Hyperledger Fabric - 01 - 安装并测试网络

Hyperledger Fabric 搭建并测试

一、环境准备

系统工具	版本	备注
CentOS	7
Docker	18.09.4	参考：Centps7安装docker
Docker-compose	1.25.0	参考下方
GO	1.13.4	参考：CentOS7下载Go 解压配置环境变量即可

#安装docker-compose
#方式一：
curl -L https://github.com/docker/compose/releases/download/1.25.0-rc1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose 
sudo chmod +x /usr/local/bin/docker-compose
#方式二：
pip install -U docker-compose==1.23.2

二、安装fabric2.x

• 首先，自行下载fabric源码git clone，将下载的fabric包解压出来，进入到${HOME}/fabric/scripts脚本目录进行安装

• 下载过程比较漫长，因为采用的是docker镜像容器进行安装，需要下载所需要的镜像，我这里面拉取了所有的镜像，很多暂时不用（2.x不支持kafka,zookeeper）

• 脚本执行结束后，可以看到相关镜像等其他信息，如果存在没有拉取完的镜像，就在执行一边。

• 通过docker查看拉取的镜像信息docker image ls -a

执行完如上图，另外在scripts目录下会多出来一个fabric-samples目录

三、启动test-network测试网络

[root@XiaYuJie_fabric test-network]# ./network.sh up createChannel -c zzuChannel -ca

Unknown flag: createChannel

Usage: 
  network.sh <Mode> [Flags]
    <Mode>
      - 'up' - bring up fabric orderer and peer nodes. No channel is created
      - 'up createChannel' - bring up fabric network with one channel
      - 'createChannel' - create and join a channel after the network is created
      - 'deployCC' - deploy the fabcar chaincode on the channel
      - 'down' - clear the network with docker-compose down
      - 'restart' - restart the network

    Flags:
    -ca <use CAs> -  create Certificate Authorities to generate the crypto material
    -c <channel name> - channel name to use (defaults to "mychannel")
    -s <dbtype> - the database backend to use: goleveldb (default) or couchdb
    -r <max retry> - CLI times out after certain number of attempts (defaults to 5)
    -d <delay> - delay duration in seconds (defaults to 3)
    -l <language> - the programming language of the chaincode to deploy: go (default), java, javascript, typescript
    -v <version>  - chaincode version. Must be a round number, 1, 2, 3, etc
    -i <imagetag> - the tag to be used to launch the network (defaults to "latest")
    -cai <ca_imagetag> - the image tag to be used for CA (defaults to "latest")
    -verbose - verbose mode
  network.sh -h (print this message)

 Possible Mode and flags
  network.sh up -ca -c -r -d -s -i -verbose
  network.sh up createChannel -ca -c -r -d -s -i -verbose
  network.sh createChannel -c -r -d -verbose
  network.sh deployCC -l -v -r -d -verbose

 Taking all defaults:
	network.sh up

 Examples:
  network.sh up createChannel -ca -c mychannel -s couchdb -i 2.0.0
  network.sh createChannel -c channelName
  network.sh deployCC -l javascript

cd /fabric-samples/test-network
network.sh up

如下图，表示启动成功，已启动一个orderer节点和两个peer节点。

可以查看本地启动的docker container 存在测试网络启动的oder和peer

docker ps -a  #查看启动的container
docker container ls -a #查看启动的container

四、使用测试网络

• 创建channel，使用network.sh脚本创建来创建一个连接org1和org2组织并加入他们peer的通道，命令如下：

./network.sh createChannel

如上图，创建成功（默认通道名为mychannel）。

也可以带上channel标签，命令如下（-c channelName）：

./network.sh createChannel -c channel1

如果要在一个步骤中启动网络并创建频道，可以同时使用up和create channel模式：

./network.sh up createChannel

---

• 在通道上启动链码。

使用network.sh创建通道之后，可以使用以下命令在通道上启动链码（默认使用go语言）：

./network.sh deployCC

可以指定语言，加-l ，比如用java，命令如下：

./network.sh deployCC -l java

如图，启动成功：

• 与网络互动

网络启动之后，可以使用peer cli客户端去操作网络，可以通过cli客户端去调用部署智能合约，更新通道，或者安装和部署新的智能合约。

首先确保操作目录为test-network目录。使用以下命令将二进制文件添加到cli路径：

export PATH=${PWD}/../bin:${PWD}:$PATH

还需要设置FABRIC_CFG_PATH路径指向fabric-samples中的core.yaml文件，命令如下：

export FABRIC_CFG_PATH=$PWD/../config/

设置允许org1操作peer cli的环境变量：

# Environment variables for Org1
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_ADDRESS=localhost:7051
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp

如上，CORE_PEER_TLS_ROOTCERT_FILE和CORE_PEER_MSPCONFIGPATH环境变量指向organizations文件夹中的org1的加密文件。

使用以下命令获取汽车资产列表：

 peer chaincode query -C mychannel -n fabcar -c '{"Args":["queryAllCars"]}'
 #result
 [{"Key":"CAR0", "Record":{"make":"Toyota","model":"Prius","colour":"blue","owner":"Tomoko"}},
{"Key":"CAR1", "Record":{"make":"Ford","model":"Mustang","colour":"red","owner":"Brad"}},
{"Key":"CAR2", "Record":{"make":"Hyundai","model":"Tucson","colour":"green","owner":"Jin Soo"}},
{"Key":"CAR3", "Record":{"make":"Volkswagen","model":"Passat","colour":"yellow","owner":"Max"}},
{"Key":"CAR4", "Record":{"make":"Tesla","model":"S","colour":"black","owner":"Adriana"}},
{"Key":"CAR5", "Record":{"make":"Peugeot","model":"205","colour":"purple","owner":"Michel"}},
{"Key":"CAR6", "Record":{"make":"Chery","model":"S22L","colour":"white","owner":"Aarav"}},
{"Key":"CAR7", "Record":{"make":"Fiat","model":"Punto","colour":"violet","owner":"Pari"}},
{"Key":"CAR8", "Record":{"make":"Tata","model":"Nano","colour":"indigo","owner":"Valeria"}},
{"Key":"CAR9", "Record":{"make":"Holden","model":"Barina","colour":"brown","owner":"Shotaro"}}]

当网络成员想要转移或更改总账上的资产时，就会调用链码。通过调用fabcar链码，使用以下命令更改帐本上的资产所有者:

(Chaincodes are invoked when a network member wants to transfer or change an asset on the ledger. Use the following command to change the owner of a car on the ledger by invoking the fabcar chaincode:)

peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n fabcar --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"function":"changeCarOwner","Args":["CAR9","Dave"]}'

2020-11-30 08:09:25.532 EST [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200 

在调用链代码之后，我们可以使用另一个查询来查看调用如何更改了区块链分类账上的资产。因为我们已经查询了Org1对等点，所以我们可以利用这个机会查询在Org2对等点上运行的链代码。将以下环境变量设置为Org2:

After we invoke the chaincode, we can use another query to see how the invoke changed the assets on the blockchain ledger. Since we already queried the Org1 peer, we can take this opportunity to query the chaincode running on the Org2 peer. Set the following environment variables to operate as Org2:

# Environment variables for Org2

export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=localhost:9051

你现在可以在“peer0.org2.example.com”上查询fabcar链码:

You can now query the fabcar chaincode running on peer0.org2.example.com:

peer chaincode query -C mychannel -n fabcar -c '{"Args":["queryCar","CAR9"]}'

结果将显示‘CAR9’转移给Dave:

The result will show that "CAR9" was transferred to Dave:

{"make":"Holden","model":"Barina","colour":"brown","owner":"Dave"}

五、关闭网络

./network.sh down

启动过程详解

• ./network.sh为两个peer节点和一个order节点创建了证书和密钥，默认情况下，脚本会利用在organizations/cryptogen文件夹下的加密工具。
• 脚本利用configtxgen工具创建了系统的创世块，它使用configtx/configtx.yaml文件来创建创世块，并存储在system-genesis-block文件夹中。
• 当上述两步完成之后，./network.sh会启动网络，脚本利用在docker文件夹下的docker-compose-test-net.yaml文件创建peer和orderer节点。
• 如果使用了createChannel子命令，脚本还会运行script文件夹下的createChannel.sh脚本来创建所需要的channel，脚本会用peer命令来创建channel，加入两个组织。
• 如果运行了deployCC命令，脚本会在所有peers上运行script下的deployCC.sh脚本来安装fabcar chaincode，在chaincode的定义被提交到channel之后，peer命令会调用init函数来初始化chaincode，并将所需的数据放入chaincode中。

注：下图是fabric简化交易过程

六、标志并启动网络（ca为网络的标志）

./network.sh up -ca

值得花一些时间检查/ network.sh脚本部署CA之后生成的日志。 测试网络使用Fabric CA客户端以每个组织的CA注册节点和用户身份。 之后这个脚本使用enroll命令为每个身份生成一个MSP文件夹。 MSP文件夹包含每个身份的证书和私钥，以及在运营CA的组织中建立身份的角色和成员身份。 您可以使用以下命令来检查Org1管理员用户的MSP文件夹：

tree organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/

该命令将显示MSP文件夹的结构和配置文件：

organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/
└── msp
    ├── IssuerPublicKey
    ├── IssuerRevocationPublicKey
    ├── cacerts
    │   └── localhost-7054-ca-org1.pem
    ├── config.yaml
    ├── keystore
    │   └── 58e81e6f1ee8930df46841bf88c22a08ae53c1332319854608539ee78ed2fd65_sk
    ├── signcerts
    │   └── cert.pem
    └── user