WO2021098140A1 - Blockchain network deployment method, electronic device, and computer-readable storage medium - Google Patents

Blockchain network deployment method, electronic device, and computer-readable storage medium Download PDF

Info

Publication number
WO2021098140A1
WO2021098140A1 PCT/CN2020/086275 CN2020086275W WO2021098140A1 WO 2021098140 A1 WO2021098140 A1 WO 2021098140A1 CN 2020086275 W CN2020086275 W CN 2020086275W WO 2021098140 A1 WO2021098140 A1 WO 2021098140A1
Authority
WO
WIPO (PCT)
Prior art keywords
blockchain network
server
user
fabric
generate
Prior art date
Application number
PCT/CN2020/086275
Other languages
French (fr)
Chinese (zh)
Inventor
鲁铁华
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2021098140A1 publication Critical patent/WO2021098140A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/14Network analysis or design
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/50Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees

Definitions

  • This application relates to the field of blockchain technology, and in particular to a blockchain network deployment method, electronic device, and computer-readable storage medium.
  • Hyperledger Fabric (hereinafter referred to as Fabric) is a blockchain open source project. It officially provides a sample of one-click deployment of blockchain network based on Docker (application container engine), which can quickly build a blockchain for testing and demonstration purposes. Network, but the scenario considered in the official sample is relatively simple and cannot meet the needs of the production environment. The inventor realizes that the official sample has the following shortcomings: (1) The private key and certificate are generated using command-line tools, and all certificates are generated at once, and cannot be dynamically added. (2) The bottom layer is implemented based on Docker and Docker-Compose technology. The container is started with Docker-Compose, does not support distributed, and all components are limited to run on one host. (3) One-click deployment is completed through Shell script, the organizational structure is fixed, the modification is complicated, and the addition of new organizations is not supported.
  • this application proposes a blockchain network deployment method, electronic device, and computer-readable storage medium to solve at least one of the above technical problems.
  • this application proposes a blockchain network deployment method, which includes the steps:
  • the method further includes the steps:
  • the interface of Fabric-CA is called to dynamically generate a new user certificate and save it to the NAS network disk.
  • the steps of starting the container according to the yaml configuration file, building a blockchain network, and using Fabric-CA to generate a user certificate, and save it to a NAS network disk share include:
  • the step of generating a user certificate file through the ICA server includes:
  • the HTTP request includes parameters in JSON format, and the parameters in JSON format are used to customize the blockchain network structure and configure according to the blockchain network information entered by the user, including the blockchain network Name, the name and number of organizations included in the blockchain network, and the name and number of nodes included in each organization.
  • the present application also provides an electronic device, including a memory and a processor, the memory stores a blockchain network deployment system that can run on the processor, and the blockchain network When the deployment system is executed by the processor, the steps of the above-mentioned blockchain network deployment method are realized.
  • the present application also provides a computer-readable storage medium, the computer-readable storage medium stores a blockchain network deployment system, and the blockchain network deployment system can be used by at least one processor Execute, so that the at least one processor executes the steps of the blockchain network deployment method described above.
  • the blockchain network deployment method, electronic device and computer-readable storage medium proposed in this application can provide Java services by the server, generate yaml configuration files according to HTTP requests initiated by the client, and call K8s According to the Restful API interface, start each container according to the yaml configuration file, complete the blockchain network construction, realize the blockchain as a service, and support the one-click deployment of the Fabric blockchain network.
  • Fabric-CA is used to generate user certificates, and each organization deploys an ICA server to ensure data security, and all certificates are saved to the NAS network disk for sharing.
  • FIG. 1 is a schematic diagram of an optional hardware architecture of the electronic device of the present application.
  • FIG. 2 is a schematic diagram of program modules of the first embodiment of the blockchain network deployment system of the present application.
  • Figure 3 is a schematic diagram of the architecture of a blockchain network deployed in this application.
  • FIG. 4 is a schematic diagram of program modules of the second embodiment of the blockchain network deployment system of the present application.
  • FIG. 5 is a schematic flowchart of the first embodiment of the blockchain network deployment method of the present application.
  • Fig. 6 is a detailed flowchart of steps S404 and S406 in Fig. 5;
  • FIG. 7 is a schematic flowchart of a second embodiment of a blockchain network deployment method according to the present application.
  • FIG. 1 is a schematic diagram of an optional hardware architecture of the electronic device 2 of this application.
  • the electronic device 2 may include, but is not limited to, a memory 11, a processor 12, and a network interface 13 that can communicate with each other through a system bus. It should be pointed out that FIG. 1 only shows the electronic device 2 with the components 11-13, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead.
  • the electronic device 2 may be a node forming a blockchain network.
  • the network interface 13 may include a wireless network interface or a wired network interface, and the network interface 13 is generally used to establish a communication connection between the electronic device 2 and other electronic devices.
  • this application proposes a blockchain network deployment system 200.
  • FIG. 2 is a program module diagram of the first embodiment of the blockchain network deployment system 200 of the present application.
  • the blockchain network deployment system 200 includes a series of computer program instructions stored on the memory 11, and when the computer program instructions are executed by the processor 12, the blocks of the various embodiments of the present application can be implemented. Chain network deployment operation.
  • the blockchain network deployment system 200 may be divided into one or more modules based on specific operations implemented by the various parts of the computer program instructions. For example, in FIG. 2, the blockchain network deployment system 200 can be divided into a receiving module 201, a configuration module 202, a starting module 203, and a generating module 204. among them:
  • the receiving module 201 is used to receive an HTTP request for creating a blockchain network.
  • this embodiment uses Kubernetes (K8s for short) to manage Docker containers, supports expansion (which can be expanded to more nodes based on the node created for the first time), provides Java services, supports one-click deployment of the Fabric blockchain network, and completes the area.
  • the so-called one-click deployment means that the user only needs to issue an instruction to start the deployment, and then wait for the deployment to be completed, without intervention during the deployment process.
  • this embodiment uses one-click deployment as a Web service and supports HTTP requests.
  • the Java service calls the API interface of K8s to start and stop the container.
  • the client user enters the blockchain network related information (for example, information related to each organization) through the browser, and initiates an HTTP request to create the blockchain network, and the HTTP request contains parameters in JSON format.
  • the parameters in the JSON format are used to customize the blockchain network structure, and are configured according to the relevant information of the blockchain network entered by the user, including the network name, the name of the organization included, the number of organizations, and the name of the node initiated by each organization And the number, etc.
  • the Java service of the server (the electronic device 2) provides a Restful API interface. After receiving the HTTP request, it parses the parameters in JSON format, assembles the parameters required by K8s, and then sends the HTTP request to K8s to create a blockchain network .
  • the configuration module 202 is configured to generate a yaml configuration file according to the HTTP request.
  • the Java service uses a template to generate yaml configuration files, such as namespace.yaml, pvc.yaml, deployment.yaml, svc.yaml, etc., according to the parameters in the JSON format.
  • the starting module 203 is used to start the container according to the yaml configuration file to build a blockchain network.
  • the generating module 204 is configured to use Fabric-CA (Certificate Authority) to generate a user certificate.
  • Fabric-CA Certificate Authority
  • the startup sequence of each container of the blockchain network has a dependency relationship, and the specific processing procedures of the startup module 203 and the generation module 204 include:
  • Fabric-ca-client is used to complete sending an HTTP request to the ICA server and parse the returned result.
  • the Fabric-ca-client is a Shell script, and there are two most commonly used commands: register identity and register identity.
  • the steps to generate a digital certificate file for a user through the ICA server include:
  • the ICA server After the ICA server returns the digital certificate, it saves the digital certificate file (ca-cert.pem) to the NAS network disk.
  • both the Orderer node and the Peer node are started based on the Docker container technology. They both create and run the container based on the Docker image file, and execute the shell command to start the service after the container is started.
  • the Docker image file can be compared to the GHO image file when the GHOST tool is used to install the operating system.
  • Orderer nodes are started based on the Docker image of hyperledger/fabric-orderer, and the Orderer command is executed after the container is started; Peer nodes are started based on the Docker image of hyperledger/fabric-peer, and after the container is started Execute the peer node start command.
  • the container is actually started by Kubernetes.
  • the specific method is to call the Restful API interface provided by Kubernetes and pass in the yaml configuration file to start the Orderer node and the Peer node.
  • FIG. 3 is a schematic diagram of the architecture of a blockchain network deployed in this application.
  • This embodiment supports the expansion of nodes or organizations in the blockchain network.
  • the specific processing procedures of the configuration module 202 and the startup module 203 include:
  • the specific processing procedures of the configuration module 202 and the activation module 203 include:
  • the Peer nodes in the new organization should be added to the channel, and smart contracts should be installed on the Peer nodes in the new organization.
  • the blockchain network deployment system can deploy blockchain networks with one click based on Kubernetes and Fabric-CA.
  • Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts.
  • Fabric blockchain network realizes blockchain as a service.
  • each organization deploys an ICA server to ensure data security. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
  • the blockchain network deployment system 200 includes a creation module 205 in addition to the receiving module 201, the configuration module 202, the activation module 203, and the generation module 204 in the first embodiment.
  • the creation module 205 is used to call the interface of Fabric-CA to dynamically generate a new user certificate when a new user needs to be created, and save it to the NAS network disk.
  • the user can be obtained by accessing the SDK node when creating the user.
  • the SDK node invokes the interface of the Fabric-CA (ICA server) to generate a new user certificate, which is then saved to the NAS network disk.
  • ICA server Fabric-CA
  • Network-config.yaml is a Java service that provides a Restful API interface. Users can operate the blockchain network by accessing the API interface of the SDK node.
  • Network-config.yaml is the SDK configuration file.
  • the ICA server information is defined in the yaml file, including access addresses, users and passwords, and access certificates.
  • Network-config.yaml can be provided not only for SDK use, but also for Used by other applications (such as blockchain browsers).
  • the SDK node parses the Network-config.yaml configuration file to read the configuration information of the ICA server and automatically construct a client to access the ICA server, which simplifies the interaction with the CA server and facilitates the dynamic generation of user certificates.
  • the blockchain network deployment system can deploy blockchain networks with one click based on Kubernetes and Fabric-CA.
  • Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts.
  • Fabric blockchain network realizes blockchain as a service.
  • each organization deploys an ICA server, which can dynamically generate new certificates after the blockchain network is started. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
  • this application also proposes a blockchain network deployment method.
  • FIG. 5 is a schematic flowchart of the first embodiment of the blockchain network deployment method of the present application.
  • the execution order of the steps in the flowchart shown in FIG. 5 can be changed, and some steps can be omitted.
  • the method includes:
  • Step S400 receiving an HTTP request for creating a blockchain network.
  • this embodiment uses Kubernetes (K8s for short) to manage Docker containers, supports expansion (which can be expanded to more nodes based on the node created for the first time), provides Java services, supports one-click deployment of the Fabric blockchain network, and completes the area.
  • the so-called one-click deployment means that the user only needs to issue an instruction to start the deployment, and then wait for the deployment to be completed, without intervention during the deployment process.
  • this embodiment uses one-click deployment as a Web service and supports HTTP requests.
  • the Java service calls the API interface of K8s to start and stop the container.
  • the client user enters the blockchain network related information (for example, information related to each organization) through the browser, and initiates an HTTP request to create the blockchain network, and the HTTP request contains parameters in JSON format.
  • the parameters in the JSON format are used to customize the blockchain network structure, and are configured according to the relevant information of the blockchain network entered by the user, including the network name, the name of the organization included, the number of organizations, and the name of the node initiated by each organization And the number, etc.
  • the Java service of the server (the electronic device 2) provides a Restful API interface. After receiving the HTTP request, it parses the parameters in JSON format, assembles the parameters required by K8s, and then sends the HTTP request to K8s to create a blockchain network .
  • Step S402 Generate a yaml configuration file according to the HTTP request.
  • the Java service uses a template to generate yaml configuration files, such as namespace.yaml, pvc.yaml, deployment.yaml, svc.yaml, etc., according to the parameters in the JSON format.
  • the yaml configuration file includes the configuration file of k8s and the configuration file of Fabric.
  • the yaml configuration file includes the configuration file of k8s and the configuration file of Fabric.
  • K8s or Docker-compose you need to write a large number of yaml configuration files to define the container's image, mount volume, environment variables, startup script and other information.
  • these configuration files are manually written and prepared before starting the network. If you need to modify the blockchain network information, such as adding an organization, then you need to rewrite these yaml configuration files, which is time-consuming and labor-intensive.
  • these configuration files are abstracted as Freemarker templates to realize the separation of data and templates, so that the information input by the user can be received, the yaml configuration files required by K8s and Fabric are dynamically generated, and the one-click deployment of the blockchain network is realized.
  • Step S404 Start the container according to the yaml configuration file to build a blockchain network.
  • the Java service calls the Restful API interface of K8s to create a blockchain network.
  • K8s starts the Docker container according to the request parameters in the yaml configuration file to complete the blockchain network construction.
  • the Fabric blockchain network is based on Docker containers. Using K8s to manage Docker containers can support the deployment of the Fabric blockchain network in a distributed environment without restricting all components to run on one host.
  • the Fabric blockchain network contains several organizations. Organization is a very important concept in the Fabric network. Nodes, channels, smart contracts, etc. are closely related to the organization. This embodiment implements blockchain as a service, supports one-click deployment of blockchain networks through APIs, and supports dynamic joining of new organizations.
  • Step S406 Use Fabric-CA to generate a user certificate, and save it to the NAS network disk share.
  • Orderer nodes, Peer nodes, and transaction submissions need to use CA certificates. These certificates are generated when the blockchain network is started. After generation, they are stored on the NAS network disk, and from the NAS network when needed. Read these certificates on the disk.
  • Fabric-CA can ensure that the private key is stored on different nodes to ensure the security of the private key (the official example uses the command line tool to generate the private key and is stored together, which is not secure).
  • the startup sequence of each container of the blockchain network has a dependency relationship.
  • the steps S404 and S406 specifically include:
  • Step S4000 start the Root-CA server as the root node of the CA server.
  • asymmetric encryption technology is used in the blockchain for data encryption and decryption.
  • a private key and a public key are required.
  • the private key is only known by the data recipient, and the public key is public.
  • the data sender uses the public key of the data receiver to encrypt the data and sends it to the data receiver, and the data receiver uses its own corresponding private key to decrypt it.
  • the CA server certifies that the public key is safe and has not been tampered with, and is used to ensure the security of the public key.
  • the specific method of proof is: the data receiver sends its own public key to the CA server, the CA server returns a digital certificate (that is, the user certificate) to the data receiver, and then the data receiver sends the digital certificate issued by the CA server to the data receiver.
  • the data sender uses it for encryption (the digital certificate contains the public key of the data receiver).
  • the Root-CA server is used as the root node of the CA server.
  • Step S4002 start the ICA server of each organization.
  • each organization deploys an ICA server, and the certificate of each organization's ICA server is issued by the same Root-CA server, and the Root-CA server and the ICA server form a chain of trust.
  • the ICA server of each organization provides certificate verification services for other nodes of the current organization (including Peer nodes and SDK nodes, etc.) to issue digital certificates required within the organization.
  • the ICA server is a web server that can receive and process HTTP requests.
  • step S4004 the Setup node is started to complete the initialization, and the user certificate file is generated through the ICA server.
  • Fabric-ca-client is used to complete sending an HTTP request to the ICA server and parse the returned result.
  • the Fabric-ca-client is a Shell script, and there are two most commonly used commands: register identity and register identity.
  • the steps to generate a digital certificate file for a user through the ICA server include:
  • Step S4006 Save the generated user certificate file to the NAS network disk share.
  • the ICA server After the ICA server returns the digital certificate, it saves the digital certificate file (ca-cert.pem) to the NAS network disk.
  • Step S4008 start the Orderer node and the Peer node.
  • both the Orderer node and the Peer node are started based on the Docker container technology. They both create and run the container based on the Docker image file, and execute the shell command to start the service after the container is started.
  • the Docker image file can be compared to the GHO image file when the GHOST tool is used to install the operating system.
  • Orderer nodes are started based on the Docker image of hyperledger/fabric-orderer, and the Orderer command is executed after the container is started; Peer nodes are started based on the Docker image of hyperledger/fabric-peer, and after the container is started Execute the peer node start command.
  • the container is actually started by Kubernetes.
  • the specific method is to call the Restful API interface provided by Kubernetes and pass in the yaml configuration file to start the Orderer node and the Peer node.
  • This embodiment supports the expansion of nodes or organizations in the blockchain network. Among them, when a new Peer node joins the organization, the specific processing steps include:
  • the Peer nodes in the new organization should be added to the channel, and smart contracts should be installed on the Peer nodes in the new organization.
  • the blockchain network deployment method provided in this embodiment can deploy the blockchain network with one click based on Kubernetes and Fabric-CA.
  • Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts.
  • Fabric blockchain network realizes blockchain as a service.
  • each organization deploys an ICA server to ensure data security. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
  • steps S500-S506 of the blockchain network deployment method are similar to steps S400-S406 of the first embodiment, except that the method further includes step S508.
  • the method includes the following steps:
  • Step S500 receiving an HTTP request for creating a blockchain network.
  • this embodiment uses Kubernetes (K8s for short) to manage Docker containers, supports expansion (which can be expanded to more nodes based on the node created for the first time), provides Java services, supports one-click deployment of the Fabric blockchain network, and completes the area.
  • the so-called one-click deployment means that the user only needs to issue an instruction to start the deployment, and then wait for the deployment to be completed, without intervention during the deployment process.
  • this embodiment uses one-click deployment as a Web service and supports HTTP requests.
  • the Java service calls the API interface of K8s to start and stop the container.
  • the client user enters the blockchain network related information (for example, information related to each organization) through the browser, and initiates an HTTP request to create the blockchain network, and the HTTP request contains parameters in JSON format.
  • the parameters in the JSON format are used to customize the blockchain network structure, and are configured according to the relevant information of the blockchain network entered by the user, including the network name, the name of the organization included, the number of organizations, and the name of the node initiated by each organization And the number, etc.
  • the Java service of the server (the electronic device 2) provides a Restful interface. After receiving the HTTP request, it parses the parameters in the JSON format, assembles the parameters required by K8s, and then sends the HTTP request to the K8s to create a blockchain network.
  • Step S502 Generate a yaml configuration file according to the HTTP request.
  • the Java service uses a template to generate yaml configuration files, such as namespace.yaml, pvc.yaml, deployment.yaml, svc.yaml, etc., according to the parameters in the JSON format.
  • the yaml configuration file includes the configuration file of k8s and the configuration file of Fabric.
  • the yaml configuration file includes the configuration file of k8s and the configuration file of Fabric.
  • K8s or Docker-compose you need to write a large number of yaml configuration files to define the container's image, mount volume, environment variables, startup script and other information.
  • these configuration files are manually written and prepared before starting the network. If you need to modify the blockchain network information, such as adding an organization, then you need to rewrite these yaml configuration files, which is time-consuming and labor-intensive.
  • these configuration files are abstracted as Freemarker templates to realize the separation of data and templates, so that the information input by the user can be received, and the yaml configuration files required by K8s and Fabric can be dynamically generated to realize one-click deployment of the blockchain network.
  • Step S504 Start the container according to the yaml configuration file to build a blockchain network.
  • the Java service calls the Restful API interface of K8s to create a blockchain network.
  • K8s starts the Docker container according to the request parameters in the yaml configuration file to complete the blockchain network construction.
  • the Fabric blockchain network is based on Docker containers. Using K8s to manage Docker containers can support the deployment of the Fabric blockchain network in a distributed environment without restricting all components to run on one host.
  • the Fabric blockchain network contains several organizations. Organization is a very important concept in the Fabric network. Nodes, channels, smart contracts, etc. are closely related to the organization. This embodiment implements blockchain as a service, supports one-click deployment of blockchain networks through APIs, and supports dynamic joining of new organizations.
  • Step S506 Use Fabric-CA to generate a user certificate, and save it to the NAS network disk share.
  • Orderer nodes, Peer nodes, and transaction submissions need to use CA certificates. These certificates are generated when the blockchain network is started. After generation, they are stored on the NAS network disk, and from the NAS network when needed. Read these certificates on the disk.
  • Fabric-CA can ensure that the private key is stored on different nodes to ensure the security of the private key (the official example uses the command line tool to generate the private key and is stored together, which is not secure).
  • step S508 when a new user needs to be created, the interface of the Fabric-CA is called to dynamically generate a new user certificate and save it to the NAS network disk.
  • the user can be obtained by accessing the SDK node when creating the user.
  • the SDK node invokes the interface of the Fabric-CA (ICA server) to generate a new user certificate, which is then saved to the NAS network disk.
  • ICA server Fabric-CA
  • Network-config.yaml is a Java service that provides a Restful API interface. Users can operate the blockchain network by accessing the API interface of the SDK node.
  • Network-config.yaml is the SDK configuration file.
  • the ICA server information is defined in the yaml file, including access addresses, users and passwords, and access certificates.
  • Network-config.yaml can be provided not only for SDK use, but also for Used by other applications (such as blockchain browsers).
  • the SDK node parses the Network-config.yaml configuration file to read the configuration information of the ICA server and automatically construct a client to access the ICA server, which simplifies the interaction with the CA server and facilitates the dynamic generation of user certificates.
  • the blockchain network deployment method provided in this embodiment can deploy the blockchain network with one click based on Kubernetes and Fabric-CA.
  • Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts.
  • Fabric blockchain network realizes blockchain as a service.
  • each organization deploys an ICA server, which can dynamically generate new certificates after the blockchain network is started. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
  • the computer-readable storage medium may be non-volatile or volatile, and the computer-readable storage medium has a storage area
  • a blockchain network deployment program the blockchain network deployment program can be executed by at least one processor, so that the at least one processor executes the steps of the blockchain network deployment method described above.
  • the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to enable a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method described in each embodiment of the present application.
  • a terminal device which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.

Abstract

The present application relates to blockchain technology, and disclosed therein is a blockchain network deployment method. The method comprises: using a Java service to provide a Restful API interface, and receiving an HTTP request for creating a blockchain network that is initiated by a client; generating, according to parameters in the HTTP request, a yaml configuration file by using a template; calling a Kubernetes Restful API interface, starting up a container according to the yaml configuration file, and establishing a blockchain network; and generating a user certificate by using Fabric-CA and saving same to a network-attached storage (NAS) disk for sharing. Further provided in the present application are an electronic device and a computer-readable storage medium. The blockchain network deployment method, electronic device, and computer-readable storage medium provided in the present application can solve the defects and deficiencies in an official example and are applied to a production environment.

Description

区块链网络部署方法、电子装置及计算机可读存储介质Block chain network deployment method, electronic device and computer readable storage medium
本申请要求于2019年11月21日提交中国专利局、申请号为201911151724.5,发明名称为“区块链网络部署方法、电子装置及计算机可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on November 21, 2019, the application number is 201911151724.5, and the invention title is "Blockchain network deployment method, electronic device, and computer-readable storage medium". All of them The content is incorporated in this application by reference.
技术领域Technical field
本申请涉及区块链技术领域,尤其涉及一种区块链网络部署方法、电子装置及计算机可读存储介质。This application relates to the field of blockchain technology, and in particular to a blockchain network deployment method, electronic device, and computer-readable storage medium.
背景技术Background technique
Hyperledger Fabric(以下简称Fabric)是一个区块链开源项目,官方提供了基于Docker(应用容器引擎)实现一键部署区块链网络的样例,可以快速搭建用于测试和演示用途的区块链网络,但是官方样例考虑的场景比较简单,不能满足生产环境需求。发明人意识到,官方样例主要存在以下不足之处:(1)私钥和证书使用命令行工具生成,一次生成所有证书,不能动态增加。(2)底层基于Docker和Docker-Compose技术实现,容器使用Docker-Compose启动,不支持分布式,所有组件限制在一台主机上面运行。(3)通过Shell脚本完成一键部署,组织结构固定,修改复杂,且不支持添加新组织。Hyperledger Fabric (hereinafter referred to as Fabric) is a blockchain open source project. It officially provides a sample of one-click deployment of blockchain network based on Docker (application container engine), which can quickly build a blockchain for testing and demonstration purposes. Network, but the scenario considered in the official sample is relatively simple and cannot meet the needs of the production environment. The inventor realizes that the official sample has the following shortcomings: (1) The private key and certificate are generated using command-line tools, and all certificates are generated at once, and cannot be dynamically added. (2) The bottom layer is implemented based on Docker and Docker-Compose technology. The container is started with Docker-Compose, does not support distributed, and all components are limited to run on one host. (3) One-click deployment is completed through Shell script, the organizational structure is fixed, the modification is complicated, and the addition of new organizations is not supported.
发明内容Summary of the invention
有鉴于此,本申请提出一种区块链网络部署方法、电子装置及计算机可读存储介质,以解决至少一个上述技术问题。In view of this, this application proposes a blockchain network deployment method, electronic device, and computer-readable storage medium to solve at least one of the above technical problems.
首先,为实现上述目的,本申请提出一种区块链网络部署方法,该方法包括步骤:First of all, in order to achieve the above purpose, this application proposes a blockchain network deployment method, which includes the steps:
通过JAVA服务提供Restful API接口,接收客户端发起的创建区块链网络的HTTP请求;Provides a Restful API interface through JAVA services, and receives HTTP requests initiated by the client to create a blockchain network;
根据所述HTTP请求中的参数,使用模板生成yaml配置文件;Use a template to generate a yaml configuration file according to the parameters in the HTTP request;
调用Kubernetes的Restful API接口,根据所述yaml配置文件启动容器,搭建区块链网络;及Call the Restful API interface of Kubernetes, start the container according to the yaml configuration file, and build a blockchain network; and
采用Fabric-CA生成用户证书,并保存到NAS网盘共享。Use Fabric-CA to generate user certificates and save them to the NAS network disk share.
可选地,该方法还包括步骤:Optionally, the method further includes the steps:
当需要创建新用户时,调用Fabric-CA的接口动态生成新用户证书,并保存到所述NAS网盘。When a new user needs to be created, the interface of Fabric-CA is called to dynamically generate a new user certificate and save it to the NAS network disk.
可选地,所述根据所述yaml配置文件启动容器,搭建区块链网络以及采用Fabric-CA生成用户证书,并保存到NAS网盘共享的步骤包括:Optionally, the steps of starting the container according to the yaml configuration file, building a blockchain network, and using Fabric-CA to generate a user certificate, and save it to a NAS network disk share include:
启动Root-CA服务器作为CA服务器的根节点;Start the Root-CA server as the root node of the CA server;
启动每个组织的ICA服务器;Start the ICA server of each organization;
启动Setup节点完成初始化,通过ICA服务器生成用户证书文件;Start the Setup node to complete the initialization, and generate the user certificate file through the ICA server;
将生成的用户证书文件保存到NAS网盘共享;Save the generated user certificate file to the NAS network disk share;
启动Orderer节点和Peer节点。Start the Orderer node and Peer node.
可选地,所述通过ICA服务器生成用户证书文件的步骤包括:Optionally, the step of generating a user certificate file through the ICA server includes:
使用Fabric-ca-client的注册身份命令,在ICA服务器上注册用户,设置用户名和密码;Use the register identity command of Fabric-ca-client to register a user on the ICA server and set the user name and password;
生成一对公钥和私钥,将私钥文件保存到本地磁盘;Generate a pair of public key and private key, and save the private key file to the local disk;
使用Fabric-ca-client的登记身份命令,将注册的用户名、密码以及公钥文件发送到ICA服务器,ICA服务器返回签发的数字证书。Use Fabric-ca-client's registration identity command to send the registered user name, password, and public key file to the ICA server, and the ICA server returns the issued digital certificate.
可选地,所述HTTP请求中包含JSON格式的参数,所述JSON格式的参数用于定制化区块链网络结构,根据用户录入的区块链网络信息进行配置,包括所述区块链网络名称、所述区块链网络包含的组织名称及个数、每个组织包含的节点名称及个数。Optionally, the HTTP request includes parameters in JSON format, and the parameters in JSON format are used to customize the blockchain network structure and configure according to the blockchain network information entered by the user, including the blockchain network Name, the name and number of organizations included in the blockchain network, and the name and number of nodes included in each organization.
此外,为实现上述目的,本申请还提供一种电子装置,包括存储器、处理器,所述存储器上存储有可在所述处理器上运行的区块链网络部署系统,所述区块链网络部署系统被所述处理器执行时实现如上述的区块链网络部署方法的步骤。In addition, in order to achieve the above object, the present application also provides an electronic device, including a memory and a processor, the memory stores a blockchain network deployment system that can run on the processor, and the blockchain network When the deployment system is executed by the processor, the steps of the above-mentioned blockchain network deployment method are realized.
进一步地,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质存储有区块链网络部署系统,所述区块链网络部署系统可被至少一个处理器执行,以使所述至少一个处理器执行如上述的区块链网络部署方法的步骤。Further, in order to achieve the above object, the present application also provides a computer-readable storage medium, the computer-readable storage medium stores a blockchain network deployment system, and the blockchain network deployment system can be used by at least one processor Execute, so that the at least one processor executes the steps of the blockchain network deployment method described above.
相较于现有技术,本申请所提出的区块链网络部署方法、电子装置及计算机可读存储介质,可以由服务端提供Java服务,根据客户端发起的HTTP请求生成yaml配置文件,调用K8s的Restful API接口,根据所述yaml配置文件启动各个容器,完成区块链网络搭建,实现了区块链即服务,支持一键部署Fabric区块链网络。另外,采用Fabric-CA生成用户证书,每个组织部署有一个ICA服务器,可以保障数据安全,并且所有证书保存到NAS网盘共享。本申请解决了官方样例中的缺陷和不足,可以应用于生产环境。Compared with the prior art, the blockchain network deployment method, electronic device and computer-readable storage medium proposed in this application can provide Java services by the server, generate yaml configuration files according to HTTP requests initiated by the client, and call K8s According to the Restful API interface, start each container according to the yaml configuration file, complete the blockchain network construction, realize the blockchain as a service, and support the one-click deployment of the Fabric blockchain network. In addition, Fabric-CA is used to generate user certificates, and each organization deploys an ICA server to ensure data security, and all certificates are saved to the NAS network disk for sharing. This application solves the shortcomings and deficiencies in the official sample, and can be applied to the production environment.
附图说明Description of the drawings
图1是本申请电子装置一可选的硬件架构的示意图;FIG. 1 is a schematic diagram of an optional hardware architecture of the electronic device of the present application;
图2是本申请区块链网络部署系统第一实施例的程序模块示意图;2 is a schematic diagram of program modules of the first embodiment of the blockchain network deployment system of the present application;
图3是本申请中部署的一种区块链网络的架构示意图;Figure 3 is a schematic diagram of the architecture of a blockchain network deployed in this application;
图4是本申请区块链网络部署系统第二实施例的程序模块示意图;4 is a schematic diagram of program modules of the second embodiment of the blockchain network deployment system of the present application;
图5是本申请区块链网络部署方法第一实施例的流程示意图;FIG. 5 is a schematic flowchart of the first embodiment of the blockchain network deployment method of the present application;
图6是图5中步骤S404和S406的细化流程图;Fig. 6 is a detailed flowchart of steps S404 and S406 in Fig. 5;
图7是本申请区块链网络部署方法第二实施例的流程示意图;FIG. 7 is a schematic flowchart of a second embodiment of a blockchain network deployment method according to the present application;
具体实施方式Detailed ways
本申请参阅图1所示,是本申请电子装置2一可选的硬件架构的示意图。This application refers to FIG. 1, which is a schematic diagram of an optional hardware architecture of the electronic device 2 of this application.
本实施例中,所述电子装置2可包括,但不仅限于,可通过系统总线相互通信连接存储器11、处理器12、网络接口13。需要指出的是,图1仅示出了具有组件11-13的电子装置2,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。In this embodiment, the electronic device 2 may include, but is not limited to, a memory 11, a processor 12, and a network interface 13 that can communicate with each other through a system bus. It should be pointed out that FIG. 1 only shows the electronic device 2 with the components 11-13, but it should be understood that it is not required to implement all the illustrated components, and more or fewer components may be implemented instead.
所述电子装置2可以是组成区块链网络的节点。The electronic device 2 may be a node forming a blockchain network.
所述网络接口13可包括无线网络接口或有线网络接口,该网络接口13通常用于在所述电子装置2与其他电子设备之间建立通信连接。The network interface 13 may include a wireless network interface or a wired network interface, and the network interface 13 is generally used to establish a communication connection between the electronic device 2 and other electronic devices.
至此,己经详细介绍了本申请相关设备的硬件结构和功能。下面,将基于上述介绍提出本申请的各个实施例。首先,本申请提出一种区块链网络部署系统200。So far, the hardware structure and functions of the relevant equipment of this application have been introduced in detail. Hereinafter, various embodiments of the present application will be presented based on the above introduction. First, this application proposes a blockchain network deployment system 200.
参阅图2所示,是本申请区块链网络部署系统200第一实施例的程序模块图。Refer to FIG. 2, which is a program module diagram of the first embodiment of the blockchain network deployment system 200 of the present application.
本实施例中,所述区块链网络部署系统200包括一系列的存储于存储器11上的计算机程序指令,当该计算机程序指令被处理器12执行时,可以实现本申请各实施例的区块链网络部署操作。在一些实施例中,基于该计算机程序指令各部分所实现的特定的操作,区块链网络部署系统200可以被划分为一个或多个模块。例如,在图2中,所述区块链网络部署系统200可以被分割成接收模块201、配置模块202、启动模块203、生成模块204。其中:In this embodiment, the blockchain network deployment system 200 includes a series of computer program instructions stored on the memory 11, and when the computer program instructions are executed by the processor 12, the blocks of the various embodiments of the present application can be implemented. Chain network deployment operation. In some embodiments, the blockchain network deployment system 200 may be divided into one or more modules based on specific operations implemented by the various parts of the computer program instructions. For example, in FIG. 2, the blockchain network deployment system 200 can be divided into a receiving module 201, a configuration module 202, a starting module 203, and a generating module 204. among them:
所述接收模块201,用于接收创建区块链网络的HTTP请求。The receiving module 201 is used to receive an HTTP request for creating a blockchain network.
具体地,本实施例使用Kubernetes(简称K8s)管理Docker容器,支持扩容(在初次创建的节点基础上可扩展成更多节点),提供Java服务,支持一键部署Fabric区块链网络,完成区块链网络所需各个组件的启动工作。所谓一键部署意味着用户只需要发出一个启动部署的指令,然后等待部署工作完成即可,部署过程中不需要介入。并且本实施例将一键部署作为Web服务,支持HTTP请求。Java服务调用K8s的API接口,实现容器的启动和停止。Specifically, this embodiment uses Kubernetes (K8s for short) to manage Docker containers, supports expansion (which can be expanded to more nodes based on the node created for the first time), provides Java services, supports one-click deployment of the Fabric blockchain network, and completes the area. The start-up of the various components required by the blockchain network. The so-called one-click deployment means that the user only needs to issue an instruction to start the deployment, and then wait for the deployment to be completed, without intervention during the deployment process. In addition, this embodiment uses one-click deployment as a Web service and supports HTTP requests. The Java service calls the API interface of K8s to start and stop the container.
客户端用户通过浏览器录入区块链网络相关信息(例如各个组织相关信息),并发起创建区块链网络的HTTP请求,所述HTTP请求中包含JSON格式的参数。所述JSON格式的参数用于定制化区块链网络结构,根据用户所录入的区块链网络相关信息进行配置,包括网络名称、包含的组织名称、组织个数、每个组织启动的节点名称及个数等。The client user enters the blockchain network related information (for example, information related to each organization) through the browser, and initiates an HTTP request to create the blockchain network, and the HTTP request contains parameters in JSON format. The parameters in the JSON format are used to customize the blockchain network structure, and are configured according to the relevant information of the blockchain network entered by the user, including the network name, the name of the organization included, the number of organizations, and the name of the node initiated by each organization And the number, etc.
服务端(所述电子装置2)的Java服务提供Restful API接口,接收所述HTTP请求后,解析JSON格式的参数,拼装K8s所需参数,然后向K8s发送所述HTTP请求来创建区块链网络。The Java service of the server (the electronic device 2) provides a Restful API interface. After receiving the HTTP request, it parses the parameters in JSON format, assembles the parameters required by K8s, and then sends the HTTP request to K8s to create a blockchain network .
所述配置模块202,用于根据所述HTTP请求生成yaml配置文件。The configuration module 202 is configured to generate a yaml configuration file according to the HTTP request.
具体地,Java服务根据所述JSON格式的参数,使用模板生成yaml配置文件,例如namespace.yaml、pvc.yaml、deployment.yaml、svc.yaml等。Specifically, the Java service uses a template to generate yaml configuration files, such as namespace.yaml, pvc.yaml, deployment.yaml, svc.yaml, etc., according to the parameters in the JSON format.
所述启动模块203,用于根据所述yaml配置文件启动容器,搭建区块链网络。The starting module 203 is used to start the container according to the yaml configuration file to build a blockchain network.
所述生成模块204,用于采用Fabric-CA(Certificate Authority,证书授权)生成用户证书。The generating module 204 is configured to use Fabric-CA (Certificate Authority) to generate a user certificate.
所述区块链网络各个容器的启动顺序存在依赖关系,所述启动模块203和所述生成模块204的具体处理过程包括:The startup sequence of each container of the blockchain network has a dependency relationship, and the specific processing procedures of the startup module 203 and the generation module 204 include:
(1)启动Root-CA服务器作为CA服务器的根节点。(1) Start the Root-CA server as the root node of the CA server.
(2)启动每个组织的ICA(Intermediate CA,中间CA)服务器。(2) Start the ICA (Intermediate CA) server of each organization.
(3)启动Setup节点完成初始化,通过ICA服务器生成用户证书文件。(3) Start the Setup node to complete the initialization, and generate the user certificate file through the ICA server.
具体地,为了方便与ICA服务器通信,采用Fabric-ca-client完成向ICA服务器发送HTTP请求并解析返回结果。所述Fabric-ca-client是一个Shell脚本,有两个最常用的命令:注册身份和登记身份。Specifically, in order to facilitate communication with the ICA server, Fabric-ca-client is used to complete sending an HTTP request to the ICA server and parse the returned result. The Fabric-ca-client is a Shell script, and there are two most commonly used commands: register identity and register identity.
通过ICA服务器为用户生成数字证书文件的步骤包括:The steps to generate a digital certificate file for a user through the ICA server include:
a)使用Fabric-ca-client的注册身份命令,在ICA服务器上注册用户,设置用户名和密码;a) Use the register identity command of Fabric-ca-client to register a user on the ICA server and set the user name and password;
b)生成一对公钥和私钥,将私钥文件保存到本地磁盘;b) Generate a pair of public key and private key, and save the private key file to the local disk;
c)使用Fabric-ca-client的登记身份命令,将注册的用户名、密码以及公钥文件发送到ICA服务器,ICA服务器返回签发的数字证书。c) Use the registered identity command of Fabric-ca-client to send the registered user name, password and public key file to the ICA server, and the ICA server returns the issued digital certificate.
(4)将生成的用户证书文件保存到NAS网盘共享。(4) Save the generated user certificate file to the NAS network disk share.
具体地,当ICA服务器返回数字证书后,将数字证书文件(ca-cert.pem)保存到NAS网盘。Specifically, after the ICA server returns the digital certificate, it saves the digital certificate file (ca-cert.pem) to the NAS network disk.
(5)启动Orderer节点和Peer节点。(5) Start the Orderer node and Peer node.
具体地,Orderer节点和Peer节点都是基于Docker容器技术来启动的,都是基于Docker镜像文件创建容器、运行容器,并在容器启动完成后执行shell命令来启动服务。Docker镜像文件可以类比使用GHOST工具安装操作系统时的GHO镜像文件。Specifically, both the Orderer node and the Peer node are started based on the Docker container technology. They both create and run the container based on the Docker image file, and execute the shell command to start the service after the container is started. The Docker image file can be compared to the GHO image file when the GHOST tool is used to install the operating system.
Orderer节点和Peer节点的启动也有区别:Orderer节点基于hyperledger/fabric-orderer这个Docker镜像来启动,容器启动完成后执行Orderer命令;Peer节点基于hyperledger/fabric-peer这个Docker镜像来启动,容器启动完成后执行peer node start命令。The startup of Orderer nodes and Peer nodes is also different: Orderer nodes are started based on the Docker image of hyperledger/fabric-orderer, and the Orderer command is executed after the container is started; Peer nodes are started based on the Docker image of hyperledger/fabric-peer, and after the container is started Execute the peer node start command.
启动容器前可以通过yaml配置文件来设置环境变量。例如,启动Orderer节点时所需的数字证书文件路径就是通过配置环境变量来实现的。You can set environment variables through the yaml configuration file before starting the container. For example, the path of the digital certificate file required to start the Orderer node is achieved by configuring environment variables.
由于本实施例用到Kubernetes技术,因此容器实际上是由Kubernetes来启动的,具体方式是调用Kubernetes提供的Restful API接口,传入yaml配置文件来启动Orderer节点和Peer节点。Since the Kubernetes technology is used in this embodiment, the container is actually started by Kubernetes. The specific method is to call the Restful API interface provided by Kubernetes and pass in the yaml configuration file to start the Orderer node and the Peer node.
参阅图3所示,是本申请中部署的一种区块链网络的架构示意图。Refer to Figure 3, which is a schematic diagram of the architecture of a blockchain network deployed in this application.
本实施例支持所述区块链网络中节点或者组织扩容。其中,当新的Peer节点加入组织时,所述配置模块202和所述启动模块203的具体处理过程包括:This embodiment supports the expansion of nodes or organizations in the blockchain network. Wherein, when a new Peer node joins the organization, the specific processing procedures of the configuration module 202 and the startup module 203 include:
(1)启动新的Peer节点(启动容器并执行shell脚本启动服务)。(1) Start a new Peer node (start the container and execute the shell script to start the service).
(2)修改组织的Crypto-config.yaml配置文件,增加Peer节点个数。(2) Modify the organization's Crypto-config.yaml configuration file to increase the number of Peer nodes.
(3)修改Network-config.json配置文件,增加Peer节点信息,实现SDK节点发现新Peer节点。(3) Modify the Network-config.json configuration file, add Peer node information, and realize SDK node discovery of new Peer nodes.
另外,如果需要的话,还要将新的Peer节点加入到通道中,以及在新的Peer节点上安装智能合约。In addition, if necessary, new Peer nodes must be added to the channel, and smart contracts must be installed on the new Peer nodes.
当新组织加入区块链联盟时,所述配置模块202和所述启动模块203的具体处理过程包括:When a new organization joins the blockchain alliance, the specific processing procedures of the configuration module 202 and the activation module 203 include:
(1)启动新的组织网络(使用容器技术),包括启动ICA节点、Peer节点和SDK节点。(1) Start a new organization network (using container technology), including starting ICA node, Peer node and SDK node.
(2)提交加入区块链联盟的申请(申请中包含组织网络信息),联盟管理员审核通过后加入。(2) Submit an application to join the blockchain alliance (the application includes organization network information), and the alliance administrator will join after approval.
(3)修改通道配置,将组织加入通道。具体包括如下步骤:(3) Modify the channel configuration and add the organization to the channel. Specifically, it includes the following steps:
a)获取通道当前配置区块。a) Get the current configuration block of the channel.
b)使用Configtxlator工具读取配置区块,生成JSON格式的配置文件。b) Use the Configtxlator tool to read the configuration block and generate a configuration file in JSON format.
c)修改JSON格式的配置文件,增加新的组织信息。c) Modify the configuration file in JSON format and add new organization information.
d)使用Configtxlator工具生成新的Protobuf格式的通道配置。d) Use the Configtxlator tool to generate a new channel configuration in Protobuf format.
e)创建配置交易,提交已签名的配置交易来更新通道配置。e) Create a configuration transaction and submit a signed configuration transaction to update the channel configuration.
另外,如果需要的话,还要将新组织内的Peer节点加入到通道,以及在新组织内的Peer节点上安装智能合约。In addition, if necessary, the Peer nodes in the new organization should be added to the channel, and smart contracts should be installed on the Peer nodes in the new organization.
本实施例提供的区块链网络部署系统,可以基于Kubernetes和Fabric-CA一键部署区块链网络,Kubernetes支持分布式部署,可根据需要进行扩容,通过调用Java服务而不是执行Shell脚本来启动Fabric区块链网络,实现了区块链即服务。另外通过集成Fabric-CA生成用户证书,每个组织部署有一个ICA服务器,保障数据安全。本实施例解决了官方样例中的缺陷和不足,可以应用于生产环境。The blockchain network deployment system provided in this embodiment can deploy blockchain networks with one click based on Kubernetes and Fabric-CA. Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts. Fabric blockchain network realizes blockchain as a service. In addition, through the integration of Fabric-CA to generate user certificates, each organization deploys an ICA server to ensure data security. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
参阅图4所示,是本申请区块链网络部署系统200第二实施例的程序模块图。本实施例中,所述的区块链网络部署系统200除了包括第一实施例中的所述接收模块201、配置模块202、启动模块203、生成模块204之外,还包括创建模块205。Refer to FIG. 4, which is a program module diagram of the second embodiment of the blockchain network deployment system 200 of the present application. In this embodiment, the blockchain network deployment system 200 includes a creation module 205 in addition to the receiving module 201, the configuration module 202, the activation module 203, and the generation module 204 in the first embodiment.
所述创建模块205,用于当需要创建新用户时,调用Fabric-CA的接口动态生成新用户证书,并保存到NAS网盘。The creation module 205 is used to call the interface of Fabric-CA to dynamically generate a new user certificate when a new user needs to be created, and save it to the NAS network disk.
具体地,区块链网络启动以后,在运行过程中,根据业务需要可能需要创建新用户,并动态创建新用户证书。本实施例可以在创建用户时通过访问SDK节点获取,SDK节点调用Fabric-CA(ICA服务器)的接口生成新用户证书,生成后保存到NAS网盘。Specifically, after the blockchain network is started, during the operation process, it may be necessary to create new users and dynamically create new user certificates according to business needs. In this embodiment, the user can be obtained by accessing the SDK node when creating the user. The SDK node invokes the interface of the Fabric-CA (ICA server) to generate a new user certificate, which is then saved to the NAS network disk.
SDK节点中使用Network-config.yaml访问Fabric-CA。SDK是一个Java服务,提供Restful API接口,用户通过访问SDK节点的API接口来操作区块链网络。Network-config.yaml是SDK的配置文件,在该yaml文件中定义了ICA服务器信息,包括访问地址、用户和密码以及访问证书等,Network-config.yaml不仅可 以提供给SDK使用,也可以提供给其他应用(例如区块链浏览器)使用。SDK节点启动时解析Network-config.yaml配置文件,从而读取到ICA服务器的配置信息,自动构造访问ICA服务器的客户端,简化了与CA服务器的交互操作,方便动态生成用户证书。Use Network-config.yaml in the SDK node to access Fabric-CA. SDK is a Java service that provides a Restful API interface. Users can operate the blockchain network by accessing the API interface of the SDK node. Network-config.yaml is the SDK configuration file. The ICA server information is defined in the yaml file, including access addresses, users and passwords, and access certificates. Network-config.yaml can be provided not only for SDK use, but also for Used by other applications (such as blockchain browsers). When the SDK node starts, it parses the Network-config.yaml configuration file to read the configuration information of the ICA server and automatically construct a client to access the ICA server, which simplifies the interaction with the CA server and facilitates the dynamic generation of user certificates.
本实施例提供的区块链网络部署系统,可以基于Kubernetes和Fabric-CA一键部署区块链网络,Kubernetes支持分布式部署,可根据需要进行扩容,通过调用Java服务而不是执行Shell脚本来启动Fabric区块链网络,实现了区块链即服务。另外通过集成Fabric-CA生成用户证书,每个组织部署有一个ICA服务器,可以在区块链网络启动以后动态生成新的证书。本实施例解决了官方样例中的缺陷和不足,可以应用于生产环境。The blockchain network deployment system provided in this embodiment can deploy blockchain networks with one click based on Kubernetes and Fabric-CA. Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts. Fabric blockchain network realizes blockchain as a service. In addition, through the integration of Fabric-CA to generate user certificates, each organization deploys an ICA server, which can dynamically generate new certificates after the blockchain network is started. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
此外,本申请还提出一种区块链网络部署方法。In addition, this application also proposes a blockchain network deployment method.
参阅图5所示,是本申请区块链网络部署方法第一实施例的流程示意图。在本实施例中,根据不同的需求,图5所示的流程图中的步骤的执行顺序可以改变,某些步骤可以省略。该方法包括:Refer to FIG. 5, which is a schematic flowchart of the first embodiment of the blockchain network deployment method of the present application. In this embodiment, according to different requirements, the execution order of the steps in the flowchart shown in FIG. 5 can be changed, and some steps can be omitted. The method includes:
步骤S400,接收创建区块链网络的HTTP请求。Step S400, receiving an HTTP request for creating a blockchain network.
具体地,本实施例使用Kubernetes(简称K8s)管理Docker容器,支持扩容(在初次创建的节点基础上可扩展成更多节点),提供Java服务,支持一键部署Fabric区块链网络,完成区块链网络所需各个组件的启动工作。所谓一键部署意味着用户只需要发出一个启动部署的指令,然后等待部署工作完成即可,部署过程中不需要介入。并且本实施例将一键部署作为Web服务,支持HTTP请求。Java服务调用K8s的API接口,实现容器的启动和停止。Specifically, this embodiment uses Kubernetes (K8s for short) to manage Docker containers, supports expansion (which can be expanded to more nodes based on the node created for the first time), provides Java services, supports one-click deployment of the Fabric blockchain network, and completes the area. The start-up of the various components required by the blockchain network. The so-called one-click deployment means that the user only needs to issue an instruction to start the deployment, and then wait for the deployment to be completed, without intervention during the deployment process. In addition, this embodiment uses one-click deployment as a Web service and supports HTTP requests. The Java service calls the API interface of K8s to start and stop the container.
客户端用户通过浏览器录入区块链网络相关信息(例如各个组织相关信息),并发起创建区块链网络的HTTP请求,所述HTTP请求中包含JSON格式的参数。所述JSON格式的参数用于定制化区块链网络结构,根据用户所录入的区块链网络相关信息进行配置,包括网络名称、包含的组织名称、组织个数、每个组织启动的节点名称及个数等。The client user enters the blockchain network related information (for example, information related to each organization) through the browser, and initiates an HTTP request to create the blockchain network, and the HTTP request contains parameters in JSON format. The parameters in the JSON format are used to customize the blockchain network structure, and are configured according to the relevant information of the blockchain network entered by the user, including the network name, the name of the organization included, the number of organizations, and the name of the node initiated by each organization And the number, etc.
服务端(所述电子装置2)的Java服务提供Restful API接口,接收所述HTTP请求后,解析JSON格式的参数,拼装K8s所需参数,然后向K8s发送所述HTTP请求来创建区块链网络。The Java service of the server (the electronic device 2) provides a Restful API interface. After receiving the HTTP request, it parses the parameters in JSON format, assembles the parameters required by K8s, and then sends the HTTP request to K8s to create a blockchain network .
步骤S402,根据所述HTTP请求生成yaml配置文件。Step S402: Generate a yaml configuration file according to the HTTP request.
具体地,Java服务根据所述JSON格式的参数,使用模板生成yaml配置文件,例如namespace.yaml、pvc.yaml、deployment.yaml、svc.yaml等。Specifically, the Java service uses a template to generate yaml configuration files, such as namespace.yaml, pvc.yaml, deployment.yaml, svc.yaml, etc., according to the parameters in the JSON format.
所述yaml配置文件包括k8s的配置文件和Fabric的配置文件。为了启动Docker容器,无论使用K8s还是Docker-compose,都需要编写大量的yaml配置文件,用来定义容器的镜像、挂载卷、环境变量、启动脚本等信息。在Fabric官方样例中,这些配置文件都是手工编写,在启动网络前准备好的。如果需要修改区块链网络信息,例如增加一个组织,那么就需要重新编写这些yaml配置文件,费时费力。本实施例将这些配置文件抽象为Freemarker模板,实现数据和模板的分离,这样就可以接收用户输入的信息,动态生成K8s和Fabric 所需的yaml配置文件,实现区块链网络的一键部署。The yaml configuration file includes the configuration file of k8s and the configuration file of Fabric. In order to start a Docker container, whether you use K8s or Docker-compose, you need to write a large number of yaml configuration files to define the container's image, mount volume, environment variables, startup script and other information. In the official Fabric sample, these configuration files are manually written and prepared before starting the network. If you need to modify the blockchain network information, such as adding an organization, then you need to rewrite these yaml configuration files, which is time-consuming and labor-intensive. In this embodiment, these configuration files are abstracted as Freemarker templates to realize the separation of data and templates, so that the information input by the user can be received, the yaml configuration files required by K8s and Fabric are dynamically generated, and the one-click deployment of the blockchain network is realized.
步骤S404,根据所述yaml配置文件启动容器,搭建区块链网络。Step S404: Start the container according to the yaml configuration file to build a blockchain network.
具体地,Java服务调用K8s的Restful API接口,创建区块链网络。K8s根据所述yaml配置文件中的请求参数,启动Docker容器,完成区块链网络搭建。Specifically, the Java service calls the Restful API interface of K8s to create a blockchain network. K8s starts the Docker container according to the request parameters in the yaml configuration file to complete the blockchain network construction.
Fabric区块链网络是基于Docker容器的,使用K8s来管理Docker容器,可以支持将Fabric区块链网络部署到分布式环境中,而不用将所有组件限制在一台主机上面运行。Fabric区块链网络中包容若干个组织,组织是Fabric网络中非常重要的概念,节点、通道、智能合约等都与组织密切相关。本实施例实现了区块链即服务,支持通过API来一键部署区块链网络,并且支持动态加入新的组织。The Fabric blockchain network is based on Docker containers. Using K8s to manage Docker containers can support the deployment of the Fabric blockchain network in a distributed environment without restricting all components to run on one host. The Fabric blockchain network contains several organizations. Organization is a very important concept in the Fabric network. Nodes, channels, smart contracts, etc. are closely related to the organization. This embodiment implements blockchain as a service, supports one-click deployment of blockchain networks through APIs, and supports dynamic joining of new organizations.
步骤S406,采用Fabric-CA生成用户证书,并保存到NAS网盘共享。Step S406: Use Fabric-CA to generate a user certificate, and save it to the NAS network disk share.
具体地,区块链中大量用到加解密技术,需要生成私钥和证书,用来进行加解密和签名。在官方样例中,私钥和证书使用命令行工具生成,一次生成所有证书,但是在生产环境中,某些业务场景(例如新增用户)需要动态生成新的证书,使用命令行工具不能满足要求。本实施例使用Fabric-CA作为认证中心生成用户证书,可以随时添加新的证书,并且可以定制证书的CSR信息。Fabric-CA可以提供身份注册、签发登记证书、签发交易证书、证书续期和撤销功能。在区块链网络启动阶段,Orderer节点、Peer节点和提交交易等需要用到CA证书,这些证书是在启动区块链网络时生成的,生成后保存在NAS网盘上,需要时从NAS网盘上读取这些证书。Specifically, encryption and decryption technologies are widely used in the blockchain, and private keys and certificates need to be generated for encryption, decryption, and signatures. In the official example, the private key and certificate are generated using command-line tools to generate all certificates at once. However, in a production environment, certain business scenarios (such as adding new users) need to dynamically generate new certificates, which cannot be satisfied by using command-line tools. Claim. In this embodiment, Fabric-CA is used as the authentication center to generate user certificates, new certificates can be added at any time, and the CSR information of the certificates can be customized. Fabric-CA can provide identity registration, issuance of registration certificates, issuance of transaction certificates, certificate renewal and revocation functions. During the startup phase of the blockchain network, Orderer nodes, Peer nodes, and transaction submissions need to use CA certificates. These certificates are generated when the blockchain network is started. After generation, they are stored on the NAS network disk, and from the NAS network when needed. Read these certificates on the disk.
另外,采用Fabric-CA可以保证私钥保存在不同的节点上,保证私钥的安全(官方样例使用命令行工具生成的私钥都保存在一起,不安全)。In addition, the use of Fabric-CA can ensure that the private key is stored on different nodes to ensure the security of the private key (the official example uses the command line tool to generate the private key and is stored together, which is not secure).
在本实施例中,所述区块链网络各个容器的启动顺序存在依赖关系。参阅图6所示,所述步骤S404和S406具体包括:In this embodiment, the startup sequence of each container of the blockchain network has a dependency relationship. Referring to FIG. 6, the steps S404 and S406 specifically include:
步骤S4000,启动Root-CA服务器作为CA服务器的根节点。Step S4000, start the Root-CA server as the root node of the CA server.
具体地,区块链中采用非对称加密技术进行数据加解密,在非对称加密技术中需要使用私钥和公钥,其中私钥只有数据接收方知道,而公钥是公开的。数据发送方使用数据接收方的公钥对数据进行加密,并发送给数据接收方,数据接收方使用自身对应的私钥进行解密。Specifically, asymmetric encryption technology is used in the blockchain for data encryption and decryption. In the asymmetric encryption technology, a private key and a public key are required. The private key is only known by the data recipient, and the public key is public. The data sender uses the public key of the data receiver to encrypt the data and sends it to the data receiver, and the data receiver uses its own corresponding private key to decrypt it.
CA服务器作为第三方权威机构,证明公钥是安全的、没有被篡改的,用于保证公钥的安全。具体证明的方法为:数据接收方将自身的公钥发送给CA服务器,CA服务器返回一个数字证书(即所述用户证书)给数据接收方,然后数据接收方将CA服务器颁发的数字证书发送至数据发送方做加密使用(数字证书中包含有数据接收方的公钥)。As a third-party authority, the CA server certifies that the public key is safe and has not been tampered with, and is used to ensure the security of the public key. The specific method of proof is: the data receiver sends its own public key to the CA server, the CA server returns a digital certificate (that is, the user certificate) to the data receiver, and then the data receiver sends the digital certificate issued by the CA server to the data receiver. The data sender uses it for encryption (the digital certificate contains the public key of the data receiver).
在本实施例中,针对区块链的多个组织,需要部署多个CA服务器,并且将Root-CA服务器作为CA服务器的根节点。In this embodiment, for multiple organizations of the blockchain, multiple CA servers need to be deployed, and the Root-CA server is used as the root node of the CA server.
步骤S4002,启动每个组织的ICA服务器。Step S4002, start the ICA server of each organization.
具体地,每个组织都部署有一个ICA服务器,各个组织ICA服务器的证书由相同的Root-CA服务器签发,Root-CA服务器和ICA服务器形成信任链。每 个组织的ICA服务器为当前组织的其他节点(包括Peer节点和SDK节点等)提供证书验签服务,用于颁发这个组织内所需的数字证书。ICA服务器是一个Web服务器,可以接收HTTP请求并进行处理。Specifically, each organization deploys an ICA server, and the certificate of each organization's ICA server is issued by the same Root-CA server, and the Root-CA server and the ICA server form a chain of trust. The ICA server of each organization provides certificate verification services for other nodes of the current organization (including Peer nodes and SDK nodes, etc.) to issue digital certificates required within the organization. The ICA server is a web server that can receive and process HTTP requests.
步骤S4004,启动Setup节点完成初始化,通过ICA服务器生成用户证书文件。In step S4004, the Setup node is started to complete the initialization, and the user certificate file is generated through the ICA server.
具体地,为了方便与ICA服务器通信,采用Fabric-ca-client完成向ICA服务器发送HTTP请求并解析返回结果。所述Fabric-ca-client是一个Shell脚本,有两个最常用的命令:注册身份和登记身份。Specifically, in order to facilitate communication with the ICA server, Fabric-ca-client is used to complete sending an HTTP request to the ICA server and parse the returned result. The Fabric-ca-client is a Shell script, and there are two most commonly used commands: register identity and register identity.
通过ICA服务器为用户生成数字证书文件的步骤包括:The steps to generate a digital certificate file for a user through the ICA server include:
a)使用Fabric-ca-client的注册身份命令,在ICA服务器上注册用户,设置用户名和密码;a) Use the register identity command of Fabric-ca-client to register a user on the ICA server and set the user name and password;
b)生成一对公钥和私钥,将私钥文件保存到本地磁盘;b) Generate a pair of public key and private key, and save the private key file to the local disk;
c)使用Fabric-ca-client的登记身份命令,将注册的用户名、密码以及公钥文件发送到ICA服务器,ICA服务器返回签发的数字证书。c) Use the registered identity command of Fabric-ca-client to send the registered user name, password and public key file to the ICA server, and the ICA server returns the issued digital certificate.
步骤S4006,将生成的用户证书文件保存到NAS网盘共享。Step S4006: Save the generated user certificate file to the NAS network disk share.
具体地,当ICA服务器返回数字证书后,将数字证书文件(ca-cert.pem)保存到NAS网盘。Specifically, after the ICA server returns the digital certificate, it saves the digital certificate file (ca-cert.pem) to the NAS network disk.
步骤S4008,启动Orderer节点和Peer节点。Step S4008, start the Orderer node and the Peer node.
具体地,Orderer节点和Peer节点都是基于Docker容器技术来启动的,都是基于Docker镜像文件创建容器、运行容器,并在容器启动完成后执行shell命令来启动服务。Docker镜像文件可以类比使用GHOST工具安装操作系统时的GHO镜像文件。Specifically, both the Orderer node and the Peer node are started based on the Docker container technology. They both create and run the container based on the Docker image file, and execute the shell command to start the service after the container is started. The Docker image file can be compared to the GHO image file when the GHOST tool is used to install the operating system.
Orderer节点和Peer节点的启动也有区别:Orderer节点基于hyperledger/fabric-orderer这个Docker镜像来启动,容器启动完成后执行Orderer命令;Peer节点基于hyperledger/fabric-peer这个Docker镜像来启动,容器启动完成后执行peer node start命令。The startup of Orderer nodes and Peer nodes is also different: Orderer nodes are started based on the Docker image of hyperledger/fabric-orderer, and the Orderer command is executed after the container is started; Peer nodes are started based on the Docker image of hyperledger/fabric-peer, and after the container is started Execute the peer node start command.
启动容器前可以通过yaml配置文件来设置环境变量。例如,启动Orderer节点时所需的数字证书文件路径就是通过配置环境变量来实现的。You can set environment variables through the yaml configuration file before starting the container. For example, the path of the digital certificate file required to start the Orderer node is achieved by configuring environment variables.
由于本实施例用到Kubernetes技术,因此容器实际上是由Kubernetes来启动的,具体方式是调用Kubernetes提供的Restful API接口,传入yaml配置文件来启动Orderer节点和Peer节点。Since the Kubernetes technology is used in this embodiment, the container is actually started by Kubernetes. The specific method is to call the Restful API interface provided by Kubernetes and pass in the yaml configuration file to start the Orderer node and the Peer node.
本实施例支持所述区块链网络中节点或者组织扩容。其中,当新的Peer节点加入组织时,具体处理步骤包括:This embodiment supports the expansion of nodes or organizations in the blockchain network. Among them, when a new Peer node joins the organization, the specific processing steps include:
(1)启动新的Peer节点(启动容器并执行shell脚本启动服务)。(1) Start a new Peer node (start the container and execute the shell script to start the service).
(2)修改组织的Crypto-config.yaml配置文件,增加Peer节点个数。(2) Modify the organization's Crypto-config.yaml configuration file to increase the number of Peer nodes.
(3)修改Network-config.json配置文件,增加Peer节点信息,实现SDK节点发现新Peer节点。(3) Modify the Network-config.json configuration file, add Peer node information, and realize SDK node discovery of new Peer nodes.
另外,如果需要的话,还要将新的Peer节点加入到通道中,以及在新的Peer节点上安装智能合约。In addition, if necessary, new Peer nodes must be added to the channel, and smart contracts must be installed on the new Peer nodes.
当新组织加入区块链联盟时,具体处理步骤包括:When a new organization joins the blockchain alliance, the specific processing steps include:
(1)启动新的组织网络(使用容器技术),包括启动ICA节点、Peer节点和SDK节点。(1) Start a new organization network (using container technology), including starting ICA node, Peer node and SDK node.
(2)提交加入区块链联盟的申请(申请中包含组织网络信息),联盟管理员审核通过后加入。(2) Submit an application to join the blockchain alliance (the application includes organization network information), and the alliance administrator will join after approval.
(3)修改通道配置,将组织加入通道。具体包括如下步骤:(3) Modify the channel configuration and add the organization to the channel. Specifically, it includes the following steps:
a)获取通道当前配置区块。a) Get the current configuration block of the channel.
b)使用Configtxlator工具读取配置区块,生成JSON格式的配置文件。b) Use the Configtxlator tool to read the configuration block and generate a configuration file in JSON format.
c)修改JSON格式的配置文件,增加新的组织信息。c) Modify the configuration file in JSON format and add new organization information.
d)使用Configtxlator工具生成新的Protobuf格式的通道配置。d) Use the Configtxlator tool to generate a new channel configuration in Protobuf format.
e)创建配置交易,提交已签名的配置交易来更新通道配置。e) Create a configuration transaction and submit a signed configuration transaction to update the channel configuration.
另外,如果需要的话,还要将新组织内的Peer节点加入到通道,以及在新组织内的Peer节点上安装智能合约。In addition, if necessary, the Peer nodes in the new organization should be added to the channel, and smart contracts should be installed on the Peer nodes in the new organization.
本实施例提供的区块链网络部署方法,可以基于Kubernetes和Fabric-CA一键部署区块链网络,Kubernetes支持分布式部署,可根据需要进行扩容,通过调用Java服务而不是执行Shell脚本来启动Fabric区块链网络,实现了区块链即服务。另外通过集成Fabric-CA生成用户证书,每个组织部署有一个ICA服务器,保障数据安全。本实施例解决了官方样例中的缺陷和不足,可以应用于生产环境。The blockchain network deployment method provided in this embodiment can deploy the blockchain network with one click based on Kubernetes and Fabric-CA. Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts. Fabric blockchain network realizes blockchain as a service. In addition, through the integration of Fabric-CA to generate user certificates, each organization deploys an ICA server to ensure data security. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
如图7所示,是本申请区块链网络部署方法的第二实施例的流程示意图。本实施例中,所述区块链网络部署方法的步骤S500-S506与第一实施例的步骤S400-S406相类似,区别在于该方法还包括步骤S508。As shown in FIG. 7, it is a schematic flowchart of the second embodiment of the blockchain network deployment method of the present application. In this embodiment, steps S500-S506 of the blockchain network deployment method are similar to steps S400-S406 of the first embodiment, except that the method further includes step S508.
该方法包括以下步骤:The method includes the following steps:
步骤S500,接收创建区块链网络的HTTP请求。Step S500, receiving an HTTP request for creating a blockchain network.
具体地,本实施例使用Kubernetes(简称K8s)管理Docker容器,支持扩容(在初次创建的节点基础上可扩展成更多节点),提供Java服务,支持一键部署Fabric区块链网络,完成区块链网络所需各个组件的启动工作。所谓一键部署意味着用户只需要发出一个启动部署的指令,然后等待部署工作完成即可,部署过程中不需要介入。并且本实施例将一键部署作为Web服务,支持HTTP请求。Java服务调用K8s的API接口,实现容器的启动和停止。Specifically, this embodiment uses Kubernetes (K8s for short) to manage Docker containers, supports expansion (which can be expanded to more nodes based on the node created for the first time), provides Java services, supports one-click deployment of the Fabric blockchain network, and completes the area. The start-up of the various components required by the blockchain network. The so-called one-click deployment means that the user only needs to issue an instruction to start the deployment, and then wait for the deployment to be completed, without intervention during the deployment process. In addition, this embodiment uses one-click deployment as a Web service and supports HTTP requests. The Java service calls the API interface of K8s to start and stop the container.
客户端用户通过浏览器录入区块链网络相关信息(例如各个组织相关信息),并发起创建区块链网络的HTTP请求,所述HTTP请求中包含JSON格式的参数。所述JSON格式的参数用于定制化区块链网络结构,根据用户所录入的区块链网络相关信息进行配置,包括网络名称、包含的组织名称、组织个数、每个组织启动的节点名称及个数等。The client user enters the blockchain network related information (for example, information related to each organization) through the browser, and initiates an HTTP request to create the blockchain network, and the HTTP request contains parameters in JSON format. The parameters in the JSON format are used to customize the blockchain network structure, and are configured according to the relevant information of the blockchain network entered by the user, including the network name, the name of the organization included, the number of organizations, and the name of the node initiated by each organization And the number, etc.
服务端(所述电子装置2)的Java服务提供Restful接口,接收所述HTTP请求后,解析JSON格式的参数,拼装K8s所需参数,然后向K8s发送所述HTTP请求来创建区块链网络。The Java service of the server (the electronic device 2) provides a Restful interface. After receiving the HTTP request, it parses the parameters in the JSON format, assembles the parameters required by K8s, and then sends the HTTP request to the K8s to create a blockchain network.
步骤S502,根据所述HTTP请求生成yaml配置文件。Step S502: Generate a yaml configuration file according to the HTTP request.
具体地,Java服务根据所述JSON格式的参数,使用模板生成yaml配置文件,例如namespace.yaml、pvc.yaml、deployment.yaml、svc.yaml等。Specifically, the Java service uses a template to generate yaml configuration files, such as namespace.yaml, pvc.yaml, deployment.yaml, svc.yaml, etc., according to the parameters in the JSON format.
所述yaml配置文件包括k8s的配置文件和Fabric的配置文件。为了启动Docker容器,无论使用K8s还是Docker-compose,都需要编写大量的yaml配置文件,用来定义容器的镜像、挂载卷、环境变量、启动脚本等信息。在Fabric官方样例中,这些配置文件都是手工编写,在启动网络前准备好的。如果需要修改区块链网络信息,例如增加一个组织,那么就需要重新编写这些yaml配置文件,费时费力。本实施例将这些配置文件抽象为Freemarker模板,实现数据和模板的分离,这样就可以接收用户输入的信息,动态生成K8s和Fabric所需的yaml配置文件,实现区块链网络的一键部署。The yaml configuration file includes the configuration file of k8s and the configuration file of Fabric. In order to start a Docker container, whether you use K8s or Docker-compose, you need to write a large number of yaml configuration files to define the container's image, mount volume, environment variables, startup script and other information. In the official Fabric sample, these configuration files are manually written and prepared before starting the network. If you need to modify the blockchain network information, such as adding an organization, then you need to rewrite these yaml configuration files, which is time-consuming and labor-intensive. In this embodiment, these configuration files are abstracted as Freemarker templates to realize the separation of data and templates, so that the information input by the user can be received, and the yaml configuration files required by K8s and Fabric can be dynamically generated to realize one-click deployment of the blockchain network.
步骤S504,根据所述yaml配置文件启动容器,搭建区块链网络。Step S504: Start the container according to the yaml configuration file to build a blockchain network.
具体地,Java服务调用K8s的Restful API接口,创建区块链网络。K8s根据所述yaml配置文件中的请求参数,启动Docker容器,完成区块链网络搭建。Specifically, the Java service calls the Restful API interface of K8s to create a blockchain network. K8s starts the Docker container according to the request parameters in the yaml configuration file to complete the blockchain network construction.
Fabric区块链网络是基于Docker容器的,使用K8s来管理Docker容器,可以支持将Fabric区块链网络部署到分布式环境中,而不用将所有组件限制在一台主机上面运行。Fabric区块链网络中包容若干个组织,组织是Fabric网络中非常重要的概念,节点、通道、智能合约等都与组织密切相关。本实施例实现了区块链即服务,支持通过API来一键部署区块链网络,并且支持动态加入新的组织。The Fabric blockchain network is based on Docker containers. Using K8s to manage Docker containers can support the deployment of the Fabric blockchain network in a distributed environment without restricting all components to run on one host. The Fabric blockchain network contains several organizations. Organization is a very important concept in the Fabric network. Nodes, channels, smart contracts, etc. are closely related to the organization. This embodiment implements blockchain as a service, supports one-click deployment of blockchain networks through APIs, and supports dynamic joining of new organizations.
步骤S506,采用Fabric-CA生成用户证书,并保存到NAS网盘共享。Step S506: Use Fabric-CA to generate a user certificate, and save it to the NAS network disk share.
具体地,区块链中大量用到加解密技术,需要生成私钥和证书,用来进行加解密和签名。在官方样例中,私钥和证书使用命令行工具生成,一次生成所有证书,但是在生产环境中,某些业务场景(例如新增用户)需要动态生成新的证书,使用命令行工具不能满足要求。本实施例使用Fabric-CA作为认证中心生成用户证书,可以随时添加新的证书,并且可以定制证书的CSR信息。Fabric-CA可以提供身份注册、签发登记证书、签发交易证书、证书续期和撤销功能。在区块链网络启动阶段,Orderer节点、Peer节点和提交交易等需要用到CA证书,这些证书是在启动区块链网络时生成的,生成后保存在NAS网盘上,需要时从NAS网盘上读取这些证书。Specifically, encryption and decryption technologies are widely used in the blockchain, and private keys and certificates need to be generated for encryption, decryption, and signatures. In the official example, the private key and certificate are generated using command-line tools to generate all certificates at once. However, in a production environment, certain business scenarios (such as adding new users) need to dynamically generate new certificates, which cannot be satisfied by using command-line tools. Claim. In this embodiment, Fabric-CA is used as the authentication center to generate user certificates, new certificates can be added at any time, and the CSR information of the certificates can be customized. Fabric-CA can provide identity registration, issuance of registration certificates, issuance of transaction certificates, certificate renewal and revocation functions. During the startup phase of the blockchain network, Orderer nodes, Peer nodes, and transaction submissions need to use CA certificates. These certificates are generated when the blockchain network is started. After generation, they are stored on the NAS network disk, and from the NAS network when needed. Read these certificates on the disk.
另外,采用Fabric-CA可以保证私钥保存在不同的节点上,保证私钥的安全(官方样例使用命令行工具生成的私钥都保存在一起,不安全)。In addition, the use of Fabric-CA can ensure that the private key is stored on different nodes to ensure the security of the private key (the official example uses the command line tool to generate the private key and is stored together, which is not secure).
步骤S508,当需要创建新用户时,调用Fabric-CA的接口动态生成新用户证书,并保存到NAS网盘。In step S508, when a new user needs to be created, the interface of the Fabric-CA is called to dynamically generate a new user certificate and save it to the NAS network disk.
具体地,区块链网络启动以后,在运行过程中,根据业务需要可能需要创建新用户,并动态创建新用户证书。本实施例可以在创建用户时通过访问SDK节点获取,SDK节点调用Fabric-CA(ICA服务器)的接口生成新用户证书,生成后保存到NAS网盘。Specifically, after the blockchain network is started, during the operation process, it may be necessary to create new users and dynamically create new user certificates according to business needs. In this embodiment, the user can be obtained by accessing the SDK node when creating the user. The SDK node invokes the interface of the Fabric-CA (ICA server) to generate a new user certificate, which is then saved to the NAS network disk.
SDK节点中使用Network-config.yaml访问Fabric-CA。SDK是一个Java服务,提供Restful API接口,用户通过访问SDK节点的API接口来操作区块链网络。 Network-config.yaml是SDK的配置文件,在该yaml文件中定义了ICA服务器信息,包括访问地址、用户和密码以及访问证书等,Network-config.yaml不仅可以提供给SDK使用,也可以提供给其他应用(例如区块链浏览器)使用。SDK节点启动时解析Network-config.yaml配置文件,从而读取到ICA服务器的配置信息,自动构造访问ICA服务器的客户端,简化了与CA服务器的交互操作,方便动态生成用户证书。Use Network-config.yaml in the SDK node to access Fabric-CA. SDK is a Java service that provides a Restful API interface. Users can operate the blockchain network by accessing the API interface of the SDK node. Network-config.yaml is the SDK configuration file. The ICA server information is defined in the yaml file, including access addresses, users and passwords, and access certificates. Network-config.yaml can be provided not only for SDK use, but also for Used by other applications (such as blockchain browsers). When the SDK node starts, it parses the Network-config.yaml configuration file to read the configuration information of the ICA server and automatically construct a client to access the ICA server, which simplifies the interaction with the CA server and facilitates the dynamic generation of user certificates.
本实施例提供的区块链网络部署方法,可以基于Kubernetes和Fabric-CA一键部署区块链网络,Kubernetes支持分布式部署,可根据需要进行扩容,通过调用Java服务而不是执行Shell脚本来启动Fabric区块链网络,实现了区块链即服务。另外通过集成Fabric-CA生成用户证书,每个组织部署有一个ICA服务器,可以在区块链网络启动以后动态生成新的证书。本实施例解决了官方样例中的缺陷和不足,可以应用于生产环境。The blockchain network deployment method provided in this embodiment can deploy the blockchain network with one click based on Kubernetes and Fabric-CA. Kubernetes supports distributed deployment and can be expanded as needed. It can be started by calling Java services instead of executing Shell scripts. Fabric blockchain network realizes blockchain as a service. In addition, through the integration of Fabric-CA to generate user certificates, each organization deploys an ICA server, which can dynamically generate new certificates after the blockchain network is started. This embodiment solves the defects and deficiencies in the official sample, and can be applied to a production environment.
本申请还提供了另一种实施方式,即提供一种计算机可读存储介质,该计算机可读存储介质可以是非易失性,也可以是易失性,所述计算机可读存储介质存储有区块链网络部署程序,所述区块链网络部署程序可被至少一个处理器执行,以使所述至少一个处理器执行如上述的区块链网络部署方法的步骤。This application also provides another implementation manner, that is, a computer-readable storage medium is provided. The computer-readable storage medium may be non-volatile or volatile, and the computer-readable storage medium has a storage area A blockchain network deployment program, the blockchain network deployment program can be executed by at least one processor, so that the at least one processor executes the steps of the blockchain network deployment method described above.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the foregoing embodiments of the present application are only for description, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above implementation manners, those skilled in the art can clearly understand that the above-mentioned embodiment method can be implemented by means of software plus the necessary general hardware platform, of course, it can also be implemented by hardware, but in many cases the former is better.的实施方式。 Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM, magnetic disk, The optical disc) includes several instructions to enable a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to execute the method described in each embodiment of the present application.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only the preferred embodiments of the application, and do not limit the scope of the patent for this application. Any equivalent structure or equivalent process transformation made using the content of the description and drawings of the application, or directly or indirectly applied to other related technical fields , The same reason is included in the scope of patent protection of this application.

Claims (20)

  1. 一种区块链网络部署方法,所述方法包括步骤:A blockchain network deployment method, the method includes the steps:
    通过JAVA服务提供Restful API接口,接收客户端发起的创建区块链网络的HTTP请求;Provides a Restful API interface through JAVA services, and receives HTTP requests initiated by the client to create a blockchain network;
    根据所述HTTP请求中的参数,使用模板生成yaml配置文件;Use a template to generate a yaml configuration file according to the parameters in the HTTP request;
    调用Kubernetes的Restful API接口,根据所述yaml配置文件启动容器,搭建区块链网络;及Call the Restful API interface of Kubernetes, start the container according to the yaml configuration file, and build a blockchain network; and
    采用Fabric-CA生成用户证书,并保存到网络附属存储NAS网盘共享。Use Fabric-CA to generate user certificates and save them to the network attached storage NAS network disk share.
  2. 如权利要求1所述的区块链网络部署方法,该方法还包括步骤:The blockchain network deployment method according to claim 1, the method further comprising the steps:
    当需要创建新用户时,调用Fabric-CA的接口动态生成新用户证书,并保存到所述NAS网盘。When a new user needs to be created, the interface of Fabric-CA is called to dynamically generate a new user certificate and save it to the NAS network disk.
  3. 如权利要求1或2所述的区块链网络部署方法,所述根据所述yaml配置文件启动容器,搭建区块链网络以及采用Fabric-CA生成用户证书,并保存到NAS网盘共享的步骤包括:The method for deploying a blockchain network according to claim 1 or 2, wherein the steps of starting a container according to the yaml configuration file, building a blockchain network, and using Fabric-CA to generate a user certificate, and save it to the NAS network disk sharing include:
    启动Root-CA服务器作为CA服务器的根节点;Start the Root-CA server as the root node of the CA server;
    启动每个组织的ICA服务器;Start the ICA server of each organization;
    启动Setup节点完成初始化,通过ICA服务器生成用户证书文件;Start the Setup node to complete the initialization, and generate the user certificate file through the ICA server;
    将生成的用户证书文件保存到NAS网盘共享;Save the generated user certificate file to the NAS network disk share;
    启动Orderer节点和Peer节点。Start the Orderer node and Peer node.
  4. 如权利要求3所述的区块链网络部署方法,所述通过ICA服务器生成用户证书文件的步骤包括:5. The blockchain network deployment method of claim 3, wherein the step of generating a user certificate file through the ICA server comprises:
    使用Fabric-ca-client的注册身份命令,在ICA服务器上注册用户,设置用户名和密码;Use the register identity command of Fabric-ca-client to register a user on the ICA server and set the user name and password;
    生成一对公钥和私钥,将私钥文件保存到本地磁盘;Generate a pair of public key and private key, and save the private key file to the local disk;
    使用Fabric-ca-client的登记身份命令,将注册的用户名、密码以及公钥文件发送到ICA服务器,ICA服务器返回签发的数字证书。Use Fabric-ca-client's registration identity command to send the registered user name, password, and public key file to the ICA server, and the ICA server returns the issued digital certificate.
  5. 如权利要求1或2所述的区块链网络部署方法,所述HTTP请求中包含JSON格式的参数,所述JSON格式的参数用于定制化区块链网络结构,根据用户录入的区块链网络信息进行配置,包括所述区块链网络名称、所述区块链网络包含的组织名称及个数、每个组织包含的节点名称及个数。The blockchain network deployment method according to claim 1 or 2, wherein the HTTP request contains parameters in JSON format, and the parameters in JSON format are used to customize the blockchain network structure according to the blockchain entered by the user. The network information is configured, including the name of the blockchain network, the name and number of organizations included in the blockchain network, and the name and number of nodes included in each organization.
  6. 一种区块链网络部署装置,所述装置包括:A blockchain network deployment device, the device includes:
    接收模块,用于通过JAVA服务提供Restful API接口,接收客户端发起的创建区块链网络的HTTP请求;The receiving module is used to provide a Restful API interface through JAVA services and receive HTTP requests initiated by the client to create a blockchain network;
    配置模块,用于根据所述HTTP请求中的参数,使用模板生成yaml配置文件;The configuration module is used to generate a yaml configuration file using a template according to the parameters in the HTTP request;
    启动模块,用于调用Kubernetes的Restful API接口,根据所述yaml配置文件启动容器,搭建区块链网络;及The startup module is used to call the Restful API interface of Kubernetes, start the container according to the yaml configuration file, and build a blockchain network; and
    生成模块,用于采用Fabric-CA生成用户证书,并保存到网络附属存储NAS网盘共享。The generation module is used to use Fabric-CA to generate user certificates and save them to the network attached storage NAS network disk share.
  7. 如权利要求6所述的区块链网络部署装置,所述装置包括:The blockchain network deployment device according to claim 6, said device comprising:
    创建模块,用于当需要创建新用户时,调用Fabric-CA的接口动态生成新用户证书,并保存到所述NAS网盘。The creation module is used to call the interface of Fabric-CA to dynamically generate a new user certificate when a new user needs to be created, and save it to the NAS network disk.
  8. 如权利要求6或7所述的区块链网络部署装置,所述启动模块包括:The device for deploying a blockchain network according to claim 6 or 7, wherein the activation module comprises:
    服务器启动单元,用于启动Root-CA服务器作为CA服务器的根节点;The server start unit is used to start the Root-CA server as the root node of the CA server;
    所述启动单元,还用于启动每个组织的ICA服务器;The starting unit is also used to start the ICA server of each organization;
    所述生成模块包括:The generating module includes:
    生成单元,用于启动Setup节点完成初始化,通过ICA服务器生成用户证书文件;The generating unit is used to start the Setup node to complete the initialization, and generate the user certificate file through the ICA server;
    保存单元,用于将生成的用户证书文件保存到NAS网盘共享;The saving unit is used to save the generated user certificate file to the NAS network disk share;
    节点启动单元,用于启动Orderer节点和Peer节点。The node starting unit is used to start the Orderer node and the Peer node.
  9. 如权利要求8所述的区块链网络部署装置,所述生成单元包括:The blockchain network deployment device according to claim 8, wherein the generating unit comprises:
    注册子单元,用于使用Fabric-ca-client的注册身份命令,在ICA服务器上注册用户,设置用户名和密码;The registration subunit is used to use the registration identity command of Fabric-ca-client to register users on the ICA server and set the user name and password;
    生成子单元,用于生成一对公钥和私钥,将私钥文件保存到本地磁盘;Generation subunit, used to generate a pair of public key and private key, and save the private key file to the local disk;
    发送子单元,用于使用Fabric-ca-client的登记身份命令,将注册的用户名、密码以及公钥文件发送到ICA服务器,ICA服务器返回签发的数字证书。The sending subunit is used to send the registered user name, password, and public key file to the ICA server using the registration identity command of Fabric-ca-client, and the ICA server returns the issued digital certificate.
  10. 如权利要求6或7所述的区块链网络部署装置,所述HTTP请求中包含JSON格式的参数,所述JSON格式的参数用于定制化区块链网络结构,根据用户录入的区块链网络信息进行配置,包括所述区块链网络名称、所述区块链网络包含的组织名称及个数、每个组织包含的节点名称及个数。、The blockchain network deployment device according to claim 6 or 7, wherein the HTTP request contains parameters in JSON format, and the parameters in JSON format are used to customize the blockchain network structure according to the blockchain entered by the user. The network information is configured, including the name of the blockchain network, the name and number of organizations included in the blockchain network, and the name and number of nodes included in each organization. ,
  11. 一种电子装置,其特征在于,所述电子装置包括存储器、处理器,所述存储器上存储有可在所述处理器上运行的区块链网络部署系统,所述区块链网络部署系统被所述处理器执行时实现如下步骤:An electronic device, characterized in that the electronic device includes a memory and a processor, the memory stores a blockchain network deployment system that can run on the processor, and the blockchain network deployment system is When the processor executes, the following steps are implemented:
    通过JAVA服务提供Restful API接口,接收客户端发起的创建区块链网络的HTTP请求;Provides a Restful API interface through JAVA services, and receives HTTP requests initiated by the client to create a blockchain network;
    根据所述HTTP请求中的JSON格式的参数,使用模板生成yaml配置文件;Use a template to generate a yaml configuration file according to the JSON format parameters in the HTTP request;
    调用Kubernetes的Restful API接口,根据所述yaml配置文件启动容器,搭建区块链网络;及Call the Restful API interface of Kubernetes, start the container according to the yaml configuration file, and build a blockchain network; and
    采用Fabric-CA生成用户证书,并保存到网络附属存储NAS网盘共享。Use Fabric-CA to generate user certificates and save them to the network attached storage NAS network disk share.
  12. 如权利要求11所述的电子装置,其特征在于,所述区块链网络部署系统被所述处理器执行时还实现步骤:11. The electronic device of claim 11, wherein the blockchain network deployment system further implements the steps when being executed by the processor:
    当需要创建新用户时,调用Fabric-CA的接口动态生成新用户证书,并保存到所述NAS网盘。When a new user needs to be created, the interface of Fabric-CA is called to dynamically generate a new user certificate and save it to the NAS network disk.
  13. 如权利要求11或12所述的电子装置,其特征在于,根据所述yaml配置文件启动容器,搭建区块链网络以及采用Fabric-CA生成用户证书,并保 存到NAS网盘共享的步骤包括:The electronic device according to claim 11 or 12, wherein the steps of starting the container according to the yaml configuration file, building a blockchain network, and using Fabric-CA to generate a user certificate, and save it to a NAS network disk sharing step include:
    启动Root-CA服务器作为CA服务器的根节点;Start the Root-CA server as the root node of the CA server;
    启动每个组织的ICA服务器;Start the ICA server of each organization;
    启动Setup节点完成初始化,通过ICA服务器生成用户证书文件;Start the Setup node to complete the initialization, and generate the user certificate file through the ICA server;
    将生成的用户证书文件保存到NAS网盘共享;Save the generated user certificate file to the NAS network disk share;
    启动Orderer节点和Peer节点。Start the Orderer node and Peer node.
  14. 如权利要求13所述的电子装置,其特征在于,所述通过ICA服务器生成用户证书文件的步骤包括:The electronic device of claim 13, wherein the step of generating a user certificate file through the ICA server comprises:
    使用Fabric-ca-client的注册身份命令,在ICA服务器上注册用户,设置用户名和密码;Use the register identity command of Fabric-ca-client to register a user on the ICA server and set the user name and password;
    生成一对公钥和私钥,将私钥文件保存到本地磁盘;Generate a pair of public key and private key, and save the private key file to the local disk;
    使用Fabric-ca-client的登记身份命令,将注册的用户名、密码以及公钥文件发送到ICA服务器,ICA服务器返回签发的数字证书。Use Fabric-ca-client's registration identity command to send the registered user name, password, and public key file to the ICA server, and the ICA server returns the issued digital certificate.
  15. 如权利要求11或12所述的电子装置,所述HTTP请求中包含JSON格式的参数,所述JSON格式的参数用于定制化区块链网络结构,根据用户录入的区块链网络信息进行配置,包括所述区块链网络名称、所述区块链网络包含的组织名称及个数、每个组织包含的节点名称及个数。The electronic device according to claim 11 or 12, wherein the HTTP request contains parameters in JSON format, and the parameters in JSON format are used to customize the blockchain network structure and configure according to the blockchain network information entered by the user , Including the name of the blockchain network, the name and number of organizations included in the blockchain network, and the name and number of nodes included in each organization.
  16. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质存储有区块链网络部署系统,所述区块链网络部署系统可被至少一个处理器执行,以使所述至少一个处理器执行区块链网络部署方法的步骤:A computer-readable storage medium, wherein the computer-readable storage medium stores a blockchain network deployment system, and the blockchain network deployment system can be executed by at least one processor, so that the at least one The processor executes the steps of the blockchain network deployment method:
    其中,所述区块链网络部署方法包括:Wherein, the blockchain network deployment method includes:
    通过JAVA服务提供Restful API接口,接收客户端发起的创建区块链网络的HTTP请求;Provides a Restful API interface through JAVA services, and receives HTTP requests initiated by the client to create a blockchain network;
    根据所述HTTP请求中的参数,使用模板生成yaml配置文件;Use a template to generate a yaml configuration file according to the parameters in the HTTP request;
    调用Kubernetes的Restful API接口,根据所述yaml配置文件启动容器,搭建区块链网络;及Call the Restful API interface of Kubernetes, start the container according to the yaml configuration file, and build a blockchain network; and
    采用Fabric-CA生成用户证书,并保存到网络附属存储NAS网盘共享。Use Fabric-CA to generate user certificates and save them to the network-attached storage NAS network disk share.
  17. 如权利要求16所述的计算机可读存储介质,该方法还包括步骤:The computer-readable storage medium of claim 16, the method further comprising the steps:
    当需要创建新用户时,调用Fabric-CA的接口动态生成新用户证书,并保存到所述NAS网盘。When a new user needs to be created, the interface of Fabric-CA is called to dynamically generate a new user certificate and save it to the NAS network disk.
  18. 如权利要求16或17所述的计算机可读存储介质,所述根据所述yaml配置文件启动容器,搭建区块链网络以及采用Fabric-CA生成用户证书,并保存到NAS网盘共享的步骤包括:The computer-readable storage medium according to claim 16 or 17, wherein the steps of starting a container according to the yaml configuration file, building a blockchain network, and using Fabric-CA to generate a user certificate, and save it to a NAS network disk sharing :
    启动Root-CA服务器作为CA服务器的根节点;Start the Root-CA server as the root node of the CA server;
    启动每个组织的ICA服务器;Start the ICA server of each organization;
    启动Setup节点完成初始化,通过ICA服务器生成用户证书文件;Start the Setup node to complete the initialization, and generate the user certificate file through the ICA server;
    将生成的用户证书文件保存到NAS网盘共享;Save the generated user certificate file to the NAS network disk share;
    启动Orderer节点和Peer节点。Start the Orderer node and Peer node.
  19. 如权利要求18所述的计算机可读存储介质,所述通过ICA服务器生 成用户证书文件的步骤包括:The computer-readable storage medium according to claim 18, wherein the step of generating a user certificate file through the ICA server comprises:
    使用Fabric-ca-client的注册身份命令,在ICA服务器上注册用户,设置用户名和密码;Use the register identity command of Fabric-ca-client to register a user on the ICA server and set the user name and password;
    生成一对公钥和私钥,将私钥文件保存到本地磁盘;Generate a pair of public key and private key, and save the private key file to the local disk;
    使用Fabric-ca-client的登记身份命令,将注册的用户名、密码以及公钥文件发送到ICA服务器,ICA服务器返回签发的数字证书。Use Fabric-ca-client's registration identity command to send the registered user name, password, and public key file to the ICA server, and the ICA server returns the issued digital certificate.
  20. 如权利要求16或17所述的计算机可读存储介质,所述HTTP请求中包含JSON格式的参数,所述JSON格式的参数用于定制化区块链网络结构,根据用户录入的区块链网络信息进行配置,包括所述区块链网络名称、所述区块链网络包含的组织名称及个数、每个组织包含的节点名称及个数。The computer-readable storage medium according to claim 16 or 17, wherein the HTTP request contains parameters in JSON format, and the parameters in JSON format are used to customize the blockchain network structure according to the blockchain network entered by the user Information configuration includes the name of the blockchain network, the name and number of organizations included in the blockchain network, and the name and number of nodes included in each organization.
PCT/CN2020/086275 2019-11-21 2020-04-23 Blockchain network deployment method, electronic device, and computer-readable storage medium WO2021098140A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911151724.5 2019-11-21
CN201911151724.5A CN111130841B (en) 2019-11-21 2019-11-21 Block chain network deployment method, electronic device and computer-readable storage medium

Publications (1)

Publication Number Publication Date
WO2021098140A1 true WO2021098140A1 (en) 2021-05-27

Family

ID=70496144

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/086275 WO2021098140A1 (en) 2019-11-21 2020-04-23 Blockchain network deployment method, electronic device, and computer-readable storage medium

Country Status (2)

Country Link
CN (1) CN111130841B (en)
WO (1) WO2021098140A1 (en)

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312429A (en) * 2021-06-22 2021-08-27 工银科技有限公司 Intelligent contract management system, method, medium, and article in a blockchain
CN113572643A (en) * 2021-07-24 2021-10-29 上海边界智能科技有限公司 Block chain multi-chain and cross-chain network deployment method based on containerization technology
CN113590265A (en) * 2021-08-02 2021-11-02 杭州云象网络技术有限公司 Method, medium, device and system for migrating alliance chain cluster environment
CN114172804A (en) * 2021-12-01 2022-03-11 杭州云象网络技术有限公司 Alliance chain separation deployment method, system, medium and electronic device
CN114666060A (en) * 2022-03-14 2022-06-24 北京工业大学 Electronic data preservation method and system based on HyperLegger Fabric
CN115203330A (en) * 2022-07-21 2022-10-18 深圳前海环融联易信息科技服务有限公司 Intelligent contract deployment method and device, equipment, medium and product thereof
CN115348168A (en) * 2022-07-21 2022-11-15 金蝶软件(中国)有限公司 Block chain network deployment method and device
WO2023273994A1 (en) * 2021-07-01 2023-01-05 支付宝(杭州)信息技术有限公司 Method, system, and apparatus for executing smart contract, and storage medium
CN115811442A (en) * 2023-02-09 2023-03-17 上海特高信息技术有限公司 Building block form-based alliance chain BaaS platform building method

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111813413B (en) * 2020-06-28 2022-12-16 四川长虹电器股份有限公司 Method for automatically generating YAML file
CN111984271B (en) * 2020-08-27 2023-11-03 京东科技信息技术有限公司 Block chain application program processing method and device and block chain application system
CN112765586A (en) * 2021-01-12 2021-05-07 湖北宸威玺链信息技术有限公司 Block chain-based deployment file distribution method, equipment and storage medium
CN114465887B (en) * 2021-12-23 2024-01-23 杭州溪塔科技有限公司 Block chain configuration management method and device based on git
CN114599036B (en) * 2022-05-09 2022-08-05 北京乐开科技有限责任公司 Multi-user-participated NAS file security operation method and system
CN116055308B (en) * 2023-02-10 2024-01-05 青岛闪收付信息技术有限公司 Bottom layer blockchain network deployment method and device of supply chain financial platform

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108921551A (en) * 2018-06-11 2018-11-30 西安纸贵互联网科技有限公司 Alliance's block catenary system based on Kubernetes platform
CN109194506A (en) * 2018-08-16 2019-01-11 北京京东尚科信息技术有限公司 Block chain network dispositions method, platform and computer storage medium
CN109800056A (en) * 2019-01-16 2019-05-24 杭州趣链科技有限公司 A kind of block chain dispositions method based on container
CN109976774A (en) * 2019-04-11 2019-07-05 北京启迪区块链科技发展有限公司 Block chain node deployment method, device, equipment and storage medium
CN110098954A (en) * 2019-03-29 2019-08-06 北京百度网讯科技有限公司 Creation method, controller and the storage medium of Hyperledger Fabric network
CN110308903A (en) * 2019-07-04 2019-10-08 明链科技(深圳)有限公司 Create method, electronic equipment and the medium of block chain network
US20190319792A1 (en) * 2018-04-16 2019-10-17 Xage Security, Inc. Decentralized information protection for confidentiality and tamper-proofing on distributed database

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10469248B2 (en) * 2017-10-17 2019-11-05 Amrican Express Travel Related Services Company, Inc. API request and response balancing and control on blockchain
CN108737106B (en) * 2018-05-09 2021-06-01 深圳壹账通智能科技有限公司 User authentication method and device on block chain system, terminal equipment and storage medium
CN109710384B (en) * 2018-12-29 2021-02-23 杭州趣链科技有限公司 Safe Java intelligent contract interpretation execution engine and method
CN110135992A (en) * 2019-05-14 2019-08-16 北京智签科技有限公司 The acquisition methods and acquisition device of block chain network Fabric-CA digital certificate
CN110351263A (en) * 2019-07-01 2019-10-18 昆明理工大学 A kind of Internet of Things authentication method based on super account book fabric

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190319792A1 (en) * 2018-04-16 2019-10-17 Xage Security, Inc. Decentralized information protection for confidentiality and tamper-proofing on distributed database
CN108921551A (en) * 2018-06-11 2018-11-30 西安纸贵互联网科技有限公司 Alliance's block catenary system based on Kubernetes platform
CN109194506A (en) * 2018-08-16 2019-01-11 北京京东尚科信息技术有限公司 Block chain network dispositions method, platform and computer storage medium
CN109800056A (en) * 2019-01-16 2019-05-24 杭州趣链科技有限公司 A kind of block chain dispositions method based on container
CN110098954A (en) * 2019-03-29 2019-08-06 北京百度网讯科技有限公司 Creation method, controller and the storage medium of Hyperledger Fabric network
CN109976774A (en) * 2019-04-11 2019-07-05 北京启迪区块链科技发展有限公司 Block chain node deployment method, device, equipment and storage medium
CN110308903A (en) * 2019-07-04 2019-10-08 明链科技(深圳)有限公司 Create method, electronic equipment and the medium of block chain network

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113312429A (en) * 2021-06-22 2021-08-27 工银科技有限公司 Intelligent contract management system, method, medium, and article in a blockchain
CN113312429B (en) * 2021-06-22 2023-01-17 工银科技有限公司 Intelligent contract management system, method, medium, and article in a blockchain
WO2023273994A1 (en) * 2021-07-01 2023-01-05 支付宝(杭州)信息技术有限公司 Method, system, and apparatus for executing smart contract, and storage medium
CN113572643A (en) * 2021-07-24 2021-10-29 上海边界智能科技有限公司 Block chain multi-chain and cross-chain network deployment method based on containerization technology
CN113572643B (en) * 2021-07-24 2024-04-26 上海边界智能科技有限公司 Block chain multi-chain and cross-chain network deployment method based on containerization technology
CN113590265A (en) * 2021-08-02 2021-11-02 杭州云象网络技术有限公司 Method, medium, device and system for migrating alliance chain cluster environment
CN114172804B (en) * 2021-12-01 2024-03-01 杭州云象网络技术有限公司 Alliance chain separation deployment method, system, medium and electronic equipment
CN114172804A (en) * 2021-12-01 2022-03-11 杭州云象网络技术有限公司 Alliance chain separation deployment method, system, medium and electronic device
CN114666060A (en) * 2022-03-14 2022-06-24 北京工业大学 Electronic data preservation method and system based on HyperLegger Fabric
CN114666060B (en) * 2022-03-14 2024-03-12 北京工业大学 Hyperledger Fabric-based electronic data security method and system
CN115348168A (en) * 2022-07-21 2022-11-15 金蝶软件(中国)有限公司 Block chain network deployment method and device
CN115203330A (en) * 2022-07-21 2022-10-18 深圳前海环融联易信息科技服务有限公司 Intelligent contract deployment method and device, equipment, medium and product thereof
CN115203330B (en) * 2022-07-21 2024-01-19 深圳前海环融联易信息科技服务有限公司 Intelligent contract deployment method and device, equipment, medium and product thereof
CN115348168B (en) * 2022-07-21 2024-03-19 金蝶软件(中国)有限公司 Deployment method and device of block chain network
CN115811442A (en) * 2023-02-09 2023-03-17 上海特高信息技术有限公司 Building block form-based alliance chain BaaS platform building method
CN115811442B (en) * 2023-02-09 2023-05-05 上海特高信息技术有限公司 Building block form-based alliance chain BaaS platform building method

Also Published As

Publication number Publication date
CN111130841A (en) 2020-05-08
CN111130841B (en) 2022-07-08

Similar Documents

Publication Publication Date Title
WO2021098140A1 (en) Blockchain network deployment method, electronic device, and computer-readable storage medium
US11720338B2 (en) Cloud service automation of common image management
US10609560B2 (en) Using derived credentials for enrollment with enterprise mobile device management services
EP3669512B1 (en) Extending single-sign-on to relying parties of federated logon providers
US11343235B2 (en) Secure device notifications from remote applications
JP6782307B2 (en) Dynamic access to hosted applications
EP3137995B1 (en) Modifying an application for managed execution
US10397778B2 (en) Computer network providing secure mobile device enrollment features and related methods
WO2016011827A1 (en) Information security realizing method and system based on digital certificate
US11522847B2 (en) Local mapped accounts in virtual desktops
US11392552B2 (en) Sharing of data with applications
CN113992346A (en) Implementation method of security cloud desktop based on state password reinforcement
CA3166710A1 (en) Optically scannable representation of a hardware secured artifact
WO2018157787A1 (en) Password initialization method for preset account and related device
US11489727B2 (en) Automatically replicating configuration parameters from securely identified connected systems
US20230254301A1 (en) Auto-Configuration of Security Features in Distributed System with Minimal User Interaction
CN111240868B (en) Instance processing and calling method, device, system and storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20889834

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 29/09/2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20889834

Country of ref document: EP

Kind code of ref document: A1