一、trade-finance-logistics网络介绍
1、工作交易流程
工作流程中的交易如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
| 1. 进口商要求出口商提供货物以换取货币
2. 出口商接受贸易协议
3. 进口商要求银行提供有利于出口商的信用证
4. 进口商的银行提供有利于出口商的信用证,并可支付给后者的银行
5. 出口商的银行代表出口商接受信用证
6. 出口商向监管机构申请E / L.
7. 监管机构向出口商提供E / L.
8. 出口商准备一批货物并将其交给承运人
9. 承运人在确认E / L后接受货物,然后向出口商提供提单
10. 出口商的银行要求进口商银行支付一半的款项
11. 进口商的银行将一半的金额转移到出口商的银行
12. 承运人将货物运至目的地
13. 进口商的银行向出口商的银行支付剩余金额
|
这是一个解释交易工作流程的图表:
![]()
2、构建fabric网络
样本贸易网络将由四个组织组成,分别代表出口商,进口商,承运商和监管机构。后两者分别代表运营商和监管机构实体。但是,出口组织既代表出口实体又代表其银行。同样,进口商组织代表进口实体及其银行。如下图所示:
![]()
二、环境准备
1、hyperledger fabric环境搭建
具体过程见https://j-kangel.github.io/2019/03/24/hyperledger/
2、trade-finance-logistics网络的下载
1
2
| $ cd $GOPATH/src
$ git clone https://github.com/HyperledgerHandsOn/trade-finance-logistics.git
|
3、设置cryptogen环境变量
1
2
3
4
5
6
7
| $ export PATH=$PATH:~/go/src/github.com/hyperledger/fabric/fabric-samples/bin
$ cryptogen version
cryptogen:
Version: 1.4.0
Commit SHA: d700b43
Go version: go1.11.1
OS/Arch: linux/amd64
|
4、更改配置文件configtx.yaml
1
2
| $ cd go/src/trade-finance-logistics/network
$ gedit configtx.yaml
|
将以下内容移至文件末尾,这是因为hyperledger fabric1.4更新的语法规则
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| Profiles:
FourOrgsTradeOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *TradeOrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
TradeConsortium:
Organizations:
- *ExporterOrg
- *ImporterOrg
- *CarrierOrg
- *RegulatorOrg
FourOrgsTradeChannel:
Consortium: TradeConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ExporterOrg
- *ImporterOrg
- *CarrierOrg
- *RegulatorOrg
Capabilities:
<<: *ApplicationCapabilities
|
三、创建channel并运行网络
1、创建通道channel
1
2
| $ cd go/src/trade-finance-logistics/network
$ ./trade.sh generate -c tradechannel
|
此时会创建一个排序节点(orderer)和四个对等锚节点(ImporterOrg、ExporterOrg、RegulatorOrg、CarrierOrg),并生成相应的配置文件,稍后详细分析。
2、启动网络
1
| $ ./trade.sh up -c tradechannel
|
启动成功后显示:
1
2
3
4
5
| Starting with channel 'tradechannel'
Continue? [Y/n]
proceeding ...
LOCAL_VERSION=1.4.0
DOCKER_IMAGE_VERSION=1.4.0
|
3、关闭网络
1
| $ ./trade.sh down -c tradechannel
|
关闭成功后显示:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| Stopping ca_peerImporterOrg ... done
Stopping ca_peerRegulatorOrg ... done
Stopping ca_peerExporterOrg ... done
Stopping ca_peerCarrierOrg ... done
Stopping peer0.importerorg.trade.com ... done
Stopping peer0.carrierorg.trade.com ... done
Stopping peer0.regulatororg.trade.com ... done
Stopping orderer.trade.com ... done
Stopping peer0.exporterorg.trade.com ... done
Removing ca_peerImporterOrg ... done
Removing ca_peerRegulatorOrg ... done
Removing ca_peerExporterOrg ... done
Removing ca_peerCarrierOrg ... done
Removing peer0.importerorg.trade.com ... done
Removing peer0.carrierorg.trade.com ... done
Removing peer0.regulatororg.trade.com ... done
Removing orderer.trade.com ... done
Removing peer0.exporterorg.trade.com ... done
Removing network net_trade
Removing volume net_orderer.trade.com
Removing volume net_peer0.exporterorg.trade.com
Removing volume net_peer0.importerorg.trade.com
Removing volume net_peer0.regulatororg.trade.com
Removing volume net_peer0.carrierorg.trade.com
|
四、生成通道文件分析
1、网络加密材料配置文件crypto-config.yaml剖析
该网络包含一个排序组织和四个对等节点组织,具体关系如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
|
OrdererOrgs:
- TradeOrderer
PeerOrgs:
- ExporterOrg
- ImporterOrg
- CarrierOrg
- RegulatorOrg
|
每个组织都有各自的属性,下面以ImporterOrg为例
1
2
3
4
5
6
7
8
9
10
|
- Name: ImporterOrg
Domain: importerorg.trade.com
EnableNodeOUs: true
Template:
Count: 1
Users:
Count: 2
|
2、生成所有组织加密材料
1
| $ cryptogen generate --config=./crypto-config.yaml
|
1
2
3
4
5
6
7
8
9
| $ tree -L 2 crypto-config
crypto-config
├── ordererOrganizations
│ └── trade.com
└── peerOrganizations
├── carrierorg.trade.com
├── exporterorg.trade.com
├── importerorg.trade.com
└── regulatororg.trade.com
|
现在以trade.com为例进行展开分析
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
| $ tree crypto-config/ordererOrganizations/trade.com/
crypto-config/ordererOrganizations/trade.com/
├── ca
│ ├── ca.trade.com-cert.pem
│ └── d046c897334d539608c5fa578e7686441ec41115702ff8105e22998785839612_sk
├── msp
│ ├── admincerts
│ │ └── Admin@trade.com-cert.pem
│ ├── cacerts
│ │ └── ca.trade.com-cert.pem
│ └── tlscacerts
│ └── tlsca.trade.com-cert.pem
├── orderers
│ └── orderer.trade.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@trade.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.trade.com-cert.pem
│ │ ├── keystore
│ │ │ └── 38195f71e2b520910f2a2e405764975e235c7d97ff6a7fde41127e1575888375_sk
│ │ ├── signcerts
│ │ │ └── orderer.trade.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.trade.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
├── tlsca
│ ├── acbada48c339b2b60cb9bac3914f359722f37de001628f110792153d8614c443_sk
│ └── tlsca.trade.com-cert.pem
└── users
└── Admin@trade.com
├── msp
│ ├── admincerts
│ │ └── Admin@trade.com-cert.pem
│ ├── cacerts
│ │ └── ca.trade.com-cert.pem
│ ├── keystore
│ │ └── 2187f9edda98eae3b2169a476e30aff6fb2781c19e6cb400671b723d7b74abde_sk
│ ├── signcerts
│ │ └── Admin@trade.com-cert.pem
│ └── tlscacerts
│ └── tlsca.trade.com-cert.pem
└── tls
├── ca.crt
├── client.crt
└── client.key
|
我们可以知道cryptogen工具无非就是在各个资源下生成组织和私钥、证书等等,其中最关键的就是各个资源下的MSP目录内容:
admincerts: 管理员的身份证书文件
cacerts: 信任的根证书文件
keystore: 节点的签名私钥文件
signcerts: 节点的签名身份证书文件
tlscacerts: TLS连接用的证书
3、通道及锚节点的配置 configtx.yaml 配置剖析
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
| Organizations:
- &TradeOrdererOrg
Name: TradeOrdererOrg
ID: TradeOrdererMSP
MSPDir: crypto-config/ordererOrganizations/trade.com/msp
- &ExporterOrg
Name: ExporterOrgMSP
ID: ExporterOrgMSP
MSPDir: crypto-config/peerOrganizations/exporterorg.trade.com/msp
AnchorPeers:
- Host: peer0.exporterorg.trade.com
Port: 7051
- &ImporterOrg
Name: ImporterOrgMSP
ID: ImporterOrgMSP
MSPDir: crypto-config/peerOrganizations/importerorg.trade.com/msp
AnchorPeers:
- Host: peer0.importerorg.trade.com
Port: 7051
- &CarrierOrg
Name: CarrierOrgMSP
ID: CarrierOrgMSP
MSPDir: crypto-config/peerOrganizations/carrierorg.trade.com/msp
AnchorPeers:
- Host: peer0.carrierorg.trade.com
Port: 7051
- &RegulatorOrg
Name: RegulatorOrgMSP
ID: RegulatorOrgMSP
MSPDir: crypto-config/peerOrganizations/regulatororg.trade.com/msp
AnchorPeers:
- Host: peer0.regulatororg.trade.com
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.trade.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Application: &ApplicationDefaults
Organizations:
Capabilities:
Global: &ChannelCapabilities
V1_1: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_1: true
Profiles:
FourOrgsTradeOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *TradeOrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
TradeConsortium:
Organizations:
- *ExporterOrg
- *ImporterOrg
- *CarrierOrg
- *RegulatorOrg
FourOrgsTradeChannel:
Consortium: TradeConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ExporterOrg
- *ImporterOrg
- *CarrierOrg
- *RegulatorOrg
Capabilities:
<<: *ApplicationCapabilities
|
4、通道工件配置channel-artifacts剖析
1
| $ configtxgen -profile FourOrgsTradeOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
|
1
| $ configtxgen -profile FourOrgsTradeChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID tradechannel
|
1
| $ configtxgen -profile FourOrgsTradeChannel -outputAnchorPeersUpdate ./channel-artifacts/ExporterOrgMSPanchors.tx -channelID tradechannel -asOrg ExporterOrgMSP
|
1
| $ configtxgen -profile FourOrgsTradeChannel -outputAnchorPeersUpdate ./channel-artifacts/ImporterOrgMSPanchors.tx -channelID tradechannel -asOrg ImporterOrgMSP
|
1
| $ configtxgen -profile FourOrgsTradeChannel -outputAnchorPeersUpdate ./channel-artifacts/CarrierOrgMSPanchors.tx -channelID tradechannel -asOrg CarrierOrgMSP
|
1
| $ configtxgen -profile FourOrgsTradeChannel -outputAnchorPeersUpdate ./channel-artifacts/RegulatorOrgMSPanchor.tx -channelID tradechannel -asOrg RegulatorORGMSP
|
以上命令均包含在./trade.sh中,该脚本还应包含将环境变量FABRIC_CFG_PATH设置为指向包含configtx.yaml文件的文件夹才能使configtxgen工具正常工作。
1
2
| $ export PATH=${PWD}/../bin:${PWD}:$PATH
$ export FABRIC_CFG_PATH=${PWD}
|
查看channel-artifacts文件夹
1
2
3
4
5
6
7
8
| $ tree channel-artifacts
channel-artifacts/
├── CarrierOrgMSPanchors.tx
├── channel.tx
├── ExporterOrgMSPanchors.tx
├── genesis.block
├── ImporterOrgMSPanchors.tx
└── RegulatorOrgMSPanchors.tx
|
四、示例贸易网络分析
1、相关docker镜像及配置
hyperledger将该网络运行在三个docker镜像中,在前面的hyperledger fabric环境搭建中已经下拉了这些镜像,可以通过docker命令查看
1
2
3
4
| $ docker images |grep hyperledger/fabric-[opc][^co].*[^-]latest
hyperledger/fabric-orderer latest
hyperledger/fabric-peer latest
hyperledger/fabric-ca latest
|
与docker相关配置文件有三个peer-base.yaml、docker-compose-base.yaml和docker-compose-e2e.yaml,前者是后者的扩展(extends)。
2、peer-base.yaml配置剖析
peer-base.yaml在./base 文件夹中,该配置定义了四个peer共同的相关配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| services:
peer-base:
image: hyperledger/fabric-peer:$IMAGE_TAG
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_trade
- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
|
3、docker-compose-base.yaml配置剖析
docker-compose-base.yaml在./base文件夹中,该配置是每个对等节点具体的配置,以peer0.exporterorg.trade.com为例(其中orderer的配置与peer-base.yaml相似,可参考上面的配置)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
| peer0.exporterorg.trade.com:
container_name: peer0.exporterorg.trade.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.exporterorg.trade.com
- CORE_PEER_ADDRESS=peer0.exporterorg.trade.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.exporterorg.trade.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.exporterorg.trade.com:7051
- CORE_PEER_LOCALMSPID=ExporterOrgMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/exporterorg.trade.com/peers/peer0.exporterorg.trade.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/exporterorg.trade.com/peers/peer0.exporterorg.trade.com/tls:/etc/hyperledger/fabric/tls
- peer0.exporterorg.trade.com:/var/hyperledger/production
ports:
- 7051:7051
- 7053:7053
- 7055:6060
|
4、docker-compose-e2e.yaml配置剖析
docker-compose-e2e.yaml,由命令./trade.sh generate -c tradechannel创建,依赖于base / docker-compose-base.yaml(以及间接base / peer-base.yaml),从名为docker-compose-e2e-template.yaml的模板YAML文件创建(同一文件夹)。以exporter-ca为例查看相关MSP配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| services:
exporter-ca:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-exporterorg
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.exporterorg.trade.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/6842d1c3a357472cc249fe42d3e97ffe7ba0210ab89781a3fdd73cbc30f8934b_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.exporterorg.trade.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/6842d1c3a357472cc249fe42d3e97ffe7ba0210ab89781a3fdd73cbc30f8934b_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/exporterorg.trade.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerExporterOrg
networks:
- trade
|
五、启动样本交易网络
1、启动网络
1
| $./trade.sh up -c tradechannel
|
2、查看docker进程
1
2
3
4
5
6
7
8
9
10
11
| $ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a716239d97ad hyperledger/fabric-peer:latest "peer node start" 26 seconds ago Up 11 seconds 0.0.0.0:9055->6060/tcp, 0.0.0.0:9051->7051/tcp, 0.0.0.0:9053->7053/tcp peer0.carrierorg.trade.com
c3ce947f9490 hyperledger/fabric-peer:latest "peer node start" 26 seconds ago Up 12 seconds 0.0.0.0:8055->6060/tcp, 0.0.0.0:8051->7051/tcp, 0.0.0.0:8053->7053/tcp peer0.importerorg.trade.com
f8bae3919c76 hyperledger/fabric-peer:latest "peer node start" 26 seconds ago Up 11 seconds 0.0.0.0:7051->7051/tcp, 0.0.0.0:7053->7053/tcp, 0.0.0.0:7055->6060/tcp peer0.exporterorg.trade.com
f7fc7b67ab61 hyperledger/fabric-ca:latest "sh -c 'fabric-ca-se…" 26 seconds ago Up 14 seconds 0.0.0.0:7054->7054/tcp ca_peerExporterOrg
5c23b50bfbf7 hyperledger/fabric-peer:latest "peer node start" 26 seconds ago Up 9 seconds 0.0.0.0:10055->6060/tcp, 0.0.0.0:10051->7051/tcp, 0.0.0.0:10053->7053/tcp peer0.regulatororg.trade.com
6e0235be3e7e hyperledger/fabric-ca:latest "sh -c 'fabric-ca-se…" 26 seconds ago Up 9 seconds 0.0.0.0:8054->7054/tcp ca_peerImporterOrg
2e47cb0610fc hyperledger/fabric-orderer:latest "orderer" 26 seconds ago Up 13 seconds 0.0.0.0:7050->7050/tcp orderer.trade.com
d6e0acddea54 hyperledger/fabric-ca:latest "sh -c 'fabric-ca-se…" 27 seconds ago Up 15 seconds 0.0.0.0:10054->7054/tcp ca_peerRegulatorOrg
918e7707db2a hyperledger/fabric-ca:latest "sh -c 'fabric-ca-se…" 27 seconds ago Up 17 seconds 0.0.0.0:9054->7054/tcp ca_peerCarrierOrg
|
hyperledger/fabric-orderer:启动一个orderer服务
hyperledger/fabric-peer:启动四个peer服务
hyperledger/fabric-ca:启动四个peer的MSP服务
3、查看服务
1
2
| $ docker logs <container-ID>
$ docker attach <container-ID>
|
4、关闭网络
1
| $ ./trade.sh down -c tradechannel
|
六、总结
以上是个人学习hyperledger fabric的一些理解和整理,欢迎参考、交流和指正。
