Detailed explanation of bash source code of test network startup process of hyperledger fabric

preface

In the simple case of building hyperledger fabric 2.4 development environment and running based on Debian, we have completed the environment building and running of fabric 2.4fabric-samples/test-networkOperation of official cases. without doubttest-networkIt is an excellent entry project. Let’s build a commonly used fabric alliance chain network with just a few lines of commands, but I believe many people use it for the first time./network.sh upWhen I successfully started the alliance chain network, I was as ignorant as me: How did the network start? What does it do behind its back? Which nodes does the network contain? What features are included? What’s the use of it? In order to solve these problems, this papertest-networkSeveral inBashScript source code, starting from multiple entry functions such as starting process, creating channel and deploying chain code, analyzes the script execution process in detail, and provides a reference for customizing your own fabric network in the future. The source code analyzed in this paper mainly includes four aspects: starting the default network, starting the CA network, creating a channel and deploying the chain code. Each section is divided into official call and process explanation: the official call uses the official bash script to realize the corresponding functions, and the process explanation is the actual implementation process of the script. According to the code in the process explanation, a fully usable network can be built.

prepare

Before starting, we need to prepare the development environment of fabric. For specific environment construction and software version, please refer to the simple case of building hyperledger fabric 2.4 development environment and operation based on Debian. After willfabric-samples¹Lowertest-networkThe directory is copied locally, which is too encapsulated in the official example, so it is difficult to use it alonetest-networkModify the project, and the modification contents include but are not limited to the following aspects (it is recommended to directly modify the project under fabriclearn in this case warehouse)0_TestNetworkExplainDirectory (copy to local run):

modifycompose-test-net.yaml、compose-ca.yaml、docker/docker-compose-test-net.yaml、docker/docker-compose-ca.yamlMirror version in file:

hyperledger/fabric-tools:latest    ->  hyperledger/fabric-tools:2.4
hyperledger/fabric-peer:latest     ->  fabric-peer:2.4
hyperledger/fabric-orderer:latest  ->  fabric-orderer:2.4
hyperledger/fabric-ca:latest       ->  fabric-ca:1.5

We will build a hyperledger fabric 2.4 development environment based on Debian and run the software in a simple case/usr/local/fabric/configCopy directory totest-networkUnder the root directory. Environment variable unless otherwise specifiedFABRIC_CFG_PATHAlways default totest-network/configcatalogue
modifydocker-compose-test-net.yaml, will${DOCKER_SOCK}Change to/var/run/docker.sock。
modifycreateChannel.sh、deployCC.sh, willFABRIC_CFG_PATH=$PWD/../config/Change toFABRIC_CFG_PATH=$PWD/config/
Unless otherwise specified, all commands in this document are run intest-networkUnder the root directory.

Start default network

Official call

staytest-networkContains a default simplest network, which contains only twopeerNode, oneordererNode and onecliNode, where the certificate of each node usescryptogenTool static generation. You can directly run the following command to start the default simplest network:

./network.sh up

Detailed explanation of bash source code of test network startup process of hyperledger fabric

Process explanation

Check dependencies:
inspectpeeredition
inspect./configDoes the configuration directory exist
inspectpeerVersion anddocker imageDoes the version match
inspectfabric-caWhether the environment is normal. It is used by defaultcryptogen

Create organization certificate:

cryptogen generate --config=./organizations/cryptogen/crypto-config-org1.yaml --output="organizations"
cryptogen generate --config=./organizations/cryptogen/crypto-config-org2.yaml --output="organizations"
cryptogen generate --config=./organizations/cryptogen/crypto-config-orderer.yaml --output="organizations"

docker-composeStart all containers:
```
docker-compose -f compose/compose-test-net.yaml -f compose/docker/docker-compose-test-net.yaml up -d
```
amongcompose-test-net.yamlIncluding basic image configuration,docker-compose-test-net.yamlIncluding basic general variables, both of which are indispensable. After the above commands are completed, the and./network.sh upThe same effect can be used before the next experiment./network.sh downTurn off this network.

Start CA network

Official call

In the test network, you can start the network through fabric ca. the network uses fabric CA to manage the identity certificates of all nodes, including three CA nodes, two peer nodes, an orderer node and a cli node. You can directly run the following command to start the CA network（All the later experiments are based on this network）：

./network.sh up -ca

Detailed explanation of bash source code of test network startup process of hyperledger fabric

Process explanation

Check software and version dependency:

Start the fabric CA container:

docker-compose -f compose/compose-ca.yaml -f compose/docker/docker-compose-ca.yaml up -d

Create org1 certificate Directory:

#Create organization certificate root directory
mkdir -p organizations/peerOrganizations/org1.example.com/

enrollAdministrator account:

#The default administrator account of the enroll organization. Its configuration corresponds to the command of compose / compose-ca.yaml. The enroll process will obtain all the certificates of the account and save them to fabric_ CA_ CLIENT_ Under home directory
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
fabric-ca-client enroll -u https://admin:[email protected]:7054 --caname ca-org1 --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"

Create org1 organizationOUProfile:

#Create Ou profile for organization MSP
echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
 Certificate: cacerts/localhost-7054-ca-org1.pem
 OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
 Certificate: cacerts/localhost-7054-ca-org1.pem
 OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
 Certificate: cacerts/localhost-7054-ca-org1.pem
 OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
 Certificate: cacerts/localhost-7054-ca-org1.pem
 OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml"

structuretlscacertsCertificate directory (for communication between different organizations):

#Since the CA acts as both the organization Ca and tlsca, the organization root certificate generated when the CA is started is directly copied to the organization level Ca and TLS CA directory
mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt"

structuretlscaCertificate directory (for client communication within the organization):

mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca"
cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"

structurecaCertificate directory (for client communication within the organization):

mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/ca"
cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem"

fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"

structurepeer0Directory of identity certificates:

#Construct the MSP certificate directory of peer0, and the certificate file will be stored in the folder specified by - M
fabric-ca-client enroll -u https://peer0:[email protected]:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp" --csr.hosts peer0.org1.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml"
#Construct MSP TLS certificate directory of peer0
fabric-ca-client enroll -u https://peer0:[email protected]:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
#Construct the TLS certificate directory of peer0 and format the file name -- used to start the peer docker container
cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key"

Construct other user identity certificate Directory:

#The MSP certificate directory of user1 is constructed. Since it is not used for inter organization communication, there is no need to configure TLS
fabric-ca-client enroll -u https://user1:[email protected]:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/config.yaml"

#Construct the MSP certificate directory of org1admin
fabric-ca-client enroll -u https://org1admin:[email protected]:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/config.yaml"

The key codes of org2 organization certificate are as follows (the meanings of each code are as follows):

mkdir -p organizations/peerOrganizations/org2.example.com/
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/

fabric-ca-client enroll -u https://admin:[email protected]:8054 --caname ca-org2 --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"

echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-8054-ca-org2.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml"

mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt"
mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca"
cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem"
mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/ca"
cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem"

fabric-ca-client register --caname ca-org2 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client register --caname ca-org2 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
fabric-ca-client register --caname ca-org2 --id.name org2admin --id.secret org2adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"

fabric-ca-client enroll -u https://peer0:[email protected]:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp" --csr.hosts peer0.org2.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml"
fabric-ca-client enroll -u https://peer0:[email protected]:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"

cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key"

fabric-ca-client enroll -u https://user1:[email protected]:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp/config.yaml"

fabric-ca-client enroll -u https://org2admin:[email protected]:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"
cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp/config.yaml"

To construct the organization certificate of orderer, the key codes are as follows:

mkdir -p organizations/ordererOrganizations/example.com
export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com

fabric-ca-client enroll -u https://admin:[email protected]:9054 --caname ca-orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"

echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-9054-ca-orderer.pem
OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml"

mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts"
cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/tlsca"
cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"

fabric-ca-client register --caname ca-orderer --id.name orderer --id.secret ordererpw --id.type orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
fabric-ca-client enroll -u https://orderer:[email protected]:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"

cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml"

fabric-ca-client enroll -u https://orderer:[email protected]:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls" --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"

cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key"
mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts"
cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"

fabric-ca-client enroll -u https://ordererAdmin:[email protected]:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"
cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp/config.yaml"

Start all containers

docker-compose -f compose/compose-test-net.yaml -f compose/docker/docker-compose-test-net.yaml up -d

After the above command is successful, it can be useddocker psCommand to see the running image:

CONTAINER ID   IMAGE                            COMMAND                  CREATED          STATUS          PORTS                                                                    NAMES
75e842d165ea   hyperledger/fabric-tools:2.4     "/bin/bash"              10 seconds ago   Up 8 seconds                                                                             cli
576b578063c5   hyperledger/fabric-peer:2.4      "peer node start"        16 seconds ago   Up 10 seconds   0.0.0.0:9051->9051/tcp, 7051/tcp, 0.0.0.0:9445->9445/tcp                 peer0.org2.example.com
512d7d98c8c4   hyperledger/fabric-orderer:2.4   "orderer"                16 seconds ago   Up 14 seconds   0.0.0.0:7050->7050/tcp, 0.0.0.0:7053->7053/tcp, 0.0.0.0:9443->9443/tcp   orderer.example.com
276f463cc6a7   hyperledger/fabric-peer:2.4      "peer node start"        16 seconds ago   Up 12 seconds   0.0.0.0:7051->7051/tcp, 0.0.0.0:9444->9444/tcp                           peer0.org1.example.com
8faaaaa7e17a   hyperledger/fabric-ca:1.5        "sh -c 'fabric-ca-se…"   21 seconds ago   Up 20 seconds   0.0.0.0:9054->9054/tcp, 7054/tcp, 0.0.0.0:19054->19054/tcp               ca_orderer
c253d9b790be   hyperledger/fabric-ca:1.5        "sh -c 'fabric-ca-se…"   21 seconds ago   Up 20 seconds   0.0.0.0:7054->7054/tcp, 0.0.0.0:17054->17054/tcp                         ca_org1
0aa90a2686a8   hyperledger/fabric-ca:1.5        "sh -c 'fabric-ca-se…"   21 seconds ago   Up 20 seconds   0.0.0.0:8054->8054/tcp, 7054/tcp, 0.0.0.0:18054->18054/tcp               ca_org2

Create channel

Official call

This section starts the CA network based on the previous section,After the network section is started successfully, you can directly run the following command to create a channel:

./network.sh createChannel -c mychannel

Detailed explanation of bash source code of test network startup process of hyperledger fabric

The premise of creating a channel is to create the creation block of the channel. In the steps of the previous section, we started the whole network by means of no channel and no creation block. The creation channel in this section includes the process of creating creation block.

Process explanation

Check dependencies and start the network (ibid.).

Set the environment variable to operate the blockchain network

export CORE_PEER_TLS_ENABLED=true
export CHANNEL_NAME=mychannel
export ORDERER_CA=${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
export PEER0_ORG1_CA=${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
export PEER0_ORG2_CA=${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
export PEER0_ORG3_CA=${PWD}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key

Create channel creation block:

#Create channel data directory
mkdir channel-artifacts
#Configure Chuangshi block environment variable
export FABRIC_CFG_PATH=${PWD}/configtx
configtxgen -profile TwoOrgsApplicationGenesis -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID ${CHANNEL_NAME}

Create channel:

#Configure channel environment variables
export FABRIC_CFG_PATH=./config
osnadmin channel join --channelID ${CHANNEL_NAME} --config-block ./channel-artifacts/${CHANNEL_NAME}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY"

Add peer nodes to the channel:

#Add the peer of org1 to the channel
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=localhost:7051
peer channel join -b ./channel-artifacts/${CHANNEL_NAME}.block
#Add the peer of org2 to the channel
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=localhost:9051
peer channel join -b ./channel-artifacts/${CHANNEL_NAME}.block

After the organization is newly added to the channel, an anchor node (not required) is set for the organization.

Obtain the latest configuration block of the channel for the channel (the following process is org1 environment):

export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=localhost:7051
peer channel fetch config config_block.pb -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c ${CHANNEL_NAME} --tls --cafile "$ORDERER_CA"

Decode the configuration block into JSON and output it as${CORE_PEER_LOCALMSPID}config.json：

configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
jq .data.data[0].payload.data.config config_block.json >"${CORE_PEER_LOCALMSPID}config.json"

Add anchor node configuration:

jq '.channel_group.groups.Application.groups.'${CORE_PEER_LOCALMSPID}'.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "'$HOST'","port": '$PORT'}]},"version": "0"}}' ${CORE_PEER_LOCALMSPID}config.json > ${CORE_PEER_LOCALMSPID}modified_config.json

According to the configuration on the chain${CORE_PEER_LOCALMSPID}config.jsonAnd additional configuration${CORE_PEER_LOCALMSPID}modified_config.jsonCalculate the updated configuration and write it as a new transaction${CORE_PEER_LOCALMSPID}anchors.tx：

configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}config.json --type common.Config --output original_config.pb
configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}modified_config.json --type common.Config --output modified_config.pb
configtxlator compute_update --channel_id "${CHANNEL_NAME}" --original original_config.pb --updated modified_config.pb --output config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output "${CORE_PEER_LOCALMSPID}anchors.tx"

Update anchor node:

peer channel update -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL_NAME -f ${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile "$ORDERER_CA"

Org2 repeat the above process and the creation is successful:

echo "update org2 anchor==========="
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=localhost:9051
peer channel fetch config config_block.pb -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com -c ${CHANNEL_NAME} --tls --cafile "$ORDERER_CA"
sleep 3

configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
jq .data.data[0].payload.data.config config_block.json >"${CORE_PEER_LOCALMSPID}config.json"

jq '.channel_group.groups.Application.groups.'${CORE_PEER_LOCALMSPID}'.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "localhost","port": 9051}]},"version": "0"}}' ${CORE_PEER_LOCALMSPID}config.json > ${CORE_PEER_LOCALMSPID}modified_config.json

configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}config.json --type common.Config --output original_config.pb
configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}modified_config.json --type common.Config --output original_config.pb
configtxlator compute_update --channel_id "${CHANNEL_NAME}" --original original_config.pb --updated modified_config.pb --output config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output "${CORE_PEER_LOCALMSPID}anchors.tx"

peer channel update -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL_NAME -f ${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile "$ORDERER_CA"
sleep 3

Deployment chain code

Official call

This section creates channels based on the previous section,After the previous channel is created successfully, you can directly run the following command to deploy the chain code:

./network.sh deployCC -ccn mychaincode -ccp ./asset-transfer-basic-go -ccv 1.0 -ccl go

Detailed explanation of bash source code of test network startup process of hyperledger fabric

Process explanation

Check whether the parameters are normal:

Download the package dependency of asset transfer basic go:

Pushd asset transfer basic go # enter the asset transfer basic go directory
Go111module = on go mod vendor # download go package dependency
POPD # returns the current directory

Check whether the chain code needs initialization, policy setting and private data set:

Set environment variables:

export FABRIC_CFG_PATH=$PWD/config/
export CORE_PEER_TLS_ENABLED=true
export ORDERER_CA=${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
export PEER0_ORG1_CA=${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
export PEER0_ORG2_CA=${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
export PEER0_ORG3_CA=${PWD}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key

Packing chain code:

peer lifecycle chaincode package mychaincode.tar.gz --path ./asset-transfer-basic-go --lang golang --label mychaincode_1.0

Installation chain code:

#Org1 installation chain code
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=localhost:7051
peer lifecycle chaincode install mychaincode.tar.gz
#Org2 installation chain code
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=localhost:9051
peer lifecycle chaincode install mychaincode.tar.gz

After installing the chain code, a chain code ID will be returned, which needs to be recorded:
Detailed explanation of bash source code of test network startup process of hyperledger fabric

Set the chain code ID as the environment variable:

export PACKAGE_ID=mychaincode_1.0:39889cf0623cce2500261b22914a7aa9037a897bc7f6c5b36df7a922f29b05e0

Org1 query the installed chain code and approve the chain code:

export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=localhost:7051
#Query installed chain code
peer lifecycle chaincode queryinstalled
#Approval chain code
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" --channelID mychannel --name mychaincode --version 1.0 --package-id ${PACKAGE_ID} --sequence 1

Org2 queries the installed chain code and approves the chain code:

export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=localhost:9051
#Query installed chain code
peer lifecycle chaincode queryinstalled
#Approval chain code
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" --channelID mychannel --name mychaincode --version 1.0 --package-id ${PACKAGE_ID} --sequence 1

Check whether the chain code is ready to be submitted:

peer lifecycle chaincode checkcommitreadiness --channelID mychannel --name mychaincode --version 1.0 --sequence 1 --output json

Detailed explanation of bash source code of test network startup process of hyperledger fabric

Submission chain code:

peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA"  --channelID mychannel --name mychaincode --version 1.0 --sequence 1 --peerAddresses localhost:7051 --tlsRootCertFiles $PEER0_ORG1_CA --peerAddresses localhost:9051 --tlsRootCertFiles $PEER0_ORG2_CA

Query the submitted chain code:

peer lifecycle chaincode querycommitted --channelID mychannel --name mychaincode

Call chain code:
```
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" -C mychannel -n mychaincode --peerAddresses
```
summary

This paper first explainsfabric-samplesExcessive encapsulation is not conducive for us to understand and master the real process of each operation, and then take it out separatelytest-networkModify and customize, and finally analyze in detailtest-networkThe detailed processes of starting the default network, starting the CA network, creating the channel and deploying the chain code are given, so that we can build the network step by step according to the code and further understand the fabric architecture.

Relevant experimental source code has been uploaded: https://github.com/wefantasy/…

reference resources

hyperledger. fabric-samples. Github. ↩

Detailed explanation of bash source code of test network startup process of hyperledger fabric

preface

prepare

Start default network

Official call

Process explanation

Start CA network

Official call

Process explanation

Create channel

Official call

Process explanation

Deployment chain code

Official call

Process explanation

summary

reference resources

Recommended Today

Jenkins installation, deployment and implementation CI / CD (Ubuntu 20.04)