环境搭建demo如下:
- 现已完成
2020-07-30 15:12
- solo模式
- raft多组织
- raft单机部署
- raft多机部署
- 纯CA手动搭建raft
- go-sdk 实例化区块链网络
- 不行找我~~~~~,很自信,搭建过太多遍了:-(,遇到过很多问题~~~~
- 库
- 自己的chaincode个人库
- demo链接
自定义CA服务器搭建RAFT区块链网络
export DIRECTORY_NAME=/examples/blockchain/manualca
export DOMAIN=demo.com
export CERTIFICATE_DOMAIN=demo-com
mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/{artifacts,crypto-config,network}
mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/{caOrganizations,ordererOrganizations,peerOrganizations}
mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/{tls-ca,order-ca,org-ca}
搭建TLS服务器
-
mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/{tls-ca,order-ca,org-ca}
-
在tls中创建tls.ca.yaml,order-ca.yaml 和org-ca.yaml
-
tlsa-ca.yaml:
-
# ca-tls 服务器,用于控制所有的组织之间的交流 version: '2' networks: ca: services: tls.ca: container_name: tls.ca.${DOMAIN} image: hyperledger/fabric-ca:1.4.4 command: sh -c 'fabric-ca-server start -d -b admin:adminpw ' environment: - FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca - FABRIC_CA_SERVER_TLS_ENABLED=true - FABRIC_CA_SERVER_CSR_CN=ca-tls - FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0 - FABRIC_CA_SERVER_DEBUG=true volumes: - ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca:/tmp/hyperledger/fabric-ca ports: - 4052:7054 networks: ca:
-
-
启动 tls-ca: docker-compose -f tls-ca.yaml up -d
-
登记admin角色:
-
fabric-ca-client enroll -d -u https://admin:adminpw@0.0.0.0:4052 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/admin/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/ca-cert.pem
-
-
注册相关的节点信息:
fabric-ca-client register -d --id.name orderer0.${DOMAIN} --id.secret order0pw --id.type order --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:4052 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/admin/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/ca-cert.pem && \ fabric-ca-client register -d --id.name orderer1.${DOMAIN} --id.secret order1pw --id.type order --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:4052 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/admin/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/ca-cert.pem && \ fabric-ca-client register -d --id.name orderer2.${DOMAIN} --id.secret order2pw --id.type order --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:4052 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/admin/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/ca-cert.pem && \ fabric-ca-client register -d --id.name orderer3.${DOMAIN} --id.secret order3pw --id.type order --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:4052 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/admin/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/ca-cert.pem && \ fabric-ca-client register -d --id.name orderer4.${DOMAIN} --id.secret order4pw --id.type order --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:4052 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/admin/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/ca-cert.pem && \ fabric-ca-client register -d --id.name peer1.${DOMAIN} --id.secret peer1pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' -u https://0.0.0.0:4052 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/admin/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/ca-cert.pem && \ fabric-ca-client register -d --id.name peer2.${DOMAIN} --id.secret peer2pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' -u https://0.0.0.0:4052 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/admin/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/ca-cert.pem
-
搭建并且启动order的ca服务器
-
prepare
-
mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/{ca,orderers,tlsca,users}/
-
启动order-ca
-
yaml配置文件为:
-
# ca-order 服务器,用于控制orderer节点 version: '2' networks: ca: services: order.ca: container_name: orderer.ca.${DOMAIN} image: hyperledger/fabric-ca:1.4.4 command: sh -c 'fabric-ca-server start -d -b admin:adminpw' environment: - FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca - FABRIC_CA_SERVER_TLS_ENABLED=true - FABRIC_CA_SERVER_CSR_CN=ca-order - FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0 - FABRIC_CA_SERVER_DEBUG=true volumes: - ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/order-ca:/tmp/hyperledger/fabric-ca ports: - 4053:7054 networks: ca:
-
-
docker-compose -f order-ca.yaml up -d
-
-
复制order的 ca的根证书文件到msp目录下
-
cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/order-ca/ca-cert.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt
-
-
复制
tls 服务器
的根证书到 tlscacerts下-
cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/ca-cert.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/tlsca/ca.crt
-
-
-
登记order的admin角色:
-
fabric-ca-client enroll -d -u https://admin:adminpw@0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt
-
为了方便后续的使用,这里将admin用户的msp 证书相关文件 取别名:尤其是sdk的使用
-
cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/cacerts/*.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/ca.crt cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/signcerts/*.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/server.crt cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/keystore/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/server.key
-
-
-
创建config.yaml:
很重要
-
echo \ 'NodeOUs: Enable: true ClientOUIdentifier: Certificate: cacerts/0-0-0-0-4053.pem OrganizationalUnitIdentifier: client PeerOUIdentifier: Certificate: cacerts/0-0-0-0-4053.pem OrganizationalUnitIdentifier: peer AdminOUIdentifier: Certificate: cacerts/0-0-0-0-4053.pem OrganizationalUnitIdentifier: admin OrdererOUIdentifier: Certificate: cacerts/0-0-0-0-4053.pem OrganizationalUnitIdentifier: orderer ' > ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/config.yaml
-
-
注册相关的节点信息
-
fabric-ca-client register -d --id.name orderer0.${DOMAIN} --id.secret orderer0pw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt && \ fabric-ca-client register -d --id.name orderer1.${DOMAIN} --id.secret orderer1pw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt && \ fabric-ca-client register -d --id.name orderer2.${DOMAIN} --id.secret orderer2pw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt && \ fabric-ca-client register -d --id.name orderer3.${DOMAIN} --id.secret orderer3pw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt && \ fabric-ca-client register -d --id.name orderer4.${DOMAIN} --id.secret orderer4pw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt
-
注册admin用户: 这一步与官网的不同, 这步需要使用admin角色的才可以
-
fabric-ca-client register -d --id.name Admin@${DOMAIN} --id.secret adminpw --id.type admin --id.attrs "hf.Registrar.Roles=admin,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" -u https://0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt
-
-
获取各个节点
-
mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/{orderer0.${DOMAIN},orderer1.${DOMAIN},orderer2.${DOMAIN},orderer3.${DOMAIN},orderer4.${DOMAIN}}
-
fabric-ca-client enroll -d -u https://orderer0.${DOMAIN}:orderer0pw@0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt && \ fabric-ca-client enroll -d -u https://orderer1.${DOMAIN}:orderer1pw@0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt && \ fabric-ca-client enroll -d -u https://orderer2.${DOMAIN}:orderer2pw@0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt && \ fabric-ca-client enroll -d -u https://orderer3.${DOMAIN}:orderer3pw@0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt && \ fabric-ca-client enroll -d -u https://orderer4.${DOMAIN}:orderer4pw@0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt
-
-
获取各个节点的tls证书:
-
fabric-ca-client enroll -d -u https://orderer0.${DOMAIN}:order0pw@0.0.0.0:4052 --enrollment.profile tls --csr.hosts orderer0.${DOMAIN} -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/tls --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/tlsca/ca.crt && \ fabric-ca-client enroll -d -u https://orderer1.${DOMAIN}:order1pw@0.0.0.0:4052 --enrollment.profile tls --csr.hosts orderer1.${DOMAIN} -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/tls --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/tlsca/ca.crt && \ fabric-ca-client enroll -d -u https://orderer2.${DOMAIN}:order2pw@0.0.0.0:4052 --enrollment.profile tls --csr.hosts orderer2.${DOMAIN} -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/tls --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/tlsca/ca.crt && \ fabric-ca-client enroll -d -u https://orderer3.${DOMAIN}:order3pw@0.0.0.0:4052 --enrollment.profile tls --csr.hosts orderer3.${DOMAIN} -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/tls --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/tlsca/ca.crt && \ fabric-ca-client enroll -d -u https://orderer4.${DOMAIN}:order4pw@0.0.0.0:4052 --enrollment.profile tls --csr.hosts orderer4.${DOMAIN} -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/tls --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/tlsca/ca.crt
-
更改tls下的几个文件名字,方便编写
-
cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/tls/tlscacerts/*.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/tls/ca.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/tls/signcerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/tls/server.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/tls/keystore/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/tls/server.key && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/tls/tlscacerts/*.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/tls/ca.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/tls/signcerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/tls/server.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/tls/keystore/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/tls/server.key && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/tls/tlscacerts/*.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/tls/ca.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/tls/signcerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/tls/server.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/tls/keystore/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/tls/server.key && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/tls/tlscacerts/*.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/tls/ca.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/tls/signcerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/tls/server.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/tls/keystore/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/tls/server.key && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/tls/tlscacerts/*.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/tls/ca.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/tls/signcerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/tls/server.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/tls/keystore/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/tls/server.key
-
-
在各自的msp文件夹下创建tlscacerts
-
mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/msp/tlscacerts && \ mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/msp/tlscacerts && \ mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/msp/tlscacerts && \ mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/msp/tlscacerts && \ mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/msp/tlscacerts
-
将tls下的tls文件移过去
不然启动不了
-
cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/tls/tlscacerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/msp/tlscacerts/tlsca.pem && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/tls/tlscacerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/msp/tlscacerts/tlsca.pem && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/tls/tlscacerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/msp/tlscacerts/tlsca.pem && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/tls/tlscacerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/msp/tlscacerts/tlsca.pem && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/tls/tlscacerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/msp/tlscacerts/tlsca.pem
-
组织下的msp文件创建tlscacert文件,并且复制,用于编写configtx.yaml
-
mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/tlscacerts && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/msp/tlscacerts/tlsca.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/tlscacerts/
-
复制config.yaml
-
cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/config.yaml ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/msp/ && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/config.yaml ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/msp/ && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/config.yaml ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/msp/ && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/config.yaml ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/msp/ && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/msp/config.yaml ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/msp/
-
-
-
获取admin用户的msp信息:
-
fabric-ca-client enroll -d -u https://Admin@${DOMAIN}:adminpw@0.0.0.0:4053 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/users/Admin@${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/ca/ca.crt
-
修改admin用户的证书文件名称:,
非必要
-
mv ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/users/Admin@${DOMAIN}/msp/signcerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/ordererOrganizations/${DOMAIN}/users/Admin@${DOMAIN}/msp/signcerts/Admin@${DOMAIN}-cert.pem
-
-
启动组织的ca服务器
-
prepare:
-
mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/{ca,tlsca,peers,users}
-
-
启动组织的ca服务器
-
Yaml:
-
version: '2' networks: ca: services: org.ca: container_name: org.ca.${DOMAIN} image: hyperledger/fabric-ca:1.4.4 command: sh -c 'fabric-ca-server start -d -b admin:adminpw' environment: - FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca - FABRIC_CA_SERVER_TLS_ENABLED=true - FABRIC_CA_SERVER_CSR_CN=ca-demo - FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0 - FABRIC_CA_SERVER_DEBUG=true volumes: - ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/org-ca:/tmp/hyperledger/fabric-ca ports: - 4054:7054 networks: ca:
-
-
-
将ca服务器的根证书 和 tls服务器的根证书移动到组织下
-
cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/org-ca/ca-cert.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/ca/ && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/caOrganizations/tls-ca/ca-cert.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/tlsca/
-
-
登记admin用户并且重新命名一些文件:
-
fabric-ca-client enroll -d -u https://admin:adminpw@0.0.0.0:4054 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/ca/ca-cert.pem && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp/cacerts/*.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp/ca.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp/signcerts/*.pem ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp/server.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp/keystore/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp/server.key
-
-
注册节点和相关用户
-
fabric-ca-client register -d --id.name peer1.${DOMAIN} --id.secret peer1pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' -u https://0.0.0.0:4054 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/ca/ca-cert.pem && \ fabric-ca-client register -d --id.name peer2.${DOMAIN} --id.secret peer2pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' -u https://0.0.0.0:4054 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/ca/ca-cert.pem && \ fabric-ca-client register -d --id.name Admin@${DOMAIN} --id.secret adminpw --id.type admin --id.attrs '"hf.Registrar.Roles=admin"' -u https://0.0.0.0:4054 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/ca/ca-cert.pem && \ fabric-ca-client register -d --id.name User0@${DOMAIN} --id.secret user0pw --id.type client -u https://0.0.0.0:4054 --id.attrs '"hf.Registrar.Roles=client"' -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/ca/ca-cert.pem
-
-
登记msp证书
-
创建文件夹
-
mkdir -p ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/{peer1.${DOMAIN},peer2.${DOMAIN}}
-
-
登记msp证书
-
fabric-ca-client enroll -d -u https://peer1.${DOMAIN}:peer1pw@0.0.0.0:4054 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/ca/ca-cert.pem && \ fabric-ca-client enroll -d -u https://peer2.${DOMAIN}:peer2pw@0.0.0.0:4054 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/ca/ca-cert.pem fabric-ca-client enroll -d -u https://Admin@${DOMAIN}:adminpw@0.0.0.0:4054 -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/users/Admin@${DOMAIN}/msp --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/ca/ca-cert.pem
-
复制config.yaml到各个节点下
-
echo \ 'NodeOUs: Enable: true ClientOUIdentifier: Certificate: cacerts/0-0-0-0-4054.pem OrganizationalUnitIdentifier: client PeerOUIdentifier: Certificate: cacerts/0-0-0-0-4054.pem OrganizationalUnitIdentifier: peer AdminOUIdentifier: Certificate: cacerts/0-0-0-0-4054.pem OrganizationalUnitIdentifier: admin OrdererOUIdentifier: Certificate: cacerts/0-0-0-0-4054.pem OrganizationalUnitIdentifier: orderer ' > ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp/config.yaml
-
复制config.yaml到各个节点和用户下:
-
cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp/config.yaml ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/msp && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp/config.yaml ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/msp && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/msp/config.yaml ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/users/Admin@${DOMAIN}/msp
-
admin用户下的证书签名需要将其修改名字为 用户@域名-cert.pem形式,sdk注册的形式需要
当与sdk的yaml配置也有关系
-
mv ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/users/Admin@${DOMAIN}/msp/signcerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/users/Admin@${DOMAIN}/msp/signcerts/Admin@${DOMAIN}-cert.pem
-
-
登记tls证书
-
fabric-ca-client enroll -d -u https://peer1.${DOMAIN}:peer1pw@0.0.0.0:4052 --enrollment.profile tls --csr.hosts peer1.${DOMAIN} -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/tls --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/tlsca/ca-cert.pem && \ fabric-ca-client enroll -d -u https://peer2.${DOMAIN}:peer2pw@0.0.0.0:4052 --enrollment.profile tls --csr.hosts peer2.${DOMAIN} -M ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/tls --tls.certfiles ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/tlsca/ca-cert.pem
-
修改tls证书名和密钥
-
cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/tls/tlscacerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/tls/ca.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/tls/signcerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/tls/server.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/tls/keystore/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/tls/server.key && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/tls/tlscacerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/tls/ca.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/tls/signcerts/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/tls/server.crt && \ cp ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/tls/keystore/* ${GOPATH}/src/${DIRECTORY_NAME}/crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/tls/server.key
-
-
编写configtx.yaml
---
Organizations:
- &OrdererOrg
Name: OrdererMSP
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/demo.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org0
Name: Org0MSP
ID: Org0MSP
MSPDir: crypto-config/peerOrganizations/demo.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org0MSP.admin', 'Org0MSP.peer', 'Org0MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org0MSP.admin', 'Org0MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org0MSP.admin')"
AnchorPeers:
- Host: peer1.demo.com
Port: 11051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer0.demo.com:5050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
SoloOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org0
DemoChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org0
Capabilities:
<<: *ApplicationCapabilities
OrdererSoloGenesis:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: solo
Addresses:
- orderer0.demo.com:5050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org0
OrdererRaftGenesis:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer0.demo.com
Port: 5050
ClientTLSCert: crypto-config/ordererOrganizations/demo.com/orderers/orderer0.demo.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/demo.com/orderers/orderer0.demo.com/tls/server.crt
- Host: orderer1.demo.com
Port: 5051
ClientTLSCert: crypto-config/ordererOrganizations/demo.com/orderers/orderer1.demo.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/demo.com/orderers/orderer1.demo.com/tls/server.crt
- Host: orderer2.demo.com
Port: 5052
ClientTLSCert: crypto-config/ordererOrganizations/demo.com/orderers/orderer2.demo.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/demo.com/orderers/orderer2.demo.com/tls/server.crt
- Host: orderer3.demo.com
Port: 5053
ClientTLSCert: crypto-config/ordererOrganizations/demo.com/orderers/orderer3.demo.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/demo.com/orderers/orderer3.demo.com/tls/server.crt
- Host: orderer4.demo.com
Port: 5054
ClientTLSCert: crypto-config/ordererOrganizations/demo.com/orderers/orderer4.demo.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/demo.com/orderers/orderer4.demo.com/tls/server.crt
Addresses:
- orderer0.demo.com:5050
- orderer1.demo.com:5051
- orderer2.demo.com:5052
- orderer3.demo.com:5053
- orderer4.demo.com:5054
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org0
-
生成相关配置文件:
-
#!/usr/bin/env bash if [[ ! -d "artifacts" ]]; then mkdir artifacts else rm -rf artifacts/* fi export FABRIC_CFG_PATH=${GOPATH}/src/${DIRECTORY_NAME} if [[ $? -ne 0 ]]; then echo "生成证书失败" exit -1 fi echo "solo 创世快" configtxgen --profile OrdererSoloGenesis -channelID sysdemochannel -outputBlock ./artifacts/orderer.solo.genesis.block echo "初始化创世块" configtxgen --profile OrdererRaftGenesis -channelID sysdemochannel -outputBlock ./artifacts/orderer.genesis.block echo "生成channel的配置信息" configtxgen --profile DemoChannel -outputCreateChannelTx ./artifacts/demochannel.tx -channelID demochannel echo "生成组织1的锚节点信息" configtxgen --profile DemoChannel -outputAnchorPeersUpdate ./artifacts/demomspanchors.tx -channelID demochannel -asOrg Org0MSP
-
启动整个网络
-
orderer:
-
注意: order 需要在添加 extra_hosts 映射,因为默认端口是7050,而我们并没有重新配置5050,并且在confitx.yaml指定的端口也不是5050,所以自己需要额外指定hosts
-
version: '2' networks: vlink: services: orderer0: container_name: orderer0.${DOMAIN} extends: file: ../base/peer-base.yaml service: orderer-base ports: - "5050:7050" volumes: - ../../artifacts:/var/hyperledger/configtx - ../../artifacts/orderer.genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ../../crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/msp:/var/hyperledger/orderer/msp - ../../crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer0.${DOMAIN}/tls:/var/hyperledger/orderer/tls - ../../crypto-config/ordererOrganizations/${DOMAIN}/tlsca:/var/hyperledger/tlsca # - /tmp/hyperledger/production/orderer0:/var/hyperledger/production networks: vlink: orderer1: container_name: orderer1.${DOMAIN} extends: file: ../base/peer-base.yaml service: orderer-base ports: - "5051:7050" volumes: - ../../artifacts:/var/hyperledger/configtx - ../../artifacts/orderer.genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ../../crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/msp:/var/hyperledger/orderer/msp - ../../crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer1.${DOMAIN}/tls:/var/hyperledger/orderer/tls - ../../crypto-config/ordererOrganizations/${DOMAIN}/tlsca:/var/hyperledger/tlsca # - /tmp/hyperledger/production/orderer1:/var/hyperledger/production networks: vlink: orderer2: container_name: orderer2.${DOMAIN} extends: file: ../base/peer-base.yaml service: orderer-base ports: - "5052:7050" volumes: - ../../artifacts:/var/hyperledger/configtx - ../../artifacts/orderer.genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ../../crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/msp:/var/hyperledger/orderer/msp - ../../crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer2.${DOMAIN}/tls:/var/hyperledger/orderer/tls - ../../crypto-config/ordererOrganizations/${DOMAIN}/tlsca:/var/hyperledger/tlsca # - /tmp/hyperledger/production/orderer2:/var/hyperledger/production networks: vlink: orderer3: container_name: orderer3.${DOMAIN} extends: file: ../base/peer-base.yaml service: orderer-base ports: - "5053:7050" volumes: - ../../artifacts:/var/hyperledger/configtx - ../../artifacts/orderer.genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ../../crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/msp:/var/hyperledger/orderer/msp - ../../crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer3.${DOMAIN}/tls:/var/hyperledger/orderer/tls - ../../crypto-config/ordererOrganizations/${DOMAIN}/tlsca:/var/hyperledger/tlsca # - /tmp/hyperledger/production/orderer3:/var/hyperledger/production networks: vlink: orderer4: container_name: orderer4.${DOMAIN} extends: file: ../base/peer-base.yaml service: orderer-base ports: - "5054:7050" volumes: - ../../artifacts:/var/hyperledger/configtx - ../../artifacts/orderer.genesis.block:/var/hyperledger/orderer/orderer.genesis.block - ../../crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/msp:/var/hyperledger/orderer/msp - ../../crypto-config/ordererOrganizations/${DOMAIN}/orderers/orderer4.${DOMAIN}/tls:/var/hyperledger/orderer/tls - ../../crypto-config/ordererOrganizations/${DOMAIN}/tlsca:/var/hyperledger/tlsca # - /tmp/hyperledger/production/orderer4:/var/hyperledger/production networks: vlink:
-
-
Peer:
-
version: '2' networks: vlink: services: peer1: container_name: peer1.${DOMAIN} extends: file: ../base/peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer1.${DOMAIN} - CORE_PEER_ADDRESS=peer1.${DOMAIN}:11051 - CORE_PEER_LISTENADDRESS=0.0.0.0:11051 - CORE_PEER_CHAINCODEADDRESS=peer1.${DOMAIN}:11052 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052 - CORE_PEER_GOSSIP_BOOTSTRAP=peer2.${DOMAIN}:11061 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.${DOMAIN}:11051 - CORE_PEER_LOCALMSPID=VlinkOrgMSP ports: - "11051:11051" - "11052:11052" volumes: - /var/run/:/host/var/run/ - ../../crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/msp:/etc/hyperledger/fabric/msp - ../../crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/tls:/etc/hyperledger/fabric/tls # - /tmp/hyperledger/production/peer0:/var/hyperledger/production networks: vlink: peer2: container_name: peer2.${DOMAIN} extends: file: ../base/peer-base.yaml service: peer-base environment: - CORE_PEER_ID=peer2.${DOMAIN} - CORE_PEER_ADDRESS=peer2.${DOMAIN}:11061 - CORE_PEER_LISTENADDRESS=0.0.0.0:11061 - CORE_PEER_CHAINCODEADDRESS=peer2.${DOMAIN}:11062 - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11062 - CORE_PEER_GOSSIP_BOOTSTRAP=peer2.${DOMAIN}:11051 - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2.${DOMAIN}:11061 - CORE_PEER_LOCALMSPID=VlinkOrgMSP ports: - "11061:11061" - "11062:11062" volumes: - /var/run/:/host/var/run/ - ../../crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/msp:/etc/hyperledger/fabric/msp - ../../crypto-config/peerOrganizations/${DOMAIN}/peers/peer2.${DOMAIN}/tls:/etc/hyperledger/fabric/tls # - /tmp/hyperledger/production/peer1:/var/hyperledger/production networks: vlink: cli: container_name: cli image: hyperledger/fabric-tools:1.4.4 tty: true stdin_open: true environment: - SYS_CHANNEL=sysdemochannel - GOPATH=/opt/gopath - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock #- FABRIC_LOGGING_SPEC=DEBUG - FABRIC_LOGGING_SPEC=INFO - CORE_PEER_ID=cli - CORE_PEER_ADDRESS=peer1.${DOMAIN}:11051 - CORE_PEER_LOCALMSPID=Org0MSP - CORE_PEER_TLS_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/var/hyperledger/fabric/tls/server.crt - CORE_PEER_TLS_KEY_FILE=/var/hyperledger/fabric/tls/server.key - CORE_PEER_TLS_ROOTCERT_FILE=/var/hyperledger/fabric/tls/ca.crt - CORE_PEER_MSPCONFIGPATH=/var/hyperledger/fabric/msp working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer command: /bin/bash volumes: - /var/run/:/host/var/run/ - ../../../v2/vlink-chaincodes:/opt/gopath/src/github.com/hyperledger/fabric/chaincode - ../../crypto-config/peerOrganizations/${DOMAIN}/peers/peer1.${DOMAIN}/tls:/var/hyperledger/fabric/tls - ../../crypto-config/peerOrganizations/${DOMAIN}/users/peer1.${DOMAIN}/msp:/var/hyperledger/fabric/msp - ../../crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ - ../../artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/artifacts networks: vlink: extra_hosts: - "orderer0.demo.com:172.224.2.2" - "orderer1.demo.com:172.224.2.2" - "orderer2.demo.com:172.224.2.2" - "orderer3.demo.com:172.224.2.2" - "orderer4.demo.com:172.224.2.2"
-
命令行的形式部署
-
docker exec -it cli /bin/bash export DOMAIN=demo.com && \ export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/demo.com/users/Admin@demo.com/msp && \ peer channel create -o orderer0.${DOMAIN}:5050 -c demochannel -f ../peer/artifacts/demochannel.tx --tls true --cafile /var/hyperledger/fabric/tls/ca.crt && \ sleep 10 && \ peer channel join -b ${PWD}/demochannel.block && \ peer chaincode install -n democc -v 1.0 -p github.com/hyperledger/fabric/chaincode/ && \ peer chaincode instantiate -C demochannel -n democc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -o orderer0.${DOMAIN}:5050 --tls --cafile /var/hyperledger/fabric/tls/ca.crt && \ peer chaincode invoke -C demochannel -n democc -c '{"Args":["invoke","a","b","10"]}' --tls --cafile /var/hyperledger/fabric/tls/ca.crt
SDK的形式部署
- 详情请看github连接
遇到的问题
- joinchannel的是时候提示:
- Error: proposal failed (err: rpc error: code = Unknown desc = access denied: channel [] creator org [Org0MSP])
- 解决方法: 在docker文件中 msp错误
- endorsement failure during invoke. response: status:500 message:"make sure the chaincode democc has been successfully instantiated and try again: chaincode democc not found
- 安装了却报错,原因在于缓存
- 解决方法:
-
- docker images 删除之前的缓存即可
- 如果是raft模式,create channel 之后要等待一定时间,等待raft选举完毕
-
问题
- order和 ledger的关系
Channel
-
channel: 不同的公司有不同的业务,因此需要创建多种channel
-
channel是多个成员之间,以机密交易为目的而建立的
私网 -
每个channel都要维护自己的账本,账本和账本之间都是隔离的(通过peer维护)
-
一个channel 可以部署多个cc,不同的cc可以进行互相调用
-
不同的channel之间也可以互相调用,不同的channel之间可以读数据,但是暂时不可以写数据
Fabric Peer
-
区块链网络 由一系列peer节点组成
-
peer是整个区块链网络的基础
- 是
账本和智能合约的基础(载体)
- 是
-
一个peer可以连接多个channel,(
channel:不同公司有不同业务,因而需要创建多种联盟链(channel)
) -
peer上可以安装多种智能合约,同时当事件完成时会发送事件给client端
-
peer的分类:
- Endorser节点(背书节点):
- Commit节点(记账节点):
-
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-VmNBJBxC-1572951195863)(/Users/joker/Desktop/个人/区块链/架构设计参考/交易流程.png)]:
-
- (Endorser节点) 当Endorser节点收到交易请求之后
- (Endorser节点) Endorser节点会先模拟交易请求(
但并不会更新worldstate
) - (Endorser节点) 将结果加密返回给Client端
- (Client) Client端收到resp之后,会将resp submit给Order节点
- (Order节点) Order节点收到resp之后,打包然后发送给 commit节点(记账节点)
- (Commit节点) **commit节点(记账节点)**收到Order节点commit信息之后,会进行一系列的校验操纵
- (Commit节点) commit节点,将 transacttion commit到worldstate,更新区块链数据
- (Commit节点) commit节点最终通知client端,交易失败还是成功
- commit节点如何判断一个交易是成功还是失败:
- 通过Endorsing Policy(背书策略)
-
-
Endorsing Policy背书策略:
-
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-5W1WZUPP-1572951195866)(/Users/joker/Desktop/个人/区块链/架构设计参考/交易校验流程.png)]
- 每个cc deploy的时候,都会
安装背书策略
- Endorser节点: 当模拟执行交易完毕之后,通过ESCC对执行结果进行加密
- Commit节点: 通过VSCC 背书策略对交易判断是否合理
- 每个cc deploy的时候,都会
-
背书策略的指定:(cc实例化的时候指定)
-
peer chaincode instantiate -C mychannel (指定channel的名字) -n mycc (指定cc的名字) -v 1.0 (指定版本信息) -p chaincode_example002 -c '{"Args":["init":1]}' (指定初始化数据的内容) -P "AND('Org1MSP.member')" (指定背书策略)
-
-
Fabric Ledger:
- 有序的,不可修改的,历史交易记录
- 有2部分组成:
- [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-YYnCxbbf-1572951195867)(/Users/joker/Desktop/个人/区块链/架构设计参考/账本组成-区块.png)]
- 区块:
- 保存了区块配置信息
- WorldState: 维护账本的当前状态,方便Application快速查询
区块的组成:
-
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-syox1UVs-1572951195868)(/Users/joker/Desktop/个人/区块链/架构设计参考/区块结构.png)]
-
区块头部:
- 区块Number:
- 当前区块Hash: 对当前区块中的所有tx进行加密然后处理得到的数据
- 上一个区块的Hash
-
区块数据:包含交易信息
- [外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-xvdM0vgz-1572951195869)(/Users/joker/Desktop/个人/区块链/架构设计参考/交易-数据结构.png)]
- Header里面包含了:
- cc的名字
- version:版本
- …
- 签名: client用户的签名
- proposal: client端给endorser节点发送的proposal,主要为input的参数
- Response: 执行结果前的数据和执行结果后的数据
- Endorsements: 每个背书节点返回的结果集,(
如若背书策略中指定3个org,则这里存了3个endorsements
)
-
区块元数据:
- 区块写入的时间
- 区块写入的人
- 区块写入的签名等
WorldState
-
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-A29rjtGd-1572951195871)(/Users/joker/Desktop/个人/区块链/架构设计参考/WorldState数据结构.png)]
-
当Query的时候,直接从WorldState中去获取数据,
当被修改一次之后,version就会被增加
智能合约
-
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-usvU8mpa-1572951195873)(/Users/joker/Desktop/个人/区块链/架构设计参考/智能合约.png)]
-
定义各个不同的organization之间的业务规则
-
智能合约就是来创建transaction
ChainCode
- 当智能合约编写完毕,则需要打包成ChainCode
- 一个ChainCode包含多种智能合约
智能合约与账本的交互
-
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-jlveOwjH-1572951195874)(/Users/joker/Desktop/个人/区块链/架构设计参考/智能合约与账本的交互.png)]
-
智能合约也能发送events
ChainCode的生命周期:
-
[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-6D2ZP0Z8-1572951195874)(/Users/joker/Desktop/个人/区块链/架构设计参考/cc的生命周期.png)]
-
打包:
-
peer chaincode package -n mycc -p github.com/myhyperledger/chaincode (指定path) -v 1.0 mypack.out (打包的结果为mypack.out) 打包完毕之后就可以对其进行签名 peer chaincode signpackage ccpack.out signpack.out
-
-
安装: cc是安装在peer节点上的,一个peer节点可以安装多个cc
-
注意,cc必须安装在所有的endorser节点上
-
peer chaincode install signpack.out
-
-
实例化:
-
注意:
- 要setup 背书策略
-
peer chaincode instantiate -n mycc -v 1.0 -c '"Args":1' -P "AND('Orga.menber','Orgb.menber')"
-
-
运行:
-
peer chaincode query -C mychannel (指定channel名称) -n mycc (cc的名字) -c 参数
-
-
更新:
-
注意:
- 可以在任意时间都进行更新
- 更新之前,必须将最新的版本install到所有的背书节点上
- 多条channel与实例化的时候相同,只能一条一条来
-
peer chaincode upgrade -C mychannel -n mycc -v 2.0 -c 参数
-
系统链码(System Chaincode)
- LSCC(Life Cycle system chaincode):
- 专门处理cc的 lifecycle(打包,安装,升级等)
- CSCC(Configuration System ChainCode)
- 处理channel的配置信息
- QSCC(Query System Chaincode)
- 提供了账本相关的api
Gossip 协议
-
存在的起源: 为了优化网络性能,提高安全性,分为endorser节点,order节点和commit节点,每个tx在每种节点上用处不同,该网络解耦方式需要一种安全的协议
-
定义:
-
在gossipe 中,根据不同的功能,peer可以分为
- leader peer
- anchor peer
Leader peer
-
当有新的交易产生,连接order节点,拉取新的区块
-
将tx 发送给commit peer
-
选举方式:
-
静态指定
-
配置文件: peer: gossip: useLeaderElection: false orgLeader: true 将当前节点设置为leader节点
-
-
动态选取
-
通过发送心跳包
-
配置文件 peer: useLeaderElection: true orgLeader: false election: leaderAliveThreshold: 10s
-
-
Anchor peer
- 通过gossip 协议,使得不同的组织互相可知
私有数据 Private Data
-
!]外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传]()
-
- proposal到来
- endorser节点模拟执行
- private data存储到临时的数据库中
- 通过gossip协议,将数据传输到有权限的peer节点,当 达到一定数量之后,返回给client端, 这时候不会返回private data,只会是hash值,所以order节点看不到private data信息
- 当order 节点将信息发送给commit节点之后,commit节点除了validate还会校验private data的hash和临时数据库里的private data比较,最终将private data 从临时数据库中存储到真实的数据库中
{ "name":"ss", "policy":"AND('Orga.menber')", "requirePeerCount":2, // 当private data已经传播给其他的peer节点了,只有当至少传播给2个节点之后,endorser // 才可以返回给client,既上面的达到一定数量 "maxPeerCount":3, "blockToLive":1000000, "memberOnlyRead":true }