一、环境
操作系统:CentOS 7.6
软件版本
| 软件名称 |
版本号 |
| hyperledger/fabric-ca(镜像) |
1.2.0 |
| hyperledger/fabric-orderer(镜像) |
1.2.0 |
| hyperledger/fabric-peer(镜像) |
1.2.0 |
| hyperledger/fabric-zookeeper(镜像) |
1.2.0 |
| hyperledger/fabric-kafka(镜像) |
1.2.0 |
| hyperledger/fabric-tools(镜像) |
1.2.0 |
| hyperledger/fabric-ccenv(镜像) |
1.2.0 |
| docker |
1.13.1 |
| docker-compose |
1.12.0 |
| go |
1.11.2 |
| ip |
部署角色 |
| 191.8.2.156 |
ca0 zookeeper0 kafka0 orderer0.example.com peer0.org1.example.com |
| 191.8.2.158 |
zookeeper1 kafka1 orderer1.example.com |
| 191.8.2.159 |
zookeeper2 kafka2 orderer2.example.com peer0.org2.example.com |
| 191.8.2.147 |
kafka3 peer1.org2.example.com |
| 191.8.2.148 |
ca1 peer1.org1.example.com |
二、fabric网络结构
本次分布式部署包括以下节点角色:
3个orderer
2个组织org1、org2
4个peer,每个组织包含2个peer,分别为peer0.org1、peer1.org1、peer0.org2、peer1.org2
2个CA,每个组织包含一个CA,分别是ca0、ca1
3个zookeeper实例,zookeeper0、zookeeper1、zookeeper2
4个kafka实例,kafka0、kafka1、kafka2、kafka3
三、部署过程
1、生成创世区块、channel、锚节点和证书及密钥所需材料
生成创世区块、channel、锚节点所需配置文件
configtx.yaml
生成证书及密钥文件所需材料
crypto-config.yaml
运行文件 generate.sh使用工具 configtxgen 和cryptogen来生成对应材料
该命令执行完会生成两个文件目录config、cryto-config
将config文件和cryto-config文件压缩打包
1
2
3
| zip -r ./ config ./config.zip
zip -r ./ crypto-config ./ crypto-config.zip
|
2、在每个宿主机上创建新路径用来存放fabric项目
1
2
| mkdir /opt/gopath/src/github.com/hyperledger/ && cd /opt/gopath/src/github.com/hyperledger/
|
3、将步骤1的压缩文件分发到各个节点fabric项目目录目录下并解压
1
2
3
4
5
6
7
8
9
10
11
12
| scp config.zip root@191.8.2.158 :/opt/gopath/src/github.com/hyperledger/
scp crypto-config.zip root@191.8.2.158: /opt/gopath/src/github.com/hyperledger/
scp config.zip root@191.8.2.159: /opt/gopath/src/github.com/hyperledger/
scp crypto-config.zip root@191.8.2.159: /opt/gopath/src/github.com/hyperledger/
scp config.zip root@191.8.2.148: /opt/gopath/src/github.com/hyperledger/
scp crypto-config.zip root@191.8.2.148: /opt/gopath/src/github.com/hyperledger/
scp config.zip root@191.8.2.148: /opt/gopath/src/github.com/hyperledger/
scp crypto-config.zip root@191.8.2.148: /opt/gopath/src/github.com/hyperledger/
|
解压
1
2
3
4
| cd /opt/gopath/src/github.com/hyperledger/
unzip config.zip
unzip crypto-config.zip
|
4、编写各节点角色容器启动文件
创建hosts文件,该host是文件主要是作为挂载在容器的hosts文件
1
2
3
4
5
6
7
| mkdir cluster-config && cd cluster-config
vi hosts
191.8.2.156 ca0 zookeeper0 kafka0 orderer0.example.com peer0.org1.example.com
191.8.2.158 zookeeper1 kafka1 orderer1.example.com peer1.org1.example.com
191.8.2.159 zookeeper2 kafka2 orderer2.example.com peer0.org2.example.com
191.8.2.147 kafka3 peer1.org2.example.com
191.8.2.148 ca1 peer1.org1.example.com
|
创建docker-compose-base.yml文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
| vi docker-compose-base.yml
version: '2'
services:
zookeeper:
image: hyperledger/fabric-zookeeper
ports:
- 2181
- 2888
- 3888
volumes:
- ./hosts:/etc/hosts
kafka:
image: hyperledger/fabric-kafka
environment:
- KAFKA_LOG_RETENTION_MS=-1
- KAFKA_MESSAGE_MAX_BYTES=103809024
- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024
- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
- KAFKA_DEFAULT_REPLICATION_FACTOR=${KAFKA_DEFAULT_REPLICATION_FACTOR}
- KAFKA_MIN_INSYNC_REPLICAS=2
volumes:
- ./hosts:/etc/hosts
ports:
- 9092
orderer:
image: hyperledger/fabric-orderer
environment:
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=host
- ORDERER_HOME=/var/hyperledger/orderer
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/msp
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_LEDGERTYPE=ram
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/configs/orderer.block
- CONFIGTX_ORDERER_ORDERERTYPE=solo
- CONFIGTX_ORDERER_BATCHSIZE_MAXMESSAGECOUNT=${CONFIGTX_ORDERER_BATCHSIZE_MAXMESSAGECOUNT}
- CONFIGTX_ORDERER_BATCHTIMEOUT=${CONFIGTX_ORDERER_BATCHTIMEOUT}
- CONFIGTX_ORDERER_ADDRESSES=[127.0.0.1:7050]
# TLS settings
- ORDERER_GENERAL_TLS_ENABLED=${ORDERER_GENERAL_TLS_ENABLED}
- ORDERER_GENERAL_TLS_PRIVATEKEY=${ORDERER_GENERAL_TLS_PRIVATEKEY}
- ORDERER_GENERAL_TLS_CERTIFICATE=${ORDERER_GENERAL_TLS_CERTIFICATE}
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/tls/ca.crt]
- ORDERER_TLS_CLIENTAUTHREQUIRED=${ORDERER_TLS_CLIENTAUTHREQUIRED}
- ORDERER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin@example.com/tls/ca.crt
- ORDERER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin@example.com/tls/client.crt
- ORDERER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin@example.com/tls/client.key
volumes:
- ../config/:/var/hyperledger/configs
- ../crypto-config/ordererOrganizations/example.com/users:/var/hyperledger/users
- ./hosts:/etc/hosts
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- '7050'
couchdb:
image: hyperledger/fabric-couchdb
volumes:
- ./hosts:/etc/hosts
peer:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_NETWORKID=${CORE_PEER_NETWORKID}
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${CORE_PEER_NETWORKID}_behave
- CORE_PEER_ADDRESSAUTODETECT=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_MSPCONFIGPATH=/var/hyperledger/msp
#- CORE_LEDGER_STATE_STATEDATABASE=LevelDB
- CORE_LOGGING_LEVEL=DEBUG
- CORE_LOGGING_GOSSIP=${CORE_LOGGING_GOSSIP}
- CORE_LOGGING_MSP=DEBUG
# TLS settings
- CORE_PEER_TLS_ENABLED=${CORE_PEER_TLS_ENABLED}
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=${CORE_PEER_TLS_CLIENTAUTHREQUIRED}
- CORE_PEER_TLS_CERT_FILE=${CORE_PEER_TLS_CERT_FILE}
- CORE_PEER_TLS_KEY_FILE=${CORE_PEER_TLS_KEY_FILE}
- CORE_PEER_TLS_ROOTCERT_FILE=/var/hyperledger/tls/ca.crt
volumes:
- /var/run/:/host/var/run/
- $GOPATH/src/github.com/hyperledger/fabric/:/opt/gopath/src/github.com/hyperledger/fabric/
- ../crypto-config/:/var/hyperledger/configs
- ../config/:/var/hyperledger/configs
command: peer node start
ports:
- '7051'
- '7053'
|
4.2 在各个宿主机上创建启动文件
4.2.1 宿主机191.8.2.156
创建ca0.yml,其中文件中的c54f5a53707de15a9530d1f5bd492e5b2a626b67acd400b61f24d22b9fd06e69_sk 应该随着新生成的证书密钥文件作对应修改
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| vi ca0.yml
version: '2'
# networks:
# behave:
services:
ca0:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_TLS_ENABLED=false
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/c54f5a53707de15a9530d1f5bd492e5b2a626b67acd400b61f24d22b9fd06e69_sk #该文件名应该对应着新生成的密钥文件进行修改
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/c54f5a53707de15a9530d1f5bd492e5b2a626b67acd400b61f24d22b9fd06e69_sk -b admin:adminpw -d' #该文件名应该对应着新生成的密钥文件进行修改
volumes:
- ../crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./hosts:/etc/hosts
container_name: ca_peerOrg1
network_mode: "host"
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建zookeeper0.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
| vi zookeeper0.yml
version: '2'
# networks:
# behave:
services:
zookeeper0:
extends:
file: docker-compose-base.yml
service: zookeeper
container_name: zookeeper0
environment:
- ZOO_MY_ID=1
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
network_mode: "host"
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建kafka0.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| vi kafka0.yml
version: '2'
# networks:
# behave:
services:
kafka0:
extends:
file: docker-compose-base.yml
service: kafka
container_name: kafka0
environment:
- KAFKA_BROKER_ID=0
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
- KAFKA_MESSAGE_MAX_BYTES=${KAFKA_MESSAGE_MAX_BYTES}
- KAFKA_REPLICA_FETCH_MAX_BYTES=${KAFKA_REPLICA_FETCH_MAX_BYTES}
- KAFKA_REPLICA_FETCH_RESPONSE_MAX_BYTES=${KAFKA_REPLICA_FETCH_RESPONSE_MAX_BYTES}
ports:
- "9092:9092"
network_mode: "host"
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建orderer0.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| vi orderer0.yml
version: '2'
# networks:
# behave:
services:
orderer0.example.com:
extends:
file: docker-compose-base.yml
service: orderer
container_name: orderer0.example.com
environment:
- ORDERER_HOST=orderer0.example.com
- CONFIGTX_ORDERER_ORDERERTYPE=kafka
- CONFIGTX_ORDERER_KAFKA_BROKERS=[kafka0:9092,kafka1:9092,kafka2:9092,kafka3:9092]
- ORDERER_KAFKA_RETRY_SHORTINTERVAL=1s
- ORDERER_KAFKA_RETRY_SHORTTOTAL=30s
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_GENESISPROFILE=SampleInsecureKafka
- ORDERER_ABSOLUTEMAXBYTES=${ORDERER_ABSOLUTEMAXBYTES}
- ORDERER_PREFERREDMAXBYTES=${ORDERER_PREFERREDMAXBYTES}
volumes:
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp:/var/hyperledger/msp
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls:/var/hyperledger/tls
- ../config/:/var/hyperledger/configs
network_mode: "host"
ports:
- 7050:7050
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建peer01.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
| vi peer01.yml
version: '2'
networks:
behave:
services:
peer0.org1.example.com:
extends:
file: docker-compose-base.yml
service: peer
container_name: peer0.org1.example.com
environment:
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_ORGLEADER=${CORE_PEER_GOSSIP_ORGLEADER_PEER0_ORG1}
- CORE_PEER_GOSSIP_USELEADERELECTION=${CORE_PEER_GOSSIP_USELEADERELECTION_PEER0_ORG1}
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin@org1.example.com/tls/ca.crt
- CORE_PEER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin@org1.example.com/tls/client.crt
- CORE_PEER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin@org1.example.com/tls/client.key
volumes:
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/var/hyperledger/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/var/hyperledger/tls
- ../crypto-config/peerOrganizations/org1.example.com/users:/var/hyperledger/users
- ../config/:/var/hyperledger/configs
extra_hosts:
- "orderer0.example.com:191.8.2.156"
- "orderer1.example.com:191.8.2.158"
- "orderer2.example.com:191.8.2.159"
networks:
behave:
aliases:
- ${CORE_PEER_NETWORKID}
ports:
- 7051:7051
- 7053:7053
|
创建docker-compose-cli-org1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| vi docker-compose-cli-org1.yml
version: '2'
networks:
behave:
services:
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
- CORE_CHAINCODE_KEEPALIVE=10
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ../chaincode/:/opt/gopath/src/github.com/chaincode
- $GOPATH/src/github.com/hyperledger/fabric/:/opt/gopath/src/github.com/hyperledger/fabric/
- ../crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
networks:
- behave
|
4.2.2 宿主机191.8.2.158
创建zookeeper1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| vi zookeeper1.yml
version: '2'
# networks:
# behave:
services:
zookeeper1:
extends:
file: docker-compose-base.yml
service: zookeeper
container_name: zookeeper1
environment:
- ZOO_MY_ID=2
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
ports:
- "2181:2181"
- "2888:2888"
- "3888:3888"
network_mode: "host"
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建kafka1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| vi kafka1.yml
version: '2'
# networks:
# behave:
services:
kafka1:
extends:
file: docker-compose-base.yml
service: kafka
container_name: kafka1
environment:
- KAFKA_ADVERTISED_HOST_NAME=kafka1
- KAFKA_BROKER_ID=1
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
- KAFKA_MESSAGE_MAX_BYTES=${KAFKA_MESSAGE_MAX_BYTES}
- KAFKA_REPLICA_FETCH_MAX_BYTES=${KAFKA_REPLICA_FETCH_MAX_BYTES}
- KAFKA_REPLICA_FETCH_RESPONSE_MAX_BYTES=${KAFKA_REPLICA_FETCH_RESPONSE_MAX_BYTES}
ports:
- "9092:9092"
network_mode: "host"
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建orderer1.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
| vi orderer1.yml
version: '2'
# networks:
# behave:
services:
orderer1.example.com:
extends:
file: docker-compose-base.yml
service: orderer
container_name: orderer1.example.com
environment:
- ORDERER_HOST=orderer1.example.com
- CONFIGTX_ORDERER_ORDERERTYPE=kafka
- CONFIGTX_ORDERER_KAFKA_BROKERS=[kafka0:9092,kafka1:9092,kafka2:9092,kafka3:9092]
- ORDERER_KAFKA_RETRY_SHORTINTERVAL=1s
- ORDERER_KAFKA_RETRY_SHORTTOTAL=30s
- ORDERER_KAFKA_RETRY_LONGINTERVAL=30s
- ORDERER_KAFKA_RETRY_LONGTOTAL=5m
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_GENESISPROFILE=SampleInsecureKafka
- ORDERER_ABSOLUTEMAXBYTES=${ORDERER_ABSOLUTEMAXBYTES}
- ORDERER_PREFERREDMAXBYTES=${ORDERER_PREFERREDMAXBYTES}
volumes:
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp:/var/hyperledger/msp
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls:/var/hyperledger/tls
- ../config/:/var/hyperledger/configs
network_mode: "host"
ports:
- 7050:7050
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
4.2.3 宿主机191.8.2.159
创建zookeeper2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
| vi zookeeper2.yml
version: '2'
# networks:
# behave:
services:
zookeeper2:
extends:
file: docker-compose-base.yml
service: zookeeper
container_name: zookeeper2
environment:
- ZOO_MY_ID=3
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
ports:
- "2181:2181"
- "2888:2888"
- "3888:3888"
network_mode: "host"
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建kafka2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
| vi kafka2.yml
version: '2'
# networks:
# behave:
services:
kafka2:
extends:
file: docker-compose-base.yml
service: kafka
container_name: kafka2
environment:
- KAFKA_ADVERTISED_HOST_NAME=kafka2
- KAFKA_BROKER_ID=2
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
- KAFKA_MESSAGE_MAX_BYTES=${KAFKA_MESSAGE_MAX_BYTES}
- KAFKA_REPLICA_FETCH_MAX_BYTES=${KAFKA_REPLICA_FETCH_MAX_BYTES}
- KAFKA_REPLICA_FETCH_RESPONSE_MAX_BYTES=${KAFKA_REPLICA_FETCH_RESPONSE_MAX_BYTES}
ports:
- "9092:9092"
network_mode: "host"
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建orderer2.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
| vi orderer2.yml
version: '2'
# networks:
# behave:
services:
orderer2.example.com:
extends:
file: docker-compose-base.yml
service: orderer
container_name: orderer2.example.com
environment:
- ORDERER_HOST=orderer2.example.com
- CONFIGTX_ORDERER_ORDERERTYPE=kafka
- CONFIGTX_ORDERER_KAFKA_BROKERS=[kafka0:9092,kafka1:9092,kafka2:9092,kafka3:9092]
- ORDERER_KAFKA_RETRY_SHORTINTERVAL=1s
- ORDERER_KAFKA_RETRY_SHORTTOTAL=30s
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_GENESISPROFILE=SampleInsecureKafka
- ORDERER_ABSOLUTEMAXBYTES=${ORDERER_ABSOLUTEMAXBYTES}
- ORDERER_PREFERREDMAXBYTES=${ORDERER_PREFERREDMAXBYTES}
volumes:
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/var/hyperledger/msp
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls:/var/hyperledger/tls
- ../config/:/var/hyperledger/configs
network_mode: "host"
ports:
- 7050:7050
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建peer02.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
| vi peer02.yml
version: '2'
networks:
behave:
services:
peer0.org2.example.com:
extends:
file: docker-compose-base.yml
service: peer
container_name: peer0.org2.example.com
environment:
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org2.example.com:7052
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_ORGLEADER=${CORE_PEER_GOSSIP_ORGLEADER_PEER0_ORG2}
- CORE_PEER_GOSSIP_USELEADERELECTION=${CORE_PEER_GOSSIP_USELEADERELECTION_PEER0_ORG2}
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin@org2.example.com/tls/ca.crt
- CORE_PEER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin@org2.example.com/tls/client.crt
- CORE_PEER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin@org2.example.com/tls/client.key
volumes:
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/var/hyperledger/msp
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/var/hyperledger/tls
- ../crypto-config/peerOrganizations/org2.example.com/users:/var/hyperledger/users
- ../config/:/var/hyperledger/configs
extra_hosts:
- "orderer0.example.com:191.8.2.156"
- "orderer1.example.com:191.8.2.158"
- "orderer2.example.com:191.8.2.159"
networks:
behave:
aliases:
- ${CORE_PEER_NETWORKID}
ports:
- 7051:7051
- 7053:7053
|
4.2.4 宿主机191.8.2.147
创建kafka3.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| vi kafka3.yml
version: '2'
# networks:
# behave:
services:
kafka3:
extends:
file: docker-compose-base.yml
service: kafka
container_name: kafka3
environment:
- KAFKA_ADVERTISED_HOST_NAME=kafka3
- KAFKA_BROKER_ID=3
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
- KAFKA_MESSAGE_MAX_BYTES=${KAFKA_MESSAGE_MAX_BYTES}
- KAFKA_REPLICA_FETCH_MAX_BYTES=${KAFKA_REPLICA_FETCH_MAX_BYTES}
- KAFKA_REPLICA_FETCH_RESPONSE_MAX_BYTES=${KAFKA_REPLICA_FETCH_RESPONSE_MAX_BYTES}
ports:
- "9092:9092"
network_mode: "host"
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建peer12.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
| vi peer12.yml
version: '2'
networks:
behave:
services:
peer1.org2.example.com:
extends:
file: docker-compose-base.yml
service: peer
container_name: peer1.org2.example.com
environment:
- CORE_PEER_CHAINCODELISTENADDRESS=peer1.org2.example.com:7052
- CORE_PEER_ID=peer1.org2.example.com
- CORE_PEER_ADDRESS=peer1.org2.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_ORGLEADER=${CORE_PEER_GOSSIP_ORGLEADER_PEER1_ORG2}
- CORE_PEER_GOSSIP_USELEADERELECTION=${CORE_PEER_GOSSIP_USELEADERELECTION_PEER1_ORG2}
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin@org2.example.com/tls/ca.crt
- CORE_PEER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin@org2.example.com/tls/client.crt
- CORE_PEER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin@org2.example.com/tls/client.key
volumes:
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/var/hyperledger/msp
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/var/hyperledger/tls
- ../crypto-config/peerOrganizations/org2.example.com/users:/var/hyperledger/users
- ../config/:/var/hyperledger/configs
extra_hosts:
- "orderer0.example.com:191.8.2.156"
- "orderer1.example.com:191.8.2.158"
- "orderer2.example.com:191.8.2.159"
- "peer0.org2.example.com:191.8.2.159"
networks:
behave:
aliases:
- ${CORE_PEER_NETWORKID}
ports:
- 7051:7051
- 7053:7053
|
4.2.5 宿主机191.8.2.148
创建ca1.yml,其中文件中的4eda5b173fa1151ce140d538ba5135f6459d383c989b37836e2b687cdf0f2b72_sk 应该随着新生成的证书密钥文件作对应修改
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| vi ca1.yml
version: '2'
# networks:
# behave:
services:
ca1:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org2
- FABRIC_CA_SERVER_TLS_ENABLED=false
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/4eda5b173fa1151ce140d538ba5135f6459d383c989b37836e2b687cdf0f2b72_sk #该文件名应该对应着新生成的密钥文件进行修改
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/4eda5b173fa1151ce140d538ba5135f6459d383c989b37836e2b687cdf0f2b72_sk -b admin:adminpw -d' #该文件名应该对应着新生成的密钥文件进行修改
volumes:
- ../crypto-config/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./hosts:/etc/hosts
container_name: ca_peerOrg2
network_mode: "host"
# networks:
# behave:
# aliases:
# - ${CORE_PEER_NETWORKID}
|
创建peer11.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
| vi peer11.yml
version: '2'
networks:
behave:
services:
peer1.org1.example.com:
extends:
file: docker-compose-base.yml
service: peer
container_name: peer1.org1.example.com
environment:
- CORE_PEER_CHAINCODELISTENADDRESS=peer1.org1.example.com:7052
- CORE_PEER_ID=peer1.org1.example.com
- CORE_PEER_ADDRESS=peer1.org1.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_ORGLEADER=${CORE_PEER_GOSSIP_ORGLEADER_PEER1_ORG1}
- CORE_PEER_GOSSIP_USELEADERELECTION=${CORE_PEER_GOSSIP_USELEADERELECTION_PEER1_ORG1}
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=/var/hyperledger/users/Admin@org1.example.com/tls/ca.crt
- CORE_PEER_TLS_CLIENTCERT_FILE=/var/hyperledger/users/Admin@org1.example.com/tls/client.crt
- CORE_PEER_TLS_CLIENTKEY_FILE=/var/hyperledger/users/Admin@org1.example.com/tls/client.key
volumes:
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/var/hyperledger/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/var/hyperledger/tls
- ../crypto-config/peerOrganizations/org1.example.com/users:/var/hyperledger/users
- ../config/:/var/hyperledger/configs
extra_hosts:
- "orderer0.example.com:191.8.2.156"
- "orderer1.example.com:191.8.2.158"
- "orderer2.example.com:191.8.2.159"
- "peer0.org1.example.com:191.8.2.156"
networks:
behave:
aliases:
- ${CORE_PEER_NETWORKID}
ports:
- 7051:7051
- 7053:7053
|
5、启动容器
按照以下顺序启动容器
1
2
3
4
5
6
| graph LR
CA-->Zookeeper
Zookeeper-->kafka
kafka-->orderer
orderer-->peer
peer-->cli
|
5.1 启动CA
191.8.2.156
1
| docker-compose -f ca0.yml up -d
|
191.8.2.148
1
| docker-compose -f ca1.yml up -d
|
5.2 启动Zookeeper
191.8.2.156
1
| docker-compose -f zookeeper0.yml up -d
|
191.8.2.158
1
| docker-compose -f zookeeper1.yml up -d
|
191.8.2.159
1
| docker-compose -f zookeeper2.yml up -d
|
5.3 启动kafka
191.8.2.156
1
| docker-compose -f kafka0.yml up -d
|
191.8.2.158
1
| docker-compose -f kafka1.yml up -d
|
191.8.2.159
1
| docker-compose -f kafka2.yml up -d
|
191.8.2.147
1
| docker-compose -f kafka3.yml up -d
|
5.4 启动orderer
191.8.2.156
1
| docker-compose -f orderer0.yml up -d
|
191.8.2.158
1
| docker-compose -f orderer1.yml up -d
|
191.8.2.159
1
| docker-compose -f orderer2.yml up -d
|
5.5 启动peer
191.8.2.156
1
| docker-compose -f peer01.yml up -d
|
191.8.2.148
1
| docker-compose -f peer11.yml up -d
|
191.8.2.159
1
| docker-compose -f peer02.yml up -d
|
191.8.2.147
1
| docker-compose -f peer12.yml up -d
|
5.6 启动cli
191.8.2.156
1
| docker-compose -f docker-compose-cli-org1.yml up -d
|
6、部署链码
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| docker exec -it cli /bin/bash
export CHANNEL_NAME=mychannel
peer channel create -o orderer0.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel join -b mychannel.block
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp \
CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" \
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt \
peer channel join -b mychannel.block
peer channel update -o orderer0.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx \
--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp \
CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" \
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt \
peer channel update -o orderer0.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org2MSPanchors.tx \
--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer chaincode install -n sacc -v 1.0 -p github.com/chaincode/
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp \
CORE_PEER_ADDRESS=peer0.org2.example.com:7051 CORE_PEER_LOCALMSPID="Org2MSP" \
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt \
peer chaincode install -n sacc -v 1.0 -p github.com/chaincode/
peer chaincode instantiate -o orderer0.example.com:7050 -C mychannel -n emall_cc -v 1.2 -c '{"Args":["init"]}' --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
|
7、部署效果
191.8.2.156
191.8.2.158
191.8.2.159
191.8.2.148
191.8.2.147
参考配置文件地址:silence-lhl
有时候内网机器不能连接外网,也无法从外网直接拉取镜像,一般从跳板机将镜像拉取完成后保存并发送到内网机器,再在内网机器中进行加载,命令如下:
docker save IMAGE_NAME IMAGE_NAME.tar
docker load -i IMAGE_NAME.tar
