【小宅按】区块链本质上是一种团队活动,成功源自相互的开放与协作。真实业务驱动的区块链需要多方服务提供商的参与,而且客户拥有对区块链网络的最终选择权。华为不断探索多云区块链网络的互连和互操作,与合作伙伴共同提供区块链云化解决方案和服务。
一. 背景
为了验证华为云BCS区块链服务云上云下融合部署能力、支持跨云部署能力,以及华为云BCS服务与社区原生Fabric网络的融合部署能力,我们做了如下的部署验证,证明了方案的可行性,完成了部署并实测了invoke交易,过程中顺便验证了下Fabric1.2版本新增的discovery功能,以及已部署好的peer节点进行goleverdb数据库切换couchdb数据库操作。故有本文,欢迎各位华为云BCS服务使用者和关注者,以及Fabric爱好者参与交流。
- 跨云部署
- discovery服务
- goleverdb数据库切换couchdb
- 云上云下融合部署(华为云BCS服务与社区原生Fabric网络的融合部署)
二. 跨云部署
1、背景与步骤
A云上已经创建好fabric服务,并且已创建好组织org1.huawei及通道silk-road-chain 按照以下步骤,验证Fabric的从A云到华为云的打通部署
•用A云上Fabric已生成的证书,开源1.2镜像,模拟新peer0加入通道silk-road-chain
•加入通道后,实例化链码并进行invoke操作
•更新anchor peer及discovery
•用新生成的证书,华为1.1镜像,模拟新peer1加入通道silk-road-chain
2、用A云上Fabric已生成的证书,开源1.2镜像,模拟新peer0加入通道silk-road-chain
由于A云上已经创建好了组织及通道,只需要直接验证加入通道即可
• 在华为云上订购一个ECS,并安装docker,然后下载官方1.2peer和cli镜像
docker pull hyperledger/fabric-peer:1.2.0
docker pull hyperledger/fabric-tools:1.2.0
- 修改华为云安全组 由于peer将会运行在7051端口,在ECS对应的安全组里增加7051配置
• 准备core.yaml配置文件 注意由于镜像是1.2版本,故需要用1.2版本的core.yaml来修改,否则会有问题 开源的core.yaml,修改
peer.id jdoe --> peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering
peer.chaincodeListenAddress # chaincodeListenAddress: 0.0.0.0:7052 --> chaincodeListenAddress: 0.0.0.0:7052
peer.address 0.0.0.0:7051 --> peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering:7051
peer.gossip.bootstrap 127.0.0.1:7051 --> 0.0.0.0:7051
peer.tls.enabled false --> true
peer.tls.clientAuthRequired false --> yes
peer.tls.cert file: tls/server.crt --> file: msp/tls/server.crt
peer.tls.key file: tls/server.key --> file: msp/tls/server.key
peer.tls.rootcert file: tls/ca.crt --> file: msp/tls/ca.crt
peer.tls.clientRootCAs file: - tls/ca.crt --> file: - msp/tls/ca.crt - /home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem
peer.tls.clientKey file: "" --> file: msp/tls/server.key
peer.tls.clientCert file: "" --> file: msp/tls/server.crt
peer.localMspId SampleOrg --> huaweiMSP
- 准备证书
A云侧已提供的证书见附件crypto-config.zip文件 core.yaml中peer.tls.clientRootCAs配置项需要的证书,order的tls证书/home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem来自crypto-config.zip中ordererOrganizations/icn.backbonetestnet.baas.dev.icn.engineering/tlsca/目录,peer的tls证书msp/tls/ca.crt来自crypto-config.zip中peerOrganizations/org1.huawei.backbonetestnet.baas.dev.icn.engineering/peers/peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering/tls/ peer节点和cli节点的/home/msp证书需要使用组织的Admin证书,来自crypto-config.zip中peerOrganizations/org1.huawei.backbonetestnet.baas.dev.icn.engineering/users/Admin@org1.huawei.backbonetestnet.baas.dev.icn.engineering/msp路径 peer节点和cli节点的/home/msp/tls证书都需要使用组织节点的tls证书,来自crypto-config.zip中peerOrganizations/org1.huawei.backbonetestnet.baas.dev.icn.engineering/peers/peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering/tls
- 启动peer容器
docker run -p 7051:7051 -p 7052:7052 -p 7053:7053 -v /var/run:/host/var/run -e CORE_VM_ENDPOINT="unix:///host/var/run/docker.sock" -e CORE_PEER_ADDRESS="0.0.0.0:7052" -e CORE_PEER_GOSSIP_ORGLEADER=false -e CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering:7051 -e CORE_PEER_GOSSIP_USELEADERELECTION=true -e CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering:7051 -it http://docker.io/hyperledger/fabric-peer:1.2.0 bash
配置CORE_VM_ENDPOINT给链码实例化时使用,必须加CORE_PEER_ADDRESS且必须为IP,给链码容器用,否则链码容器没有域名连不上peer GOSSIP相关的四个环境变量是给后面discovery使用的,不配置的话discovery会不正常
docker cp core.yaml ${peerCID}:/home
docker cp silk-road-chain.genesis.block ${peerCID}:/home
docker cp ordererOrganizations/icn.backbonetestnet.baas.dev.icn.engineering/tlsca/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem ${peerCID}:/home
docker cp peerOrganizations/org1.huawei.backbonetestnet.baas.dev.icn.engineering/users/Admin@org1.huawei.backbonetestnet.baas.dev.icn.engineering/msp ${peerCID}:/home
docker cp peerOrganizations/org1.huawei.backbonetestnet.baas.dev.icn.engineering/peers/peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering/tls ${peerCID}:/home/msp
- 在容器中配置/etc/hosts
echo "35.158.219.246 orderer0.icn.backbonetestnet.baas.dev.icn.engineering" >> /etc/hosts
echo "49.4.14.175 peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering" >> /etc/hosts
•容器中启动peer命令
export FABRIC_CFG_PATH=/home
peer node start
•启动cli容器
docker run -it -v /var/run:/host/var/run -e CORE_VM_ENDPOINT="unix:///host/var/run/docker.sock" http://docker.io/hyperledger/fabric-tools:1.2.0 bash
echo "35.158.219.246 orderer0.icn.backbonetestnet.baas.dev.icn.engineering" >> /etc/hosts
echo "49.4.14.175 peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering" >> /etc/hosts
CORE_PEER_ADDRESS=peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering:7051
export FABRIC_CFG_PATH=/home
•加入通道 从A云侧部署的Fabric上取到通道的genesis block配置文件(silk-road-chain.genesis.block) 进入cli容器中执行
peer channel join -b /home/silk-road-chain.genesis.block --orderer orderer0.icn.backbonetestnet.baas.dev.icn.engineering:7050 --cafile /home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem --tls true
•加入成功截图
•查看已加入通道
peer channel list --orderer orderer0.icn.backbonetestnet.baas.dev.icn.engineering:7050 --cafile /home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem --tls
•其他 获取通道配置
peer channel fetch config silk-road.pb --orderer orderer0.icn.backbonetestnet.baas.dev.icn.engineering:7050 -c silk-road-chain --cafile /home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem --tls
3、加入通道中遇到的坑
•问题
Error: error getting chaincode code sacc: : failed with error: "exec: not started",>
不能再用peer做cli,需要用fabric-tools
•问题
peer channel join -b /home/silk-road-chain.protobuf --orderer orderer0.icn.backbonetestnet.baas.dev.icn.engineering:7050 --cafile /home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem --tls true
2018-08-07 12:11:54.717 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: proposal failed (err: bad proposal response 500)2018-08-07 12:11:54.723 UTC [ledgermgmt] CreateLedger -> INFO 02c Creating ledger [silk-road-chain] with genesis block
2018-08-07 12:11:54.728 UTC [endorser] ProcessProposal -> ERRO 02d [][9d432b23] simulateProposal() resulted in chaincode name:"cscc" response status 500 for txid: 9d432b23f3ad660af90e38bb6a4f6079dd60da9132f130b926556fdc29b3b79a
channel join时报此错,后发现-b参数应该用genesis.block而不是protobuf
4、加入通道后,实例化链码并进行invoke操作
•安装链码 进入cli容器中创建链码根目录
docker exec -it xx bash
cd $GOPATH/src
mkdir -p fabbank
将链码文件拷贝到容器中创建好的链码根目录下
docker cp fabbankid.go xxx:/opt/gopath/src/fabbank
放置好链码的目录如下 /opt/gopath/src/fabbank/fabbankio.go
容器中执行链码安装
peer chaincode install -n fabbank -v 1.0 -l golang -p fabbank
•链码实例化
peer chaincode instantiate -o orderer0.icn.backbonetestnet.baas.dev.icn.engineering:7050 --tls true --cafile /home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem -C silk-road-chain -n fabbank -v 1.0 -c '{"Args":["init","a","200","b","300"]}' -P "OR ('huaweiMSP.member')"
•链码invoke
peer chaincode invoke -o orderer0.icn.backbonetestnet.baas.dev.icn.engineering:7050 --tls true --cafile /home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem -C silk-road-chain -n fabbank -c '{"Args":["creditAccountInfo","bohai","zhangsan","211004197001010000","6225777788889999","15600000000"]}'
peer chaincode invoke -o orderer0.icn.backbonetestnet.baas.dev.icn.engineering:7050 --tls true --cafile /home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem -C silk-road-chain -n fabbank -c '{"Args":["authAccount","bohai","211004197001010000"]}'
•链码query
peer chaincode query -C silk-road-chain -n fabbank -c '{"Args":["authAccount","bohai","234567"]}'
•查询已安装的链码
peer chaincode list -C silk-road-chain --installed
Get installed chaincodes on peer:
Name: sacc, Version: 0, Path: sacc, Id: b60426d87dcfbf436628f6b23371d9385e3d3a4f1fd1724031ca3e182d8e045f
•查询已实例化的链码
peer chaincode list -C silk-road-chain --instantiated
Get instantiated chaincodes on channel silk-road-chain:
Name: fabbank, Version: 1.0, Escc: escc, Vscc: vscc
Name: fabbank2, Version: 1.0, Escc: escc, Vscc: vscc
Name: mycc3, Version: 1.0, Escc: escc, Vscc: vscc
5、实例化链码及invoke时遇到的坑
•问题
Error: could not assemble transaction, err Proposal response was not successful, error code 500, msg failed to execute transaction 0a25ad459d622e1a8f35c6fa192c027dd5f74738acf76373c35f30d1e061e2d7: error starting container: error starting container: Post http://unix.sock/containers/create?name=dev-peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering-sacc-0: dial unix /var/run/docker.sock: connect: no such file or directory
在fabric-tools(cli)里配了docker run -v /var/run:/host/var/run -e CORE_VM_ENDPOINT还是不行,后来才想起来是要给peer配置的
•问题
Error: could not assemble transaction, err Proposal response was not successful, error code 500, msg failed to execute transaction a85d6d5c144677750ef70c8d0acc3d8b4e3bbb7220141d3526ebb33df3490077: error starting container: error starting container: API error (404): oci runtime error: container_linux.go:247: starting container process caused "exec: \"chaincode\": executable file not found in $PATH"
•问题
Error: could not assemble transaction, err Proposal response was not successful, error code 500, msg plugin with name escc could not be used: plugin with name escc wasn't found
由于是1.2的镜像,但是core.yaml用的是1.1的
•问题
Error: endorsement failure during invoke. chaincode result: status:500 message:
大多数invoke都没有报错,但查询发现没有生效,像未写入账本,原因是实例化的时候背书策略不能用MSP.peer,改成MSP.member则OK
6. 更新anchor peer及discovery
需要A云侧提供供cli使用的anchor peer的配置文件(huaweimsp_silk-road-chain_anchors_cli.tx) 将配置文件复制到cli容器里然后进行更新
docker cp huaweimsp_silk-road-chain_anchors_cli.tx xx:/home
docker exec -it xxx bash
export FABRIC_CFG_PATH=/home
root@c362aa2f5c93:/# CORE_PEER_ADDRESS=peer0.org1.huawei.backbonetestnet.baas.dev.icn.engineering:7051
root@c362aa2f5c93:/# peer channel update -o orderer0.icn.backbonetestnet.baas.dev.icn.engineering:7050 --tls true --cafile /home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem -c silk-road-chain -f /home/huaweimsp_silk-road-chain_anchors_cli.tx
7. 更新anchor peer遇到的问题
•问题
Error: Invalid channel create transaction : bad payload
tx配置文件有问题,少了外层的payload结构
8.用新生成的证书,华为1.1镜像,模拟新peer1加入通道silk-road-chain
•生成peer1节点证书 peer1节点证书,通过cryptogen工具生成 先创建crypto-config.yaml证书生成配置文件,内容如下
PeerOrgs:
- Name: org1
Domain: org1.huawei.backbonetestnet.baas.dev.icn.engineering
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
- 生成命令
cryptogen generate --config=./crypto-config.yaml
在华为云上创建一个联盟链的服务,创建一个peer组织,节点个数为1。将其中的peer组织进行改造
docker run -it -v /var/run:/host/var/run -e CORE_VM_ENDPOINT="unix:///host/var/run/docker.sock" http://docker.io/hyperledger/fabric-tools:1.2.0 bash
echo "35.158.219.246 orderer0.icn.backbonetestnet.baas.dev.icn.engineering" >> /etc/hosts
echo "49.4.93.157 peer1.org1.huawei.backbonetestnet.baas.dev.icn.engineering" >> /etc/hostsexport FABRIC_CFG_PATH=/home
export CORE_PEER_ID=peer1.org1.huawei.backbonetestnet.baas.dev.icn.engineering
export CORE_PEER_ADDRESS=peer1.org1.huawei.backbonetestnet.baas.dev.icn.engineering:30605
export CORE_PEER_LOCALMSPID=huaweiMSP
export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp
export PAAS_CRYPTO_PATH=/var/paas/srv/kubernetes
export CORE_PEER_TLS_ENABLED=true
- 加入命令
peer channel join -b /home/silk-road-chain.genesis.block --orderer orderer0.icn.backbonetestnet.baas.dev.icn.engineering:7050 --cafile /home/tlsca.icn.backbonetestnet.baas.dev.icn.engineering-cert.pem --tls true
最终验证出华为云fabric1.1版本无法和A云侧1.2版本打通,待升级到1.2版本再继续验证
更多精彩内容,请滑至顶部点击右上角关注小宅哦~
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
