一、本地开发环境依赖
- k8s安装,对照https://aiqianji.com/blog/topic/149,需要安装如下步骤:
- 安装 docker
- 安装 kubectl、kubelet、kubeadm
- 安装 flannel 网络插件
创建集群并初始化:
sudo kubeadm init --kubernetes-version v1.20.1 --apiserver-advertise-address=192.168.1.110 --service-cidr=10.10.0.0/16 --pod-network-cidr=10.122.0.0/16 --image-repository registry.cn-hangzhou.aliyuncs.com/google_containers --upload-certs |tee kubeadm-init.log
部署区块链网络:
$ cd /proj/workspace/pkg/mod/github.com/hyperledger
$ git clone https://github.com/IBM/blockchain-network-on-kubernetes.git
$ cd blockchain-network-on-kubernetes/configFiles
$ kubectl apply -f docker-volume.yaml
$ cd ..
$ chmod +x setup_blockchainNetwork_v2.sh
$ chmod +x deleteNetwork.sh
$ ./setup_blockchainNetwork_v2.sh
$ kubectl get pods -A
二、系统架构规划
2.1 节点规划
下图为本范例的部署架构,所有hyperledger 所需节点皆部署于 k8s 中的 hyperledger namespace 当中。架构中包含的节点如下
- orderer0 : 排序节点0,用于排序区块
- orderer1 : 排序节点1,用于排序区块
- orderer2 : 排序节点2,用于排序区块
- peer0-org1 : 组织1的Peer节点,用于区块的实际运算、背书以及记帐。
- cli-org1-peer : 用于操纵组织1的Peer节点
- peer0-org2 : 组织2的Peer节点,用于区块的实际运算、背书以及记帐。
- cli-org2-peer : 用于操纵组织2的Peer节点
2.2 存储存放规划
| 节点 | 挂载路径 | 路径说明 | PVC | PV hostPath |
|---|---|---|---|---|
| orderer0 | /var/hyperledger/orderer/ | 存放凭证 | orderer0-pvc | ./fabric/orderer0 |
| orderer0 | /var/hyperledger/production | 持久化资料 | orderer0-persist-pvc | ./fabric/orderer0persist |
| orderer1 | /var/hyperledger/orderer/ | 存放凭证 | orderer1-pvc | ./fabric/orderer1 |
| orderer1 | /var/hyperledger/production | 持久化资料 | orderer1-persist-pvc | ./fabric/orderer1persist |
| orderer2 | /var/hyperledger/orderer/ | 存放凭证 | orderer2-pvc | ./fabric/orderer2 |
| orderer2 | /var/hyperledger/production | 持久化资料 | orderer2-persist-pvc | ./fabric/orderer2persist |
| Org1-Peer | /etc/hyperledger/fabric/ | 存放凭证 | peer0-org1-pvc | ./fabric/peer0org1 |
| Org1-Peer | /var/hyperledger/production | 持久化资料 | peer0-org1-persist-pvc | ./fabric/peer0org1persist |
| Org1-Peer-CLI | /opt/gopath/src/github.com/ hyperledger/fabric/peer/crypto/ | 存放凭证 | peer0-org1-pvc | ./fabric/peer0org1 |
| Org2-Peer | /etc/hyperledger/fabric/ | 存放凭证 | peer0-org2-pvc | ./fabric/peer0org2 |
| Org2-Peer | /var/hyperledger/production | 持久化资料 | peer0-org2-persist-pvc | ./fabric/peer0org2persist |
| Org2-Peer-CLI | /opt/gopath/src/github.com/ hyperledger/fabric/peer/crypto/ | 存放凭证 | peer0-org1-pvc | ./fabric/peer0org2 |
三、准备凭证
Hyperledger Fabric 于节点沟通时必须依赖凭证进行沟通,因此必须先签发凭证。在凭证的签发过程中可以使用两种方式签发凭证
- cryptogen 命令
cryptogen 为 Hyperledger Fabric 生成凭证的命令列工具,于 crypto-config.yaml 定义 Orderer 以及各组织的Peer的数量。 - fabric-ca 服务
Fabric CA 是一个为 Hyperledger Fabric 签发凭证的工具,通常每个组织会有自己的 Fabric CA,通過fabric-ca client 获得凭证后,就可以用这些凭证访问Peer。
在此范例中将以 cryptogen 命令列生成各节点所需凭证,以下为签发凭证的指令。可以查看 git repo 中的 crypto-config.yaml 为签发凭证设定文件,crypto-config则为签发结果。
cryptogen generate --config=crypto-config.yaml --output ./crypto-config
(notice:练习中,需要再次生成新的凭证设定文件时,需要将./crypto-config文件夹删除后,再行运行上述命令。否则凭证设定文件不会被更新覆盖!)
四、准备创世区块
configtxgen -profile TwoOrgsOrdererGenesis -channelID devchan -outputBlock ./channel-artifacts/genesis.block
五、产生Channel 所需档案
# 产生Channel 所需档案
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID "mychannel"
# 产生 Org1 使用的 channel 设定文件
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/org1Anchors.tx -channelID "mychannel" -asOrg org1MSP
# 产生 Org2 使用的 channel 设定文件
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/org2Anchors.tx -channelID "mychannel" -asOrg org2MSP
六、同步档案至PV中
在前述三、四、五章节中我们已经准备了以下内容
- 各节点所需凭证
- 创世区块
- Channel 设定档
由于 Hyperledger 之 container 必须先将以上档案放置至正确位置后 container 才能正常启动。但本次安装不使用NFS 预先将档案填入,而是先启临时的 container 同步档案。
在本步骤我们将启动两个用于填充档案的 container
| container 名称 | 说明 |
|---|---|
| orderer-bastion | 填充 orderer0-pvc,orderer1-pvc,orderer2-pvc 所需要的文档 |
| peer-bastion | 填充 peer0-org1-pvc,peer0-org2-pvc 所需要的文档 |
以下为同步文档的步骤
6.1 启动临时 container
kubectl create -f /deploy-hyperledger-fabric-on-k8s/file-populate-bastion/
这个指令将会产生 pv/pvc/orderer-bastion/peer-bastion 这些资源
6.2 同步 Orderer 所需文档
# 登录进入 orderer-bastion
kubectl exec -it ${orderer-bastion-pod-name} bash
# 安装 git 并 clone deploy-hyperledger-fabric-on-k8s repo
yum install git -y
git clone https://github.com/willzhuang/deploy-hyperledger-fabric-on-k8s.git
# 同步 orderer0 创世区块
cp deploy-hyperledger-fabric-on-k8s/channel-artifacts/genesis.block /orderer0-pvc/
# 同步 orderer0 凭证
cp -r deploy-hyperledger-fabric-on-k8s/crypto-config/ordererOrganizations/consortium/orderers/orderer0/* /orderer0-pvc/
# 同步 orderer1 创世区块
cp deploy-hyperledger-fabric-on-k8s/channel-artifacts/genesis.block /orderer1-pvc/
# 同步 orderer1 凭证
cp -r deploy-hyperledger-fabric-on-k8s/crypto-config/ordererOrganizations/consortium/orderers/orderer1/* /orderer1-pvc/
# 同步 orderer2 创世区块
cp deploy-hyperledger-fabric-on-k8s/channel-artifacts/genesis.block /orderer2-pvc/
# 同步 orderer2 凭证
cp -r deploy-hyperledger-fabric-on-k8s/crypto-config/ordererOrganizations/consortium/orderers/orderer2/* /orderer2-pvc/
6.3 同步 Peer 所需要的文档
# 登录进入 peer-bastion
kubectl exec -it ${peer-bastion-pod-name} bash
# 安装 git 並 clone deploy-hyperledger-fabric-on-k8s repo
yum install git -y
git clone https://github.com/willzhuang/deploy-hyperledger-fabric-on-k8s.git
# 同步 org1 peer0 所需之凭证
cp -r /deploy-hyperledger-fabric-on-k8s/crypto-config/peerOrganizations/org1/peers/peer0-org1/* peer0-org1-pvc/
# 同步 org1 peer0 cli 所需之凭证
cp -r /deploy-hyperledger-fabric-on-k8s/crypto-config/* /peer0-org1-pvc/
# 同步 org1 peer0 所需之 channel设定文档
cp /deploy-hyperledger-fabric-on-k8s/channel-artifacts/* peer0-org1-pvc/
# 同步 org2 peer0 所需之凭证
cp -r /deploy-hyperledger-fabric-on-k8s/crypto-config/peerOrganizations/org2/peers/peer0-org2/* peer0-org2-pvc/
# 同步 org2 peer0 cli 所需之凭证
cp -r /deploy-hyperledger-fabric-on-k8s/crypto-config/* /peer0-org2-pvc/
# 同步 org2 peer0 所需之 channel设定文档
cp /deploy-hyperledger-fabric-on-k8s/channel-artifacts/* peer0-org2-pvc/
七、启动 Orderer
# 启动 orderer cluster
kubectl create -f /deploy-hyperledger-fabric-on-k8s/orderer/
內含 orderer0,orderer1,orderer2 所需的 deployment 与 service 资源
八、启动 Peer
# 启动 org1 peer0
kubectl create -f /deploy-hyperledger-fabric-on-k8s/org1/
# 內含 org1 peer0/cli 所需的 deployment,configmap,service 资源
# 启动 org2 peer0
kubectl create -f /deploy-hyperledger-fabric-on-k8s/org2/
# 內含 org2 peer0/cli 所需的 deployment,configmap,service 资源
九、创建channel
9.1 将 org1 peer0 加入 channel
# 登录进入 cli pod
kubectl exec -it ${org1-peer0-cli-pod-name} sh
# 产生 channel 区块
peer channel create -o orderer0:7050 -c mychannel -f ./scripts/channel-artifacts/channel.tx --tls true --cafile $ORDERER_CA
运行成功后,log信息如下:
/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel create -o orderer0:7050 -c mychannel -f ./scripts/channel-artifacts/channel.tx -
-tls true --cafile $ORDERER_CA
2021-08-10 05:41:03.212 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-08-10 05:41:03.242 UTC [cli.common] readBlock -> INFO 002 Expect block, but got status: &{NOT_FOUND}
2021-08-10 05:41:03.246 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2021-08-10 05:41:03.447 UTC [cli.common] readBlock -> INFO 004 Expect block, but got status: &{SERVICE_UNAVAILABLE}
2021-08-10 05:41:03.450 UTC [channelCmd] InitCmdFactory -> INFO 005 Endorser and orderer connections initialized
2021-08-10 05:41:03.651 UTC [cli.common] readBlock -> INFO 006 Expect block, but got status: &{SERVICE_UNAVAILABLE}
2021-08-10 05:41:03.654 UTC [channelCmd] InitCmdFactory -> INFO 007 Endorser and orderer connections initialized
2021-08-10 05:41:03.857 UTC [cli.common] readBlock -> INFO 008 Expect block, but got status: &{SERVICE_UNAVAILABLE}
2021-08-10 05:41:03.866 UTC [channelCmd] InitCmdFactory -> INFO 009 Endorser and orderer connections initialized
2021-08-10 05:41:04.068 UTC [cli.common] readBlock -> INFO 00a Expect block, but got status: &{SERVICE_UNAVAILABLE}
2021-08-10 05:41:04.070 UTC [channelCmd] InitCmdFactory -> INFO 00b Endorser and orderer connections initialized
2021-08-10 05:41:04.273 UTC [cli.common] readBlock -> INFO 00c Expect block, but got status: &{SERVICE_UNAVAILABLE}
2021-08-10 05:41:04.277 UTC [channelCmd] InitCmdFactory -> INFO 00d Endorser and orderer connections initialized
2021-08-10 05:41:04.480 UTC [cli.common] readBlock -> INFO 00e Received block: 0
# 加入 channel
peer channel join -b mychannel.block
运行成功后,log信息如下:
/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel join -b mychannel.block
2021-08-10 05:48:59.716 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-08-10 05:48:59.736 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
# 查看是否在 channel 当中
peer channel list
9.2 將 org2 peer0 加入 channel
# 登录进入 cli pod
kubectl exec -it pod ${org2-peer0-cli-pod-name} sh
# 取得 channel 区块
peer channel fetch 0 mychannel.block -c mychannel -o orderer0:7050 --tls --cafile $ORDERER_CA
# 加入 channel
peer channel join -b mychannel.block
# 查看是否在 channel 当中
peer channel list
运行成功后,log信息如下:
/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel fetch 0 mychannel.block -c mychannel -o orderer0:7050 --tls --cafile $ORDERER_CA
2021-08-10 06:05:04.550 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-08-10 06:05:04.553 UTC [cli.common] readBlock -> INFO 002 Received block: 0
/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel join -b mychannel.block
2021-08-10 06:05:16.493 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-08-10 06:05:16.513 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel list
2021-08-10 06:05:24.222 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Channels peers has joined:
mychannel
十、Fabric节点上安装外的Chaincode
10.1 安装chaincode
‘marbles’ 链码作为范例
打包org1
# 进入github的chaincode/packaging
# 将connection.json 打包成为 code.tar.gz
$ tar cfz code.tar.gz connection.json
#再將code.tar.gz metadata.json包成marbles-org1.tgz
$ tar cfz marbles-org1.tgz code.tar.gz metadata.json
将org1 tar文档安装到peer cli pod中
# 将marbles-org1.tgz放入peer pod
kubectl cp marbles-org1.tgz hyperledger/${cli-org1-name}:/opt/gopath/src/github.com/hyperledger/fabric/peer
# 登录进入$ {cli-org1-name} pod
kubectl exec -it ${cli-org1-name} -- /bin/bash
# 在peer-cli上安装chaincode
