fabric1.4.1核心模塊及配置文件不完全解讀
核心模塊及功能
| 模塊名稱 | 功能 |
|---|---|
| peer | 主節點模塊,負責儲存區塊鏈數據,運行維護鏈碼 |
| orderer | 交易打包、排序模塊 |
| cryptogan | 組織和證書生成模塊 |
| configtxgen | 區塊和交易生成模塊 |
| configtxlator | 區塊和交易解析模塊 |
核心模塊位於bin目錄下
模塊配置
- fabric核心模塊的配置信息是由配置文件、命令行選項、環境變量三個部分組成,其中配置文件和環境變量之間的關系容易導致系統啟動錯誤。
- 三處配置之間的優先級關系:環境變量>配置文件>命令選項
- 環境變量和配置文件可以相互轉化,但是建議全部配置在環境變量中或者全部配置在配置文件中。基於Docker運行,建議采用環境變量的配置方式,如果使用命令行直接啟動,建議采用配置文件。
cryptogen模塊
- 命令
cryptogen --help顯示cryptogen模塊的命令行選項
運行結果:
[root@node1 bin]# ./cryptogen --help
usage: cryptogen [<flags>] <command> [<args> ...]
Utility for generating Hyperledger Fabric key material
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
Commands:
help [<command>...] //顯示幫助信息
Show help.
generate [<flags>] //根據配置文件生成證書和私鑰信息
Generate key material
showtemplate //顯示系統默認cryptogen配置文件信息
Show the default configuration template
version //顯示當前模塊的版本號
Show version information
extend [<flags>] //擴展現有網絡
Extend existing network
- 配置文件crypto-config.yaml
注:示例文件來自於e2e_cli實例
OrdererOrgs: //定義orderer節點
- Name: Orderer //orderer節點的名稱
Domain: example.com //orderer節點的根域名
CA:
Country: US
Province: California
Locality: San Francisco
Specs:
- Hostname: orderer //orderer節點的主機名
PeerOrgs:
- Name: Org1 //組織1的名稱
Domain: org1.example.com //組織1的根域名
EnableNodeOUs: true
CA:
Country: US
Province: California
Locality: San Francisco
Template:
Count: 2 //組織1中的節點數目
Users: //組織1中的用戶數目
Count: 1
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: true
CA:
Country: US
Province: California
Locality: San Francisco
Template:
Count: 2
Users:
Count: 1
configtxgen模塊
- 命令
[root@node1 bin]# ./configtxgen --help
Usage of ./configtxgen:
-asOrg string
Performs the config generation as a particular organization (by name), only including values in the write set that org (likely) has privilege to set
-channelCreateTxBaseProfile string
Specifies a profile to consider as the orderer system channel current state to allow modification of non-application parameters during channel create tx generation. Only valid in conjuction with 'outputCreateChannelTx'.
-channelID string
The channel ID to use in the configtx
-configPath string
The path containing the configuration to use (if set)
-inspectBlock string
Prints the configuration contained in the block at the specified path
-inspectChannelCreateTx string //打印創建通道的交易的配置文件
Prints the configuration contained in the transaction at the specified path
-outputAnchorPeersUpdate string
Creates an config update to update an anchor peer (works only with the default channel creation, and only for the first update)
-outputBlock string
The path to write the genesis block to (if set)
-outputCreateChannelTx string
The path to write a channel creation configtx to (if set)
-printOrg string
Prints the definition of an organization as JSON. (useful for adding an org to a channel manually)
-profile string
The profile from configtx.yaml to use for generation. (default "SampleInsecureSolo")
-version
Show version information
[root@node1 bin]#
常用命令解析:
- -asOrg string :所屬組織
- -channelID string :channel名稱,如果沒有,系統會提供一個默認值
- -inspectBlock string :打印定制區塊文件中的配置內容
- -inspectChannelCreateTx string :打印創建通道的交易的配置文件
- -outputAnchorPeersUpdate string :更新呢channel配置信息
- -outputBlock string :輸出區塊文件的路徑
- -outputCreateChannelTx string :標識輸出創始區塊文件
- -profile string :配置文件的節點
- -version :顯示版本信息
- 配置文件configtx.yaml
注:示例文件來自於e2e_cli實例
//orderer節點相關信息
Organizations:
//orderer節點配置信息
- &OrdererOrg
//orderer節點名稱
Name: OrdererOrg
//orderer節點編號
ID: OrdererMSP
//msp文件夾路徑
MSPDir: crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
//orderer節點中包含的組織,如果有多個組織可以配置多個。
- &Org1
Name: Org1MSP //組織名稱
ID: Org1MSP //組織編號
//組織msp文件名
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
//錨節點配置,定義錨節點位置,可用於跨組織的數據傳播或同步
AnchorPeers:
//本組織錨節點訪問地址
- Host: peer0.org1.example.com
//本組織錨節點訪問的端口
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
- &Org3
Name: Org3MSP
ID: Org3MSP
MSPType: idemix
MSPDir: crypto-config/idemix/idemix-config
Policies:
Readers:
Type: Signature
Rule: "OR('Org3MSP.admin', 'Org3MSP.peer', 'Org3MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org3MSP.admin', 'Org3MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org3MSP.admin')"
AnchorPeers:
- Host: peer0.org3.example.com
Port: 7051
//功能特=特性集合
Capabilities:
//全局頻道功能配置,頻道功能必須同時適用並支持排序服務節點及peer節點
Channel: &ChannelCapabilities
V1_3: true
//排序服務功能配置
Orderer: &OrdererCapabilities
V1_1: true
//應用功能配置
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
//orderer節點的配置,Orderer指定fabric網絡的啟動類型、區塊生成配置以及排序服務的地址
Orderer: &OrdererDefaults
//orderer節點啟動類型和共識方式
OrdererType: kafka
//orderer監聽的地址
Addresses:
- orderer.example.com:7050
//批處理超時:在創建批處理之前等待的時間
BatchTimeout: 2s
BatchSize:
//最大消息計數:批處理的最大消息數量
MaxMessageCount: 10
//絕對最大字節:批處理中序列化消息的絕對最大字節數
AbsoluteMaxBytes: 98 MB
PreferredMaxBytes: 512 KB
//kafka相關配置
Kafka:
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
- kafka3:9092
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
//以下部分定義了整個系統的配置信息,指定configtxgen工具的參數
Profiles:
//組織定義標識符,可以自定義,命令中的-profile參數對應該標識符
//命令示例:./bin/configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
//Orderer屬性配置,系統關鍵字不得更改
Orderer:
<<: *OrdererDefaults
Organizations:
//OrdererOrg是官方樣板給出的名稱,實際生產環境中可自定義
- *OrdererOrg
//定義了系統中包含的組織
Consortiums:
SampleConsortium:
//系統中包含的組織
Organizations:
- *Org1
- *Org2
- *Org3
//以下是channel的配置信息
//通道定義標識符,可自定義
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
profiles節點詳解:profiles節點定義了整個系統的結構和channel的結構,配置文件中的Profiles關鍵字不允許修改,否則配置失效。
orderer模塊
- 命令
[root@node1 bin]# ./orderer --help
usage: orderer [<flags>] <command> [<args> ...]
Hyperledger Fabric orderer node
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
Commands:
help [<command>...]
Show help.
start*
Start the orderer node
version
Show version information
benchmark
Run orderer in benchmark mode
[root@node1 bin]#
常用命令解析
- help :顯示求助信息
- start* :啟動orderer節點
- version :顯示版本信息
- benchmark :采用基准模式運行orderer
- 配置docker-compose-orderer.yaml
注:示例文件來自於fabric基於kafka生產環境部署實例,實例參考博客園作者靈龍相關實例:https://www.cnblogs.com/llongst/p/9608886.html
version: '2'
services:
orderer0.example.com:
container_name: orderer0.example.com
image: hyperledger/fabric-orderer
//環境變量
environment:
//general節點相關配置
- ORDERER_GENERAL_LOGLEVEL=debug //日志級別
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 //監聽地址
//賬本的類型,賬本有ram,json,file三種可選。ram表示賬本數據保存在內存中,一般用於測試環境;json和file表示賬本數據保存在文件中,用於生產環境。
- ORDERER_GENERAL_GENESISMETHOD=file
//創世區塊文件的路徑
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
//orderer模塊的編號,在configtxgen模塊的配置文件中指定
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
//orderer模塊msp文件路徑
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
//orderer模塊TLS設置
//TLS激活標記,true表示激活,flase表示關閉
- ORDERER_GENERAL_TLS_ENABLED=true
//服務器私鑰文件路徑
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
//服務器數字證書文件路徑
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
//根CA服務器證書文件的路徑
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
//ORDERER_KAFKA是kafka生產者和消費者應該注意的配置
//RETRY:如果orderer在啟動的時候,kafka還沒有啟動或者kafka宕機時重試的次數
//LONGINTERVAL:長重試狀態下重試的時間間隔
- ORDERER_KAFKA_RETRY_LONGINTERVAL=10s
//長重試狀態下最多重試時間
- ORDERER_KAFKA_RETRY_LONGTOTAL=100s
//操作失敗短重試狀態下重試的時間間隔
- ORDERER_KAFKA_RETRY_SHORTINTERVAL=1s
//短重試狀態下最多的重試時間
- ORDERER_KAFKA_RETRY_SHORTTOTAL=30s
//kafka客戶端的日志級別,在orderer的運行日志中顯示kafka的日志信息
- ORDERER_KAFKA_VERBOSE=true
//當前容器啟動之后的工作路徑
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
//外界物理機路徑掛載或者指引到容器內的路徑
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/:/var/hyperledger/orderer/tls
//當前容器啟動之后映射到物理機上的端口號
ports:
- 7050:7050
extra_hosts:
- "kafka0:192.168.111.139"
- "kafka1:192.168.111.131"
- "kafka2:192.168.111.132"
- "kafka3:192.168.111.140"
peer模塊
- 命令
[root@node1 bin]# ./peer --help
Usage:
peer [command]
Available Commands:
chaincode Operate a chaincode: install|instantiate|invoke|package|query|signpackage|upgrade|list.
channel Operate a channel: create|fetch|join|list|update|signconfigtx|getinfo.
help Help about any command
logging Logging configuration: getlevel|setlevel|getlogspec|setlogspec|revertlevels.
node Operate a peer node: start|status.
version Print fabric peer version.
Flags:
-h, --help help for peer
Use "peer [command] --help" for more information about a command.
- 配置docker-compose-peer.yaml
注:示例文件來自於fabric基於kafka生產環境部署實例,實例參考博客園作者靈龍相關實例:https://www.cnblogs.com/llongst/p/9608886.html
version: '2'
services:
peer0.org1.example.com:
container_name: peer0.org1.example.com
hostname: peer0.org1.example.com
image: hyperledger/fabric-peer
//環境變量
environment:
//節點編號
- CORE_PEER_ID=peer0.org1.example.com
//訪問地址
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
//chaincode的監聽地址
- CORE_PEER_CHAINCODELISTENADDRESS=peer0.org1.example.com:7052
//當前節點所屬組織編號
- CORE_PEER_LOCALMSPID=Org1MSP
//docker服務器域名的地址,默認取unix域套接字
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#設定peer模塊啟動之后的日志級別
- CORE_LOGGING_LEVEL=DEBUG
//用戶組織節點(leader)的生成方式
- CORE_PEER_GOSSIP_USELEADERELECTION=true
//當前節點是否為用戶組織節點,false代表不是用戶組織節點
- CORE_PEER_GOSSIP_ORGLEADER=false
//節點被組織外部節點感知時的地址,默認為空,表示不被其他組織所感知
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_PROFILE_ENABLED=true
//peer模塊TLS設置
//TLS激活標記,true表示激活,flase表示關閉
- CORE_PEER_TLS_ENABLED=true
//服務器證書文件路徑
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
//服務器私鑰文件路徑
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
//根CA服務器證書文件路徑
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
//當前容器啟動之后的工作路徑
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
//外界物理機路徑掛載或者指引到容器內的路徑
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
//當前容器啟動之后映射到物理機上的端口號
ports:
- 7051:7051
- 7052:7052
- 7053:7053
extra_hosts:
- "orderer0.example.com:192.168.152.160"
- "orderer1.example.com:192.168.152.156"
- "orderer2.example.com:192.168.152.157"
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes://需要從本地映射到docker容器中的文件
- /var/run/:/host/var/run/
//將本地的鏈碼映射到docker容器中
- ./chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/kafkapeer/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
extra_hosts:
- "orderer0.example.com:192.168.152.160"
- "orderer1.example.com:192.168.152.156"
- "orderer2.example.com:192.168.152.157"
- "peer0.org1.example.com:192.168.152.160"
- "peer1.org1.example.com:192.168.152.156"
- "peer0.org2.example.com:192.168.152.157"
- "peer1.org2.example.com:192.168.152.161"
拓展
zookeeper
配置文件docker-compose-zookeeper.yaml
version: '2'
services:
zookeeper0:
container_name: zookeeper0
hostname: zookeeper0
image: hyperledger/fabric-zookeeper
restart: always
environment:
//當前節點在zookeeper集群中的id
- ZOO_MY_ID=1
//組成當前zookpeer集群的服務器的列表
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
ports:
- 2181:2181
- 2888:2888
- 3888:3888
extra_hosts:
- "zookeeper0:192.168.152.160"
- "zookeeper1:192.168.152.156"
- "zookeeper2:192.168.152.157"
- "kafka0:192.168.152.160"
- "kafka1:192.168.152.156"
- "kafka2:192.168.152.157"
- "kafka3:192.168.152.161"
kafka
配置文件docker-compose-kafka.yaml
version: '2'
services:
kafka0:
container_name: kafka0
hostname: kafka0
image: hyperledger/fabric-kafka
restart: always
environment:
//消息最大字節數
- KAFKA_MESSAGE_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
//副本獲取最大字節數
- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024 # 99 * 1024 * 1024 B
//非一致性的leader選舉
- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false
environment:
//是唯一的非負整數ID進行標識,這個ID可以作為代理(Broker)的名字,值可以自定義,但是要確保唯一性
- KAFKA_BROKER_ID=1
//最小同步備份數,
- KAFKA_MIN_INSYNC_REPLICAS=2
//默認復制因子,其值小於kafka集群數量
- KAFKA_DEFAULT_REPLICATION_FACTOR=3
//kafka連接的zookpeer節點的集合
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
ports:
- 9092:9092
extra_hosts:
- "zookeeper0:192.168.152.160"
- "zookeeper1:192.168.152.156"
- "zookeeper2:192.168.152.157"
- "kafka0:192.168.152.160"
- "kafka1:192.168.152.156"
- "kafka2:192.168.152.157"
- "kafka3:192.168.152.161"