在多个主机上启动Hyperledger Composer

时间:2018-09-26 14:27:12

标签: docker hyperledger-fabric hyperledger docker-swarm

我正在使用Hyperledger Fabric网络部署在带有2个VirtualBox Ubuntu映像的docker群上。网络功能全面,所有对等点都加入了通道并更新了锚点对等点。我正在关注Composer多主机教程:https://hyperledger.github.io/composer/latest/tutorials/deploy-to-fabric-multi-org

网络设置:

Host1:订购者,Peer1.Org1,Peer2.Org1,CLI

主机2:Peer1.Org2,Peer2.Org2

connectionProfileManager.json 是我用于Manager组织的连接json。

{
    "name": "example-network",
    "x-type": "hlfv1",
    "version": "1.0.0",
    "channels": {
        "mychannel": {
            "orderers": [
                "orderer.example.com"
            ],
            "peers": {
                "peer0.manager.example.com": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "ledgerQuery": true,
                    "eventSource": true
                },
                "peer1.manager.example.com": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "ledgerQuery": true,
                    "eventSource": true
                },
                "peer0.sponsor.example.com": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "ledgerQuery": true,
                    "eventSource": true
                },
                "peer1.sponsor.example.com": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "ledgerQuery": true,
                    "eventSource": true
                }
            }
        }
    },
    "organizations": {
        "Manager": {
            "mspid": "ManagerMSP",
            "peers": [
                "peer0.manager.example.com",
                "peer1.manager.example.com"
            ],
            "certificateAuthorities": [
                "ca.manager.example.com"
            ]
        },
        "Sponsor": {
            "mspid": "SponsorMSP",
            "peers": [
                "peer0.sponsor.example.com",
                "peer1.sponsor.example.com"
            ],
            "certificateAuthorities": [
                "ca.sponsor.example.com"
            ]
        }
    },
    "orderers": {
        "orderer.example.com": {
            "url": "grpcs://localhost:7050",
            "grpcOptions": {
                "ssl-target-name-override": "orderer.example.com"
            },
            "tlsCACerts": {
                "pem": "INSERT_ORDERER_CA_CERT"
            }
        }
    },
    "peers": {
        "peer0.manager.example.com": {
            "url": "grpcs://localhost:7051",
            "eventUrl": "grpcs://localhost:7053",
            "grpcOptions": {
                "ssl-target-name-override": "peer0.manager.example.com"
            },
            "tlsCACerts": {
                "pem": "INSERT_MANAGER_CA_CERT"
            }
        },
        "peer1.manager.example.com": {
            "url": "grpcs://localhost:8051",
            "eventUrl": "grpcs://localhost:8053",
            "grpcOptions": {
                "ssl-target-name-override": "peer1.manager.example.com"
            },
            "tlsCACerts": {
                "pem": "INSERT_MANAGER_CA_CERT"
            }
        },
        "peer0.sponsor.example.com": {
            "url": "grpcs://10.0.2.5:9051",
            "eventUrl": "grpcs://10.0.2.5:9053",
            "grpcOptions": {
                "ssl-target-name-override": "peer0.sponsor.example.com"
            },
            "tlsCACerts": {
                "pem": "INSERT_SPONSOR_CA_CERT"
            }
        },
        "peer1.sponsor.example.com": {
            "url": "grpcs://10.0.2.5:10051",
            "eventUrl": "grpcs://10.0.2.5:10053",
            "grpcOptions": {
                "ssl-target-name-override": "peer1.sponsor.example.com"
            },
            "tlsCACerts": {
                "pem": "INSERT_SPONSOR_CA_CERT"
            }
        }
    },
    "certificateAuthorities": {
        "ca.manager.example.com": {
            "url": "https://localhost:7054",
            "caName": "ca-manager",
            "httpOptions": {
                "verify": false
            }
        },
        "ca.sponsor.example.com": {
            "url": "https://10.0.2.5:8054",
            "caName": "ca-sponsor",
            "httpOptions": {
                "verify": false
            }
        }
    }
}

connectionProfileSponsor.json 是我用于发起人组织的连接json。

{
    "name": "example-network",
    "x-type": "hlfv1",
    "version": "1.0.0",
    "channels": {
        "mychannel": {
            "orderers": [
                "orderer.example.com"
            ],
            "peers": {
                "peer0.manager.example.com": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "ledgerQuery": true,
                    "eventSource": true
                },
                "peer1.manager.example.com": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "ledgerQuery": true,
                    "eventSource": true
                },
                "peer0.sponsor.example.com": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "ledgerQuery": true,
                    "eventSource": true
                },
                "peer1.sponsor.example.com": {
                    "endorsingPeer": true,
                    "chaincodeQuery": true,
                    "ledgerQuery": true,
                    "eventSource": true
                }
            }
        }
    },
    "organizations": {
        "Manager": {
            "mspid": "ManagerMSP",
            "peers": [
                "peer0.manager.example.com",
                "peer1.manager.example.com"
            ],
            "certificateAuthorities": [
                "ca.manager.example.com"
            ]
        },
        "Sponsor": {
            "mspid": "SponsorMSP",
            "peers": [
                "peer0.sponsor.example.com",
                "peer1.sponsor.example.com"
            ],
            "certificateAuthorities": [
                "ca.sponsor.example.com"
            ]
        }
    },
    "orderers": {
        "orderer.example.com": {
            "url": "grpcs://10.0.2.4:7050",
            "grpcOptions": {
                "ssl-target-name-override": "orderer.example.com"
            },
            "tlsCACerts": {
                "pem": "INSERT_ORDERER_CA_CERT"
            }
        }
    },
    "peers": {
        "peer0.manager.example.com": {
            "url": "grpcs://10.0.2.4:7051",
            "eventUrl": "grpcs://10.0.2.4:7053",
            "grpcOptions": {
                "ssl-target-name-override": "peer0.manager.example.com"
            },
            "tlsCACerts": {
                "pem": "INSERT_MANAGER_CA_CERT"
            }
        },
        "peer1.manager.example.com": {
            "url": "grpcs://10.0.2.4:8051",
            "eventUrl": "grpcs://10.0.2.4:8053",
            "grpcOptions": {
                "ssl-target-name-override": "peer1.manager.example.com"
            },
            "tlsCACerts": {
                "pem": "INSERT_MANAGER_CA_CERT"
            }
        },
        "peer0.sponsor.example.com": {
            "url": "grpcs://localhost:9051",
            "eventUrl": "grpcs://localhost:9053",
            "grpcOptions": {
                "ssl-target-name-override": "peer0.sponsor.example.com"
            },
            "tlsCACerts": {
                "pem": "INSERT_SPONSOR_CA_CERT"
            }
        },
        "peer1.sponsor.example.com": {
            "url": "grpcs://localhost:10051",
            "eventUrl": "grpcs://localhost:10053",
            "grpcOptions": {
                "ssl-target-name-override": "peer1.sponsor.example.com"
            },
            "tlsCACerts": {
                "pem": "INSERT_SPONSOR_CA_CERT"
            }
        }
    },
    "certificateAuthorities": {
        "ca.manager.example.com": {
            "url": "https://10.0.2.4:7054",
            "caName": "ca-manager",
            "httpOptions": {
                "verify": false
            }
        },
        "ca.sponsor.example.com": {
            "url": "https://localhost:8054",
            "caName": "ca-sponsor",
            "httpOptions": {
                "verify": false
            }
        }
    }
}

在Manager组织/主机上安装.bna的脚本:

cat << "EOF"                                                                                             
"     
EOF
echo "Removing existing cards if any"
rm -fr $HOME/.composer
echo "Creating temporary directories"
mkdir -p /tmp/composer/manager
mkdir -p /tmp/composer/sponsor

echo "Pasting certificates in tmp/composer/..."
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/manager.example.com/peers/peer0.manager.example.com/tls/ca.crt > /tmp/composer/manager/ca-manager.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/sponsor.example.com/peers/peer0.sponsor.example.com/tls/ca.crt > /tmp/composer/sponsor/ca-sponsor.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt > /tmp/composer/ca-orderer.txt

echo "Creating the connection profile file"
cp connectionProfile.json  /tmp/composer/example-network.json

echo "Adding the certificates in connection profile"
replacementManager="/tmp/composer/manager/ca-manager.txt"
replacementSponsor="/tmp/composer/sponsor/ca-sponsor.txt"
replacementOrderer="/tmp/composer/ca-orderer.txt"

file="/tmp/composer/example-network.json"
manager="/tmp/composer/proaManager.json"
sponsor="/tmp/composer/proaSponsor.json"
final="/tmp/composer/proaFinal.json"
partFinal="/tmp/composer/partFinal.json"

sed -i 's/\\n/±/g' $replacementManager
sed -i 's/\\n/±/g' $replacementSponsor
sed -i 's/\\n/±/g' $replacementOrderer

sed -e "s@INSERT_MANAGER_CA_CERT@$(cat $replacementManager)@g" $file > $manager
sed -e "s@INSERT_SPONSOR_CA_CERT@$(cat $replacementSponsor)@g" $manager > $sponsor
sed -e "s@INSERT_ORDERER_CA_CERT@$(cat $replacementOrderer)@g" $sponsor > $partFinal

sed $"s/\±/\\\n/g" $partFinal > $final

echo "Creating connection profile for manager"
cp /tmp/composer/proaFinal.json /tmp/composer/manager/proaManager.json
ex -sc '4i|"client": {
        "organization": "Manager",
        "connection": {
            "timeout": {
                "peer": {
                    "endorser": "300",
                    "eventHub": "300",
                    "eventReg": "300"
                },
                "orderer": "300"
            }
        }
    },' -cx /tmp/composer/manager/proaManager.json

echo "Creating connection profile for sponsor"
cp /tmp/composer/proaFinal.json /tmp/composer/sponsor/proaSponsor.json
ex -sc '4i|"client": {
        "organization": "Sponsor",
        "connection": {
            "timeout": {
                "peer": {
                    "endorser": "300",
                    "eventHub": "300",
                    "eventReg": "300"
                },
                "orderer": "300"
            }
        }
    },' -cx /tmp/composer/sponsor/proaSponsor.json

    #-------------------
    #-- MANAGER
    #-------------------

    echo "Getting the certificates for administrator of manager"
    export MANAGER=crypto-config/peerOrganizations/manager.example.com/users/Admin@manager.example.com/msp
    cp -p $MANAGER/signcerts/A*.pem /tmp/composer/manager
    cp -p $MANAGER/keystore/*_sk /tmp/composer/manager

    echo "Creating card for manager"
    composer card create -p /tmp/composer/manager/proaManager.json -u PeerAdmin -c /tmp/composer/manager/Admin@manager.example.com-cert.pem -k /tmp/composer/manager/*_sk -r PeerAdmin -r ChannelAdmin -f PeerAdmin@proaManager.card

    echo "Importing card for manager"
    composer card import -f PeerAdmin@proaManager.card --card PeerAdmin@proaManager

    composer network install --card PeerAdmin@proaManager --archiveFile example-network@0.0.1.bna
    cp endorsement-policy.json  /tmp/composer/endorsement-policy.json

    echo "Retrieving business network administrator certificates for Manager"
    composer identity request -c PeerAdmin@proaManager -u admin -s adminpw -d andreim

    #-------------------
    #-- START NETWORK
    #-------------------

    echo "Starting the business network"
    composer network start -c PeerAdmin@proaManager -n example-network -V 0.0.1 -o endorsementPolicyFile=/tmp/composer/endorsement-policy.json -A andreim -C andreim/admin-pub.pem

    echo "Creating a business network card to access the business network as Manager"
    composer card create -p /tmp/composer/manager/proaManager.json -u andreim -n example-network -c andreim/admin-pub.pem -k andreim/admin-priv.pem
    composer card import -f andreim@example-network.card

    composer network ping -c andreim@example-network

在赞助者组织/主持人上安装.bna的脚本:

cat << "EOF"                                                                                      
"     
EOF
echo "Removing existing cards if any"
rm -fr $HOME/.composer
echo "Creating temporary directories"
mkdir -p /tmp/composer/manager
mkdir -p /tmp/composer/sponsor

echo "Pasting certificates in tmp/composer/..."
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/manager.example.com/peers/peer0.manager.example.com/tls/ca.crt > /tmp/composer/manager/ca-manager.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/peerOrganizations/sponsor.example.com/peers/peer0.sponsor.example.com/tls/ca.crt > /tmp/composer/sponsor/ca-sponsor.txt
awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt > /tmp/composer/ca-orderer.txt

echo "Creating the connection profile file"
cp connectionProfile.json  /tmp/composer/example-network.json

echo "Adding the certificates in connection profile"
replacementManager="/tmp/composer/manager/ca-manager.txt"
replacementSponsor="/tmp/composer/sponsor/ca-sponsor.txt"
replacementOrderer="/tmp/composer/ca-orderer.txt"

file="/tmp/composer/example-network.json"
manager="/tmp/composer/proaManager.json"
sponsor="/tmp/composer/proaSponsor.json"
final="/tmp/composer/proaFinal.json"
partFinal="/tmp/composer/partFinal.json"

sed -i 's/\\n/±/g' $replacementManager
sed -i 's/\\n/±/g' $replacementSponsor
sed -i 's/\\n/±/g' $replacementOrderer

sed -e "s@INSERT_MANAGER_CA_CERT@$(cat $replacementManager)@g" $file > $manager
sed -e "s@INSERT_SPONSOR_CA_CERT@$(cat $replacementSponsor)@g" $manager > $sponsor
sed -e "s@INSERT_ORDERER_CA_CERT@$(cat $replacementOrderer)@g" $sponsor > $partFinal

sed $"s/\±/\\\n/g" $partFinal > $final

echo "Creating connection profile for manager"
cp /tmp/composer/proaFinal.json /tmp/composer/manager/proaManager.json
ex -sc '4i|"client": {
        "organization": "Manager",
        "connection": {
            "timeout": {
                "peer": {
                    "endorser": "300",
                    "eventHub": "300",
                    "eventReg": "300"
                },
                "orderer": "300"
            }
        }
    },' -cx /tmp/composer/manager/proaManager.json

echo "Creating connection profile for sponsor"
cp /tmp/composer/proaFinal.json /tmp/composer/sponsor/proaSponsor.json
ex -sc '4i|"client": {
        "organization": "Sponsor",
        "connection": {
            "timeout": {
                "peer": {
                    "endorser": "300",
                    "eventHub": "300",
                    "eventReg": "300"
                },
                "orderer": "300"
            }
        }
    },' -cx /tmp/composer/sponsor/proaSponsor.json

    #-------------------
    #-- SPONSOR
    #-------------------

    echo "Getting the certificates for administrator of sponsor"
    export SPONSOR=crypto-config/peerOrganizations/sponsor.example.com/users/Admin@sponsor.example.com/msp
    cp -p $SPONSOR/signcerts/A*.pem /tmp/composer/sponsor
    cp -p $SPONSOR/keystore/*_sk /tmp/composer/sponsor

    echo "Creating card for sponsor"
    composer card create -p /tmp/composer/sponsor/proaSponsor.json -u PeerAdmin -c /tmp/composer/sponsor/Admin@sponsor.example.com-cert.pem -k /tmp/composer/sponsor/*_sk -r PeerAdmin -r ChannelAdmin -f PeerAdmin@proaSponsor.card

    echo "Importing card for Sponsor"
    composer card import -f PeerAdmin@proaSponsor.card --card PeerAdmin@proaSponsor

    composer network install --card PeerAdmin@proaSponsor --archiveFile example-network@0.0.1.bna
    cp endorsement-policy.json  /tmp/composer/endorsement-policy.json

    echo "Retrieving business network administrator certificates for Sponsor"
    composer identity request -c PeerAdmin@proaSponsor -u admin -s adminpw -d andreis

    #-------------------
    #-------------------

    echo "Creating a business network card to access the business network as Sponsor"
    composer card create -p /tmp/composer/sponsor/proaSponsor.json -u andreis -n example-network -c andreis/admin-pub.pem -k andreis/admin-priv.pem
    composer card import -f andreis@example-network.card

    composer network ping -c andreis@example-network

在对连接配置文件的结构进行较小的更新之后,在两台主机上安装.bna都可以正常工作,并且我能够从主机1启动网络。

仅当我提交网络ping命令时遇到的新问题。这就是我收到的主机1的信息:

Error: Error trying invoke business network. Error: Peer localhost:7051 has rejected transaction '92a332f3c48fa4f1f3e1b858d9f21cf49d191205f1e5da7c3a4724e193ed8974' with code ENDORSEMENT_POLICY_FAILURE

这是当我在主机2上ping时

Error: Error trying to ping. Error: transaction returned with failure: Error: The current identity, with the name 'admin' and the identifier 'ca847f358ae8007968e02b194ed034fe82d55595ec2f7961a570de0c89fdd481', has not been registered

更新:

在主机1上,创建了两个新容器dev-peer1.manager ...和dev-peer0.manager ...,但是在主机2上,仅出现了一个新容器dev-peer0.sponsor ...

更新2

这是我更新锚点对等点后来自peer0.manager的信息:

2018-10-03 07:25:56.656 UTC [gossip/gossip] learnAnchorPeers -> INFO 035 Anchor peer with same endpoint, skipping connecting to myself
2018-10-03 07:25:56.656 UTC [gossip/service] updateEndpoints -> WARN 036 Failed to update ordering service endpoints, due to Channel with mychannel id was not found
2018-10-03 07:25:56.668 UTC [kvledger] CommitWithPvtData -> INFO 037 Channel [mychannel]: Committed block [1] with 1 transaction(s)
2018-10-03 07:25:56.689 UTC [gossip/gossip] learnAnchorPeers -> INFO 038 Anchor peer with same endpoint, skipping connecting to myself
2018-10-03 07:25:56.689 UTC [gossip/service] updateEndpoints -> WARN 039 Failed to update ordering service endpoints, due to Channel with mychannel id was not found
2018-10-03 07:25:56.709 UTC [kvledger] CommitWithPvtData -> INFO 03a Channel [mychannel]: Committed block [2] with 1 transaction(s)
2018-10-03 07:25:58.731 UTC [gossip/comm] func1 -> WARN 03b peer0.sponsor.example.com:7051, PKIid:[243 157 143 36 230 129 13 112 17 86 197 255 202 84 128 217 169 218 84 171 24 5 85 85 183 248 81 52 115 118 126 40] isn't responsive: EOF
2018-10-03 07:25:58.731 UTC [gossip/discovery] expireDeadMembers -> WARN 03c Entering [[243 157 143 36 230 129 13 112 17 86 197 255 202 84 128 217 169 218 84 171 24 5 85 85 183 248 81 52 115 118 126 40]]
2018-10-03 07:25:58.731 UTC [gossip/discovery] expireDeadMembers -> WARN 03d Closing connection to Endpoint: peer0.sponsor.example.com:7051, InternalEndpoint: , PKI-ID: [243 157 143 36 230 129 13 112 17 86 197 255 202 84 128 217 169 218 84 171 24 5 85 85 183 248 81 52 115 118 126 40], Metadata: []
2018-10-03 07:25:58.731 UTC [gossip/discovery] expireDeadMembers -> WARN 03e Exiting
2018-10-03 07:25:58.761 UTC [gossip/discovery] resurrectMember -> INFO 03f Entering, AliveMessage: GossipMessage: tag:EMPTY alive_msg:<membership:<endpoint:"peer0.sponsor.example.com:7051" pki_id:"\363\235\217$\346\201\rp\021V\305\377\312T\200\331\251\332T\253\030\005UU\267\370Q4sv~(" > timestamp:<inc_num:1538551519456217249 seq_num:41 > > , Envelope: 83 bytes, Signature: 70 bytes t: {1538551519456217249 41}
2018-10-03 07:25:58.761 UTC [gossip/discovery] resurrectMember -> INFO 040 Exiting

我应该担心警告吗?如果我将大理石链代码安装到对等节点,则一切正常……我可以查询所有具有正确结果的对等节点。

1 个答案:

答案 0 :(得分:0)

如果要在两台具有相同版本(同一.bna文件)的单独主机上,必须安装,创建和导入 BND 不,那是行不通的。并在其中一台主机中启动 BND

我注意到的另一件事是,我找不到在第二台主机上安装BND的脚本。就像您将所有内容都安装在主机1中一样。

#-------------------
#-- SPONSOR
#-------------------

echo "Getting the certificates for administrator of sponsor"
export SPONSOR=crypto-config/peerOrganizations/sponsor.example.com/users/Admin@sponsor.example.com/msp
cp -p $SPONSOR/signcerts/A*.pem /tmp/composer/sponsor
cp -p $SPONSOR/keystore/*_sk /tmp/composer/sponsor

echo "Creating card for sponsor"
composer card create -p /tmp/composer/sponsor/exampleSponsor.json -u PeerAdmin -c /tmp/composer/sponsor/Admin@sponsor.example.com-cert.pem -k /tmp/composer/sponsor/*_sk -r PeerAdmin -r ChannelAdmin -f PeerAdmin@exampleSponsor.card

echo "Importing card for Sponsor"
composer card import -f PeerAdmin@exampleSponsor.card --card PeerAdmin@exampleSponsor

composer network install --card PeerAdmin@exampleSponsor --archiveFile example-network@0.0.1.bna
cp endorsement-policy.json  /tmp/composer/endorsement-policy.json

echo "Retrieving business network administrator certificates for Sponsor"
composer identity request -c PeerAdmin@exampleSponsor -u admin -s adminpw -d andreis

此部分必须在您的主机2中执行。

您必须遵循的步骤。

  • 在主机1中安装BND
  • 在主机2中安装BND
  • 在主机1中启动BND
  • 创建和导入PeerAdmin@exampleManager.card主机1
  • 创建并导入PeerAdmin@exampleSponsor.card主机2

(总是假设赞助者将在主持人2中)

请随时询问您是否有疑问,并对我的英语生锈:)