Hyperledge Fabric 2.2 —— “getting started”
如果可以,尽量直接读原文
https://hyperledger-fabric.readthedocs.io/en/release-2.2/install.html
如果时间仓促,可以看本文。
1.软件预安装
建议直接安装在Linux系统(可以安装虚拟机)中。
(1)安装Git、cURL、Docker
(2) 安装Fabric
详情参考
https://hyperledger-fabric.readthedocs.io/en/release-2.2/prereqs.html
2.了解test-network
(1)确认成功安装预装软件
(2)运行网络
进入测试网络所在文件路径;关闭网络,删除之前运行的container、认证数据及链码。
$ cd fabric/test-network
$ ./network.sh down
以默认配置启动网络,采用默认加密方式,未使用CA认证;
$ ./network up
如果想启动的网络的同时,启动一条默认通道,可以将上述命令替换成:
./network.sh up createChannel
如果需要自定义通道名
$ ./network createChannel -c 自定义通道名称
成功启动通道时效果如下:
========= Channel successfully joined ===========
查看当前Docker中运行的组件:
$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
7742350cc363 hyperledger/fabric-peer:2.1.1 "peer node start" About a minute ago Up About a minute 7051/tcp, 0.0.0.0:9051->9051/tcp peer0.org2.example.com
f55947826039 hyperledger/fabric-peer:2.1.1 "peer node start" About a minute ago Up About a minute 0.0.0.0:7051->7051/tcp peer0.org1.example.com
7de556f811ac hyperledger/fabric-orderer:2.1.1 "orderer" About a minute ago Up About a minute 0.0.0.0:7050->7050/tcp orderer.example.com
合约部署命令:
./network.sh deployCC
部署后再次查看docker内容:
$ ./network.sh deployCC
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ffa3c594fdc3 dev-peer0.org1.example.com-basic_1.0-4ec191e793b27e953ff2ede5a8bcc63152cecb1e4c3f301a26e22692c61967ad-42f57faac8360472e47cbbbf3940e81bba83439702d085878d148089a1b213ca "chaincode -peer.add…" 3 minutes ago Up 3 minutes dev-peer0.org1.example.com-basic_1.0-4ec191e793b27e953ff2ede5a8bcc63152cecb1e4c3f301a26e22692c61967ad
72bb69e91f9a dev-peer0.org2.example.com-basic_1.0-4ec191e793b27e953ff2ede5a8bcc63152cecb1e4c3f301a26e22692c61967ad-6c0d5b0755cb92ed5555bd2e8a8765a6f425d1ed5ed9a90e625e01939e2113be "chaincode -peer.add…" 3 minutes ago Up 3 minutes dev-peer0.org2.example.com-basic_1.0-4ec191e793b27e953ff2ede5a8bcc63152cecb1e4c3f301a26e22692c61967ad
7742350cc363 hyperledger/fabric-peer:2.1.1 "peer node start" 10 minutes ago Up 10 minutes 7051/tcp, 0.0.0.0:9051->9051/tcp peer0.org2.example.com
f55947826039 hyperledger/fabric-peer:2.1.1 "peer node start" 10 minutes ago Up 10 minutes 0.0.0.0:7051->7051/tcp peer0.org1.example.com
7de556f811ac hyperledger/fabric-orderer:2.1.1 "orderer" 10 minutes ago Up 10 minutes 0.0.0.0:7050->7050/tcp orderer.example.com
可以发现在两个组织节点上启动了链代码container。
3.体验合约交互
(1)环境参数配置
建议打开系统的环境配置文件,命令如下:
$ sudo gedit /etc/profile
$ source /etc/profile
增加两行代码:
$ export PATH=上级目录/fabric/bin/
#将peer等命令路径预规划,便于直接使用
$ export FABRIC_CFG_PATH=上级目录/fabric/bin/
#指定配置文件路径
上述代码仅在fabric文件夹移动位置时需要变化。
接着,回到test-network文件夹:
在终端运行以下代码,即设定当前用户权限为Org1
# Environment variables for Org1
以org1权限运行peer
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=localhost:7051
此时,已经完成了Org1权限的环境参数的配置。
(2)链码初始化
首先初始化账本信息,并赋予原始资产信息。需要在任意路径下,打开终端输入:
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile \
${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem\
-C mychannel -n basic --peerAddresses localhost:7051 --tlsRootCertFiles \
${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt\
--peerAddresses localhost:9051 --tlsRootCertFiles \
${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt \
-c '{"function":"InitLedger","Args":[]}'
如果成功,会提示:
[chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200
现在就可以利用CLI进行链上资产的查询了。
peer chaincode query -C mychannel -n basic -c '{"Args":["GetAllAssets"]}'
如果查询账本数据成功,会输出如下信息:
[{"ID":"asset1","color":"blue","size":5,"owner":"Tomoko","appraisedValue":300},
{"ID":"asset2","color":"red","size":5,"owner":"Brad","appraisedValue":400},
{"ID":"asset3","color":"green","size":10,"owner":"Jin Soo","appraisedValue":500},
{"ID":"asset4","color":"yellow","size":10,"owner":"Max","appraisedValue":600},
{"ID":"asset5","color":"black","size":15,"owner":"Adriana","appraisedValue":700},
{"ID":"asset6","color":"white","size":15,"owner":"Michel","appraisedValue":800}]
接着,我们继续激活链码。
当一个网络成员想要转移或者改变账本中的资产记录时,链码会被调用并激活。
我们先尝试改变账本数据资产,可输入以下命令:
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile \
${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n basic --peerAddresses localhost:7051 --tlsRootCertFiles \
${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles \
${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c \
'{"function":"TransferAsset","Args":["asset6","Christopher"]}'
这里我们将“asset6”的所有者从Michel改成了Christopher。
如果操作成功,可以看到以下输出:
[chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200
此时,我们可以检查一下链上资产是否完成更新:
peer chaincode query -C mychannel -n basic -c '{"Args":["GetAllAssets"]}'
此时输出如下:
[{"ID":"asset1","color":"blue","size":5,"owner":"Tomoko","appraisedValue":300},
{"ID":"asset2","color":"red","size":5,"owner":"Brad","appraisedValue":400},
{"ID":"asset3","color":"green","size":10,"owner":"Jin Soo","appraisedValue":500},
{"ID":"asset4","color":"yellow","size":10,"owner":"Max","appraisedValue":600},
{"ID":"asset5","color":"black","size":15,"owner":"Adriana","appraisedValue":700},
{"ID":"asset6","color":"white","size":15,"owner":"Christopher","appraisedValue":800}]
可以发现当前asset6中Michel已经更新为成了Christopher。
(3)链上信息查询
为了丰富体验,咱们现在更改系统设置,切换成org2权限。
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=localhost:9051
接着利用peer命令查询:
peer chaincode query -C mychannel -n basic -c '{"Args":["ReadAsset","asset6"]}'
输出结果:
{"ID":"asset6","color":"white","size":15,"owner":"Christopher","appraisedValue":800}
此时,数据查询功能验证成功。
(4)关闭网络
./network.sh down
此时会关闭所有节点和服务,并删除所有网络上数据。
(5)CA认证
当使用
./network.sh up
启动网络时,会默认使用加密工具产生证书和密钥。
显示页面如下:
##########################################################
##### Generate certificates using cryptogen tool #########
##########################################################
##########################################################
############ Create Org1 Identities ######################
##########################################################
+ cryptogen generate --config=./organizations/cryptogen/crypto-config-org1.yaml --output=organizations
org1.example.com
+ res=0
+ set +x
##########################################################
############ Create Org2 Identities ######################
##########################################################
+ cryptogen generate --config=./organizations/cryptogen/crypto-config-org2.yaml --output=organizations
org2.example.com
+ res=0
+ set +x
##########################################################
############ Create Orderer Org Identities ###############
##########################################################
+ cryptogen generate --config=./organizations/cryptogen/crypto-config-orderer.yaml --output=organizations
+ res=0
+ set +x
如果想通过CA认证启动网络,可以按照如下操作:
$ ./network.sh down
$ ./network.sh up -ca 指明ca选项并启动网络
所有CA创建的组织内公用的身份认证分享同一个根的认证。
此时可通过
$ docker ps
查看当前运行的container:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
595627111b48 hyperledger/fabric-peer:2.1.1 "peer node start" 1 second ago Up Less than a second 0.0.0.0:7051->7051/tcp peer0.org1.example.com
6e60ae003206 hyperledger/fabric-orderer:2.1.1 "orderer" 1 second ago Up Less than a second 0.0.0.0:7050->7050/tcp orderer.example.com
013721847d3f hyperledger/fabric-peer:2.1.1 "peer node start" 1 second ago Up Less than a second 7051/tcp, 0.0.0.0:9051->9051/tcp peer0.org2.example.com
5e7aced69e8d hyperledger/fabric-ca:latest "sh -c 'fabric-ca-se…" 15 seconds ago Up 14 seconds 0.0.0.0:7054->7054/tcp ca_org1
1f7ae4e461e4 hyperledger/fabric-ca:latest "sh -c 'fabric-ca-se…" 15 seconds ago Up 14 seconds 7054/tcp, 0.0.0.0:8054->8054/tcp ca_org2
5a0ddf2ba098 hyperledger/fabric-ca:latest "sh -c 'fabric-ca-se…" 15 seconds ago Up 14 seconds 7054/tcp, 0.0.0.0:9054->9054/tcp ca_orderer
可以发现,不论组织内peer还是orderer节点都会产生对应ca-containner,用于标明身份。
如果安装有tree包(没有的话,利用apt-get install tree安装)
└── msp
├── cacerts
│ └── localhost-7054-ca-org1.pem
├── config.yaml
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── keystore
│ └── 588bd82c95c1f6768d8fbbe9eb93101f6e1838279e7aee43253d2131c29e4c34_sk
├── signcerts
│ └── cert.pem
└── user
4.回顾
(1)./network.sh 为两个peer组织和orderer组织创建密钥和证书;默认的脚本会调用organizations/cryptogen文件夹中的加密工具。如果使用-ca标志去创建CA,脚本将调用Fabric CA服务配置文档和registerEnroll.sh脚本。不管CA组件还是默认的加密工具都为三个组织在organizations文件夹中创建了加密材料和MSP文件夹。
(2)脚本中调用configxgen工具去创建系统通道的genesis区块。配置通道文件位于/fabric/config,创建的genesis块存储在/fabric/test-network/system-genesis-block文件夹。
(3)当加密材料和系统通道genesis区块创建成功之后,脚本会调用fabric/test-network/docker/docker-compose-test-net.yaml文件去创建组织节点和打包节点。
(4)createChannel子命令调用configtx.yaml去创建peer0.org1.example.com和peer0.org2.example.com通道。
(5)调用deployCC命令时,会调用/test-network/script/deployCC.sh脚本在所有节点安装链码并在通道上进行链码定义(声明接口)。一旦链码上传到通道,节点通过cli工具调用Init、触发/激活链码。
