Hyperledger Fabric的test-network启动过程Bash源码详解

最新推荐文章于 2024-01-23 14:50:49 发布
最新推荐文章于 2024-01-23 14:50:49 发布
阅读量4.1w 收藏 12
点赞数 5
分类专栏: FabricLearn 文章标签: 区块链 fabric fabric-samples
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/cx776474961/article/details/124017011
版权

前言

基于Debian搭建Hyperledger Fabric 2.4开发环境及运行简单案例中,我们已经完成了Fabric 2.4的环境搭建及fabric-samples/test-network官方案例的运行。毫无疑问test-network是一个优秀的入门项目,让我们仅仅通过几行命令就能搭建起常用的Fabric联盟链网络,但我相信很多人第一次使用./network.sh up成功启动联盟链网络时跟我一样是懵的:网络是怎样启动的?它在背后做了什么?该网络包含哪些节点?包含哪些功能?它有什么用?为了解决这些问题,本文根据test-network中的几个Bash脚本源码,从启动流程、创建通道、部署链码等多个入口函数着手详细分析了脚本执行过程,对未来定制自己的Fabric网络提供参考。本文分析源码主要包含启动默认网络、启动CA网络、创建通道、部署链码四个方面,每节分为官方调用和过程详解:官方调用是使用官方Bash脚本实现对应功能、过程详解是该脚本的实际实现流程,根据过程详解中的代码能够搭建出完全可用的网络。

准备

在开始前,需要准备好Fabric的开发环境,具体环境搭建和软件版本可参考基于Debian搭建Hyperledger Fabric 2.4开发环境及运行简单案例。之后将fabric-samples1下的test-network目录拷贝到本地,由于官方示例中过于封装导致难以单独使用,因此本文对原test-network项目进行修改,修改内容包括但不限于以下几个方面(建议直接将本案例仓库 FabricLearn 下的 0_TestNetworkExplain 目录拷贝到本地运行):

  1. 修改compose-test-net.yamlcompose-ca.yamldocker/docker-compose-test-net.yamldocker/docker-compose-ca.yaml文件中镜像版本:
hyperledger/fabric-tools:latest    ->  hyperledger/fabric-tools:2.4
hyperledger/fabric-peer:latest     ->  fabric-peer:2.4
hyperledger/fabric-orderer:latest  ->  fabric-orderer:2.4
hyperledger/fabric-ca:latest       ->  fabric-ca:1.5
  1. 基于Debian搭建Hyperledger Fabric 2.4开发环境及运行简单案例中的/usr/local/fabric/config目录复制到test-network根目录下。如无特殊说明,环境变量FABRIC_CFG_PATH总是默认指向test-network/config目录。
  2. 修改docker-compose-test-net.yaml,将${DOCKER_SOCK}改成/var/run/docker.sock
  3. 修改createChannel.shdeployCC.sh,将FABRIC_CFG_PATH=$PWD/../config/改成FABRIC_CFG_PATH=$PWD/config/
  4. 如无特殊说明,本文所有命令皆运行在test-network根目录下。

启动默认网络

官方调用

test-network中,包含一个默认最简网络,该网络只包含两个peer节点、一个orderer节点和一个cli节点,其中各节点的证书使用cryptogen工具静态生成。可以直接运行以下命令启动默认最简网络:

./network.sh up

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-YBAGt0LN-1649314909346)(https://cdn.jsdelivr.net/gh/wefantasy/FileCloud/img/202203301054060.png “启动默认网络”)]

过程详解

  1. 检查依赖:
  • 检查peer版本
  • 检查./config配置目录是否存在
  • 检查peer版本与docker image版本是否匹配
  • 检查fabric-ca环境是否正常,默认使用cryptogen
    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ckNN2hWQ-1649314909347)(https://cdn.jsdelivr.net/gh/wefantasy/FileCloud/img/202203301057927.png “检查软件、版本依赖”)]
  1. 创建组织证书:
cryptogen generate --config=./organizations/cryptogen/crypto-config-org1.yaml --output="organizations"
cryptogen generate --config=./organizations/cryptogen/crypto-config-org2.yaml --output="organizations"
cryptogen generate --config=./organizations/cryptogen/crypto-config-orderer.yaml --output="organizations"
  1. docker-compose启动所有容器:
docker-compose -f compose/compose-test-net.yaml -f compose/docker/docker-compose-test-net.yaml up -d

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-5NDhJ01n-1649314909347)(https://cdn.jsdelivr.net/gh/wefantasy/FileCloud/img/202203301636872.png “启动默认网络-过程详解”)]
其中compose-test-net.yaml包含基本镜像配置,docker-compose-test-net.yaml包含基础通用变量,二者缺一不可。以上命令完成后即可实现与./network.sh up完全相同的效果,进行下节实验前可使用./network.sh down关闭此网络。

启动CA网络

官方调用

在test-network中,可以通过fabric-ca启动网络,该网络使用fabric-ca管理所有节点的身份证书,其中包含三个ca节点、两个peer节点、一个orderer节点和一个cli节点。可以直接运行以下命令启动CA网络(后面所有实验基于此网络):

./network.sh up -ca

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-LtNOsbaT-1649314909348)(https://cdn.jsdelivr.net/gh/wefantasy/FileCloud/img/202203301145846.png “启动CA网络”)]

过程详解

  1. 检查软件、版本依赖:
    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-1wNrRC7e-1649314909348)(https://cdn.jsdelivr.net/gh/wefantasy/FileCloud/img/202203301057927.png “检查软件、版本依赖”)]
  2. 启动fabric-ca容器:
docker-compose -f compose/compose-ca.yaml -f compose/docker/docker-compose-ca.yaml up -d
  1. 创建org1证书目录:
# 创建组织证书根目录
mkdir -p organizations/peerOrganizations/org1.example.com/
  1. enroll管理员账户:
# enroll组织默认管理员账户,其配置对应在compose/compose-ca.yaml的command中,enroll过程会获取该账户的全部证书并保存至FABRIC_CA_CLIENT_HOME目录下
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --caname ca-org1 --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
  1. 创建org1组织的OU配置文件:
# 创建组织msp的OU配置文件
echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1.pem
    OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml"
  1. 构造tlscacerts证书目录(用于不同组织通信):
# 由于该CA同时充当组织CA和tlsca,因此直接将CA启动时生成的组织根证书复制到组织级CA和TLS CA目录中
mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt"
  1. 构造tlsca证书目录(用于组织内客户端通信):
mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca"
cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"
  1. 构造ca证书目录(用于组织内客户端通信):
mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/ca"
cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem"
  1. 为org1注册新账户:
fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
  1. 构造peer0的身份证书目录:
# 构造peer0的msp证书目录,证书文件会存在-M指定的文件夹下
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp" --csr.hosts peer0.org1.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml"
# 构造peer0的msp-tls证书目录
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
# 构造peer0的tls证书目录并格式化文件名——用于启动peer docker容器
cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key"
  1. 构造其它用户身份证书目录:
# 构造user1的msp证书目录,因为不用于组织间通信,所以不用配置tls
fabric-ca-client enroll -u https://user1:user1pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/config.yaml"

# 构造org1admin的msp证书目录
fabric-ca-client enroll -u https://org1admin:org1adminpw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml"
  1. 构造org2的组织证书,关键代码如下(各代码含义如上):
mkdir -p organizations/peerOrganizations/org2.example.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/

fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-org2 --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"

echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml"

mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt"
mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca"
cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem"
mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/ca"
cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem"

fabric-ca-client register --caname ca-org2 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client register --caname ca-org2 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client register --caname ca-org2 --id.name org2admin --id.secret org2adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"

fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp" --csr.hosts peer0.org2.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml"
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"

cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key"

fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/config.yaml"

fabric-ca-client enroll -u https://org2admin:org2adminpw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/config.yaml"
  1. 构造orderer的组织证书,关键代码如下:
mkdir -p organizations/ordererOrganizations/example.com
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com

fabric-ca-client enroll -u https://admin:adminpw@localhost:9054 --caname ca-orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"

echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml"

mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/tlsca"
cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"

fabric-ca-client register --caname ca-orderer --id.name orderer --id.secret ordererpw --id.type orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"

cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml"

fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls" --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"

cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key"
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"

fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/config.yaml"
  1. 启动所有容器
docker-compose -f compose/compose-test-net.yaml -f compose/docker/docker-compose-test-net.yaml up -d

以上命令成功后便可使用docker ps命令看到运行的镜像:

CONTAINER ID   IMAGE                            COMMAND                  CREATED          STATUS          PORTS                                                                    NAMES
75e842d165ea   hyperledger/fabric-tools:2.4     "/bin/bash"              10 seconds ago   Up 8 seconds                                                                             cli
576b578063c5   hyperledger/fabric-peer:2.4      "peer node start"        16 seconds ago   Up 10 seconds   0.0.0.0:9051->9051/tcp, 7051/tcp, 0.0.0.0:9445->9445/tcp                 peer0.org2.example.com
512d7d98c8c4   hyperledger/fabric-orderer:2.4   "orderer"                16 seconds ago   Up 14 seconds   0.0.0.0:7050->7050/tcp, 0.0.0.0:7053->7053/tcp, 0.0.0.0:9443->9443/tcp   orderer.example.com
276f463cc6a7   hyperledger/fabric-peer:2.4      "peer node start"        16 seconds ago   Up 12 seconds   0.0.0.0:7051->7051/tcp, 0.0.0.0:9444->9444/tcp                           peer0.org1.example.com
8faaaaa7e17a   hyperledger/fabric-ca:1.5        "sh -c 'fabric-ca-se…"   21 seconds ago   Up 20 seconds   0.0.0.0:9054->9054/tcp, 7054/tcp, 0.0.0.0:19054->19054/tcp               ca_orderer
c253d9b790be   hyperledger/fabric-ca:1.5        "sh -c 'fabric-ca-se…"   21 seconds ago   Up 20 seconds   0.0.0.0:7054->7054/tcp, 0.0.0.0:17054->17054/tcp                         ca_org1
0aa90a2686a8   hyperledger/fabric-ca:1.5        "sh -c 'fabric-ca-se…"   21 seconds ago   Up 20 seconds   0.0.0.0:8054->8054/tcp, 7054/tcp, 0.0.0.0:18054->18054/tcp               ca_org2

创建通道

官方调用

本小节基于上一节 启动CA网络,在上节CA网络启动成功后,可以直接运行以下命令创建通道:

./network.sh createChannel -c mychannel

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-yMn8y8wb-1649314909349)(https://cdn.jsdelivr.net/gh/isfantasy/FileCloud/img/202203292049593.png “创建通道”)]

创建通道的前提是创建该通道的创世区块,在上节步骤中,我们通过无通道、无创世区块的方式启动了整个网络,所在本节创建通道包含创建创世区块的过程。

过程详解

  1. 检查依赖,并启动网络(同上)。
  2. 设置环境变量,用于操作区块链网络
export CORE_PEER_TLS_ENABLED=true
export CHANNEL_NAME=mychannel
export ORDERER_CA=${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
export PEER0_ORG1_CA=${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
export PEER0_ORG2_CA=${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
export PEER0_ORG3_CA=${PWD}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
  1. 创建通道创世区块:
# 创建通道数据目录
mkdir channel-artifacts
# 配置创世区块环境变量
export FABRIC_CFG_PATH=${PWD}/configtx
configtxgen -profile TwoOrgsApplicationGenesis -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID ${CHANNEL_NAME}
  1. 创建通道:
# 配置通道环境变量
export FABRIC_CFG_PATH=./config
osnadmin channel join --channelID ${CHANNEL_NAME} --config-block ./channel-artifacts/${CHANNEL_NAME}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY"
  1. 使peer节点加入通道:
# 将org1的peer加入通道
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=localhost:7051
peer channel join -b ./channel-artifacts/${CHANNEL_NAME}.block
# 将org2的peer加入通道
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=localhost:9051
peer channel join -b ./channel-artifacts/${CHANNEL_NAME}.block

组织新加入通道后,后面为组织设置锚节点(非必须)。
6. 为通道获取通道最新配置块(以下流程为org1环境):

export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=localhost:7051
peer channel fetch config config_block.pb -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c ${CHANNEL_NAME} --tls --cafile "$ORDERER_CA"
  1. 将配置块解码为JSON并输出为${CORE_PEER_LOCALMSPID}config.json
configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
jq .data.data[0].payload.data.config config_block.json >"${CORE_PEER_LOCALMSPID}config.json"
  1. 追加锚节点配置:
jq '.channel_group.groups.Application.groups.'${CORE_PEER_LOCALMSPID}'.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "'$HOST'","port": '$PORT'}]},"version": "0"}}' ${CORE_PEER_LOCALMSPID}config.json > ${CORE_PEER_LOCALMSPID}modified_config.json
  1. 根据链上配置${CORE_PEER_LOCALMSPID}config.json和追加配置${CORE_PEER_LOCALMSPID}modified_config.json计算更新的配置,并将其作为一个新交易写入${CORE_PEER_LOCALMSPID}anchors.tx
configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}config.json --type common.Config --output original_config.pb
configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}modified_config.json --type common.Config --output modified_config.pb
configtxlator compute_update --channel_id "${CHANNEL_NAME}" --original original_config.pb --updated modified_config.pb --output config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output "${CORE_PEER_LOCALMSPID}anchors.tx"
  1. 更新锚节点:
peer channel update -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL_NAME -f ${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile "$ORDERER_CA"
  1. org2重复以上流程即创建成功:
echo "update org2 anchor==========="
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=localhost:9051
peer channel fetch config config_block.pb -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com -c ${CHANNEL_NAME} --tls --cafile "$ORDERER_CA"
sleep 3

configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
jq .data.data[0].payload.data.config config_block.json >"${CORE_PEER_LOCALMSPID}config.json"

jq '.channel_group.groups.Application.groups.'${CORE_PEER_LOCALMSPID}'.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "localhost","port": 9051}]},"version": "0"}}' ${CORE_PEER_LOCALMSPID}config.json > ${CORE_PEER_LOCALMSPID}modified_config.json

configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}config.json --type common.Config --output original_config.pb
configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}modified_config.json --type common.Config --output original_config.pb
configtxlator compute_update --channel_id "${CHANNEL_NAME}" --original original_config.pb --updated modified_config.pb --output config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output "${CORE_PEER_LOCALMSPID}anchors.tx"

peer channel update -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL_NAME -f ${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile "$ORDERER_CA"
sleep 3

部署链码

官方调用

本小节基于上一节 创建通道,在上节通道创建成功后,可以直接运行以下命令部署链码:

./network.sh deployCC -ccn mychaincode -ccp ./asset-transfer-basic-go -ccv 1.0 -ccl go

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-9hsKbevS-1649314909350)(https://cdn.jsdelivr.net/gh/wefantasy/FileCloud/img/202203301045453.png “部署链码”)]

过程详解

  1. 检查参数是否正常:
    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-vbn1efEu-1649314909350)(https://cdn.jsdelivr.net/gh/wefantasy/FileCloud/img/202203301046994.png “检查参数是否正常”)]
  2. 下载asset-transfer-basic-go的包依赖:
pushd asset-transfer-basic-go            # 进入asset-transfer-basic-go目录
GO111MODULE=on go mod vendor    # 下载go包依赖
popd                            #返回当前目录
  1. 检查链码是否需要初始化、设置策略、私有数据集:
    [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-yqdkhUdl-1649314909350)(https://cdn.jsdelivr.net/gh/wefantasy/FileCloud/img/202203300949883.png “检查链码”)]
  2. 设置环境变量:
export FABRIC_CFG_PATH=$PWD/config/
export CORE_PEER_TLS_ENABLED=true
export ORDERER_CA=${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
export PEER0_ORG1_CA=${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
export PEER0_ORG2_CA=${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
export PEER0_ORG3_CA=${PWD}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
  1. 打包链码:
peer lifecycle chaincode package mychaincode.tar.gz --path ./asset-transfer-basic-go --lang golang --label mychaincode_1.0
  1. 安装链码:
# ORG1安装链码
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=localhost:7051
peer lifecycle chaincode install mychaincode.tar.gz
# ORG2安装链码
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=localhost:9051
peer lifecycle chaincode install mychaincode.tar.gz

安装链码后会返回一个链码 ID 需要记下:
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-12feLsed-1649314909351)(https://cdn.jsdelivr.net/gh/wefantasy/FileCloud/img/hyperledger_fabric_0_test_network_explain-2022-04-06-12-58-49.png “链码 ID”)]
7. 将链码 ID 设为环境变量:

export PACKAGE_ID=mychaincode_1.0:39889cf0623cce2500261b22914a7aa9037a897bc7f6c5b36df7a922f29b05e0
  1. ORG1查询已安装链码并批准链码:
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=localhost:7051
# 查询已安装链码
peer lifecycle chaincode queryinstalled
# 批准链码
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" --channelID mychannel --name mychaincode --version 1.0 --package-id ${PACKAGE_ID} --sequence 1
  1. ORG2查询已安装链码并批准链码:
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=localhost:9051
# 查询已安装链码
peer lifecycle chaincode queryinstalled
# 批准链码
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" --channelID mychannel --name mychaincode --version 1.0 --package-id ${PACKAGE_ID} --sequence 1
  1. 检查链码是否已准备好被提交:
peer lifecycle chaincode checkcommitreadiness --channelID mychannel --name mychaincode --version 1.0 --sequence 1 --output json

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-XHyCDJd8-1649314909351)(https://cdn.jsdelivr.net/gh/wefantasy/FileCloud/img/hyperledger_fabric_0_test_network_explain-2022-04-06-13-01-44.png “检查链码是否已准备好被提交:”)]
11. 提交链码:

peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA"  --channelID mychannel --name mychaincode --version 1.0 --sequence 1 --peerAddresses localhost:7051 --tlsRootCertFiles $PEER0_ORG1_CA --peerAddresses localhost:9051 --tlsRootCertFiles $PEER0_ORG2_CA
  1. 查询提交的链码:
peer lifecycle chaincode querycommitted --channelID mychannel --name mychaincode
  1. 调用链码:
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" -C mychannel -n mychaincode --peerAddresses

总结

本文先是说明了fabric-samples过度的封装不利于我们了解掌握其中各个操作的真实过程,然后单独拿出test-network进行修改定制,最后详细分析了test-network中启动默认网络、启动CA网络、创建通道、部署链码的详细过程,并且给出了每个过程的代码,使我们能够根据代码一步步搭建所述网络,进一步理解Fabric架构。

参考

  1. hyperledger. fabric-samples. Github. ↩︎

丿风色幻想
关注
专栏目录
bash-5.1.12 源码
09-22
Bash是一个命令处理器,通常运行于文本窗口中,并能执行用户直接输入的命令。Bash还能从文件中读取命令,这样的文件称为脚本。和其他Unix shell 一样,它支持文件名替换(通配符匹配)、管道、here文档、命令替换、变量,以及条件判断和循环遍历的结构控制语句。包括关键字、语法在内的基本特性全部是从sh借鉴过来的。其他特性,例如历史命令,是从csh和ksh借鉴而来。总的来说,Bash虽然是一个满足POSIX规范的shell,但有很多扩展。
超级账本 hyperledger fabric v2.x 安装与搭建一个测试网络
每一个不曾起舞的日子,都是对生命的辜负
11-03 3363
超级账本 hyperledger fabric v2.x 安装与搭建一个测试网络
3.安装fabric 二进制源码程序
baidu_ymh的博客
07-04 535
hyperledger fabric 网络搭建部署; 1.hyperledger-fabric 介绍和资料整理 2.服务环境准备 3.安装fabric 二进制源码程序 4.生成fabric身份信息文件(证书) 5.生成系统通道初始区块文件 6.启动配置网络节点 docker-compose启动文件 7.将组织加入通道 8.安装合约
Fabric范例 test-network 测试网络上手(详细)
最新发布
Tidy16的博客
01-23 2587
Fabric官方文档中有一部分使用Fabric测试网络的教程,是帮助新手快速上手fabric的范例。下面动手复现一下。在阅读本文前,默认你以阅读官方文档中对Fabric关键概念的解释。
Fabric笔记(一) test-network搭建fabric环境
zzz_strive的博客
06-04 3371
Fabric笔记(一) test-network搭建fabric环境
hyperledger-fabric-based-access-control:一个基于 Hyperledger Fabric 的访问控制系统,用于调解来自集中式应用程序的访问控制流
08-03
基于 Hyperledger-Fabric-Access-Control 欢迎来到。 该项目旨在调解来自中央系统的访问控制流,增强可审计性和访问控制策略执行。 它阻止非法访问,因为系统管理员无法篡改访问日志(如果适用)。 纸 该项目产生...
hyperledger-fabric-darwin-amd64-2.2.0.tar.gz
03-09
在这个特定的压缩包“hyperledger-fabric-darwin-amd64-2.2.0.tar.gz”中,包含了Fabric 2.2版本针对MacOS操作系统的二进制文件,这使得在Apple设备上开发和运行Fabric网络变得可行。 1. **Fabric二进制文件**:在...
hyperledger-fabric-linux-amd64-1.1.0-rc1.tar.gz
07-25
1. 下载并解压资源包:首先从官方仓库下载`hyperledger-fabric-linux-amd64-1.1.0-rc1.tar.gz`,然后使用`tar -zxvf hyperledger-fabric-linux-amd64-1.1.0-rc1.tar.gz`命令进行解压。 2. 配置环境变量:解压后,你...
hyperledger-fabric-network-setup:帮助程序功能,用于为更高级的Hyperledger Fabric Network设置生成配置
05-12
curl -fsSL https://raw.githubusercontent.com/Kunstmaan/hyperledger-fabric-network-setup/master/scripts/install.sh?token=AG6ftlJwD7jEr7kZph_QEsqncTTeroBFks5aZc1pwA== | bash 此仓库取决于您要部署的链...
Hyperledger Fabric fabric-java-sdk 测试环境集成.docx
03-29
### Hyperledger Fabricfabric-java-sdk测试环境集成 #### 一、引言 Hyperledger Fabric是Linux基金会旗下Hyperledger项目中的一个子项目,它是一个模块化、可扩展的企业级分布式账本框架,支持复杂的权限管理...
Fabric-sdk-go的测试案例分析(3)-针对test-network编写1个SDK案例
qq_18807043的博客
09-19 1000
fabrictest-network fabric源码包提供1个测试案例目录test-network,见下图。 在该目录中,执行./network.sh createChannel -c mychannel,将启动1个网络,创建名为mychannel的通道。 在这个网络中,存在peer0.org1.example.com、peer0.org2.example.com、orderer.example.com共3个节点。 配置/etc/hosts 配置/etc/hosts的目的,是让另1个终端SDK程序
fabric2.3.2 test-network测试网络搭建 超详细步骤
wyt813990159的博客
07-29 2428
搭建好fabric网络后的第一步一定是练习一下测试网络。如果需要ubuntu下安装fabric环境的可以看下面两篇文章: Ubuntu16.04+fabric1.4.3 https://blog.csdn.net/wyt813990159/article/details/117411856?spm=1001.2014.3001.5501 Ubuntu20.04+fabric2.3.2 https://blog.csdn.net/wyt813990159/article/details/1192084
区块链】使用 Fabric 测试网络
The_Handsome_Sir的博客
04-07 6008
首先,我们要回到官方文档 https://hyperledger-fabric.readthedocs.io/en/release-2.4/test_network.html 运行 fabric 测试网络 test-network 查看 fabric-samples 目录 cd /root/hyperledger/fabric/scripts/fabric-samples 进入 test-network 目录: cd test-network network.sh 后面可以跟多种参数,up down 等
Fabric本地测试网络test-network搭建
shuizhongmose的专栏
10-13 2298
文章目录参考文档一、使用fabric源码编译相关的工具二、`network.sh` 使用说明三、启动测试网络`./network.sh up`创建channel安装链码四、Interacting with the network1. 设置变量2. 查询`fabcar`链码3. 调用`fabcar`链码4. 创建新的通道 使用最新的github上fabric-samples/master项目 参考文档 Using the Fabric test network 默认版本:deployCC是装的asse
Hyperledger fabrictest-network网络启动流程分析
热门推荐
weixin_42221109的博客
12-29 1万+
首先根据organizations/cryptogen下的三个文件生成msp证书 其次通过docker下的这三个文件启动网络节点 最后根据该文件配置通道等,至此test-network网络启动完成
Fabric 2.2.1 (一)环境搭建
qq_43681877的博客
12-08 2782
我 为什么 又在搭环境!!! 成功了成功了(别骂了别骂了 文章目录前期准备1、环境2、巧用gitee使用网站下载github二进制文件一、下载Fabric源码二、获取fabric-samples、二进制文件、配置文件三、获取docker镜像四、开启测试网络 前期准备 1、环境 centos7 git 1.8.3.1 curl go 1.14.13 docker 18.06.3 docker compose 1.23.2 2、巧用gitee 1、官网 https://gitee.com/ 2、点击.
【 Linux入门 】之 手搓 命令行解释器 bash(带源码
ZhuGeBin26的博客
03-21 2569
主要目的在于进一步了解 Linux 系统下使用进程相关的系统调用 及 shell 工作的基本原理 本篇文章适合有一定C语言基础,及基本了解 Linux操作 和 Linux进程同学编写 为减少废话,我基本不会解释简单语句以及所有函数用法,我相信大家既然要写这个命令行解释器 bash对语法等相关知识肯定是有了一定了解 最终目的实现一个基本能用的bash 主要内容: 了解命令的本质,及如何创建子进程及进程替换并用子进程执行大部分命令 将字符串,分割成指定命令格式 cd / ecport / env
多机上启动多组织(4org)的fabric网络
vivian_ll的博客
06-06 1640
启动命令与过程与官方2org的相似,但由于组织增至了4个,所以无法用官方提供的scripts/scripts.sh脚本一键启动网络,具体分步操作如下: 一、初始化fabric环境 1.1 启动Fabric环境的容器 首先来启动orderer节点,在orderer服务器上运行: docker-compose -f docker-compose-orderer.yaml up –d...
Fabric智能合约:启动测试网络(windows系统)
weixin_61275790的博客
09-07 809
是任何Fabric网络的基础组件。对等节点存储区块链账本并在进行交易之前对其进行验证,同时运行用于管理区块链账本的智能合约上的业务逻辑。可以发现测试网络中有两个联盟成员(fabric-peer)和一个维护排序服务的排序组织(fabric-orderer)从客户那里收到认可的交易并就交易顺序达成共识,然后添加区块。排序节点还可以操作定义Fabric网络功能的系统通道。,再启动Fabric网络(因为Windows系统拉取Fabric存放的地方不一样所导致的)(要在docker容器启动的情况下启动测试网络)
root@evassh-19781963:~# /opt/gopath/src/github.com/hyperledger/fabric/scripts/fabric-samples/test-network/ -bash: /opt/gopath/src/github.com/hyperledger/fabric/scripts/fabric-samples/test-network/: 是一个目录
05-16
cd /opt/gopath/src/github.com/hyperledger/fabric/scripts/fabric-samples/test-network/ ``` 如果你想执行该目录下的某个文件,可以使用`./`来执行,如下所示: ``` ./your_script.sh ``` 其中`your_script....
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值