1. Docker Swarm 简介介绍
Swarm 集群 : 分为两类节点:
管理节点:负责集群状态的管理和协调
工作节点:负责执行具体的任务来管理容器,实现用户服务的启停等功能。
节点 : Swarm 集群中的每一台物理机或者虚拟机称为节点。节点按照工作职责分为管理节点和工作节点,管理节点由于需要使用 Raft 协议来协商节点状态。
服务 :服务是为了支持容器编排所提出的概念,它是一系列复杂容器环境互相协作的统称。一个服务的声明通常包含容器的启动方式、启动的**副本数、**环境变量、存储、配置、网络等一系列配置,用户通过声明一个服务,将它交给 Swarm,Swarm 负责将用户声明的服务实现。
任务 : 任务是集群中的最小调度单位,它包含一个真正运行中的 Docker 容器。当管理节点根据服务中声明的副本数将任务调度到节点时,任务则开始在该节点启动和运行。
服务外部访问 :集群中的容器可以访问到,但服务中任务(容器)ip是变化的,所以外部用户需要访问到运行任务的容器,则服务必须要映射到主机上的固定端口。
Swarm 使用入口负载均衡(ingress load balancing)的模式将服务暴露在主机上,每个服务会被分配一个公开端口(PublishedPort),当请求达到集群中的一个节点时,如果该节点没有要请求的服务,则会将请求转发到实际运行该服务的节点上,从而响应用户的请求。
1.1 网络
docker swarm 自带两个网络:docker_gwbridge和ingress.(实现容器通信和负载均衡)
- docker_gwbridge:通过这个网络,容器可以连接到宿主机。
- **ingress:**overlay网络,这个网络用于将服务暴露给外部访问,docker swarm就是通过它实现的routing mesh(将外部请求路由到不同主机的容器)。
创建跨主机网络:
docker network create -d overlay rentnet
在网络里部分服务会自带一个网络的命名空间,用来隔离不同命名空间的容器,这边命名空间为rentnet,每个服务仅有一个replicas,也就是一个任务,一个docker容器。
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-6BII2O49-1677898672482)(https://secure2.wostatic.cn/static/ctBRSeytvfcWeQ3X5EgmY3/image.png?auth_key=1677898579-9xwhBU9aa7Kh7LgPgaQ1wd-0-3faff90cf0a8e6209240f9232ebd80d4)]
这里面有两种发布端口的方式:
- 一种暴露service端口,通过使用参数
--publish
参数来暴露端口,target
用来指定container内部的端口号;这是swarm默认模式,ingress实现的。 - 直接在swarm节点上发布服务端口,一种是绕过路由网,也叫做host模式,每次通过端口访问,都指定访问到一个固定节点上的service,这种模式可以自动路由到请求需要的容器中,都是固定的。
1.2通信
同节点容器通信:
同节点所有服务都在rentnet网络中,那么每个服务都存在一个连接到rentnet的接口。节点间的通信方式是通过连接到命名空间网络中实现通信的。
容器与宿主机通信
通过docker_gwbridge网络里的接口连接到容器的eth1上。但docker_gwbridge并没有连接到外网,外部无法访问。
外部访问
通过ingress docker swarm自带的网络,容器一边肢接到了宿主机的网络,另一边肢接到了ingress网络。
2. supervisor组织
2.1 docker-compose-supervisor.yaml
version: '3.3'
volumes:
peer0.supervisor.freerent.cn:
peer1.supervisor.freerent.cn:
peer2.supervisor.freerent.cn:
networks:
rentnet:
external: true
services:
peer0supervisor:
image: "${PRIVATE_REGISTRY_URL}/fabric-peer:${FABRIC_TAG}"
hostname: peer0.supervisor.freerent.cn
environment:
# Peer 基础 部分
- CORE_PEER_ID=peer0.supervisor.freerent.cn
- CORE_PEER_ADDRESS=peer0.supervisor.freerent.cn:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.supervisor.freerent.cn:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_NETWORKID=rentnet
- CORE_PEER_LOCALMSPID=SupervisorMSP
- CORE_PEER_PROFILE_ENABLED=false
# Peer TLS 部分
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt # TLS服务器的 X.509 证书
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key # TLS 服务器的私钥
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt #组织TLS CA 根证书
# Peer Gossip部分
- CORE_PEER_GOSSIP_USELEADERELECTION=true # 动态选取
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.supervisor.freerent.cn:7051
- CORE_PEER_GOSSIP_ENDPOINT=peer0.supervisor.freerent.cn:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.supervisor.freerent.cn:7051
# VM部分
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=rentnet
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_CFG_PATH=/etc/hyperledger/fabric
# Chaincode部分
# Ledger 部分
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0supervisor:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=freerent
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=freerent@2022
# operations部分
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443
# metrics部分
- CORE_METRICS_PROVIDER=prometheus
depends_on:
- couchdb0supervisor
volumes:
- /var/run/:/host/var/run/
- ./../../channel/crypto-config/peerOrganizations/supervisor.freerent.cn/peers/peer0.supervisor.freerent.cn/msp:/etc/hyperledger/fabric/msp
- ./../../channel/crypto-config/peerOrganizations/supervisor.freerent.cn/peers/peer0.supervisor.freerent.cn/tls:/etc/hyperledger/fabric/tls
- ./../core.yaml:/etc/hyperledger/fabric/core.yaml
- peer0.supervisor.freerent.cn:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == supervisor]
networks:
rentnet:
aliases:
- peer0.supervisor.freerent.cn
ports:
- target: 7051
published: 7051
protocol: tcp
mode: host
- target: 7052
published: 7052
protocol: tcp
mode: host
peer1supervisor:
image: "${PRIVATE_REGISTRY_URL}/fabric-peer:${FABRIC_TAG}"
hostname: peer1.supervisor.freerent.cn
environment:
# Peer 基础 部分
- CORE_PEER_ID=peer1.supervisor.freerent.cn
- CORE_PEER_ADDRESS=peer1.supervisor.freerent.cn:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer1.supervisor.freerent.cn:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_NETWORKID=rentnet
- CORE_PEER_LOCALMSPID=SupervisorMSP
- CORE_PEER_PROFILE_ENABLED=false
# Peer TLS 部分
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt # TLS服务器的 X.509 证书
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key # TLS 服务器的私钥
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt #组织TLS CA 根证书
# Peer Gossip部分
- CORE_PEER_GOSSIP_USELEADERELECTION=true # 动态选取
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_BOOTSTRAP=peer2.supervisor.freerent.cn:7051
- CORE_PEER_GOSSIP_ENDPOINT=peer1.supervisor.freerent.cn:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.supervisor.freerent.cn:7051
# VM部分
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=rentnet
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_CFG_PATH=/etc/hyperledger/fabric
# Chaincode部分
# Ledger 部分
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb1supervisor:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=freerent
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=freerent@2022
# operations部分
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443
# metrics部分
- CORE_METRICS_PROVIDER=prometheus
depends_on:
- couchdb1supervisor
volumes:
- /var/run/:/host/var/run/
- ./../../channel/crypto-config/peerOrganizations/supervisor.freerent.cn/peers/peer1.supervisor.freerent.cn/msp:/etc/hyperledger/fabric/msp
- ./../../channel/crypto-config/peerOrganizations/supervisor.freerent.cn/peers/peer1.supervisor.freerent.cn/tls:/etc/hyperledger/fabric/tls
- ./../core.yaml:/etc/hyperledger/fabric/core.yaml
- peer1.supervisor.freerent.cn:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == supervisor]
networks:
rentnet:
aliases:
- peer1.supervisor.freerent.cn
ports:
- target: 7051
published: 8051
protocol: tcp
mode: host
- target: 7052
published: 8052
protocol: tcp
mode: host
peer2supervisor:
image: "${PRIVATE_REGISTRY_URL}/fabric-peer:${FABRIC_TAG}"
hostname: peer2.supervisor.freerent.cn
environment:
# Peer 基础 部分
- CORE_PEER_ID=peer2.supervisor.freerent.cn
- CORE_PEER_ADDRESS=peer2.supervisor.freerent.cn:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer2.supervisor.freerent.cn:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_NETWORKID=rentnet
- CORE_PEER_LOCALMSPID=SupervisorMSP
- CORE_PEER_PROFILE_ENABLED=false
# Peer TLS 部分
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt # TLS服务器的 X.509 证书
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key # TLS 服务器的私钥
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt #组织TLS CA 根证书
# Peer Gossip部分
- CORE_PEER_GOSSIP_USELEADERELECTION=true # 动态选取
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.supervisor.freerent.cn:7051
- CORE_PEER_GOSSIP_ENDPOINT=peer2.supervisor.freerent.cn:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2.supervisor.freerent.cn:7051
# VM部分
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=rentnet
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_CFG_PATH=/etc/hyperledger/fabric
# Chaincode部分
# Ledger 部分
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb2supervisor:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=freerent
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=freerent123
# operations部分
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443
# metrics部分
- CORE_METRICS_PROVIDER=prometheus
depends_on:
- couchdb2supervisor
volumes:
- /var/run/:/host/var/run/
- ./../../channel/crypto-config/peerOrganizations/supervisor.freerent.cn/peers/peer2.supervisor.freerent.cn/msp:/etc/hyperledger/fabric/msp
- ./../../channel/crypto-config/peerOrganizations/supervisor.freerent.cn/peers/peer2.supervisor.freerent.cn/tls:/etc/hyperledger/fabric/tls
- ./../core.yaml:/etc/hyperledger/fabric/core.yaml
- peer2.supervisor.freerent.cn:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == supervisor]
networks:
rentnet:
aliases:
- peer2.supervisor.freerent.cn
ports:
- target: 7051
published: 9051
protocol: tcp
mode: host
- target: 7052
published: 9052
protocol: tcp
mode: host
2.2 docker-compose-couchdb-supervisor.yaml
version: '3.3'
networks:
rentnet:
external: true
services:
couchdb0supervisor:
image: "${PRIVATE_REGISTRY_URL}/fabric-couchdb:${COUCHDB_TAG}"
hostname: couchdb0supervisor
environment:
- COUCHDB_USER=freerent
- COUCHDB_PASSWORD=freerent@2022
ports:
- "5984:5984"
networks:
- rentnet
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == supervisor]
couchdb1supervisor:
image: "${PRIVATE_REGISTRY_URL}/fabric-couchdb:${COUCHDB_TAG}"
hostname: couchdb1supervisor
environment:
- COUCHDB_USER=freerent
- COUCHDB_PASSWORD=freerent@2022
ports:
- "6984:5984"
networks:
- rentnet
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == supervisor]
couchdb2supervisor:
image: "${PRIVATE_REGISTRY_URL}/fabric-couchdb:${COUCHDB_TAG}"
hostname: couchdb2supervisor
environment:
- COUCHDB_USER=freerent
- COUCHDB_PASSWORD=freerent123
ports:
- "7984:5984"
networks:
- rentnet
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == supervisor]
3. rentalcrop 组织
3.1 docker-compose-rentalcrop.yaml
version: '3.3'
volumes:
peer0.rentalcrop.freerent.cn:
peer1.rentalcrop.freerent.cn:
networks:
rentnet:
external: true
services:
peer0rentalcrop:
image: "${PRIVATE_REGISTRY_URL}/fabric-peer:${FABRIC_TAG}"
hostname: peer0.rentalcrop.freerent.cn
environment:
# Peer 基础 部分
- CORE_PEER_ID=peer0.rentalcrop.freerent.cn
- CORE_PEER_ADDRESS=peer0.rentalcrop.freerent.cn:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.rentalcrop.freerent.cn:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_NETWORKID=rentnet
- CORE_PEER_LOCALMSPID=RentalcropMSP
- CORE_PEER_PROFILE_ENABLED=false
# Peer TLS 部分
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt # TLS服务器的 X.509 证书
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key # TLS 服务器的私钥
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt #组织TLS CA 根证书
# Peer Gossip部分
- CORE_PEER_GOSSIP_USELEADERELECTION=true # 动态选取
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.rentalcrop.freerent.cn:7051
- CORE_PEER_GOSSIP_ENDPOINT=peer0.rentalcrop.freerent.cn:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.rentalcrop.freerent.cn:7051
# VM部分
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=rentnet
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_CFG_PATH=/etc/hyperledger/fabric
# Chaincode部分
# Ledger 部分
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0rentalcrop:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=freerent
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=freerent@2022
# operations部分
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443
# metrics部分
- CORE_METRICS_PROVIDER=prometheus
depends_on:
- couchdb0rentalcrop
volumes:
- /var/run/:/host/var/run/
- ./../../channel/crypto-config/peerOrganizations/rentalcrop.freerent.cn/peers/peer0.rentalcrop.freerent.cn/msp:/etc/hyperledger/fabric/msp
- ./../../channel/crypto-config/peerOrganizations/rentalcrop.freerent.cn/peers/peer0.rentalcrop.freerent.cn/tls:/etc/hyperledger/fabric/tls
- ./../core.yaml:/etc/hyperledger/fabric/core.yaml
- peer0.rentalcrop.freerent.cn:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == rentalcrop]
networks:
rentnet:
aliases:
- peer0.rentalcrop.freerent.cn
ports:
- target: 7051
published: 7051
protocol: tcp
mode: host
- target: 7052
published: 7052
protocol: tcp
mode: host
peer1rentalcrop:
image: "${PRIVATE_REGISTRY_URL}/fabric-peer:${FABRIC_TAG}"
hostname: peer1.rentalcrop.freerent.cn
environment:
# Peer 基础 部分
- CORE_PEER_ID=peer1.rentalcrop.freerent.cn
- CORE_PEER_ADDRESS=peer1.rentalcrop.freerent.cn:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer1.rentalcrop.freerent.cn:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_NETWORKID=rentnet
- CORE_PEER_LOCALMSPID=RentalcropMSP
- CORE_PEER_PROFILE_ENABLED=false
# Peer TLS 部分
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt # TLS服务器的 X.509 证书
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key # TLS 服务器的私钥
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt #组织TLS CA 根证书
# Peer Gossip部分
- CORE_PEER_GOSSIP_USELEADERELECTION=true # 动态选取
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_BOOTSTRAP=peer2.rentalcrop.freerent.cn:7051
- CORE_PEER_GOSSIP_ENDPOINT=peer1.rentalcrop.freerent.cn:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.rentalcrop.freerent.cn:7051
# VM部分
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=rentnet
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_CFG_PATH=/etc/hyperledger/fabric
# Chaincode部分
# Ledger 部分
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb1rentalcrop:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=freerent
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=freerent@2022
# operations部分
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443
# metrics部分
- CORE_METRICS_PROVIDER=prometheus
depends_on:
- couchdb0rentalcrop
volumes:
- /var/run/:/host/var/run/
- ./../../channel/crypto-config/peerOrganizations/rentalcrop.freerent.cn/peers/peer1.rentalcrop.freerent.cn/msp:/etc/hyperledger/fabric/msp
- ./../../channel/crypto-config/peerOrganizations/rentalcrop.freerent.cn/peers/peer1.rentalcrop.freerent.cn/tls:/etc/hyperledger/fabric/tls
- ./../core.yaml:/etc/hyperledger/fabric/core.yaml
- peer1.rentalcrop.freerent.cn:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == rentalcrop]
networks:
rentnet:
aliases:
- peer1.rentalcrop.freerent.cn
ports:
- target: 7051
published: 8051
protocol: tcp
mode: host
- target: 7052
published: 8052
protocol: tcp
mode: host
3.2 docker-compose-couchdb-rentalcrop.yaml
version: '3.3'
networks:
rentnet:
external: true
services:
couchdb0rentalcrop:
image: "${PRIVATE_REGISTRY_URL}/fabric-couchdb:${COUCHDB_TAG}"
hostname: couchdb0rentalcrop
environment:
- COUCHDB_USER=freerent
- COUCHDB_PASSWORD=freerent@2022
ports:
- "8984:5984"
networks:
- rentnet
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == rentalcrop]
couchdb1rentalcrop:
image: "${PRIVATE_REGISTRY_URL}/fabric-couchdb:${COUCHDB_TAG}"
hostname: couchdb1rentalcrop
environment:
- COUCHDB_USER=freerent
- COUCHDB_PASSWORD=freerent@2022
ports:
- "9984:5984"
networks:
- rentnet
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == rentalcrop]
4. agency 组织
4.1 docker-compose-agency.yaml
version: '3.3'
volumes:
peer0.agency.freerent.cn:
peer1.agency.freerent.cn:
networks:
rentnet:
external: true
services:
peer0agency:
image: "${PRIVATE_REGISTRY_URL}/fabric-peer:${FABRIC_TAG}"
hostname: peer0.agency.freerent.cn
environment:
# Peer 基础 部分
- CORE_PEER_ID=peer0.agency.freerent.cn
- CORE_PEER_ADDRESS=peer0.agency.freerent.cn:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.agency.freerent.cn:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_NETWORKID=rentnet
- CORE_PEER_LOCALMSPID=AgencyMSP
- CORE_PEER_PROFILE_ENABLED=false
# Peer TLS 部分
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt # TLS服务器的 X.509 证书
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key # TLS 服务器的私钥
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt #组织TLS CA 根证书
# Peer Gossip部分
- CORE_PEER_GOSSIP_USELEADERELECTION=true # 动态选取
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.agency.freerent.cn:7051
- CORE_PEER_GOSSIP_ENDPOINT=peer0.agency.freerent.cn:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.agency.freerent.cn:7051
# VM部分
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=rentnet
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_CFG_PATH=/etc/hyperledger/fabric
# Chaincode部分
# Ledger 部分
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0agency:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=freerent
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=freerent@2022
# operations部分
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443
# metrics部分
- CORE_METRICS_PROVIDER=prometheus
depends_on:
- couchdb0agency
volumes:
- /var/run/:/host/var/run/
- ./../../channel/crypto-config/peerOrganizations/agency.freerent.cn/peers/peer0.agency.freerent.cn/msp:/etc/hyperledger/fabric/msp
- ./../../channel/crypto-config/peerOrganizations/agency.freerent.cn/peers/peer0.agency.freerent.cn/tls:/etc/hyperledger/fabric/tls
- ./../core.yaml:/etc/hyperledger/fabric/core.yaml
- peer0.agency.freerent.cn:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == agency]
networks:
rentnet:
aliases:
- peer0.agency.freerent.cn
ports:
- target: 7051
published: 7051
protocol: tcp
mode: host
- target: 7052
published: 7052
protocol: tcp
mode: host
peer1agency:
image: "${PRIVATE_REGISTRY_URL}/fabric-peer:${FABRIC_TAG}"
hostname: peer1.agency.freerent.cn
environment:
# Peer 基础 部分
- CORE_PEER_ID=peer1.agency.freerent.cn
- CORE_PEER_ADDRESS=peer1.agency.freerent.cn:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer1.agency.freerent.cn:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_NETWORKID=rentnet
- CORE_PEER_LOCALMSPID=AgencyMSP
- CORE_PEER_PROFILE_ENABLED=false
# Peer TLS 部分
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt # TLS服务器的 X.509 证书
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key # TLS 服务器的私钥
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt #组织TLS CA 根证书
# Peer Gossip部分
- CORE_PEER_GOSSIP_USELEADERELECTION=true # 动态选取
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_BOOTSTRAP=peer2.agency.freerent.cn:7051
- CORE_PEER_GOSSIP_ENDPOINT=peer1.agency.freerent.cn:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.agency.freerent.cn:7051
# VM部分
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=rentnet
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_CFG_PATH=/etc/hyperledger/fabric
# Chaincode部分
# Ledger 部分
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb1agency:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=freerent
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=freerent@2022
# operations部分
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443
# metrics部分
- CORE_METRICS_PROVIDER=prometheus
depends_on:
- couchdb0agency
volumes:
- /var/run/:/host/var/run/
- ./../../channel/crypto-config/peerOrganizations/agency.freerent.cn/peers/peer1.agency.freerent.cn/msp:/etc/hyperledger/fabric/msp
- ./../../channel/crypto-config/peerOrganizations/agency.freerent.cn/peers/peer1.agency.freerent.cn/tls:/etc/hyperledger/fabric/tls
- ./../core.yaml:/etc/hyperledger/fabric/core.yaml
- peer1.agency.freerent.cn:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == agency]
networks:
rentnet:
aliases:
- peer1.agency.freerent.cn
ports:
- target: 7051
published: 8051
protocol: tcp
mode: host
- target: 7052
published: 8052
protocol: tcp
mode: host
4.2 docker-compose-couchdb-agency.yaml
version: '3.3'
networks:
rentnet:
external: true
services:
couchdb0agency:
image: "${PRIVATE_REGISTRY_URL}/fabric-couchdb:${COUCHDB_TAG}"
hostname: couchdb0agency
environment:
- COUCHDB_USER=freerent
- COUCHDB_PASSWORD=freerent@2022
ports:
- "10984:5984"
networks:
- rentnet
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == agency]
couchdb1agency:
image: "${PRIVATE_REGISTRY_URL}/fabric-couchdb:${COUCHDB_TAG}"
hostname: couchdb1agency
environment:
- COUCHDB_USER=freerent
- COUCHDB_PASSWORD=freerent@2022
ports:
- "11984:5984"
networks:
- rentnet
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
window: 120s
placement:
constraints: [node.hostname == agency]
5. orderer组织
version: '3.3'
volumes:
orderer0.freerent.cn:
orderer1.freerent.cn:
orderer2.freerent.cn:
networks:
rentnet:
external: true
services:
orderer0:
image: "${PRIVATE_REGISTRY_URL}/fabric-orderer:${FABRIC_TAG}"
hostname: orderer0.freerent.cn
environment:
- FABRIC_LOGGING_SPEC=INFO # DEBUG
# General 基础部分
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_BOOTSTRAPMETHOD=none #无系统通道启动方式
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# General TLS部分
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
# General CLUSTER部分 Raft模式下相关配置
# 双向TLS认证时,作为客户端证书的文件路径
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
# 双向TLS认证时,作为客户端私钥的文件路径
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
# FileLedger 部分
# Kafka 部分
# Debug 部分
# operations 部分
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443
# metrics 部分
- ORDERER_METRICS_PROVIDER=prometheus
# Admin 部分
- ORDERER_ADMIN_TLS_ENABLED=true
- ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7060
# ChannelParticipation 部分
- ORDERER_CHANNELPARTICIPATION_ENABLED=true
# Consensus 部分
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./../orderer.yaml:/etc/hyperledger/fabric/orderer.yaml
- ./../../channel/crypto-config/ordererOrganizations/freerent.cn/orderers/orderer0.freerent.cn/msp:/var/hyperledger/orderer/msp
- ./../../channel/crypto-config/ordererOrganizations/freerent.cn/orderers/orderer0.freerent.cn/tls:/var/hyperledger/orderer/tls
- orderer0.freerent.cn:/var/hyperledger/production/orderer
ports:
- target: 7050
published: 7050
protocol: tcp
mode: host
- target: 7060
published: 7060
protocol: tcp
mode: host
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
placement:
constraints: [node.hostname == supervisor]
networks:
rentnet:
aliases:
- orderer0.freerent.cn
orderer1:
image: "${PRIVATE_REGISTRY_URL}/fabric-orderer:${FABRIC_TAG}"
hostname: orderer1.freerent.cn
environment:
- FABRIC_LOGGING_SPEC=INFO # DEBUG
# General 基础部分
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_BOOTSTRAPMETHOD=none #无系统通道启动方式
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# General TLS部分
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
# General CLUSTER部分 Raft模式下相关配置
# 双向TLS认证时,作为客户端证书的文件路径
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
# 双向TLS认证时,作为客户端私钥的文件路径
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
# FileLedger 部分
# Kafka 部分
# Debug 部分
# operations 部分
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443
# metrics 部分
- ORDERER_METRICS_PROVIDER=prometheus
# Admin 部分
- ORDERER_ADMIN_TLS_ENABLED=true
- ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7060
# ChannelParticipation 部分
- ORDERER_CHANNELPARTICIPATION_ENABLED=true
# Consensus 部分
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./../orderer.yaml:/etc/hyperledger/fabric/orderer.yaml
- ./../../channel/crypto-config/ordererOrganizations/freerent.cn/orderers/orderer1.freerent.cn/msp:/var/hyperledger/orderer/msp
- ./../../channel/crypto-config/ordererOrganizations/freerent.cn/orderers/orderer1.freerent.cn/tls:/var/hyperledger/orderer/tls
- orderer1.freerent.cn:/var/hyperledger/production/orderer
ports:
- target: 7050
published: 7050
protocol: tcp
mode: host
- target: 7060
published: 7060
protocol: tcp
mode: host
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
placement:
constraints: [node.hostname == rentalcrop]
networks:
rentnet:
aliases:
- orderer1.freerent.cn
orderer2:
image: "${PRIVATE_REGISTRY_URL}/fabric-orderer:${FABRIC_TAG}"
hostname: orderer2.freerent.cn
environment:
- FABRIC_LOGGING_SPEC=INFO # DEBUG
# General 基础部分
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_BOOTSTRAPMETHOD=none #无系统通道启动方式
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# General TLS部分
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
# General CLUSTER部分 Raft模式下相关配置
# 双向TLS认证时,作为客户端证书的文件路径
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
# 双向TLS认证时,作为客户端私钥的文件路径
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
# FileLedger 部分
# Kafka 部分
# Debug 部分
# operations 部分
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443
# metrics 部分
- ORDERER_METRICS_PROVIDER=prometheus
# Admin 部分
- ORDERER_ADMIN_TLS_ENABLED=true
- ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7060
# ChannelParticipation 部分
- ORDERER_CHANNELPARTICIPATION_ENABLED=true
# Consensus 部分
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./../orderer.yaml:/etc/hyperledger/fabric/orderer.yaml
- ./../../channel/crypto-config/ordererOrganizations/freerent.cn/orderers/orderer2.freerent.cn/msp:/var/hyperledger/orderer/msp
- ./../../channel/crypto-config/ordererOrganizations/freerent.cn/orderers/orderer2.freerent.cn/tls:/var/hyperledger/orderer/tls
- orderer2.freerent.cn:/var/hyperledger/production/orderer
ports:
- target: 7050
published: 7050
protocol: tcp
mode: host
- target: 7060
published: 7060
protocol: tcp
mode: host
deploy:
replicas: 1
restart_policy:
condition: on-failure
delay: 5s
max_attempts: 30
placement:
constraints: [node.hostname == agency]
networks:
rentnet:
aliases:
- orderer2.freerent.cn