k8s之上部署fabric

AI数据 区块链  收藏
0 / 1552

一、本地开发环境依赖

  • 安装 docker
  • 安装 kubectl、kubelet、kubeadm
  • 安装 flannel 网络插件

创建集群并初始化:

sudo kubeadm init --kubernetes-version v1.20.1 --apiserver-advertise-address=192.168.1.110 --service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --upload-certs |tee kubeadm-init.log

部署区块链网络:

$ cd /proj/workspace/pkg/mod/github.com/hyperledger
$ git clone https://github.com/IBM/blockchain-network-on-kubernetes.git
$ cd blockchain-network-on-kubernetes/configFiles
$ kubectl apply -f docker-volume.yaml
$ cd ..
$ chmod +x setup_blockchainNetwork_v2.sh
$ chmod +x deleteNetwork.sh
$ ./setup_blockchainNetwork_v2.sh
$ kubectl get pods -A

二、系统架构规划

2.1 节点规划

下图为本范例的部署架构,所有hyperledger 所需节点皆部署于 k8s 中的 hyperledger namespace 当中。架构中包含的节点如下

  • orderer0 : 排序节点0,用于排序区块
  • orderer1 : 排序节点1,用于排序区块
  • orderer2 : 排序节点2,用于排序区块
  • peer0-org1 : 组织1的Peer节点,用于区块的实际运算、背书以及记帐。
  • cli-org1-peer : 用于操纵组织1的Peer节点
  • peer0-org2 : 组织2的Peer节点,用于区块的实际运算、背书以及记帐。
  • cli-org2-peer : 用于操纵组织2的Peer节点

2.2 存储存放规划

节点 挂载路径 路径说明 PVC PV hostPath
orderer0 /var/hyperledger/orderer/ 存放凭证 orderer0-pvc ./fabric/orderer0
orderer0 /var/hyperledger/production 持久化资料 orderer0-persist-pvc ./fabric/orderer0persist
orderer1 /var/hyperledger/orderer/ 存放凭证 orderer1-pvc ./fabric/orderer1
orderer1 /var/hyperledger/production 持久化资料 orderer1-persist-pvc ./fabric/orderer1persist
orderer2 /var/hyperledger/orderer/ 存放凭证 orderer2-pvc ./fabric/orderer2
orderer2 /var/hyperledger/production 持久化资料 orderer2-persist-pvc ./fabric/orderer2persist
Org1-Peer /etc/hyperledger/fabric/ 存放凭证 peer0-org1-pvc ./fabric/peer0org1
Org1-Peer /var/hyperledger/production 持久化资料 peer0-org1-persist-pvc ./fabric/peer0org1persist
Org1-Peer-CLI /opt/gopath/src/github.com/ hyperledger/fabric/peer/crypto/ 存放凭证 peer0-org1-pvc ./fabric/peer0org1
Org2-Peer /etc/hyperledger/fabric/ 存放凭证 peer0-org2-pvc ./fabric/peer0org2
Org2-Peer /var/hyperledger/production 持久化资料 peer0-org2-persist-pvc ./fabric/peer0org2persist
Org2-Peer-CLI /opt/gopath/src/github.com/ hyperledger/fabric/peer/crypto/ 存放凭证 peer0-org1-pvc ./fabric/peer0org2

三、准备凭证

Hyperledger Fabric 于节点沟通时必须依赖凭证进行沟通,因此必须先签发凭证。在凭证的签发过程中可以使用两种方式签发凭证

  • cryptogen 命令
    cryptogen 为 Hyperledger Fabric 生成凭证的命令列工具,于 crypto-config.yaml 定义 Orderer 以及各组织的Peer的数量。
  • fabric-ca 服务
    Fabric CA 是一个为 Hyperledger Fabric 签发凭证的工具,通常每个组织会有自己的 Fabric CA,通過fabric-ca client 获得凭证后,就可以用这些凭证访问Peer。

在此范例中将以 cryptogen 命令列生成各节点所需凭证,以下为签发凭证的指令。可以查看 git repo 中的 crypto-config.yaml 为签发凭证设定文件,crypto-config则为签发结果

cryptogen generate --config=crypto-config.yaml --output ./crypto-config

(notice:练习中,需要再次生成新的凭证设定文件时,需要将./crypto-config文件夹删除后,再行运行上述命令。否则凭证设定文件不会被更新覆盖!)

四、准备创世区块

configtxgen -profile TwoOrgsOrdererGenesis -channelID devchan -outputBlock ./channel-artifacts/genesis.block

五、产生Channel 所需档案

# 产生Channel 所需档案

configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID "mychannel"

# 产生 Org1 使用的 channel 设定文件

configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/org1Anchors.tx  -channelID "mychannel" -asOrg org1MSP

# 产生 Org2 使用的 channel 设定文件

configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/org2Anchors.tx  -channelID "mychannel" -asOrg org2MSP

六、同步档案至PV中

在前述三、四、五章节中我们已经准备了以下内容

  • 各节点所需凭证
  • 创世区块
  • Channel 设定档

由于 Hyperledger 之 container 必须先将以上档案放置至正确位置后 container 才能正常启动。但本次安装不使用NFS 预先将档案填入,而是先启临时的 container 同步档案。
在本步骤我们将启动两个用于填充档案的 container

container 名称 说明
orderer-bastion 填充 orderer0-pvc,orderer1-pvc,orderer2-pvc 所需要的文档
peer-bastion 填充 peer0-org1-pvc,peer0-org2-pvc 所需要的文档

以下为同步文档的步骤

6.1 启动临时 container

kubectl create -f /deploy-hyperledger-fabric-on-k8s/file-populate-bastion/

这个指令将会产生 pv/pvc/orderer-bastion/peer-bastion 这些资源

6.2 同步 Orderer 所需文档

# 登录进入 orderer-bastion

kubectl exec -it ${orderer-bastion-pod-name} bash

# 安装 git 并 clone deploy-hyperledger-fabric-on-k8s repo

yum install git -y
git clone https://github.com/willzhuang/deploy-hyperledger-fabric-on-k8s.git

# 同步 orderer0 创世区块

cp deploy-hyperledger-fabric-on-k8s/channel-artifacts/genesis.block /orderer0-pvc/

# 同步 orderer0 凭证

cp -r deploy-hyperledger-fabric-on-k8s/crypto-config/ordererOrganizations/consortium/orderers/orderer0/* /orderer0-pvc/

# 同步 orderer1 创世区块

cp deploy-hyperledger-fabric-on-k8s/channel-artifacts/genesis.block /orderer1-pvc/

# 同步 orderer1 凭证

cp -r deploy-hyperledger-fabric-on-k8s/crypto-config/ordererOrganizations/consortium/orderers/orderer1/* /orderer1-pvc/

# 同步 orderer2 创世区块

cp deploy-hyperledger-fabric-on-k8s/channel-artifacts/genesis.block /orderer2-pvc/

# 同步 orderer2 凭证

cp -r deploy-hyperledger-fabric-on-k8s/crypto-config/ordererOrganizations/consortium/orderers/orderer2/* /orderer2-pvc/

6.3 同步 Peer 所需要的文档

# 登录进入 peer-bastion

kubectl exec -it ${peer-bastion-pod-name} bash

# 安装 git 並 clone deploy-hyperledger-fabric-on-k8s repo

yum install git -y
git clone https://github.com/willzhuang/deploy-hyperledger-fabric-on-k8s.git

# 同步 org1 peer0 所需之凭证

cp -r /deploy-hyperledger-fabric-on-k8s/crypto-config/peerOrganizations/org1/peers/peer0-org1/* peer0-org1-pvc/

# 同步 org1 peer0 cli 所需之凭证

cp -r /deploy-hyperledger-fabric-on-k8s/crypto-config/* /peer0-org1-pvc/

# 同步 org1 peer0 所需之 channel设定文档

cp /deploy-hyperledger-fabric-on-k8s/channel-artifacts/* peer0-org1-pvc/

# 同步 org2 peer0 所需之凭证

cp -r /deploy-hyperledger-fabric-on-k8s/crypto-config/peerOrganizations/org2/peers/peer0-org2/* peer0-org2-pvc/

# 同步 org2 peer0 cli 所需之凭证

cp -r /deploy-hyperledger-fabric-on-k8s/crypto-config/* /peer0-org2-pvc/

# 同步 org2 peer0 所需之 channel设定文档

cp /deploy-hyperledger-fabric-on-k8s/channel-artifacts/* peer0-org2-pvc/

七、启动 Orderer

# 启动 orderer cluster
kubectl create -f /deploy-hyperledger-fabric-on-k8s/orderer/

內含 orderer0,orderer1,orderer2 所需的 deployment 与 service 资源

八、启动 Peer

# 启动 org1 peer0

kubectl create -f /deploy-hyperledger-fabric-on-k8s/org1/

# 內含 org1 peer0/cli 所需的 deployment,configmap,service 资源

# 启动 org2 peer0

kubectl create -f /deploy-hyperledger-fabric-on-k8s/org2/

# 內含 org2 peer0/cli 所需的 deployment,configmap,service 资源

九、创建channel

9.1 将 org1 peer0 加入 channel

# 登录进入 cli pod
kubectl exec -it ${org1-peer0-cli-pod-name} sh

# 产生 channel 区块

peer channel create -o orderer0:7050 -c mychannel -f ./scripts/channel-artifacts/channel.tx --tls true --cafile $ORDERER_CA

运行成功后,log信息如下:

/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel create -o orderer0:7050 -c mychannel -f ./scripts/channel-artifacts/channel.tx -
-tls true --cafile $ORDERER_CA
2021-08-10 05:41:03.212 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-08-10 05:41:03.242 UTC [cli.common] readBlock -> INFO 002 Expect block, but got status: &{NOT_FOUND}
2021-08-10 05:41:03.246 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2021-08-10 05:41:03.447 UTC [cli.common] readBlock -> INFO 004 Expect block, but got status: &{SERVICE_UNAVAILABLE}
2021-08-10 05:41:03.450 UTC [channelCmd] InitCmdFactory -> INFO 005 Endorser and orderer connections initialized
2021-08-10 05:41:03.651 UTC [cli.common] readBlock -> INFO 006 Expect block, but got status: &{SERVICE_UNAVAILABLE}
2021-08-10 05:41:03.654 UTC [channelCmd] InitCmdFactory -> INFO 007 Endorser and orderer connections initialized
2021-08-10 05:41:03.857 UTC [cli.common] readBlock -> INFO 008 Expect block, but got status: &{SERVICE_UNAVAILABLE}
2021-08-10 05:41:03.866 UTC [channelCmd] InitCmdFactory -> INFO 009 Endorser and orderer connections initialized
2021-08-10 05:41:04.068 UTC [cli.common] readBlock -> INFO 00a Expect block, but got status: &{SERVICE_UNAVAILABLE}
2021-08-10 05:41:04.070 UTC [channelCmd] InitCmdFactory -> INFO 00b Endorser and orderer connections initialized
2021-08-10 05:41:04.273 UTC [cli.common] readBlock -> INFO 00c Expect block, but got status: &{SERVICE_UNAVAILABLE}
2021-08-10 05:41:04.277 UTC [channelCmd] InitCmdFactory -> INFO 00d Endorser and orderer connections initialized
2021-08-10 05:41:04.480 UTC [cli.common] readBlock -> INFO 00e Received block: 0
# 加入 channel

peer channel join -b mychannel.block

运行成功后,log信息如下:

/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel join -b mychannel.block
2021-08-10 05:48:59.716 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-08-10 05:48:59.736 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
# 查看是否在 channel 当中

peer channel list

9.2 將 org2 peer0 加入 channel

# 登录进入 cli pod

kubectl exec -it pod ${org2-peer0-cli-pod-name} sh

# 取得 channel 区块

peer channel fetch 0 mychannel.block -c mychannel -o orderer0:7050 --tls --cafile $ORDERER_CA

# 加入 channel

peer channel join -b mychannel.block

# 查看是否在 channel 当中

peer channel list

运行成功后,log信息如下:

/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel fetch 0 mychannel.block -c mychannel -o orderer0:7050 --tls --cafile $ORDERER_CA
2021-08-10 06:05:04.550 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-08-10 06:05:04.553 UTC [cli.common] readBlock -> INFO 002 Received block: 0
/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel join -b mychannel.block
2021-08-10 06:05:16.493 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-08-10 06:05:16.513 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel list
2021-08-10 06:05:24.222 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Channels peers has joined:
mychannel

十、Fabric节点上安装外的Chaincode

10.1 安装chaincode
‘marbles’ 链码作为范例

打包org1

# 进入github的chaincode/packaging

# 将connection.json 打包成为 code.tar.gz

$ tar cfz code.tar.gz connection.json

#再將code.tar.gz metadata.json包成marbles-org1.tgz
$ tar cfz marbles-org1.tgz code.tar.gz metadata.json

将org1 tar文档安装到peer cli pod中

# 将marbles-org1.tgz放入peer pod

kubectl cp marbles-org1.tgz hyperledger/${cli-org1-name}:/opt/gopath/src/github.com/hyperledger/fabric/peer

# 登录进入$ {cli-org1-name} pod

kubectl exec -it ${cli-org1-name} -- /bin/bash

# 在peer-cli上安装chaincode