Orderer, Peer 구축시 필요한 설정 파일들이 각각 존재합니다. 아래 링크 클릭 시 자세한 설정을 확인할 수 있습니다.
fabric ca server 설정 파일이 적용과 마찬가지로 orderer.yaml, core.yaml 파일 설정 적용에는 2가지 방법이 있습니다.
아래 링크에 있는 설정 파일을 수정하여 orderer, peer 구축
변경 하고 싶은 설정만 환경변수로 등록하여 구축
ex) export 설정파일명_설정이름 = 설정값;
ORDERER_GENERAL_LISTENPORT = 7050
CORE_PEER_ID = peer0.orgapeer.com
orderer.yaml(orderer 설정파일) 예제 링크
실제 docker-compose.yaml
파일을 작성하기 전에 Orderer, Peer 구축시 주로 사용하는 옵션(설정)들을 확인해보겠습니다.
주로 사용하는
orderer.yaml
설정General: ListenAddress: 127.0.0.1 # orderer 주소 ListenPort: 7050 # orderer 사용 포트 TLS: Enabled: false # orderer tls 통신 사용 여부 PrivateKey: tls/server.key # orderer tls key 파일 경로 Certificate: tls/server.crt # orderer tls 인증서 파일 경로 RootCAs: - tls/ca.crt # orderer rootca 인증서 경로 ClientAuthRequired: false # client auth 사용 여부 Cluster: ClientCertificate: # orderer raft 통신용 tls 인증서 경로 ClientPrivateKey: # orderer raft 통신용 tls key 경로 BootstrapMethod: file # genensis block 형식 BootstrapFile: # genensis block file 형식 선택시 파일 경로 LocalMSPDir: msp # orderer msp 경로 LocalMSPID: SampleOrg # orderer msp id
주로 사용하는
corer.yaml
설정peer: id: jdoe # peer id listenAddress: 0.0.0.0:7051 # peer listen 주소 address: 0.0.0.0:7051 # peer 주소 gossip: bootstrap: 127.0.0.1:7051 # gossip 통신시 필요한 엔드포인트(자기 조직 구성원) useLeaderElection: false # 자동 리더 설정 여부 orgLeader: true # 리더 여부 tls: enabled: false # peer tls 통신 사용 여부 clientAuthRequired: false # client auth 사용 여부 cert: file: tls/server.crt # peer tls 인증서 파일 경로 key: file: tls/server.key # peer tls key 파일 경로 rootcert: file: tls/ca.crt # peer rootca 인증서 경로 mspConfigPath: msp # peer msp 경로 localMspId: SampleOrg # peer msp id vm: endpoint: unix:///var/run/docker.sock # 사용중인 docker daemom 소캣 경로 docker: tls: enabled: false # docker tls 통신 사용 여부 hostConfig: NetworkMode: host # docker network 모드 ledger: state: stateDatabase: goleveldb # peer statedb 종류(CouchDB, goleveldb) couchDBConfig: couchDBAddress: 127.0.0.1:5984 # couchdb 주소 username: # couchdb 계정명 password: # couchdb 패스워드 history: enableHistoryDatabase: true # history 데이터베이스 사용여부
위에서 분석한 내용을 기반으로 orderer 및 피어 docker 컨테이너로 구축하기 위해서 docker-compose.yaml
파일을 작성합니다.
docker-compose에서는 중복되는 설정들을 따로 분리하여 extends 하여 사용 가능하므로 docker-compose.yaml
파일 작성 전에 공통부분을 모아둔 base.yaml
파일 먼저 작성합니다.
base.yaml 파일 작성
sudo vi /home/fabric/infra/compose-files/base.yaml
version: '2.1' # docker-compose 사용 버전 services: # docker 컨테이너 서비스 설정 peer-base: # 서비스 이름 (peer 공통) image: hyperledger/fabric-peer:2.2.0 # 사용하는 docker image 이름 environment: # 컨테이너 환경변수 - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock # 호스트 서버의 도커 소캣 경로 - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=test-network # 도커 네트워크 이름 - FABRIC_LOGGING_SPEC=INFO # 패브릭 로깅 level 설정 - CORE_PEER_TLS_ENABLED=true # tls 설정 - CORE_PEER_GOSSIP_USELEADERELECTION=true # 자동 리더 설정 - CORE_PEER_GOSSIP_ORGLEADER=false # 리더 여부 - CORE_PEER_PROFILE_ENABLED=false # golang profiling 해제 - CORE_CHAINCODE_LOGGING_LEVEL=DEBUG # 체인코드 로깅 level 설정 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 # 체인코드 통신시 listen address - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/msp # msp 경로 - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/tls/server.crt # tls 인증서 경로 - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/tls/server.key # tls key 경로 - TZ=Asia/Seoul # 타임존 설정 working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer # 컨테이? command: /bin/sh -c 'peer node start' # 컨테이너 실행 커맨드 extra_hosts: # 컨테이너 내부 /etc/host 설정 - peer0.orgbpeer.com:192.168.65.167 - peer1.orgbpeer.com:192.168.65.167 orderer-base: # 서비스 이름 (orderer 공통) image: hyperledger/fabric-orderer:2.2.0 environment: - FABRIC_LOGGING_SPEC=INFO # 패브릭 로깅 level 설정 - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 # 오더러 listen address - ORDERER_GENERAL_GENESISMETHOD=file # 제네시스 블록 지정 방법 - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/orderer/orderer.genesis.block # 제네시스 블록 경로 - ORDERER_GENERAL_LOCALMSPID=ordererMSP # msp id - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer/msp # msp 경로 - ORDERER_GENERAL_TLS_ENABLED=true # tls 설정 - ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer/tls/server.key # tls key 경로 - ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer/tls/server.crt # tls 인증서 경로 - ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer/msp/cacerts/ca-orgorderer-com-8054.pem] # root ca 인증서 경로 - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/orderer/tls/server.crt # raft 통신용 tls 인증서 경로 - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/orderer/tls/server.key # raft 통신용 tls key 경로 - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/orderer/msp/cacerts/ca-orgorderer-com-8054.pem] # raft 통신용 root ca 인증서 경로 - TZ=Asia/Seoul # 타임존 설정 working_dir: /opt/gopath/src/github.com/hyperledger/fabric command: /bin/sh -c 'orderer' # 컨테이너 실행 커맨드 extra_hosts: # 컨테이너 내부 /etc/host 설정 - peer0.orgbpeer.com:192.168.65.167 - peer1.orgbpeer.com:192.168.65.167
docker-compose.yaml 파일 작성
sudo vi /home/fabric/infra/compose-files/docker-compose.yaml
version: '2.1' # docker-compose 사용 버전 networks: # docker container 내부 네트워크 섧정 test-network: name: test-network # 네트워크 이름 ipam: driver: default # 네트워크 드라이버 config: - subnet: 123.133.134.0/16 # 네트워크 사용 대역 services: # docker 컨테이너 서비스 설정 orderer0.orgorderer.com: # 서비스 이름 container_name: orderer0.orgorderer.com # 컨테이너 이름 extends: file: base.yaml # extends할 파일명 service: orderer-base # extends할 서비스명 environment: - ORDERER_GENERAL_LISTENPORT=7050 # orderer port 설정 volumes: - ../channel-artifacts/genesis.block:/etc/hyperledger/orderer/orderer.genesis.block # 미리 생성해둔 genesis block 경로 - ../crypto-config/ordererOrganizations/orgorderer.com/users/Admin@orgorderer.com/msp/:/etc/hyperledger/orderer/admin/msp # 미리 발급받은 admin msp 경로 - ../crypto-config/ordererOrganizations/orgorderer.com/orderers/orderer0.orgorderer.com:/etc/hyperledger/orderer # 미리 발급받은 msp 경로 - ../../data/production/orderer0.orgorderer.com/:/var/hyperledger/production # orderer 데이터 백업을 위한 경로 ports: # 컨테이너 외부와 포트 포워딩 설정 - 7050:7050 networks: # 사용하는 네트워크 - test-network orderer1.orgorderer.com: container_name: orderer1.orgorderer.com extends: file: base.yaml service: orderer-base environment: - ORDERER_GENERAL_LISTENPORT=8050 volumes: - ../channel-artifacts/genesis.block:/etc/hyperledger/orderer/orderer.genesis.block - ../crypto-config/ordererOrganizations/orgorderer.com/users/Admin@orgorderer.com/msp/:/etc/hyperledger/orderer/admin/msp - ../crypto-config/ordererOrganizations/orgorderer.com/orderers/orderer1.orgorderer.com:/etc/hyperledger/orderer - ../../data/production/orderer1.orgorderer.com/:/var/hyperledger/production ports: - 8050:8050 networks: - test-network orderer2.orgorderer.com: container_name: orderer2.orgorderer.com extends: file: base.yaml service: orderer-base environment: - ORDERER_GENERAL_LISTENPORT=9050 volumes: - ../channel-artifacts/genesis.block:/etc/hyperledger/orderer/orderer.genesis.block - ../crypto-config/ordererOrganizations/orgorderer.com/users/Admin@orgorderer.com/msp/:/etc/hyperledger/orderer/admin/msp - ../crypto-config/ordererOrganizations/orgorderer.com/orderers/orderer2.orgorderer.com:/etc/hyperledger/orderer - ../../data/production/orderer2.orgorderer.com/:/var/hyperledger/production ports: - 9050:9050 networks: - test-network peer0.orgapeer.com: container_name: peer0.orgapeer.com extends: file: base.yaml service: peer-base environment: - CORE_PEER_ID=peer0.orgapeer.com # peer id - CORE_PEER_ADDRESS=peer0.orgapeer.com:7051 # peer address - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 # peer listen address - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgapeer.com:7051 # gossip 통신시 외부 노출 주소(자기 자신) - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgapeer.com:7051 peer1.orgapeer.com:8051 # gossip 통신시 필요한 엔드포인트(자기 조직 구성원) - CORE_PEER_LOCALMSPID=apeerMSP # msp id - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/msp/cacerts/ca-orgapeer-com-7054.pem # root ca 인증서 경로 - CORE_LEDGER_STATE_STATEDATABASE=CouchDB # 사용할 state db (goleveldb, CouchDB) - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0.orgapeer.com:5984 # couchdb 주소 - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=apeer_dev0 # couchdb 아이디 - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=apeer! # couchdb 패스워드 volumes: - /var/run/:/host/var/run/ # docker 소캣 경로 - ../crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto # 미리 발급받은 인증서 경로 - ../crypto-config/peerOrganizations/orgapeer.com/peers/peer0.orgapeer.com/:/opt/gopath/src/github.com/hyperledger/fabric/peer # 미리 발급받은 msp 경로 - ../../data/production/peer0.orgapeer.com:/var/hyperledger/production # peer 데이터 백업을 위한 경로 depends_on: # peer 컨테이너 기동전 해당 컨테이너 확인 후 기동 설정 - couchdb0.orgapeer.com ports: - 7051:7051 networks: - test-network peer1.orgapeer.com: container_name: peer1.orgapeer.com extends: file: base.yaml service: peer-base environment: - CORE_PEER_ID=peer1.orgapeer.com - CORE_PEER_ADDRESS=peer1.orgapeer.com:8051 - CORE_PEER_LISTENADDRESS=0.0.0.0:8051 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orgapeer.com:8051 - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgapeer.com:7051 peer1.orgapeer.com:8051 - CORE_PEER_LOCALMSPID=apeerMSP - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/msp/cacerts/ca-orgapeer-com-7054.pem - CORE_LEDGER_STATE_STATEDATABASE=CouchDB - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb1.orgapeer.com:5984 - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=apeer_dev1 - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=apeer! volumes: - /var/run/:/host/var/run/ - ../crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto - ../crypto-config/peerOrganizations/orgapeer.com/peers/peer1.orgapeer.com/:/opt/gopath/src/github.com/hyperledger/fabric/peer - ../../data/production/peer1.orgapeer.com:/var/hyperledger/production depends_on: - couchdb1.orgapeer.com ports: - 8051:8051 networks: - test-network couchdb0.orgapeer.com: container_name: couchdb0.orgapeer.com image: couchdb:3.1.1 environment: - TZ=Asia/Seoul # 타임존 설정 - COUCHDB_USER=apeer_dev0 # couchdb 아이디 - COUCHDB_PASSWORD=apeer! # couchdb 패스워드 volumes: - ../../data/couchdb/couchdb0.orgapeer.com:/opt/couchdb/data # couchdb 데이터 백업을 위한 경로 ports: - 5984:5984 command: '/opt/couchdb/bin/couchdb' networks: - test-network couchdb1.orgapeer.com: container_name: couchdb1.orgapeer.com image: couchdb:3.1.1 environment: - TZ=Asia/Seoul # 타임존 설정 - COUCHDB_USER=apeer_dev1 # couchdb 아이디 - COUCHDB_PASSWORD=apeer! # couchdb 패스워드 volumes: - ../../data/couchdb/couchdb1.orgapeer.com:/opt/couchdb/data ports: - 6984:5984 logging: driver: none networks: - test-network
완성된 docker-compose.yaml
파일을 사용하여 orderer, peer를 기동하겠습니다.
orderer 컨테이너 기동
[root@localhost infra]# docker-compose -f /home/fabric/infra/compose-files/docker-compose.yaml up -d orderer0.orgorderer.com orderer1.orgorderer.com orderer2.orgorderer.com Creating orderer1.orgorderer.com ... done Creating orderer0.orgorderer.com ... done Creating orderer2.orgorderer.com ... done
orderer 컨테이너 기동 확인
[root@localhost infra]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES cad0e037add1 hyperledger/fabric-orderer:2.2.0 "/bin/sh -c orderer" 9 minutes ago Up 9 minutes 7050/tcp, 0.0.0.0:9050->9050/tcp orderer2.orgorderer.com 1499d3a75112 hyperledger/fabric-orderer:2.2.0 "/bin/sh -c orderer" 9 minutes ago Up 9 minutes 0.0.0.0:7050->7050/tcp orderer0.orgorderer.com 3dfbbd8049e1 hyperledger/fabric-orderer:2.2.0 "/bin/sh -c orderer" 9 minutes ago Up 9 minutes 7050/tcp, 0.0.0.0:8050->8050/tcp orderer1.orgorderer.com
orderer 컨테이너 기동 로그 확인
[root@localhost infra]# docker logs -f orderer2.orgorderer.com ......................................................................................................................................................................................... 생략 ......................................................................................................................................................................................... 2021-04-05 15:34:36.343 KST [orderer.consensus.etcdraft] stepCandidate -> INFO 02f 3 [quorum:2] has received 2 MsgVoteResp votes and 0 vote rejections channel=testchainid node=3 2021-04-05 15:34:36.343 KST [orderer.consensus.etcdraft] becomeLeader -> INFO 030 3 became leader at term 2 channel=testchainid node=3 2021-04-05 15:34:36.343 KST [orderer.consensus.etcdraft] run -> INFO 031 raft.node: 3 elected leader 3 at term 2 channel=testchainid node=3 2021-04-05 15:34:36.344 KST [orderer.consensus.etcdraft] run -> INFO 032 Leader 3 is present, quit campaign channel=testchainid node=3 2021-04-05 15:34:36.344 KST [orderer.consensus.etcdraft] run -> INFO 033 Raft leader changed: 0 -> 3 channel=testchainid node=3 2021-04-05 15:34:36.346 KST [orderer.consensus.etcdraft] run -> INFO 034 Start accepting requests as Raft leader at block [0] channel=testchainid node=3
peer 컨테이너 기동
[root@localhost infra]# docker-compose -f /home/fabric/infra/compose-files/docker-compose.yaml up -d peer0.orgapeer.com peer1.orgapeer.com orderer2.orgorderer.com Creating couchdb0.orgapeer.com ... done Creating couchdb1.orgapeer.com ... done Creating peer1.orgapeer.com ... done Creating peer0.orgapeer.com ... done
peer 컨테이너 기동 확인
[root@localhost infra]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES c2497ce59070 hyperledger/fabric-peer:2.2.0 "/bin/sh -c 'peer no…" 11 minutes ago Up 11 minutes 0.0.0.0:7051->7051/tcp peer0.orgapeer.com 56a152aff231 hyperledger/fabric-peer:2.2.0 "/bin/sh -c 'peer no…" 11 minutes ago Up 11 minutes 7051/tcp, 0.0.0.0:8051->8051/tcp peer1.orgapeer.com bc7688a191d4 couchdb:3.1.1 "tini -- /docker-ent…" 12 minutes ago Up 11 minutes 4369/tcp, 9100/tcp, 0.0.0.0:6984->5984/tcp couchdb1.orgapeer.com c9221e0929de couchdb:3.1.1 "tini -- /docker-ent…" 12 minutes ago Up 11 minutes 4369/tcp, 9100/tcp, 0.0.0.0:5984->5984/tcp couchdb0.orgapeer.com
peer 컨테이너 기동 로그 확인
[root@localhost infra]# docker logs -f orderer2.orgorderer.com ......................................................................................................................................................................................... 생략 ......................................................................................................................................................................................... 2021-04-05 15:35:50.638 KST [discovery] NewService -> INFO 01a Created with config TLS: true, authCacheMaxSize: 1000, authCachePurgeRatio: 0.750000 2021-04-05 15:35:50.638 KST [nodeCmd] registerDiscoveryService -> INFO 01b Discovery service activated 2021-04-05 15:35:50.638 KST [nodeCmd] serve -> INFO 01c Starting peer with ID=[peer1.orgapeer.com], network ID=[dev], address=[peer1.orgapeer.com:8051] 2021-04-05 15:35:50.638 KST [nodeCmd] serve -> INFO 01d Started peer with ID=[peer1.orgapeer.com], network ID=[dev], address=[peer1.orgapeer.com:8051] 2021-04-05 15:35:50.638 KST [kvledger] LoadPreResetHeight -> INFO 01e Loading prereset height from path [/var/hyperledger/production/ledgersData/chains] 2021-04-05 15:35:50.638 KST [blkstorage] preResetHtFiles -> INFO 01f No active channels passed 2021-04-05 15:35:51.632 KST [comm.grpc.server] 1 -> INFO 020 unary call completed grpc.service=gossip.Gossip grpc.method=Ping grpc.request_deadline=2021-04-05T15:35:53.632+09:00 grpc.peer_address=123.133.0.7:38294 grpc.peer_subject="CN=peer0.orgapeer.com,OU=peer,O=Hyperledger,ST=North Carolina,C=US" grpc.code=OK grpc.call_duration=63.577µs 2021-04-05 15:35:51.633 KST [gossip.comm] GossipStream -> INFO 021 Peer 47c94ff20b92ddec990e9a84fe07e4d311cd19e08704427a267591744257d7a8 (123.133.0.7:38294) probed us 2021-04-05 15:35:51.633 KST [comm.grpc.server] 1 -> INFO 022 streaming call completed grpc.service=gossip.Gossip grpc.method=GossipStream grpc.request_deadline=2021-04-05T15:36:01.632+09:00 grpc.peer_address=123.133.0.7:38294 grpc.peer_subject="CN=peer0.orgapeer.com,OU=peer,O=Hyperledger,ST=North Carolina,C=US" grpc.code=OK grpc.call_duration=529.622µs
이로써 hyperleger fabric Orderer, Peer 구축이 완료되었습니다.
다음 포스트에서는 채널 생성, 가입, fabcar 체인코드 설치를 진행하겠습니다.