Skip to content

yongtaelim/hyperledger-fabric-hsm

Repository files navigation

Future

  • hyperledger fabric hsm 적용 binary
  • TLS Apply

Getting Started

  • hyperledger fabric hsm 적용 docker

hyerperledger fabric node docker image 생성

fabric-ca

  1. fabric ca 소스 clone
git clone -b release-1.4 https://github.com/hyperledger/fabric-ca.git
  1. Makefile 수정
vim Makefile

130 라인 수정
AS-IS : go install -ldflags "$(DOCKER_GO_LDFLAGS)" $(PKGNAME)/$(path-map.${@F})
TO-BE : go install -tags "$(GO_TAGS)" -ldflags "$(DOCKER_GO_LDFLAGS)" $(PKGNAME)/$(path-map.${@F})
  1. docker image 생성
GO_TAGS=pkcs11 make docker

fabric-orderer, fabric-peer, fabric-cli, fabric-ccenv

  1. fabric ca 소스 clone
git clone -b release-1.4 https://github.com/hyperledger/fabric.git
  1. peer, orderer docker image 생성
GO_TAGS=pkcs11 make docker
  1. cli docker image 생성 .build/image/tools/Dockerfile 수정 후 image 생성
make tools-docker

docker rmi -f hyperledger/fabric-tools

vim Dockerfile

[modify]11번째 줄
AS-IS : RUN make configtxgen configtxlator cryptogen peer discover idemixgen
TO-BE : RUN make GO_TAGS=pkcs11  configtxgen configtxlator cryptogen peer discover idemixgen

make tools-docker
  1. fabric-ccenv .build/image/ccenv/Dockerfile 수정 후 image 생성
make ccenv

docker rmi -f hyperledger/fabric-ccenv

vim Docker

[add]
ENV GODEBUG netdns=go

hyperledger fabric network start

설치 환경 구성

1. git source clone

git clone https://github.com/yongtaelim/hyperledger-fabric-hsm.git

2. softhsm을 사용하기 위한 환경 세팅

cd hyperledger-fabric-hsm/init/base/
chmod +x package-install.sh
./package-install.sh
package-install details

openssl botan gcc libssl-dev make g++ protobuf

/etc/hosts 파일 수정

127.0.0.1 ca.org1.example.com
127.0.0.1 tlsca.org1.example.com

3. softhsm 설치

cd hyperledger-fabric-hsm/init/softhsm/
chmod +x softhsm-install.sh
./softhsm-install.sh
softhsm install detail
  1. download
wget https://dist.opendnssec.org/source/softhsm-2.5.0.tar.gz
  1. tar 압축 해제
tar -xzf softhsm-2.5.0.tar.gz
  1. configure 실행
./configure --disable-gost
  1. make
make

make install

4. fabric start

  • make로 softhsm, fabric start를 진행한다.
make 

description)

softhsm 세팅 및 fabric 구성 실행

init-token
  • hyperledger fabric에 필요한 token을 생성한다. ( hyperledger fabric document 기준 )
export SOFTHSM2_CONF="/etc/softhsm2.conf"
softhsm2-util --init-token --slot 0 --label "ForFabric" --so-pin 1234 --pin 98765432

description)

--slot :: 추가할 slot 넘버를 입력한다. 현재 2번 slot까지 등록이 되있고 3번에 추가를 원할 경우 '3'을 입력한다.
--label :: DB로 비교해봤을 경우 table이라고 생각하면 된다.
--so-pin :: 관리자 비밀번호
--pin :: user 비밀번호

softhsm-show-slots
  • slot list를 조회한다.
softhsm2-util --show-slots
  • 정상적으로 설치가 완료되었다면 아래의 경로에 관련 파일 및 폴더 생성
## so file
./softhsm/libsofthsm2.so
## token folder
./softhsm/tokens/
## config file
./softhsm/softhsm2.conf
ca-start
  • fabric ca server를 시작한다.
docker-compose-ca.yaml
ca.org1.example.com:
   image: hyperledger/fabric-ca
   container_name: ca.org1.example.com
   ports:
     - "7054:7054"
   environment:
     - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
     - FABRIC_CA_SERVER_DEBUG=true
     - GODEBUG=netdns=go
     - SOFTHSM2_CONF=/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
   volumes:
     - ./ca:/etc/hyperledger/fabric-ca-server
     - ../softhsm/config/softhsm2.conf:/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
     - ../softhsm/tokens/:/etc/hyperledger/fabric/softhsm/tokens
     - ../softhsm/lib/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
   command: sh -c 'fabric-ca-server start -b admin:adminpw'
fabric-ca-server-config.yaml
bccsp:
    default: PKCS11
    pkcs11:
      Library: /etc/hyperledger/fabric/libsofthsm2.so
      Pin: 98765432
      Label: ForFabric
      hash: SHA2
      security: 256
      filekeystore:
      # The directory used for the software file-based keystore
        keystore: msp/keystore
docker container 실행
docker-compose -f docker-compose-ca.yaml up -d
ca-enroll
  • fabric-ca-client를 이용하여 ca admin 계정을 enroll한다.
generate-orderer-admin
  1. fabric-ca-client를 이용하여 orderer admin 계정을 register한다.
  2. fabric-ca-client를 이용하여 orderer admin 계정을 enroll한다.
  3. msp폴더에서 admincert 폴더 생성
  4. signcerts 폴더 내 cert파일을 admincert 폴더 내로 복사
generate-peer-admin
  1. fabric-ca-client를 이용하여 peer admin 계정을 register한다.
  2. fabric-ca-client를 이용하여 peer admin 계정을 enroll한다.
  3. msp폴더에서 admincert 폴더 생성
  4. signcerts 폴더 내 cert파일을 admincert 폴더 내로 복사
generate-peer-user
  1. fabric-ca-client를 이용하여 peer user 계정을 register한다.
  2. fabric-ca-client를 이용하여 peer user 계정을 enroll한다.
  3. msp폴더에서 admincert 폴더 생성
  4. peer admin msp signcerts 폴더 내 cert파일을 peer user msp admincert 폴더 내로 복사
create-genesis-block
  • configtxgen 바이너리 파일을 이용하여 configtx.yaml 파일 기반 genesis.block 파일 생성
create-channel-transaction
  • configtxgen 바이너리 파일을 이용하여 configtx.yaml 파일 기반 channel.tx 파일 생성
orderer-start
  • orderer node를 시작한다.
docker-compose-orderer.yaml
services:
  orderer.example.com:
    container_name: orderer.example.com
    image: hyperledger/fabric-orderer
    environment:
      - FABRIC_LOGGING_SPEC=debug
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
      - GODEBUG=netdns=go
      - SOFTHSM2_CONF=/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
    command: orderer
    ports:
      - 7050:7050
    volumes:
        - ../config/:/etc/hyperledger/configtx
        - ../crypto-config/ordererOrganizations/ordererorg/:/etc/hyperledger/msp/orderer
        - ./orderer/orderer.yaml:/etc/hyperledger/fabric/orderer.yaml
        - ./orderer/msp/:/etc/hyperledger/fabric/msp
        - ../softhsm/config/softhsm2.conf:/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
        - ../softhsm/tokens/:/etc/hyperledger/fabric/softhsm/tokens
        - ../softhsm/lib/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
orderer.yaml
    BCCSP:
        # Default specifies the preferred blockchain crypto service provider
        # to use. If the preferred provider is not available, the software
        # based provider ("SW") will be used.
        # Valid providers are:
        #  - SW: a software based crypto provider
        #  - PKCS11: a CA hardware security module crypto provider.
        Default: PKCS11
        PKCS11:
            # Location of the PKCS11 module library
            Library: /etc/hyperledger/fabric/libsofthsm2.so
            # Token Label
            Label: ForFabric
            # User PIN
            Pin: 98765432
            Hash: SHA2
            Security: 256
            FileKeyStore:
                KeyStore: msp/keystore
docker container 실행
docker-compose -f docker-compose-orderer.yaml up -d
peer-start
  • peer node를 시작한다.
docker-compose-peer.yaml
services:
  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    image: hyperledger/fabric-peer
    environment:
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_PEER_ID=peer0.org1.example.com
      - CORE_PEER_ENDORSER_ENABLED=true
      - FABRIC_LOGGING_SPEC=debug
      - CORE_CHAINCODE_LOGGING_LEVEL=debug
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/msp
      - CORE_PEER_LISTENADDRESS=0.0.0.0:7051
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      - GODEBUG=netdns=go
      - CORE_LEDGER_STATE_STATEDATABASE=CouchDB
      - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
      - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
      - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
      - SOFTHSM2_CONF=/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: peer node start
    ports:
      - 7051:7051
      - 7053:7053
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/peerorg1/msp:/etc/hyperledger/msp/peer/msp
        - ../crypto-config/peerOrganizations/peerorg1/users:/etc/hyperledger/msp/users
        - ../config:/etc/hyperledger/configtx
        - ./peer/core.yaml:/etc/hyperledger/fabric/core.yaml
        - ./peer/msp/:/etc/hyperledger/fabric/msp
        - ../chaincode/:/opt/gopath/src/github.com/chaincode
        - ../softhsm/config/softhsm2.conf:/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
        - ../softhsm/tokens/:/etc/hyperledger/fabric/softhsm/tokens
        - ../softhsm/lib/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so

    depends_on:            
      - couchdb

  couchdb:
    container_name: couchdb
    image: hyperledger/fabric-couchdb
    environment:
      - COUCHDB_USER=
      - COUCHDB_PASSWORD=
    ports:
      - 5984:5984
core.yaml
    BCCSP:
        Default: PKCS11
        # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
        PKCS11:
            # Location of the PKCS11 module library
            Library: /etc/hyperledger/fabric/libsofthsm2.so
            # Token Label
            Label: ForFabric
            # User PIN
            Pin: 98765432
            Hash: SHA2
            Security: 256
            FileKeyStore:
                KeyStore: msp/keystore
docker container 실행
docker-compose -f docker-compose-peer.yaml up -d
cli-start
  • cli node를 시작한다.
docker-compose-cli.yaml
services:
  cli:
    container_name: cli
    image: hyperledger/fabric-tools
    tty: true
    environment:
      - GOPATH=/opt/gopath
      - GODEBUG=netdns=go
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - FABRIC_LOGGING_SPEC=debug
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerorg1/users/[email protected]/msp
      - CORE_CHAINCODE_KEEPALIVE=10
      - SOFTHSM2_CONF=/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        - ./../chaincode/:/opt/gopath/src/github.com/chaincode
        - ./../crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./cli/:/etc/hyperledger/fabric
        - ../softhsm/config/softhsm2.conf:/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
        - ../softhsm/tokens/:/etc/hyperledger/fabric/softhsm/tokens
        - ../softhsm/lib/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so          
core.yaml, orderer.yaml
  • peer node start, orderer node start 와 동일
docker container 실행
docker-compose -f docker-compose-cli.yaml up -d
channel-create
  • channel.tx 파일을 이용하여 channel 생성
channel-join
  • channel.block 파일을 이용하여 peer를 channel에 가입

5. fabric tls start

  • make로 softhsm, fabric tls적용 버전을 진행한다.
make softhsm
make fabric-tls

description)

softhsm 세팅 및 fabric tls 구성 실행

init-token
  • 위와 동일
softhsm-show-slots
  • 위와 동일
catls-start
  • TLS 적용된 fabric ca server를 시작한다.
docker-compose-catls.yaml
ca.org1.example.com:
    image: hyperledger/fabric-ca
    container_name: ca.org1.example.com
    ports:
      - "7054:7054"
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_DEBUG=true
      - GODEBUG=netdns=go  
      - SOFTHSM2_CONF=/etc/hyperledger/fabric/softhsm/config/softhsm2.conf 
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
      - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/27032b3010f9976a4145f8e49185f9f065d1f343a78855c2bfb12bf1556ac312_sk
    volumes:
      - ./ca:/etc/hyperledger/fabric-ca-server
      - ../softhsm/config/softhsm2.conf:/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
      - ../softhsm/tokens/:/etc/hyperledger/fabric/softhsm/tokens
      - ../softhsm/lib/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
      - ../crypto-config/catlsOrganizations/ca/:/etc/hyperledger/fabric-ca-server-config
    command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/27032b3010f9976a4145f8e49185f9f065d1f343a78855c2bfb12bf1556ac312_sk -b admin:adminpw -d'
fabric-ca-server-config.yaml
bccsp:
    default: PKCS11
    pkcs11:
      Library: /etc/hyperledger/fabric/libsofthsm2.so
      Pin: 98765432
      Label: ForFabric
      hash: SHA2
      security: 256
      filekeystore:
      # The directory used for the software file-based keystore
        keystore: msp/keystore
docker container 실행
docker-compose -f docker-compose-catls.yaml up -d
ca-enroll
  • tls 적용된 fabric-ca-client를 이용하여 ca admin 계정을 enroll한다.
fabric-ca-client enroll \
				-u https://admin:[email protected]:7054 \
				--tls.certfiles $(PROJECT_PATH)/crypto-config/catlsOrganizations/ca/ca.org1.example.com-cert.pem \
				--home ./client/admin	
generate-orderertls-admin
  1. tls 적용된 fabric-ca-client를 이용하여 orderer admin 계정을 register한다.
  2. tls 적용된 fabric-ca-client를 이용하여 orderer admin 계정을 enroll한다.
  3. msp폴더에서 admincert 폴더 생성
  4. signcerts 폴더 내 cert파일을 admincert 폴더 내로 복사
generate-peertls-admin
  1. tls 적용된 fabric-ca-client를 이용하여 peer admin 계정을 register한다.
  2. tls 적용된 fabric-ca-client를 이용하여 peer admin 계정을 enroll한다.
  3. msp폴더에서 admincert 폴더 생성
  4. signcerts 폴더 내 cert파일을 admincert 폴더 내로 복사
generate-peertls-user
  1. tls 적용된 fabric-ca-client를 이용하여 peer user 계정을 register한다.
  2. tls 적용된 fabric-ca-client를 이용하여 peer user 계정을 enroll한다.
  3. msp폴더에서 admincert 폴더 생성
  4. peer admin msp signcerts 폴더 내 cert파일을 peer user msp admincert 폴더 내로 복사
ca-tls-start
  • TLS 발급 전용 fabric ca server를 시작한다.
docker-compose-ca-tls.yaml
tlsca.org1.example.com:
   image: hyperledger/fabric-ca
   container_name: tlsca.org1.example.com
   ports:
     - "8054:7054"
   environment:
     - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
     - FABRIC_CA_SERVER_DEBUG=true
     - GODEBUG=netdns=go  
     - FABRIC_CA_SERVER_TLS_ENABLED=true     
     - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/tlsca.org1.example.com-cert.pem
     - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/729ce212c363f324abb320ca1406aa7e65ef5a121ae634103ef6e8d2d787a49b_sk
     - FABRIC_CA_SERVER_PORT=7054
   volumes:
     - ./ca-tls:/etc/hyperledger/fabric-ca-server
     - ../crypto-config/catlsOrganizations/tlsca/:/etc/hyperledger/fabric-ca-server-config
     
   command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/tlsca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/729ce212c363f324abb320ca1406aa7e65ef5a121ae634103ef6e8d2d787a49b_sk -b admin:adminpw -d'
fabric-ca-server-config.yaml
  • default로 생성되는 yaml파일로 진행
docker container 실행
docker-compose -f docker-compose-ca-tls.yaml up -d
ca-enroll
  • tls 적용된 fabric-ca-client를 이용하여 ca-tls admin 계정을 enroll한다.
fabric-ca-client enroll \
				-u https://admin:[email protected]:8054 \
				--enrollment.profile tls \
				--tls.certfiles $(PROJECT_PATH)/crypto-config/catlsOrganizations/ca/ca.org1.example.com-cert.pem \
				--home ./client/tls/admin	
generate-orderer-tls-admin
  1. tls 적용된 fabric-ca-client를 이용하여 orderer server tls 계정을 register한다.
  2. tls 적용된 fabric-ca-client를 이용하여 orderer server tls 계정을 enroll한다.
  3. msp폴더에서 tls 폴더 생성
  4. 생성된 파일들을 tls 폴더로 복사한다.
cp $(ORDERER_MSP_PATH)/tlsca/keystore/* $(ORDERER_MSP_PATH)/tls/server.key
cp $(ORDERER_MSP_PATH)/tlsca/signcerts/* $(ORDERER_MSP_PATH)/tls/server.crt
cp $(ORDERER_MSP_PATH)/tlsca/tlscacerts/* $(ORDERER_MSP_PATH)/tls/ca.crt
generate-peer-tls-admin
  1. tls 적용된 fabric-ca-client를 이용하여 peer server tls 계정을 register한다.
  2. tls 적용된 fabric-ca-client를 이용하여 peer server tls 계정을 enroll한다.
  3. msp폴더에서 tls 폴더 생성
  4. 생성된 파일들을 tls 폴더로 복사한다.
cp $(ORDERER_MSP_PATH)/tlsca/keystore/* $(ORDERER_MSP_PATH)/tls/server.key
cp $(ORDERER_MSP_PATH)/tlsca/signcerts/* $(ORDERER_MSP_PATH)/tls/server.crt
cp $(ORDERER_MSP_PATH)/tlsca/tlscacerts/* $(ORDERER_MSP_PATH)/tls/ca.crt
create-genesis-block
  • configtxgen 바이너리 파일을 이용하여 configtx.yaml 파일 기반 genesis.block 파일 생성
create-channel-transaction
  • configtxgen 바이너리 파일을 이용하여 configtx.yaml 파일 기반 channel.tx 파일 생성
orderertls-start
  • orderer node를 시작한다.
docker-compose-orderertls.yaml
services:
  orderer.example.com:
    container_name: orderer.example.com
    image: hyperledger/fabric-orderer
    environment:
      - FABRIC_LOGGING_SPEC=debug
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
      - GODEBUG=netdns=go  
      - SOFTHSM2_CONF=/etc/hyperledger/fabric/softhsm/config/softhsm2.conf  
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/msp/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/msp/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/msp/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
    command: orderer
    ports:
      - 7050:7050
    volumes:
        - ../config/:/etc/hyperledger/configtx
        - ../crypto-config/ordererOrganizations/ordererorg/:/etc/hyperledger/msp/orderer
        - ./orderer/orderer.yaml:/etc/hyperledger/fabric/orderer.yaml
        - ./orderer/msp/:/etc/hyperledger/fabric/msp
        - ../softhsm/config/softhsm2.conf:/etc/hyperledger/fabric/softhsm/config/softhsm2.conf  
        - ../softhsm/lib/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
        - ../softhsm/tokens/:/etc/hyperledger/fabric/softhsm/tokens  
orderer.yaml
    BCCSP:
        # Default specifies the preferred blockchain crypto service provider
        # to use. If the preferred provider is not available, the software
        # based provider ("SW") will be used.
        # Valid providers are:
        #  - SW: a software based crypto provider
        #  - PKCS11: a CA hardware security module crypto provider.
        Default: PKCS11
        PKCS11:
            # Location of the PKCS11 module library
            Library: /etc/hyperledger/fabric/libsofthsm2.so
            # Token Label
            Label: ForFabric
            # User PIN
            Pin: 98765432
            Hash: SHA2
            Security: 256
            FileKeyStore:
                KeyStore: msp/keystore
docker container 실행
docker-compose -f docker-compose-orderertls.yaml up -d
peertls-start
  • peer node를 시작한다.
docker-compose-peertls.yaml
services:
  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    image: hyperledger/fabric-peer
    environment:
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_PEER_ID=peer0.org1.example.com
      - CORE_PEER_ENDORSER_ENABLED=true  
      - FABRIC_LOGGING_SPEC=debug
      - CORE_CHAINCODE_LOGGING_LEVEL=debug
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/msp
      - CORE_PEER_LISTENADDRESS=0.0.0.0:7051  
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052  
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 
      - GODEBUG=netdns=go  
      # # the following setting starts chaincode containers on the same
      # # bridge network as the peers
      # # https://docs.docker.com/compose/networking/
      #- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=net_basic
      - CORE_LEDGER_STATE_STATEDATABASE=CouchDB
      - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
      # The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
      # provide the credentials for ledger to connect to CouchDB.  The username and password must
      # match the username and password set for the associated CouchDB.
      - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
      - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
      - SOFTHSM2_CONF=/etc/hyperledger/fabric/softhsm/config/softhsm2.conf  
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_GOSSIP_USELEADERELECTION=true
      - CORE_PEER_GOSSIP_ORGLEADER=false
      - CORE_PEER_PROFILE_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/msp/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/msp/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/msp/tls/ca.crt
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: peer node start
    # command: peer node start --peer-chaincodedev=true
    ports:
      - 7051:7051
      - 7053:7053
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/peerorg1/msp:/etc/hyperledger/msp/peer/msp
        - ../crypto-config/peerOrganizations/peerorg1/users:/etc/hyperledger/msp/users
        - ../crypto-config/peerOrganizations/peerorg1/tls:/etc/hyperledger/msp/tls
        - ../config:/etc/hyperledger/configtx
        - ./peer/core.yaml:/etc/hyperledger/fabric/core.yaml
        - ./peer/msp/:/etc/hyperledger/fabric/msp
        - ../chaincode/:/opt/gopath/src/github.com/chaincode  
        - ../softhsm/config/softhsm2.conf:/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
        - ../softhsm/lib/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
        - ../softhsm/tokens/:/etc/hyperledger/fabric/softhsm/tokens
  
    depends_on:
            # - orderer.example.com
      - couchdb
        #networks:
        #- basic

  couchdb:
    container_name: couchdb
    image: hyperledger/fabric-couchdb
    # Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
    # for CouchDB.  This will prevent CouchDB from operating in an "Admin Party" mode.
    environment:
      - COUCHDB_USER=
      - COUCHDB_PASSWORD=
    ports:
      - 5984:5984
core.yaml
    BCCSP:
        Default: PKCS11
        # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
        PKCS11:
            # Location of the PKCS11 module library
            Library: /etc/hyperledger/fabric/libsofthsm2.so
            # Token Label
            Label: ForFabric
            # User PIN
            Pin: 98765432
            Hash: SHA2
            Security: 256
            FileKeyStore:
                KeyStore: msp/keystore
docker container 실행
docker-compose -f docker-compose-peertls.yaml up -d
cli-start
  • cli node를 시작한다.
docker-compose-clitls.yaml
services:
  cli:
    container_name: cli
    image: hyperledger/fabric-tools
    tty: true
    environment:
      - GOPATH=/opt/gopath
      - GODEBUG=netdns=go  
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - FABRIC_LOGGING_SPEC=debug
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerorg1/users/testpeeradmin/msp
      - CORE_CHAINCODE_KEEPALIVE=10
      - SOFTHSM2_CONF=/etc/hyperledger/fabric/softhsm/config/softhsm2.conf  
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerorg1/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerorg1/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerorg1/tls/ca.crt
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash 
    volumes:
        - /var/run/:/host/var/run/
        - ./../chaincode/:/opt/gopath/src/github.com/chaincode
        - ./../crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./cli/:/etc/hyperledger/fabric
        - ../config/:/opt/gopath/src/github.com/hyperledger/fabric/peer/config
        - ../softhsm/config/softhsm2.conf:/etc/hyperledger/fabric/softhsm/config/softhsm2.conf
        - ../softhsm/lib/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
        - ../softhsm/tokens/:/etc/hyperledger/fabric/softhsm/tokens         
core.yaml, orderer.yaml
  • peer node start, orderer node start 와 동일
docker container 실행
docker-compose -f docker-compose-clitls.yaml up -d
channel-create
  • channel.tx 파일을 이용하여 channel 생성
docker exec -e "CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/peerorg1/users/$(ID)peeradmin/msp" \
		cli \
		peer channel create \
						-o orderer.example.com:7050 \
						-c yongchannel \
						-f /opt/gopath/src/github.com/hyperledger/fabric/peer/config/channel.tx \
						--tls \
						--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/ordererorg/tls/ca.crt
channel-join
  • channel.block 파일을 이용하여 peer를 channel에 가입
docker exec \
		cli \
		peer channel join \
						-b yongchannel.block \
						--tls \
						--cafile $CORE_PEER_TLS_ROOTCERT_FILE \
						--certfile $CORE_PEER_TLS_CERT_FILE

About

hyperledger fabric with softhsm

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published