Hyperledge Fabric 2.2 —— 「getting started」
若是能夠,儘可能直接讀原文
https://hyperledger-fabric.readthedocs.io/en/release-2.2/install.html
若是時間倉促,能夠看本文。
html
1.軟件預安裝
建議直接安裝在Linux系統(能夠安裝虛擬機)中。
(1)安裝Git、cURL、Docker
(2) 安裝Fabric
node
詳情參考
https://hyperledger-fabric.readthedocs.io/en/release-2.2/prereqs.html
docker
2.瞭解test-network
(1)確認成功安裝預裝軟件
(2)運行網絡
進入測試網絡所在文件路徑;關閉網絡,刪除以前運行的container、認證數據及鏈碼。
bash
$ cd fabric/test-network
$ ./network.sh down
以默認配置啓動網絡,採用默認加密方式,未使用CA認證;網絡
$ ./network up
若是想啓動的網絡的同時,啓動一條默認通道,能夠將上述命令替換成:app
./network.sh up createChannel
若是須要自定義通道名tcp
$ ./network createChannel -c 自定義通道名稱
成功啓動通道時效果以下:ide
========= Channel successfully joined ===========
查看當前Docker中運行的組件:工具
$ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 7742350cc363 hyperledger/fabric-peer:2.1.1 "peer node start" About a minute ago Up About a minute 7051/tcp, 0.0.0.0:9051->9051/tcp peer0.org2.example.com f55947826039 hyperledger/fabric-peer:2.1.1 "peer node start" About a minute ago Up About a minute 0.0.0.0:7051->7051/tcp peer0.org1.example.com 7de556f811ac hyperledger/fabric-orderer:2.1.1 "orderer" About a minute ago Up About a minute 0.0.0.0:7050->7050/tcp orderer.example.com
合約部署命令:測試
./network.sh deployCC
部署後再次查看docker內容:
$ ./network.sh deployCC CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ffa3c594fdc3 dev-peer0.org1.example.com-basic_1.0-4ec191e793b27e953ff2ede5a8bcc63152cecb1e4c3f301a26e22692c61967ad-42f57faac8360472e47cbbbf3940e81bba83439702d085878d148089a1b213ca "chaincode -peer.add…" 3 minutes ago Up 3 minutes dev-peer0.org1.example.com-basic_1.0-4ec191e793b27e953ff2ede5a8bcc63152cecb1e4c3f301a26e22692c61967ad 72bb69e91f9a dev-peer0.org2.example.com-basic_1.0-4ec191e793b27e953ff2ede5a8bcc63152cecb1e4c3f301a26e22692c61967ad-6c0d5b0755cb92ed5555bd2e8a8765a6f425d1ed5ed9a90e625e01939e2113be "chaincode -peer.add…" 3 minutes ago Up 3 minutes dev-peer0.org2.example.com-basic_1.0-4ec191e793b27e953ff2ede5a8bcc63152cecb1e4c3f301a26e22692c61967ad 7742350cc363 hyperledger/fabric-peer:2.1.1 "peer node start" 10 minutes ago Up 10 minutes 7051/tcp, 0.0.0.0:9051->9051/tcp peer0.org2.example.com f55947826039 hyperledger/fabric-peer:2.1.1 "peer node start" 10 minutes ago Up 10 minutes 0.0.0.0:7051->7051/tcp peer0.org1.example.com 7de556f811ac hyperledger/fabric-orderer:2.1.1 "orderer" 10 minutes ago Up 10 minutes 0.0.0.0:7050->7050/tcp orderer.example.com
能夠發如今兩個組織節點上啓動了鏈代碼container。
3.體驗合約交互
(1)環境參數配置
建議打開系統的環境配置文件,命令以下:
$ sudo gedit /etc/profile $ source /etc/profile
增長兩行代碼:
$ export PATH=上級目錄/fabric/bin/ #將peer等命令路徑預規劃,便於直接使用 $ export FABRIC_CFG_PATH=上級目錄/fabric/bin/ #指定配置文件路徑
上述代碼僅在fabric文件夾移動位置時須要變化。
接着,回到test-network文件夾:
在終端運行如下代碼,即設定當前用戶權限爲Org1
# Environment variables for Org1 以org1權限運行peer export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=localhost:7051
此時,已經完成了Org1權限的環境參數的配置。
(2)鏈碼初始化
首先初始化帳本信息,並賦予原始資產信息。須要在任意路徑下,打開終端輸入:
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile \ ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem\ -C mychannel -n basic --peerAddresses localhost:7051 --tlsRootCertFiles \ ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt\ --peerAddresses localhost:9051 --tlsRootCertFiles \ ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt \ -c '{"function":"InitLedger","Args":[]}'
若是成功,會提示:
[chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200
如今就能夠利用CLI進行鏈上資產的查詢了。
peer chaincode query -C mychannel -n basic -c '{"Args":["GetAllAssets"]}'
若是查詢帳本數據成功,會輸出以下信息:
[{"ID":"asset1","color":"blue","size":5,"owner":"Tomoko","appraisedValue":300}, {"ID":"asset2","color":"red","size":5,"owner":"Brad","appraisedValue":400}, {"ID":"asset3","color":"green","size":10,"owner":"Jin Soo","appraisedValue":500}, {"ID":"asset4","color":"yellow","size":10,"owner":"Max","appraisedValue":600}, {"ID":"asset5","color":"black","size":15,"owner":"Adriana","appraisedValue":700}, {"ID":"asset6","color":"white","size":15,"owner":"Michel","appraisedValue":800}]
接着,咱們繼續激活鏈碼。
當一個網絡成員想要轉移或者改變帳本中的資產記錄時,鏈碼會被調用並激活。
咱們先嚐試改變帳本數據資產,可輸入如下命令:
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile \ ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n basic --peerAddresses localhost:7051 --tlsRootCertFiles \ ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles \ ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c \ '{"function":"TransferAsset","Args":["asset6","Christopher"]}'
這裏咱們將「asset6」的全部者從Michel改爲了Christopher。
若是操做成功,能夠看到如下輸出:
[chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200
此時,咱們能夠檢查一下鏈上資產是否完成更新:
peer chaincode query -C mychannel -n basic -c '{"Args":["GetAllAssets"]}'
此時輸出以下:
[{"ID":"asset1","color":"blue","size":5,"owner":"Tomoko","appraisedValue":300}, {"ID":"asset2","color":"red","size":5,"owner":"Brad","appraisedValue":400}, {"ID":"asset3","color":"green","size":10,"owner":"Jin Soo","appraisedValue":500}, {"ID":"asset4","color":"yellow","size":10,"owner":"Max","appraisedValue":600}, {"ID":"asset5","color":"black","size":15,"owner":"Adriana","appraisedValue":700}, {"ID":"asset6","color":"white","size":15,"owner":"Christopher","appraisedValue":800}]
能夠發現當前asset6中Michel已經更新爲成了Christopher。
(3)鏈上信息查詢
爲了豐富體驗,我們如今更改系統設置,切換成org2權限。
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=localhost:9051
接着利用peer命令查詢:
peer chaincode query -C mychannel -n basic -c '{"Args":["ReadAsset","asset6"]}'
輸出結果:
{"ID":"asset6","color":"white","size":15,"owner":"Christopher","appraisedValue":800}
此時,數據查詢功能驗證成功。
(4)關閉網絡
./network.sh down
此時會關閉全部節點和服務,並刪除全部網絡上數據。
(5)CA認證
當使用
./network.sh up
啓動網絡時,會默認使用加密工具產生證書和密鑰。
顯示頁面以下:
########################################################## ##### Generate certificates using cryptogen tool ######### ########################################################## ########################################################## ############ Create Org1 Identities ###################### ########################################################## + cryptogen generate --config=./organizations/cryptogen/crypto-config-org1.yaml --output=organizations org1.example.com + res=0 + set +x ########################################################## ############ Create Org2 Identities ###################### ########################################################## + cryptogen generate --config=./organizations/cryptogen/crypto-config-org2.yaml --output=organizations org2.example.com + res=0 + set +x ########################################################## ############ Create Orderer Org Identities ############### ########################################################## + cryptogen generate --config=./organizations/cryptogen/crypto-config-orderer.yaml --output=organizations + res=0 + set +x
若是想經過CA認證啓動網絡,能夠按照以下操做:
$ ./network.sh down $ ./network.sh up -ca 指明ca選項並啓動網絡
全部CA建立的組織內公用的身份認證分享同一個根的認證。
此時可經過
$ docker ps
查看當前運行的container:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 595627111b48 hyperledger/fabric-peer:2.1.1 "peer node start" 1 second ago Up Less than a second 0.0.0.0:7051->7051/tcp peer0.org1.example.com 6e60ae003206 hyperledger/fabric-orderer:2.1.1 "orderer" 1 second ago Up Less than a second 0.0.0.0:7050->7050/tcp orderer.example.com 013721847d3f hyperledger/fabric-peer:2.1.1 "peer node start" 1 second ago Up Less than a second 7051/tcp, 0.0.0.0:9051->9051/tcp peer0.org2.example.com 5e7aced69e8d hyperledger/fabric-ca:latest "sh -c 'fabric-ca-se…" 15 seconds ago Up 14 seconds 0.0.0.0:7054->7054/tcp ca_org1 1f7ae4e461e4 hyperledger/fabric-ca:latest "sh -c 'fabric-ca-se…" 15 seconds ago Up 14 seconds 7054/tcp, 0.0.0.0:8054->8054/tcp ca_org2 5a0ddf2ba098 hyperledger/fabric-ca:latest "sh -c 'fabric-ca-se…" 15 seconds ago Up 14 seconds 7054/tcp, 0.0.0.0:9054->9054/tcp ca_orderer
能夠發現,不論組織內peer仍是orderer節點都會產生對應ca-containner,用於標明身份。
若是安裝有tree包(沒有的話,利用apt-get install tree安裝)
└── msp
├── cacerts
│ └── localhost-7054-ca-org1.pem
├── config.yaml
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── keystore
│ └── 588bd82c95c1f6768d8fbbe9eb93101f6e1838279e7aee43253d2131c29e4c34_sk
├── signcerts
│ └── cert.pem
└── user
4.回顧
(1)./network.sh 爲兩個peer組織和orderer組織建立密鑰和證書;默認的腳本會調用organizations/cryptogen文件夾中的加密工具。若是使用-ca標誌去建立CA,腳本將調用Fabric CA服務配置文檔和registerEnroll.sh腳本。無論CA組件仍是默認的加密工具都爲三個組織在organizations文件夾中建立了加密材料和MSP文件夾。
(2)腳本中調用configxgen工具去建立系統通道的genesis區塊。配置通道文件位於/fabric/config,建立的genesis塊存儲在/fabric/test-network/system-genesis-block文件夾。
(3)當加密材料和系統通道genesis區塊建立成功以後,腳本會調用fabric/test-network/docker/docker-compose-test-net.yaml文件去建立組織節點和打包節點。
(4)createChannel子命令調用configtx.yaml去建立peer0.org1.example.com和peer0.org2.example.com通道。
(5)調用deployCC命令時,會調用/test-network/script/deployCC.sh腳本在全部節點安裝鏈碼並在通道上進行鏈碼定義(聲明接口)。一旦鏈碼上傳到通道,節點經過cli工具調用Init、觸發/激活鏈碼。