Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to" determining "or" in response to detecting ". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.
Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.
The multi-node deployment method applied to the blockchain all-in-one machine provided by the embodiment of the application can be applied to devices such as a palm computer, a desktop computer, a notebook computer, an ultra-mobile personal computer (UMPC), a netbook, a cloud server, a Personal Digital Assistant (PDA) and the like, and the embodiment of the application does not limit the specific type of the blockchain all-in-one machine.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present application.
In order to explain the technical means of the present application, the following description will be given by way of specific examples.
Referring to fig. 1, which is a schematic flow chart of a multi-node deployment method applied to a blockchain all-in-one machine according to an embodiment of the present disclosure, where the blockchain all-in-one machine is configured with more than two IP addresses, as shown in fig. 1, the multi-node deployment method may include the following steps:
step S101, a target block chain node is established on the block chain all-in-one machine, and whether a configured node exists in the block chain all-in-one machine is detected.
The creating of the target block chain node may refer to creating a block chain node point with a target type, where the target type may refer to a type of a block chain network to which the block chain node is to be added, and the type of the block chain network determines an architecture, a consensus mechanism, an intelligent contract, and the like of the block chain node. For example, the blockchain network may be a Fabric blockchain, a Hyperchain blockchain, a BCOS blockchain, etc., in a federation blockchain.
The configured node refers to a blockchain node accessed to a blockchain network, the configured node is a node already existing in the blockchain all-in-one machine, the configured node can be one or more, the target type of the target blockchain node can be the same as the node type of the configured node, but the blockchain network to which the target blockchain node is added is not the same as the blockchain network accessed by the configured node.
The blockchain all-in-one machine is configured with more than two Internet Protocol addresses (IP addresses), and the more than two IP addresses can be provided by one network card or different network cards respectively.
And S102, if the configured nodes exist in the block chain all-in-one machine, acquiring a target IP address, and endowing the target IP address to the target block chain nodes.
When the blockchain all-in-one machine is accessed to a network, the network allocates IP addresses with corresponding number to the blockchain all-in-one machine according to the number of required IP addresses of the blockchain all-in-one machine, selects one IP address from the allocated IP addresses of the blockchain all-in-one machine as a target IP address, the target IP address also needs to meet the condition that any configured node is not given, the IP address given to the configured node can be recorded, and whether the target IP address is given to any configured node is determined by detecting the target IP address and comparing the recorded IP address. The IP address of the target block chain node is different from the IP address of the configured node, and the target block chain node and the configured node are isolated on a network transmission channel, namely the target block chain node and the configured node can independently communicate with the outside.
If all IP addresses in the block chain all-in-one machine are endowed with corresponding nodes, no IP address is available, the current block chain node deployment can be suspended, and corresponding prompt information is output.
If the configured node does not exist in the blockchain all-in-one machine, the created target blockchain node is the first node of the blockchain all-in-one machine, any IP address in the blockchain all-in-one machine can be given to the first node, and the node is deployed according to the subsequent steps.
Optionally, after the target blockchain node is created, the multi-node deployment method further includes:
acquiring a configured target port number;
and giving the target port number to the target block chain node.
The port number can be configured according to requirements, the configured target port number is obtained, the target port number is given to the target block chain node, and the target port number is used for indicating the target block chain node to communicate with the outside through a protocol corresponding to the target port number. For example, the target port is configured to: jsonRpcPort = [8081, 8082, 8083, 8084], which enables the target block chain node to communicate with the outside world through a HyperText transfer Protocol (HTTP).
The block chain all-in-one machine is pre-loaded with the application of the block chain node service, the block chain node service is used for creating the block chain node and configuring the block chain node in the block chain all-in-one machine, and the block chain node resource is managed. For example, the configuration node may be an assigned node number, that is, an Identity identification number (ID), and the configuration node may also be the above-mentioned node to which an IP address and a port number are assigned; node resource management may refer to storing and managing files such as certificates of block chain nodes.
Step S103, generating a public and private key pair of the target block chain node, and acquiring a target certificate from the first block chain network according to a public key of the public and private key pair.
The public and private key pair comprises a public key and a private key, the private key is generated according to different private keys generated by different block chain nodes, and the private key is processed by a corresponding algorithm to generate the public key, for example, the SECP256K1 algorithm, which cannot obtain the private key by reverse deduction from the public key. The private key can be generated in a random mode, and the hardware characteristics of the blockchain nodes can be considered in the random process.
The first block chain network is a block chain network to which a target block chain node is to be added currently, a public key of a public and private key pair is used for indicating the block chain network to issue a certificate to a sender of the public key, so that the binding relationship between the public key and the sender is authenticated, and the block chain network to which the block chain node is to be added has the functions of authenticating and issuing the certificate.
The target block chain node can inform the public key of the target block chain node to a first block chain network to be added currently in a broadcasting mode, the first block chain network authenticates the relation between the public key and the target block chain node to determine whether the target block chain node is a sender of the public key, and if the target block chain node is determined to be the sender of the public key, namely the target block chain node passes the authentication, the relation between the public key and the target block chain node is bound, and a signature is formed into a certificate. The target blockchain node informs the first blockchain network of information capable of proving the identity of the blockchain link point, such as a node number, an IP address and the like, in addition to the public key information.
Optionally, generating a public-private key pair of the target block chain node includes:
acquiring a node number and a node type of a target block chain node;
and generating a public and private key pair of the target block chain node according to the node number, the node type, the target IP address and the target port number.
The node number, the node type, the IP address and the port number are used as characteristics of the blockchain node to generate a public and private key pair, so that a unique public and private key pair of the target blockchain node is generated, and more factors can be provided for generating the public and private key pair for the blockchain all-in-one machine.
Optionally, obtaining the target certificate from the first blockchain network according to the public key of the public-private key pair includes:
sending a public key of a public and private key pair to a certificate authority of a first block chain network;
and acquiring a target certificate fed back by a certificate authority of the first block chain network, wherein the certificate authority of the first block chain network is used for authenticating a public key of a public and private key pair and feeding back the certificate after the public key passes the authentication.
The block chain network to which the block chain link point is added is provided with a Certificate Authority (CA), the CA informs the CA of a public key of the block chain link point, the CA authenticates the relation between the public key and the block chain link point, the CA determines that the block chain node passes the authentication when being a sender of the public key, and binds and signs the public key and the identity information of the block chain node to obtain the Certificate.
And step S104, accessing the target block chain node to the first block chain network according to the target certificate.
After the target certificate is obtained, it can be shown that the target block chain link point has a condition of joining in the first block chain network, the target certificate is used for indicating that the identity of the target block chain node is a node of the first block chain network, if the target block chain link point needs to be used as a consensus node, the target block chain link point needs to be confirmed together by other consensus nodes in the first block chain network and then becomes the consensus node of the first block chain network, and if the target block chain link point needs to be a bookkeeping node, the target node is directly accessed into the first block chain network.
A block chain as a Service (BaaS) is built in the block chain all-in-one machine, the BaaS can be configured to access block chain nodes to various types of block chain networks, the BaaS is started in a target block chain node, and the target block chain node is accessed to the first block chain network.
The method includes the steps of creating a target block chain node in a block chain all-in-one machine, detecting that a configured node exists in the block chain all-in-one machine, giving an IP address which is not used by the configured node to the target block chain node, generating a corresponding public and private key pair for the target block chain node, obtaining a target certificate from a first block chain network to be added according to a public key of the public and private key pair, accessing the target block chain node to the first block chain network through the target certificate, achieving deployment of newly added nodes, isolating the target block chain node from the configured node on a network transmission channel due to different IP addresses, enabling the target block chain node to be independent of the configured node, avoiding the need of installing a virtual machine in the block chain all-in-one machine, and improving deployment efficiency of the newly added block chain node.
Referring to fig. 2, which is a schematic flow chart of a multi-node deployment method applied to a blockchain all-in-one machine according to a second embodiment of the present disclosure, where the blockchain all-in-one machine is configured with more than two IP addresses and has a built-in password card as shown in fig. 2, the multi-node deployment method may include the following steps:
step S201, a target block chain node is established on the block chain all-in-one machine, and whether a configured node exists in the block chain all-in-one machine is detected.
Step S202, if the configured nodes exist in the block chain all-in-one machine, a target IP address is obtained, and the target IP address is given to the target block chain nodes.
The contents of step S201 and step S202 are the same as those of step S101 and step S102, and reference may be made to the description of step S101 and step S102, which is not repeated herein.
Step S203, generating a public and private key pair of the target block chain node, and storing the public and private key pair into the password card.
For a specific process of generating a public and private key, reference may be made to the description of step S103, which is not described herein again.
The cipher card is used for sending the private key of the public and private key pair to the target block chain node when receiving the private key obtaining request of the target block chain node. A key management mechanism is arranged in the password card to manage storage, distribution and the like of keys, and the private key in the public and private key pair can only be used by the corresponding block chain node.
The method comprises the steps that a password card is arranged in the blockchain all-in-one machine, the setting of the password card can be used for storing public and private key pairs of each blockchain node established in the blockchain all-in-one machine, the public and private key pairs of each blockchain node are managed through a key management mechanism, the public and private key pairs of the blockchain nodes in the virtual machine can only be stored in a storage space of the virtual machine when the blockchain nodes are deployed through a virtual machine technology, and key management cannot be carried out through the password card of an entity, so that the safety of a key is improved, and especially the key protection strength when a plurality of nodes are arranged in a single blockchain all-in-one machine is improved.
Step S204, a target certificate is obtained from the first block chain network according to the public key of the public and private key pair.
Step S205, according to the target certificate, the target block chain node is accessed to the first block chain network.
The content of step S204 and step S205 is the same as that of step S103 and step S104, and reference may be made to the description of step S103 and step S104, which is not repeated herein.
The cipher card is arranged in the block chain all-in-one machine and used for storing and managing the public and private key pair of each block chain node, so that the safety of the cipher key can be improved, and the protection strength of the cipher key is especially improved when a plurality of block chain nodes are arranged in a single block chain all-in-one machine.
Referring to fig. 3, which is a schematic flow chart of a multi-node deployment method applied to a blockchain all-in-one machine according to a third embodiment of the present application, where the blockchain all-in-one machine is configured with more than two IP addresses, as shown in fig. 2, the multi-node deployment method may include the following steps:
step S301, a target block chain node is established on the block chain all-in-one machine, and whether a configured node exists in the block chain all-in-one machine is detected.
Step S302, if the configured node exists in the block chain all-in-one machine, a target IP address is obtained, and the target IP address is given to the target block chain node.
Step S303, generating a public and private key pair of the target block chain node, and acquiring a target certificate from the first block chain network according to a public key of the public and private key pair.
Step S304, according to the target certificate, the target block chain node is accessed to the first block chain network.
The contents of steps S301 to S304 are the same as those of steps S101 to S104, and reference may be made to the description of steps S101 to S104, which is not repeated herein.
Step S305, a sub-database is distributed from the database of the block chain all-in-one machine.
The sub-database is a database with configured nodes not associated with each other, a Database Service (DBs) is built in the block chain all-in-one machine, and the database of the block chain all-in-one machine can be allocated to support each block chain node, that is, a certain database resource is allocated to each block chain node. For example, the database of the blockchain integrator may employ a MySQL database, and a block link node is associated with a MySQL instance by launching multiple MySQL instances of the MySQL database.
If a node is configured in the block chain all-in-one machine, the DBS starts a plurality of MySQL instances in the MySQL database, associates one MySQL instance with the node, and when a target block chain node is created, the DBS associates one MySQL instance in the rest MySQL instances with the target block chain node.
Step S306, associate the sub-database with the target block link point.
The sub-database is used for carrying out data interaction with the first block chain network, data acquired by the target block chain node from the first block chain network can be stored in the sub-database, and data are extracted from the sub-database and uploaded to the first block chain network, so that each block chain node can independently carry out data interaction with the corresponding block chain network.
Optionally, after accessing the target blockchain node to the first blockchain network, the method further includes:
acquiring a cross-link transaction request of a first block link network and a second block link network, wherein the second block link network is a block link network to which a configured node is currently accessed;
establishing a cross-chain channel of a trusted execution computing environment between a target blockchain link point and a configured node accessed to a second blockchain network according to the cross-chain transaction request;
and performing cross-chain forwarding on the transaction data in the cross-chain transaction request through a cross-chain channel.
When the cross-link transaction is carried out between the two blockchain networks, the cross-link transaction can be carried out between a target blockchain node of the first blockchain network and a configured node of the second blockchain network on the blockchain all-in-one machine.
When the target blockchain node monitors a cross-chain transaction request of the first blockchain network and the second blockchain network, the cross-chain transaction request is initiated by the target blockchain node, a cross-chain channel of a trusted execution computing environment is established between the target blockchain node and a configured node, transaction data in the cross-chain transaction request is converted into a transaction request of the second blockchain network, the transaction request is forwarded to the configured node, and cross-chain forwarding of the transaction data is achieved.
The Trusted Execution Environment (TEE) may be a secure area within a Central Processing Unit (CPU) of the blockchain all-in-one machine. The TEE runs in a separate environment and in parallel with the operating system. TEE requires that the blockchain kiosk be configured with corresponding software and hardware to enable the blockchain kiosk to provide a trusted execution environment.
When the configured node monitors a cross-chain transaction request of the first block chain network and the second block chain network, the configured node initiates the cross-chain transaction request, a cross-chain channel of a trusted execution computing environment is established between a target block chain node and the configured node, transaction data in the cross-chain transaction request is converted into the transaction request of the first block chain network, and the transaction request is forwarded to the target block chain node, so that cross-chain forwarding of the transaction data is realized.
According to the embodiment of the application, the database of the block chain all-in-one machine is distributed and managed to respectively support data interaction between different block chain nodes in the block chain all-in-one machine and corresponding block chain networks, and meanwhile, the method and the device can be used for supporting chain crossing transmission between two block chain nodes in a single block chain all-in-one machine, and further realize chain crossing transaction of the two block chain networks in the single block chain all-in-one machine.
Corresponding to the multi-node deployment method applied to the blockchain all-in-one machine in the foregoing embodiment, which is applied to the blockchain all-in-one machine, fig. 4 shows a structural block diagram of a multi-node deployment device applied to the blockchain all-in-one machine provided in the fourth embodiment of the present application, where two or more IP addresses are configured on the blockchain all-in-one machine, and for convenience of description, only the parts related to the embodiment of the present application are shown.
Referring to fig. 4, the multi-node deployment apparatus includes:
a node creating module 41, configured to create a target blockchain node on the blockchain all-in-one machine, and detect whether a configured node exists in the blockchain all-in-one machine, where the configured node refers to a blockchain link point that has accessed a blockchain network;
the IP address obtaining module 42 is configured to, if there are configured nodes in the block chain all-in-one machine, obtain a target IP address, and assign the target IP address to a target block chain node, where the target IP address is an IP address that exists in the block chain all-in-one machine and is not assigned to any configured node;
a certificate obtaining module 43, configured to generate a public-private key pair of the target blockchain node, and obtain the target certificate from the first blockchain network according to a public key of the public-private key pair, where the first blockchain network is a blockchain network to which the target blockchain node is currently added;
and deploying an access module 44, configured to access the target blockchain node to the first blockchain network according to the target certificate.
Optionally, the multi-node deployment apparatus further includes:
the database allocation module is used for allocating a sub-database from the database of the block chain all-in-one machine if the configured node exists in the block chain all-in-one machine, wherein the sub-database is a database which is not associated with the configured node;
and the database management module is used for associating the sub-database with the target block chain link point, and the sub-database is used for carrying out data interaction with the first block chain network.
Optionally, the multi-node deployment apparatus further includes:
the port number acquisition module is used for acquiring a configured target port number after the target block chain node is established;
and the port number assignment module is used for assigning the target port number to the target block chain node.
Optionally, the certificate obtaining module 43 includes:
a node information obtaining unit, configured to obtain a node number and a node type of a target block chain node;
and the key generation unit is used for generating a public and private key pair of the target block chain node according to the node number, the node type, the target IP address and the target port number.
Optionally, the blockchain all-in-one machine includes a password card, and the multi-node deployment apparatus further includes:
and the key storage module is used for storing the public and private key pair into the password card after generating the public and private key pair of the target block chain node, and the password card is used for sending the private key of the public and private key pair to the target block chain node when receiving the private key acquisition request of the target block chain node.
Optionally, the multi-node deployment apparatus further includes:
the transaction acquisition module is used for acquiring a cross-link transaction request of a first block link network and a second block link network after a target block link node is accessed to the first block link network, wherein the second block link network is a block link network to which a configured node is currently accessed;
the channel establishing module is used for establishing a cross-chain channel of the trusted execution computing environment between the target block chain link point and a configured node accessed to the second block chain network according to the cross-chain transaction request;
and the cross-chain forwarding module is used for cross-chain forwarding the transaction data in the cross-chain transaction request through the cross-chain channel.
Optionally, the certificate obtaining module 43 includes:
the public key sending unit is used for sending a public key of a public and private key pair to a certificate authority of the first block chain network;
and the certificate acquisition unit is used for acquiring a target certificate fed back by a certificate authority of the first block chain network, and the certificate authority of the first block chain network is used for authenticating a public key of a public and private key pair and feeding back the certificate after the authentication is passed.
It should be noted that, because the contents of information interaction, execution process, and the like between the modules are based on the same concept as that of the embodiment of the method of the present application, specific functions and technical effects thereof may be specifically referred to a part of the embodiment of the method, and details are not described here.
Fig. 5 is a schematic structural diagram of a block chain all-in-one machine according to a fifth embodiment of the present application. As shown in fig. 5, the blockchain integrator 5 of this embodiment includes: at least one processor 50 (only one shown in fig. 5), a memory 51, and a computer program 52 stored in the memory 51 and executable on the at least one processor 50, the processor 50 implementing the steps of any of the various embodiments of the multi-node deployment method applied to a blockchain all-in-one machine when executing the computer program 52.
The blockchain integrator may include, but is not limited to, a processor 50, a memory 51. Those skilled in the art will appreciate that fig. 5 is merely an example of a blockchain kiosk 5, and does not constitute a limitation of blockchain kiosk 5, and may include more or fewer components than shown, or some components in combination, or different components, such as input output devices, network access devices, etc.
The Processor 50 may be a CPU, and the Processor 50 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field-Programmable Gate arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 51 may be an internal storage unit of the blockchain all-in-one 5 in some embodiments, such as a hard disk or memory of the blockchain all-in-one 5. Memory 51 may also be an external storage device of blockchain all-in-one 5 in other embodiments, such as a plug-in hard disk provided on blockchain all-in-one 5, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and so forth. Further, the memory 51 may also include both an internal storage unit and an external storage device of the blockchain integrator 5. The memory 51 is used for storing an operating system, an application program, a BootLoader (BootLoader), data, and other programs, such as program codes of a computer program. The memory 51 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the above-mentioned apparatus may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method of the embodiments described above can be implemented by a computer program, which can be stored in a computer readable storage medium and can implement the steps of the embodiments of the methods described above when the computer program is executed by a processor. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code, recording medium, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, and software distribution media. Such as a usb-disk, a removable hard disk, a magnetic or optical disk, etc. In certain jurisdictions, computer-readable media may not be an electrical carrier signal or a telecommunications signal in accordance with legislative and patent practice.
When the computer program product runs on the blockchain all-in-one machine, the steps in the method embodiments can be realized when the blockchain all-in-one machine is executed.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/blockchain integrator and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/blockchain integrator are merely illustrative, and for example, a module or a unit may be divided into only one logical function, and may be implemented in other ways, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
The above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.