当前位置: 首页 > 工具软件 > Burrow > 使用案例 >

k8s/openshift部署Hyperledger burrow

唐茂实
2023-12-01

环境

  • os:centos 7.6
  • openshift:3.11
  • helm:v2.13.0(以上版本,需支持mergeOverwrite)
  • jq:1.5

1. 安装burrow

wget https://github.com/hyperledger/burrow/releases/download/v0.30.3/burrow_0.30.3_Linux_x86_64.tar.gz
mkdir burrow_bin&& tar -zxvf burrow_0.30.3_Linux_x86_64.tar.gz -C burrow_bin
cp burrow_bin/burrow /usr/bin/
rm -rf burrow_bin/ && rm -f burrow_0.30.3_Linux_x86_64.tar.gz
burrow -v

2. 下载chart

我这里使用了一个修改过的版本,默认值做了修改,并添加了web3端口支持。详见 https://github.com/itling/burrow_helm_chart

$ git clone https://github.com/helm/charts.git
$ cd stable/burrow/

3. 生成配置文件(私钥和地址)

这里生成5个节点配置,链名命名为pld-blockchain-dev-burrow
CHAIN_NAME应带-burrow后缀,前面的名称和部署chart名称相同

$ CHAIN_NODES=5 CHAIN_NAME="pld-blockchain-dev-burrow" ./initialize.sh
Initializing 5 Validator Nodes
------------------------------

Writing kubernetes template files for validators secrets, and configmaps.
Building the genesis spec with burrow (0.30.3+commit.ffccfb69eb9465b3a5b5a747139e081b9f095fdd+2020-04-05T21:34:13Z).
Creating keys and necessary deploy files...
Saved keys and genesis as /root/helm/charts/stable/burrow/setup.yaml
Saved example 'values.yaml' as /root/helm/charts/stable/burrow/addresses.yaml
Done

4. 部署

4.1 创建项目、生成配置文件

$ oc new-project burrow-dev
$ oc apply -f 
$ oc apply -f setup.yaml -n burrow-dev
secret/pld-blockchain-dev-burrow-keys-000 created
secret/pld-blockchain-dev-burrow-keys-001 created
secret/pld-blockchain-dev-burrow-keys-002 created
secret/pld-blockchain-dev-burrow-keys-003 created
secret/pld-blockchain-dev-burrow-keys-004 created
configmap/pld-blockchain-dev-burrow-genesis created

4.2 修改配置文件

修改value.yaml配置文件
burrow --version版本应该和image.tag保持一致

image:
  repository: hyperledger/burrow
  tag: 0.30.3
  pullPolicy: IfNotPresent

chain:
  logLevel: info
  extraSeeds: []
  testing: false
  restore:
    enabled: false
    dumpURL: ""

config:
  BurrowDir: ".burrow"
  Tendermint:
    Seeds: ""
    SeedMode: false
    ListenHost: "0.0.0.0"
    ListenPort: "26656"
    ExternalAddress: ""
    Moniker: ""
  Keys:
    GRPCServiceEnabled: true
    AllowBadFilePermissions: true
    RemoteAddress: ""
    KeysDirectory: "/keys"
  RPC:
    Info:
      Enabled: true
      ListenHost: "0.0.0.0"
      ListenPort: "26658"
    Profiler:
      Enabled: false
      ListenHost: "0.0.0.0"
      ListenPort: "6060"
    GRPC:
      Enabled: true
      ListenHost: "0.0.0.0"
      ListenPort: "10997"
    Metrics:
      Enabled: true
      ListenHost: "0.0.0.0"
      ListenPort: "9102"
      MetricsPath: "/metrics"
      BlockSampleSize: 100
    Web3:
      Enabled: true
      ListenHost: "0.0.0.0"
      ListenPort: "26660"
  Logging:
    ExcludeTrace: true
    NonBlocking: true
    RootSink:
      Output:
        OutputType: "stderr"
        Format: "json"

validators:
- name: Validator_0
  address: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
  nodeAddress: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

contracts:
  # wait required to ensure chain readiness
  enabled: false
  image: ""
  tag: ""
  deploy: ""

extraArgs: {}
environment:
  inline: {}
  secrets: []

organization: "user"

persistence:
  enabled: true
  size: 10Gi
  storageClass: 
  accessMode: ReadWriteOnce
  persistentVolumeReclaimPolicy: "Delete"

peer:
  service:
    type: ClusterIP
  ingress:
    enabled: false
    hosts: []

grpc:
  service:
    type: ClusterIP
    loadBalance: true
  ingress:
    enabled: false
    hosts: []
    annotations: {}
    tls: {}
web3:
  service:
    type: ClusterIP
    loadBalance: true
  ingress:
    enabled: false
    hosts: []
    annotations: {}
    tls: {}
    
info:
  service:
    type: ClusterIP
    loadBalance: true
  ingress:
    enabled: false
    # exposing partial ingress only exposes
    # the /accounts and /blocks paths outside the cluster
    partial: false
    pathLeader: "/"
    annotations: {}
    hosts: []
    tls: {}

resources:
  limits:
    cpu: 500m
    memory: 1Gi
  requests:
    cpu: 100m
    memory: 256Mi

livenessProbe:
  enabled: true
  path: /status?block_seen_time_within=10m
  initialDelaySeconds: 240
  timeoutSeconds: 1
  periodSeconds: 30

readinessProbe:
  enabled: true
  path: /status
  initialDelaySeconds: 5
  initialDelaySeconds: 5

podAnnotations: {}
podLabels: {}

# Affinity for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity:
  nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
      nodeSelectorTerms:
        - matchExpressions:
            - key: blockchain
              operator: In
              values:
                - dev

# Tolerations for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: 
  - effect: NoExecute
    key: blockchain
    operator: Equal
    value: dev

# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}

这里加了节点容忍和亲和,这个集群有几台机器专门用来跑burrow

$ kubectl get node --show-labels |grep blockchain
compute18.domain.local   Ready     compute   40d       v1.11.0+d4cacc0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,blockchain=dev,cpumanager=false,kubernetes.io/hostname=compute18.domain.local,kubevirt.io/schedulable=false,node-role.kubernetes.io/compute=true
compute19.domain.local   Ready     compute   40d       v1.11.0+d4cacc0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,blockchain=dev,cpumanager=false,kubernetes.io/hostname=compute19.domain.local,kubevirt.io/schedulable=false,node-role.kubernetes.io/compute=true
compute20.domain.local   Ready     compute   40d       v1.11.0+d4cacc0   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,blockchain=dev,cpumanager=false,kubernetes.io/hostname=compute20.domain.local,kubevirt.io/schedulable=false,node-role.kubernetes.io/compute=true

4.3 合并配置文件

将生成的地址配置文件合并进values.yaml

cat addresses.yaml >> values.yaml

4.4 开始安装chart

helm client安装请参考:https://blog.csdn.net/kk3909/article/details/105441313

–name应该和CHAIN_NAME的前缀保持一致

helm install .   \
--set chain.nodes=5 \
--namespace burrow-dev \
--name pld-blockchain-dev \
--values values.yaml 

4.4 检查网络是否正常

创建路由(选择pld-blockchain-dev-burrow-info服务),浏览器打开http://your-ingress-domain/consensus,查看peers信息。

4.5 删除重来

oc delete secret pld-blockchain-dev-burrow-keys
oc delete -f setup.yaml -n burrow-dev
helm delete pld-blockchain-dev
helm del --purge pld-blockchain-dev
 类似资料: