In-depth understanding of the detailed process of fabric environment setup

Source: Internet
Author: User
Tags git clone docker ps

Bloggers before the article is to teach you how to quickly build a fabric environment, but a lot of work is hidden in the official script, not easy for everyone to understand the process, so the blogger here will be the process of one step by step decomposition, convenient for everyone.

Before the preparation of the work I need not say, that is, the installation of various software and development environment, after installation, we git clone down the latest code, and switch to v1.0.0, and download the Docker image we need to use, that is, to step 6, and then we have to parse the next step, which is really the process of building the fabric. 1. Generate Public private keys and certificates

There are two types of public private keys and certificates in fabric, one is the TLS certificate prepared for communication security before the node, and the other is user credentials for user logon and permission control. These certificates should have been issued by a CA, but we are here in the test environment, and the CA node is not enabled, so fabric helps us to provide a tool: Cryptogen. 1.1 Compiling build Cryptogen

Now that we have the source code for the fabric, we can easily compile the required program with the Make command. Fabric officially provides a portal specifically for compiling Cryptogen, and we just need to run the following command:

CD ~/go/src/github.com/hyperledger/fabric make
Cryptogen

The system returns results after the run:

Build/bin/cryptogen 
cgo_cflags= "" Gobin=/home/studyzy/go/src/github.com/hyperledger/fabric/build/bin go Install-tags ""-ldflags "-X github.com/hyperledger/fabric/common/tools/cryptogen/metadata. version=1.0.0 "Github.com/hyperledger/fabric/common/tools/cryptogen 
Binary available as Build/bin/cryptogen

That means we can see the compiled Cryptogen program under the Build/bin folder. 1.2 Configuring Crypto-config.yaml

Examples/e2e_cli/crypto-config.yaml has provided a configuration for a orderer org and two peer org, and the field is also commented on in the template. We can take Org2 to analyze:

-Name:org2 
  Domain:org2.example.com 
  Template: 
    count:2 
  Users: 
    count:1

Name and domain are the names and domains of the organization, which is primarily used to generate certificates, which are included in the certificate. And template count=2 is that we want to generate 2 sets of public private keys and certificates, a set is PEER0.ORG2, there is a peer1.org2. Finally, users. Count=1 is that each template will have a few ordinary user (note that admin is admin, not included in this count), here is configured 1, that is to say we only need a normal user User1@org2.example.com We can adjust the configuration file according to the actual needs, adding and deleting org users and so on. 1.3 Generating public private keys and certificates

After we have configured the Crypto-config.yaml file, we can use Cryptogen to read the file and generate the corresponding public private key and certificate:

CD examples/e2e_cli/.
/.. /build/bin/cryptogen Generate--config=./crypto-config.yaml

The generated files are saved to the Crypto-config folder, and we can go to that folder to see which files were generated:

Tree Crypto-config
2. Generation of Genesis blocks and channel configuration blocks 2.1 Compiling build Configtxgen

Similar to the previous 1.1, we can generate the Configtxgen program with the Make command:

CD ~/go/src/github.com/hyperledger/fabric make

Configtxgen

The result after the run is:

Build/bin/configtxgen 
cgo_cflags= "" Gobin=/home/studyzy/go/src/github.com/hyperledger/fabric/build/bin go Install-tags "NOPKCS11"-ldflags "-X github.com/hyperledger/fabric/common/configtx/tool/configtxgen/metadata. version=1.0.0 "Github.com/hyperledger/fabric/common/configtx/tool/configtxgen 
Binary available as build/bin/ Configtxgen
2.2 Configuring Configtx.yaml

Officially provided by examples/e2e_cli/ Configtx.yaml This file is configured with a Orderer consensus configuration twoorgsorderergenesis involving 2 org and a channel configuration involving 2 org: Twoorgschannel. Orderer can set the consensus of the algorithm is solo or Kafka, as well as the consensus time zone block size, time-out, etc., we use the default value can not change. The configuration of the peer node includes the configuration of the MSP and the configuration of the anchor node. If we have more org, or have more channel, then we can make the corresponding modification according to the template. 2.3 Creating Genesis Blocks

Once the configuration has been modified, we will use Configtxgen to generate the Genesis block. and save this chunk to the local channel-artifacts folder:

CD examples/e2e_cli/.

/.. /build/bin/configtxgen-profile Twoorgsorderergenesis-outputblock./channel-artifacts/genesis.block
2.4 Generating channel configuration chunks
.. /.. /build/bin/configtxgen-profile Twoorgschannel-outputcreatechanneltx./channel-artifacts/channel.tx-channelid MyChannel

In addition to the update of the anchor node, we also need to use this program to generate the file:

.. /.. /build/bin/configtxgen-profile twoorgschannel-outputanchorpeersupdate./channel-artifacts/org1mspanchors.tx- Channelid mychannel-asorg Org1msp

. /.. /build/bin/configtxgen-profile twoorgschannel-outputanchorpeersupdate./channel-artifacts/org2mspanchors.tx- Channelid mychannel-asorg Org2msp

In the end, we should be able to see 4 files in the Channel-artifacts folder.

channel-artifacts/
├──channel.tx
├──genesis.block
├──org1mspanchors.tx
└──ORG2MSPANCHORS.TX 3. Configuring the Docker-compose file for the fabric environment

Before facing the node and the user's public key and the certificate, as well as the creation blocks are generated, then we can configure the Docker-compose Yaml file, start the fabric Docker environment. 3.1 Configuring Orderer

The configuration of the

Orderer is in Base/docker-compose-base.yaml, we look at the contents:

orderer.example.com:container_name:orderer.example.com image:hyperledger/fabric-orderer Environment:-OR  Derer_general_loglevel=debug-orderer_general_listenaddress=0.0.0.0-orderer_general_genesismethod=file- Orderer_general_genesisfile=/var/hyperledger/orderer/orderer.genesis.block-orderer_general_localmspid= ORDERERMSP-ORDERER_GENERAL_LOCALMSPDIR=/VAR/HYPERLEDGER/ORDERER/MSP # Enabled TLS-ORDERER_GENERAL_TLS _enabled=true-orderer_general_tls_privatekey=/var/hyperledger/orderer/tls/server.key-orderer_general_tls_cer tificate=/var/hyperledger/orderer/tls/server.crt-orderer_general_tls_rootcas=[/var/hyperledger/orderer/tls/ CA.CRT] Working_dir:/opt/gopath/src/github.com/hyperledger/fabric command:orderer volumes:-. /channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block-... /crypto-config/ordererorganizations/example.com/orderers/orderer.example.com/msp:/var/hyperlEdger/orderer/msp-... 
  /crypto-config/ordererorganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls Ports:-7,050:7,050

The main concern here is that orderer_general_genesisfile=/var/hyperledger/orderer/ Orderer.genesis.block, and this Genesis block is the creation block we created earlier, and here is the host-to-Docker mapping:

- .. /channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block

The additional configuration is mainly tl,log and so on, finally exposing the service port 7050. 3.2 Configuring Peer

Peer is configured in Base/docker-compose-base.yaml and Peer-base.yaml, and we take the PEER0.ORG1 to look at the content:

Peer-base:image:hyperledger/fabric-peer Environment:-Core_vm_endpoint=unix:///host/var/run/docker.sock # The following setting starts Chaincode containers on the same # Bridge network as the peers # Https://docs.do 
    cker.com/compose/networking/-Core_vm_docker_hostconfig_networkmode=e2ecli_default #-CORE_LOGGING_LEVEL=ERROR -Core_logging_level=debug-core_peer_tls_enabled=true-core_peer_gossip_useleaderelection=true-co Re_peer_gossip_orgleader=false-core_peer_profile_enabled=true-core_peer_tls_cert_file=/etc/hyperledger/fabri c/tls/server.crt-core_peer_tls_key_file=/etc/hyperledger/fabric/tls/server.key-core_peer_tls_rootcert_file=/ ETC/HYPERLEDGER/FABRIC/TLS/CA.CRT Working_dir:/opt/gopath/src/github.com/hyperledger/fabric/peer command:peer nod E Start peer0.org1.example.com:container_name:peer0.org1.example.com Extends:file:peer-base.yaml serv Ice:peer-base environment:-Core_peer_id=peer0.org1.example.com-core_peer_address=peer0.org1.example.com:7051-core_peer_cha 
    incodelistenaddress=peer0.org1.example.com:7052-core_peer_gossip_externalendpoint=peer0.org1.example.com:7051 -Core_peer_localmspid=org1msp Volumes:-/var/run/:/host/var/run/-... 
      /crypto-config/peerorganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp - .. 
  /crypto-config/peerorganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls Ports:-7051:7051-7052:7052-7053:7053

In peer configuration, the primary is to assign the address of various services to peer, as well as TLS and MSP information. 3.3 Configuring the CLI

The CLI plays the role of the client in the entire fabric network, and we can use the CLI instead of the SDK when developing tests to perform the actions that the SDK can perform. The CLI is connected to the peer, and the command is sent to the corresponding peer for execution. CLI configuration in Docker-compose-cli.yaml, let's look at the contents:

CLI:CONTAINER_NAME:CLI image:hyperledger/fabric-tools tty:true Environment:-Gopath=/opt/gopath -Core_vm_endpoint=unix:///host/var/run/docker.sock-core_logging_level=debug-core_peer_id=cli-core_p Eer_address=peer0.org1.example.com:7051-core_peer_localmspid=org1msp-core_peer_tls_enabled=true-core_ peer_tls_cert_file=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerorganizations/ Org1.example.com/peers/peer0.org1.example.com/tls/server.crt-core_peer_tls_key_file=/opt/gopath/src/github.com 
    /hyperledger/fabric/peer/crypto/peerorganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key -core_peer_tls_rootcert_file=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerorganizations/ org1.example.com/peers/peer0.org1.example.com/tls/ca.crt-core_peer_mspconfigpath=/opt/gopath/src/github.com/ Hyperledger/fabric/peer/crypto/peerorganizations/org1.example.com/users/admin@org1.exAmple.com/msp working_dir:/opt/gopath/src/github.com/hyperledger/fabric/peer command:/bin/bash-c './scripts/scrip T.sh ${channel_name}; Sleep $TIMEOUT ' volumes:-/var/run/:/host/var/run/-. /chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go-./crypto-config:/opt/gopath /src/github.com/hyperledger/fabric/peer/crypto/-./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/ 
    scripts/-./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts depends_on: 
    -Orderer.example.com-peer0.org1.example.com-peer1.org1.example.com-peer0.org2.example.com  -Peer1.org2.example.com

From here we can see that when the CLI starts, the default connection is peer0.org1.example.com, and TLS is enabled. The default is to connect to peer as Admin@org1.example.com. When the CLI starts, it executes the./scripts/script.sh script, which is the fabric/examples/e2e_cli/scripts/script.sh script, This script completes the initialization and Chaincode installation and operation of the fabric environment, which is the next steps 4 and 5. In the file mapping configuration, we note that: /chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/examples/chaincode/go, That is to say we want to install the Chaincode are in the Fabric/examples/chaincode/go directory, in the future we want to develop their own chaincode, just need to copy our code to the directory.

Note: Please comment out the command line in the CLI, we do not need to automatically execute the script when the CLI is started, we need step by step 4,5 manual execution. " 4. Initialize the fabric environment 4.1 container to start the fabric environment

After we put the configuration of the entire fabric Docker environment on DOCKER-COMPOSE-CLI.YAML, we only need to use the following commands:

Docker-compose-f Docker-compose-cli.yaml up-d

Finally, if the-D parameter is not added, the current terminal is attached to the docker-compose, and if added, the Docker container runs in the background. Run the Docker PS command to see the results of the startup:

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6F98F57714B5 hyperledger/fabric-tools "/bin/bash" 8 seconds ago up 7 seconds Cli
6e7b3fd0e803 Hyperledger/fabric-peer "Peer node start" seconds ago up 8 seconds 0.0.0.0:10051 ->7051/tcp, 0.0.0.0:10052->7052/tcp, 0.0.0.0:10053->7053/tcp peer1.org2.example.com
9e67abfb982f hyperledger/fabric-orderer "orderer" seconds ago up 8 seconds 0.0.0.0:7050- >7050/tcp orderer.example.com
908D7FE2A4C7 Hyperledger/fabric-peer "Peer node start" seconds ago up 9 seconds 0.0.0.0:7051- 7053->7051-7053/tcp peer0.org1.example.com
6BB187AC10EC Hyperledger/fabric-peer "Peer node start" One seconds ago up ten seconds 0.0.0.0:9051- >7051/tcp, 0.0.0.0:9052->7052/tcp, 0.0.0.0:9053->7053/tcp peer0.org2.example.com
150baa520ed0 Hyperledger/fabric-peer "Peer node start" seconds ago up 9 seconds 0.0.0.0:8051- >7051/tcp, 0.0.0.0:8052->7052/tcp, 0.0.0.0:8053->7053/tcp peer1.org1.example.com

You can see that the 1orderer+4peer+1cli are up. 4.2 Creating a channel

Now we're going to go inside the CLI container and create the channel inside. Enter the CLI internal bash with the following command first:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.