在 Azure Stack Hub 上部署以太坊區塊鏈網路Deploy an Ethereum blockchain network on Azure Stack Hub

以太坊解決方案範本的設計訴求是,讓您以最低限度的 Azure 和以太坊知識,更輕鬆且更快速地部署和設定多成員的聯盟以太坊區塊鏈網路。The Ethereum solution template is designed to make it easier and quicker to deploy and configure a multi-member consortium Ethereum blockchain network with minimal Azure and Ethereum knowledge.

透過少數使用者輸入及 Azure Stack Hub 租用戶入口網站中的一鍵部署,每個成員都可以佈建他們的網路應用。With a handful of user inputs and a single-click deployment through the Azure Stack Hub tenant portal, each member can provision their network footprint. 每個成員的網路使用量都是由以下三個項目組成:Each member's network footprint consists of three things:

  1. 一組負載平衡的交易節點,應用程式或使用者可與其互動以提交交易。A set of load-balanced transaction nodes with which an app or user can interact to submit transactions.
  2. 一組用來記錄交易的採礦節點。A set of mining nodes to record transactions.
  3. 網路虛擬設備 (NVA)。A Network Virtual Appliance (NVA).

稍後的連線步驟會與 NVA 連線,藉以建立已完整設定的多成員區塊鏈網路閘道。A later connection step connects the NVAs to create a fully configured multi-member blockchain network.

若要設定:To set up:

  • 選擇部署架構。Choose a deployment architecture.
  • 部署獨立、聯盟領導者或聯盟成員網路。Deploy a standalone, consortium leader, or consortium member network.

PrerequisitesPrerequisites

從 Marketplace 下載最新項目:Download the latest items from the Marketplace:

  • Ubuntu Server 16.04 LTSUbuntu Server 16.04 LTS
  • Windows Server 2016Windows Server 2016
  • Custom Script for Linux 2.0Custom Script for Linux 2.0
  • Windows 的自訂指令碼延伸模組Custom Script Extension for Windows

如需區塊鏈案例的詳細資訊,請參閱 Ethereum 權威證明聯盟解決方案範本For more info on blockchain scenarios, see Ethereum proof-of-authority consortium solution template.

部署架構Deployment architecture

此解決方案範本可以部署單一成員或多成員的 Ethereum 聯盟網路。This solution template can deploy a single or multi-member Ethereum consortium network. 虛擬網路會使用網路虛擬設備和連線資源在鏈結拓撲中連線。The virtual network is connected in a chain topology using Network Virtual Appliance and connection resources.

範本可以透過各種方式來部署 Ethereum 聯盟以供領導者和成員加入,The template can deploy Ethereum consortium for leader and member in a variety of ways. 以下是已完成測試的部署方式:Here are the ones we've tested:

  • 在具有 Azure AD 或 AD FS 的多節點 Azure Stack Hub 上,使用相同訂用帳戶或不同訂用帳戶部署領導者和成員。On a multi-node Azure Stack Hub, with Azure AD or AD FS, deploy lead and member using the same subscription or with different subscriptions.
  • 在單一節點 Azure Stack Hub (具有 Azure AD) 上,使用相同訂用帳戶部署領導者和成員。On a single-node Azure Stack Hub (with Azure AD), deploy lead and member using the same subscription.

獨立和聯盟領導者部署Standalone and consortium leader deployment

聯盟領導者範本會在網路中設定第一個成員的配置。The consortium leader template configures the first member's footprint in the network.

  1. 從 GitHub 下載領導者範本Download the leader template from GitHub.

  2. 在 Azure Stack Hub 租用戶入口網站中,選取 [+ 建立資源] > [範本部署] 以從自訂範本進行部署。In the Azure Stack Hub tenant portal, select + Create a resource > Template deployment to deploy from a custom template.

  3. 在編輯器中選取 [建立您自己的範本 ],以編輯新的自訂範本。Select Build your own template in the editor to edit the new custom template.

  4. 在右側的編輯窗格中,複製並貼上您先前下載的領導者範本 JSON。In the editing pane on the right, copy and paste the leader template JSON you previously downloaded.

    已貼上領導者範本的編輯範本Edit template with the leader template pasted

  5. 選取 [儲存]。Select Save.

  6. 在 [ 基本 ] 索引標籤上,完成下列設定。On the Basics tab, complete the following settings.

    參數名稱Parameter name 描述Description 範例值Sample value
    訂用帳戶Subscription 要對其部署聯盟網路的訂用帳戶。The subscription to which to deploy the consortium network. 取用訂用帳戶Consumption Subscription
    資源群組Resource group 要對其部署聯盟網路的資源群組。The resource group to which to deploy the consortium network. EthereumResourcesEthereumResources
    區域Region 資源的 Azure 區域。The Azure region for resources. 本機local
    名稱前置詞Name prefix 用來作為所部署資源命名基底的字串。String used as a base for naming the deployed resources. 最多使用6個英數位元。Use a maximum of six alphanumeric characters. etheth
    驗證類型Auth type 用來向虛擬機器驗證的方法。The method to authenticate to the VM. 允許的值為密碼或 SSH 公開金鑰。Allowed values are password or SSH public key. 密碼Password
    系統管理員使用者名稱Admin username 每個已部署虛擬機器的管理使用者名稱。Admin username of each deployed VM. 使用從1到64個字元。Use from one to 64 characters. gethadmingethadmin
    管理員密碼 (驗證類型 = 密碼) Admin password (Authentication type = Password) 每個所部署虛擬機器的管理員帳戶密碼。The password for the admin account for each of the VMs deployed. 密碼必須包含下列 3 個需求:1 個大寫字元、1 個小寫字元、1 個數字與 1 個特殊字元。The password must contain 3 of the following requirements: 1 upper case character, 1 lower case character, 1 number, and 1 special character.
    所有 VM 一開始都有相同的密碼,但您可以在佈建之後變更密碼。While all VMs initially have the same password, you can change the password after provisioning. 使用12到72個字元。Use from 12 to 72 characters.
    管理員 SSH 金鑰 (驗證類型 = sshPublicKey) Admin SSH key (Authentication type = sshPublicKey) 用於遠端登入的安全 shell RSA 公開金鑰字串。The secure shell RSA public key string used for remote login.
    創世區塊Genesis block 代表自訂創世區塊的 JSON 字串。JSON string representing custom genesis block. 可選擇是否指定此參數的值。Specifying a value for this parameter is optional.
    乙太坊帳戶密碼Ethereum account password 用來保護 Ethereum 帳戶的系統管理員密碼。The admin password used to secure the Ethereum account.
    乙太坊帳戶複雜密碼Ethereum account passphrase 用來產生私密金鑰的複雜密碼,此金鑰會與以太坊帳戶相關聯。The passphrase used to generate private key associated with the Ethereum account. 請考慮具有足夠隨機性的密碼,以確保有強式私密金鑰。Consider a password with sufficient randomness to ensure a strong private key.
    乙太坊網路識別碼Ethereum network ID 聯盟的網路識別碼。The network ID of the consortium. 使用介於 5 到 999,999,999 之間的任意值。Use any value between 5 and 999,999,999. 7272
    聯盟成員識別碼Consortium member ID 與聯盟網路每個成員相關聯的識別碼。The ID associated with each member of the consortium network. 這個識別碼在網路中應該是唯一的。This ID should be unique in the network. 00
    數目的挖掘節點Number mining nodes 每個聯盟成員的挖掘節點數目。Number of mining nodes for each consortium member. 使用介於2到15之間的值。Use a value between 2 and 15. 22
    挖掘節點 VM 大小Mining node VM size 採礦節點的 VM 大小。VM size of the mining nodes. Standard_A1Standard_A1
    挖掘儲存體帳戶類型Mining storage account type 採礦節點的儲存體效能。Storage performance of the mining nodes. Standard_LRSStandard_LRS
    TX 節點數目Number TX nodes 負載平衡的交易節點數目。Number of load balanced transaction nodes. 使用介於1到5之間的值。Use a value between 1 and 5. 11
    TX 節點 VM 大小TX node VM size 交易節點的 VM 大小。VM size of the transaction nodes. Standard_A1Standard_A1
    TX 儲存體帳戶類型TX storage account type 交易節點的儲存體效能。Storage performance of the transaction nodes. Standard_LRSStandard_LRS
    基底 URLBase URL 用來取得部署範本的基底 URL。Base URL where to get the deployment templates. 除非您想要自訂部署範本,否則請使用預設值。Use the default value unless you want to customize the deployment templates.
  7. 選取 [檢閱 + 建立]。Select Review + create. 驗證成功之後,請選取 [ 建立 ]。After successful validation, select Create.

部署可能需要 20 分鐘或更久的時間才能完成。Deployment can take 20 minutes or longer to complete.

部署完成之後,可以在資源群組的 [部署] 區段中檢閱 Microsoft.Template 的部署摘要。After deployment completes, review the deployment summary for Microsoft.Template in the deployment section of the resource group. 摘要中包含用來加入聯盟成員的輸出值。The summary contains output values used to join consortium members.

若要確認領導者的部署,請前往領導者的管理網站。To verify leader's deployment, go to the leader's admin site. 您可以在 Microsoft.Template 部署的 [輸出] 區段中找到管理網站位址。The admin site address is found in the output section of the Microsoft.Template deployment.

領導者部署摘要

加入聯盟成員部署Joining consortium member deployment

  1. 從 GitHub 下載聯盟成員範本Download the consortium member template from GitHub.

  2. 在 Azure Stack Hub 租用戶入口網站中,選取 [+ 建立資源] > [範本部署] 以從自訂範本進行部署。In the Azure Stack Hub tenant portal, select + Create a resource > Template deployment to deploy from a custom template.

  3. 在編輯器中選取 [建立您自己的範本 ],以編輯新的自訂範本。Select Build your own template in the editor to edit the new custom template.

  4. 在右側的編輯窗格中,複製並貼上您先前下載的聯盟成員範本 JSON。In the editing pane on the right, copy and paste the consortium member template JSON you previously downloaded.

  5. 選取 [儲存]。Select Save.

  6. 在 [ 基本 ] 索引標籤上,完成下列設定。On the Basics tab, complete the following settings.

    參數名稱Parameter name 描述Description 範例值Sample value
    訂用帳戶Subscription 要對其部署聯盟網路的訂用帳戶。The subscription to which to deploy the consortium network. 取用訂用帳戶Consumption Subscription
    資源群組Resource group 要對其部署聯盟網路的資源群組。The resource group to which to deploy the consortium network. EthereumResourcesEthereumResources
    區域Region 資源的 Azure 區域。The Azure region for resources. 本機local
    名稱前置詞Name prefix 用來作為所部署資源命名基底的字串。String used as a base for naming the deployed resources. 最多使用6個英數位元。Use a maximum of six alphanumeric characters. etheth
    驗證類型Auth type 用來向虛擬機器驗證的方法。The method to authenticate to the VM. 允許的值為密碼或 SSH 公開金鑰。Allowed values are Password or SSH public key. 密碼Password
    系統管理員使用者名稱Admin username 每個已部署虛擬機器的管理使用者名稱。Admin username of each deployed VM. 使用從1到64個字元。Use from one to 64 characters. gethadmingethadmin
    管理員密碼 (驗證類型 = 密碼) Admin password (Authentication type = Password) 每個所部署虛擬機器的管理員帳戶密碼。The password for the admin account for each of the VMs deployed. 密碼必須包含下列 3 個需求:1 個大寫字元、1 個小寫字元、1 個數字與 1 個特殊字元。The password must contain 3 of the following requirements: 1 upper case character, 1 lower case character, 1 number, and 1 special character.
    所有 VM 一開始都有相同的密碼,但您可以在佈建之後變更密碼。While all VMs initially have the same password, you can change the password after provisioning. 使用12到72個字元。Use from 12 to 72 characters.
    管理員 SSH 金鑰 (驗證類型 = sshPublicKey) Admin SSH key (Authentication type = sshPublicKey) 用於遠端登入的安全 shell RSA 公開金鑰字串。The secure shell RSA public key string used for remote login.
    創世區塊Genesis block 代表自訂創世區塊的 JSON 字串。JSON string representing custom genesis block. 可選擇是否指定此參數的值。Specifying a value for this parameter is optional.
    乙太坊帳戶密碼Ethereum account password 用來保護 Ethereum 帳戶的系統管理員密碼。The admin password used to secure the Ethereum account.
    乙太坊帳戶複雜密碼Ethereum account passphrase 用來產生私密金鑰的複雜密碼,此金鑰會與以太坊帳戶相關聯。The passphrase used to generate private key associated with the Ethereum account. 請考慮具有足夠隨機性的密碼,以確保有強式私密金鑰。Consider a password with sufficient randomness to ensure a strong private key.
    聯盟成員識別碼Consortium member ID 與聯盟網路每個成員相關聯的識別碼。The ID associated with each member of the consortium network. 這個識別碼在網路中應該是唯一的。This ID should be unique in the network. 00
    數目的挖掘節點Number mining nodes 每個聯盟成員的挖掘節點數目。Number of mining nodes for each consortium member. 使用介於2到15之間的值。Use a value between 2 and 15. 22
    挖掘節點 VM 大小Mining node VM size 採礦節點的 VM 大小。VM size of the mining nodes. Standard_A1Standard_A1
    挖掘儲存體帳戶類型Mining storage account type 採礦節點的儲存體效能。Storage performance of the mining nodes. Standard_LRSStandard_LRS
    TX 節點數目Number TX nodes 負載平衡的交易節點數目。Number of load balanced transaction nodes. 使用介於1到5之間的值。Use a value between 1 and 5. 11
    TX 節點 VM 大小TX node VM size 交易節點的 VM 大小。VM size of the transaction nodes. Standard_A1Standard_A1
    TX 儲存體帳戶類型TX storage account type 交易節點的儲存體效能。Storage performance of the transaction nodes. Standard_LRSStandard_LRS
    聯盟資料Consortium data 指向相關聯盟組態資料的 URL,而此組態資料是由另一個成員的部署所提供。The URL pointing to the relevant consortium configuration data provided by another member's deployment. 您可以在領導者的部署輸出上找到此值。This value can be found on leader's deployment output.
    遠端成員 VNET 位址空間Remote member VNET address space 領導人的 VNET 位址空間。The VNET address space of the leader. 您可以在領導者的部署輸出上找到此值。This value can be found on leader's deployment output.
    遠端成員 NVA 公用 IPRemote member NVA public IP 領導者的 NVA IP 位址。The NVA IP address of the leader. 您可以在領導者的部署輸出上找到此值。This value can be found on leader's deployment output.
    連接共用金鑰Connection shared key 在建立閘道連線的聯盟網路成員之間預先建立的秘密。A pre-established secret between the members of the consortium network that are establishing a gateway connection.
    基底 URLBase URL 用來取得部署範本的基底 URL。Base URL where to get the deployment templates. 除非您想要自訂部署範本,否則請使用預設值。Use the default value unless you want to customize the deployment templates.
  7. 選取 [檢閱 + 建立]。Select Review + create. 驗證成功之後,請選取 [ 建立 ]。After successful validation, select Create.

部署可能需要 20 分鐘或更久的時間才能完成。Deployment can take 20 minutes or longer to complete.

部署完成之後,可以在資源群組的 [部署] 區段中檢閱 Microsoft.Template 的部署摘要。After deployment completes, review the deployment summary for Microsoft.Template in the deployment section of the resource group. 摘要中包含用來連線聯盟成員的輸出值。The summary contains output values used to connect consortium members.

若要確認成員的部署,請瀏覽成員的管理網站。To verify member's deployment, browse member's admin site. 您可以在 Microsoft.Template 部署的 [輸出] 區段中找到管理網站位址。You can find the admin site address in the output section of the Microsoft.Template deployment.

成員部署摘要

如上圖所示,成員的節點狀態是 未執行As shown in the picture, member's nodes status is Not running. 會有此狀態是因為成員和領導者之間未建立連線。This status is because the connection between member and leader isn't established. 成員和領導者之間的連線是雙向連線。The connection between member and leader is a two-way connection. 當您部署成員時,範本會自動建立從成員到領導者的連線。When you deploy member, template automatically creates the connection from member to the leader. 若要建立從領導者到成員的連線,請移至下一個步驟。To create the connection from leader to member, go to the next step.

讓成員和領導者連線Connect member and leader

此範本會建立從領導者到遠端成員的連線。This template creates a connection from the leader to a remote member.

  1. 從 GitHub 下載讓成員和領導者連線的範本Download the connect member and leader template from GitHub.

  2. 在 Azure Stack Hub 租用戶入口網站中,選取 [+ 建立資源] > [範本部署] 以從自訂範本進行部署。In the Azure Stack Hub tenant portal, select + Create a resource > Template deployment to deploy from a custom template.

  3. 在編輯器中選取 [建立您自己的範本 ],以編輯新的自訂範本。Select Build your own template in the editor to edit the new custom template.

  4. 在右側的編輯窗格中,複製並貼上您先前下載的聯盟成員範本 JSON。In the editing pane on the right, copy and paste the consortium member template JSON you previously downloaded.

  5. 選取 [儲存]。Select Save.

  6. 完成下列設定。Complete the following settings.

    參數名稱Parameter name 描述Description 範例值Sample value
    訂用帳戶Subscription 要對其部署聯盟網路的訂用帳戶。The subscription to which to deploy the consortium network. 取用訂用帳戶Consumption Subscription
    資源群組Resource group 要對其部署聯盟網路的資源群組。The resource group to which to deploy the consortium network. EthereumResourcesEthereumResources
    區域Region 資源的 Azure 區域。The Azure region for resources. 本機local
    成員名稱前置詞Member name prefix 用來作為所部署資源命名基底的字串。String used as a base for naming the deployed resources. 最多使用6個英數位元。Use a maximum of six alphanumeric characters. etheth
    成員路由表名稱Member route table name 領導者的路由表名稱。Name of the leader's route table. 您可以在領導者的部署輸出上找到此值。This value can be found on leader's deployment output.
    遠端成員 VNET 位址空間Remote member VNET address space 成員的位址空間。Address space of the member. 您可以在成員的部署輸出上找到此值。This value can be found on member's deployment output.
    遠端成員 NVA 公用 IPRemote member NVA public IP 要連接的 NVA IP 位址。The NVA IP address to connect to. 您可以在成員的部署輸出上找到此值。This value can be found on member's deployment output.
    連接共用金鑰Connection shared key 聯盟網路中建立連線的成員之間所預先建立的祕密。A pre-established secret between the members of the consortium network that are establishing a connection.
    成員 NVA 私人 IPMember NVA private IP 成員的 NVA IP 位址。The NVA IP address of the member. 您可以在成員的部署輸出上找到此值。This value can be found on member's deployment output.
    基底 URLBase URL 用來取得部署範本的基底 URL。Base URL where to get the deployment templates. 除非您想要自訂部署範本,否則請使用預設值。Use the default value unless you want to customize the deployment templates.
  7. 選取 [檢閱 + 建立]。Select Review + create. 驗證成功之後,請選取 [ 建立 ]。After successful validation, select Create.

部署完成之後,領導者和成員需要幾分鐘的時間才會開始通訊。After deployment is complete, it takes few minutes for leader and member to start communication. 若要確認部署,請重新整理成員的管理網站。To verify the deployment, refresh member's admin site. 成員節點的狀態應該是執行中。Status of the member's nodes should be running.

驗證部署

後續步驟Next steps

若要深入了解以太坊和 Azure,請參閱區塊鏈技術與應用程式To learn more about Ethereum and Azure, see Blockchain Technology and Applications.