本例程将区块链平台Hyperledger Fabric部署在3台云服务器上
系统:Ubuntu Server 18.04.1 LTS 64位 硬件配置:单核 2G内存
Fabric v2.0.0 Fabric-ca v1.4.4
1.Hyperledger Fabric 2.x 生产环境的分布式部署
安装Go
sudo wget -P /usr/local https://studygolang.com/dl/golang/go1.15.linux-amd64.tar.gz
cd /usr/local
sudo tar -zxvf go1.15.linux-amd64.tar.gz
添加环境变量
sudo vim /etc/profile
将以下内容复制到bashrc文件中,按I插入,插入完成后按ESC退出插入,输出:wq!保存退出,如下图所示
export GOROOT=/usr/local/go
export PATH=$PATH:$GOROOT/bin
export GOPATH=$HOME/go
export PATH=$PATH:/home/yujialing/go/src/github.com/hyperledger/amops/bin
export FABRIC_CFG_PATH=/home/yujialing/go/src/github.com/hyperledger/amops/multiple-deployment
更新环境变量
source /etc/profile
查看Go是否安装成功,成功则显示版本号
go version
安装docker
wget https://download.docker.com/linux/ubuntu/gpg
sudo apt-key add gpg
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
使docker加入用户组
sudo groupadd docker
sudo gpasswd -a ${USER} docker
sudo service docker restart
退出当前用户重登一下
sudo wget -P /usr/local/bin https://github.com/docker/compose/releases/download/1.27.4/docker-compose-Linux-x86_64
cd /usr/local/bin/
sudo mv docker-compose-Linux-x86_64 docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose -v
下载Fabric
cd /home/yujialing
mkdir go
mkdir go/src
mkdir go/src/github.com
mkdir go/src/github.com/hyperledger
cd go/src/github.com/hyperledger
git clone https://github.com/hyperledger/fabric.git
cd fabric
git checkout v2.0.0
下载二进制可执行文件和关于Fabric的docker镜像
cd scripts/
./bootstrap.sh
建立多机部署文件夹
cd /home/yujialing/go/src/github.com/hyperledger
mkdir amops
cd amops
mkdir multiple-deployment
cd /home/yujialing/go/src/github.com/hyperledger/fabric/scripts
cp -r fabric-samples/bin /home/yujialing/go/src/github.com/hyperledger/amops
设置Fabric服务的地址映射
sudo vim /etc/hosts
把以下内容填充至hosts文件中,IP需要按实际情况更改
106.xxx.xxx.xxx agridepartorderer.amops.com
120.xxx.xxx.xxx agrimacownerorderer.amops.com
42.xxx.xxx.xxx financedepartorderer.amops.com
106.xxx.xxx.xxx peer0.agridepart.amops.com
106.xxx.xxx.xxx peer1.agridepart.amops.com
120.xxx.xxx.xxx peer0.agrimacowner.amops.com
120.xxx.xxx.xxx peer1.agrimacowner.amops.com
42.xxx.xxx.xxx peer0.financedepart.amops.com
42.xxx.xxx.xxx peer1.financedepart.amops.com
开放Fabric服务所需的端口,6060、7050、7051、7052、7053、7054、8051、8052、8053、3000、8443、9443、10443、9090
重启服务器网络,但我不清楚Xshell重启服务器网络的指令,所以我采用的是重启服务器的方式来达到重启网络的目的,发出指令后重启连接即可
sudo shutdown -r now
建立链码文件夹,我要部署两个链码
cd /home/yujialing/go/src/github.com/hyperledger/amops/multiple-deployment
mkdir chaincode
mkdir chaincode/agrimacadmin
mkdir chaincode/agrimacadmin/go
mkdir chaincode/cultivatedsubsidy
mkdir chaincode/cultivatedsubsidy/go
可以通过FileZilla上传链码至agrimacadmin和cultivatedsubsidy的go文件夹中,或者通过touch命令新建链码,并通过vim编辑链码
到链码文件夹下,下载链码的依赖文件
cd chaincode/agrimacadmin/go
cd chaincode/cultivatedsubsidy/go
go env -w GOPROXY=https://goproxy.io,direct
go env -w GO111MODULE=on
go mod init
go mod vendor
在 服务器1 的multiple-deployment文件夹下新建crypto-config.yaml文件和configtx.yaml文件(证书密钥和交易配置文件),用于生产证书、密钥、创世区块等文件,注:服务器2、3不用建这两个文件
cd /home/yujialing/go/src/github.com/hyperledger/amops/multiple-deployment
touch crypto-config.yaml
touch configtx.yaml
将以下内容写进crypto-config.yaml文件中
OrdererOrgs:
- Name: Orderer
Domain: amops.com
Specs:
- Hostname: agridepartorderer
- Hostname: agrimacownerorderer
- Hostname: financedepartorderer
PeerOrgs:
- Name: Agridepart
Domain: agridepart.amops.com
EnableNodeOUs: true
Template:
Count: 2 #生成证书的数量
Users:
Count: 1 #生成用户证书个数
- Name: Agrimacowner
Domain: agrimacowner.amops.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
- Name: Financedepart
Domain: financedepart.amops.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
将以下内容写进configtx.yaml文件中
---
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/amops.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Agridepart
Name: AgridepartMSP
ID: AgridepartMSP
MSPDir: crypto-config/peerOrganizations/agridepart.amops.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('AgridepartMSP.admin', 'AgridepartMSP.peer', 'AgridepartMSP.client')"
Writers:
Type: Signature
Rule: "OR('AgridepartMSP.admin', 'AgridepartMSP.client')"
Admins:
Type: Signature
Rule: "OR('AgridepartMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('AgridepartMSP.peer')"
AnchorPeers:
- Host: peer0.agridepart.amops.com
Port: 7051
- &Agrimacowner
Name: AgrimacownerMSP
ID: AgrimacownerMSP
MSPDir: crypto-config/peerOrganizations/agrimacowner.amops.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('AgrimacownerMSP.admin', 'AgrimacownerMSP.peer', 'AgrimacownerMSP.client')"
Writers:
Type: Signature
Rule: "OR('AgrimacownerMSP.admin', 'AgrimacownerMSP.client')"
Admins:
Type: Signature
Rule: "OR('AgrimacownerMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('AgrimacownerMSP.peer')"
AnchorPeers:
- Host: peer0.agrimacowner.amops.com
Port: 7051
- &Financedepart
Name: FinancedepartMSP
ID: FinancedepartMSP
MSPDir: crypto-config/peerOrganizations/financedepart.amops.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('FinancedepartMSP.admin', 'FinancedepartMSP.peer', 'FinancedepartMSP.client')"
Writers:
Type: Signature
Rule: "OR('FinancedepartMSP.admin', 'FinancedepartMSP.client')"
Admins:
Type: Signature
Rule: "OR('FinancedepartMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('FinancedepartMSP.peer')"
AnchorPeers:
- Host: peer0.financedepart.amops.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses: # orderer 集群节点
- agridepartorderer.amops.com:7050
- agrimacownerorderer.amops.com:7050
- financedepartorderer.amops.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
ThreeOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Agridepart
- *Agrimacowner
- *Financedepart
Capabilities:
<<: *ApplicationCapabilities
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: agridepartorderer.amops.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/amops.com/orderers/agridepartorderer.amops.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/amops.com/orderers/agridepartorderer.amops.com/tls/server.crt
- Host: agrimacownerorderer.amops.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/amops.com/orderers/agrimacownerorderer.amops.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/amops.com/orderers/agrimacownerorderer.amops.com/tls/server.crt
- Host: financedepartorderer.amops.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/amops.com/orderers/financedepartorderer.amops.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/amops.com/orderers/financedepartorderer.amops.com/tls/server.crt
Addresses:
- agridepartorderer.amops.com:7050
- agrimacownerorderer.amops.com:7050
- financedepartorderer.amops.com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Agridepart
- *Agrimacowner
- *Financedepart
服务器1的操作:生成证书、密钥、创世区块、各组织的交易配置文件等
cryptogen generate --config=./crypto-config.yaml
configtxgen -profile SampleMultiNodeEtcdRaft -channelID amopsdeploy -outputBlock ./channel-artifacts/genesis.block
configtxgen -profile ThreeOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID amops
configtxgen -profile ThreeOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/AgridepartMSPanchors.tx -channelID amops -asOrg AgridepartMSP
configtxgen -profile ThreeOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/AgrimacownerMSPanchors.tx -channelID amops -asOrg AgrimacownerMSP
configtxgen -profile ThreeOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/FinancedepartMSPanchors.tx -channelID amops -asOrg FinancedepartMSP
将生成的channel-artifacts、crypto-config文件夹拷贝至 服务器2、3 中的multiple-deployment文件夹下,通过FileZilla传输即可
编写三个组织的Fabric启动代码
同样在multiple-deployment文件夹下创建并编辑各个组织的Fabric启动代码
touch docker-compose-up.yaml
编写Fabric启动的yaml文件,这里只展现其中一个组织,其他两个组织的Fabric启动代码照葫芦画瓢即可
version: '2'
services:
ca.agridepart.amops.com:
container_name: ca.agridepart.amops.com
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.agridepart.amops.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.agridepart.amops.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/priv_sk
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlsca.agridepart.amops.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-tls/priv_sk
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/ca
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/agridepart.amops.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/agridepart.amops.com/tlsca/:/etc/hyperledger/fabric-ca-server-tls
ports:
- "7054:7054"
agridepartorderer.amops.com:
container_name: agridepartorderer.amops.com
image: hyperledger/fabric-orderer
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_BOOTSTRAPMETHOD=file
- ORDERER_GENERAL_BOOTSTRAPFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443
- ORDERER_METRICS_PROVIDER=prometheus
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command<
最低0.47元/天 解锁文章
175
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
