Hyperledger Fabric-是否可以从Docker群迁移到Kubernetes?
问题描述:
我在生产中使用的Hyperledger Fabric网络在Docker群上运行,但是我想将其迁移到Kubernetes.我尝试过在线搜索,但找不到解释此过程的资源.这种迁移可能吗?涉及的步骤是什么,这个过程将有多简单?
My Hyperledger Fabric network in production runs on Docker swarm, but I want to migrate it to Kubernetes. I have tried searching online but found no resource explaining this process. Is this migration possible? What are the steps involved, and how straightforward would this process be?
我在三个节点上部署了三个订购者.这是一个示例订购者yaml文件(我有三个):
I have three orderers deployed on three nodes. This is a sample orderer yaml file (I have three):
version: '3.4'
volumes:
orderer1.mycompany.com:
networks:
dept:
external:
name: ar2bc
services:
dev_orderer1:
image: hyperledger/fabric-orderer:latest
environment:
- ORDERER_GENERAL_LOGLEVEL=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/mycompany.com/orderers/orderer1.mycompany.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/mycompany.com/orderers/orderer1.mycompany.com/tls/:/var/hyperledger/orderer/tls
- orderer1.mycompany.com:/var/hyperledger/production/orderer
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.hostname == node1
ports:
- published: 7050
target: 7050
mode: host
networks:
dept:
aliases:
- orderer1.mycompany.com
我在相同的三个节点上也部署了三个对等节点.这是一个示例对等yaml文件(我有三个):
I also have three peers deployed on the same three nodes. This is a sample peer yaml file (I have three):
version: '3.4'
volumes:
peer1.dept.mycompany.com:
couchdb1.dept.mycompany.com:
networks:
dept:
external:
name: ar2bc
services:
dev_couchdb1:
image: hyperledger/fabric-couchdb
environment:
- COUCHDB_USER= couchdb
- COUCHDB_PASSWORD=i5pr1nt_c0uchDB
volumes:
- couchdb1.dept.mycompany.com:/opt/couchdb/data
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.hostname == node1
ports:
- published: 5984
target: 5984
mode: host
networks:
dept:
aliases:
- couchdb1.dept.mycompany.com
dev_peer1:
image: hyperledger/fabric-peer:latest
environment:
# couchdb params
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb1.dept.mycompany.com:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=couchdb
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=i5pr1nt_c0uchDB
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_PEER_ID=peer1.dept.mycompany.com
- CORE_PEER_ADDRESS=peer1.dept.mycompany.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer2.dept.mycompany.com:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.dept.mycompany.com:7051
- CORE_PEER_LOCALMSPID=deptMSP
- CORE_VM_DOCKER_ATTACHSTDOUT=true
- CORE_CHAINCODE_STARTUPTIMEOUT=1200s
- CORE_CHAINCODE_EXECUTETIMEOUT=800s
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/tls:/etc/hyperledger/fabric/tls
- peer1.dept.mycompany.com:/var/hyperledger/production
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.hostname == node1
ports:
- published: 7051
target: 7051
mode: host
- published: 7053
target: 7053
mode: host
depends_on:
- dev_couchdb1
networks:
dept:
aliases:
- peer1.dept.mycompany.com
dev_cli1:
image: hyperledger/fabric-tools:latest
tty: true
stdin_open: true
deploy:
mode: replicated
replicas: 1
restart_policy:
condition: on-failure
placement:
constraints:
- node.hostname == node1
environment:
- SYS_CHANNEL=ar2dev-syschannel
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer1.dept.mycompany.com:7051
- CORE_PEER_LOCALMSPID=deptMSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/dept.mycompany.com/users/Admin@dept.mycompany.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- dev_peer1
networks:
- dept
答
该过程确实非常简单,但无法避免kubernetes固有的更大复杂性(与集群相比),从而导致更大的复杂性.复杂的配置.
The process can be really straightforward but it is not possible to avoid the inherent greater complexity of kubernetes (compared to swarm) which results, in turn, to a more complex configuration.
我的建议是开始使用 kompose 工具,两者都会为您提供yaml与您原始的docker-compose.yml对应的文件,但也会警告您可能出现的问题.
My advise is to start using kompose tool, which both gives you the yaml files corresponding to you original docker-compose.yml but also warn you regarding possible issues that may arise.
按照kompose安装步骤进行操作后,将 orderer.yaml 命名为第一个文件,将 peer.yaml 命名为第二个文件,只需执行
After following kompose installation steps, naming orderer.yaml your first file and peer.yaml your second file it's only a matter of executing
$ kompose convert -f pathToFile/orderer.yaml --volumes
hostPath
INFO Service name in docker-compose has been changed from "dev_orderer1" to "dev-orderer1"
INFO Network ar2bc is detected at Source, shall be converted to equivalent NetworkPolicy at Destination
INFO Kubernetes file "dev-orderer1-service.yaml" created
INFO Kubernetes file "dev-orderer1-pod.yaml" created
INFO Kubernetes file "ar2bc-networkpolicy.yaml" created
和
$ kompose convert -f pathToFile/peer.yaml --volumes hostPath
INFO Service name in docker-compose has been changed from "dev_couchdb1" to "dev-couchdb1"
INFO Service name in docker-compose has been changed from "dev_peer1" to "dev-peer1"
INFO Service name in docker-compose has been changed from "dev_cli1" to "dev-cli1"
INFO Network ar2bc is detected at Source, shall be converted to equivalent NetworkPolicy at Destination
INFO Network ar2bc is detected at Source, shall be converted to equivalent NetworkPolicy at Destination
INFO Network ar2bc is detected at Source, shall be converted to equivalent NetworkPolicy at Destination
INFO Kubernetes file "dev-couchdb1-service.yaml" created
INFO Kubernetes file "dev-peer1-service.yaml" created
INFO Kubernetes file "dev-cli1-pod.yaml" created
INFO Kubernetes file "ar2bc-networkpolicy.yaml" created
INFO Kubernetes file "dev-couchdb1-pod.yaml" created
INFO Kubernetes file "dev-peer1-pod.yaml" created
您将获得准备部署到kubernetes的新yaml文件
and you get new yaml files ready to deploy to kubernetes
$ ls
ar2bc-networkpolicy.yaml dev-couchdb1-pod.yaml dev-orderer1-pod.yaml dev-peer1-pod.yaml
dev-cli1-pod.yaml dev-couchdb1-service.yaml dev-orderer1-service.yaml dev-peer1-service.yaml
仅显示更多结果,这是生成的peer1 pod的Yaml文件
Just to show a little more the result, this is the generated peer1 pod's yaml file
apiVersion: v1
kind: Pod
metadata:
annotations:
kompose.cmd: kompose convert -f peer.yaml --volumes hostPath
kompose.version: 1.22.0 (955b78124)
creationTimestamp: null
labels:
io.kompose.network/ar2bc: "true"
io.kompose.service: dev-peer1
name: dev-peer1
spec:
containers:
- args:
- peer
- node
- start
env:
- name: CORE_CHAINCODE_EXECUTETIMEOUT
value: 800s
- name: CORE_CHAINCODE_STARTUPTIMEOUT
value: 1200s
- name: CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS
value: couchdb1.dept.mycompany.com:5984
- name: CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
value: i5pr1nt_c0uchDB
- name: CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME
value: couchdb
- name: CORE_LEDGER_STATE_STATEDATABASE
value: CouchDB
- name: CORE_PEER_ADDRESS
value: peer1.dept.mycompany.com:7051
- name: CORE_PEER_CHAINCODELISTENADDRESS
value: 0.0.0.0:7052
- name: CORE_PEER_GOSSIP_BOOTSTRAP
value: peer2.dept.mycompany.com:8051
- name: CORE_PEER_GOSSIP_EXTERNALENDPOINT
value: peer1.dept.mycompany.com:7051
- name: CORE_PEER_GOSSIP_ORGLEADER
value: "false"
- name: CORE_PEER_GOSSIP_USELEADERELECTION
value: "true"
- name: CORE_PEER_ID
value: peer1.dept.mycompany.com
- name: CORE_PEER_LOCALMSPID
value: deptMSP
- name: CORE_PEER_PROFILE_ENABLED
value: "true"
- name: CORE_PEER_TLS_CERT_FILE
value: /etc/hyperledger/fabric/tls/server.crt
- name: CORE_PEER_TLS_ENABLED
value: "true"
- name: CORE_PEER_TLS_KEY_FILE
value: /etc/hyperledger/fabric/tls/server.key
- name: CORE_PEER_TLS_ROOTCERT_FILE
value: /etc/hyperledger/fabric/tls/ca.crt
- name: CORE_VM_DOCKER_ATTACHSTDOUT
value: "true"
- name: CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE
value: fabric
- name: CORE_VM_ENDPOINT
value: unix:///host/var/run/docker.sock
- name: FABRIC_LOGGING_SPEC
value: INFO
image: hyperledger/fabric-peer:latest
name: dev-peer1
ports:
- containerPort: 7051
- containerPort: 7053
resources: {}
volumeMounts:
- mountPath: /host/var/run/
name: dev-peer1-hostpath0
- mountPath: /etc/hyperledger/fabric/msp
name: dev-peer1-hostpath1
- mountPath: /etc/hyperledger/fabric/tls
name: dev-peer1-hostpath2
- mountPath: /var/hyperledger/production
name: peer1.dept.mycompany.com
workingDir: /opt/gopath/src/github.com/hyperledger/fabric/peer
nodeSelector:
kubernetes.io/hostname: node1
restartPolicy: OnFailure
volumes:
- hostPath:
path: /var/run/
name: dev-peer1-hostpath0
- hostPath:
path: /mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose/crypto-config/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/msp
name: dev-peer1-hostpath1
- hostPath:
path: /mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose/crypto-config/peerOrganizations/dept.mycompany.com/peers/peer1.dept.mycompany.com/tls
name: dev-peer1-hostpath2
- hostPath:
path: /mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose
name: peer1.dept.mycompany.com
status: {}
这是生成的peer1服务的Yaml文件
and this is the generated peer1 service's yaml file
apiVersion: v1
kind: Service
metadata:
annotations:
kompose.cmd: kompose convert -f peer.yaml --volumes hostPath
kompose.version: 1.22.0 (955b78124)
creationTimestamp: null
labels:
io.kompose.service: dev-peer1
name: dev-peer1
spec:
ports:
- name: "7051"
port: 7051
targetPort: 7051
- name: "7053"
port: 7053
targetPort: 7053
selector:
io.kompose.service: dev-peer1
status:
loadBalancer: {}
要了解kompose能够为您提供哪种提示,请尝试在不使用-volumes hostPath 选项的情况下运行转换命令,并且会收到相应的警告
To understand which kind of hints kompose is able to give you, please try to run the conversion command without the --volumes hostPath option and you will be given appropriate warnings
$ kompose convert -f pathToFile/orderer.yaml
INFO Service name in docker-compose has been changed from "dev_orderer1" to "dev-orderer1"
WARN Volume mount on the host "/mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose/channel-artifacts/genesis.block" isn't supported - ignoring path on the host
WARN Volume mount on the host "/mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose/crypto-config/ordererOrganizations/mycompany.com/orderers/orderer1.mycompany.com/msp" isn't supported - ignoring path on the host
WARN Volume mount on the host "/mnt/c/devenv/src/stackoverflow/66982235-hyperledger-kompose/crypto-config/ordererOrganizations/mycompany.com/orderers/orderer1.mycompany.com/tls" isn't supported - ignoring path on the host
INFO Network ar2bc is detected at Source, shall be converted to equivalent NetworkPolicy at Destination
INFO Kubernetes file "dev-orderer1-service.yaml" created
INFO Kubernetes file "dev-orderer1-pod.yaml" created
INFO Kubernetes file "dev-orderer1-claim0-persistentvolumeclaim.yaml" created
INFO Kubernetes file "dev-orderer1-claim1-persistentvolumeclaim.yaml" created
INFO Kubernetes file "dev-orderer1-claim2-persistentvolumeclaim.yaml" created
INFO Kubernetes file "orderer1.mycompany.com-persistentvolumeclaim.yaml" created
INFO Kubernetes file "ar2bc-networkpolicy.yaml" created
转换实际文件后,您可以使用实例化kubernetes对象
After the conversion of your actual files you can instantiate kubernetes object with
$ kubectl apply -f *.yaml
或您需要的任何更合适的命令(严格来说,这与您的问题无关)
or whatever more appropriate command you need (which is not strictly the matter of your question)