超級賬本 fabric2.0 叢集多機部署
首先按照確定已經安裝好fabric2.0相關環境,且保證docker環境一緻(先跑通first-network!!!)
搭建fabric2.0環境請參考
fabric2.0開發 基本環境安裝配置
fabric2.0開發 部署fabric環境和fabric-samples的啟動
我們使用 docker swarm 進行叢集管理
組織架構
4台伺服器 4個組織 8個peer
伺服器分别為
192.168.1.188 (host1)
192.168.1.201 (host2)
192.168.1.202 (host3)
192.168.1.206 (host4)
其中每台伺服器一個組織兩個peer
部署過程
1.拉取docker swarm 鏡像(分别在host1,host2,host3,host4拉取鏡像)
docker pull swarm
2.host1執行指令(終端192.168.1.188)
docker swarm init --advertise-addr 192.168.1.188
執行截圖
3.執行擷取其他機器連接配接的manager指令(終端192.168.1.188)
docker swarm join-token manager
- 執行此指令我們可以看到傳回了一個加入叢集的指令
- 指令
docker swarm join --token SWMTKN-1-4jpo4z6xnd9jz2ne2blzoe8erzo28vbqja83m5qd01pqfd88p1-9ir3qsc5ctdqnlnlkizwqi6yy 192.168.1.188:2377
4.使用最後的輸出,将其他節點以管理者身份加入swarm
- 在host2,host3,host4分别執行剛剛傳回的指令
- host2執行:
(終端192.168.1.201)docker swarm join --token SWMTKN-1-4jpo4z6xnd9jz2ne2blzoe8erzo28vbqja83m5qd01pqfd88p1-9ir3qsc5ctdqnlnlkizwqi6yy 192.168.1.188:2377
- host3執行:
(終端192.168.1.202)docker swarm join --token SWMTKN-1-4jpo4z6xnd9jz2ne2blzoe8erzo28vbqja83m5qd01pqfd88p1-9ir3qsc5ctdqnlnlkizwqi6yy 192.168.1.188:2377
- host4執行:
(終端192.168.1.206)docker swarm join --token SWMTKN-1-4jpo4z6xnd9jz2ne2blzoe8erzo28vbqja83m5qd01pqfd88p1-9ir3qsc5ctdqnlnlkizwqi6yy 192.168.1.188:2377
5.從host 1建立疊加網絡first-network(終端192.168.1.188)
- 執行指令如下
-
docker network create --attachable --driver overlay first-network
- 使用docker network ls 檢視我們建立的疊加網絡
- 我們去檢視其他其他三台主機
- 主機192.168.1.201
- 主機192.168.1.202
- 主機192.168.1.206
6.在host1上準備材料(終端192.168.1.188)
-
執行指令
cd fabric-samples
mkdir asset_network
cd asset_network
-
直接從first-network拷貝crypto-config.yaml和configtx.yaml檔案
cp …/first-network/crypto-config.yaml .
cp …/first-network/configtx.yaml .
mkdir scripts
cp …/first-network/scripts/* ./scripts
- 接下來我們開始修改用于生成MSP相關證書組織架構和節點數的crypto-config.yaml檔案(修改如下)
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
- Hostname: orderer2
- Hostname: orderer3
- Hostname: orderer4
- Hostname: orderer5
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
# ---------------------------------------------------------------------------
# add org3
# ---------------------------------------------------------------------------
- Name: Org3
Domain: org3.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
- Name: Org4
Domain: org4.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
- 接下來我們開始修改用于生成創世區塊,交易通道configtx.yaml配置檔案(修改如下)
-
# Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # --- ################################################################################ # # Section: Organizations # # - This section defines the different organizational identities which will # be referenced later in the configuration. # ################################################################################ Organizations: # SampleOrg defines an MSP using the sampleconfig. It should never be used # in production but may be used as a template for other definitions - &OrdererOrg # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment Name: OrdererOrg # ID to load the MSP definition as ID: OrdererMSP # MSPDir is the filesystem path which contains the MSP configuration MSPDir: crypto-config/ordererOrganizations/example.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/<Application|Orderer>/<OrgName>/<PolicyName> Policies: Readers: Type: Signature Rule: "OR('OrdererMSP.member')" Writers: Type: Signature Rule: "OR('OrdererMSP.member')" Admins: Type: Signature Rule: "OR('OrdererMSP.admin')" OrdererEndpoints: - orderer.example.com:7050 - &Org1 # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment Name: Org1MSP # ID to load the MSP definition as ID: Org1MSP MSPDir: crypto-config/peerOrganizations/org1.example.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/<Application|Orderer>/<OrgName>/<PolicyName> Policies: Readers: Type: Signature Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" Writers: Type: Signature Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" Admins: Type: Signature Rule: "OR('Org1MSP.admin')" Endorsement: Type: Signature Rule: "OR('Org1MSP.peer')" # leave this flag set to true. AnchorPeers: # AnchorPeers defines the location of peers which can be used # for cross org gossip communication. Note, this value is only # encoded in the genesis block in the Application section context - Host: peer0.org1.example.com Port: 7051 - &Org2 # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment Name: Org2MSP # ID to load the MSP definition as ID: Org2MSP MSPDir: crypto-config/peerOrganizations/org2.example.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/<Application|Orderer>/<OrgName>/<PolicyName> Policies: Readers: Type: Signature Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" Writers: Type: Signature Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" Admins: Type: Signature Rule: "OR('Org2MSP.admin')" Endorsement: Type: Signature Rule: "OR('Org2MSP.peer')" AnchorPeers: # AnchorPeers defines the location of peers which can be used # for cross org gossip communication. Note, this value is only # encoded in the genesis block in the Application section context - Host: peer0.org2.example.com Port: 7050 - &Org3 # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment Name: Org3MSP # ID to load the MSP definition as ID: Org3MSP MSPDir: crypto-config/peerOrganizations/org3.example.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/<Application|Orderer>/<OrgName>/<PolicyName> Policies: Readers: Type: Signature Rule: "OR('Org3MSP.admin', 'Org3MSP.peer', 'Org3MSP.client')" Writers: Type: Signature Rule: "OR('Org3MSP.admin', 'Org3MSP.client')" Admins: Type: Signature Rule: "OR('Org3MSP.admin')" Endorsement: Type: Signature Rule: "OR('Org3MSP.peer')" AnchorPeers: # AnchorPeers defines the location of peers which can be used # for cross org gossip communication. Note, this value is only # encoded in the genesis block in the Application section context - Host: peer0.org3.example.com Port: 7050 - &Org4 # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment Name: Org4MSP # ID to load the MSP definition as ID: Org4MSP MSPDir: crypto-config/peerOrganizations/org4.example.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/<Application|Orderer>/<OrgName>/<PolicyName> Policies: Readers: Type: Signature Rule: "OR('Org4MSP.admin', 'Org4MSP.peer', 'Org4MSP.client')" Writers: Type: Signature Rule: "OR('Org4MSP.admin', 'Org4MSP.client')" Admins: Type: Signature Rule: "OR('Org4MSP.admin')" Endorsement: Type: Signature Rule: "OR('Org4MSP.peer')" AnchorPeers: # AnchorPeers defines the location of peers which can be used # for cross org gossip communication. Note, this value is only # encoded in the genesis block in the Application section context - Host: peer0.org4.example.com Port: 7050 ################################################################################ # # SECTION: Capabilities # # - This section defines the capabilities of fabric network. This is a new # concept as of v1.1.0 and should not be utilized in mixed networks with # v1.0.x peers and orderers. Capabilities define features which must be # present in a fabric binary for that binary to safely participate in the # fabric network. For instance, if a new MSP type is added, newer binaries # might recognize and validate the signatures from this type, while older # binaries without this support would be unable to validate those # transactions. This could lead to different versions of the fabric binaries # having different world states. Instead, defining a capability for a channel # informs those binaries without this capability that they must cease # processing transactions until they have been upgraded. For v1.0.x if any # capabilities are defined (including a map with all capabilities turned off) # then the v1.0.x peer will deliberately crash. # ################################################################################ Capabilities: # Channel capabilities apply to both the orderers and the peers and must be # supported by both. # Set the value of the capability to true to require it. Channel: &ChannelCapabilities # V2_0 capability ensures that orderers and peers behave according # to v2.0 channel capabilities. Orderers and peers from # prior releases would behave in an incompatible way, and are therefore # not able to participate in channels at v2.0 capability. # Prior to enabling V2.0 channel capabilities, ensure that all # orderers and peers on a channel are at v2.0.0 or later. V2_0: true # Orderer capabilities apply only to the orderers, and may be safely # used with prior release peers. # Set the value of the capability to true to require it. Orderer: &OrdererCapabilities # V2_0 orderer capability ensures that orderers behave according # to v2.0 orderer capabilities. Orderers from # prior releases would behave in an incompatible way, and are therefore # not able to participate in channels at v2.0 orderer capability. # Prior to enabling V2.0 orderer capabilities, ensure that all # orderers on channel are at v2.0.0 or later. V2_0: true # Application capabilities apply only to the peer network, and may be safely # used with prior release orderers. # Set the value of the capability to true to require it. Application: &ApplicationCapabilities # V2_0 application capability ensures that peers behave according # to v2.0 application capabilities. Peers from # prior releases would behave in an incompatible way, and are therefore # not able to participate in channels at v2.0 application capability. # Prior to enabling V2.0 application capabilities, ensure that all # peers on channel are at v2.0.0 or later. V2_0: true ################################################################################ # # SECTION: Application # # - This section defines the values to encode into a config transaction or # genesis block for application related parameters # ################################################################################ Application: &ApplicationDefaults # Organizations is the list of orgs which are defined as participants on # the application side of the network Organizations: # Policies defines the set of policies at this level of the config tree # For Application policies, their canonical path is # /Channel/Application/<PolicyName> Policies: Readers: Type: ImplicitMeta Rule: "ANY Readers" Writers: Type: ImplicitMeta Rule: "ANY Writers" Admins: Type: ImplicitMeta Rule: "MAJORITY Admins" LifecycleEndorsement: Type: ImplicitMeta Rule: "MAJORITY Endorsement" Endorsement: Type: ImplicitMeta Rule: "MAJORITY Endorsement" Capabilities: <<: *ApplicationCapabilities ################################################################################ # # SECTION: Orderer # # - This section defines the values to encode into a config transaction or # genesis block for orderer related parameters # ################################################################################ Orderer: &OrdererDefaults # Orderer Type: The orderer implementation to start OrdererType: etcdraft # Batch Timeout: The amount of time to wait before creating a batch BatchTimeout: 2s # Batch Size: Controls the number of messages batched into a block BatchSize: # Max Message Count: The maximum number of messages to permit in a batch MaxMessageCount: 10 # Absolute Max Bytes: The absolute maximum number of bytes allowed for # the serialized messages in a batch. AbsoluteMaxBytes: 99 MB # Preferred Max Bytes: The preferred maximum number of bytes allowed for # the serialized messages in a batch. A message larger than the preferred # max bytes will result in a batch larger than preferred max bytes. PreferredMaxBytes: 512 KB # Organizations is the list of orgs which are defined as participants on # the orderer side of the network Organizations: # Policies defines the set of policies at this level of the config tree # For Orderer policies, their canonical path is # /Channel/Orderer/<PolicyName> Policies: Readers: Type: ImplicitMeta Rule: "ANY Readers" Writers: Type: ImplicitMeta Rule: "ANY Writers" Admins: Type: ImplicitMeta Rule: "MAJORITY Admins" # BlockValidation specifies what signatures must be included in the block # from the orderer for the peer to validate it. BlockValidation: Type: ImplicitMeta Rule: "ANY Writers" ################################################################################ # # CHANNEL # # This section defines the values to encode into a config transaction or # genesis block for channel related parameters. # ################################################################################ Channel: &ChannelDefaults # Policies defines the set of policies at this level of the config tree # For Channel policies, their canonical path is # /Channel/<PolicyName> Policies: # Who may invoke the 'Deliver' API Readers: Type: ImplicitMeta Rule: "ANY Readers" # Who may invoke the 'Broadcast' API Writers: Type: ImplicitMeta Rule: "ANY Writers" # By default, who may modify elements at this config level Admins: Type: ImplicitMeta Rule: "MAJORITY Admins" # Capabilities describes the channel level capabilities, see the # dedicated Capabilities section elsewhere in this file for a full # description Capabilities: <<: *ChannelCapabilities ################################################################################ # # Profile # # - Different configuration profiles may be encoded here to be specified # as parameters to the configtxgen tool # ################################################################################ Profiles: FourOrgsChannel: Consortium: SampleConsortium <<: *ChannelDefaults Application: <<: *ApplicationDefaults Organizations: - *Org1 - *Org2 - *Org3 - *Org4 Capabilities: <<: *ApplicationCapabilities SampleMultiNodeEtcdRaft: <<: *ChannelDefaults Capabilities: <<: *ChannelCapabilities Orderer: <<: *OrdererDefaults OrdererType: etcdraft EtcdRaft: Consenters: - Host: orderer.example.com Port: 7050 ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt - Host: orderer2.example.com Port: 7050 ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt - Host: orderer3.example.com Port: 7050 ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt - Host: orderer4.example.com Port: 7050 ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt - Host: orderer5.example.com Port: 8050 ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt Addresses: - orderer.example.com:7050 - orderer2.example.com:7050 - orderer3.example.com:7050 - orderer4.example.com:7050 - orderer5.example.com:8050 Organizations: - *OrdererOrg Capabilities: <<: *OrdererCapabilities Application: <<: *ApplicationDefaults Organizations: - <<: *OrdererOrg Consortiums: SampleConsortium: Organizations: - *Org1 - *Org2 - *Org3 - *Org4
- 然後根據配置檔案生成必要的密碼學資料
-
../bin/cryptogen generate --config=./crypto-config.yaml export FABRIC_CFG_PATH=$PWD mkdir channel-artifacts ../bin/configtxgen -profile SampleMultiNodeEtcdRaft -outputBlock ./channel-artifacts/genesis.block -channelID byfn-sys-channel ../bin/configtxgen -profile FourOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID mychannel ../bin/configtxgen -profile FourOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID mychannel -asOrg Org1MSP ../bin/configtxgen -profile FourOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID mychannel -asOrg Org2MSP ../bin/configtxgen -profile FourOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org3MSPanchors.tx -channelID mychannel -asOrg Org3MSP ../bin/configtxgen -profile FourOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org4MSPanchors.tx -channelID mychannel -asOrg Org4MSP
7.為所有主機準備docker-compose檔案,需要建立6個docker-compose檔案以及一個env檔案(終端192.168.1.188)
檔案名 | 解釋 |
---|---|
base/peer-base.yaml | 生成peer節點的基礎配置檔案 |
base/docker-compose-peer.yaml | 各org,peer,order的docker部署配置檔案 |
host1.yaml | 主機192.168.1.188啟動服務的配置檔案 |
host2.yaml | 主機192.168.1.201啟動服務的配置檔案 |
host3.yaml | 主機192.168.1.202啟動服務的配置檔案 |
host4.yaml | 主機192.168.1.206啟動服務的配置檔案 |
.env | 配置檔案 |
- 針對相關檔案的修改
-
base/peer-base.yaml中,CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE修改為
我們之前建立的疊加網絡first-network
- base/docker-compose-base.yaml中,由于我們添加了兩個組織,且每個組織都在不同的機器上,一方面修改了映射的端口,一方面添加了對應的兩個組織群組織對應的peer。
-
在所有的hostn.yaml檔案中,我們添加疊加網絡first-network
現在我們在host 1上準備好了所有資料,将該目錄拷貝到其他主機。由于不能跨EC2執行個體拷貝檔案,我們使用本地機器進行橋接操作,将準備好的檔案分别發送到其他3台主機上去:
-
8.将我們建立及生成的檔案打包(終端192.168.1.188)
cd ..
tar cf asset_network.tar asset_network
scp asset_network.tar [email protected]:/root/go/src/github.com/hyperledger/fabric-samples
scp asset_network.tar [email protected]:/root/go/src/github.com/hyperledger/fabric-samples
scp asset_network.tar [email protected]:/root/go/src/github.com/hyperledger/fabric-samples
9.分别登陸剛剛遠端複制的機器進行解壓包
#在host2、host3、host4上分别執行
cd /root/go/src/github.com/hyperledger/fabric-samples
rm -rf asset_network
tar xf asset_network.tar
cd asset_network
現在所有的節點都有了同樣的密碼學資料和docker-compose檔案,我們可以啟動容器了。
10.分别在各個主機上使用docker-composer啟動應用程式
-
host2 (終端192.168.1.188)
docker-compose -f host1.yaml up -d
使用docker ps檢視服務
-
host2 (終端192.168.1.201)
docker-compose -f host2.yaml up -d
使用docker ps檢視服務
-
host3 (終端192.168.1.202)
docker-compose -f host3.yaml up -d
使用docker ps檢視服務
-
host4 (終端192.168.1.206)
docker-compose -f host4.yaml up -d
使用docker ps檢視服務
如下為 docker-compose -f host1.yaml up -d 指令傳回截圖
11.為mychannel通道建立創世區塊(終端192.168.1.188)
docker exec cli peer channel create -o orderer.example.com:7050 -c mychannel \
-f ./channel-artifacts/channel.tx --tls true \
--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
結果如下圖
12.将peer0.org1加入mychannel(終端192.168.1.188)
docker exec cli peer channel join -b mychannel.block
13.将peer1.org1加入mychannel(終端192.168.1.188)
docker exec -e CORE_PEER_ADDRESS=peer1.org1.example.com:8051 -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt cli peer channel join -b mychannel.block
14.将peer0.org2加入mychannel(終端192.168.1.188)
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp \
-e CORE_PEER_ADDRESS=peer0.org2.example.com:7051 -e CORE_PEER_LOCALMSPID="Org2MSP" \
-e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt \
cli peer channel join -b mychannel.block
15.将peer1.org2加入mychannel(終端192.168.1.188)
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp \
-e CORE_PEER_ADDRESS=peer1.org2.example.com:8051 -e CORE_PEER_LOCALMSPID="Org2MSP" \
-e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt \
cli peer channel join -b mychannel.block
16.将peer0.org3加入mychannel(終端192.168.1.188)
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp \
-e CORE_PEER_ADDRESS=peer0.org3.example.com:7051 -e CORE_PEER_LOCALMSPID="Org3MSP" \
-e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt \
cli peer channel join -b mychannel.block
17.将peer1.org3加入mychannel(終端192.168.1.188)
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp \
-e CORE_PEER_ADDRESS=peer1.org3.example.com:8051 -e CORE_PEER_LOCALMSPID="Org3MSP" \
-e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt \
cli peer channel join -b mychannel.block
18.将peer0.org4加入mychannel(終端192.168.1.188)
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org4.example.com/users/[email protected]/msp \
-e CORE_PEER_ADDRESS=peer0.org4.example.com:7051 -e CORE_PEER_LOCALMSPID="Org4MSP" \
-e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/ca.crt \
cli peer channel join -b mychannel.block
19.将peer1.org4加入mychannel(終端192.168.1.188)
docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org4.example.com/users/[email protected]/msp \
-e CORE_PEER_ADDRESS=peer1.org4.example.com:8051 -e CORE_PEER_LOCALMSPID="Org4MSP" \
-e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org4.example.com/peers/peer1.org4.example.com/tls/ca.crt \
cli peer channel join -b mychannel.block
到此我們已經啊将所有組織和peer加入到了我們的channel通道中
20.安裝并執行個體化Fabcar鍊碼(終端192.168.1.188)
-
進入到docker的cli終端
docker exec -it cli bash
-
檢視環境變量
env
- 設定go 的通路源
go env -w GOPROXY=https://goproxy.io,direct
- 開始打包chaincode
-
peer lifecycle chaincode package mycc1.tar.gz --path /opt/gopath/src/github.com/chaincode/abstore/go/ --lang golang --label mycc_1
指令解釋:
mycc2.tar.gz :打包合約封包件名
–path 智能合約路徑,可以在host1.yaml中檢視cli容器的資料卷配置查詢
–lang 智能合約語言 支援golang、node、java
–label 智能合約标簽,描述作用
- 開始安裝chaincode
peer lifecycle chaincode install mycc1.tar.gz
- 驗證合約安裝是否安裝到節點
出現如下結果表示安裝成功peer lifecycle chaincode queryinstalled
- 目前組織同意合約定義(注意下面指令使用的mycc_1對應的包id應該是使用剛剛驗證時傳回的包id!!!)
-
peer lifecycle chaincode approveformyorg --tls true \ --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem \ --channelID mychannel --name mycc1 --version 1 --init-required --package-id mycc_1:9098a2442d1c40119cb0a085a206d89e61859649ebcca587357e2b56a3b3fe73 --sequence 1 --waitForEvent
-
指令解釋:
–tls 是否啟動tls
–ca ca證書路徑
–channelID 智能合約安裝通道
–name 合約名
–version 合約版本
–package-id queryinstalled查詢的合約ID
–sequence 序列号
–waitForEvent 等待peer送出交易傳回
–init-required 合約是否必須執行init
-
- 檢查合約是否滿足政策
-
peer lifecycle chaincode checkcommitreadiness --channelID mychannel --name mycc1 --version 1 --sequence 1 --output json --init-required
- 通過檢查合約政策如上圖,我們可知Org1MSP 已經通過政策,但由于我們的政策定義是滿足過半數
- 現在明顯不滿足,我們還是執行commit合約看一下會怎麼樣
-
peer lifecycle chaincode commit -o orderer.example.com:7050 \ --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem \ --channelID mychannel --name mycc1 --peerAddresses peer0.org1.example.com:7051 \ --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt \ --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt \ --peerAddresses peer0.org3.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt \ --peerAddresses peer0.org4.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/ca.crt \ --version 1 --sequence 1 --init-required
- chaincode definition not agreed to by this org (Org2MSP) 鍊碼合約定義還沒取得Org2MSP的同意,這時候我們需要把Org2MSP,Org3MSP,Org4MSP也同意這個合約定義
- Org2MSP 同意合約
- 從新定義環境變量
-
export CORE_PEER_LOCALMSPID=Org2MSP export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- 從新安裝合約到節點
peer lifecycle chaincode install mycc1.tar.gz
- 驗證合約安裝是否安裝到節點
peer lifecycle chaincode queryinstalled
- 目前組織同意合約定義(注意下面指令使用的mycc_1對應的包id應該是使用剛剛驗證時傳回的包id!!!)
-
peer lifecycle chaincode approveformyorg --tls true \ --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem \ --channelID mychannel --name mycc1 --version 1 --init-required --package-id mycc_1:9098a2442d1c40119cb0a085a206d89e61859649ebcca587357e2b56a3b3fe73 --sequence 1 --waitForEvent
- 檢查合約是否滿足政策
-
peer lifecycle chaincode checkcommitreadiness --channelID mychannel --name mycc1 --version 1 --sequence 1 --output json --init-required
此時我們可以看到,現在Org2MSP也已經顯示為true,組織二也滿足了政策
後面請按照<Org2MSP 同意合約>走的程式,在将Org3MSP,Org4MSP再走一遍上述流程,使Org3MSP,Org4MSP也同意政策
最終所有組織都同意合約傳回入下圖是以
- 在滿足合約定義的政策後,送出合約
-
傳回如下圖peer lifecycle chaincode commit -o orderer.example.com:7050 \ --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem \ --channelID mychannel --name mycc1 --peerAddresses peer0.org1.example.com:7051 \ --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt \ --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt \ --peerAddresses peer0.org3.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt \ --peerAddresses peer0.org4.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/ca.crt \ --version 1 --sequence 1 --init-required
參數解釋
–tls 是否啟動tls
–ca ca證書路徑
–channelID 智能合約安裝通道
–name 合約名
–version 合約版本
–package-id queryinstalled查詢的合約ID
–sequence 序列号
–waitForEvent 等待peer送出交易傳回
–init-required 合約是否必須執行init
–peerAddresses 節點路徑
–tlsRootCertFiles 節點ca根證書路徑(–peerAddresses --tlsRootCertFiles 連用,可多個節點,多個節點即将合約部署到對應節點集合上)
在主控端(192.168.1.201)中檢視智能合約容器,此時合約容器已經啟動,其他主機請自行檢視
- 檢視節點已送出合約
-
peer lifecycle chaincode querycommitted --channelID mychannel --name mycc1
- 操作合約
-
如下圖我們可以看到我們成功初始化合約peer chaincode invoke -o orderer.example.com:7050 --tls true \ --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem \ -C mychannel -n mycc1 --peerAddresses peer0.org1.example.com:7051 \ --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt \ --peerAddresses peer0.org2.example.com:7051 \ --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt \ --peerAddresses peer0.org3.example.com:7051 \ --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt \ --peerAddresses peer0.org4.example.com:7051 \ --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/ca.crt \ --isInit -c '{"Args":["Init","a","100","b","100"]}'
-
查詢
peer chaincode query -C mychannel -n mycc1 -c ‘{“Args”:[“query”,“a”]}’
如下圖我們可以看到查詢到我們需要的資料。a賬戶餘額為100
- 調用 invoke方法, a ->b 轉賬20
-
如下圖我們可以看到已經成功給b轉賬20peer chaincode invoke -o orderer.example.com:7050 --tls true \ --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem \ -C mychannel -n mycc1 --peerAddresses peer0.org1.example.com:7051 \ --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt \ --peerAddresses peer0.org2.example.com:7051 \ --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt \ --peerAddresses peer0.org3.example.com:7051 \ --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt \ --peerAddresses peer0.org4.example.com:7051 \ --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/ca.crt \ -c '{"Args":["invoke","a","b","20"]}'
- 我們再次查詢a的餘額
-
我們可以看到a的餘額已經減少20為80,到此我們成功多機部署了fabric環境。peer chaincode query -C mychannel -n mycc1 -c '{"Args":["query","a"]}'