1. Description
The core of the blockchain network is a distributed ledger, which records all transaction information that occurs in the network.
Hyperledger Fabric is an open source, enterprise-grade, permissioned distributed ledger solution platform. Hyperledger Fabric is underpinned by a modular architecture and offers excellent security, scalability, flexibility, and extensibility. Hyperledger Fabric is designed to support different modular components to be directly plugged and activated, and can adapt to various complex scenarios in the economic ecosystem.
This article shares how to build a Hyperledger Fabric 2.4 environment under Centos and conduct a simple network test.
2. Environment preparation
2.1. Environmental dependencies
- Git client
- Golang 1.17.5 or above
- Docker 18.03 or later
2.2. Check the environment
Docker version
docker -v
Golang locale
go version
3. Fabric source code installation
3.1. Create directory
Create a Fabric folder under the GOPATH directory:
mkdir -p $GOPATH/src/github.com/hyperledger
3.2. Download source code
cd $GOPATH/src/github.com/hyperledger git clone https://gitee.com/hyperledger/fabric.git
Here we use the mirror warehouse of the domestic code cloud
3.3. Modify the installation script
If the local network access to github is smooth, you can ignore this step
Edit the bootstrap.sh file
vim $GOPATH/src/github.com/hyperledger/fabric/scripts/bootstrap.sh
- Change
https://github.com/hyperledger/fabric-samples.gittohttps://gitee.com/hyperledger/fabric-samples.git
- Note
pullBinaries
3.4. Execute the installation script
./bootstrap.sh
As shown in the figure below, after the script is successfully executed, a fabric-samples project and a bunch of fabric docker images will be downloaded:
Manually download the compiled compressed packages of fabric and fabric-ca respectively, and store them in the fabric/scripts/ directory:
Since the release package of the code cloud mirror warehouse only has source code, we need to compile it, so we can only find a way to download it from github.
https://github.com/hyperledger/fabric/releases/download/v2.4.1/hyperledger-fabric-linux-amd64-2.4.1.tar.gz
https://github.com/hyperledger/fabric-ca/releases/download/v1.5.2/hyperledger-fabric-ca-linux-amd64-1.5.2.tar.gz
Compress the compressed package to get two folders bin and config:
tar -zxvf hyperledger-fabric-linux-amd64-2.4.1.tar.gz tar -zxvf hyperledger-fabric-ca-linux-amd64-1.5.2.tar.gz
Execute the following command to copy the fabric-samples directory
cp -r bin fabric-samples/ cp -r config fabric-samples/
4. Start test-network test network
Enter the test-network directory
cd $GOPATH/src/github.com/hyperledger/fabric/scripts/fabric-samples/test-network
Execute the following command:
./network.sh up
If the following error message appears:
You need to modify the version of docker-compose, and edit the following files in the test-network directory:
vim docker/docker-compose-test-net.yaml vim docker/docker-compose-couch.yaml vim docker/docker-compose-ca.yaml vim addOrg3/docker/docker-compose-couch-org3.yaml vim addOrg3/docker/docker-compose-org3.yaml
Among them, modify version: '3.7' to version: '3.6' as shown below:
After modifying the configuration, re-execute:
./network.sh up
As shown in the figure below, one orderer node and two peer nodes have been successfully started:
So far, a test network based on Hyperledger Fabric has been built.
5. Test network usage
The help text of the script can be printed by executing the following command:
./network.sh -h
5.1. Creating a Channel
Now that we have peer nodes and orderers running on our machine, we can use the script to create a Fabric channel for transactions between Org1 and Org2.
A Fabric channel is a private communication layer between members of a particular network, a channel can only be used by organizations invited to join the channel, and is invisible to other members of the network. Each channel has a separate blockchain ledger, and invited organizations “join” their peer nodes to store their channel ledger and verify transactions. Establishing a channel is equivalent to establishing a sub-chain.
To use the network.sh script to create a channel between Org1 and Org2 and join their peers, execute the following command to create a channel:
./network.sh createChannel
After successful creation as shown in the figure below, the default name is mychannel
The channel name can be specified using -c, the following command will create a channel named channel1:
./network.sh createChannel -c channel1
5.2. Start a chaincode on the channel
After creating a channel, you can start using smart contracts to interact with the channel ledger. Smart contracts contain business logic for managing assets on the blockchain ledger. The application network run by members can call smart contracts on the ledger to create, change and transfer these assets. The application also queries through smart contracts to read on the ledger. fetch data.
In Fabric, smart contracts are deployed on the network as chaincodes in the form of software packages. Chaincode is installed on an organization’s peer nodes and then deployed to a channel where it can then be used to approve transactions and interact with the blockchain ledger. Before deploying a chaincode to a channel, members of the channel need to reach a consensus on the chaincode definition and establish chaincode governance. When the required number of organizations agrees, the chaincode definition can be committed to the channel and the chaincode can be used.
Once the channel is created, the network.sh script can be used to start the chaincode on the channel:
./network.sh deployCC -ccn basic -ccp ../asset-transfer-basic/chaincode-java -ccl java
- -ccn: to specify the chain code name
- -ccl: for the specified chain code language
The deployCC subcommand will install asset-transfer- basic chaincode, if the chaincode is deployed for the first time, the script will install the chaincode’s dependencies. By default, the script installs the Go version of the asset-transfer-basic chaincode, and can pass the parameter -ccl to install the Java or javascript version of the chaincode.
5.3. Interacting with the network
After enabling the test network, you can use the peer cli client to interact with the network. Through the peer cli client, you can call the deployed smart contract, update the channel, or install and Deploy a new smart contract.
First make sure that the operation directory is the test-network directory, for example, my directory is:
The following operations need to be performed in the test-network directory:
Execute the following command to add the cli client to the environment variable:
export PATH=${PWD}/../bin:$PATH
You also need to set FABRIC_CFG_PATH in the fabric-samples repository to point to the core.yaml file in it:
export FABRIC_CFG_PATH=$PWD/../config/
Set environment variables that allow org1 to operate the peer cli:
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=localhost:7051
The CORE_PEER_TLS_ROOTCERT_FILE and CORE_PEER_MSPCONFIGPATH environment variables point to the encryption material in Org1’s organizations folder.
Execute the following command to initialize the ledger with some assets:
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/ tlsca.example.com-cert.pem -C mychannel -n basic --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls /ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"function" :"InitLedger","Args":[]}'
Successful execution will return Chaincode invoke successful. result: status:200 as shown in the figure below:
Execute the following command to query the asset list in the channel ledger:
peer chaincode query -C mychannel -n basic -c '{"Args":["GetAllAssets"]}'
6. Turn off the network
After using the test network, execute the following command to close the network:
./network.sh down
This command will stop and delete the node and chaincode container, delete the organization encryption material, and remove the chaincode image from Docker Registry, and also delete the previously run channel project:
7. Create a network with a certificate authority
Hyperledger Fabric uses public key infrastructure (PKI) to verify the actions of all network participants. Every node, network administrator, and transaction submitted by users needs to have a public certificate and private key to verify their identity.
By default, the script creates certificates and keys using the cryptogen tool, which is used for development and testing, and can quickly create the required cryptographic material for a Fabric organization with a valid root trust.
The test network script also provides the option to start a network using a certificate authority (CA). Each organization in the network operates a CA (or multiple intermediate CAs) to create their own organizational identity, and all identities created by the CAs run by that organization share the same organizational root of trust.
First run the following command to shut down all running networks:
./network.sh down
Start the network with the CA parameter:
./network.sh up -ca
After executing the command successfully, you can see that three CAs have been started through the printed docker container, one for each organization in the network:
You can view the Org1 admin user’s MSP folder structure and files with the tree command:
tree organizations/peerOrganizations/org1.example.com/users/[email protected]/
Among them, the signcerts folder stores the certificate of the administrator user, and the keystore folder stores the private key.
References
- https://hyperledger-fabric.readthedocs.io/en/latest/whatis.html