Directory
1. Network service configuration
2. Associated docker-compose-base.yaml
Each Peer node container sets the following information.
3. Associated Peer-base.yaml
4. Start the network
2. Complete the creation of the channel
2.1 Add the node to the application channel
update anchor node
2. Why create a node and add it to the application channel?
1. Network service configuration
Due to the need to start multiple network nodes, Hyperledger Fabric uses container technology, so a simplified
way to centralize the management of these node containers. We use the tool docker-compose to achieve one-step section
Point container management, and only need to write the corresponding configuration file.
Hyperledger Fabric also provides a sample configuration file for the docker–compose tool, which is in
In the fabric-samples/first-network directory, the file name is docker-compose-.cli.yaml, open this configuration file
You can see the complete content as follows:
# Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # version: '2' volumes: orderer.example.com: peer0.org1.example.com: peer1.org1.example.com: peer0.org2.example.com: peer1.org2.example.com: networks: byfn: services: orderer.example.com: extends: file: base/docker-compose-base.yaml service: orderer.example.com container_name: orderer.example.com networks: -byfn peer0.org1.example.com: container_name: peer0.org1.example.com extends: file: base/docker-compose-base.yaml service: peer0.org1.example.com networks: -byfn peer1.org1.example.com: container_name: peer1.org1.example.com extends: file: base/docker-compose-base.yaml service: peer1.org1.example.com networks: -byfn peer0.org2.example.com: container_name: peer0.org2.example.com extends: file: base/docker-compose-base.yaml service: peer0.org2.example.com networks: -byfn peer1.org2.example.com: container_name: peer1.org2.example.com extends: file: base/docker-compose-base.yaml service: peer1.org2.example.com networks: -byfn cli: container_name: cli image: hyperledger/fabric-tools:$IMAGE_TAG tty: true stdin_open: true environment: - GOPATH=/opt/gopath - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock #- CORE_LOGGING_LEVEL=DEBUG - CORE_LOGGING_LEVEL=INFO - CORE_PEER_ID=cli - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 - CORE_PEER_LOCALMSPID=Org1MSP - CORE_PEER_TLS_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer command: /bin/bash volumes: - /var/run/:/host/var/run/ - ./../chaincode/:/opt/gopath/src/github.com/chaincode - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts depends_on: - orderer.example.com - peer0.org1.example.com - peer1.org1.example.com - peer0.org2.example.com - peer1.org2.example.com networks: -byfn
It can be seen from the above configuration information that the configuration file specifies the information of each node container in the network (a total of 6 containers, that is, 1 Orderer, 4 Peers belonging to 2 Orgs organizations, and 1 CLI). If you observe carefully, you will find that the Orderer and each Peer container have set container_name and networks information; other information is pointed to the base/docker–compose-base.yaml file by extends.
The CLI container specifies the represented Peer node (CORE_PEER_ADDRESS=peero.orgl.example.
com:7051), specifies the mapping of the chaincode, organizational structure, certificates, and generated configuration files in the system through volumes
Go to the directory specified in the container, and specify the dependent container through the depends_on attribute.
2. Associated docker-compose-base.yaml
In the docker-compose-.cli.yaml configuration file, extends.file points to a base/docker-compose-
The configuration file of base.yaml, which specifies the main configuration information of the Orderer node and the Peer node.
The Orderer node container sets the following information.
1) environment: This part mainly focuses on the following core configuration information.
- ORDERER GENERAL GENESISFILE: Specifies the path of the initial block in the Orderer container, and the mapping from the host to Docker is specified by /channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block in volumes.
- ORDERER GENERAL LOCALMSPID: Specify the unique MSPID of the current Orderer container.
- ORDERER GENERAL LOCALMSPDIR: Specifies the path where the MSP of the current Orderer container is located.
- ORDERER GENERAL_TLS_ENABLED: Whether to enable TLS verification.
- ORDERER GENERAL TLS PRIVATEKEY: Specify the path where the private key is located.
- ORDERER GENERAL TLS CERTIFICAT: Specify the path where the certificate is located.
- ORDERER GENERAL TLS ROOTCAS: Specifies the path where the trusted CA root certificate is located.
2) working_dir: The default working directory after entering the container.
3) volumes: The initial block configuration file, MSP, and TLS directories in the specified system are mapped to the specified path in the Docker container.
4) pots: Specify the listening port of the current node.
The following information is set for each Peer node container.
1) extends: which file the basic information comes from.
2) environment: specify the D of the container, the listening address and port number, and the local MSPID, which are roughly the same as the environment part in the Orderer.
3) volumes: map the msp and tls directories of the system to the specified path in the container.
4) ports: specify the listening port of the current node.
The configuration file information is as follows:
# Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # version: '2' services: orderer.example.com: container_name: orderer.example.com image: hyperledger/fabric-orderer:$IMAGE_TAG environment: - ORDERER_GENERAL_LOGLEVEL=INFO - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 -ORDERER_GENERAL_GENESISMETHOD=file - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block - ORDERER_GENERAL_LOCALMSPID=OrdererMSP - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp # enabledTLS - ORDERER_GENERAL_TLS_ENABLED=true - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] working_dir: /opt/gopath/src/github.com/hyperledger/fabric command: orderer volumes: - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls - orderer.example.com:/var/hyperledger/production/orderer ports: - 7050:7050 peer0.org1.example.com: container_name: peer0.org1.example.com extends: file: peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer0.org1.example.com - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.example.com:7051 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 - CORE_PEER_LOCALMSPID=Org1MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls - peer0.org1.example.com:/var/hyperledger/production ports: - 7051:7051 - 7053:7053 peer1.org1.example.com: container_name: peer1.org1.example.com extends: file: peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer1.org1.example.com - CORE_PEER_ADDRESS=peer1.org1.example.com:7051 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:7051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051 - CORE_PEER_LOCALMSPID=Org1MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls - peer1.org1.example.com:/var/hyperledger/production ports: - 8051:7051 -8053:7053 peer0.org2.example.com: container_name: peer0.org2.example.com extends: file: peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer0.org2.example.com - CORE_PEER_ADDRESS=peer0.org2.example.com:7051 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:7051 - CORE_PEER_LOCALMSPID=Org2MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls - peer0.org2.example.com:/var/hyperledger/production ports: -9051:7051 -9053:7053 peer1.org2.example.com: container_name: peer1.org2.example.com extends: file: peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer1.org2.example.com - CORE_PEER_ADDRESS=peer1.org2.example.com:7051 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:7051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051 - CORE_PEER_LOCALMSPID=Org2MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/etc/hyperledger/fabric/tls - peer1.org2.example.com:/var/hyperledger/production ports: - 10051:7051 - 10053:7053
3. Associated Peer-base.yaml
In the base/docker–compose-base.yaml configuration file, extends.file points to a peer-base.
yaml configuration file, which sets the basic common information of all Peer containers, its core configuration information
as follows.
- CORE PEER_TLS_ENABLED: Specifies whether to enable TLS verification.
- CORE PEER GOSSIP_USELEADERELECTION: Specifies to use the election method.
- CORE PEER GOSSIP ORGLEADER: Specify whether to set the current node as Leader.
- CORE PEER TLS CERT FILE: Specifies the path where the TLS certificate is located.
- CORE_PEER TLS_KEY FILE: Specify the path where the key is located.
- CORE PEER TLS ROOTCERT FILE: Specifies the path where the trusted CA root certificate is located.
The complete content of the configuration file is as follows:
# Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # version: '2' services: peer-base: image: hyperledger/fabric-peer:$IMAGE_TAG environment: - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock # the following setting starts chaincode containers on the same # bridge network as the peers # https://docs.docker.com/compose/networking/ - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn - CORE_LOGGING_LEVEL=INFO #- CORE_LOGGING_LEVEL=DEBUG - CORE_PEER_TLS_ENABLED=true - CORE_PEER_GOSSIP_USELEADERELECTION=true - CORE_PEER_GOSSIP_ORGLEADER=false - CORE_PEER_PROFILE_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer command: peer node start
4. Start the network
After all the files required for the Hyperledger Fabric network environment are created and configured (organizational structure and identity certificates, initial block files, channel transaction configuration files, and anchor node update configuration files), the network can be started.
The following uses the installed docker-.compose tool to conveniently start all nodes of the Hyperledger Fabric network through its commands:
sudo docker-compose -f docker-compose-cli.yaml up -d
sudo docker-compose -f docker-compose-cil.yaml up -d
is a command-line instruction to start a service when using Docker Compose to manage containerized applications.The different parts of this command are explained below:
sudo
: This is a privileged command on a Linux or Unix system, used to execute subsequent commands as a super user (root). It may require administrator privileges to run.docker-compose
: This is a command-line tool for defining and managing applications composed of multiple Docker containers through a configuration file (usually docker-compose.yaml or similar). It simplifies the container orchestration and deployment process.-f docker-compose-cil.yaml
: This is an option that specifies the path to the Docker Compose configuration file to use. In this example, the configuration file is nameddocker-compose-cil.yaml
.up
: This is a docker-compose command to start the services defined in the application. It will create and start the corresponding container according to the configuration file.-d
: This is an option to run the container in the background. Even if you close the terminal window, the container will continue to run.Therefore, the
sudo docker-compose -f docker-compose-cil.yaml up -d
command will read thedocker-compose-cil.yaml
configuration file and define it according to The service starts the corresponding container. These containers will run in the background so that other operations can continue without affecting their operation.
Use the docker ps command to see that all 6 nodes are started.
2. Complete the creation of the channel
Concept: Channel is to divide a large network into different private “subnets”. After division, multiple subnets can be called multi-channel.
Function: The channel provides a communication mechanism that can connect Peer and Orderer together to form a communication link (virtual) with confidentiality, so as to realize the isolation of distributed ledger data.
To join a channel, each node must have its own identity obtained through the MSP.
Specific steps:
1. Enter the CLI container specified by the docker-compose-cli.yaml configuration file
Execute the following Docker command to enter the specified CLI container (subsequent operations are performed in the CLI container):
sudo docker exec -it cli bash
sudo
: It is a command in Linux/Unix system, which is used to run subsequent commands with superuser privileges. If the current user does not have sufficient permissions to perform Docker-related operations, you can use thesudo
command to obtain temporary superuser permissions.
docker
: This is the command-line client tool for the Docker engine. It is used to communicate with the Docker daemon and perform operations related to containers and images.
exec
: This is a subcommand of the Docker command line client to execute commands in a running container.
-it
: This is one of the options of thedocker exec
command, which is used to specify the interactive terminal and standard input stream (stdin) connected to the TTY (terminal) of the container.
cli
: This is the name or ID of the container.cli
here represents the target container to execute the command.
bash
: This is the command to be executed in the container.bash
is a common Unix/Linux command line interpreter. By executing thebash
command, we can start an interactive command line shell in the container.
If the command is successfully executed, the command prompt will change to something similar to the following (representing successful entry into the CLI container):
Among them, the content behind the @ symbol will display different content according to different devices.
2. Create an application channel
- Check that the environment variable is set correctly:
echo $CHANNEL_NAME
2. Set environment variables
export CHANNEL_NAME=mychannel
Note: The channel name set must be the same as the channel name specified when creating the channel transaction configuration file.
3. Create a channel
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric /peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
The following is an explanation of each part of the command:
peer
: This is a command-line client tool for Hyperledger Fabric, which is used to interact with the Fabric network and perform corresponding operations.
channel create
: This is a subcommand of thepeer
command, used to create a new channel in the Fabric network.
-o orderer.example.com:7050
: This specifies the address and port number of the orderer to connect to. In this example, theorderer.example.com
address and7050
port are used.
-c $CHANNEL_NAME
: This specifies the name of the channel to create.$CHANNEL_NAME
is a variable, indicating that the channel name can be replaced according to the actual situation.
-f ./channel-artifacts/channel.tx
: This is the path and filename of the specified channel configuration file. Thechannel.tx
file contains configuration information about the channel, such as organization, anchor nodes, etc.
--tls
: This is the option to enable TLS (Transport Layer Security) connections. By using TLS, the security of communication can be guaranteed.
--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert .pem
: This is the path and filename that specifies the TLS CA (Certificate Authority) file used to authenticate communications. Here, using/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com- cert.pem
file for verification.
2.1 Adding nodes to the application channel
Member nodes of organizations included in the application channel can join the channel:
peer channel join -b mychannel.block
Parameter Description:
- join — Join the current Peer node into the application channel.
- -b — Specifies which application channel the current node will join/connect to.
After success, the interface is as follows:
Update Anchor Node
Update the anchor node configuration using Org1’s admin identity:
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric /peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
Update the anchor node configuration using Org2’s admin identity:
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt root@ac15c364fb7f:/opt/gopath/src/github.com/hyperledger/fabric/peer# peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org2MSPanchors.tx -- tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2. Why create a node and add it to the application channel?
Create an application channel transaction configuration file, you can specify which organizations can join in the created application channel and specify the corresponding permissions; each transaction on the network needs to be executed in a specified channel; in the channel, the transaction must pass through the channel’s Authentication and authorization. Each node that wants to join a channel must have its own identity obtained through the MSP, which is used to identify what node and service each node is in the channel.