【fabric实战指南二】Fabric v1.0 部署过程原理详解
2019独角兽企业重金招聘Python工程师标准>>>
区块链兄弟社区,区块链技术专业问答先行者,中国区块链技术爱好者聚集地
作者:吴寿鹤
来源:区块链兄弟
原文链接:http://www.blockchainbrother.com/article/18
著权归作者所有。商业转载请联系作者获得授权,非商业转载请注明出处。
编译fabric tools
我们会编译以下几个工具:
github.com/hyperledger/fabric/common/configtx/tool/configtxgen
github.com/hyperledger/fabric/common/tools/cryptogen
github.com/hyperledger/fabric/common/tools/configtxlator
github.com/hyperledger/fabric/peer
以上每个工具都需要读取一个yaml文件配置,在配置文件中我们指明网络的拓扑结构,证书地址等。
cd $GOPATH/src/github.com/hyperledger/fabric make releasels -rtl release/linux-amd64/bin-rwxrwxr-x 1 shouhewu shouhewu 15124356 Jul 17 13:58 configtxgen -rwxrwxr-x 1 shouhewu shouhewu 7315638 Jul 17 13:58 cryptogen -rwxrwxr-x 1 shouhewu shouhewu 16141847 Jul 17 13:58 configtxlator -rwxrwxr-x 1 shouhewu shouhewu 22949903 Jul 17 13:58 peer -rwxrwxr-x 1 shouhewu shouhewu 19942880 Jul 17 13:59 orderer -rwxrwxr-x 1 shouhewu shouhewu 774 Jul 17 13:59 get-docker-images.sh -rwxrwxr-x 1 shouhewu shouhewu 458 Jul 17 13:59 get-byfn.sh
Cryptogen Tool(cryptogen)
我们会使用crptogen tool 为网络中的节点,用户生成密码证书(x509 certs)。
怎么运行的?
Cryptogen 读取 crypto-config.yaml 文件,yaml文件中包含网络拓扑结构,这个yaml文件可以帮我们为每个组织和组织中的成员生成证书库。每个组织分配一个根证书(ca-cert),这个根证书会绑定一些peers和orders到这个组织。fabric中的交易和通信都会被一个参与者的私钥(keystore)签名,并会被公钥(signcerts)验证.yaml配置文件中有一个"count"变量,我们用这个变量表示一个组织中会有多少个节点。在我们的文档的例子中每个组织会有两个节点。
crypto-config.yaml :
# Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 ## --------------------------------------------------------------------------- # "OrdererOrgs" - Definition of organizations managing orderer nodes # ---------------------------------------------------------------------------OrdererOrgs: # --------------------------------------------------------------------------- # Orderer # ---------------------------------------------------------------------------- Name: Orderer Domain: example.com # --------------------------------------------------------------------------- # "Specs" - See PeerOrgs below for complete description # ---------------------------------------------------------------------------Specs: - Hostname: orderer # --------------------------------------------------------------------------- # "PeerOrgs" - Definition of organizations managing peer nodes # ---------------------------------------------------------------------------PeerOrgs: # --------------------------------------------------------------------------- # Org1 # ---------------------------------------------------------------------------- Name: Org1 Domain: org1.example.com # --------------------------------------------------------------------------- # "Specs" # --------------------------------------------------------------------------- # Uncomment this section to enable the explicit definition of hosts in your # configuration. Most users will want to use Template, below # # Specs is an array of Spec entries. Each Spec entry consists of two fields:# - Hostname: (Required) The desired hostname, sans the domain. # - CommonName: (Optional) Specifies the template or explicit override for # the CN. By default, this is the template:# # "{{.Hostname}}.{{.Domain}}" # # which obtains its values from the Spec.Hostname and # Org.Domain, respectively. # --------------------------------------------------------------------------- # Specs:# - Hostname: foo # implicitly "foo.org1.example.com" # CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above # - Hostname: bar # - Hostname: baz # --------------------------------------------------------------------------- # "Template" # --------------------------------------------------------------------------- # Allows for the definition of 1 or more hosts that are created sequentially # from a template. By default, this looks like "peer%d" from 0 to Count-1. # You may override the number of nodes (Count), the starting index (Start) # or the template used to construct the name (Hostname). # # Note: Template and Specs are not mutually exclusive. You may define both # sections and the aggregate nodes will be created for you. Take care with # name collisions # ---------------------------------------------------------------------------Template: Count: 2 # Start: 5 # Hostname: {{.Prefix}}{{.Index}} # default # --------------------------------------------------------------------------- # "Users" # --------------------------------------------------------------------------- # Count: The number of user accounts _in addition_ to Admin # ---------------------------------------------------------------------------Users: Count: 1 # --------------------------------------------------------------------------- # Org2: See "Org1" for full specification # ---------------------------------------------------------------------------- Name: Org2 Domain: org2.example.com Template: Count: 2 Users: Count: 1
执行结果
执行完cryptogen命令后,生成的证书会放在 crypto-config 文件夹中 。
ll crypto-config drwxr-xr-x 4 shouhewu shouhewu 4096 Jul 17 15:15 ./ drwxr-xr-x 9 shouhewu shouhewu 4096 Jul 17 15:18 ../ drwxr-xr-x 3 shouhewu shouhewu 4096 Jul 17 15:15 ordererOrganizations/ drwxr-xr-x 4 shouhewu shouhewu 4096 Jul 17 15:15 peerOrganizations/
Configuration Transaction Generator(configtxgen)
configtxgen tool 用来生成四个artifacts:orderer bootstrap block,fabric channel configuration transaction,two anchor peer transactions(每个组织一个)
orderer block 是ordering service 的创世区块,在channel创建的时候channel transaction 文件会广播给orderer。anchor peer transaction表示每个组织在channel中的anchor 节点。
怎么工作的?
configtxgen会读取 configtx.yaml 配置文件。这个yaml 文件包含网络的定义,网络中有三个成员 一个orderer(OrdererOrg),两个peer(Org1,Org2),yaml文件中还包含一个由两个组织构成的联盟(SampleConsortium)。 在yaml文件最上方 “Profile”段落中,有两个header,一个是orderer genesis block - TwoOrgsOrdererGenesis ,另一个是channel - TwoOrgsChannel。这两个header十分重要,我们创建artifacts是我们会把他们作为参数传入。yaml文件中还包含另外两个东西:1.每个peer 组中的anchor peer(peer0.org1.example.com & peer0.org2.example.com) 。2. 每个成员的MSP 目录位置,它允许我们把每个组织的根证书会存在orderer genesis block中。
configtx.yaml
--- ################################################################################ # # Profile # # - Different configuration profiles may be encoded here to be specified # as parameters to the configtxgen tool # ################################################################################ Profiles:TwoOrgsOrdererGenesis:Orderer:<<: *OrdererDefaults Organizations:- *OrdererOrg Consortiums:SampleConsortium:Organizations:- *Org1- *Org2 TwoOrgsChannel: Consortium: SampleConsortium Application:<<: *ApplicationDefaults Organizations:- *Org1- *Org2################################################################################ # # Section: Organizations # # - This section defines the different organizational identities which will # be referenced later in the configuration. # ################################################################################ Organizations:# SampleOrg defines an MSP using the sampleconfig. It should never be used # in production but may be used as a template for other definitions - &OrdererOrg # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment Name: OrdererOrg# ID to load the MSP definition as ID: OrdererMSP# MSPDir is the filesystem path which contains the MSP configuration MSPDir: crypto-config/ordererOrganizations/example.com/msp- &Org1 # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment Name: Org1MSP# ID to load the MSP definition as ID: Org1MSPMSPDir: crypto-config/peerOrganizations/org1.example.com/mspAnchorPeers:# AnchorPeers defines the location of peers which can be used # for cross org gossip communication. Note, this value is only # encoded in the genesis block in the Application section context - Host: peer0.org1.example.com Port: 7051 - &Org2 # DefaultOrg defines the organization which is used in the sampleconfig # of the fabric.git development environment Name: Org2MSP# ID to load the MSP definition as ID: Org2MSPMSPDir: crypto-config/peerOrganizations/org2.example.com/mspAnchorPeers:# AnchorPeers defines the location of peers which can be used # for cross org gossip communication. Note, this value is only # encoded in the genesis block in the Application section context - Host: peer0.org2.example.com Port: 7051 ################################################################################ # # SECTION: Orderer # # - This section defines the values to encode into a config transaction or # genesis block for orderer related parameters # ################################################################################ Orderer: &OrdererDefaults# Orderer Type: The orderer implementation to start # Available types are "solo" and "kafka" OrdererType: soloAddresses:- orderer.example.com:7050 # Batch Timeout: The amount of time to wait before creating a batch BatchTimeout: 2s# Batch Size: Controls the number of messages batched into a block BatchSize:# Max Message Count: The maximum number of messages to permit in a batch MaxMessageCount: 10 # Absolute Max Bytes: The absolute maximum number of bytes allowed for # the serialized messages in a batch.AbsoluteMaxBytes: 98 MB# Preferred Max Bytes: The preferred maximum number of bytes allowed for # the serialized messages in a batch. A message larger than the preferred # max bytes will result in a batch larger than preferred max bytes.PreferredMaxBytes: 512 KBKafka:# Brokers: A list of Kafka brokers to which the orderer connects # NOTE: Use IP:port notation Brokers:- 127.0.0.1:9092 # Organizations is the list of orgs which are defined as participants on # the orderer side of the network Organizations:################################################################################ # # SECTION: Application # # - This section defines the values to encode into a config transaction or # genesis block for application related parameters # ################################################################################ Application: &ApplicationDefaults# Organizations is the list of orgs which are defined as participants on # the application side of the network Organizations:
执行结果
configtxgen 会把每个成员的证书打包,输出一个orderer genesis block 和三个channel transaction artifacts。
ll channel-artifacts/drwxr-xr-x 2 shouhewu shouhewu 4096 Jul 17 15:15 ./ drwxr-xr-x 9 shouhewu shouhewu 4096 Jul 17 15:18 ../ -rw-r--r-- 1 shouhewu shouhewu 369 Jul 17 15:21 channel.tx -rw-r--r-- 1 shouhewu shouhewu 9076 Jul 17 15:21 genesis.block -rw-rw-r-- 1 shouhewu shouhewu 0 Jul 17 15:14 .gitkeep -rw-r--r-- 1 shouhewu shouhewu 250 Jul 17 15:21 Org1MSPanchors.tx -rw-r--r-- 1 shouhewu shouhewu 250 Jul 17 15:21 Org2MSPanchors.tx
文章发布只为分享区块链技术内容,版权归原作者所有,观点仅代表作者本人,绝不代表区块链兄弟赞同其观点或证实其描述
转载于:https://my.oschina.net/u/3786249/blog/1797804
【fabric实战指南二】Fabric v1.0 部署过程原理详解相关推荐
- 用WEB技术栈开发NATIVE应用(二):WEEX 前端SDK原理详解
摘要: WEEX依旧采取传统的web开发技术栈进行开发,同时app在终端的运行体验不输native app.其同时解决了开发效率.发版速度以及用户体验三个核心问题.那么WEEX是如何实现的?目前WEE ...
- Docker:(二)docker安装部署及优化详解
目录 一:docker安装步骤详解 1.1关闭防火墙 1.2安装依赖包 1.3设置阿里云镜像源 1.4安装 Docker-CE并设置为开机自动启动 1.5查看 docker 版本信息 二:设置镜像加速 ...
- Hyperledger Fabric 实战(十二): Fabric 源码本地调试
借助开发网络调试 fabric 源码本地调试 准备工作 IDE Goland Go 1.9.7 fabric-samples 模块 chaincode-docker-devmode fabric 源码 ...
- XxlJob(二) 负载均衡用法及实现原理详解
目录 一.配置一个应用执行器 二.同一台机器上模拟负载均衡 1. 环境准备 2. 触发任务,选择轮询策略 3. 机器实例动态伸缩 三.负载均衡原理解析 1. 根据应用名查找地址列表 2. Exec ...
- [网络安全自学篇] 四十二.DNS欺骗和钓鱼网站原理详解及防御机理
这是作者的网络安全自学教程系列,主要是关于安全工具和实践操作的在线笔记,特分享出来与博友们学习,希望您们喜欢,一起进步.前文分享了中间人攻击或ARP欺骗攻击,从ARP原理到局域网配置进行描述.这篇文章 ...
- [Python人工智能] 十二.循环神经网络RNN和LSTM原理详解及TensorFlow编写RNN分类案例
从本专栏开始,作者正式开始研究Python深度学习.神经网络及人工智能相关知识.前一篇讲解了TensorFlow如何保存变量和神经网络参数,通过Saver保存神经网络,再通过Restore调用训练好的 ...
- 转:Vim实战指南(二):光标移动技巧
原文地址:Vim实战指南(二):光标移动技巧 Introduction 提升Vim/vi的打字效率的一个技巧就是快速移动光标.或许你觉得这不值一提,用hjkl或者上下左右也能移动,不过相信我,我下面要 ...
- Vim实战指南(二):光标移动技巧
原文地址:Vim实战指南(二):光标移动技巧 Introduction 提升Vim/vi的打字效率的一个技巧就是快速移动光标.或许你觉得这不值一提,用hjkl或者上下左右也能移动,不过相信我,我下面要 ...
- 1 企业实战(3) Redis服务部署和配置详解 (资源)
前言: 环境介绍: CentOS 7.5 Redis 5.0.0 gcc 下载: http://download.redis.io/releases/ 安装redis: [root@localhost ...
最新文章
- ActiveMQ—消息特性(延迟和定时消息投递)
- LeetCode实战:有效的括号
- BE镜像还原系统过程
- Python with语句
- ping mac地址_局域网ip地址如何显示?一个软件搞定
- 国二C语言文字选择程序选择,全国计算机等级考试二级C语言题型总结(二)——选择循环结构程序设计部分.doc...
- 20155227《网络对抗》Exp5 MSF基础应用
- 【NLP】DataCLUE: 国内首个以数据为中心的AI测评
- 使用代码获得document的related document 列表
- linux监测node进程,通过node_exporter监控linux服务器一
- java显示文件_java 显示文件夹结构
- Java面试——微服务
- 电压比较器的介绍和工作原理
- JAVA工具类之URL(编码、解码、参数解析)
- Win7下更改iTunes备份路径最便捷的方法
- 新浪UC 单文件精简版
- 面试相关(技术汇总)
- 39 个奇葩代码注释,看完笑哭了。。。
- 微信企业号开发:企业支付基础
- python画一片树叶的故事_《Python数据分析与机器学习实战-唐宇迪》读书笔记第7章--决策树...