联盟链Quorum（基于raft共识）部署流程（二）- 部署隐私模块Tessera

这篇文章是继联盟链Quorum（基于raft共识）部署流程（一）的续篇，上一篇文章只是把基础的Quorum节点运行起来，但是隐私模块还没有部署上去，所以本篇主要内容是 Tessera。

我的演示系统环境时 Ubuntu 18.04 LTS。

环境要求：

jdk11 （ubuntu推荐安装方法：sudo apt install openjdk-11-jre-headless)

步骤1:

获取Tessera安装包

wget https://oss.sonatype.org/service/local/repositories/releases/content/com/jpmorgan/quorum/tessera-app/0.10.4/tessera-app-0.10.4-app.jar

或者直接访问https://github.com/jpmorganchase/tessera/releases下载文件tessera-app-0.**.*-app.jar

我是下载到/mnt/volume_nyc1_02目录下的，大家应该发现了，我的操作基本都是在/mnt/volume_nyc1_02目录下的，为了方便操作。

重命名down下来的tessera文件也是为方便操作

mv tessera-app-0.10.4-app.jar tessera.jar

步骤2：

接下来创建tessera数据存放文件夹

mkdir node1t
mkdir node2t
....

创建每个节点tessera的key文件并放在各个节点目录下，节点2，3，4一样照做

java -jar tessera.jar -keygen -filename t1
//t1是文件名，后面的两个提示是输入密码，成功后会获得两个文件t1.pub,t1.key
java -jar tessera.jar -keygen -filename t2
.....

mv t1.* node1t
//复制以t1.开头的文件到 node1t目录下
mv t2.* node2t
.....

步骤3:

接下来是要创建node1t（节点1Tessera模块）的配置文件node1t/config.json

{
   "useWhiteList": false,
   "jdbc": {
       "username": "sa",
       "password": "",
       "url": "jdbc:h2:/mnt/volume_nyc1_02/node1t/db;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0",
       "autoCreateTables": true
   },
   "serverConfigs":[
       {
           "app":"ThirdParty",
           "enabled": true,
           "serverAddress": "http://localhost:9081",
           "communicationType" : "REST"
       },
       {
           "app":"Q2T",
           "enabled": true,
            "serverAddress":"unix:/mnt/volume_nyc1_02/node1t/tm.ipc",
           "communicationType" : "REST"
       },
       {
           "app":"P2P",
           "enabled": true,
           "serverAddress":"http://localhost:9001",
           "sslConfig": {
               "tls": "OFF"
           },
           "communicationType" : "REST"
       }
   ],
   "peer": [
       {
           "url": "http://localhost:9001"
       },
       {
           "url": "http://localhost:9002"
       },
       {
           "url": "http://localhost:9003"
       },
       {
           "url": "http://localhost:9004"
       }
   ],
   "keys": {
       "passwords": [],
       "keyData": [
           {
               "privateKeyPath": "/mnt/volume_nyc1_02/node1t/t1.key",
               "publicKeyPath": "/mnt/volume_nyc1_02/node1t/t1.pub"
           }
       ]
   },
   "alwaysSendTo": []
}

这里需要修改目录/mnt/volume_nyc1_02/node1t，这是我的目录，需要更换你的目录信息，peer里也是换上自己所有节点的ip+port，以及下面的keydata目录

步骤4：

启动对应节点1的Tessera模块

cd node1t
java -jar ../tessera.jar -configfile config.json >> tessera.log 2>&1 &

查看node1t目录，如果有tm.ipc，说明启动运行成功了

步骤5:

接下来修改节点1的启动文件 startnode1.sh

PRIVATE_CONFIG=/mnt/volume_nyc1_02/node1t/tm.ipc nohup geth --datadir node1 --nodiscover --verbosity 5 --networkid 31337 --raft --raftport 50001 --rpc --rpcaddr 0.0.0.0 --rpcport 22001 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,raft --emitcheckpoints --port 21001 >> node1.log 2>&1 &

更换原目录下的ignore 为tm.ipc的文件地址

执行node1下的startnode.sh文件重启节点1，特别说明：如果遇到服务器重启，需要先启动tessera程序，知道出现tm.ipc文件生成，在执行startnode.sh文件启动节点即可。

部署其他节点，其实就是重复步骤5开始就不细说了。

下面展示一个我的节点2的config.json供大家参考，方便大家后面修改

{
   "useWhiteList": false,
   "jdbc": {
       "username": "sa",
       "password": "",
       "url": "jdbc:h2:/mnt/volume_nyc1_02/node2t/db;MODE=Oracle;TRACE_LEVEL_SYSTEM_OUT=0",
       "autoCreateTables": true
   },
   "serverConfigs":[
       {
           "app":"ThirdParty",
           "enabled": true,
           "serverAddress": "http://localhost:9082",
           "communicationType" : "REST"
       },
       {
           "app":"Q2T",
           "enabled": true,
            "serverAddress":"unix:/mnt/volume_nyc1_02/node2t/tm.ipc",
           "communicationType" : "REST"
       },
       {
           "app":"P2P",
           "enabled": true,
           "serverAddress":"http://localhost:9002",
           "sslConfig": {
               "tls": "OFF"
           },
           "communicationType" : "REST"
       }
   ],
   "peer": [
       {
           "url": "http://localhost:9001"
       },
       {
           "url": "http://localhost:9002"
       },
       {
           "url": "http://localhost:9003"
       },
       {
           "url": "http://localhost:9004"
       }
   ],
   "keys": {
       "passwords": [],
       "keyData": [
           {
               "privateKeyPath": "/mnt/volume_nyc1_02/node2t/t2.key",
               "publicKeyPath": "/mnt/volume_nyc1_02/node2t/t2.pub"
           }
       ]
   },
   "alwaysSendTo": []
}

下面是节点2的startnode.sh修改信息

PRIVATE_CONFIG=/mnt/volume_nyc1_02/node2t/tm.ipc nohup geth --datadir node1 --nodiscover --verbosity 5 --networkid 31337 --raft --raftport 50002 --rpc --rpcaddr 0.0.0.0 --rpcport 22002 --rpcapi admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,raft --emitcheckpoints --port 21002 >> node2.log 2>&1 &

4个节点都部署完之后就可以测试部署结果。

现在拿节点1跟节点2来做一个测试，测试隐私管理是否部署成功和Quorum链运行是否成功。

步骤6:

获取节点2的Tessera公钥node2t/t2.pub内容

cat node2t/2t.pub
zVmaEIIjS8bJuUP5cZ1H/+wA4KQp51dUk28FUYnpUX0=

还是在/mnt/volume_nyc1_02/目录下，创建一个private-contract.js的文件

a = eth.accounts[0]
web3.eth.defaultAccount = a;

// abi and bytecode generated from simplestorage.sol:
// > solcjs --bin --abi simplestorage.sol
var abi = [{"constant":true,"inputs":[],"name":"storedData","outputs":[{"name":"","type":"uint256"}],"payable":false,"type":"function"},{"constant":false,"inputs":[{"name":"x","type":"uint256"}],"name":"set","outputs":[],"payable":false,"type":"function"},{"constant":true,"inputs":[],"name":"get","outputs":[{"name":"retVal","type":"uint256"}],"payable":false,"type":"function"},{"inputs":[{"name":"initVal","type":"uint256"}],"payable":false,"type":"constructor"}];

var bytecode = "0x6060604052341561000f57600080fd5b604051602080610149833981016040528080519060200190919050505b806000819055505b505b610104806100456000396000f30060606040526000357c0100000000000000000000000000000000000000000000000000000000900463ffffffff1680632a1afcd914605157806360fe47b11460775780636d4ce63c146097575b600080fd5b3415605b57600080fd5b606160bd565b6040518082815260200191505060405180910390f35b3415608157600080fd5b6095600480803590602001909190505060c3565b005b341560a157600080fd5b60a760ce565b6040518082815260200191505060405180910390f35b60005481565b806000819055505b50565b6000805490505b905600a165627a7a72305820d5851baab720bba574474de3d09dbeaabc674a15f4dd93b974908476542c23f00029";

var simpleContract = web3.eth.contract(abi);
var simple = simpleContract.new(42, {from:web3.eth.accounts[0], data: bytecode, gas: 0x47b760, privateFor: ["zVmaEIIjS8bJuUP5cZ1H/+wA4KQp51dUk28FUYnpUX0="]}, function(e, contract) {
    if (e) {
        console.log("err creating contract", e);
    } else {
        if (!contract.address) {
            console.log("Contract transaction send: TransactionHash: " + contract.transactionHash + " waiting to be mined...");
        } else {
            console.log("Contract mined! Address: " + contract.address);
            console.log(contract);
        }
    }
});

修改privateFor值为自己刚刚获取的节点2的Tessera的公钥

步骤7:

打开节点的geth控制台,执行以下内容

geth attach node1/geth.ipc 

> personal.unlockAccount(eth.accounts[0])
Unlock account 0xbb9ef512675df6d2c1f7874c259143d9e660ce2d
Passphrase:                                 //输入创建刚账户的密码
true                                        //返回true为成功，必须成功才能继续下面的操作

> loadScript("private-contract.js")          //加载private-contract.js，部署合约
Contract transaction send: TransactionHash: 0x2470656d4c8fd21b6442247703d1b27e58f88e7e5d8dae0e6b6bbb42ba6390ff waiting to be mined...
true                                         //返回true，合约部署成功

> Contract mined! Address: 0x688581d60e57148fcc81e48c4ce152001c25dbec

那么Tessera隐私管理器也部署完成了。

到这里其实我们的Quorum链已经全部部署完成链，但是为了方便我们的日常开发，我们还需要一个简单的区块链浏览器，这样可以方便许多查询工作等等。

下一章联盟链Quorum（基于raft共识）部署流程（三）- 部署基于Quorum链的区块链浏览器，我会演示关于在本机部署一个简单区块链浏览器流程。