創建超級帳本網絡（hyperledger fabric)

參考http://www.cnblogs.com/preminem/p/7755411.html

　　此次部署的是2peer+1orderer的架構。

order	192.168.155.6
peer0	192.168.155.4
pee1	192.168.155.5

 

 

1、生成MSP證書

　　使用cryptogen工具生成證書。MSP證書是超級帳本網絡實體的身份標識，實體在通訊和交易時使用證書進行簽名和驗證。生產證書須要crypto-config.yaml文件。關於此文件的內容介紹和最終修改結果以下：

# ---------------------------------------------------------------------------
# "OrdererOrgs" - 定義排序節點的組織
# ---------------------------------------------------------------------------
OrdererOrgs:
  # ---------------------------------------------------------------------------
  # 排序節點的名稱和域名
  # ---------------------------------------------------------------------------
  - Name: Orderer
    Domain: example.com
    # ---------------------------------------------------------------------------
    # "Specs" - 手動定義節點名稱，命名規範：{{.hostname}}.{{.Domain}}
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - 定義Peer節點的組織
# ---------------------------------------------------------------------------
PeerOrgs:
  # ---------------------------------------------------------------------------
  # Org1
  # ---------------------------------------------------------------------------
  - Name: Org1
    Domain: org1.example.com
    # ---------------------------------------------------------------------------
    # "Template" 按模板生成peer節點的MSP證書，默認生成的peer節點名稱爲：peer{{.Index}}.{{.Domain}}
    #            Index是從start到count-1,默認爲0
    # ---------------------------------------------------------------------------
    Template:
      Count: 1
      # Start: 5
      # Hostname: {{.Prefix}}{{.Index}} # default
    # ---------------------------------------------------------------------------
    # "Users"
    # ---------------------------------------------------------------------------
    # Count: 除了admin，默認生成的用戶數
    # ---------------------------------------------------------------------------
    Users:
      Count: 1
  # ---------------------------------------------------------------------------
  # Org2:
  # ---------------------------------------------------------------------------
  - Name: Org2
    Domain: org2.example.com
    Template:
      Count: 1
    Users:
      Count: 1

 

　　根據這個文件能夠爲組織和其中的成員生成數字證書和簽名密鑰，生成的文件都保存到crypto-config文件夾：

cryptogen generate --config=./crypto-config.yaml

 

2、生成排序服務的創世區塊

生成創世區塊依賴文件configtx.yaml。configtx.yaml這個文件裏面配置了由2個Org參與的Orderer共識配置TwoOrgsOrdererGenesis，以及由2個Org 參與的Channel配置：TwoOrgsChannel。Orderer能夠設置共識的算法是Solo仍是Kafka，以及共識時區塊大小，超時時間 等，咱們使用默認值便可，不用更改。而Peer節點的配置包含了MSP的配置，錨節點的配置。若是咱們有更多的Org，或者有更多的Channel，那麼 就能夠根據模板進行對應的修改。

export FABRIC_CFG_PATH=$PWD
configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block

　　 TwoOrgsOrdererGenesis爲configtx.yaml中的profiles之一。

　　./channel-artifacts/genesis.block爲生成的創世塊的文件名及保存位置。

3、生成通道配置創世區塊

configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID mychannel

　　mychannel爲通道名稱

 　  TwoOrgsChannel爲configtx.yaml中的profiles之一。

4、生成組織錨節點

configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID mychannel -asOrg Org1MSP

configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID mychannel -asOrg Org2MSP

　　其中Org1MSP，Org2MSP爲組織名稱,在configtx.yaml中有設置。

最終，咱們在channel-artifacts文件夾中，應該是可以看到4個文件。

channel-artifacts/ 
├── channel.tx 
├── genesis.block 
├── Org1MSPanchors.tx 
└── Org2MSPanchors.tx

 5、啓動超級帳本網絡

　　使用docker-compose啓動超級帳本網絡。須要用到的配置文件是docker-compose-cli.yaml。經過修改此文件使其知足需求，該文件定義了1個排序服務節點，4個peer節點，一個命令行容器cli。默認經過和peer0.org1.example.com通訊。經過切換環境變量來和其餘節點通訊。

  1 、修改基礎配置文件

peer和orderder的基礎配置文件在base文件裏面。

由於咱們只有兩個組織，每一個組織只有一個peer，因此只需修改base/docker-compose-base.yaml文件，刪除 peer1.org1.example.com和peer1.org2.example.com。另外在單擊模式下，4個peer會映射主機不一樣的端口， 可是咱們在多機部署的時候是不須要映射不一樣端口的，因此將全部peer的端口映射都改成相同的，修改完成的docker-compose- base.yaml文件以下：

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0 # version: '2' services: orderer.example.com: container_name: orderer.example.com image: hyperledger/fabric-orderer environment: - ORDERER_GENERAL_LOGLEVEL=debug - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 - ORDERER_GENERAL_GENESISMETHOD=file - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block - ORDERER_GENERAL_LOCALMSPID=OrdererMSP - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp # enabled TLS - ORDERER_GENERAL_TLS_ENABLED=true - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] working_dir: /opt/gopath/src/github.com/hyperledger/fabric command: orderer volumes: - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls ports: - 7050:7050 peer0.org1.example.com: container_name: peer0.org1.example.com extends: file: peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer0.org1.example.com - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 - CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 - CORE_PEER_LOCALMSPID=Org1MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls ports: - 7051:7051 - 7052:7052 - 7053:7053 peer0.org2.example.com: container_name: peer0.org2.example.com extends: file: peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer0.org2.example.com - CORE_PEER_ADDRESS=peer0.org2.example.com:7051 - CORE_PEER_CHAINCODELISTENADDRESS=peer0.org2.example.com:7052 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051 - CORE_PEER_LOCALMSPID=Org2MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls ports: - 7051:7051 - 7052:7052 - 7053:7053 

 

二、設置orderer節點的docker-compose文件

cp docker-compose-cli.yaml docker-compose-orderer.yaml

orderer服務器上咱們只須要保留order設置，其餘peer和cli設置均可以刪除。orderer配置文件以下：

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0 # version: '2' services: orderer.example.com: extends: file: base/docker-compose-base.yaml service: orderer.example.com container_name: orderer.example.com

 

三、設置peer節點的docker-compose文件

先爲peer0.org1.example.com配置，與建立orderer的配置文件相似，咱們也複製一個yaml文件出來進行修改：

cp docker-compose-cli.yaml docker-compose-peer0org1.yaml

去掉orderer的配置，只保留一個peer和cli，由於咱們要多級部署，節點與節點以前又是經過主機名通信，因此須要修改容器中的host文 件，也就是extra_hosts設置。由於以後咱們要鏈接couchdb，因此這裏加入couchdb的配置，這裏的192.168.155.4:5984是我 映射CouchDB後的Linux的IP地址和IP,而後是設置用戶名和密碼。

一樣，cli也須要可以和各個節點通信，因此cli下面也須要添加extra_hosts設置，去掉無效的依賴，而且去掉command這一行，由於咱們是每一個peer都會有個對應的客戶端，也就是cli，因此我只須要去手動執行一次命令，而不是自動運行。

修改後的配置文件以下：

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0 # version: '2' services: peer0.org1.example.com: container_name: peer0.org1.example.com environment: - CORE_LEDGER_STATE_STATEDATABASE=CouchDB - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=192.168.155.4:5984 - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=password extends: file: base/docker-compose-base.yaml service: peer0.org1.example.com extra_hosts: - "orderer.example.com:192.168.155.6" cli: container_name: cli image: hyperledger/fabric-tools tty: true environment: - GOPATH=/opt/gopath - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - CORE_LOGGING_LEVEL=DEBUG - CORE_PEER_ID=cli - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 - CORE_PEER_LOCALMSPID=Org1MSP - CORE_PEER_TLS_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer volumes: - /var/run/:/host/var/run/ - ../chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts depends_on: - peer0.org1.example.com extra_hosts: - "orderer.example.com:192.168.155.6" - "peer0.org1.example.com:192.168.155.4" - "peer0.org2.example.com:192.168.155.5"

爲peer0.org2.example.com配置文件,根據peer0.org1.example.com修改便可

cp docker-compose-peer0org1.yaml docker-compose-peer0org2.yaml

修改後的配置文件以下：

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0 # version: '2' services: peer0.org2.example.com: container_name: peer0.org2.example.com environment: - CORE_LEDGER_STATE_STATEDATABASE=CouchDB - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=192.168.155.5:5984 - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=password extends: file: base/docker-compose-base.yaml service: peer0.org2.example.com extra_hosts: - "orderer.example.com:192.168.155.6" cli: container_name: cli image: hyperledger/fabric-tools tty: true environment: - GOPATH=/opt/gopath - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - CORE_LOGGING_LEVEL=DEBUG - CORE_PEER_ID=cli - CORE_PEER_ADDRESS=peer0.org2.example.com:7051 - CORE_PEER_LOCALMSPID=Org2MSP - CORE_PEER_TLS_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer volumes: - /var/run/:/host/var/run/ - ../chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts depends_on: - peer0.org2.example.com extra_hosts: 

 - "orderer.example.com:192.168.155.6" - "peer0.org1.example.com:192.168.155.4" - "peer0.org2.example.com:192.168.155.5"

 

6、啓動orderer節點

在orderer服務器上運行：

cd ~/go/src/github.com/hyperledger/fabric/examples/e2e_cli

docker-compose -f docker-compose-orderer.yaml up -d

運行完畢後咱們可使用docker ps看到運行了一個名字爲orderer.example.com的容器。

 

7、啓動peer節點

　　一、安裝和運行couchdb

docker run -p 5984:5984 -d --name my-couchdb -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -v ~/couchdb:/opt/couchdb/data klaemo/couchdb

啓動後咱們打開瀏覽器，訪問peer0.org1的IP的5984端口的URL，peer0.org1的IP是192.168.155.4，那麼URL是：

http://192.168.155.4:5984/_utils

這個時候咱們就能夠看到CouchDB的Web管理界面了。輸入用戶名admin密碼password便可進入。

　　二、啓動peer節點和CLI容器

命令爲：

cd ~/go/src/github.com/hyperledger/fabric/examples/e2e_cli

docker-compose -f docker-compose-peer0org1.yaml up –d

運行完畢後咱們使用docker ps應該能夠看到3個正在運行的容器。

 

接下來到peer0.org2.example.com服務器。運行相同的命令：

mkdir couchdb

docker run -p 5984:5984 -d --name my-couchdb -e COUCHDB_USER=admin -e COUCHDB_PASSWORD=password -v ~/couchdb:/opt/couchdb/data klaemo/couchdb

cd ~/go/src/github.com/hyperledger/fabric/examples/e2e_cli

docker-compose -f docker-compose-peer0org2.yaml up –d

如今咱們整個Fabric網絡已經成型，接下來是建立channel和運行ChainCode。

 

8、建立channel

咱們到peer0.org1.example.com服務器上，使用該服務器上的cli來運行建立Channel和運行ChainCode的操做。先用如下命令進入CLI內部Bash：

docker exec -it cli bash

建立Channel的命令是peer channel create，咱們前面建立Channel的配置區塊時，指定了Channel的名字是mychannel，那麼這裏咱們必須建立一樣名字的Channel。

ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

peer channel create -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/channel.tx --tls true --cafile $ORDERER_CA

執行該命令後，系統會提示：

2017-10-30 18:30:35.210 UTC [channelCmd] readBlock -> DEBU 020 Received block:0

系統會在cli內部的當前目錄建立一個mychannel.block文件，這個文件很是重要，接下來其餘節點要加入這個Channel就必須使用這個文件。

 

9、各個peer加入channel

仍是在peer0.org1的CLI上，咱們要將這個Peer加入mychannel就很簡單，只須要運行以下命令：

peer channel join -b mychannel.block

系統返回消息：

2017-10-30 18:40:21.405 UTC [channelCmd] executeJoin -> INFO 006 Peer joined the channel!

 

修改cli的環境變量，使其指向peer0.org2

CORE_PEER_LOCALMSPID="Org2MSP" 
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt 
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp 
CORE_PEER_ADDRESS=peer0.org2.example.com:7051

peer channel join -b mychannel.block

 

這樣peer0.org1和peer0.org2就都已經加入channel了。

注：這一切都是我在peer0.org1的cli內完成的，這是因爲加入channel依賴 [channel-ID].block文件，並且在peer0.org1服務器的cli內也留有了peer0.org2的證書文件，所以兩個節點的加入都在一個cli內完成了。其實當一個節點建立channel之後能夠把[channel-ID].block文件從容器內拷貝到主機，再分發給其餘節點，這樣其餘節點就能夠經過[channel-ID].block加入channel了。當cli容器被銷燬時該容器下全部的文件都會被銷燬，可是若是備份了[channel-ID].block，那麼即便全部的peer和cli被銷燬了，也能夠再次經過[channel-ID].block加入channel、同步區塊。

 

10、更新錨節點

關於AnchorPeer，其實個人每一個組織只有一個peer節點，因此更新不更新錨節點也不重要。

對於Org1來講，peer0.org1是錨節點，咱們須要切換到peer0.org1服務器上並更新錨節點：

CORE_PEER_LOCALMSPID="Org1MSP" 
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt 
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp 
CORE_PEER_ADDRESS=peer0.org1.example.com:7051

  peer channel update -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/Org1MSPanchors.tx --tls true --cafile $ORDERER_CA

 

另外對於Org2，peer0.org2是錨節點，切換到peer0.org2服務器上而後執行以下命令：

CORE_PEER_LOCALMSPID="Org2MSP" 
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt 
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp 
CORE_PEER_ADDRESS=peer0.org2.example.com:7051

peer channel update -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/Org2MSPanchors.tx --tls true --cafile $ORDERER_CA

 

結束。