" function
qscc/GetBlockByTxID: /Channel/Application/Readers
#---Configuration System Chaincode (cscc) function to policy mapping for access control---#
# ACL policy for cscc's "GetConfigBlock" function
cscc/GetConfigBlock: /Channel/Application/Readers
# ACL policy for cscc's "GetConfigTree" function
cscc/GetConfigTree: /Channel/Application/Readers
# ACL policy for cscc's "SimulateConfigTreeUpdate" function
cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers
#---Miscellanesous peer function to policy mapping for access control---#
# ACL policy for invoking chaincodes on peer
peer/Propose: /Channel/Application/Writers
# ACL policy for chaincode to chaincode invocation
peer/ChaincodeToChaincode: /Channel/Application/Readers
#---Events resource to policy mapping for access control###---#
# ACL policy for sending block events
event/Block: /Channel/Application/Readers
# ACL policy for sending filtered block events
event/FilteredBlock: /Channel/Application/Readers
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# ORDERER
#
################################################################################
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 10 MB
PreferredMaxBytes: 512 KB
MaxChannels: 0
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
################################################################################
#
# CHANNEL
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
################################################################################
Profiles:
OrgsOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
OrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- 生成组织证书
./bin/cryptogen generate
--config ./e2e-Orgs/crypto-config.yaml
--output ./e2e-Orgs/crypto-config/
- 生成创始区块
./bin/configtxgen
--profile OrgsOrdererGenesis
--channelID thyc-sys-channel
--configPath ./e2e-Orgs
--outputBlock ./channel-artifacts/genesis.block
- 生成通道配置
Note: 这个可以放在网络启起来之后再去做。
./bin/configtxgen
--profile OrgsChannel
--channelID mychannel
--configPath ./e2e-Orgs
--outputCreateChannelTx ./channel-artifacts/mychannel.tx
- 组织锚节点更新配置
Note: 这个可以放在网络启起来之后,或者通道创建之后再去做,根据实际的需求来决定是否设置锚节点。
./bin/configtxgen
--profile OrgsChannel --channelID mychannel
--asOrg Org1 --configPath ./e2e-Orgs/
--outputAnchorPeersUpdate ./channel-artifacts/Org1anchors.tx
- 编写docker_solo.yaml
使用tree命令可以直接查看目录结构(没有这个命令的请自行安装-<yum install -y tree>)
在去这个e2e-Orgs/crypto-config/peerOrganizations/org1.example.com/ca目录下找到私钥文件。
替换ca0服务下的 FABRIC_CA_SERVER_CA_KEYFILE 这个环境变量的私钥 ff0496478eb06f82d005a06d04d73dc658d785bf2985b15a363bfa82f34530de_sk
# 版本
version: '2'
# 网络
networks:
basic:
driver: bridge
# 服务
services:
# run ca0
ca0:
image: hyperledger/fabric-ca:${IMAGE_TAG_FABRIC_CA}
container_name: ca0.org1.example.com
restart: always
environment:
- FABRIC_CA_SERVER_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca0
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/7b08f2f2ee4987547e19cb8023020c6d8177a20f894966ff1b41bf341cc6b9ed_sk
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/7b08f2f2ee4987547e19cb8023020c6d8177a20f894966ff1b41bf341cc6b9ed_sk
- FABRIC_CA_SERVER_REGISTRY_MAXENROLLMENTS=-1
command: sh -c 'mkdir -p /etc/hyperledger/fabric-ca-server;cp -R /tmp/msp /etc/hyperledger/fabric-ca-server; mv /etc/hyperledger/fabric-ca-server/msp/*PublicKey /etc/hyperledger/fabric-ca-server; fabric-ca-server start -b admin:adminpw ${V11_IDENTITIES_ALLOWREMOVE} ${V11_AFFILIATIONS_ALLOWREMOVE} ${ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_CA_TLS} -d'
volumes:
# - ./fabric-data/:/etc/hyperledger/fabric-ca-server
- ./e2e-Orgs/crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config:ro
- ./e2e-Orgs/crypto-config/peerOrganizations/org1.example.com/msp/:/tmp/msp:ro
ports:
- 7054:7054
networks:
- basic
# run orderer
orderer.example.com:
image: hyperledger/fabric-orderer:${IMAGE_TAG_FABRIC}
container_name: orderer.example.com
restart: always
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
# 指定创世区块文件
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
# 是否开启TLS,该变量的值在.env中定义
- ORDERER_GENERAL_TLS_ENABLED=${ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_TLS}
# 是否开启客户端授权,该变量的值在.env中定义
- ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=${ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_CLIENT_AUTH_REQUIRED}
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/msp/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/msp/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/msp/orderer/tls/ca.crt]
- ORDERER_GENERAL_TLS_CLIENTROOTCAS=[/etc/hyperledger/msp/peerOrg1/msp/tlscacerts/tlsca.org1.example.com-cert.pem]
- GRPC_TRACE=all=true
- GRPC_VERBOSITY=info
- ORDERER_GENERAL_AUTHENTICATION_TIMEWINDOW=3600s #Not for production -- remove.
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
# - ./fabric-data/:/var/hyperledger/production
- ./channel-artifacts:/etc/hyperledger/configtx:ro
# 虚拟机向容器共享orderer节点的相关文件
- ./e2e-Orgs/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/:/etc/hyperledger/msp/orderer:ro
# 虚拟机向容器共享组织1的peer0节点的证书文件
- ./e2e-Orgs/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/:/etc/hyperledger/msp/peerOrg1:ro
ports:
- 7050:7050
extra_hosts:
- "peer1.org1.example.com:192.168.1.202"
- "peer0.org1.example.com:192.168.1.202"
networks:
- basic
# run peer0Org1
peer0.org1.example.com:
image: hyperledger/fabric-peer:${IMAGE_TAG_FABRIC}
container_name: peer0.org1.example.com
restart: always
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_basic
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ENDORSER_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_CHANNELSERVICE_ENABLED=true
- CORE_CHAINCODE_STARTUPTIMEOUT=10m
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/msp
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=${ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_TLS}
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=${ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_CLIENT_AUTH_REQUIRED}
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/msp/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/msp/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/msp/peer/tls/ca.crt
# ------
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.example.com:7056
# - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/msp/peer/msp/cacerts/ca.org1.example.com-cert.pem
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=/etc/hyperledger/msp/peer/msp/tlscacerts/tlsca.org1.example.com-cert.pem
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
# - ./fabric-data/:/var/hyperledger/production
- /var/run/:/host/var/run/
- ./e2e-Orgs/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/:/etc/hyperledger/msp/peer:ro
ports:
- 7051:7051
depends_on:
- orderer.example.com
extra_hosts:
- "peer1.org1.example.com:192.168.1.202"
networks:
- basic
# run peer1Org1
peer1.org1.example.com:
image: hyperledger/fabric-peer:${IMAGE_TAG_FABRIC}
container_name: peer1.org1.example.com
restart: always
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_basic
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ENDORSER_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_CHANNELSERVICE_ENABLED=true
- CORE_CHAINCODE_STARTUPTIMEOUT=10m
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/msp
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=${ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_TLS}
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=${ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_CLIENT_AUTH_REQUIRED}
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/msp/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/msp/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/msp/peer/tls/ca.crt
# ------
- CORE_PEER_ID=peer1.org1.example.com
- CORE_PEER_ADDRESS=peer1.org1.example.com:7051
- CORE_PEER_LISTENADDRESS=peer1.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
# - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/msp/peer/msp/cacerts/ca.org1.example.com-cert.pem
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=/etc/hyperledger/msp/peer/msp/tlscacerts/tlsca.org1.example.com-cert.pem
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
# - ./fabric-data/:/var/hyperledger/production
- /var/run/:/host/var/run/
- ./e2e-Orgs/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/:/etc/hyperledger/msp/peer:ro
ports:
- 7056:7051
depends_on:
- orderer.example.com
- peer0.org1.example.com
extra_hosts:
- "peer0.org1.example.com:192.168.1.202"
networks:
- basic
- 环境变量文件
.env
#default env. vars settings
#TLS:
#ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_TLS=true
#ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_CA_TLS=--tls.enabled
ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_TLS=false
ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_CA_TLS=
ORG_HYPERLEDGER_FABRIC_SDKTEST_INTEGRATIONTESTS_CLIENT_AUTH_REQUIRED=false
# docker-compose config for setting project name
COMPOSE_PROJECT_NAME=fabric
#
#Image tags - Fabric versions.
##V 1.4.1
# yes we reuse 1.3 since no change in fabric.
V11_IDENTITIES_ALLOWREMOVE=--cfg.identities.allowremove
V11_AFFILIATIONS_ALLOWREMOVE=--cfg.affiliations.allowremove
IMAGE_TAG_FABRIC=1.4.1
IMAGE_TAG_FABRIC_CA=1.4.1
启动网络
# 使用docker-compose来启动网络
docker-compose -f ./docker-solo.yaml up -d
# 强制重新创建
docker-compose -f ./docker-solo.yaml up --force-recreate -d
验证网络
这里就使用Fabric-java-sdk去检验网络。因为后面章节的课程,我讲SDK
其他命令
# 停止并移除所有容器
docker stop $(docker ps -aq) && docker rm $(docker ps -aq)