透過 docker-compose 手動部署 fabric 區塊鏈服務

--- tags: 套件部署,BlockChain GA: UA-79596126-4 title: 透過 docker-compose 手動部署 fabric 區塊鏈服務 --- ###### 作者: 史綽琳 ###### 撰寫日期: 2021/02/01 {%hackmd BJrTq20hE %} # 手動部署 fabric 區塊鏈服務前篇已經說明完飯利用的 fabric-sample 的環境部署了，接著讓我們來聊聊實際應用的情境吧；正常來說一個服務都會使用虛擬化的技術來降低整體耗能跟可靠性提升，我想這應該都不需要再多說明了，所以今天這篇主要來聊聊一個正常的服務配置會長什麼樣子吧! 我們一樣透過 fabric-sample 來做衍生，修改我們自己的 docker-compose.yaml、規劃我們自己想要的架構吧! [TOC] ## 前回提要我：需要什麼套件之類的我們在這邊還要說一次嗎?(說吧說吧!!) 老大：說一下吧，畢竟不會有人想要再回去看你之前寫過的SOP 我：(心中吶喊: 那我之前寫辛酸啊!?) 那我這邊就快速帶過摟? 老大：OKOK! 我：哀... 基本套件 ```bash $ sudo apt update && sudo apt upgrade -y $ sudo apt-get install git curl wget -y ``` 安裝 docker ```bash $ sudo apt-get -y install docker-compose $ sudo usermod -aG docker ${USER} ===> logout and login are needed after adding docker group, check everything is ok with the command below $ id -nG ``` 安裝 go ```bash $ wget https://golang.org/dl/go1.15.2.linux-amd64.tar.gz $ sudo tar -xvf go1.15.2.linux-amd64.tar.gz $ sudo chown -R root:root ./go $ sudo mv go /usr/local $ sudo ln -s /usr/local/go/bin/go /usr/bin/go $ go version ``` 取得 fabric-sample ```bash # 若後續均不接任何版本資訊，則預設抓最新版本 $ curl -sSL http://bit.ly/2ysbOFE | bash # 若取得特定版本，則在後方接版本編號 $ curl -sSL http://bit.ly/2ysbOFE | bash -s -- <fabric_version> <fabric-ca_version> <thirdparty_version> $ curl -sSL http://bit.ly/2ysbOFE | bash -s -- 2.2 ``` 好了這樣應該就沒意見了吧! 那我們來看看架構吧 (笑) ## 部署架構 ![](https://i.imgur.com/kbMOLNj.jpg) 如上圖所示，我拿了四台虛擬機來進行 fabric 環境的部署，預計要弄出這樣的環境出來 * 5個 orderer * 2個 organization * 4個 peer * 1個 channel * 1個 chaincode * 1個 CLI 四台主機的規格 | Hostname | CPU | Memory | Disk | IP | | ----- | - | ---- | ----- | -------------- | | host1 | 2 | 4 GB | 40 GB | 192.168.131.19 | | host2 | 2 | 4 GB | 40 GB | 192.168.131.18 | | host3 | 2 | 4 GB | 40 GB | 192.168.131.20 | | host3 | 2 | 4 GB | 40 GB | 192.168.131.21 | ## 設定docker swam overlay network 進入 Master (此範例為host1) 的環境 ```bash $ docker swarm init --advertise-addr <host-1 ip address> $ docker swarm join-token manager ``` ![](https://i.imgur.com/e21zBUb.png) 使用剛剛產生的「join-token manager」，將其他節點加入該docker swam 以下指令分別在host2、3、4執行 ```bash $ <output from join-token manager> --advertise-addr <host n ip> # host 2 $ docker swarm join --token SWMTKN-1-2mh8ipqr40z1ej619vy18xjjxbnnmix3qjgqokszn948gagitd-akj0ue2157isiie55rek5euqs 192.168.131.19:2377 --advertise-addr 192.168.131.18 # host 3 $ docker swarm join --token SWMTKN-1-2mh8ipqr40z1ej619vy18xjjxbnnmix3qjgqokszn948gagitd-akj0ue2157isiie55rek5euqs 192.168.131.19:2377 --advertise-addr 192.168.131.20 # host 4 $ docker swarm join --token SWMTKN-1-2mh8ipqr40z1ej619vy18xjjxbnnmix3qjgqokszn948gagitd-akj0ue2157isiie55rek5euqs 192.168.131.19:2377 --advertise-addr 192.168.131.21 ``` 完成後，新增一個overlay的網路，此範例中取名叫做first-network 以下命令在 host1 操作 ```bash $ docker network create --attachable --driver overlay first-network ``` 新增完成後，可以至各節點透過以下指令檢查是否均有first-network (**其他節點也可以看到相同ID**) ```bash $ docker network ls ``` ![](https://i.imgur.com/MDAW7I9.png) ## 設定fabric網路的相關設定從理論上講，我們只需要確保身份（證書和簽名密鑰）遵循所需的方案即可。組織的證書（例如org1）由同一CA（ca.org1）頒發並簽名。這通過使用密碼原來確保。為簡單起見，在此演示中，我們在 host1 中創建所有資料，然後將整個目錄複製到其他主機。以下指令均在 host1 運行 --- 將本次範例的檔案區分開來 ```bash $ cd fabric-samples $ mkdir raft-4node-swarm $ cd raft-4node-swarm ``` 將初始設定yaml放入資料夾 (crypto-config.yaml & configtx.yaml) ```bash $ cp ../first-network/crypto-config.yaml . $ cp ../first-network/configtx.yaml . ``` 生成所需憑證與金鑰 ```bash $ ../bin/cryptogen generate --config=./crypto-config.yaml $ export FABRIC_CFG_PATH=$PWD $ mkdir channel-artifacts $ ../bin/configtxgen -profile SampleMultiNodeEtcdRaft -outputBlock ./channel-artifacts/genesis.block $ ../bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID mychannel $ ../bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID mychannel -asOrg Org1MSP $ ../bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID mychannel -asOrg Org2MSP ``` 接著，撰寫各個節點所需要的 peer 與 orderer 的相關設定檔，總共有六個檔案： base/peer-base.yaml ```yaml # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # version: '2' services: peer-base: image: hyperledger/fabric-peer:$IMAGE_TAG environment: - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock # the following setting starts chaincode containers on the same # bridge network as the peers # https://docs.docker.com/compose/networking/ - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=first-network - FABRIC_LOGGING_SPEC=INFO #- FABRIC_LOGGING_SPEC=DEBUG - CORE_PEER_TLS_ENABLED=true - CORE_PEER_GOSSIP_USELEADERELECTION=true - CORE_PEER_GOSSIP_ORGLEADER=false - CORE_PEER_PROFILE_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer command: peer node start orderer-base: image: hyperledger/fabric-orderer:$IMAGE_TAG environment: - FABRIC_LOGGING_SPEC=INFO - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 - ORDERER_GENERAL_GENESISMETHOD=file - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block - ORDERER_GENERAL_LOCALMSPID=OrdererMSP - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp # enabled TLS - ORDERER_GENERAL_TLS_ENABLED=true - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1 - ORDERER_KAFKA_VERBOSE=true - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] working_dir: /opt/gopath/src/github.com/hyperledger/fabric command: orderer ``` - base/docker-compose-base.yaml ```yaml # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # version: '2' services: orderer.example.com: container_name: orderer.example.com extends: file: peer-base.yaml service: orderer-base volumes: - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls - orderer.example.com:/var/hyperledger/production/orderer ports: - 7050:7050 peer0.org1.example.com: container_name: peer0.org1.example.com extends: file: peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer0.org1.example.com - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.example.com:7051 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 - CORE_PEER_LOCALMSPID=Org1MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls - peer0.org1.example.com:/var/hyperledger/production ports: - 7051:7051 peer1.org1.example.com: container_name: peer1.org1.example.com extends: file: peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer1.org1.example.com - CORE_PEER_ADDRESS=peer1.org1.example.com:7051 - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 - CORE_PEER_CHAINCODEADDRESS=peer1.org1.example.com:7052 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:7051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051 - CORE_PEER_LOCALMSPID=Org1MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls - peer1.org1.example.com:/var/hyperledger/production ports: - 7051:7051 peer0.org2.example.com: container_name: peer0.org2.example.com extends: file: peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer0.org2.example.com - CORE_PEER_ADDRESS=peer0.org2.example.com:7051 - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 - CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:7052 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:7051 - CORE_PEER_LOCALMSPID=Org2MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls - peer0.org2.example.com:/var/hyperledger/production ports: - 7051:7051 peer1.org2.example.com: container_name: peer1.org2.example.com extends: file: peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer1.org2.example.com - CORE_PEER_ADDRESS=peer1.org2.example.com:7051 - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 - CORE_PEER_CHAINCODEADDRESS=peer1.org2.example.com:7052 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:7051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051 - CORE_PEER_LOCALMSPID=Org2MSP volumes: - /var/run/:/host/var/run/ - ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/etc/hyperledger/fabric/msp - ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/etc/hyperledger/fabric/tls - peer1.org2.example.com:/var/hyperledger/production ports: - 7051:7051 ``` - host1.yaml ```yaml # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # version: '2' volumes: orderer.example.com: orderer5.example.com: peer0.org1.example.com: networks: byfn: external: name: first-network services: orderer.example.com: extends: file: base/docker-compose-base.yaml service: orderer.example.com container_name: orderer.example.com networks: - byfn orderer5.example.com: extends: file: base/peer-base.yaml service: orderer-base container_name: orderer5.example.com networks: - byfn volumes: - ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ./crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/msp:/var/hyperledger/orderer/msp - ./crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/:/var/hyperledger/orderer/tls - orderer5.example.com:/var/hyperledger/production/orderer ports: - 8050:7050 peer0.org1.example.com: container_name: peer0.org1.example.com extends: file: base/docker-compose-base.yaml service: peer0.org1.example.com networks: - byfn cli: container_name: cli image: hyperledger/fabric-tools:$IMAGE_TAG tty: true stdin_open: true environment: - SYS_CHANNEL=$SYS_CHANNEL - GOPATH=/opt/gopath - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock #- FABRIC_LOGGING_SPEC=DEBUG - FABRIC_LOGGING_SPEC=INFO - CORE_PEER_ID=cli - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 - CORE_PEER_LOCALMSPID=Org1MSP - CORE_PEER_TLS_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer command: /bin/bash volumes: - /var/run/:/host/var/run/ - ./../chaincode/:/opt/gopath/src/github.com/chaincode - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts depends_on: - orderer.example.com - peer0.org1.example.com networks: - byfn ``` - host2.yaml ```yaml # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # version: '2' volumes: orderer2.example.com: peer1.org1.example.com: networks: byfn: external: name: first-network services: orderer2.example.com: extends: file: base/peer-base.yaml service: orderer-base container_name: orderer2.example.com networks: - byfn volumes: - ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/var/hyperledger/orderer/msp - ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/:/var/hyperledger/orderer/tls - orderer2.example.com:/var/hyperledger/production/orderer ports: - 7050:7050 peer1.org1.example.com: container_name: peer1.org1.example.com extends: file: base/docker-compose-base.yaml service: peer1.org1.example.com networks: - byfn ``` - host3.yaml ```yaml # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # version: '2' volumes: orderer3.example.com: peer0.org2.example.com: networks: byfn: external: name: first-network services: orderer3.example.com: extends: file: base/peer-base.yaml service: orderer-base container_name: orderer3.example.com networks: - byfn volumes: - ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ./crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/msp:/var/hyperledger/orderer/msp - ./crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/:/var/hyperledger/orderer/tls - orderer3.example.com:/var/hyperledger/production/orderer ports: - 7050:7050 peer0.org2.example.com: container_name: peer0.org2.example.com extends: file: base/docker-compose-base.yaml service: peer0.org2.example.com networks: - byfn ``` - host4.yaml ```yaml # Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # version: '2' volumes: orderer4.example.com: peer1.org2.example.com: networks: byfn: external: name: first-network services: orderer4.example.com: extends: file: base/peer-base.yaml service: orderer-base container_name: orderer4.example.com networks: - byfn volumes: - ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ./crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/msp:/var/hyperledger/orderer/msp - ./crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/:/var/hyperledger/orderer/tls - orderer4.example.com:/var/hyperledger/production/orderer ports: - 7050:7050 peer1.org2.example.com: container_name: peer1.org2.example.com extends: file: base/docker-compose-base.yaml service: peer1.org2.example.com networks: - byfn ``` - .env ```yaml COMPOSE_PROJECT_NAME=net IMAGE_TAG=latest SYS_CHANNEL=byfn-sys-channel ``` 1. 在資料夾「base」底下的是定義出每個peer與order的基本狀態，包含透過TLS加密溝通、peer跟order的位址、使用的金鑰憑證等。 2. 其餘的host1~host4.yaml的檔案則是該主機上要啟動的peer和order的指令，同時告訴他們要在哪個網路上溝通 3. 最後的.env則是定義在部署fabric網路中會使用到的參數完成後，將在 host1 定義完成的設定檔傳至剩餘的 host 2 ~ host 4主機中(如果你是在各個host端放各自的檔案的話，請省略此步驟) ```bash # in host 1 $ cd .. $ tar cf raft-4node-swarm.tar raft-4node-swarm/ $ scp raft-4node-swarm.tar max@192.168.131.18:/home/max/fabric-samples/ $ scp raft-4node-swarm.tar max@192.168.131.20:/home/max/fabric-samples/ $ scp raft-4node-swarm.tar max@192.168.131.21:/home/max/fabric-samples/ ``` ## 在各節點運行所需container 透過 docker-compoes 將各節點的 yaml 檔案啟動 ```bash # host 1 $ docker-compose -f host1.yaml up -d ``` ```bash # host 2 $ docker-compose -f host2.yaml up -d ``` ```bash # host 3 $ docker-compose -f host3.yaml up -d ``` ```bash # host 4 $ docker-compose -f host4.yaml up -d ``` ## 建立通道並將全部 peer 加入其中由於我們 CLI 環境只有在 host1 安裝，因此以下指令均在 host1 的介面執行產生通道初始區塊 ```bash $ docker exec cli peer channel create -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem ``` 將 peer0.org1 將入通道 ```bash $ docker exec cli peer channel join -b mychannel.block ``` 將 peer1.org1 將入通道 ```bash $ docker exec -e CORE_PEER_ADDRESS=peer1.org1.example.com:7051 -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt cli peer channel join -b mychannel.block ``` 將 peer0.org2 將入通道 ```bash $ docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp -e CORE_PEER_ADDRESS=peer0.org2.example.com:7051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt cli peer channel join -b mychannel.block ``` 將 peer1.org2 將入通道 ```bash $ docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp -e CORE_PEER_ADDRESS=peer1.org2.example.com:7051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt cli peer channel join -b mychannel.block ``` ## 安裝並實例化chaincode 將 chaincode 安裝在各 peer 節點中 ```bash # to peer0.org1 $ docker exec cli peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/fabcar/go/ # to peer1.org1 $ docker exec -e CORE_PEER_ADDRESS=peer1.org1.example.com:7051 -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt cli peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/fabcar/go/ # to peer0.org2 $ docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp -e CORE_PEER_ADDRESS=peer0.org2.example.com:7051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt cli peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/fabcar/go/ # to peer1.org2 $ docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp -e CORE_PEER_ADDRESS=peer1.org2.example.com:7051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt cli peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/fabcar/go/ ``` 啟動該 chaincode ```bash $ docker exec cli peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n mycc -v 1.0 -c '{"Args":[]}' -P "AND ('Org1MSP.peer','Org2MSP.peer')" ``` ## 測試結果為了進行演示，並根據Fabcar的設計，首先調用「initLedger」函數將10條汽車記錄預加載到分類帳中。 ```bash $ docker exec cli peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["initLedger"]}' ``` 之後，便可以從任意的 peer 節點查詢汽車記錄。 ```bash # from peer0.org1 $ docker exec cli peer chaincode query -n mycc -C mychannel -c '{"Args":["queryCar","CAR0"]}' # from peer1.org1 $ docker exec -e CORE_PEER_ADDRESS=peer1.org1.example.com:7051 -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt cli peer chaincode query -n mycc -C mychannel -c '{"Args":["queryCar","CAR0"]}' # from peer0.org2 $ docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp -e CORE_PEER_ADDRESS=peer0.org2.example.com:7051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt cli peer chaincode query -n mycc -C mychannel -c '{"Args":["queryCar","CAR0"]}' # from peer1.org2 $ docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp -e CORE_PEER_ADDRESS=peer1.org2.example.com:7051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt cli peer chaincode query -n mycc -C mychannel -c '{"Args":["queryCar","CAR0"]}' ``` ![](https://i.imgur.com/k4EQAHx.png) 可以發現不管透過哪一個 peer 節點，query 出來的結果均相同接著進行資產轉移，此次範例中我們指定透過 **orderer3.example.com** 作為排序點 (也可以指定其他的或是不指定)，再透過其他 peer 節點檢視是否成功更換 ```bash $ docker exec cli peer chaincode invoke -o orderer3.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["changeCarOwner","CAR0","KC"]}' # from peer0.org1 $ docker exec cli peer chaincode query -n mycc -C mychannel -c '{"Args":["queryCar","CAR0"]}' # from peer1.org2 $ docker exec -e CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp -e CORE_PEER_ADDRESS=peer1.org2.example.com:7051 -e CORE_PEER_LOCALMSPID="Org2MSP" -e CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt cli peer chaincode query -n mycc -C mychannel -c '{"Args":["queryCar","CAR0"]}' ``` ![](https://i.imgur.com/60E1fnY.png) ## 清空環境完成以上 demo 後，若想關閉此環境，則須在各節點中下以下指令 ```bash # each host $ docker-compose -f hostn.yaml down -v ```