์•ˆ๋…•ํ•˜์„ธ์š”?

๊ทธ ๋™์•ˆ Hyperledger Fabric์„ ์ด์šฉํ•˜์—ฌ ๊ฐœ๋ฐœ๋ชจ๋“œ์™€ ์šด์˜๋ชจ๋“œ์—์„œ ์ฒด์ธ์ฝ”๋“œ๋ฅผ ์ ์šฉํ•˜์—ฌ REST API๋ฅผ ํ†ตํ•ด ํŠธ๋žœ์žญ์…˜์„ ์ผ์œผ์ผœ ํ…Œ์ŠคํŠธ๋ฅผ ํ•ด๋ดค์Šต๋‹ˆ๋‹ค.
ํ˜„์žฌ๊นŒ์ง€์˜ ํ™˜๊ฒฝ์—์„œ๋Š” REST API๋ฅผ ํฌํ•จํ•˜์—ฌ http ๊ธฐ๋ฐ˜์œผ๋กœ ์š”์ฒญ์„ ์ฃผ๊ณ  ๋ฐ›์•˜์Šต๋‹ˆ๋‹ค.
(์•„์ง ๋‹ค์ˆ˜์˜ Peer๋กœ ๋ธ”๋ก์ฒด์ธ ๋„คํŠธ์›Œํฌ๋ฅผ ๊ตฌ์„ฑํ•˜์ง„ ์•Š์•˜์ง€๋งŒ ์ด ๋ฒˆ ๊ธ€์—์„œ ์„ค๋ช…ํ•  TLS๊ฐ€ ํ™œ์„ฑํ™”๋˜์–ด ์žˆ์ง€ ์•Š์œผ๋ฉด peer ๊ฐ„์˜ ํ†ต์‹ ๋„ http ๊ธฐ๋ฐ˜์˜ grpc๋กœ ์ด๋ฃจ์–ด ์ง‘๋‹ˆ๋‹ค.)
์ด ๋ฒˆ ๊ธ€์—์„œ๋Š” REST API ๋ฐ Peer๊ฐ„ ํ†ต์‹ ์— TLS๋ฅผ ์ ์šฉํ•˜๋Š” ๋ฐฉ๋ฒ•์— ๋Œ€ํ•ด์„œ ์„ค๋ช…๋“œ๋ฆฌ๊ฒ ์Šต๋‹ˆ๋‹ค.

1. ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค๋ฅผ ์œ„ํ•œ Self-Signed Certificate ์ƒ์„ฑ

TLS๊ฐ€ ํ™œ์„ฑํ™”๋˜์–ด ์žˆ์œผ๋ฉด ์•„๋ž˜ ๊ทธ๋ฆผ๊ณผ ๊ฐ™์ด ๋ธ”๋ก์ฒด์ธ ๋„คํŠธ์›Œํฌ ์ƒ์— ๊ฐ Peer๋Š” ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค์— ์Šค์Šค๋กœ๋ฅผ ๋“ฑ๋กํ•  ๋•Œ TLS Handshake ๊ณผ์ •์„ ๊ฑฐ์น˜๋ฉด์„œ ์ธ์ฆ์„œ ๊ธฐ๋ฐ˜์œผ๋กœ ์ธ์ฆ์„ ๋ฐ›๊ฒŒ ๋ฉ๋‹ˆ๋‹ค.
๋‹น์—ฐํžˆ ์ธ์ฆ์„œ๊ฐ€ ์œ ํšจํ•˜์ง€ ์•Š์œผ๋ฉด Peer๊ฐ€ ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค์— ์ ‘์†ํ•˜์ง€ ๋ชปํ•ฉ๋‹ˆ๋‹ค.
๋งˆ์นœ๊ฐ€์ง€๋กœ Peer๊ฐ„ ํ†ต์‹ ์—์„œ๋„ TLS ์ธ์ฆ์„ ํ†ตํ•ด์„œ ํ†ต์‹ ์„ ํ•˜๊ฒŒ๋ฉ๋‹ˆ๋‹ค.
๊ทธ๋ž˜์„œ TLS ๊ธฐ๋ฐ˜์˜ ํ†ต์‹ ์„ ์œ„ํ•ด์„œ๋Š” ๊ฐ ํ†ต์‹  ๊ตฌ๊ฐ„ ์ฆ‰, ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค < –> Peer ์™€ Peer < –> Peer ๊ตฌ๊ฐ„์„ ์œ„ํ•œ ์ธ์ฆ์„œ๋ฅผ ๋“ฑ๋กํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
๋จผ์ €, ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค < –> Peer ํ†ต์‹ ์—์„œ ์‚ฌ์šฉํ•˜๊ธฐ ์œ„ํ•œ ์ธ์ฆ์„œ๋ฅผ ๋งŒ๋“ค์–ด๋ณด๊ฒ ์Šต๋‹ˆ๋‹ค.

์ ๋‹นํ•œ ์œ„์น˜์— ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ํ•˜๋‚˜ ๋งŒ๋“ญ๋‹ˆ๋‹ค. ์ „ tls๋ผ๋Š” ๋””๋ ‰ํ† ๋ฆฌ๋ฅผ ๋งŒ๋“ค์—ˆ์Šต๋‹ˆ๋‹ค.

$ mkdir tls
$ cd tls

๋‹ค์Œ์˜ ์ ˆ์ฐจ๋Œ€๋กœ ํ•„์š”ํ•œ ์ธ์ฆ์„œ๋ฅผ ์ƒ์„ฑํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค. ๋จผ์ € Certificate Authority(CA) ๋ฅผ ์ƒ์„ฑํ•ฉ๋‹ˆ๋‹ค.

$ openssl genrsa -aes256 -out ca-key.pem 4096

์•„๋ž˜์—์„œ๋Š” “Common Name”์„ ์œ ์˜ํ•ด์„œ ์ž…๋ ฅํ•˜์—ฌ์•ผ ํ•ฉ๋‹ˆ๋‹ค. ์ ‘์†ํ•ด์•ผํ•  ์„œ๋ฒ„์˜ IP ๋˜๋Š” ํ˜ธ์ŠคํŠธ๋„ค์ž„์ด ๋˜์–ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.
๋‚˜์ค‘์— ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ์˜ ํ˜ธ์ŠคํŠธ๋„ค์ž„์„ “membersrvc” ๋กœ ์‹คํ–‰ํ•  ๊ฒƒ์ด๊ธฐ ๋•Œ๋ฌธ์— Common Name์„ “membersrvc”๋กœ ์ž…๋ ตํ•ฉ๋‹ˆ๋‹ค.

$ openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem
Enter pass phrase for ca-key.pem:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:KR
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:Seoul
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:membersrvc
Email Address []:

Server ํ‚ค์™€ certificate signing request (CSR) ์„ ๋งŒ๋“ญ๋‹ˆ๋‹ค.

$ openssl genrsa -out server-key.pem 4096
$ openssl req -subj "/CN=membersrvc" -sha256 -new -key server-key.pem -out server.csr

๋‹ค์Œ์œผ๋กœ ์•ž์„œ ์ƒ์„ฑํ•œ CA๋ฅผ ์ด์šฉํ•˜์—ฌ public key๋ฅผ ๋งŒ๋“ญ๋‹ˆ๋‹ค.
์—ฌ๊ธฐ์„œ ์ฃผ์˜ํ•  ์ ์€, TLS ์ ‘์†์‹œ ์ ‘์†์„ ํ—ˆ์šฉํ•  DNS ๋˜๋Š” IP๋ฅผ ๋ช…์‹œํ•ด์•ผ ํ•ฉ๋‹ˆ๋‹ค.

$ echo subjectAltName = DNS:membersrvc,DNS:vp0,DNS:vp1,IP:172.16.151.175,IP:172.16.151.162,IP:172.17.0.1,IP:172.17.0.2,IP:172.17.0.3,IP:172.17.0.4 > extfile.cnf
$ openssl x509 -req -days 3650 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
   -CAcreateserial -out server-cert.pem -extfile extfile.cnf
Signature ok
subject=/CN=membersrvc
Getting CA Private Key
Enter pass phrase for ca-key.pem:

๋‹ค์Œ์œผ๋กœ ํด๋ผ์ด์–ธํŠธ ์ธ์ฆ์„ ์œ„ํ•œ ํด๋ผ์ด์–ธํŠธ ํ‚ค์™€ certificate signing request(CSR)์„ ๋งŒ๋“ญ๋‹ˆ๋‹ค.

$ openssl genrsa -out key.pem 4096
$ openssl req -subj '/CN=client' -new -key key.pem -out client.csr

ํด๋ผ์ด์–ธํŠธ ์ธ์ฆ์„ ์œ„ํ•œ extentions config ํŒŒ์ผ์„ ์ƒ์„ฑํ•ฉ๋‹ˆ๋‹ค.

$ echo extendedKeyUsage = clientAuth > extfile.cnf

public key๋ฅผ ๋งŒ๋“ญ๋‹ˆ๋‹ค.

$ openssl x509 -req -days 3650 -sha256 -in client.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out cert.pem -extfile extfile.cnf
Signature ok
subject=/CN=client
Getting CA Private Key
Enter pass phrase for ca-key.pem:

2. ์ƒ์„ฑ๋œ ์ธ์ฆ์„œ๋ฅผ ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค ๋ฐ Validating Peer์— ์„ค์ •

์„ฑ๊ณต์ ์œผ๋กœ ์ธ์ฆ์„œ๊ฐ€ ์ƒ์„ฑ๋˜์—ˆ์œผ๋ฉด ๊ฐ ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค ๋ฐ Validating Peer์— ์ธ์ฆ์„œ๋ฅผ ๋ณต์‚ฌํ•˜๊ณ  ์„ค์ •์„ ํ•ฉ๋‹ˆ๋‹ค.
(์ปจํ…Œ์ด๋„ˆ ์‹คํ–‰์ด ๋˜์ง€ ์•Š์•˜์œผ๋ฉด ์‹คํ–‰์„ ํ•˜๊ณ  ์ง„ํ–‰ํ•ฉ๋‹ˆ๋‹ค)

$ cd ../
$ docker cp tls < ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ ID>:/root/tls
$ docker cp tls :/root/tls

๋‹ค์Œ์œผ๋กœ ๋ฉค๋ฒ„์‰ฝ ์ปจํ…Œ์ด๋„ˆ์— ์ ‘์†ํ•ด์„œ ์„ค์ •ํŒŒ์ผ์„ ๋‹ค์Œ์˜ ๊ทธ๋ฆผ๊ณผ ๊ฐ™์ด ์„ค์ •ํ•ฉ๋‹ˆ๋‹ค.

 ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค์— ์ ‘์†
$ docker exec -it < ๋งด๋ฒ„์‰ฝ ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ ID> bash

์ปจํ…Œ์ด๋„ˆ ์ ‘์† ํ›„
# cd membersrvc
# vi membersrvc.yaml

์ˆ˜์ • ํ›„ ๋‹ค์Œ ๋ช…๋ น์œผ๋กœ ์บ์‹œ ๋ฐ ์ด์ „ ์ƒ์„ฑ๋œ ์ธ์ฆ์„œ ํŒŒ์ผ๋“ค์„ ์‚ญ์ œํ•ฉ๋‹ˆ๋‹ค.

# rm -rf /var/hyperledger/*

์—ฌ๊ธฐ๊นŒ์ง€ ์™„๋ฃŒ๋˜์—ˆ์œผ๋ฉด ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ์—์„œ ๋น ์ ธ๋‚˜์˜ต๋‹ˆ๋‹ค.

๋‹ค์Œ์œผ๋กœ Validating Peer๋ฅผ ์„ค์ •ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค. ๋‹ค์Œ ๋ช…๋ น์–ด๋ฅผ ํ†ตํ•ด Validating Peer๋กœ ์ ‘์†ํ•ด์„œ ์„ค์ •ํŒŒ์ผ์„ ์ˆ˜์ •ํ•ฉ๋‹ˆ๋‹ค.

Validating Peer์— ์ ‘์†
$ docker exec -it < Validating Peer ์ปจํ…Œ์ด๋„ˆ ID> bash

์ปจํ…Œ์ด๋„ˆ ์ ‘์† ํ›„
# cd peer
# vi peer.yaml

๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค์™€ ๋งˆ์ฐฌ๊ฐ€์ง€๋กœ ์บ์‹œ ๋ฐ ์ƒ์„ฑ๋œ ์ธ์ฆ์„œ ํŒŒ์ผ์„ ์‚ญ์ œํ•˜๊ณ  ์ปจํ…Œ์ด๋„ˆ์—์„œ ๋น ์ ธ๋‚˜์˜ต๋‹ˆ๋‹ค.

# rm -rf /var/hyperledger/*

๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค์™€ Validating Peer ์˜ ์ˆ˜์ •์ด ์™„๋ฃŒ๋˜์—ˆ์œผ๋ฉด docker commit์„ ํ†ตํ•ด ์ƒˆ๋กœ์šด ์ด๋ฏธ์ง€๋กœ ํƒœ๊น…ํ•ฉ๋‹ˆ๋‹ค.

$ docker commit < validating Peer ์ปจํ…Œ์ด๋„ˆ ID> hyperledger/peer:1.2
$ docker commit < ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ ID> hyperledger/membersrvc:1.0

๊ทธ๋ฆฌ๊ณค ์ปจํ…Œ์ด๋„ˆ ์žฌ์‹œ์ž‘ํ•ฉ๋‹ˆ๋‹ค.(docker-compose.yml ํŒŒ์ผ์˜ ์œ„์น˜์—์„œ ๋ช…๋ น์„ ํ•ด์•ผํ•˜๋Š” ๊ฑฐ ์œ ๋…ํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค.)

$ docker-compose down
$ docker-compose up

์—๋Ÿฌ์—†์ด ์ปจํ…Œ์ด๋„ˆ ์‹คํ–‰๋˜๋Š”์ง€ ํ™•์ธํ•ฉ๋‹ˆ๋‹ค. ์—๋Ÿฌ์—†์ด ์‹คํ–‰์ด ๋˜์—ˆ์œผ๋ฉด ๋ฐ”๋กœ ๋‹ค์Œ Peer < –> Peer ํ†ต์‹ ์„ ์œ„ํ•œ ์„ค์ •์œผ๋กœ ๋„˜์–ด๊ฐ‘๋‹ˆ๋‹ค.

3. Peer ๊ฐ„ p2p ํ†ต์‹ ์„ ์œ„ํ•œ TLS ์„ค์ •

์•ž ๋‹จ๊ณ„์—์„œ ์‹คํ–‰๋œ ์ปจํ…Œ์ด๋„ˆ์—์„œ peer ๊ฐ„ ํ†ต์‹ ์„ ์œ„ํ•œ ์ธ์ฆ์„œ ์„ค์ •์ž‘์—…์„ ์ด์–ด์„œ ์ง„ํ–‰ํ•˜๊ฒ ์Šต๋‹ˆ๋‹ค.
์ •์ƒ์ ์œผ๋กœ ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค๊ฐ€ ์‹คํ–‰์ด๋˜์—ˆ์œผ๋ฉด “/var/hyperledger/production/.membersrvc” ๋””๋ ‰ํ† ๋ฆฌ ๋ฐ‘์— ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค๊ฐ€ ์ƒ์„ฑํ•œ ๊ฐ์ข… ์ธ์ฆ์„œ๋“ค์ด ์กด์žฌํ•ฉ๋‹ˆ๋‹ค.
๊ทธ ์ค‘ peer๊ฐ„ ํ†ต์‹ ์„ ์œ„ํ•ด์„œ๋Š” “tlsca.cert” , “tlsca.priv” ํŒŒ์ผ์ด ํ•„์š”ํ•ฉ๋‹ˆ๋‹ค. ์ด ํŒŒ์ผ๋“ค์„ Validating Peer๋กœ ๋ณต์‚ฌํ•˜๋ฉด ๋ฉ๋‹ˆ๋‹ค.

$ docker cp < ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ ID>:/var/hyperledger/production/.membersrvc/tlsca.cert tlsca.cert
$ docker cp < ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค ์ปจํ…Œ์ด๋„ˆ ID>:/var/hyperledger/production/.membersrvc/tlsca.priv tlsca.priv
$ docker cp tlsca.cert :/root/tls/tlsca.cert
$ docker cp tlsca.priv :/root/tls/tlsca.priv

๋ณต์‚ฌํ•œ ํ›„ Validating Peer์˜ ์ปจํ…Œ์ด๋„ˆ์— ์ ‘์†ํ•˜์—ฌ์„œ ์„ค์ •ํŒŒ์ผ ์ˆ˜์ •์„ ํ•ฉ๋‹ˆ๋‹ค.

Validating Peer์— ์ ‘์†
$ docker exec -it < Validating Peer ์ปจํ…Œ์ด๋„ˆ ID> bash

์ปจํ…Œ์ด๋„ˆ ์ ‘์† ํ›„
# cd peer
# vi peer.yaml

์„ค์ •์„ ์ €์žฅํ•˜๊ณ  ์•ž์„œ ํ•œ ๊ฒƒ๊ณผ ๊ฐ™์ด ์บ์‹œ๋ฅผ ์‚ญ์ œํ•˜๊ณ  ์ปจํ…Œ์ด๋„ˆ์—์„œ ๋น ์ ธ๋‚˜์˜ต๋‹ˆ๋‹ค.

# rm -rf /var/hyperledger/*

docker commit์„ ํ†ตํ•ด ์ƒˆ๋กœ์šด ์ด๋ฏธ์ง€๋กœ ํƒœ๊น…ํ•ฉ๋‹ˆ๋‹ค.

$ docker commit < Validating Peer ์ปจํ…Œ์ด๋„ˆ ID > hyperledger/peer:1.3

์—ฌ๊ธฐ๊นŒ์ง€ ์™„๋ฃŒํ•˜์˜€์œผ๋ฉด ๋‹ค์Œ์˜ docker-compose ํŒŒ์ผ์„ ํ†ตํ•ด ์ปจํ…Œ์ด๋„ˆ๋ฅผ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค.
์•„๋ž˜์˜ docker-compose ํŒŒ์ผ์€ ํ•˜๋‚˜์˜ ๋ฉค๋ฒ„์‰ฝ ์„œ๋น„์Šค์™€ 2๊ฐœ์˜ peer๋กœ ๊ตฌ์„ฑ๋˜์–ด ์žˆ์Šต๋‹ˆ๋‹ค. ์ฐธ์กฐํ•˜์…”์„œ ํ…Œ์ŠคํŠธํ•˜๋Š” ํ™˜๊ฒฝ์— ๋งž์ถฐ ์ˆ˜์ •ํ•ด์„œ ์‚ฌ์šฉํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค.
๋Ÿฐํƒ€์ž„ ํ™˜๊ฒฝ ๊ตฌ์„ฑ์ด ์™„๋ฃŒ๋˜๊ณ  REST API๋ฅผ ํ†ตํ•œ ํ…Œ์ŠคํŠธ๋Š” http ๋Œ€์‹  https๋ฅผ ํ†ตํ•ด ํ˜ธ์ถœํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค.
๊ทธ๋ฆฌ๊ณ , REST client ํˆด์€ https ํ˜ธ์ถœ์„ ์œ„ํ•ด์„œ๋Š” ํด๋ผ์ด์–ธํŠธ์— SSL ์ธ์ฆ์„œ๋ฅผ ์„ค์ •ํ•˜๊ฑฐ๋‚˜, SSL ์ธ์ฆ์„œ validation ๊ธฐ๋Šฅ์„ disable ํ•ด์„œ ํ…Œ์ŠคํŠธํ•˜์‹œ๊ธฐ ๋ฐ”๋ž๋‹ˆ๋‹ค.
https://github.com/mjkong/blockchain_hyperledger/blob/master/docs/Setup/prodmode/2_peers/docker-compose.yml

membersrvc:
  image: hyperledger/membersrvc:1.0
  ports:
    - "7054:7054"
  hostname: membersrvc
  container_name: membersrvc
  command: membersrvc
vp0:
  image: hyperledger/peer:1.3
  ports:
    - "7050:7050"
    - "7051:7051"
    - "7053:7053"
  environment:
    - CORE_PEER_ADDRESSAUTODETECT=true
    - CORE_VM_ENDPOINT=https://192.168.99.100:2476
    - CORE_LOGGING_LEVEL=DEBUG
    - CORE_PEER_ID=vp0
    - CORE_PEER_PKI_ECA_PADDR=membersrvc:7054
    - CORE_PEER_PKI_TCA_PADDR=membersrvc:7054
    - CORE_PEER_PKI_TLSCA_PADDR=membersrvc:7054
    - CORE_SECURITY_ENABLED=true
    - CORE_SECURITY_ENROLLID=test_vp0
    - CORE_SECURITY_ENROLLSECRET=MwYpmSRjupbT
  hostname: vp0
  container_name: vp0
  links:
    - membersrvc
  command: sh -c "sleep 5; peer node start"
vp1:
  image: hyperledger/peer:1.3
  ports:
    - "7061:7061"
  environment:
    - CORE_PEER_ADDRESSAUTODETECT=true
    - CORE_VM_ENDPOINT=https://192.168.99.100:2476
    - CORE_LOGGING_LEVEL=DEBUG
    - CORE_PEER_ID=vp1
    - CORE_PEER_ADDRESS=0.0.0.0:7061
    - CORE_PEER_LISTENADDRESS=0.0.0.0:7061
    - CORE_PEER_PKI_ECA_PADDR=membersrvc:7054
    - CORE_PEER_PKI_TCA_PADDR=membersrvc:7054
    - CORE_PEER_PKI_TLSCA_PADDR=membersrvc:7054
    - CORE_SECURITY_ENABLED=true
    - CORE_SECURITY_ENROLLID=test_vp2
    - CORE_SECURITY_ENROLLSECRET=vQelbRvja7cJ
    - CORE_PEER_DISCOVERY_ROOTNODE=192.168.99.100:7051
  hostname: vp1
  container_name: vp1
  links:
    - membersrvc
    - vp0
  command: sh -c "sleep 5; peer node start"

4. ์ •๋ฆฌํ•˜๋ฉฐ

์—ฌ๊ธฐ๊นŒ์ง€ ๋ธ”๋ก์ฒด์ธ ๋„คํŠธ์›Œํฌ์˜ TLS ์„ค์ •์— ๋Œ€ํ•ด์„œ ์„ค๋ช…ํ•˜์˜€์Šต๋‹ˆ๋‹ค.
์ง€๊ธˆ๊นŒ์ง€์˜ ๋‚ด์šฉ์œผ๋ก  ๊ธฐ๋ณธ์ ์ธ ๋ธ”๋ก์ฒด์ธ ๋Ÿฐํƒ€์ž„ ํ™˜๊ฒฝ์„ ๊ตฌ์„ฑํ•˜๊ณ  ์ฒด์ธ์ฝ”๋“œ๋ฅผ ๋””ํ”Œ๋กœ์ดํ•ด์„œ REAT API๋ฅผ ํ†ตํ•ด ํ…Œ์ŠคํŠธํ•˜๋Š” ๊ณผ์ •์„ ๊ฐœ๋ฐœ๋ชจ๋“œ์™€ ์šด์˜๋ชจ๋“œ, ๊ทธ๋ฆฌ๊ณ  TLS ์ ์šฉ๋œ ํ™˜๊ฒฝ์—์„œ ์ง„ํ–‰ํ• ์ˆ˜ ์žˆ๋„๋ก ์„ค๋ช…ํ•˜์˜€์Šต๋‹ˆ๋‹ค.
์•ž์œผ๋กœ๋Š” 4๊ฐœ ์ด์ƒ์˜ Peer๋“ค๋กœ ๊ตฌ์„ฑํ•˜์—ฌ ํ•ฉ์˜ ์•Œ๊ณ ๋ฆฌ์ฆ˜์„ ์ ์šฉํ•˜๋Š” ๋ฐฉ๋ฒ•๊ณ  SDK๋ฅผ ํ™œ์šฉํ•˜์—ฌ ํด๋ผ์ด์–ธํŠธ ์–ดํ”Œ๋ฆฌ์ผ€์ด์…˜์„ ๊ฐœ๋ฐœํ•˜๋Š” ํ™˜๊ฒฝ ๊ตฌ์„ฑ์— ๋Œ€ํ•ด์„œ ์„ค๋ช…ํ•  ์˜ˆ์ •์ž…๋‹ˆ๋‹ค.
๋งŽ์€ ๊ธฐ๋Œ€ ๋ฐ”๋ž๋‹ˆ๋‹ค.