설정 파일 분석
Orderer, Peer 구축시 필요한 설정 파일들이 각각 존재합니다. 아래 링크 클릭 시 자세한 설정을 확인할 수 있습니다.
fabric ca server 설정 파일이 적용과 마찬가지로 orderer.yaml, core.yaml 파일 설정 적용에는 2가지 방법이 있습니다.
-
아래 링크에 있는 설정 파일을 수정하여 orderer, peer 구축
-
변경 하고 싶은 설정만 환경변수로 등록하여 구축
ex) export 설정파일명_설정이름 = 설정값;
ORDERER_GENERAL_LISTENPORT = 7050
CORE_PEER_ID = peer0.orgapeer.comorderer.yaml(orderer 설정파일) 예제 링크
실제 docker-compose.yaml 파일을 작성하기 전에 Orderer, Peer 구축시 주로 사용하는 옵션(설정)들을 확인해보겠습니다.
주로 사용하는
orderer.yaml설정General: ListenAddress: 127.0.0.1 # orderer 주소 ListenPort: 7050 # orderer 사용 포트 TLS: Enabled: false # orderer tls 통신 사용 여부 PrivateKey: tls/server.key # orderer tls key 파일 경로 Certificate: tls/server.crt # orderer tls 인증서 파일 경로 RootCAs: - tls/ca.crt # orderer rootca 인증서 경로 ClientAuthRequired: false # client auth 사용 여부 Cluster: ClientCertificate: # orderer raft 통신용 tls 인증서 경로 ClientPrivateKey: # orderer raft 통신용 tls key 경로 BootstrapMethod: file # genensis block 형식 BootstrapFile: # genensis block file 형식 선택시 파일 경로 LocalMSPDir: msp # orderer msp 경로 LocalMSPID: SampleOrg # orderer msp id
주로 사용하는
corer.yaml설정peer: id: jdoe # peer id listenAddress: 0.0.0.0:7051 # peer listen 주소 address: 0.0.0.0:7051 # peer 주소 gossip: bootstrap: 127.0.0.1:7051 # gossip 통신시 필요한 엔드포인트(자기 조직 구성원) useLeaderElection: false # 자동 리더 설정 여부 orgLeader: true # 리더 여부 tls: enabled: false # peer tls 통신 사용 여부 clientAuthRequired: false # client auth 사용 여부 cert: file: tls/server.crt # peer tls 인증서 파일 경로 key: file: tls/server.key # peer tls key 파일 경로 rootcert: file: tls/ca.crt # peer rootca 인증서 경로 mspConfigPath: msp # peer msp 경로 localMspId: SampleOrg # peer msp id vm: endpoint: unix:///var/run/docker.sock # 사용중인 docker daemom 소캣 경로 docker: tls: enabled: false # docker tls 통신 사용 여부 hostConfig: NetworkMode: host # docker network 모드 ledger: state: stateDatabase: goleveldb # peer statedb 종류(CouchDB, goleveldb) couchDBConfig: couchDBAddress: 127.0.0.1:5984 # couchdb 주소 username: # couchdb 계정명 password: # couchdb 패스워드 history: enableHistoryDatabase: true # history 데이터베이스 사용여부
docker-compose.yaml 파일 작성
위에서 분석한 내용을 기반으로 orderer 및 피어 docker 컨테이너로 구축하기 위해서 docker-compose.yaml 파일을 작성합니다.
docker-compose에서는 중복되는 설정들을 따로 분리하여 extends 하여 사용 가능하므로 docker-compose.yaml 파일 작성 전에 공통부분을 모아둔 base.yaml 파일 먼저 작성합니다.
base.yaml 파일 작성
sudo vi /home/fabric/infra/compose-files/base.yamlversion: '2.1' # docker-compose 사용 버전 services: # docker 컨테이너 서비스 설정 peer-base: # 서비스 이름 (peer 공통) image: hyperledger/fabric-peer:2.2.0 # 사용하는 docker image 이름 environment: # 컨테이너 환경변수 - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock # 호스트 서버의 도커 소캣 경로 - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=test-network # 도커 네트워크 이름 - FABRIC_LOGGING_SPEC=INFO # 패브릭 로깅 level 설정 - CORE_PEER_TLS_ENABLED=true # tls 설정 - CORE_PEER_GOSSIP_USELEADERELECTION=true # 자동 리더 설정 - CORE_PEER_GOSSIP_ORGLEADER=false # 리더 여부 - CORE_PEER_PROFILE_ENABLED=false # golang profiling 해제 - CORE_CHAINCODE_LOGGING_LEVEL=DEBUG # 체인코드 로깅 level 설정 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 # 체인코드 통신시 listen address - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/msp # msp 경로 - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/tls/server.crt # tls 인증서 경로 - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/tls/server.key # tls key 경로 - TZ=Asia/Seoul # 타임존 설정 working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer # 컨테이? command: /bin/sh -c 'peer node start' # 컨테이너 실행 커맨드 extra_hosts: # 컨테이너 내부 /etc/host 설정 - peer0.orgbpeer.com:192.168.65.167 - peer1.orgbpeer.com:192.168.65.167 orderer-base: # 서비스 이름 (orderer 공통) image: hyperledger/fabric-orderer:2.2.0 environment: - FABRIC_LOGGING_SPEC=INFO # 패브릭 로깅 level 설정 - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 # 오더러 listen address - ORDERER_GENERAL_GENESISMETHOD=file # 제네시스 블록 지정 방법 - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/orderer/orderer.genesis.block # 제네시스 블록 경로 - ORDERER_GENERAL_LOCALMSPID=ordererMSP # msp id - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer/msp # msp 경로 - ORDERER_GENERAL_TLS_ENABLED=true # tls 설정 - ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer/tls/server.key # tls key 경로 - ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer/tls/server.crt # tls 인증서 경로 - ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer/msp/cacerts/ca-orgorderer-com-8054.pem] # root ca 인증서 경로 - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/orderer/tls/server.crt # raft 통신용 tls 인증서 경로 - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/orderer/tls/server.key # raft 통신용 tls key 경로 - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/orderer/msp/cacerts/ca-orgorderer-com-8054.pem] # raft 통신용 root ca 인증서 경로 - TZ=Asia/Seoul # 타임존 설정 working_dir: /opt/gopath/src/github.com/hyperledger/fabric command: /bin/sh -c 'orderer' # 컨테이너 실행 커맨드 extra_hosts: # 컨테이너 내부 /etc/host 설정 - peer0.orgbpeer.com:192.168.65.167 - peer1.orgbpeer.com:192.168.65.167
docker-compose.yaml 파일 작성
sudo vi /home/fabric/infra/compose-files/docker-compose.yamlversion: '2.1' # docker-compose 사용 버전 networks: # docker container 내부 네트워크 섧정 test-network: name: test-network # 네트워크 이름 ipam: driver: default # 네트워크 드라이버 config: - subnet: 123.133.134.0/16 # 네트워크 사용 대역 services: # docker 컨테이너 서비스 설정 orderer0.orgorderer.com: # 서비스 이름 container_name: orderer0.orgorderer.com # 컨테이너 이름 extends: file: base.yaml # extends할 파일명 service: orderer-base # extends할 서비스명 environment: - ORDERER_GENERAL_LISTENPORT=7050 # orderer port 설정 volumes: - ../channel-artifacts/genesis.block:/etc/hyperledger/orderer/orderer.genesis.block # 미리 생성해둔 genesis block 경로 - ../crypto-config/ordererOrganizations/orgorderer.com/users/Admin@orgorderer.com/msp/:/etc/hyperledger/orderer/admin/msp # 미리 발급받은 admin msp 경로 - ../crypto-config/ordererOrganizations/orgorderer.com/orderers/orderer0.orgorderer.com:/etc/hyperledger/orderer # 미리 발급받은 msp 경로 - ../../data/production/orderer0.orgorderer.com/:/var/hyperledger/production # orderer 데이터 백업을 위한 경로 ports: # 컨테이너 외부와 포트 포워딩 설정 - 7050:7050 networks: # 사용하는 네트워크 - test-network orderer1.orgorderer.com: container_name: orderer1.orgorderer.com extends: file: base.yaml service: orderer-base environment: - ORDERER_GENERAL_LISTENPORT=8050 volumes: - ../channel-artifacts/genesis.block:/etc/hyperledger/orderer/orderer.genesis.block - ../crypto-config/ordererOrganizations/orgorderer.com/users/Admin@orgorderer.com/msp/:/etc/hyperledger/orderer/admin/msp - ../crypto-config/ordererOrganizations/orgorderer.com/orderers/orderer1.orgorderer.com:/etc/hyperledger/orderer - ../../data/production/orderer1.orgorderer.com/:/var/hyperledger/production ports: - 8050:8050 networks: - test-network orderer2.orgorderer.com: container_name: orderer2.orgorderer.com extends: file: base.yaml service: orderer-base environment: - ORDERER_GENERAL_LISTENPORT=9050 volumes: - ../channel-artifacts/genesis.block:/etc/hyperledger/orderer/orderer.genesis.block - ../crypto-config/ordererOrganizations/orgorderer.com/users/Admin@orgorderer.com/msp/:/etc/hyperledger/orderer/admin/msp - ../crypto-config/ordererOrganizations/orgorderer.com/orderers/orderer2.orgorderer.com:/etc/hyperledger/orderer - ../../data/production/orderer2.orgorderer.com/:/var/hyperledger/production ports: - 9050:9050 networks: - test-network peer0.orgapeer.com: container_name: peer0.orgapeer.com extends: file: base.yaml service: peer-base environment: - CORE_PEER_ID=peer0.orgapeer.com # peer id - CORE_PEER_ADDRESS=peer0.orgapeer.com:7051 # peer address - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 # peer listen address - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgapeer.com:7051 # gossip 통신시 외부 노출 주소(자기 자신) - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgapeer.com:7051 peer1.orgapeer.com:8051 # gossip 통신시 필요한 엔드포인트(자기 조직 구성원) - CORE_PEER_LOCALMSPID=apeerMSP # msp id - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/msp/cacerts/ca-orgapeer-com-7054.pem # root ca 인증서 경로 - CORE_LEDGER_STATE_STATEDATABASE=CouchDB # 사용할 state db (goleveldb, CouchDB) - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0.orgapeer.com:5984 # couchdb 주소 - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=apeer_dev0 # couchdb 아이디 - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=apeer! # couchdb 패스워드 volumes: - /var/run/:/host/var/run/ # docker 소캣 경로 - ../crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto # 미리 발급받은 인증서 경로 - ../crypto-config/peerOrganizations/orgapeer.com/peers/peer0.orgapeer.com/:/opt/gopath/src/github.com/hyperledger/fabric/peer # 미리 발급받은 msp 경로 - ../../data/production/peer0.orgapeer.com:/var/hyperledger/production # peer 데이터 백업을 위한 경로 depends_on: # peer 컨테이너 기동전 해당 컨테이너 확인 후 기동 설정 - couchdb0.orgapeer.com ports: - 7051:7051 networks: - test-network peer1.orgapeer.com: container_name: peer1.orgapeer.com extends: file: base.yaml service: peer-base environment: - CORE_PEER_ID=peer1.orgapeer.com - CORE_PEER_ADDRESS=peer1.orgapeer.com:8051 - CORE_PEER_LISTENADDRESS=0.0.0.0:8051 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orgapeer.com:8051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgapeer.com:7051 peer1.orgapeer.com:8051 - CORE_PEER_LOCALMSPID=apeerMSP - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/msp/cacerts/ca-orgapeer-com-7054.pem - CORE_LEDGER_STATE_STATEDATABASE=CouchDB - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb1.orgapeer.com:5984 - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=apeer_dev1 - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=apeer! volumes: - /var/run/:/host/var/run/ - ../crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto - ../crypto-config/peerOrganizations/orgapeer.com/peers/peer1.orgapeer.com/:/opt/gopath/src/github.com/hyperledger/fabric/peer - ../../data/production/peer1.orgapeer.com:/var/hyperledger/production depends_on: - couchdb1.orgapeer.com ports: - 8051:8051 networks: - test-network couchdb0.orgapeer.com: container_name: couchdb0.orgapeer.com image: couchdb:3.1.1 environment: - TZ=Asia/Seoul # 타임존 설정 - COUCHDB_USER=apeer_dev0 # couchdb 아이디 - COUCHDB_PASSWORD=apeer! # couchdb 패스워드 volumes: - ../../data/couchdb/couchdb0.orgapeer.com:/opt/couchdb/data # couchdb 데이터 백업을 위한 경로 ports: - 5984:5984 command: '/opt/couchdb/bin/couchdb' networks: - test-network couchdb1.orgapeer.com: container_name: couchdb1.orgapeer.com image: couchdb:3.1.1 environment: - TZ=Asia/Seoul # 타임존 설정 - COUCHDB_USER=apeer_dev1 # couchdb 아이디 - COUCHDB_PASSWORD=apeer! # couchdb 패스워드 volumes: - ../../data/couchdb/couchdb1.orgapeer.com:/opt/couchdb/data ports: - 6984:5984 logging: driver: none networks: - test-network
orderer, peer 기동 및 로그 확인
완성된 docker-compose.yaml 파일을 사용하여 orderer, peer를 기동하겠습니다.
orderer 컨테이너 기동
[root@localhost infra]# docker-compose -f /home/fabric/infra/compose-files/docker-compose.yaml up -d orderer0.orgorderer.com orderer1.orgorderer.com orderer2.orgorderer.com Creating orderer1.orgorderer.com ... done Creating orderer0.orgorderer.com ... done Creating orderer2.orgorderer.com ... doneorderer 컨테이너 기동 확인
[root@localhost infra]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cad0e037add1 hyperledger/fabric-orderer:2.2.0 "/bin/sh -c orderer" 9 minutes ago Up 9 minutes 7050/tcp, 0.0.0.0:9050->9050/tcp orderer2.orgorderer.com 1499d3a75112 hyperledger/fabric-orderer:2.2.0 "/bin/sh -c orderer" 9 minutes ago Up 9 minutes 0.0.0.0:7050->7050/tcp orderer0.orgorderer.com 3dfbbd8049e1 hyperledger/fabric-orderer:2.2.0 "/bin/sh -c orderer" 9 minutes ago Up 9 minutes 7050/tcp, 0.0.0.0:8050->8050/tcp orderer1.orgorderer.comorderer 컨테이너 기동 로그 확인
[root@localhost infra]# docker logs -f orderer2.orgorderer.com ......................................................................................................................................................................................... 생략 ......................................................................................................................................................................................... 2021-04-05 15:34:36.343 KST [orderer.consensus.etcdraft] stepCandidate -> INFO 02f 3 [quorum:2] has received 2 MsgVoteResp votes and 0 vote rejections channel=testchainid node=3 2021-04-05 15:34:36.343 KST [orderer.consensus.etcdraft] becomeLeader -> INFO 030 3 became leader at term 2 channel=testchainid node=3 2021-04-05 15:34:36.343 KST [orderer.consensus.etcdraft] run -> INFO 031 raft.node: 3 elected leader 3 at term 2 channel=testchainid node=3 2021-04-05 15:34:36.344 KST [orderer.consensus.etcdraft] run -> INFO 032 Leader 3 is present, quit campaign channel=testchainid node=3 2021-04-05 15:34:36.344 KST [orderer.consensus.etcdraft] run -> INFO 033 Raft leader changed: 0 -> 3 channel=testchainid node=3 2021-04-05 15:34:36.346 KST [orderer.consensus.etcdraft] run -> INFO 034 Start accepting requests as Raft leader at block [0] channel=testchainid node=3
peer 컨테이너 기동
[root@localhost infra]# docker-compose -f /home/fabric/infra/compose-files/docker-compose.yaml up -d peer0.orgapeer.com peer1.orgapeer.com orderer2.orgorderer.com Creating couchdb0.orgapeer.com ... done Creating couchdb1.orgapeer.com ... done Creating peer1.orgapeer.com ... done Creating peer0.orgapeer.com ... donepeer 컨테이너 기동 확인
[root@localhost infra]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c2497ce59070 hyperledger/fabric-peer:2.2.0 "/bin/sh -c 'peer no…" 11 minutes ago Up 11 minutes 0.0.0.0:7051->7051/tcp peer0.orgapeer.com 56a152aff231 hyperledger/fabric-peer:2.2.0 "/bin/sh -c 'peer no…" 11 minutes ago Up 11 minutes 7051/tcp, 0.0.0.0:8051->8051/tcp peer1.orgapeer.com bc7688a191d4 couchdb:3.1.1 "tini -- /docker-ent…" 12 minutes ago Up 11 minutes 4369/tcp, 9100/tcp, 0.0.0.0:6984->5984/tcp couchdb1.orgapeer.com c9221e0929de couchdb:3.1.1 "tini -- /docker-ent…" 12 minutes ago Up 11 minutes 4369/tcp, 9100/tcp, 0.0.0.0:5984->5984/tcp couchdb0.orgapeer.compeer 컨테이너 기동 로그 확인
[root@localhost infra]# docker logs -f orderer2.orgorderer.com ......................................................................................................................................................................................... 생략 ......................................................................................................................................................................................... 2021-04-05 15:35:50.638 KST [discovery] NewService -> INFO 01a Created with config TLS: true, authCacheMaxSize: 1000, authCachePurgeRatio: 0.750000 2021-04-05 15:35:50.638 KST [nodeCmd] registerDiscoveryService -> INFO 01b Discovery service activated 2021-04-05 15:35:50.638 KST [nodeCmd] serve -> INFO 01c Starting peer with ID=[peer1.orgapeer.com], network ID=[dev], address=[peer1.orgapeer.com:8051] 2021-04-05 15:35:50.638 KST [nodeCmd] serve -> INFO 01d Started peer with ID=[peer1.orgapeer.com], network ID=[dev], address=[peer1.orgapeer.com:8051] 2021-04-05 15:35:50.638 KST [kvledger] LoadPreResetHeight -> INFO 01e Loading prereset height from path [/var/hyperledger/production/ledgersData/chains] 2021-04-05 15:35:50.638 KST [blkstorage] preResetHtFiles -> INFO 01f No active channels passed 2021-04-05 15:35:51.632 KST [comm.grpc.server] 1 -> INFO 020 unary call completed grpc.service=gossip.Gossip grpc.method=Ping grpc.request_deadline=2021-04-05T15:35:53.632+09:00 grpc.peer_address=123.133.0.7:38294 grpc.peer_subject="CN=peer0.orgapeer.com,OU=peer,O=Hyperledger,ST=North Carolina,C=US" grpc.code=OK grpc.call_duration=63.577µs 2021-04-05 15:35:51.633 KST [gossip.comm] GossipStream -> INFO 021 Peer 47c94ff20b92ddec990e9a84fe07e4d311cd19e08704427a267591744257d7a8 (123.133.0.7:38294) probed us 2021-04-05 15:35:51.633 KST [comm.grpc.server] 1 -> INFO 022 streaming call completed grpc.service=gossip.Gossip grpc.method=GossipStream grpc.request_deadline=2021-04-05T15:36:01.632+09:00 grpc.peer_address=123.133.0.7:38294 grpc.peer_subject="CN=peer0.orgapeer.com,OU=peer,O=Hyperledger,ST=North Carolina,C=US" grpc.code=OK grpc.call_duration=529.622µs
이로써 hyperleger fabric Orderer, Peer 구축이 완료되었습니다.
다음 포스트에서는 채널 생성, 가입, fabcar 체인코드 설치를 진행하겠습니다.
삽질 일기장..