目录
HyperLedger FabricV2.3 Raft单机集群部署
云主机配置
主机名 | IP | 规格 | OS | 硬盘配置 | 部署分配 |
ecs-hyperledger | 10.XXX | 2c4g | CentOS7.6 | 40G系统盘 高IO型 | 5个order节点、4个peer节点、4个cli节点 |
依赖环境配置
环境 | 版本 | 备注信息 |
fabric | V2.3.1 | https://github.com/hyperledger/fabric.git |
docker | 20.10.5 | |
docker-compose | 1.18.0 | |
golang | go1.15.5 linux/amd64 | |
git | 1.8.3.1 | |
java | 1.8.0_282 |
部署步骤
0.更新yum
yum -y update
1.安装golang
yum -y install golang
# 查看安装版本
go version
2.安装docker
# 1.安装需要的依赖包
yum install -y yum-utils device-mapper-persistent-data lvm2
# 2. 设置yum源
yum-config-manager --add-repo http://download.docker.com/linux/centos/docker-ce.repo
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
# 3. 查看可选docker版本
yum list docker-ce --showduplicates | sort -r
# 4. 选择安装版本|直接安装
yum -y install docker-ce
# 5. 查看docker版本信息
docker version
# 6. 设置阿里云镜像加速器
sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
"registry-mirrors": ["https://XXXX.mirror.aliyuncs.com"]
}
EOF
备注:如果操作失败,给docker目录赋权限
chmod -R 777 /etc/docker/
# 7.重载配置
systemctl daemon-reload
# 8.重启docker
systemctl restart docker
# 9.设置开启自启动
systemctl enable docker
# 10. 查看配置是否生效
docker info
3. 安装docker-compose
yum -y install docker-compose
# 查看安装结果
docker-compose version
4. 安装git
yum install -y git
# 查看版本
git version
5. 安装java
yum install java-1.8.0-openjdk.x86_64 -y
6. 防火墙配置
# 查看防火墙状态
systemctl status firewalld
# 关闭防火墙
systemctl stop firewalld
# 禁用防火墙
systemctl disable firewalld
7. 网络配置
使用docker info查看如果有如下显示:
WARNING: IPv4 forwarding is disabled
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
解决方案:
# 编辑sysctl.conf
vi /etc/sysctl.conf
添加:
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-arptables=1
net.ipv4.ip_forward=1
# 保存退出
# 重启网络
systemctl restart network
fabric 资源规划
0. 修改hosts文件
vim /etc/hosts
添加如下内容:
127.0.0.1 orderer0.fabric.tech
127.0.0.1 orderer1.fabric.tech
127.0.0.1 orderer2.fabric.tech
127.0.0.1 orderer3.fabric.tech
127.0.0.1 orderer4.fabric.tech
127.0.0.1 peer0.org1.tech
127.0.0.1 peer1.org1.tech
127.0.0.1 peer0.org2.tech
127.0.0.1 peer1.org2.tech
# 更新配置
source /etc/hosts
1. 部署节点端口分配
云主机 机器:
|-orderer0.fabric.tech 端口:7050
|-orderer1.fabric.tech 端口:8050
|-orderer2.fabric.tech 端口:9050
|-orderer3.fabric.tech 端口:10050
|-orderer4.fabric.tech 端口:11050
|-peer0.org1.tech 端口:7051
|-peer1.org1.tech 端口:8051
|-peer0.org2.tech 端口:9051
|-peer1.org2.tech 端口:10051
2.官方测试网络demo测试
-
创建工作目录
[root hyperledger]# tree -L 1
├── hyperledger # 根目录
├── chaincode # 智能合约链码目录
├── fabric_cluster # 集群部署配置目录
├── opt # 容器挂载目录
└── source # fabric源代码目录
- 下载源代码
cd /hyperledger/source
# 克隆fabric源代码
git clone https://github.com/hyperledger/fabric.git
cd fabric
# 查看远程分之
git branch -r
# 切换分支
git checkout release-2.3
# 查看脚本文件
cd /hyperledger/source/fabric/scripts
# 由于网络原因官网脚本中下载的文件较多,故修改脚本,只下载容易镜像
cp bootstrap.sh bootstrap.sh.back
vim bootstrap.sh
# 修改如下三个变量为:
DOCKER=true
SAMPLES=false
BINARIES=false
# 保存并退出
# 执行脚本,下载容器(时间较长)
/hyperledger/source/fabric/scripts && ./bootstrap.sh
# 检查容器
docker images
下载镜像如下
- 安装可执行文件(也可使用源代码编译方式安装)
下载:
hyperledger-fabric-ca-linux-amd64-1.4.9.tar.gz
hyperledger-fabric-linux-amd64-2.3.1.tar.gz
将以上两个文件解压缩至 /hyperledger/source/release
# 解压
tar -zxvf /hyperledger/source/hyperledger-fabric-ca-linux-amd64-1.4.9.tar.gz /hyperledger/source/release/
# 解压
tar -zxvf /hyperledger/source/hyperledger-fabric-linux-amd64-2.3.1.tar.gz /hyperledger/source/release/
# 编辑 ~/.profile
vim ~/.profile
#文件中最后添加以下内容
export PATH=$PATH:$GOPATH/hyperledger/source/release/bin
#更新
source ~/.profile
可执行二进制文件说明:
- configtxgen:用于生成 Fabric 创世区块初始或更新配置文件
- configtxlator:用于编解码 Fabric 区块链配置文件
- cryptogen:用于生成节点、用户、客户端等所需的证书和密钥文件
- discover:用于 Fabric 网络的服务发现
- orderer:Fabric 排序节点程序
- peer:Fabric 对等节点程序
- fabric-ca-client:Fabric CA 服务程序的客户端,用于注册和添加用户
备注:通过源代码方式安装可以使用如下方式
编译方式生成可执行文件:
cd /hyperledger/source/fabric && make release
mv /hyperledger/source/fabric/release /hyperledger/source/
- 官方demo测试
cd /hyperledger/source
git clone https://github.com/hyperledger/fabric-samples.git
cd fabric-samples
git branch -r
# 切换分支
git checkout release-1.4
备注:fabric-samples官方已经不再维护,需要做如下修改,否则报错
## 官方样例文件中存在导包错误,需要手动修复:
cd /hyperledger/source/old_fabric-samples/chaincode/chaincode_example02/go
#修改源文件
vim chaincode_example02.go
源代码:
"github.com/hyperledger/fabric/core/chaincode/shim"
pb "github.com/hyperledger/fabric/protos/peer"
替换为:
"github.com/hyperledger/fabric-chaincode-go/shim"
pb "github.com/hyperledger/fabric-protos-go/peer"
保存退出
#切换代理
go env -w GOPROXY=https://goproxy.cn
export GOPROXY=https://goproxy.cn
#执行如下命令
touch go.mod
vim go.mod
填入如下内容:
module github.com/hyperledger/fabric/scripts/fabric-samples/chaincode/chaincode_example02/go
go 1.14
require (
github.com/hyperledger/fabric-chaincode-go v0.0.0-20200128192331-2d899240a7ed
github.com/hyperledger/fabric-protos-go v0.0.0-20200124220212-e9cfc186ba7b
golang.org/x/net v0.0.0-20200202094626-16171245cfb2 // indirect
golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4 // indirect
golang.org/x/text v0.3.2 // indirect
google.golang.org/genproto v0.0.0-20200218151345-dad8c97a84f5 // indirect
)
#更新依赖
go mod vendor
#如果之前有开启测试网络需要先关闭网络
cd /hyperledger/source/old_fabric-samples/first-network && ./byfn.sh down
- 启动官网测试网络
# 进入脚本目录
cd /hyperledger/source/old_fabric-samples/first-network
# 测试开启网络
./byfn.sh up
# 查看docker容器
docker ps
# 测试关闭网络
./byfn.sh down
启动成功如下:
3.fabric raft集群环境搭建
3.1编写配置文件
# 进入集群配置目录
cd /hyperledger/fabric_cluster
创建文件:crypto-config.yaml、configtx.yaml
crypto-config.yaml文件配置:
OrdererOrgs:
- Name: Orderer
Domain: fabric.tech
Specs:
- Hostname: orderer0
- Hostname: orderer1
- Hostname: orderer2
- Hostname: orderer3
- Hostname: orderer4
PeerOrgs:
- Name: Org1
Domain: org1.tech
EnableNodeOUs: true
Template:
Count: 2 #生成证书的数量
Users:
Count: 1 #生成用户证书个数
- Name: Org2
Domain: org2.tech
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
configtx.yaml文件配置:
---
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org1.tech/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
AnchorPeers:
- Host: peer0.org1.tech
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org2.tech/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
AnchorPeers:
- Host: peer0.org2.tech
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses: # orderer 集群节点
- orderer0.fabric.tech:7050
- orderer1.fabric.tech:7050
- orderer2.fabric.tech:7050
- orderer3.fabric.tech:7050
- orderer4.fabric.tech:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer0.fabric.tech
Port: 7050
ClientTLSCert: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer0.fabric.tech/tls/server.crt
ServerTLSCert: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer0.fabric.tech/tls/server.crt
- Host: orderer1.fabric.tech
Port: 7050
ClientTLSCert: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer1.fabric.tech/tls/server.crt
ServerTLSCert: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer1.fabric.tech/tls/server.crt
- Host: orderer2.fabric.tech
Port: 7050
ClientTLSCert: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer2.fabric.tech/tls/server.crt
ServerTLSCert: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer2.fabric.tech/tls/server.crt
- Host: orderer3.fabric.tech
Port: 7050
ClientTLSCert: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer3.fabric.tech/tls/server.crt
ServerTLSCert: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer3.fabric.tech/tls/server.crt
- Host: orderer4.fabric.tech
Port: 7050
ClientTLSCert: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer4.fabric.tech/tls/server.crt
ServerTLSCert: /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer4.fabric.tech/tls/server.crt
Addresses:
- orderer0.fabric.tech:7050
- orderer1.fabric.tech:7050
- orderer2.fabric.tech:7050
- orderer3.fabric.tech:7050
- orderer4.fabric.tech:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
3.2 生成证书以及通道信息
# 0.进入配置目录
cd /hyperledger/fabric_cluster
# 1.生成创世区块
cryptogen generate --config=/hyperledger/fabric_cluster/crypto-config.yaml
# 2.生成通道配置信息
configtxgen -profile SampleMultiNodeEtcdRaft -channelID fabric-cluster-channel -outputBlock /hyperledger/fabric_cluster/channel-artifacts/genesis.block
# 3.创建通道配置信息
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx /hyperledger/fabric_cluster/channel-artifacts/channel.tx -channelID mychannel
# 4.为org1配置锚节点
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate /hyperledger/fabric_cluster/channel-artifacts/Org1MSPanchors.tx -channelID mychannel -asOrg Org1MSP
# 5.为org2配置锚节点
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate /hyperledger/fabric_cluster/channel-artifacts/Org2MSPanchors.tx -channelID mychannel -asOrg Org2MSP
此时生成配置目录如下:
/hyperledger/fabric_cluster/channel-artifacts
├── channel.tx
├── genesis.block
├── Org1MSPanchors.tx
└── Org2MSPanchors.tx
生成证书配置目录如下:
/hyperledger/fabric_cluster/crypto-config
├── ordererOrganizations
│ └── fabric.tech
│ ├── ca
│ ├── msp
│ ├── orderers
│ ├── tlsca
│ └── users
└── peerOrganizations
├── org1.tech
│ ├── ca
│ ├── msp
│ ├── peers
│ ├── tlsca
│ └── users
└── org2.tech
├── ca
├── msp
├── peers
├── tlsca
└── users
备注:
cryptogen 命令介绍:
-help #显示帮助信息
-generate #根据配置文件生成证书信息
-showtemplate #显示证书模板配置文件
-version #显示 cryptogen 的版本号
configtxgen 命令介绍:
-asOrg string #所属组织
-channelID string #channel 名称
-inspectBlock string #打印指定区块文件中配置内容
-inspectChannelCreateTx #打印指定创建通道交易的配置文件
-outputAnchorPeersUpdate string #生成一个更新锚点的更新 channel 配置信息
-outputBlock string #输出区块文件路径
-outputCreateChannelTx string #指定一个路径,来生成 channel 配置文件
-profile string #配置文件中的节点,用于生成相关配置文件,默认是 “SampleInsecureSolo”)
-version #显示版本信息
3.3 编写docker-compose.yaml
base.yaml、docker-compose.up.yaml均放置在fabric-cluster目录中
base.yaml
version: '2'
services:
order-base:
image: hyperledger/fabric-orderer
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_BOOTSTRAPMETHOD=file
- ORDERER_GENERAL_BOOTSTRAPFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /hyperledger/opt
command: orderer
volumes:
- /hyperledger/fabric_cluster/channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
peer-base:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Allow more time for chaincode container to build on install.
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
working_dir: /hyperledger/opt/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/
cli-base:
image: hyperledger/fabric-tools
tty: true
stdin_open: true
environment:
- GOPATH=/root/go
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
working_dir: /hyperledger/opt/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- /hyperledger/chaincode/go/:/hyperledger/cluster/chaincode/go
- /hyperledger/fabric_cluster/crypto-config:/hyperledger/opt/peer/crypto-config/
- /hyperledger/fabric_cluster/channel-artifacts:/hyperledger/opt/peer/channel-artifacts
docker-compose-up.yaml:
version: '2'
services:
orderer0.fabric.tech:
container_name: orderer0.fabric.tech
extends:
file: base.yaml
service: order-base
volumes:
- /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer0.fabric.tech/msp:/var/hyperledger/orderer/msp
- /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer0.fabric.tech/tls/:/var/hyperledger/orderer/tls
ports:
- 7050:7050
orderer1.fabric.tech:
container_name: orderer1.fabric.tech
extends:
file: base.yaml
service: order-base
volumes:
- /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer1.fabric.tech/msp:/var/hyperledger/orderer/msp
- /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer1.fabric.tech/tls/:/var/hyperledger/orderer/tls
ports:
- 8050:7050
orderer2.fabric.tech:
container_name: orderer2.fabric.tech
extends:
file: base.yaml
service: order-base
volumes:
- /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer2.fabric.tech/msp:/var/hyperledger/orderer/msp
- /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer2.fabric.tech/tls/:/var/hyperledger/orderer/tls
ports:
- 9050:7050
orderer3.fabric.tech:
container_name: orderer3.fabric.tech
extends:
file: base.yaml
service: order-base
volumes:
- /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer3.fabric.tech/msp:/var/hyperledger/orderer/msp
- /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer3.fabric.tech/tls/:/var/hyperledger/orderer/tls
ports:
- 10050:7050
orderer4.fabric.tech:
container_name: orderer4.fabric.tech
extends:
file: base.yaml
service: order-base
volumes:
- /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer4.fabric.tech/msp:/var/hyperledger/orderer/msp
- /hyperledger/fabric_cluster/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer4.fabric.tech/tls/:/var/hyperledger/orderer/tls
ports:
- 11050:7050
peer0.org1.tech:
container_name: peer0.org1.tech
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org1.tech
- CORE_PEER_ADDRESS=peer0.org1.tech:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org1.tech:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.tech:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.tech:7051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org1.tech/peers/peer0.org1.tech/msp:/etc/hyperledger/fabric/msp
- /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org1.tech/peers/peer0.org1.tech/tls:/etc/hyperledger/fabric/tls
ports:
- 7051:7051
peer1.org1.tech:
container_name: peer1.org1.tech
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org1.tech
- CORE_PEER_ADDRESS=peer1.org1.tech:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer1.org1.tech:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.tech:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.tech:8051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org1.tech/peers/peer1.org1.tech/msp:/etc/hyperledger/fabric/msp
- /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org1.tech/peers/peer1.org1.tech/tls:/etc/hyperledger/fabric/tls
ports:
- 8051:8051
peer0.org2.tech:
container_name: peer0.org2.tech
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org2.tech
- CORE_PEER_ADDRESS=peer0.org2.tech:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.org2.tech:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.tech:10051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.tech:9051
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org2.tech/peers/peer0.org2.tech/msp:/etc/hyperledger/fabric/msp
- /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org2.tech/peers/peer0.org2.tech/tls:/etc/hyperledger/fabric/tls
ports:
- 9051:9051
peer1.org2.tech:
container_name: peer1.org2.tech
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org2.tech
- CORE_PEER_ADDRESS=peer1.org2.tech:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer1.org2.tech:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.tech:9051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.tech:10051
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org2.tech/peers/peer1.org2.tech/msp:/etc/hyperledger/fabric/msp
- /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org2.tech/peers/peer1.org2.tech/tls:/etc/hyperledger/fabric/tls
ports:
- 10051:10051
cli-peer0-org1:
container_name: cli-peer0-org1
extends:
file: base.yaml
service: cli-base
environment:
- CORE_PEER_ID=cli-peer0-org1
- CORE_PEER_ADDRESS=peer0.org1.tech:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_CERT_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org1.tech/peers/peer0.org1.tech/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org1.tech/peers/peer0.org1.tech/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org1.tech/peers/peer0.org1.tech/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/hyperledger/opt/peer/crypto-config/peerOrganizations/org1.tech/users/Admin@org1.tech/msp
cli-peer1-org1:
container_name: cli-peer1-org1
extends:
file: base.yaml
service: cli-base
environment:
- CORE_PEER_ID=cli-peer1-org1
- CORE_PEER_ADDRESS=peer1.org1.tech:8051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_CERT_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org1.tech/peers/peer1.org1.tech/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org1.tech/peers/peer1.org1.tech/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org1.tech/peers/peer1.org1.tech/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/hyperledger/opt/peer/crypto-config/peerOrganizations/org1.tech/users/Admin@org1.tech/msp
cli-peer0-org2:
container_name: cli-peer0-org2
extends:
file: base.yaml
service: cli-base
environment:
- CORE_PEER_ID=cli-peer0-org2
- CORE_PEER_ADDRESS=peer0.org2.tech:9051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_TLS_CERT_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org2.tech/peers/peer0.org2.tech/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org2.tech/peers/peer0.org2.tech/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org2.tech/peers/peer0.org2.tech/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/hyperledger/opt/peer/crypto-config/peerOrganizations/org2.tech/users/Admin@org2.tech/msp
cli-peer1-org2:
container_name: cli-peer1-org2
extends:
file: base.yaml
service: cli-base
environment:
- CORE_PEER_ID=cli-peer1-org2
- CORE_PEER_ADDRESS=peer1.org2.tech:10051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_TLS_CERT_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org2.tech/peers/peer1.org2.tech/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org2.tech/peers/peer1.org2.tech/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/hyperledger/opt/peer/crypto-config/peerOrganizations/org2.tech/peers/peer1.org2.tech/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/hyperledger/opt/peer/crypto-config/peerOrganizations/org2.tech/users/Admin@org2.tech/msp
ca-org1:
container_name: ca-org1
extends:
file: base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.tech-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg4Hwt/FeN1y7ePgsRCXgkX0om4wKggwkkQC6R6Sdwg2mhRANCAARAysXo0jF5Az5jUObnGRNHU6kvCCAI2n/8uFdOo/i8iPvB/8BTtgrx+rSl6f/oVnw9vRNlVOEW/ZfB03/e3epu
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.tech-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg4Hwt/FeN1y7ePgsRCXgkX0om4wKggwkkQC6R6Sdwg2mhRANCAARAysXo0jF5Az5jUObnGRNHU6kvCCAI2n/8uFdOo/i8iPvB/8BTtgrx+rSl6f/oVnw9vRNlVOEW/ZfB03/e3epu
ports:
- 7054:7054
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org1.tech/ca:/etc/hyperledger/fabric-ca-server-config
ca-org2:
container_name: ca-org2
extends:
file: base.yaml
service: ca-base
environment:
- FABRIC_CA_SERVER_CA_NAME=ca-org2
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.tech-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgSAjLaVDM5Zahbnm6fo9cNGe3/aSGMH5ThCC30YJXlfihRANCAAR8/093Yml+C6HBLaH3JN0QpvTPV4Ks52ViBalBghhSCRfgJMBlUawEyavvuwUWUm0OH835p7kW9JTxL+eKy3Sn
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.tech-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgSAjLaVDM5Zahbnm6fo9cNGe3/aSGMH5ThCC30YJXlfihRANCAAR8/093Yml+C6HBLaH3JN0QpvTPV4Ks52ViBalBghhSCRfgJMBlUawEyavvuwUWUm0OH835p7kW9JTxL+eKy3Sn
ports:
- 8054:7054
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- /hyperledger/fabric_cluster/crypto-config/peerOrganizations/org2.tech/ca:/etc/hyperledger/fabric-ca-server-config
4.启动&配置网络
4.1 启动容器
# 启动容器
docker-compose -f /hyperledger/fabric_cluster/up/docker-compose-up.yaml up -d
# 检查容器状态
docker ps
4.2 配置fabric网络
# 1.进入cli-peer0-org1容器
docker exec -it cli-peer0-org1 bash
# 2.在容器中,创建通道(使用容器挂载目录)
peer channel create -o orderer0.fabric.tech:7050 -c mychannel -f ./channel-artifacts/channel.tx --tls --cafile /hyperledger/opt/peer/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer0.fabric.tech/msp/tlscacerts/tlsca.fabric.tech-cert.pem
# 3.加入通道
peer channel join -b mychannel.block
# 4.验证节点是否加入通道
peer channel list
# 5.将通道文件从容器拷贝到宿主机上
docker cp cli-peer0-org1:/hyperledger/opt/peer/mychannel.block /hyperledger/opt/
# 6.将通道文件拷贝到剩余cli容器中
docker cp /hyperledger/opt/mychannel.block cli-peer1-org1:/hyperledger/opt/peer/
docker cp /hyperledger/opt/mychannel.block cli-peer0-org2:/hyperledger/opt/peer/
docker cp /hyperledger/opt/mychannel.block cli-peer1-org2:/hyperledger/opt/peer/
# 7.分别在剩余三个容器中执行加入通道
docker exec -it cli-peer1-org1 bash
docker exec -it cli-peer0-org2 bash
docker exec -it cli-peer1-org2 bash
# 加入通道
peer channel join -b mychannel.block
# 验证
peer channel list
# 8.更新org1锚节点
docker exec -it cli-peer0-org1 bash
peer channel update -o orderer0.fabric.tech:7050 -c mychannel -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /hyperledger/opt/peer/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer0.fabric.tech/msp/tlscacerts/tlsca.fabric.tech-cert.pem
# 9.更新org2锚节点
docker exec -it cli-peer0-org2 bash
peer channel update -o orderer0.fabric.tech:7050 -c mychannel -f ./channel-artifacts/Org2MSPanchors.tx --tls --cafile /hyperledger/opt/peer/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer0.fabric.tech/msp/tlscacerts/tlsca.fabric.tech-cert.pem
5. 自定义智能合约
5.1 上传合约代码到服务器
cd /hyperledger/chaincode
rz chaincode.zip
# 解压缩
unzip /hyperledger/chaincode/chaincode.zip
5.2 打包链码
# 在其中一台peer执行打包
docker cp /hyperledger/chaincode/chaincode/ cli-peer0-org1:/hyperledger/opt/peer/java/
# 打包链码
peer lifecycle chaincode package mycc2.tar.gz --path /hyperledger/opt/peer/java/ --lang java --label mycc2
5.3 安装链码
# 将打包好的合约拷贝到宿主机
docker cp cli-peer0-org1:/hyperledger/opt/peer/mycc2.tar.gz /hyperledger/opt/
# 从宿主机上拷贝至其他peer节点
docker cp /hyperledger/opt/mycc2.tar.gz cli-peer1-org1:/hyperledger/opt/peer/
docker cp /hyperledger/opt/mycc2.tar.gz cli-peer0-org2:/hyperledger/opt/peer/
docker cp /hyperledger/opt/mycc2.tar.gz cli-peer1-org2:/hyperledger/opt/peer/
# peer节点安装链码
peer lifecycle chaincode install /hyperledger/opt/peer/mycc2.tar.gz
# 查询安装结果
peer lifecycle chaincode queryinstalled
5.4 授权链码
# 授权合约(替换成刚才打包好的package-id)
peer lifecycle chaincode approveformyorg --tls true --cafile /hyperledger/opt/peer/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer0.fabric.tech/msp/tlscacerts/tlsca.fabric.tech-cert.pem --channelID mychannel --name mycc2 --version 1 --init-required --package-id mycc2:d0561c1ddb3732e3c840bca4e8c586405f6c67830139a7c0a6885128915acd6c --sequence 1 --waitForEvent
#查询授权结果
peer lifecycle chaincode checkcommitreadiness --channelID mychannel --name mycc2 --version 1 --sequence 1 --output json --init-required
5.5 提交链码
# 提交合约
peer lifecycle chaincode commit -o orderer0.fabric.tech:7050 --tls true --cafile /hyperledger/opt/peer/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer0.fabric.tech/msp/tlscacerts/tlsca.fabric.tech-cert.pem --channelID mychannel --name mycc2 --peerAddresses peer0.org1.tech:7051 --tlsRootCertFiles /hyperledger/opt/peer/crypto-config/peerOrganizations/org1.tech/peers/peer0.org1.tech/tls/ca.crt --peerAddresses peer0.org2.tech:9051 --tlsRootCertFiles /hyperledger/opt/peer/crypto-config/peerOrganizations/org2.tech/peers/peer0.org2.tech/tls/ca.crt --version 1 --sequence 1 --init-required
# 查看提交结果
peer lifecycle chaincode querycommitted --channelID mychannel --name mycc2
5.6 操作链码
# 调用
peer chaincode invoke -o orderer0.fabric.tech:7050 --isInit --tls true --cafile /hyperledger/opt/peer/crypto-config/ordererOrganizations/fabric.tech/orderers/orderer0.fabric.tech/msp/tlscacerts/tlsca.fabric.tech-cert.pem -C mychannel -n mycc2 --peerAddresses peer0.org1.tech:7051 --tlsRootCertFiles /hyperledger/opt/peer/crypto-config/peerOrganizations/org1.tech/peers/peer0.org1.tech/tls/ca.crt --peerAddresses peer0.org2.tech:9051 --tlsRootCertFiles /hyperledger/opt/peer/crypto-config/peerOrganizations/org2.tech/peers/peer0.org2.tech/tls/ca.crt -c '{"Args":["init", "a","1000","b", "1000"]}'
# 查询
peer chaincode query -C mychannel -n mycc2 -c '{"Args":["query","a"]}'