以太坊官方文档【private-network】学习
本文档是官方文档private-network的翻译
运营一个私有区块链网络
维护自己的私有网络比较麻烦,因为很多在官方网络中习以为常的配置都需要手动设置。
本指南解释了如何设置多个 Geth 节点的私有网络。如果一个以太坊网络的节点没有连接到主网络,则它就是一个私有网络。在这种情况下,私有仅意味着保留或隔离,而不是受保护或安全。
选择一个网络ID
网络 ID 是一个整数,用于隔离以太坊对等网络。只有当所有对等节点使用相同的创世块和网络 ID 时,区块链节点之间才会发生连接。使用 --networkid命令行选项设置 geth 使用的网络 ID。
主网络的ID是1。如果您提供自己的不同于主网络的自定义网络 ID,您的节点将不会连接到其他节点,而是形成了一个私有网络。 如果你计划在互联网上能够连接到你的私有链,最好选择一个没有被用到的网络ID。您可以在 https://chainid.network 找到由社区运行的以太坊网络注册表。
选择一个共识算法
While the main network uses proof-of-work to secure the blockchain, Geth also supports the the ‘clique’ proof-of-authority consensus algorithm as an alternative for private networks. We strongly recommend ‘clique’ for new private network deployments because it is much less resource intensive than proof-of-work. The clique system is also used for several public Ethereum testnets such as Rinkeby and Görli.
虽然主网络使用工作量证明来保护区块链,但 Geth 还支持“clique”权威证明共识算法作为私有网络的替代方案。我们强烈建议将“clique”用于新的专用网络部署,因为它比工作量证明占用的资源要少得多。clique 共识算法还用于多个公共以太坊测试网,例如 Rinkeby 和 Görli。
Here are the key differences between the two consensus algorithms available in Geth:
以下是 Geth 中可用的两种共识算法之间的主要区别:
Ethash consensus, being a proof-of-work algorithm, is a system that allows open participation by anyone willing to dedicate resources to mining. While this is a great property to have for a public network, the overall security of the blockchain strictly depends on the total amount of resources used to secure it. As such, proof-of-work is a poor choice for private networks with few miners. The Ethash mining ‘difficulty’ is adjusted automatically so that new blocks are created approximately 12 seconds apart. As more mining resources are deployed on the network, creating a new block becomes harder so that the average block time matches the target block time.
Ethash是一个工作量证明的共识算法,是一个允许任何愿意将资源用于挖矿的人公开参与的系统。虽然这对于公共网络来说是一个很好的属性,但区块链的整体安全性严格取决于用于保护它的资源总量。因此,对于矿工很少的私有网络来说,工作量证明是一个糟糕的选择。Ethash 挖矿“难度”会自动调整,以便每隔大约 12 秒创建新块。随着网络上部署的挖矿资源越来越多,创建新区块变得更加困难,以使平均区块时间与目标区块时间相匹配。
Clique consensus is a proof-of-authority system where new blocks can be created by authorized ‘signers’ only. The clique consenus protocol is specified in EIP-225. The initial set of authorized signers is configured in the genesis block. Signers can be authorized and de-authorized using a voting mechanism, thus allowing the set of signers to change while the blockchain operates. Clique can be configured to target any block time (within reasonable limits) since it isn’t tied to the difficulty adjustment.
Clique 是一种权威证明的共识系统,新区块只能由授权的“签名者”创建。Clique共识协议是在EIP-225中指定的。初始授权签名者集合在创世块中配置。可以使用投票机制对签名者进行授权和取消授权,从而允许签名者集在区块链运行时更改。Clique 可以配置为针对任何出块时间(在合理范围内),因为它与难度调整无关。
创建创世区块
Every blockchain starts with the genesis block. When you run Geth with default settings for the first time, it commits the main net genesis to the database. For a private network, you usually want a different genesis block.
每个区块链都是从创世区块开始的。当你使用默认设置第一次运行Geth时,它会将主网络创世提交到数据库。对于一个私有网络来说,你通常想要一个不一样的创世区块,
The genesis block is configured using the genesis.json file. When creating a genesis block, you need to decide on a few initial parameters for your blockchain:
创世区块使用 genesis.json文件进行配置。在创建创世区块时,您需要为区块链确定一些初始参数:
-
Ethereum platform features enabled at launch (
config). Enabling protocol features while the blockchain is running requires scheduling a hard fork.启动时启用的以太坊平台功能(
config)。在区块链运行时启用协议功能需要安排硬分叉。 -
Initial block gas limit (
gasLimit). Your choice here impacts how much EVM computation can happen within a single block. We recommend using the main Ethereum network as a guideline to find a good amount. The block gas limit can be adjusted after launch using the--miner.gastargetcommand-line flag.初始的区块gas上限 (
gasLimit)。您在此处的选择会影响单个区块内可以发生多少 EVM 计算。我们建议使用以太坊主网络作为找到合适gas数量的指南。启动后可以使用--miner.gastarget命令行参数来调整gas上限。 -
Initial allocation of ether (
alloc). This determines how much ether is available to the addresses you list in the genesis block. Additional ether can be created through mining as the chain progresses.初始分配以太(
alloc)。这决定了您在创世区块中列出的地址可以使用多少以太币(单位是wei)。随着链的进展,可以通过挖掘创建额外的以太币。
Clique共识协议的配置样例
This is an example of a genesis.json file for a proof-of-authority network. The config section ensures that all known protocol changes are available and configures the ‘clique’ engine to be used for consensus.
这是权威证明网络的 genesis.json 文件示例。config 部分确保所有已知的协议更改都可用,并配置“clique”共识引擎以用于达成共识。
Note that the initial signer set must be configured through the extradata field. This field is required for clique to work.
请注意,必须通过 extradata 字段配置初始签名者集。该字段是 clique 工作所必需的。
First create the signer account keys using the geth account command (run this command multiple times to create more than one signer key).
首先使用 geth account 命令创建签名者帐户密钥(多次运行此命令以创建多个签名者密钥)。
1 | geth account new --datadir data |
Take note of the Ethereum address printed by this command.
记录此命令输出的以太坊地址。
此命令会自动创建data目录,data目录下面有个名为keystore的目录用于保存密钥文件。
1 | ll data/keystore/ |
To create the initial extradata for your network, collect the signer addresses and encode extradata as the concatenation of 32 zero bytes, all signer addresses, and 65 further zero bytes. In the example below, extradata contains a single initial signer address, 0x7df9a875a174b3bc565e6424a0050ebc1b2d1d82.
要为您的网络创建初始额外数据,请收集签名者地址并将额外数据编码为: 32 个零字节+所有签名者地址+另外 65 个零字节。在下面的示例中,extradata 包含一个初始签名者地址 0x7df9a875a174b3bc565e6424a0050ebc1b2d1d82。
您可以使用 period 配置选项来设置链的目标出块时间。
1 | { |
初始化 Geth 数据库
To create a blockchain node that uses this genesis block, run the following command. This imports and sets the canonical genesis block for your chain.
要创建使用此创世区块的区块链节点,请运行以下命令。这会为您的链导入并设置规范的创世块。
1 | geth init --datadir data genesis.json |
Future runs of geth using this data directory will use the genesis block you have defined.
以后使用此数据目录运行 geth 将使用您定义的创世块。
1 | geth --datadir data --networkid 15 |
调度硬分叉
As Ethereum protocol development progresses, new Ethereum features become available. To enable these features on your private network, you must schedule a hard fork.
随着以太坊协议开发的进展,新的以太坊功能变得可用。要在您的专用网络上启用这些功能,您必须安排一次硬分叉。
First, choose any future block number where the hard fork will activate. Continuing from the genesis.json example above, let’s assume your network is running and its current block number is 35421. To schedule the ‘Istanbul’ fork, we pick block 40000 as the activation block number and modify our genesis.json file to set it:
首先,选择硬分叉将激活的任何未来区块号。继续上面的 genesis.json 示例,假设您的网络正在运行,并且它的当前块号是 35421。为了安排“伊斯坦布尔”分叉,我们选择块 40000 作为激活块号并修改我们的 genesis.json 文件以设置它:
1 | { |
In order to update to the new fork, first ensure that all Geth instances on your private network actually support the Istanbul fork (i.e. ensure you have the latest version of Geth installed). Now shut down all nodes and re-run the init command to enable the new chain configuration:
为了更新到新的分叉,首先确保您的私有网络上的所有 Geth 实例实际上都支持伊斯坦布尔分叉(即确保您安装了最新版本的 Geth)。现在关闭所有节点并重新运行 init 命令以启用新的链配置:
1 | geth init --datadir data genesis.json |
启动网络
Once your node is initialized to the desired genesis state, it is time to set up the peer-to-peer network. Any node can be used as an entry point. We recommend dedicating a single node as the rendezvous point which all other nodes use to join. This node is called the ‘bootstrap node’.
一旦你的节点被初始化为所需的创始状态,那么就该设置点对点网络了。任何节点都可以用作入口点。我们建议将单个节点用作所有其他节点用来加入的集合点。该节点称为“引导节点”。
First, determine the IP address of the machine your bootstrap node will run on. If you are using a cloud service such as Amazon EC2, you’ll find the IP of the virtual machine in the management console. Please also ensure that your firewall configuration allows both UDP and TCP traffic on port 30303.
首先,确定运行您的引导节点的服务器的IP地址。如果你使用例如亚马逊EC2之类的云服务器,你需要在虚拟机管理页面查看机器的IP地址。还请确保您的防火墙配置允许端口 30303 上的 UDP 和 TCP 流量。
The bootstrap node needs to know about its own IP address in order to be able to relay it others. The IP is set using the --nat flag (insert your own IP instead of the example address below).
引导节点需要知道他自己的IP地址,以便能够将其中继给其他节点.使用--nat设置IP地址。
1 | geth --datadir data --networkid 15 --nat extip:172.16.254.4 |
Now extract the ‘node record’ of the bootnode using the JS console.
现在使用 JS 控制台提取引导节点的“节点记录”。
1 | geth attach data/geth.ipc --exec admin.nodeInfo.enr |
This command should print a base64 string such as the following example. Other nodes will use the information contained in the bootstrap node record to connect to your peer-to-peer network.
这个命令应该会输出一个像下面例子一样的base64编码的字符串。其他节点将使用引导节点记录中包含的信息连接到您的对等网络。
1 | "enr:-Je4QEiMeOxy_h0aweL2DtZmxnUMy-XPQcZllrMt_2V1lzynOwSx7GnjCf1k8BAsZD5dvHOBLuldzLYxpoD5UcqISiwDg2V0aMfGhGlQhqmAgmlkgnY0gmlwhKwQ_gSJc2VjcDI1NmsxoQKX_WLWgDKONsGvxtp9OeSIv2fRoGwu5vMtxfNGdut4cIN0Y3CCdl-DdWRwgnZf" |
Setting up peer-to-peer networking depends on your requirements. If you connect nodes across the Internet, please ensure that your bootnode and all other nodes have public IP addresses assigned, and both TCP and UDP traffic can pass the firewall.
设置对等网络取决于您的要求。如果您通过 Internet 连接节点,请确保您的引导节点和所有其他节点都分配了公共 IP 地址,并且 TCP 和 UDP 流量都可以通过防火墙。
If Internet connectivity is not required or all member nodes connect using well-known IPs, we strongly recommend setting up Geth to restrict peer-to-peer connectivity to an IP subnet. Doing so will further isolate your network and prevents cross-connecting with other blockchain networks in case your nodes are reachable from the Internet. Use the --netrestrict flag to configure a whitelist of IP networks:
如果不需要 Internet 连接或所有成员节点都使用已知 IP 连接,我们强烈建议设置 Geth 以限制对 IP 子网的对等连接。这样做将进一步隔离您的网络并防止与其他区块链网络交叉连接,以防您的节点可以从 Internet 访问。使用--netrestrict 标志配置 IP 网络白名单:
1 | geth <other-flags> --netrestrict 172.16.254.0/24 |
With the above setting, Geth will only allow connections from the 172.16.254.0/24 subnet, and will not attempt to connect to other nodes outside of the set IP range.
使用上述设置,Geth 将只允许来自 172.16.254.0/24 子网的连接,而不会试图连接到设定的 IP 范围之外的其他节点。
运行成员节点
Before running a member node, you have to initialize it with the same genesis file as used for the bootstrap node.
在运行一个成员节点之前,你必须使用与引导节点相同的创世文件进行初始化。
With the bootnode operational and externally reachable (you can try telnet --bootnodes flag.
随着 bootnode 可操作且外部可访问(您可以尝试 telnet --bootnodes 标志通过引导节点连接它们。
To create a member node running on the same machine as the bootstrap node, choose a separate data directory (example: data-2) and listening port (example: 30305):
要创建与引导节点在同一台机器上运行的成员节点,请选择单独的数据目录(例如:data-2)和监听端口(例如:30305):
下面的命令中
1 | INFO [04-05|13:13:46.760] Started P2P networking self=enode://ded53747cabc10400ffd59fb329c2cb3d048ea8eacc078641177abab7054afd71a3c7404f9461257ef678af0875c93f4d70792c02a27bbb449ad844bf176ab5d@127.0.0.1:30303 |
1 | geth --datadir data-2 --networkid 15 --port 30305 --bootnodes <bootstrap-node-record> |
With the member node running, you can check whether it is connected to the bootstrap node or any other node in your network by attaching a console and running admin.peers. It may take up to a few seconds for the nodes to get connected.
在成员节点运行时,你可以通过连接控制台和运行admin.peers来检查它是否连接到引导节点或网络中的任何其他节点。节点可能需要几秒钟的时间来连接。
1 | geth attach data-2/geth.ipc --exec admin.peers |
Clique: 启动一个签名者
To set up Geth for signing blocks in proof-of-authority mode, a signer account must be available. The account must be unlocked to mine blocks. The following command will prompt for the account password, then start signing blocks:
要设置Geth在权威证明模式下签署区块,必须有一个签名者账户。该账户必须被解锁以挖掘区块。下面的命令将提示输入账户密码,然后开始签署区块。
1 | geth <other-flags> --unlock 0x7df9a875a174b3bc565e6424a0050ebc1b2d1d82 --mine |
You can further configure mining by changing the default gas limit blocks converge to (with --miner.gastarget) and the price transactions are accepted at (with --miner.gasprice).
你可以通过改变区块的默认气体上限(用--miner.gastarget)和接受交易的价格(用–miner.gasprice)来进一步配置挖矿。
Ethash: Running A Miner
For proof-of-work in a simple private network, a single CPU miner instance is enough to create a stable stream of blocks at regular intervals. To start a Geth instance for mining, run it with all the usual flags and add the following to configure mining:
geth
This will start mining bocks and transactions on a single CPU thread, crediting all block rewards to the account specified by --miner.etherbase.