Fabric学习笔记
配置相关
fabric命令手册:
http://cw.hubwiz.com/card/c/fabric-command-manual/1/1/14/
查看debug级日志
export FABRIC_LOGGING_SPEC=DEBUG
1 orderer怎么配置,有哪些配置项,能否通过sdk配置,如何查看配置
Orderer搭建
环境搭建:
docker:
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
docker-compose:
curl -L
https://get.daocloud.io/docker/compose/releases/download/1.24.1/docker-compose-uname -s
-uname -m
> /usr/local/bin/docker-composechmod +x /usr/local/bin/docker-compose
go:
wget https://dl.google.com/go/go1.14.7.linux-amd64.tar.gz
tar -C /usr/local/ -zxvf go1.14.7.linux-amd64.tar.gz
vi /etc/profile
export PATH=$PATH:/usr/local/go/bin
export GOROOT=/usr/local/go
export GOPATH=/root/go/
source /etc/profile
fabric相关安装
创建文件夹
~/go/src/github.com/hyperledger
安装fabric
git clone https://github.com.cnpmjs.org/hyperledger/fabric.git
cd fabric/scripts/
cp -r bootstrap.sh ~/go/src/github.com/hyperledger/
修改bootstrap.sh
vim bootstrap.sh
128行
SAMPLES=false
BINARIES=false
保存退出
chmod +x bootstrap.sh
下载docker镜像
./bootstrap.sh
手动下载fabric-sample
git clone https://github.com.cnpmjs.org/hyperledger/fabric-samples.git
二进制文件下载:
手动下载在本地,scp 上传
将解压的二进制文件放在fabric-sample中
修改test-network配置文件
test-network是官方的用例,在基础上修改就可以使用
2 通道怎么配置,有哪些配置项,能否通过sdk配置,如何查看配置
1.创建通道:
先createChannelTx,再createAncorPeerTx,然后由channelTx文件创建channel.block,最后将节点join到channel中 并更新锚节点
2.新创建节点加入通道:
(1)docker exec Org3cli ./scripts/org3-scripts/step1org3.sh $CHANNEL_NAME $CLI_DELAY $CLI_TIMEOUT $VERBOSE
step1org3.sh:
//使用已有组织获取通道配置信息
fetchChannelConfig 1 ${CHANNEL_NAME} config.json
fetchChannelConfig:
//从orderer中下载配置pb文件
peer channel fetch config config_block.pb -o orderer0.example.com:6001
–ordererTLSHostnameOverride orderer0.example.com -c mychannel --tls --cafile
$ORDERER_CA
//截取部分文件并输出为config.json
configtxlator proto_decode --input config_block.pb --type common.Block
| jq .data.data[0].payload.data.config >“${OUTPUT}”
//修改配置文件
jq -s ‘.[0] * {“channel_group”:{“groups”:{“Application”:{“groups”:
{“Org3MSP”:.[1]}}}}}’ config.json
./organizations/peerOrganizations/org4.example.com/org4.json >
modified_config.json
这里是引用
//生成差异文件org4_update_in_envelope.pb
createConfigUpdate ${CHANNEL_NAME} config.json modified_config.json
org4_update_in_envelope.pb
createConfigUpdate:
CHANNEL=$1
ORIGINAL=$2
MODIFIED=$3
OUTPUT=$4
configtxlator proto_encode --input “${ORIGINAL}” --type common.Config
original_config.pb
configtxlator proto_encode --input “${MODIFIED}” --type common.Config
modified_config.pb
configtxlator compute_update --channel_id “${CHANNEL}” --original
original_config.pb --updated modified_config.pb >config_update.pbconfigtxlator proto_decode --input config_update.pb --type
common.ConfigUpdate >config_update.jsonecho
‘{“payload”:{“header”:{“channel_header”:{“channel_id”:"‘KaTeX parse error: Expected 'EOF', got '}' at position 20: …NEL'", "type":2}̲},"data":{"conf…(cat config_update.json)’}}}’ |
jq . >config_update_in_envelope.jsonconfigtxlator proto_encode --input config_update_in_envelope.json
–type common.Envelope >“${OUTPUT}”
//用组织一为差异文件签名
signConfigtxAsPeerOrg 1 org4_update_in_envelope.pb
signConfigtxAsPeerOrg:
peer channel signconfigtx -f “${TX}”
//用组织二向通道更新差异文件(修改通道配置文件,update会自动签名)
peer channel update -f org4_update_in_envelope.pb -c ${CHANNEL_NAME}
-o orderer0.example.com:6001 --ordererTLSHostnameOverride orderer0.example.com --tls --cafile ${ORDERER_CA}
(2)docker exec Org3cli ./scripts/org3-scripts/step2org3.sh $CHANNEL_NAME $CLI_DELAY $CLI_TIMEOUT $VERBOSE
step2org3.sh:
peer channel fetch 0 $CHANNEL_NAME.block -o orderer0.example.com:6001
–ordererTLSHostnameOverride orderer0.example.com -c $CHANNEL_NAME --tls --cafile $ORDERER_CA >&log.txt
joinChannelWithRetry 3
joinChannelWithRetry:
peer channel join -b $CHANNEL_NAME.block >&log.txt
3 节点怎么配置,有哪些配置项,能否通过sdk配置,如何查看配置
通过ca生成证书
function createOrg {
echo
echo "Enroll the CA admin"
echo
mkdir -p organizations/peerOrganizations/org4.example.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/../organizations/peerOrganizations/org4.example.com/
# rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
# rm -rf $FABRIC_CA_CLIENT_HOME/msp
set -x
fabric-ca-client enroll -u https://admin:adminpw@192.168.23.120:6006 --caname ca-org1 --tls.certfiles ${PWD}/../organizations/fabric-ca/org1/tls-cert.pem
set +x
echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/192-168-23-120-6006-ca-org4.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/192-168-23-120-6006-ca-org4.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/192-168-23-120-6006-ca-org4.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/192-168-23-120-6006-ca-org4.pem
OrganizationalUnitIdentifier: orderer' > ${PWD}/../organizations/peerOrganizations/org4.example.com/msp/config.yaml
echo
echo "Register peer0"
echo
set -x
fabric-ca-client register --caname ca-org1 --id.name peer0-org4 --id.secret peer0pw --id.type peer --id.affiliation org4.department1 --tls.certfiles ${PWD}/../organizations/fabric-ca/org1/tls-cert.pem
set +x
echo
echo "Register user"
echo
set -x
fabric-ca-client register --caname ca-org1 --id.name user1-org4 --id.secret user1pw --id.type client --id.affiliation org4.department1 --tls.certfiles ${PWD}/../organizations/fabric-ca/org1/tls-cert.pem
set +x
echo
echo "Register the org admin"
echo
set -x
fabric-ca-client register --caname ca-org1 --id.name org4admin --id.secret org4adminpw --id.type admin --id.affiliation org4.department1 --tls.certfiles ${PWD}/../organizations/fabric-ca/org1/tls-cert.pem
set +x
mkdir -p organizations/peerOrganizations/org4.example.com/peers
mkdir -p organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com
echo
echo "## Generate the peer0 msp"
echo
set -x
fabric-ca-client enroll -u https://peer0-org4:peer0pw@192.168.23.120:6006 --caname ca-org1 -M ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/msp --csr.hosts peer0.org4.example.com --tls.certfiles ${PWD}/../organizations/fabric-ca/org1/tls-cert.pem
set +x
cp ${PWD}/../organizations/peerOrganizations/org4.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/msp/config.yaml
echo
echo "## Generate the peer0-tls certificates"
echo
set -x
fabric-ca-client enroll -u https://peer0-org4:peer0pw@192.168.23.120:6006 --caname ca-org1 -M ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls --enrollment.profile tls --csr.hosts peer0.org4.example.com --csr.hosts 192.168.23.120 --tls.certfiles ${PWD}/../organizations/fabric-ca/org1/tls-cert.pem
set +x
cp ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/ca.crt
cp ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/signcerts/* ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/server.crt
cp ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/keystore/* ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/server.key
mkdir -p ${PWD}/../organizations/peerOrganizations/org4.example.com/msp/tlscacerts
cp ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org4.example.com/msp/tlscacerts/ca.crt
mkdir -p ${PWD}/../organizations/peerOrganizations/org4.example.com/tlsca
cp ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org4.example.com/tlsca/tlsca.org4.example.com-cert.pem
mkdir -p ${PWD}/../organizations/peerOrganizations/org4.example.com/ca
cp ${PWD}/../organizations/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/msp/cacerts/* ${PWD}/../organizations/peerOrganizations/org4.example.com/ca/ca.org4.example.com-cert.pem
mkdir -p organizations/peerOrganizations/org4.example.com/users
mkdir -p organizations/peerOrganizations/org4.example.com/users/User1@org4.example.com
echo
echo "## Generate the user msp"
echo
set -x
fabric-ca-client enroll -u https://user1-org4:user1pw@192.168.23.120:6006 --caname ca-org1 -M ${PWD}/../organizations/peerOrganizations/org4.example.com/users/User1@org4.example.com/msp --tls.certfiles ${PWD}/../organizations/fabric-ca/org1/tls-cert.pem
set +x
cp ${PWD}/../organizations/peerOrganizations/org4.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org4.example.com/users/User1@org4.example.com/msp/config.yaml
mkdir -p organizations/peerOrganizations/org4.example.com/users/Admin@org4.example.com
echo
echo "## Generate the org admin msp"
echo
set -x
fabric-ca-client enroll -u https://org4admin:org4adminpw@192.168.23.120:6006 --caname ca-org1 -M ${PWD}/../organizations/peerOrganizations/org4.example.com/users/Admin@org4.example.com/msp --tls.certfiles ${PWD}/../organizations/fabric-ca/org1/tls-cert.pem
set +x
cp ${PWD}/../organizations/peerOrganizations/org4.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org4.example.com/users/Admin@org4.example.com/msp/config.yaml
#mv organizations/peerOrganizations/org4.example.com/msp/cacerts/* organizations/peerOrganizations/org4.example.com/msp/cacerts/fabricCa-6006-ca-org4.pem
}
ccp-generate.sh
#!/bin/bash
function one_line_pem {
echo "`awk 'NF {sub(/\\n/, ""); printf "%s\\\\\\\n",$0;}' $1`"
}
function json_ccp {
local PP=$(one_line_pem $4)
local CP=$(one_line_pem $5)
sed -e "s/\${ORG}/$1/" \
-e "s/\${P0PORT}/$2/" \
-e "s/\${CAPORT}/$3/" \
-e "s#\${PEERPEM}#$PP#" \
-e "s#\${CAPEM}#$CP#" \
ccp-template.json
}
function yaml_ccp {
local PP=$(one_line_pem $4)
local CP=$(one_line_pem $5)
sed -e "s/\${ORG}/$1/" \
-e "s/\${P0PORT}/$2/" \
-e "s/\${CAPORT}/$3/" \
-e "s#\${PEERPEM}#$PP#" \
-e "s#\${CAPEM}#$CP#" \
ccp-template.yaml | sed -e $'s/\\\\n/\\\n /g'
}
ORG=4
P0PORT=7051
CAPORT=7054
PEERPEM=../organizations/peerOrganizations/org4.example.com/tlsca/tlsca.org4.example.com-cert.pem
CAPEM=../organizations/peerOrganizations/org4.example.com/ca/ca.org4.example.com-cert.pem
echo "$(json_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org4.example.com/connection-org4.json
echo "$(yaml_ccp $ORG $P0PORT $CAPORT $PEERPEM $CAPEM)" > ../organizations/peerOrganizations/org4.example.com/connection-org4.yaml
generateOrg3Definition
configtxgen -printOrg Org3MSP > ../organizations/peerOrganizations/org3.example.com/org3.json
启动新组织
IMAGE_TAG=$IMAGETAG docker-compose -f $COMPOSE_FILE_ORG3 up -d 2>&1
COMPOSE_FILE_ORG3
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
volumes:
peer0.org3.example.com:
networks:
test:
services:
peer0.org3.example.com:
container_name: peer0.org3.example.com
image: hyperledger/fabric-peer
environment:
#Generic peer variables
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_test
- FABRIC_LOGGING_SPEC=INFO
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb2:6027
# The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
# provide the credentials for ledger to connect to CouchDB. The username and password must
# match the username and password set for the associated CouchDB.
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variabes
- CORE_PEER_ID=peer0.org3.example.com
- CORE_PEER_ADDRESS=peer0.org3.example.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org3.example.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org3.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:7051
- CORE_PEER_LOCALMSPID=Org3MSP
volumes:
- /var/run/:/host/var/run/
- ../../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ../../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls
- peer0.org3.example.com:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 7051:7051
extra_hosts:
- "orderer0.example.com:192.168.23.121"
- "orderer1.example.com:192.168.23.122"
- "orderer2.example.com:192.168.23.123"
- "orderer3.example.com:192.168.23.124"
- "orderer4.example.com:192.168.23.125"
- "couchdb2:192.168.23.121"
networks:
- test
Org3cli:
container_name: Org3cli
image: hyperledger/fabric-tools
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=Org3cli
- CORE_PEER_ADDRESS=peer0.org3.example.com:7051
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ../../../chaincode/:/opt/gopath/src/github.com/chaincode
- ../../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations
- ../../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
depends_on:
- peer0.org3.example.com
extra_hosts:
- "orderer0.example.com:192.168.23.121"
- "orderer1.example.com:192.168.23.122"
- "orderer2.example.com:192.168.23.123"
- "orderer3.example.com:192.168.23.124"
- "orderer4.example.com:192.168.23.125"
networks:
- test
4 锚节点、领导节点、提交节点、背书节点,分别起什么作用,实际使用中如何安排?如何查看配置?
1.2.3 锚节点(anchor peer)
1.2.4 领导节点(leading peer)
机构中负责与排序服务进行通讯的节点。排序服务会将新区块发送给领导节点,领导节点将区块扩散到机构中的其他节点
1.2.5 提交节点(committing peer)
所有通道里的peer节点都是提交节点。它接收事务产生的区块,并且验证事务有效性,然后已追加操作的方式提交到peer节点的账本。
1.2.6 背书节点(endorsement peer)
任何一个安装了智能合约的peer都可以是一个背书节点。如果要事实上成为一个背书节点,该peer上的智能合约必须被客户端应用使用来产生一个带数字签名的交易响应。
5 系统链码有哪些?能做哪些功能?
链码可以上链或查询,分页查询功能只能在查询方法中使用,即不可调用其他功能
6 cli命令行提供的指令都有哪些?sdk是否都能完成?有哪些功能在cli上是没有的,需要如何实现?
7 链码的编译和安装容易出现哪些问题?什么原因?如何解决?有哪些工具可以辅助查错?
链码install在网络不好的情况下非常容易timeout,但是实际上可能已经install成功了,可以用
peer lifecycle chaincode queryinstalled
查询install是否成功了
8 账本的区块高度、获取特定的区块,查询特定的交易所在的区块,这些命令如何操作?