I've been experimenting with Hyperledger Composer and with the official multi org tutorial. I was successful in modifying the given demo, adding a third organisation and finally installing my own bna.
The next step was to fully understand how to deploy the Fabric network and Composer on multiple physical machines. And I went through all the available info about deploying such a process but without much luck.
Let suppose:
PC1: 1 Orderer, 1 Organisation, One cli container;
PC2: 1 Organisation;
PC3: 1 Organization;
I'm able to put the 3 machines in a swarm.
I know that I need to generate the certificates for all the machines and that they should be identical.
But from there I don't fully understand how to continue, or how to add references to the swarm network inside the compose files...
#docker-compose-cas-template-0 - This is for PC 1
version: '2'
networks:
example:
services:
ca0:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-manager
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.manager.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/CA1_PRIVATE_KEY
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.manager.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/CA1_PRIVATE_KEY -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/manager.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerManager
networks:
- example
# docker-compose-base-1.yaml - This is for PC1
version: '2'
services:
orderer.proa.com:
container_name: orderer.proa.com
image: hyperledger/fabric-orderer:$IMAGE_TAG
environment:
- ORDERER_GENERAL_LOGLEVEL=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/proa.com/orderers/orderer.proa.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/proa.com/orderers/orderer.proa.com/tls/:/var/hyperledger/orderer/tls
- orderer.proa.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
peer0.manager.proa.com:
container_name: peer0.manager.proa.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.manager.proa.com
- CORE_PEER_ADDRESS=peer0.manager.proa.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.manager.proa.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.manager.proa.com:7051
- CORE_PEER_LOCALMSPID=ManagerMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/manager.proa.com/peers/peer0.manager.proa.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/manager.proa.com/peers/peer0.manager.proa.com/tls:/etc/hyperledger/fabric/tls
- peer0.manager.proa.com:/var/hyperledger/production
ports:
- 7051:7051
- 7053:7053
peer1.manager.proa.com:
container_name: peer1.manager.proa.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.manager.proa.com
- CORE_PEER_ADDRESS=peer1.manager.proa.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.manager.proa.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.manager.proa.com:7051
- CORE_PEER_LOCALMSPID=ManagerMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/manager.proa.com/peers/peer1.manager.proa.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/manager.proa.com/peers/peer1.manager.proa.com/tls:/etc/hyperledger/fabric/tls
- peer1.manager.proa.com:/var/hyperledger/production
ports:
- 8051:7051
- 8053:7053
UPDATED with docker-compose-cli.yaml - for ORG2 and PC2
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
volumes:
peer0.sponsor.example.com:
peer1.sponsor.example.com:
networks:
example:
external:
name: example
services:
peer0.sponsor.example.com:
container_name: peer0.sponsor.example.com
extends:
file: base/docker-compose-base-2.yaml
service: peer0.sponsor.example.com
networks:
- example
peer1.sponsor.example.com:
container_name: peer1.sponsor.example.com
extends:
file: base/docker-compose-base-2.yaml
service: peer1.sponsor.example.com
networks:
- example
cli2:
container_name: cli2
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- CORE_LOGGING_LEVEL=DEBUG
- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.sponsor.example.com:7051
- CORE_PEER_LOCALMSPID=SponsorMSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/sponsor.example.com/peers/peer0.sponsor.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/sponsor.example.com/peers/peer0.sponsor.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/sponsor.example.com/peers/peer0.sponsor.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/sponsor.example.com/users/Admin#sponsor.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.sponsor.example.com
- peer1.sponsor.example.com
networks:
- example
You're on right track. I'll list down the steps below:
We create a docker swarm and connect these hosts. Since you've already created a swarm, I assume your hosts are connected.
We create an overlay network from one of the hosts. In our case, it is "example" network.
docker network create --attachable --driver overlay example
Now, this overlay network will be available in all the hosts. You can run the following command in each of the hosts:
docker network ls
Here, you'll be able to see the network with the name "example" that is an overlay network.
Also, you can inspect the network to see which all hosts (peers) are connected to this network using:
docker network inspect example
Spin up the containers. However, in this step, we need to make these containers join the existing overlay network i.e "example". So your compose files will be like:
version: '2'
networks:
example:
external:
name: example
services:
ca0:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-manager
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.manager.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/CA1_PRIVATE_KEY
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.manager.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/CA1_PRIVATE_KEY -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/manager.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerManager
networks:
- example
This configuration will remain similar for all your docker containers, be it, peer, orderer, ca or cli. Also, this configuration will make sure that your container will join the existing network instead of creating a new one.
Note: Running the docker in swarm mode requires few ports to be opened up. You can find those references in this article.
Related
i need help i am using HLF 2.0 and developing fabric network which contain 2-ORG(1 peer each) ,raft(1 orderer) ,ca for both ORG (but till now there is only 1 ca-ORG1),2 couchdb container ,and last cli container container.
The network is up successfully ,but when i run the cmd to create channel(having name "onechannel") it show error. you can see here.Even All the crypto materials and certificates exists .And the code/script which i am running for creating channel is mentioned below
some Environmental variables & cmd for creating channel
enter code echo "########### Creating Channel One as Org1 Peer ##################"
export FABRIC_CFG_PATH=${PWD}
export CHANNEL_NAME=onecannel
export CORE_PEER_TLS_ENABLED=true
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/cryptoconfig/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export PEER0_OGR1_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto-/config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export PEER0_OGR2_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/cryptoconfig/peerOrganizations /org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
docker exec -e "CORE_PEER_LOCALMSPID=Org1MSP" -e "CORE_PEER_ADDRESS=peer0.org1.example.com:7051" -e "CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp" -e "CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_OGR1_CA" cli peer channel create -o localhost:7050 -c $CHANNEL_NAME --ordererTLSHostnameOverride orderer.example.com -f ./channel-artifacts/$CHANNEL_NAME.tx --outputBlock ./channel-artifacts/$CHANNEL_ONE_NAME.block --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA
NoW The docker compose is here which i am using : the docker compose file is runing up successfully . i thing the error may be in PATH OR RELATIVE_PATH
version: "2"
networks:
test:
services:
ca_org1:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=org1.example.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/ca-server-config/priv_sk
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-tls/tlsca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-tls/priv_sk
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ./crypto-config/peerOrganizations/org1.example.com/tlsca/:/etc/hyperledger/fabric-ca-server-tls
container_name: ca_org1
networks:
- test
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# TLS ENABLAE
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
ports:
- 7050:7050
networks:
- test
couchdb0:
container_name: couchdb0
image: hyperledger/fabric-couchdb
# Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
# for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode.
environment:
- COUCHDB_USER=
- COUCHDB_PASSWORD=
# Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service,
# for example map it to utilize Fauxton User Interface in dev environments.
ports:
- "5984:5984"
networks:
- test
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:8051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 7051:7051
depends_on:
- couchdb0
networks:
- test
couchdb1:
container_name: couchdb1
image: hyperledger/fabric-couchdb
# Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
# for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode.
environment:
- COUCHDB_USER=
- COUCHDB_PASSWORD=
# Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service,
# for example map it to utilize Fauxton User Interface in dev environments.
ports:
- "6984:5984"
networks:
- test
peer0.org2.example.com:
container_name: peer0.org2.example.com
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051
#- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:10051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Allow more time for chaincode container to build on install.
- CORE_CHAINCODE_EXECUTETIMEOUT=300s
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 8051:8051
depends_on:
- couchdb1
networks:
- test
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode/:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer0.org2.example.com
networks:
- test
code here
i hope you expert can help me to get out of this problem and provide the good suggestions and solution . Thank you in advance .
The problem resides between the crypto-material folder and CLI service definition
In your docker-compose file under cli there is a volume between a folder named crypto-config and the repository /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
This crypto-config folder is supposed to have your network identities nested as follow :
/crypto-config
/peerOrganizations
other cryptomaterials
/users
/Admin#org1.example.com
/msp
/tls
The content of this folder is supposed to be generated by cryptogen tool and crypto-config.yaml file and folder will be named according to how you write it
And this content should be available to CLI environment variable like
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
You should verify that your crypto-material are generated inside the crypto-config file and their paths are consistent with what is defined under CLI volumes and the environment variables
I am trying to run a gitea server with drone. They are currently both hosted on the same ubuntu machine and the docker containers are set up through a docker-compose.yml file.
When starting up all services I get the following error in the logs of the drone runner service:
time="2020-08-12T19:10:42Z" level=error msg="cannot ping the remote server" error="Post http://drone:80/rpc/v2/ping: dial tcp: lookup drone on 127.0.0.11:53: no such host"
Both http://gitea and http://drone point to localhost (via /etc/hosts). I sadly don't understand how or why the drone runner can not find the server. Calling "docker container inspect" on all my 4 containers shows they are all connected to the same network (drone_and_gitea_giteanet). Which is also the network I set in the DRONE_RUNNER_NETWORKS environment variable.
This is how my docker-compose.yml file looks:
version: "3.8"
# Create named volumes for gitea server, gitea database and drone server
volumes:
gitea:
gitea-db:
drone:
# Create shared network for gitea and drone
networks:
giteanet:
external: false
services:
gitea:
container_name: gitea
image: gitea/gitea:1
#restart: always
environment:
- APP_NAME="Automated Student Assessment Tool"
- USER_UID=1000
- USER_GID=1000
- ROOT_URL=http://gitea:3000
- DB_TYPE=postgres
- DB_HOST=gitea-db:5432
- DB_NAME=gitea
- DB_USER=gitea
- DB_PASSWD=gitea
networks:
- giteanet
ports:
- "3000:3000"
- "222:22"
volumes:
- gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
depends_on:
- gitea-db
gitea-db:
container_name: gitea-db
image: postgres:9.6
#restart: always
environment:
- POSTGRES_USER=gitea
- POSTGRES_PASSWORD=gitea
- POSTGRES_DB=gitea
networks:
- giteanet
volumes:
- gitea-db:/var/lib/postgresql/data
drone-server:
container_name: drone-server
image: drone/drone:1
#restart: always
environment:
# General server settings
- DRONE_SERVER_HOST=drone:80
- DRONE_SERVER_PROTO=http
- DRONE_RPC_SECRET=topsecret
# Gitea Config
- DRONE_GITEA_SERVER=http://gitea:3000
- DRONE_GITEA_CLIENT_ID=<CLIENT ID>
- DRONE_GITEA_CLIENT_SECRET=<CLIENT SECRET>
# Create Admin User, name should be the same as Gitea Admin user
- DRONE_USER_CREATE=username:AdminUser,admin:true
# Drone Logs Settings
- DRONE_LOGS_PRETTY=true
- DRONE_LOGS_COLOR=true
networks:
- giteanet
ports:
- "80:80"
volumes:
- drone:/data
depends_on:
- gitea
drone-agent:
container_name: drone-agent
image: drone/drone-runner-docker:1
#restart: always
environment:
- DRONE_RPC_PROTO=http
- DRONE_RPC_HOST=drone:80
- DRONE_RPC_SECRET=topsecret
- DRONE_RUNNER_CAPACITY=1
- DRONE_RUNNER_NETWORKS=drone_and_gitea_giteanet
networks:
- giteanet
volumes:
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
- drone-server
It would help me a lot if somebody could maybe take a look at the issue and help me out! :)
I would like to build a docker landscape. I use a container with a traefik (v2. 1) image and a mysql container for multiple databases.
traefik/docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:v2.1"
container_name: "traefik"
restart: always
command:
- "--log.level=DEBUG"
- "--api=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=proxy"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.traefik-dashboard.address=:8080"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge=true"
- "--certificatesresolvers.devnik-resolver.acme.httpchallenge.entrypoint=web"
#- "--certificatesresolvers.devnik-resolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.devnik-resolver.acme.email=####"
- "--certificatesresolvers.devnik-resolver.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "./data:/etc/traefik"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
networks:
- "proxy"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.rule=Host(`devnik.dev`)"
- "traefik.http.routers.traefik.entrypoints=traefik-dashboard"
- "traefik.http.routers.traefik.tls.certresolver=devnik-resolver"
#basic auth
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.usersfile=/etc/traefik/.htpasswd"
#Docker Networks
networks:
proxy:
database/docker-compose.yml
version: "3.3"
services:
#MySQL Service
mysql:
image: mysql:5.7
container_name: mysql
restart: always
ports:
- "3306:3306"
volumes:
#persist data
- ./mysqldata/:/var/lib/mysql/
- ./init:/docker-entrypoint-initdb.d
networks:
- "mysql"
environment:
MYSQL_ROOT_PASSWORD: ####
TZ: Europe/Berlin
#Docker Networks
networks:
mysql:
driver: bridge
For the structure I want to control all projects via multiple docker-compose files. These containers should run on the same network as the traefik container and some with the mysql container.
This also works for the following case (but only sometimes)
dev-releases/docker-compose.yml
version: "3.3"
services:
backend:
image: "registry.gitlab.com/devnik/dev-releases-backend/master:latest"
container_name: "dev-releases-backend"
restart: always
volumes:
#laravel logs
- "./logs/backend:/app/storage/logs"
#cron logs
- "./logs/backend/cron.log:/var/log/cron.log"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dev-releases-backend.rule=Host(`dev-releases.backend.devnik.dev`)"
- "traefik.http.routers.dev-releases-backend.entrypoints=websecure"
- "traefik.http.routers.dev-releases-backend.tls.certresolver=devnik-resolver"
networks:
- proxy
- mysql
environment:
TZ: Europe/Berlin
#Docker Networks
networks:
proxy:
external:
name: "traefik_proxy"
mysql:
external:
name: "database_mysql"
As soon as I restart the containers in dev-releases/ via docker-compose up -d I get the typical error "Gateway timeout" when calling them in the browser.
As soon as I comment the network networks: #- mysql and restart the docker-compose in dev-releases/ it works again.
My guess is that I have not configured the external networks correctly. Is it not possible to use 2 external networks?
I'd like some container have access to the 'mysql' network but it should not be accessible for the whole traefik network.
Let me know if you need more information
EDIT (26.03.2020)
I make it running.
I put all my containers into one network "proxy". It seems mysql also have to be in the proxy network.
So I add following to database/docker-compose.yml
networks:
proxy:
external:
name: "traefik_proxy"
And removed the database_mysql network out of dev-releases/docker-compose.yml
based on the names of the files, your mysql network should be mysql_mysql.
you can verify this by executing
$> docker network ls
You are also missing a couple of labels for your services such as
traefik command line
- '--providers.docker.watch=true'
- '--providers.docker.swarmMode=true'
labels
- traefik.docker.network=proxy
- traefik.http.services.dev-releases-backend.loadbalancer.server.port=yourport
- traefik.http.routers.dev-releases-backend.service=mailcatcher
You can check this for more info
I would like to run OrientDB in a distributed mode with at least 2 nodes in a cluster. So I would like to know if setting a Distributed flag to true is enough or should there be some more configurations?
My docker-compose file looks like this:
node1:
image: orientdb:latest
ports:
- "2424:2424"
- "2480:2480"
environment:
ORIENTDB_ROOT_PASSWORD: 'pwd'
ORIENTDB_NODE_NAME: node1
volumes:
- /orientdb/config:/opt/orientdb/config
- /orientdb/databases:/orientdb/databases
- /orientdb/backup:/orientdb/backup
- ./data:/orientdb/bin/data
command: /orientdb/bin/server.sh -Ddistributed=true
I have created 2 services for each nodes with a separate set of configs:
version: '3'
services:
node1:
image: orientdb:latest
entrypoint: /orientdb/bin/server.sh -Ddistributed=true
volumes:
- /orientdb/config:/orientdb/config
- /orientdb/databases:/orientdb/databases
- /orientdb/backup:/orientdb/backup
- ./data:/orientdb/bin/data
environment:
ORIENTDB_ROOT_PASSWORD: 'pwd'
ORIENTDB_NODE_NAME: node1
ports:
- "2424:2424"
- "2480:2480"
node2:
image: orientdb:latest
entrypoint: /orientdb/bin/server.sh -Ddistributed=true
volumes:
- /orientdb/config2:/orientdb/config
- /orientdb/databases2:/orientdb/databases
- /orientdb/backup2:/orientdb/backup
- ./data:/orientdb/bin/data
environment:
ORIENTDB_ROOT_PASSWORD: 'pwd'
ORIENTDB_NODE_NAME: node2
depends_on:
- node1
I'm currently working on hyperledger blockchain that use several docker containers :
dev-peer0.org1.example.com-marbles-v5.9
peer0.org1.example.com
couchdb
orderer.example.com
cli
ca.example.com
On the default configuration they are all running on the same machine.
What I'm trying to achieve is to divide them on two different computers :
Computer 1 :
dev-peer0.org1.example.com-marbles-v5.9
peer0.org1.example.com
couchdb
Computer 2 :
orderer.example.com
cli
ca.example.com
Can I use the host file to make this work without editing any conf file ?
PC1 :
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.31.128.146 orderer.example.com
10.31.128.146 cli
10.31.128.146 ca.example.com
PC2:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.31.128.198 dev-peer0.org1.example.com-marbles-v5.9
10.31.128.198 peer0.org1.example.com
10.31.128.198 couchdb
I have already tried and I didn't work but I wonder if I should push more into that way ?
#
# Copyright IBM Corp All Rights Reserved
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
networks:
basic:
services:
ca.example.com:
image: hyperledger/fabric-ca:x86_64-1.0.0
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.example.com
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/a22daf356b2aab5792ea53e35f66fccef1d7f1aa2b3a2b92dbfbf96a448ea26a_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.example.com
networks:
- basic
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer:x86_64-1.0.0
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
ports:
- 7050:7050
volumes:
- ./config/:/etc/hyperledger/configtx
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/:/etc/hyperledger/msp/orderer
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/:/etc/hyperledger/msp/peerOrg1
networks:
- basic
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer:x86_64-1.0.0
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=peer0.org1.example.com
- CORE_LOGGING_PEER=debug
- CORE_CHAINCODE_LOGGING_LEVEL=DEBUG
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
# # the following setting starts chaincode containers on the same
# # bridge network as the peers
# # https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_basic
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
# command: peer node start --peer-chaincodedev=true
ports:
- 7051:7051
- 7053:7053
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/msp/peer
- ./crypto-config/peerOrganizations/org1.example.com/users:/etc/hyperledger/msp/users
- ./config:/etc/hyperledger/configtx
depends_on:
- orderer.example.com
networks:
- basic
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb:x86_64-1.0.0
ports:
- 5984:5984
environment:
DB_URL: http://localhost:5984/member_db
networks:
- basic
cli:
container_name: cli
image: hyperledger/fabric-tools:x86_64-1.0.0
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
- CORE_CHAINCODE_KEEPALIVE=10
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
networks:
- basic
#depends_on:
# - orderer.example.com
# - peer0.org1.example.com
# - couchdb
I would recommend enabling Swarm Mode for an overlay network. Ideally you can even run the containers inside Swarm Mode, but that's not necessary for just the overlay networking.
One one host, run the following to create a manager:
docker swarm init
Then run the output docker swarm join command on your second host.
Option A: for only overlay networking, you need to create a network as attachable to use it outside of swarm mode:
docker network create -d overlay --attachable basic
And then in your compose file, adjust the network definition to be external:
version: '2'
networks:
basic:
external:
name: basic
With that, your containers will be able to communicate directly over the overlay network.
Option B: To use Swarm Mode to run the containers, you can skip the network creation and setting the network to external. Just update your version to version: '3' inside your compose.yml file, I'd also remove the "container_name" lines. Then run:
docker stack deploy -c compose.yml hyperledger
to create a stack called hyperledger.
You'll need to use/add the extra_hosts to each of your compose service definitions if you want to go down the hosts route.