一.必备软件安装
作者是基于Linux虚拟机,使用centos7镜像进行部署的
1.安装git
yum命令安装:
sudo yum install -y git
使用命令查看git版本
git --version
2.安装cURL参考原文链接:https://blog.csdn.net/qq_43523315/article/details/109450135
wegt直接安装:
wget https://curl.haxx.se/download/curl-7.54.0.tar.gz
可能会出现报错:
解决办法:在后面加“--no-check-certificate”。(执行时候不验证SSL)
下载完成后解压到当前目录
tar -zxf curl-7.54.0.tar.gz
进入解压后的目录内
cd curl-7.54.0
安装与配置(这里分为三小步骤)
./configure #第一步检查错误,如果运行过程中出现错误,提示没有c相关的编译器,则执行"yum install gcc"命令。
make #第二步
make install #第三步查看安装是否成功
curl –-version
3.安装Go语言
命令安装:
wget https://golang.google.cn/dl/go1.14.4.linux-amd64.tar.gz
解压go包到/usr/local
tar -zxf go1.14.4.linux-amd64.tar.gz -C /usr/local
配置环境变量,vim指令编辑 /etc/profile
vim /etc/profile
在/etc/profile文件末尾添加以下配置
#golang config
#export GO111MODULE=on
export GOROOT=/usr/local/go
export GOPATH=/home/hyh/gopath
export PATH=$PATH:$GOROOT/bin:$GOPATH/bin
使换将变量配置生效,并查看golang的版本
source /etc/profile ==========使换将变量配置生效
go version ==========查看golang的版本
4.安装Docker 参考文章https://blog.csdn.net/heima005/article/details/127053152
安装需要的软件包, yum-util 提供yum-config-manager功能,另两个是devicemapper驱动依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
设置 yum 源
设置一个yum源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo(阿里仓库)
选择docker版本并安装
(1)查看可用版本有哪些
yum list docker-ce --showduplicates | sort -r(2)选择一个版本并安装:yum install docker-ce-版本号
yum -y install docker-ce-18.03.1.ce安装完成后启动docker并设置开机自启
systemctl start docker
systemctl enable docker查看docker安装版本
docker version注:Docker应用需要用到各种端口,逐一去修改防火墙设置。非常麻烦,因此建议大家直接关闭防火墙!
# 关闭
systemctl stop firewalld
# 禁止开机启动防火墙
systemctl disable firewalld5.安装docker -compose
下载:
sudo curl -L https://github.com/docker/compose/releases/download/1.29.2-rc1/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
有可能下载比较慢,出错了多运行几次代码
更改权限
sudo chmod +x /usr/local/bin/docker-compose查看版本
实在无法下载可采用pip安装:
安装依赖
yum -y install epel-release
安装 PIP
yum -y install python-pip
升级 PIP
pip install --upgrade pip查看pip版本
pip -V
安装 docker compose,自行更改版本号.
pip install -U docker-compose==1.24.1检查 docker compose 版本
docker-compose version二.环境搭建
1.首先创建文件夹
mkdir -p go/src/github.com/hyperledger/进入刚刚创建的文件夹内
cd go/src/github.com/hyperledger/
从github上拉取fabric的源码
git clone "https://github.com/hyperledger/fabric.git"
cd fabric/scripts/
执行:
这一步会下载官方的例子以及所需要的Docker镜像
sudo ./bootstrap.sh下载完成后会出现一个fabric-samples目录
cd 进入
cd fabric-samples
切换到test-network:
cd test-network/
启动测试网络:
./network.sh up
没有报错则说明测试网络启动成功
到这里说明你的fabric已经搭建好了
三.使用Fabric的测试网络
在test-network目录中,运行以下命令删除先前运行的所有容器或工程:
./network.sh down再执行以下命令来启动网络
./network.sh up1.创建一个通道
运行以下命令以创建一个默认名称为“ mychannel”的通道:
./network.sh up createChannel
出现Channel 'mychannel' joined说明创建成功
查看go环境
go env
创建频道后,您可以使用以下命令在通道上启动链码:
./network.sh deployCC -ccn basic -ccp ../asset-transfer-basic/chaincode-go -ccl go显示结果没有报错就说明启动成功了
2.与网络交互
在test-network目录下,将bin目录中二进制文件添加到CLI路径
export PATH=${PWD}/../bin:$PATH设置fabric-samples代码库中的FABRIC_CFG_PATH设置为指向其中的core.yaml文件:
export FABRIC_CFG_PATH=$PWD/../config/Org1peer 安装链码
# Environment variables for Org1
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=localhost:7051Org2peer 安装链码
# Environment variables for Org2
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=localhost:9051运行以下命令用一些资产来初始化账本:
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n basic --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"function":"InitLedger","Args":[]}'如果命令成功,您将观察到类似以下的输出:
-> INFO 001 Chaincode invoke successful. result: status:200
现在你可以用你的 CLI 工具来查询账本。运行以下指令来获取添加到通道账本的资产列表:
peer chaincode query -C mychannel -n basic -c '{"Args":["GetAllAssets"]}'如果成功,您将看到以下输出:
[
{"ID": "asset1", "color": "blue", "size": 5, "owner": "Tomoko", "appraisedValue": 300},
{"ID": "asset2", "color": "red", "size": 5, "owner": "Brad", "appraisedValue": 400},
{"ID": "asset3", "color": "green", "size": 10, "owner": "Jin Soo", "appraisedValue": 500},
{"ID": "asset4", "color": "yellow", "size": 10, "owner": "Max", "appraisedValue": 600},
{"ID": "asset5", "color": "black", "size": 15, "owner": "Adriana", "appraisedValue": 700},
{"ID": "asset6", "color": "white", "size": 15, "owner": "Michel", "appraisedValue": 800}
]
当一个网络成员希望在账本上转一些或者改变一些资产,链码会被调用。使用以下的指令来通过调用 asset-transfer (basic) 链码改变账本上的资产所有者:
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n basic --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"function":"TransferAsset","Args":["asset6","Christopher"]}'你可以查询运行在 peer0.org2.example.com asset-transfer (basic) 链码:
peer chaincode query -C mychannel -n basic -c '{"Args":["ReadAsset","asset6"]}'结果显示 "asset6" 转给了 Christopher:
{"ID":"asset6","color":"white","size":15,"owner":"Christopher","appraisedValue":800}
使用完测试网络后,您可以使用以下命令关闭网络:
./network.sh down该命令将停止并删除节点和链码容器,删除组织加密材料,并从Docker Registry移除链码镜像。 该命令还删除之前运行的通道项目和docker卷。
四.java合约开发
1.安装链码
先启动测试网络
./network.sh up再创建一个channel
./network.sh up createChannel重新打开一个终端
在fabric-samples目录创建一个chaincode文件夹
mkdir chaincode
进入该文件夹
cd chaincode
下载java合约源码,我使用的是该作者的代码
git clone https://gitee.com/kernelHP/hyperledger-fabric-contract-java-demo.gitls查看文件后进入子目录
cd hyperledger-fabric-contract-java-demo
回到刚刚创建channel的终端,安装该合约
export PATH=${PWD}/../bin:$PATHexport FABRIC_CFG_PATH=$PWD/../config/
peer lifecycle chaincode package hyperledger-fabric-contract-java-demo.tar.gz --path ../chaincode/hyperledger-fabric-contract-java-demo/ --lang java --label hyperledger-fabric-contract-java-demo_1 会出现 hyperledger-fabric-contract-java-demo.tar.gz
Org1peer 安装链码
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=localhost:7051使用peer lifecycle chaincode install 在peer节点上安装链码,这里会比较慢(注:有墙的请科学上网)
peer lifecycle chaincode install hyperledger-fabric-contract-java-demo.tar.gz显示超时可以不用管
再次重复执行
peer lifecycle chaincode install hyperledger-fabric-contract-java-demo.tar.gz只要显示chaincode already successfully installde已经安装就说明安装好了
同样的在Org2peer 安装链码
# Environment variables for Org2
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=localhost:9051peer lifecycle chaincode install hyperledger-fabric-contract-java-demo.tar.gz2.通过链码定义
都安装完成后,查看包ID
peer lifecycle chaincode queryinstalled
批准链码的时候使用包 ID,将其保存为环境变量(复制自己的ID)
export CC_PACKAGE_ID=hyperledger-fabric-contract-java-demo_1:54a21ac334812b0505cd548f1aed0bc0a7b603eef44c98a17ef05f004737b451Org2通过链码定义
peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --channelID mychannel --name hyperledger-fabric-contract-java-demo --version 1.0 --package-id $CC_PACKAGE_ID --sequence 1 --tls --cafile "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
Org1通过链码定义
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_ADDRESS=localhost:7051peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --channelID mychannel --name hyperledger-fabric-contract-java-demo --version 1.0 --package-id $CC_PACKAGE_ID --sequence 1 --tls --cafile "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
3.将链码定义提交给通道
先使用peer lifecycle chaincode checkcommitreadiness命令检查通道成员是否已批准的链码定义
peer lifecycle chaincode checkcommitreadiness --channelID mychannel --name hyperledger-fabric-contract-java-demo --version 1.0 --sequence 1 --tls --cafile "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem" --output json
使用 peer lifecycle chaincode commit命令将链码定义提交到通道
peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --channelID mychannel --name hyperledger-fabric-contract-java-demo --version 1.0 --sequence 1 --tls --cafile "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem" --peerAddresses localhost:7051 --tlsRootCertFiles "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt" --peerAddresses localhost:9051 --tlsRootCertFiles "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt"
再使用peer lifecycle chaincode querycommitted命令确认链码定义已经提交到通道。
peer lifecycle chaincode querycommitted --channelID mychannel --name hyperledger-fabric-contract-java-demo --cafile "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"
可以看到链码已经成功提交到了通道上
4.调用链码
(1)执行一个查询操作:
peer chaincode query -C mychannel -n hyperledger-fabric-contract-java-demo -c '{"Args":["queryCat" , "cat-0"]}'
源代码查询如下:
而 cat-0是不存在的所以会出现合约中定义的500错误
(2)执行一个新增操作
源代码如下
peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n hyperledger-fabric-contract-java-demo --peerAddresses localhost:7051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses localhost:9051 --tlsRootCertFiles ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"function":"createCat","Args":["cat-0" , "tom" , "3" , "蓝色" , "大懒猫"]}'
再次查询cat-0:
peer chaincode query -C mychannel -n hyperledger-fabric-contract-java-demo -c '{"Args":["queryCat" , "cat-0"]}'
已经有了数据,说明添加成功
到这里说明链码已经调用成功了
五.在java应用中访问合约
前提:fabric测试网络已经成功运行起来并且合约已经成功安装
打开idea,使用idea 打开该项目(该项目是maven框架)
因为是历史版本,所以直接clone不行,直接下载该压缩包,再用idea打开
下载完成后:
在test-network目录下
将organizations目录下的ordererOrganizations和peerOrganizations复制出来
放到idea中resources下(注:下载的项目已经有了也要替换成自己的)
接下来我们还需要一个连接配置文件,我这里是json格式的文件
我们需要对它进行一些修改:ip地址需要改成自己的ip,还有一些读取文件的路径也需要改成自己的:
像这里的url就要改成自己的虚拟机ip,冒号后面的端口号不用修改
还有这些文件路径
都要改成自己对应的
配置完成后启动项目测试:
使用postman调用测试
先调用一个创建:
成功
查询:
成功
修改:(修改颜色和年龄)
成功
再次查询:
删除:
成功
再次查询:
报错了,在合约代码中代码逻辑是查不到就会报错,没问题
六.搭建多机网络生成身份文件
我在主机上下载了Xshell,和XFTP便于主机与虚拟机之间文件的传输
在fabric目录下创建一个新的文件夹
在该目录下载下hyperledger-fabric-linux-amd64二进制文件包
下载完后解压该文件
进入bin目录
输入指令
./cryptogen showtemplate将返回的信息保存为一个yaml文件
./cryptogen showtemplate > ../crypto-config.yaml
这个yaml文件是生成身份信息的前置文件
编辑该文件
vim crypto-config.yaml
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer0
- Hostname: orderer1
- Hostname: orderer2
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "CA"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of the CA for this
# organization. This entry is a Spec. See "Specs" section below for details.
# ---------------------------------------------------------------------------
# CA:
# Hostname: ca # implicitly ca.org1.example.com
# Country: US
# Province: California
# Locality: San Francisco
# OrganizationalUnit: Hyperledger Fabric
# StreetAddress: address for org # default nil
# PostalCode: postalCode for org # default nil
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# - SANS: (Optional) Specifies one or more Subject Alternative Names
# to be set in the resulting x509. Accepts template
# variables {{.Hostname}}, {{.Domain}}, {{.CommonName}}. IP
# addresses provided here will be properly recognized. Other
# values will be taken as DNS names.
# NOTE: Two implicit entries are created for you:
# - {{ .CommonName }}
# - {{ .Hostname }}
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# SANS:
# - "bar.{{.Domain}}"
# - "altfoo.{{.Domain}}"
# - "{{.Hostname}}.org6.net"
# - 172.16.10.31
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# SANS:
# - "{{.Hostname}}.alt.{{.Domain}}"
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
返回bin目录
使用指令
./cryptogen generate --config=../crypto-config.yaml --output=../crypto-config
到这里我们的身份信息文件就生成好了
接下来要生成排序节点的创世区块文件
进入config目录下,对configx.yaml文件进行编辑,该文件大约有5,6百行代码,建议下载到主机进行编辑
注:下面文件的路径要修改成自己的文件路径,用pwd可以查看当前文件目录的文件路径
1.
2.
Consenters:
- Host: orderer0.example.com
Port: 7050
ClientTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
ServerTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
- Host: orderer1.example.com
Port: 8050
ClientTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
ServerTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 9050
ClientTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
3.MSPDir
下面是完整代码:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# ORGANIZATIONS
#
# This section defines the organizational identities that can be referenced
# in the configuration profiles.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions.
- &OrdererOrg
# Name is the key by which this org will be referenced in channel
# configuration transactions.
# Name can include alphanumeric characters as well as dots and dashes.
Name: OrdererOrg
# SkipAsForeign can be set to true for org definitions which are to be
# inherited from the orderer system channel during channel creation. This
# is especially useful when an admin of a single org without access to the
# MSP directories of the other orgs wishes to create a channel. Note
# this property must always be set to false for orgs included in block
# creation.
SkipAsForeign: false
# ID is the key by which this org's MSP definition will be referenced.
# ID can include alphanumeric characters as well as dots and dashes.
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration.
MSPDir: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies: &SampleOrgPolicies
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
# If your MSP is configured with the new NodeOUs, you might
# want to use a more specific rule like the following:
# Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
# If your MSP is configured with the new NodeOUs, you might
# want to use a more specific rule like the following:
# Rule: "OR('SampleOrg.admin', 'SampleOrg.client')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('OrdererMSP.member')"
# OrdererEndpoints is a list of all orderers this org runs which clients
# and peers may to connect to to push transactions and receive blocks respectively.
OrdererEndpoints:
- "orderer0.example.com:7050"
- "orderer1.example.com:8050"
- "orderer2.example.com:9050"
# AnchorPeers defines the location of peers which can be used for
# cross-org gossip communication.
#
# NOTE: this value should only be set when using the deprecated
# `configtxgen --outputAnchorPeersUpdate` command. It is recommended
# to instead use the channel configuration update process to set the
# anchor peers for each organization.
# AnchorPeers:
# - Host: 127.0.0.1
# Port: 7051
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
AnchorPeers:
- Host: peer0.org2.example.com
Port: 9051
################################################################################
#
# CAPABILITIES
#
# This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V2.0 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v2.0.0
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.1 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.1.x
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V2.5 for Application enables the new non-backwards compatible
# features of fabric v2.5, namely the ability to purge private data.
# Prior to enabling V2.5 application capabilities, ensure that all
# peers on a channel are at v2.5.0 or later.
V2_5: true
################################################################################
#
# APPLICATION
#
# This section defines the values to encode into a config transaction or
# genesis block for application-related parameters.
#
################################################################################
Application: &ApplicationDefaults
ACLs: &ACLsDefault
# This section provides defaults for policies for various resources
# in the system. These "resources" could be functions on system chaincodes
# (e.g., "GetBlockByNumber" on the "qscc" system chaincode) or other resources
# (e.g.,who can receive Block events). This section does NOT specify the resource's
# definition or API, but just the ACL policy for it.
#
# Users can override these defaults with their own policy mapping by defining the
# mapping under ACLs in their channel definition
#---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--#
# ACL policy for _lifecycle's "CheckCommitReadiness" function
_lifecycle/CheckCommitReadiness: /Channel/Application/Writers
# ACL policy for _lifecycle's "CommitChaincodeDefinition" function
_lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
# ACL policy for _lifecycle's "QueryChaincodeDefinition" function
_lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers
# ACL policy for _lifecycle's "QueryChaincodeDefinitions" function
_lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers
#---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#
# ACL policy for lscc's "getid" function
lscc/ChaincodeExists: /Channel/Application/Readers
# ACL policy for lscc's "getdepspec" function
lscc/GetDeploymentSpec: /Channel/Application/Readers
# ACL policy for lscc's "getccdata" function
lscc/GetChaincodeData: /Channel/Application/Readers
# ACL Policy for lscc's "getchaincodes" function
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
#---Query System Chaincode (qscc) function to policy mapping for access control---#
# ACL policy for qscc's "GetChainInfo" function
qscc/GetChainInfo: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByNumber" function
qscc/GetBlockByNumber: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByHash" function
qscc/GetBlockByHash: /Channel/Application/Readers
# ACL policy for qscc's "GetTransactionByID" function
qscc/GetTransactionByID: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByTxID" function
qscc/GetBlockByTxID: /Channel/Application/Readers
#---Configuration System Chaincode (cscc) function to policy mapping for access control---#
# ACL policy for cscc's "GetConfigBlock" function
cscc/GetConfigBlock: /Channel/Application/Readers
# ACL policy for cscc's "GetChannelConfig" function
cscc/GetChannelConfig: /Channel/Application/Readers
#---Miscellaneous peer function to policy mapping for access control---#
# ACL policy for invoking chaincodes on peer
peer/Propose: /Channel/Application/Writers
# ACL policy for chaincode to chaincode invocation
peer/ChaincodeToChaincode: /Channel/Application/Writers
#---Events resource to policy mapping for access control###---#
# ACL policy for sending block events
event/Block: /Channel/Application/Readers
# ACL policy for sending filtered block events
event/FilteredBlock: /Channel/Application/Readers
# Organizations lists the orgs participating on the application side of the
# network.
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies: &ApplicationDefaultPolicies
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the application level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# ORDERER
#
# This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters.
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start.
# Available types are "solo", "kafka" and "etcdraft".
OrdererType: etcdraft
# Addresses used to be the list of orderer addresses that clients and peers
# could connect to. However, this does not allow clients to associate orderer
# addresses and orderer organizations which can be useful for things such
# as TLS validation. The preferred way to specify orderer addresses is now
# to include the OrdererEndpoints item in your org definition
Addresses:
- "orderer0.example.com:7050"
- "orderer1.example.com:8050"
- "orderer2.example.com:9050"
# Batch Timeout: The amount of time to wait before creating a batch.
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block.
# The orderer views messages opaquely, but typically, messages may
# be considered to be Fabric transactions. The 'batch' is the group
# of messages in the 'data' field of the block. Blocks will be a few kb
# larger than the batch size, when signatures, hashes, and other metadata
# is applied.
BatchSize:
# Max Message Count: The maximum number of messages to permit in a
# batch. No block will contain more than this number of messages.
MaxMessageCount: 500
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch. The maximum block size is this value
# plus the size of the associated metadata (usually a few KB depending
# upon the size of the signing identities). Any transaction larger than
# this value will be rejected by ordering.
# It is recommended not to exceed 49 MB, given the default grpc max message size of 100 MB
# configured on orderer and peer nodes (and allowing for message expansion during communication).
AbsoluteMaxBytes: 10 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed
# for the serialized messages in a batch. Roughly, this field may be considered
# the best effort maximum size of a batch. A batch will fill with messages
# until this size is reached (or the max message count, or batch timeout is
# exceeded). If adding a new message to the batch would cause the batch to
# exceed the preferred max bytes, then the current batch is closed and written
# to a block, and a new batch containing the new message is created. If a
# message larger than the preferred max bytes is received, then its batch
# will contain only that message. Because messages may be larger than
# preferred max bytes (up to AbsoluteMaxBytes), some batches may exceed
# the preferred max bytes, but will always contain exactly one transaction.
PreferredMaxBytes: 2 MB
# Max Channels is the maximum number of channels to allow on the ordering
# network. When set to 0, this implies no maximum number of channels.
MaxChannels: 0
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects. Edit
# this list to identify the brokers of the ordering service.
# NOTE: Use IP:port notation.
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
# EtcdRaft defines configuration which must be set when the "etcdraft"
# orderertype is chosen.
EtcdRaft:
# The set of Raft replicas for this network. For the etcd/raft-based
# implementation, we expect every replica to also be an OSN. Therefore,
# a subset of the host:port items enumerated in this list should be
# replicated under the Orderer.Addresses key above.
Consenters:
- Host: orderer0.example.com
Port: 7050
ClientTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
ServerTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
- Host: orderer1.example.com
Port: 8050
ClientTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
ServerTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 9050
ClientTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
# Options to be specified for all the etcd/raft nodes. The values here
# are the defaults for all new channels and can be modified on a
# per-channel basis via configuration updates.
Options:
# TickInterval is the time interval between two Node.Tick invocations.
TickInterval: 500ms
# ElectionTick is the number of Node.Tick invocations that must pass
# between elections. That is, if a follower does not receive any
# message from the leader of current term before ElectionTick has
# elapsed, it will become candidate and start an election.
# ElectionTick must be greater than HeartbeatTick.
ElectionTick: 10
# HeartbeatTick is the number of Node.Tick invocations that must
# pass between heartbeats. That is, a leader sends heartbeat
# messages to maintain its leadership every HeartbeatTick ticks.
HeartbeatTick: 1
# MaxInflightBlocks limits the max number of in-flight append messages
# during optimistic replication phase.
MaxInflightBlocks: 5
# SnapshotIntervalSize defines number of bytes per which a snapshot is taken
SnapshotIntervalSize: 16 MB
# Organizations lists the orgs participating on the orderer side of the
# network.
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
# Capabilities describes the orderer level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *OrdererCapabilities
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# PROFILES
#
# Different configuration profiles may be encoded here to be specified as
# parameters to the configtxgen tool. The profiles which specify consortiums
# are to be used for generating the orderer genesis block. With the correct
# consortium members defined in the orderer genesis block, channel creation
# requests may be generated with only the org member names and a consortium
# name.
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
(注:要尤其注意缩进,否则会报错)
回到config目录
先将原文件备份,再将重新编辑好的文件放回
再回到bin目录生成order节点的创世区块
./configtxgen -configPath ../config -profile TwoOrgsOrdererGenesis -channelID fabric-channel -outputBlock ../channel-artifacts/orderer.genesis.block
生成通道文件:
./configtxgen -configPath ../config -profile TwoOrgsChannel -channelID businesschannel -outputCreateChannelTx ../channel-artifacts/businesschannel.tx
生成锚节点配置更新文件:
./configtxgen -configPath ../config -profile TwoOrgsChannel -channelID businesschannel -asOrg Org1MSP -outputAnchorPeersUpdate ../channel-artifacts/Org1MSPanchors.tx
./configtxgen -configPath ../config -profile TwoOrgsChannel -channelID businesschannel -asOrg Org2MSP -outputAnchorPeersUpdate ../channel-artifacts/Org2MSPanchors.tx
在channel-artifacts/目录看见有以下文件就说明生成完成了
七.搭建多机网络二进制安装部署 Orderer 节点
规划网络拓扑
3 个 orderer 节点;组织 org1 , org1 下有两个 peer 节点, peer0 和 peer1; 组织 org2 , org2 下有两个 peer 节点, peer0 和 peer1;
| 节点 | 宿主机 IP | hosts | 端口 |
|---|---|---|---|
| cli | 192.168.1.66 | N/A | N/A |
| orderer0 | 192.168.1.66 | orderer0.example.com | 7050 , 8443 , 9443 |
| orderer1 | 192.168.1.66 | orderer1.example.com | 8050 , 8444 ,9444 |
| orderer2 | 192.168.1.66 | orderer2.example.com | 9050 , 8445 ,9445 |
解释
修改hosts配置文件
vim /etc/hosts新增
192.168.xx.xxx orderer0.example.com
192.168.xx.xxx orderer1.example.com
192.168.xx.xxx orderer2.example.com
ip为自己虚拟机的IP
新建3个文件,orderer0 orderer1 orderer2
再用fabric二进制文件去启动这三个节点
cp bin/orderer config/orderer.yaml orderer0/
然后去编辑这个yaml文件
修改ip成自己的,还有文件位置也要指定成自己的
这几个文件路径也要修改成自己的
下面这个是需要指向创世区块的那个目录
msp路径也要修改
完整yaml文件代码
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Orderer Configuration
#
# - This controls the type and configuration of the orderer.
#
################################################################################
General:
# Listen address: The IP on which to bind to listen.
ListenAddress: 192.168.44.128
# Listen port: The port on which to bind to listen.
ListenPort: 7050
# TLS: TLS settings for the GRPC server.
TLS:
# Require server-side TLS
Enabled: true
# PrivateKey governs the file location of the private key of the TLS certificate.
PrivateKey: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.key
# Certificate governs the file location of the server TLS certificate.
Certificate: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
# RootCAs contains a list of additional root certificates used for verifying certificates
# of other orderer nodes during outbound connections.
# It is not required to be set, but can be used to augment the set of TLS CA certificates
# available from the MSPs of each channel’s configuration.
RootCAs:
- /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
# Require client certificates / mutual TLS for inbound connections.
ClientAuthRequired: false
# If mutual TLS is enabled, ClientRootCAs contains a list of additional root certificates
# used for verifying certificates of client connections.
# It is not required to be set, but can be used to augment the set of TLS CA certificates
# available from the MSPs of each channel’s configuration.
ClientRootCAs:
# Keepalive settings for the GRPC server.
Keepalive:
# ServerMinInterval is the minimum permitted time between client pings.
# If clients send pings more frequently, the server will
# disconnect them.
ServerMinInterval: 60s
# ServerInterval is the time between pings to clients.
ServerInterval: 7200s
# ServerTimeout is the duration the server waits for a response from
# a client before closing the connection.
ServerTimeout: 20s
# Since all nodes should be consistent it is recommended to keep
# the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize
# Max message size in bytes the GRPC server and client can receive
MaxRecvMsgSize: 104857600
# Max message size in bytes the GRPC server and client can send
MaxSendMsgSize: 104857600
# Cluster settings for ordering service nodes that communicate with other ordering service nodes
# such as Raft based ordering service.
Cluster:
# SendBufferSize is the maximum number of messages in the egress buffer.
# Consensus messages are dropped if the buffer is full, and transaction
# messages are waiting for space to be freed.
SendBufferSize: 100
# ClientCertificate governs the file location of the client TLS certificate
# used to establish mutual TLS connections with other ordering service nodes.
# If not set, the server General.TLS.Certificate is re-used.
ClientCertificate: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
# ClientPrivateKey governs the file location of the private key of the client TLS certificate.
# If not set, the server General.TLS.PrivateKey is re-used.
ClientPrivateKey: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.key
# The below 4 properties should be either set together, or be unset together.
# If they are set, then the orderer node uses a separate listener for intra-cluster
# communication. If they are unset, then the general orderer listener is used.
# This is useful if you want to use a different TLS server certificates on the
# client-facing and the intra-cluster listeners.
# ListenPort defines the port on which the cluster listens to connections.
ListenPort:
# ListenAddress defines the IP on which to listen to intra-cluster communication.
ListenAddress:
# ServerCertificate defines the file location of the server TLS certificate used for intra-cluster
# communication.
ServerCertificate:
# ServerPrivateKey defines the file location of the private key of the TLS certificate.
ServerPrivateKey:
# Bootstrap method: The method by which to obtain the bootstrap block
# system channel is specified. The option can be one of:
# "file" - path to a file containing the genesis block or config block of system channel
# "none" - allows an orderer to start without a system channel configuration
BootstrapMethod: file
# Bootstrap file: The file containing the bootstrap block to use when
# initializing the orderer system channel and BootstrapMethod is set to
# "file". The bootstrap file can be the genesis block, and it can also be
# a config block for late bootstrap of some consensus methods like Raft.
# Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and
# using configtxgen command with "-outputBlock" option.
# Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified.
BootstrapFile: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/channel-artifacts/orderer.genesis.block
# LocalMSPDir is where to find the private crypto material needed by the
# orderer. It is set relative here as a default for dev environments but
# should be changed to the real location in production.
LocalMSPDir: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp
# LocalMSPID is the identity to register the local MSP material with the MSP
# manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP
# ID of one of the organizations defined in the orderer system channel's
# /Channel/Orderer configuration. The sample organization defined in the
# sample configuration provided has an MSP ID of "SampleOrg".
LocalMSPID: OrdererMSP
# Enable an HTTP service for Go "pprof" profiling as documented at:
# https://golang.org/pkg/net/http/pprof
Profile:
Enabled: false
Address: 0.0.0.0:6060
# BCCSP configures the blockchain crypto service providers.
BCCSP:
# Default specifies the preferred blockchain crypto service provider
# to use. If the preferred provider is not available, the software
# based provider ("SW") will be used.
# Valid providers are:
# - SW: a software based crypto provider
# - PKCS11: a CA hardware security module crypto provider.
Default: SW
# SW configures the software based blockchain crypto provider.
SW:
# TODO: The default Hash and Security level needs refactoring to be
# fully configurable. Changing these defaults requires coordination
# SHA2 is hardcoded in several places, not only BCCSP
Hash: SHA2
Security: 256
# Location of key store. If this is unset, a location will be
# chosen using: 'LocalMSPDir'/keystore
FileKeyStore:
KeyStore:
# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
PKCS11:
# Location of the PKCS11 module library
Library:
# Token Label
Label:
# User PIN
Pin:
Hash:
Security:
FileKeyStore:
KeyStore:
# Authentication contains configuration parameters related to authenticating
# client messages
Authentication:
# the acceptable difference between the current server time and the
# client's time as specified in a client request message
TimeWindow: 15m
################################################################################
#
# SECTION: File Ledger
#
# - This section applies to the configuration of the file ledger.
#
################################################################################
FileLedger:
# Location: The directory to store the blocks in.
Location: /var/hyperledger/production/orderer0
################################################################################
#
# SECTION: Kafka
#
# - This section applies to the configuration of the Kafka-based orderer, and
# its interaction with the Kafka cluster.
#
################################################################################
Kafka:
# Retry: What do if a connection to the Kafka cluster cannot be established,
# or if a metadata request to the Kafka cluster needs to be repeated.
Retry:
# When a new channel is created, or when an existing channel is reloaded
# (in case of a just-restarted orderer), the orderer interacts with the
# Kafka cluster in the following ways:
# 1. It creates a Kafka producer (writer) for the Kafka partition that
# corresponds to the channel.
# 2. It uses that producer to post a no-op CONNECT message to that
# partition
# 3. It creates a Kafka consumer (reader) for that partition.
# If any of these steps fail, they will be re-attempted every
# <ShortInterval> for a total of <ShortTotal>, and then every
# <LongInterval> for a total of <LongTotal> until they succeed.
# Note that the orderer will be unable to write to or read from a
# channel until all of the steps above have been completed successfully.
ShortInterval: 5s
ShortTotal: 10m
LongInterval: 5m
LongTotal: 12h
# Affects the socket timeouts when waiting for an initial connection, a
# response, or a transmission. See Config.Net for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
NetworkTimeouts:
DialTimeout: 10s
ReadTimeout: 10s
WriteTimeout: 10s
# Affects the metadata requests when the Kafka cluster is in the middle
# of a leader election.See Config.Metadata for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Metadata:
RetryBackoff: 250ms
RetryMax: 3
# What to do if posting a message to the Kafka cluster fails. See
# Config.Producer for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Producer:
RetryBackoff: 100ms
RetryMax: 3
# What to do if reading from the Kafka cluster fails. See
# Config.Consumer for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Consumer:
RetryBackoff: 2s
# Settings to use when creating Kafka topics. Only applies when
# Kafka.Version is v0.10.1.0 or higher
Topic:
# The number of Kafka brokers across which to replicate the topic
ReplicationFactor: 3
# Verbose: Enable logging for interactions with the Kafka cluster.
Verbose: false
# TLS: TLS settings for the orderer's connection to the Kafka cluster.
TLS:
# Enabled: Use TLS when connecting to the Kafka cluster.
Enabled: false
# PrivateKey: PEM-encoded private key the orderer will use for
# authentication.
PrivateKey:
# As an alternative to specifying the PrivateKey here, uncomment the
# following "File" key and specify the file name from which to load the
# value of PrivateKey.
#File: path/to/PrivateKey
# Certificate: PEM-encoded signed public key certificate the orderer will
# use for authentication.
Certificate:
# As an alternative to specifying the Certificate here, uncomment the
# following "File" key and specify the file name from which to load the
# value of Certificate.
#File: path/to/Certificate
# RootCAs: PEM-encoded trusted root certificates used to validate
# certificates from the Kafka cluster.
RootCAs:
# As an alternative to specifying the RootCAs here, uncomment the
# following "File" key and specify the file name from which to load the
# value of RootCAs.
#File: path/to/RootCAs
# SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers
SASLPlain:
# Enabled: Use SASL/PLAIN to authenticate with Kafka brokers
Enabled: false
# User: Required when Enabled is set to true
User:
# Password: Required when Enabled is set to true
Password:
# Kafka protocol version used to communicate with the Kafka cluster brokers
# (defaults to 0.10.2.0 if not specified)
Version:
################################################################################
#
# Debug Configuration
#
# - This controls the debugging options for the orderer
#
################################################################################
Debug:
# BroadcastTraceDir when set will cause each request to the Broadcast service
# for this orderer to be written to a file in this directory
BroadcastTraceDir:
# DeliverTraceDir when set will cause each request to the Deliver service
# for this orderer to be written to a file in this directory
DeliverTraceDir:
################################################################################
#
# Operations Configuration
#
# - This configures the operations server endpoint for the orderer
#
################################################################################
Operations:
# host and port for the operations server
ListenAddress: 127.0.0.1:8443
# TLS configuration for the operations endpoint
TLS:
# TLS enabled
Enabled: false
# Certificate is the location of the PEM encoded TLS certificate
Certificate:
# PrivateKey points to the location of the PEM-encoded key
PrivateKey:
# Most operations service endpoints require client authentication when TLS
# is enabled. ClientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
ClientAuthRequired: false
# Paths to PEM encoded ca certificates to trust for client authentication
ClientRootCAs: []
################################################################################
#
# Metrics Configuration
#
# - This configures metrics collection for the orderer
#
################################################################################
Metrics:
# The metrics provider is one of statsd, prometheus, or disabled
Provider: disabled
# The statsd configuration
Statsd:
# network type: tcp or udp
Network: udp
# the statsd server address
Address: 127.0.0.1:8125
# The interval at which locally cached counters and gauges are pushed
# to statsd; timings are pushed immediately
WriteInterval: 30s
# The prefix is prepended to all emitted statsd metrics
Prefix:
################################################################################
#
# Admin Configuration
#
# - This configures the admin server endpoint for the orderer
#
################################################################################
Admin:
# host and port for the admin server
ListenAddress: 127.0.0.1:9443
# TLS configuration for the admin endpoint
TLS:
# TLS enabled
Enabled: false
# Certificate is the location of the PEM encoded TLS certificate
Certificate:
# PrivateKey points to the location of the PEM-encoded key
PrivateKey:
# Most admin service endpoints require client authentication when TLS
# is enabled. ClientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
#
# NOTE: When TLS is enabled, the admin endpoint requires mutual TLS. The
# orderer will panic on startup if this value is set to false.
ClientAuthRequired: true
# Paths to PEM encoded ca certificates to trust for client authentication
ClientRootCAs: []
################################################################################
#
# Channel participation API Configuration
#
# - This provides the channel participation API configuration for the orderer.
# - Channel participation uses the ListenAddress and TLS settings of the Admin
# service.
#
################################################################################
ChannelParticipation:
# Channel participation API is enabled.
Enabled: false
# The maximum size of the request body when joining a channel.
MaxRequestBodySize: 1 MB
################################################################################
#
# Consensus Configuration
#
# - This section contains config options for a consensus plugin. It is opaque
# to orderer, and completely up to consensus implementation to make use of.
#
################################################################################
Consensus:
# The allowed key-value pairs here depend on consensus plugin. For etcd/raft,
# we use following options:
# WALDir specifies the location at which Write Ahead Logs for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
WALDir: /var/hyperledger/production/orderer0/etcdraft/wal
# SnapDir specifies the location at which snapshots for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
SnapDir: /var/hyperledger/production/orderer0/etcdraft/snapshot
修改完成后替换原文件yaml
启动 orderer0 节点 :
nohup ./orderer start > orderer0-log.log 2>&1 &
再查看日志是否启动成功
此时它回去连接另外两个节点,但是由于另外两个节点还没有建好所以它会一直尝试连接
接下来就是重复上述步骤建立orderer1和orderer2,由于步骤是一样的这里就不再过多赘述
orderer1的yaml完整代码
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Orderer Configuration
#
# - This controls the type and configuration of the orderer.
#
################################################################################
General:
# Listen address: The IP on which to bind to listen.
ListenAddress: 192.168.44.128
# Listen port: The port on which to bind to listen.
ListenPort: 8050
# TLS: TLS settings for the GRPC server.
TLS:
# Require server-side TLS
Enabled: true
# PrivateKey governs the file location of the private key of the TLS certificate.
PrivateKey: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.key
# Certificate governs the file location of the server TLS certificate.
Certificate: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
# RootCAs contains a list of additional root certificates used for verifying certificates
# of other orderer nodes during outbound connections.
# It is not required to be set, but can be used to augment the set of TLS CA certificates
# available from the MSPs of each channel’s configuration.
RootCAs:
- /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/ca.crt
# Require client certificates / mutual TLS for inbound connections.
ClientAuthRequired: false
# If mutual TLS is enabled, ClientRootCAs contains a list of additional root certificates
# used for verifying certificates of client connections.
# It is not required to be set, but can be used to augment the set of TLS CA certificates
# available from the MSPs of each channel’s configuration.
ClientRootCAs:
# Keepalive settings for the GRPC server.
Keepalive:
# ServerMinInterval is the minimum permitted time between client pings.
# If clients send pings more frequently, the server will
# disconnect them.
ServerMinInterval: 60s
# ServerInterval is the time between pings to clients.
ServerInterval: 7200s
# ServerTimeout is the duration the server waits for a response from
# a client before closing the connection.
ServerTimeout: 20s
# Since all nodes should be consistent it is recommended to keep
# the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize
# Max message size in bytes the GRPC server and client can receive
MaxRecvMsgSize: 104857600
# Max message size in bytes the GRPC server and client can send
MaxSendMsgSize: 104857600
# Cluster settings for ordering service nodes that communicate with other ordering service nodes
# such as Raft based ordering service.
Cluster:
# SendBufferSize is the maximum number of messages in the egress buffer.
# Consensus messages are dropped if the buffer is full, and transaction
# messages are waiting for space to be freed.
SendBufferSize: 100
# ClientCertificate governs the file location of the client TLS certificate
# used to establish mutual TLS connections with other ordering service nodes.
# If not set, the server General.TLS.Certificate is re-used.
ClientCertificate: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
# ClientPrivateKey governs the file location of the private key of the client TLS certificate.
# If not set, the server General.TLS.PrivateKey is re-used.
ClientPrivateKey: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.key
# The below 4 properties should be either set together, or be unset together.
# If they are set, then the orderer node uses a separate listener for intra-cluster
# communication. If they are unset, then the general orderer listener is used.
# This is useful if you want to use a different TLS server certificates on the
# client-facing and the intra-cluster listeners.
# ListenPort defines the port on which the cluster listens to connections.
ListenPort:
# ListenAddress defines the IP on which to listen to intra-cluster communication.
ListenAddress:
# ServerCertificate defines the file location of the server TLS certificate used for intra-cluster
# communication.
ServerCertificate:
# ServerPrivateKey defines the file location of the private key of the TLS certificate.
ServerPrivateKey:
# Bootstrap method: The method by which to obtain the bootstrap block
# system channel is specified. The option can be one of:
# "file" - path to a file containing the genesis block or config block of system channel
# "none" - allows an orderer to start without a system channel configuration
BootstrapMethod: file
# Bootstrap file: The file containing the bootstrap block to use when
# initializing the orderer system channel and BootstrapMethod is set to
# "file". The bootstrap file can be the genesis block, and it can also be
# a config block for late bootstrap of some consensus methods like Raft.
# Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and
# using configtxgen command with "-outputBlock" option.
# Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified.
BootstrapFile: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/channel-artifacts/orderer.genesis.block
# LocalMSPDir is where to find the private crypto material needed by the
# orderer. It is set relative here as a default for dev environments but
# should be changed to the real location in production.
LocalMSPDir: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp
# LocalMSPID is the identity to register the local MSP material with the MSP
# manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP
# ID of one of the organizations defined in the orderer system channel's
# /Channel/Orderer configuration. The sample organization defined in the
# sample configuration provided has an MSP ID of "SampleOrg".
LocalMSPID: OrdererMSP
# Enable an HTTP service for Go "pprof" profiling as documented at:
# https://golang.org/pkg/net/http/pprof
Profile:
Enabled: false
Address: 0.0.0.0:6060
# BCCSP configures the blockchain crypto service providers.
BCCSP:
# Default specifies the preferred blockchain crypto service provider
# to use. If the preferred provider is not available, the software
# based provider ("SW") will be used.
# Valid providers are:
# - SW: a software based crypto provider
# - PKCS11: a CA hardware security module crypto provider.
Default: SW
# SW configures the software based blockchain crypto provider.
SW:
# TODO: The default Hash and Security level needs refactoring to be
# fully configurable. Changing these defaults requires coordination
# SHA2 is hardcoded in several places, not only BCCSP
Hash: SHA2
Security: 256
# Location of key store. If this is unset, a location will be
# chosen using: 'LocalMSPDir'/keystore
FileKeyStore:
KeyStore:
# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
PKCS11:
# Location of the PKCS11 module library
Library:
# Token Label
Label:
# User PIN
Pin:
Hash:
Security:
FileKeyStore:
KeyStore:
# Authentication contains configuration parameters related to authenticating
# client messages
Authentication:
# the acceptable difference between the current server time and the
# client's time as specified in a client request message
TimeWindow: 15m
################################################################################
#
# SECTION: File Ledger
#
# - This section applies to the configuration of the file ledger.
#
################################################################################
FileLedger:
# Location: The directory to store the blocks in.
Location: /var/hyperledger/production/orderer1
################################################################################
#
# SECTION: Kafka
#
# - This section applies to the configuration of the Kafka-based orderer, and
# its interaction with the Kafka cluster.
#
################################################################################
Kafka:
# Retry: What do if a connection to the Kafka cluster cannot be established,
# or if a metadata request to the Kafka cluster needs to be repeated.
Retry:
# When a new channel is created, or when an existing channel is reloaded
# (in case of a just-restarted orderer), the orderer interacts with the
# Kafka cluster in the following ways:
# 1. It creates a Kafka producer (writer) for the Kafka partition that
# corresponds to the channel.
# 2. It uses that producer to post a no-op CONNECT message to that
# partition
# 3. It creates a Kafka consumer (reader) for that partition.
# If any of these steps fail, they will be re-attempted every
# <ShortInterval> for a total of <ShortTotal>, and then every
# <LongInterval> for a total of <LongTotal> until they succeed.
# Note that the orderer will be unable to write to or read from a
# channel until all of the steps above have been completed successfully.
ShortInterval: 5s
ShortTotal: 10m
LongInterval: 5m
LongTotal: 12h
# Affects the socket timeouts when waiting for an initial connection, a
# response, or a transmission. See Config.Net for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
NetworkTimeouts:
DialTimeout: 10s
ReadTimeout: 10s
WriteTimeout: 10s
# Affects the metadata requests when the Kafka cluster is in the middle
# of a leader election.See Config.Metadata for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Metadata:
RetryBackoff: 250ms
RetryMax: 3
# What to do if posting a message to the Kafka cluster fails. See
# Config.Producer for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Producer:
RetryBackoff: 100ms
RetryMax: 3
# What to do if reading from the Kafka cluster fails. See
# Config.Consumer for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Consumer:
RetryBackoff: 2s
# Settings to use when creating Kafka topics. Only applies when
# Kafka.Version is v0.10.1.0 or higher
Topic:
# The number of Kafka brokers across which to replicate the topic
ReplicationFactor: 3
# Verbose: Enable logging for interactions with the Kafka cluster.
Verbose: false
# TLS: TLS settings for the orderer's connection to the Kafka cluster.
TLS:
# Enabled: Use TLS when connecting to the Kafka cluster.
Enabled: false
# PrivateKey: PEM-encoded private key the orderer will use for
# authentication.
PrivateKey:
# As an alternative to specifying the PrivateKey here, uncomment the
# following "File" key and specify the file name from which to load the
# value of PrivateKey.
#File: path/to/PrivateKey
# Certificate: PEM-encoded signed public key certificate the orderer will
# use for authentication.
Certificate:
# As an alternative to specifying the Certificate here, uncomment the
# following "File" key and specify the file name from which to load the
# value of Certificate.
#File: path/to/Certificate
# RootCAs: PEM-encoded trusted root certificates used to validate
# certificates from the Kafka cluster.
RootCAs:
# As an alternative to specifying the RootCAs here, uncomment the
# following "File" key and specify the file name from which to load the
# value of RootCAs.
#File: path/to/RootCAs
# SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers
SASLPlain:
# Enabled: Use SASL/PLAIN to authenticate with Kafka brokers
Enabled: false
# User: Required when Enabled is set to true
User:
# Password: Required when Enabled is set to true
Password:
# Kafka protocol version used to communicate with the Kafka cluster brokers
# (defaults to 0.10.2.0 if not specified)
Version:
################################################################################
#
# Debug Configuration
#
# - This controls the debugging options for the orderer
#
################################################################################
Debug:
# BroadcastTraceDir when set will cause each request to the Broadcast service
# for this orderer to be written to a file in this directory
BroadcastTraceDir:
# DeliverTraceDir when set will cause each request to the Deliver service
# for this orderer to be written to a file in this directory
DeliverTraceDir:
################################################################################
#
# Operations Configuration
#
# - This configures the operations server endpoint for the orderer
#
################################################################################
Operations:
# host and port for the operations server
ListenAddress: 127.0.0.1:8444
# TLS configuration for the operations endpoint
TLS:
# TLS enabled
Enabled: false
# Certificate is the location of the PEM encoded TLS certificate
Certificate:
# PrivateKey points to the location of the PEM-encoded key
PrivateKey:
# Most operations service endpoints require client authentication when TLS
# is enabled. ClientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
ClientAuthRequired: false
# Paths to PEM encoded ca certificates to trust for client authentication
ClientRootCAs: []
################################################################################
#
# Metrics Configuration
#
# - This configures metrics collection for the orderer
#
################################################################################
Metrics:
# The metrics provider is one of statsd, prometheus, or disabled
Provider: disabled
# The statsd configuration
Statsd:
# network type: tcp or udp
Network: udp
# the statsd server address
Address: 127.0.0.1:8125
# The interval at which locally cached counters and gauges are pushed
# to statsd; timings are pushed immediately
WriteInterval: 30s
# The prefix is prepended to all emitted statsd metrics
Prefix:
################################################################################
#
# Admin Configuration
#
# - This configures the admin server endpoint for the orderer
#
################################################################################
Admin:
# host and port for the admin server
ListenAddress: 127.0.0.1:9444
# TLS configuration for the admin endpoint
TLS:
# TLS enabled
Enabled: false
# Certificate is the location of the PEM encoded TLS certificate
Certificate:
# PrivateKey points to the location of the PEM-encoded key
PrivateKey:
# Most admin service endpoints require client authentication when TLS
# is enabled. ClientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
#
# NOTE: When TLS is enabled, the admin endpoint requires mutual TLS. The
# orderer will panic on startup if this value is set to false.
ClientAuthRequired: true
# Paths to PEM encoded ca certificates to trust for client authentication
ClientRootCAs: []
################################################################################
#
# Channel participation API Configuration
#
# - This provides the channel participation API configuration for the orderer.
# - Channel participation uses the ListenAddress and TLS settings of the Admin
# service.
#
################################################################################
ChannelParticipation:
# Channel participation API is enabled.
Enabled: false
# The maximum size of the request body when joining a channel.
MaxRequestBodySize: 1 MB
################################################################################
#
# Consensus Configuration
#
# - This section contains config options for a consensus plugin. It is opaque
# to orderer, and completely up to consensus implementation to make use of.
#
################################################################################
Consensus:
# The allowed key-value pairs here depend on consensus plugin. For etcd/raft,
# we use following options:
# WALDir specifies the location at which Write Ahead Logs for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
#
WALDir: /var/hyperledger/production/orderer1/etcdraft/wal
# SnapDir specifies the location at which snapshots for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
SnapDir: /var/hyperledger/production/orderer1/etcdraft/snapshot
启动 orderer1 节点 :
nohup ./orderer start > orderer1-log.log 2>&1 &
orderer3yaml文件完整代码:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Orderer Configuration
#
# - This controls the type and configuration of the orderer.
#
################################################################################
General:
# Listen address: The IP on which to bind to listen.
ListenAddress: 192.168.44.128
# Listen port: The port on which to bind to listen.
ListenPort: 9050
# TLS: TLS settings for the GRPC server.
TLS:
# Require server-side TLS
Enabled: true
# PrivateKey governs the file location of the private key of the TLS certificate.
PrivateKey: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key
# Certificate governs the file location of the server TLS certificate.
Certificate: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
# RootCAs contains a list of additional root certificates used for verifying certificates
# of other orderer nodes during outbound connections.
# It is not required to be set, but can be used to augment the set of TLS CA certificates
# available from the MSPs of each channel’s configuration.
RootCAs:
- /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/ca.crt
# Require client certificates / mutual TLS for inbound connections.
ClientAuthRequired: false
# If mutual TLS is enabled, ClientRootCAs contains a list of additional root certificates
# used for verifying certificates of client connections.
# It is not required to be set, but can be used to augment the set of TLS CA certificates
# available from the MSPs of each channel’s configuration.
ClientRootCAs:
# Keepalive settings for the GRPC server.
Keepalive:
# ServerMinInterval is the minimum permitted time between client pings.
# If clients send pings more frequently, the server will
# disconnect them.
ServerMinInterval: 60s
# ServerInterval is the time between pings to clients.
ServerInterval: 7200s
# ServerTimeout is the duration the server waits for a response from
# a client before closing the connection.
ServerTimeout: 20s
# Since all nodes should be consistent it is recommended to keep
# the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize
# Max message size in bytes the GRPC server and client can receive
MaxRecvMsgSize: 104857600
# Max message size in bytes the GRPC server and client can send
MaxSendMsgSize: 104857600
# Cluster settings for ordering service nodes that communicate with other ordering service nodes
# such as Raft based ordering service.
Cluster:
# SendBufferSize is the maximum number of messages in the egress buffer.
# Consensus messages are dropped if the buffer is full, and transaction
# messages are waiting for space to be freed.
SendBufferSize: 100
# ClientCertificate governs the file location of the client TLS certificate
# used to establish mutual TLS connections with other ordering service nodes.
# If not set, the server General.TLS.Certificate is re-used.
ClientCertificate: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
# ClientPrivateKey governs the file location of the private key of the client TLS certificate.
# If not set, the server General.TLS.PrivateKey is re-used.
ClientPrivateKey: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key
# The below 4 properties should be either set together, or be unset together.
# If they are set, then the orderer node uses a separate listener for intra-cluster
# communication. If they are unset, then the general orderer listener is used.
# This is useful if you want to use a different TLS server certificates on the
# client-facing and the intra-cluster listeners.
# ListenPort defines the port on which the cluster listens to connections.
ListenPort:
# ListenAddress defines the IP on which to listen to intra-cluster communication.
ListenAddress:
# ServerCertificate defines the file location of the server TLS certificate used for intra-cluster
# communication.
ServerCertificate:
# ServerPrivateKey defines the file location of the private key of the TLS certificate.
ServerPrivateKey:
# Bootstrap method: The method by which to obtain the bootstrap block
# system channel is specified. The option can be one of:
# "file" - path to a file containing the genesis block or config block of system channel
# "none" - allows an orderer to start without a system channel configuration
BootstrapMethod: file
# Bootstrap file: The file containing the bootstrap block to use when
# initializing the orderer system channel and BootstrapMethod is set to
# "file". The bootstrap file can be the genesis block, and it can also be
# a config block for late bootstrap of some consensus methods like Raft.
# Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and
# using configtxgen command with "-outputBlock" option.
# Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified.
BootstrapFile: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/channel-artifacts/orderer.genesis.block
# LocalMSPDir is where to find the private crypto material needed by the
# orderer. It is set relative here as a default for dev environments but
# should be changed to the real location in production.
LocalMSPDir: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp
# LocalMSPID is the identity to register the local MSP material with the MSP
# manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP
# ID of one of the organizations defined in the orderer system channel's
# /Channel/Orderer configuration. The sample organization defined in the
# sample configuration provided has an MSP ID of "SampleOrg".
LocalMSPID: OrdererMSP
# Enable an HTTP service for Go "pprof" profiling as documented at:
# https://golang.org/pkg/net/http/pprof
Profile:
Enabled: false
Address: 0.0.0.0:6060
# BCCSP configures the blockchain crypto service providers.
BCCSP:
# Default specifies the preferred blockchain crypto service provider
# to use. If the preferred provider is not available, the software
# based provider ("SW") will be used.
# Valid providers are:
# - SW: a software based crypto provider
# - PKCS11: a CA hardware security module crypto provider.
Default: SW
# SW configures the software based blockchain crypto provider.
SW:
# TODO: The default Hash and Security level needs refactoring to be
# fully configurable. Changing these defaults requires coordination
# SHA2 is hardcoded in several places, not only BCCSP
Hash: SHA2
Security: 256
# Location of key store. If this is unset, a location will be
# chosen using: 'LocalMSPDir'/keystore
FileKeyStore:
KeyStore:
# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
PKCS11:
# Location of the PKCS11 module library
Library:
# Token Label
Label:
# User PIN
Pin:
Hash:
Security:
FileKeyStore:
KeyStore:
# Authentication contains configuration parameters related to authenticating
# client messages
Authentication:
# the acceptable difference between the current server time and the
# client's time as specified in a client request message
TimeWindow: 15m
################################################################################
#
# SECTION: File Ledger
#
# - This section applies to the configuration of the file ledger.
#
################################################################################
FileLedger:
# Location: The directory to store the blocks in.
Location: /var/hyperledger/production/orderer2
################################################################################
#
# SECTION: Kafka
#
# - This section applies to the configuration of the Kafka-based orderer, and
# its interaction with the Kafka cluster.
#
################################################################################
Kafka:
# Retry: What do if a connection to the Kafka cluster cannot be established,
# or if a metadata request to the Kafka cluster needs to be repeated.
Retry:
# When a new channel is created, or when an existing channel is reloaded
# (in case of a just-restarted orderer), the orderer interacts with the
# Kafka cluster in the following ways:
# 1. It creates a Kafka producer (writer) for the Kafka partition that
# corresponds to the channel.
# 2. It uses that producer to post a no-op CONNECT message to that
# partition
# 3. It creates a Kafka consumer (reader) for that partition.
# If any of these steps fail, they will be re-attempted every
# <ShortInterval> for a total of <ShortTotal>, and then every
# <LongInterval> for a total of <LongTotal> until they succeed.
# Note that the orderer will be unable to write to or read from a
# channel until all of the steps above have been completed successfully.
ShortInterval: 5s
ShortTotal: 10m
LongInterval: 5m
LongTotal: 12h
# Affects the socket timeouts when waiting for an initial connection, a
# response, or a transmission. See Config.Net for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
NetworkTimeouts:
DialTimeout: 10s
ReadTimeout: 10s
WriteTimeout: 10s
# Affects the metadata requests when the Kafka cluster is in the middle
# of a leader election.See Config.Metadata for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Metadata:
RetryBackoff: 250ms
RetryMax: 3
# What to do if posting a message to the Kafka cluster fails. See
# Config.Producer for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Producer:
RetryBackoff: 100ms
RetryMax: 3
# What to do if reading from the Kafka cluster fails. See
# Config.Consumer for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Consumer:
RetryBackoff: 2s
# Settings to use when creating Kafka topics. Only applies when
# Kafka.Version is v0.10.1.0 or higher
Topic:
# The number of Kafka brokers across which to replicate the topic
ReplicationFactor: 3
# Verbose: Enable logging for interactions with the Kafka cluster.
Verbose: false
# TLS: TLS settings for the orderer's connection to the Kafka cluster.
TLS:
# Enabled: Use TLS when connecting to the Kafka cluster.
Enabled: false
# PrivateKey: PEM-encoded private key the orderer will use for
# authentication.
PrivateKey:
# As an alternative to specifying the PrivateKey here, uncomment the
# following "File" key and specify the file name from which to load the
# value of PrivateKey.
#File: path/to/PrivateKey
# Certificate: PEM-encoded signed public key certificate the orderer will
# use for authentication.
Certificate:
# As an alternative to specifying the Certificate here, uncomment the
# following "File" key and specify the file name from which to load the
# value of Certificate.
#File: path/to/Certificate
# RootCAs: PEM-encoded trusted root certificates used to validate
# certificates from the Kafka cluster.
RootCAs:
# As an alternative to specifying the RootCAs here, uncomment the
# following "File" key and specify the file name from which to load the
# value of RootCAs.
#File: path/to/RootCAs
# SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers
SASLPlain:
# Enabled: Use SASL/PLAIN to authenticate with Kafka brokers
Enabled: false
# User: Required when Enabled is set to true
User:
# Password: Required when Enabled is set to true
Password:
# Kafka protocol version used to communicate with the Kafka cluster brokers
# (defaults to 0.10.2.0 if not specified)
Version:
################################################################################
#
# Debug Configuration
#
# - This controls the debugging options for the orderer
#
################################################################################
Debug:
# BroadcastTraceDir when set will cause each request to the Broadcast service
# for this orderer to be written to a file in this directory
BroadcastTraceDir:
# DeliverTraceDir when set will cause each request to the Deliver service
# for this orderer to be written to a file in this directory
DeliverTraceDir:
################################################################################
#
# Operations Configuration
#
# - This configures the operations server endpoint for the orderer
#
################################################################################
Operations:
# host and port for the operations server
ListenAddress: 127.0.0.1:8445
# TLS configuration for the operations endpoint
TLS:
# TLS enabled
Enabled: false
# Certificate is the location of the PEM encoded TLS certificate
Certificate:
# PrivateKey points to the location of the PEM-encoded key
PrivateKey:
# Most operations service endpoints require client authentication when TLS
# is enabled. ClientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
ClientAuthRequired: false
# Paths to PEM encoded ca certificates to trust for client authentication
ClientRootCAs: []
################################################################################
#
# Metrics Configuration
#
# - This configures metrics collection for the orderer
#
################################################################################
Metrics:
# The metrics provider is one of statsd, prometheus, or disabled
Provider: disabled
# The statsd configuration
Statsd:
# network type: tcp or udp
Network: udp
# the statsd server address
Address: 127.0.0.1:8125
# The interval at which locally cached counters and gauges are pushed
# to statsd; timings are pushed immediately
WriteInterval: 30s
# The prefix is prepended to all emitted statsd metrics
Prefix:
################################################################################
#
# Admin Configuration
#
# - This configures the admin server endpoint for the orderer
#
################################################################################
Admin:
# host and port for the admin server
ListenAddress: 127.0.0.1:9445
# TLS configuration for the admin endpoint
TLS:
# TLS enabled
Enabled: false
# Certificate is the location of the PEM encoded TLS certificate
Certificate:
# PrivateKey points to the location of the PEM-encoded key
PrivateKey:
# Most admin service endpoints require client authentication when TLS
# is enabled. ClientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
#
# NOTE: When TLS is enabled, the admin endpoint requires mutual TLS. The
# orderer will panic on startup if this value is set to false.
ClientAuthRequired: true
# Paths to PEM encoded ca certificates to trust for client authentication
ClientRootCAs: []
################################################################################
#
# Channel participation API Configuration
#
# - This provides the channel participation API configuration for the orderer.
# - Channel participation uses the ListenAddress and TLS settings of the Admin
# service.
#
################################################################################
ChannelParticipation:
# Channel participation API is enabled.
Enabled: false
# The maximum size of the request body when joining a channel.
MaxRequestBodySize: 1 MB
################################################################################
#
# Consensus Configuration
#
# - This section contains config options for a consensus plugin. It is opaque
# to orderer, and completely up to consensus implementation to make use of.
#
################################################################################
Consensus:
# The allowed key-value pairs here depend on consensus plugin. For etcd/raft,
# we use following options:
# WALDir specifies the location at which Write Ahead Logs for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
WALDir: /var/hyperledger/production/orderer2/etcdraft/wal
# SnapDir specifies the location at which snapshots for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
SnapDir: /var/hyperledger/production/orderer2/etcdraft/snapshot
启动 orderer2 节点 :
nohup ./orderer start > orderer2-log.log 2>&1 &
查看 orderer 节点进程:
ps -aux | grep orderer
这样就搭建完成了
八.搭建多机网络二进制安装部署 Peer 节点
先修改hosts文件
vim /etc/hosts新增(ip记得修改成自己的)
192.168.44.128 peer0.org1.example.com
192.168.44.128 peer1.org1.example.com
192.168.44.128 peer0.org2.example.com
192.168.44.128 peer1.org2.example.com
部署peer节点之前要确保orderer节点都是启动起来的
ps -aux | grep orderer
如果是这样说明还没有启动,按照上一章的方法重新启动三个节点就行了(要记得进入对应文件目录里使用命令)
都启动成功就是这样的
开始部署peer节点
然后新建编辑 core.yaml 文件:
这里的路径都要修改成自己的
这里的IP也是
org1-peer0完整代码如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
###############################################################################
#
# Peer section
#
###############################################################################
peer:
# The peer id provides a name for this peer instance and is used when
# naming docker resources.
id: peer0.org1.example.com
# The networkId allows for logical separation of networks and is used when
# naming docker resources.
networkId: dev
# The Address at local network interface this Peer will listen on.
# By default, it will listen on all network interfaces
listenAddress: 192.168.44.128:7051
# The endpoint this peer uses to listen for inbound chaincode connections.
# If this is commented-out, the listen address is selected to be
# the peer's address (see below) with port 7052
chaincodeListenAddress: 192.168.44.128:7052
# The endpoint the chaincode for this peer uses to connect to the peer.
# If this is not specified, the chaincodeListenAddress address is selected.
# And if chaincodeListenAddress is not specified, address is selected from
# peer address (see below). If specified peer address is invalid then it
# will fallback to the auto detected IP (local IP) regardless of the peer
# addressAutoDetect value.
chaincodeAddress: 192.168.44.128:7052
# When used as peer config, this represents the endpoint to other peers
# in the same organization. For peers in other organization, see
# gossip.externalEndpoint for more info.
# When used as CLI config, this means the peer's endpoint to interact with
address: 192.168.44.128:7051
# Whether the Peer should programmatically determine its address
# This case is useful for docker containers.
# When set to true, will override peer address.
addressAutoDetect: false
# Settings for the Peer's gateway server.
gateway:
# Whether the gateway is enabled for this Peer.
enabled: true
# endorsementTimeout is the duration the gateway waits for a response
# from other endorsing peers before returning a timeout error to the client.
endorsementTimeout: 30s
# dialTimeout is the duration the gateway waits for a connection
# to other network nodes.
dialTimeout: 2m
# Keepalive settings for peer server and clients
keepalive:
# Interval is the duration after which if the server does not see
# any activity from the client it pings the client to see if it's alive
interval: 7200s
# Timeout is the duration the server waits for a response
# from the client after sending a ping before closing the connection
timeout: 20s
# MinInterval is the minimum permitted time between client pings.
# If clients send pings more frequently, the peer server will
# disconnect them
minInterval: 60s
# Client keepalive settings for communicating with other peer nodes
client:
# Interval is the time between pings to peer nodes. This must
# greater than or equal to the minInterval specified by peer
# nodes
interval: 60s
# Timeout is the duration the client waits for a response from
# peer nodes before closing the connection
timeout: 20s
# DeliveryClient keepalive settings for communication with ordering
# nodes.
deliveryClient:
# Interval is the time between pings to ordering nodes. This must
# greater than or equal to the minInterval specified by ordering
# nodes.
interval: 60s
# Timeout is the duration the client waits for a response from
# ordering nodes before closing the connection
timeout: 20s
# Gossip related configuration
gossip:
# Bootstrap set to initialize gossip with.
# This is a list of other peers that this peer reaches out to at startup.
# Important: The endpoints here have to be endpoints of peers in the same
# organization, because the peer would refuse connecting to these endpoints
# unless they are in the same organization as the peer.
bootstrap: 192.168.44.128:7051
# NOTE: orgLeader and useLeaderElection parameters are mutual exclusive.
# Setting both to true would result in the termination of the peer
# since this is undefined state. If the peers are configured with
# useLeaderElection=false, make sure there is at least 1 peer in the
# organization that its orgLeader is set to true.
# Defines whenever peer will initialize dynamic algorithm for
# "leader" selection, where leader is the peer to establish
# connection with ordering service and use delivery protocol
# to pull ledger blocks from ordering service.
useLeaderElection: false
# Statically defines peer to be an organization "leader",
# where this means that current peer will maintain connection
# with ordering service and disseminate block across peers in
# its own organization. Multiple peers or all peers in an organization
# may be configured as org leaders, so that they all pull
# blocks directly from ordering service.
orgLeader: true
# Interval for membershipTracker polling
membershipTrackerInterval: 5s
# Overrides the endpoint that the peer publishes to peers
# in its organization. For peers in foreign organizations
# see 'externalEndpoint'
endpoint:
# Maximum count of blocks stored in memory
maxBlockCountToStore: 10
# Max time between consecutive message pushes(unit: millisecond)
maxPropagationBurstLatency: 10ms
# Max number of messages stored until a push is triggered to remote peers
maxPropagationBurstSize: 10
# Number of times a message is pushed to remote peers
propagateIterations: 1
# Number of peers selected to push messages to
propagatePeerNum: 3
# Determines frequency of pull phases(unit: second)
# Must be greater than digestWaitTime + responseWaitTime
pullInterval: 4s
# Number of peers to pull from
pullPeerNum: 3
# Determines frequency of pulling state info messages from peers(unit: second)
requestStateInfoInterval: 4s
# Determines frequency of pushing state info messages to peers(unit: second)
publishStateInfoInterval: 4s
# Maximum time a stateInfo message is kept until expired
stateInfoRetentionInterval:
# Time from startup certificates are included in Alive messages(unit: second)
publishCertPeriod: 10s
# Should we skip verifying block messages or not (currently not in use)
skipBlockVerification: false
# Dial timeout(unit: second)
dialTimeout: 3s
# Connection timeout(unit: second)
connTimeout: 2s
# Buffer size of received messages
recvBuffSize: 20
# Buffer size of sending messages
sendBuffSize: 200
# Time to wait before pull engine processes incoming digests (unit: second)
# Should be slightly smaller than requestWaitTime
digestWaitTime: 1s
# Time to wait before pull engine removes incoming nonce (unit: milliseconds)
# Should be slightly bigger than digestWaitTime
requestWaitTime: 1500ms
# Time to wait before pull engine ends pull (unit: second)
responseWaitTime: 2s
# Alive check interval(unit: second)
aliveTimeInterval: 5s
# Alive expiration timeout(unit: second)
aliveExpirationTimeout: 25s
# Reconnect interval(unit: second)
reconnectInterval: 25s
# Max number of attempts to connect to a peer
maxConnectionAttempts: 120
# Message expiration factor for alive messages
msgExpirationFactor: 20
# This is an endpoint that is published to peers outside of the organization.
# If this isn't set, the peer will not be known to other organizations.
externalEndpoint:
# Leader election service configuration
election:
# Longest time peer waits for stable membership during leader election startup (unit: second)
startupGracePeriod: 15s
# Interval gossip membership samples to check its stability (unit: second)
membershipSampleInterval: 1s
# Time passes since last declaration message before peer decides to perform leader election (unit: second)
leaderAliveThreshold: 10s
# Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second)
leaderElectionDuration: 5s
pvtData:
# pullRetryThreshold determines the maximum duration of time private data corresponding for a given block
# would be attempted to be pulled from peers until the block would be committed without the private data
pullRetryThreshold: 60s
# As private data enters the transient store, it is associated with the peer's ledger's height at that time.
# transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit,
# and the private data residing inside the transient store that is guaranteed not to be purged.
# Private data is purged from the transient store when blocks with sequences that are multiples
# of transientstoreMaxBlockRetention are committed.
transientstoreMaxBlockRetention: 1000
# pushAckTimeout is the maximum time to wait for an acknowledgement from each peer
# at private data push at endorsement time.
pushAckTimeout: 3s
# Block to live pulling margin, used as a buffer
# to prevent peer from trying to pull private data
# from peers that is soon to be purged in next N blocks.
# This helps a newly joined peer catch up to current
# blockchain height quicker.
btlPullMargin: 10
# the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to
# pull from the other peers the most recent missing blocks with a maximum batch size limitation.
# reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a
# single iteration.
reconcileBatchSize: 10
# reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning
# of the next reconciliation iteration.
reconcileSleepInterval: 1m
# reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not.
reconciliationEnabled: true
# skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid
# transaction's private data from other peers need to be skipped during the commit time and pulled
# only through reconciler.
skipPullingInvalidTransactionsDuringCommit: false
# implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection.
# When a peer endorses a proposal that writes to its own implicit collection, below values override the default values
# for disseminating private data.
# Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to
# be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization.
implicitCollectionDisseminationPolicy:
# requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully
# disseminate private data for its own implicit collection during endorsement. Default value is 0.
requiredPeerCount: 0
# maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to
# disseminate private data for its own implicit collection during endorsement. Default value is 1.
maxPeerCount: 1
# Gossip state transfer related configuration
state:
# indicates whenever state transfer is enabled or not
# default value is false, i.e. state transfer is active
# and takes care to sync up missing blocks allowing
# lagging peer to catch up to speed with rest network.
# Keep in mind that when peer.gossip.useLeaderElection is true
# and there are several peers in the organization,
# or peer.gossip.useLeaderElection is false alongside with
# peer.gossip.orgleader being false, the peer's ledger may lag behind
# the rest of the peers and will never catch up due to state transfer
# being disabled.
enabled: false
# checkInterval interval to check whether peer is lagging behind enough to
# request blocks via state transfer from another peer.
checkInterval: 10s
# responseTimeout amount of time to wait for state transfer response from
# other peers
responseTimeout: 3s
# batchSize the number of blocks to request via state transfer from another peer
batchSize: 10
# blockBufferSize reflects the size of the re-ordering buffer
# which captures blocks and takes care to deliver them in order
# down to the ledger layer. The actual buffer size is bounded between
# 0 and 2*blockBufferSize, each channel maintains its own buffer
blockBufferSize: 20
# maxRetries maximum number of re-tries to ask
# for single state transfer request
maxRetries: 3
# TLS Settings
tls:
# Require server-side TLS
enabled: true
# Require client certificates / mutual TLS for inbound connections.
# Note that clients that are not configured to use a certificate will
# fail to connect to the peer.
clientAuthRequired: false
# X.509 certificate used for TLS server
cert:
file: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
# Private key used for TLS server
key:
file: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
# rootcert.file represents the trusted root certificate chain used for verifying certificates
# of other nodes during outbound connections.
# It is not required to be set, but can be used to augment the set of TLS CA certificates
# available from the MSPs of each channel’s configuration.
rootcert:
file: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
# If mutual TLS is enabled, clientRootCAs.files contains a list of additional root certificates
# used for verifying certificates of client connections.
# It augments the set of TLS CA certificates available from the MSPs of each channel’s configuration.
# Minimally, set your organization's TLS CA root certificate so that the peer can receive join channel requests.
clientRootCAs:
files:
- /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
# Private key used for TLS when making client connections.
# If not set, peer.tls.key.file will be used instead
clientKey:
file:
# X.509 certificate used for TLS when making client connections.
# If not set, peer.tls.cert.file will be used instead
clientCert:
file:
# Authentication contains configuration parameters related to authenticating
# client messages
authentication:
# the acceptable difference between the current server time and the
# client's time as specified in a client request message
timewindow: 15m
# Path on the file system where peer will store data (eg ledger). This
# location must be access control protected to prevent unintended
# modification that might corrupt the peer operations.
fileSystemPath: /var/hyperledger/production/org1-peer0
# BCCSP (Blockchain crypto provider): Select which crypto implementation or
# library to use
BCCSP:
Default: SW
# Settings for the SW crypto provider (i.e. when DEFAULT: SW)
SW:
# TODO: The default Hash and Security level needs refactoring to be
# fully configurable. Changing these defaults requires coordination
# SHA2 is hardcoded in several places, not only BCCSP
Hash: SHA2
Security: 256
# Location of Key Store
FileKeyStore:
# If "", defaults to 'mspConfigPath'/keystore
KeyStore:
# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
PKCS11:
# Location of the PKCS11 module library
Library:
# Token Label
Label:
# User PIN
Pin:
Hash:
Security:
# Path on the file system where peer will find MSP local configurations
mspConfigPath: /root/go/src/github.com/hyperledger/fabric/3orderer-org1-2peer-org2-2peer-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp
# Identifier of the local MSP
# ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!----
# Deployers need to change the value of the localMspId string.
# In particular, the name of the local MSP ID of a peer needs
# to match the name of one of the MSPs in each of the channel
# that this peer is a member of. Otherwise this peer's messages
# will not be identified as valid by other nodes.
localMspId: Org1MSP
# CLI common client config options
client:
# connection timeout
connTimeout: 3s
# Delivery service related config
deliveryclient:
# Enables this peer to disseminate blocks it pulled from the ordering service
# via gossip.
# Note that 'gossip.state.enabled' controls point to point block replication
# of blocks committed in the past.
blockGossipEnabled: true
# It sets the total time the delivery service may spend in reconnection
# attempts until its retry logic gives up and returns an error
reconnectTotalTimeThreshold: 3600s
# It sets the delivery service <-> ordering service node connection timeout
connTimeout: 3s
# It sets the delivery service maximal delay between consecutive retries
reConnectBackoffThreshold: 3600s
# A list of orderer endpoint addresses which should be overridden
# when found in channel configurations.
addressOverrides:
# - from:
# to:
# caCertsFile:
# - from:
# to:
# caCertsFile:
# Type for the local MSP - by default it's of type bccsp
localMspType: bccsp
# Used with Go profiling tools only in none production environment. In
# production, it should be disabled (eg enabled: false)
profile:
enabled: false
listenAddress: 0.0.0.0:6060
# Handlers defines custom handlers that can filter and mutate
# objects passing within the peer, such as:
# Auth filter - reject or forward proposals from clients
# Decorators - append or mutate the chaincode input passed to the chaincode
# Endorsers - Custom signing over proposal response payload and its mutation
# Valid handler definition contains:
# - A name which is a factory method name defined in
# core/handlers/library/library.go for statically compiled handlers
# - library path to shared object binary for pluggable filters
# Auth filters and decorators are chained and executed in the order that
# they are defined. For example:
# authFilters:
# -
# name: FilterOne
# library: /opt/lib/filter.so
# -
# name: FilterTwo
# decorators:
# -
# name: DecoratorOne
# -
# name: DecoratorTwo
# library: /opt/lib/decorator.so
# Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden.
# Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality
# as the default ESCC.
# If the 'library' property is missing, the name is used as the constructor method in the builtin library similar
# to auth filters and decorators.
# endorsers:
# escc:
# name: DefaultESCC
# library: /etc/hyperledger/fabric/plugin/escc.so
handlers:
authFilters:
-
name: DefaultAuth
-
name: ExpirationCheck # This filter checks identity x509 certificate expiration
decorators:
-
name: DefaultDecorator
endorsers:
escc:
name: DefaultEndorsement
library:
validators:
vscc:
name: DefaultValidation
library:
# library: /etc/hyperledger/fabric/plugin/escc.so
# Number of goroutines that will execute transaction validation in parallel.
# By default, the peer chooses the number of CPUs on the machine. Set this
# variable to override that choice.
# NOTE: overriding this value might negatively influence the performance of
# the peer so please change this value only if you know what you're doing
validatorPoolSize:
# The discovery service is used by clients to query information about peers,
# such as - which peers have joined a certain channel, what is the latest
# channel config, and most importantly - given a chaincode and a channel,
# what possible sets of peers satisfy the endorsement policy.
discovery:
enabled: true
# Whether the authentication cache is enabled or not.
authCacheEnabled: true
# The maximum size of the cache, after which a purge takes place
authCacheMaxSize: 1000
# The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulation
authCachePurgeRetentionRatio: 0.75
# Whether to allow non-admins to perform non channel scoped queries.
# When this is false, it means that only peer admins can perform non channel scoped queries.
orgMembersAllowedAccess: false
# Limits is used to configure some internal resource limits.
limits:
# Concurrency limits the number of concurrently running requests to a service on each peer.
# Currently this option is only applied to endorser service and deliver service.
# When the property is missing or the value is 0, the concurrency limit is disabled for the service.
concurrency:
# endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation,
# including both user chaincodes and system chaincodes.
endorserService: 2500
# deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events.
deliverService: 2500
# gatewayService limits concurrent requests to gateway service that handles the submission and evaluation of transactions.
gatewayService: 500
# Since all nodes should be consistent it is recommended to keep
# the default value of 100MB for MaxRecvMsgSize & MaxSendMsgSize
# Max message size in bytes GRPC server and client can receive
maxRecvMsgSize: 104857600
# Max message size in bytes GRPC server and client can send
maxSendMsgSize: 104857600
###############################################################################
#
# VM section
#
###############################################################################
vm:
# Endpoint of the vm management system. For docker can be one of the following in general
# unix:///var/run/docker.sock
# http://localhost:2375
# https://localhost:2376
# If you utilize external chaincode builders and don't need the default Docker chaincode builder,
# the endpoint should be unconfigured so that the peer's Docker health checker doesn't get registered.
endpoint: unix:///var/run/docker.sock
# settings for docker vms
docker:
tls:
enabled: false
ca:
file: docker/ca.crt
cert:
file: docker/tls.crt
key:
file: docker/tls.key
# Enables/disables the standard out/err from chaincode containers for
# debugging purposes
attachStdout: false
# Parameters on creating docker container.
# Container may be efficiently created using ipam & dns-server for cluster
# NetworkMode - sets the networking mode for the container. Supported
# standard values are: `host`(default),`bridge`,`ipvlan`,`none`.
# Dns - a list of DNS servers for the container to use.
# Note: `Privileged` `Binds` `Links` and `PortBindings` properties of
# Docker Host Config are not supported and will not be used if set.
# LogConfig - sets the logging driver (Type) and related options
# (Config) for Docker. For more info,
# https://docs.docker.com/engine/admin/logging/overview/
# Note: Set LogConfig using Environment Variables is not supported.
hostConfig:
NetworkMode: host
Dns:
# - 192.168.0.1
LogConfig:
Type: json-file
Config:
max-size: "50m"
max-file: "5"
Memory: 2147483648
###############################################################################
#
# Chaincode section
#
###############################################################################
chaincode:
# The id is used by the Chaincode stub to register the executing Chaincode
# ID with the Peer and is generally supplied through ENV variables
# the `path` form of ID is provided when installing the chaincode.
# The `name` is used for all other requests and can be any string.
id:
path:
name:
# Generic builder environment, suitable for most chaincode types
builder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION)
# Enables/disables force pulling of the base docker images (listed below)
# during user chaincode instantiation.
# Useful when using moving image tags (such as :latest)
pull: false
golang:
# golang will never need more than baseos
runtime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION)
# whether or not golang chaincode should be linked dynamically
dynamicLink: false
java:
# This is an image based on java:openjdk-8 with addition compiler
# tools added for java shim layer packaging.
# This image is packed with shim layer libraries that are necessary
# for Java chaincode runtime.
runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION)
node:
# This is an image based on node:$(NODE_VER)-alpine
runtime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION)
# List of directories to treat as external builders and launchers for
# chaincode. The external builder detection processing will iterate over the
# builders in the order specified below.
# If you don't need to fallback to the default Docker builder, also unconfigure vm.endpoint above.
# To override this property via env variable use CORE_CHAINCODE_EXTERNALBUILDERS: [{name: x, path: dir1}, {name: y, path: dir2}]
externalBuilders:
- name: ccaas_builder
path: /opt/hyperledger/ccaas_builder
propagateEnvironment:
- CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG
# The maximum duration to wait for the chaincode build and install process
# to complete.
installTimeout: 300s
# Timeout duration for starting up a container and waiting for Register
# to come through.
startuptimeout: 300s
# Timeout duration for Invoke and Init calls to prevent runaway.
# This timeout is used by all chaincodes in all the channels, including
# system chaincodes.
# Note that during Invoke, if the image is not available (e.g. being
# cleaned up when in development environment), the peer will automatically
# build the image, which might take more time. In production environment,
# the chaincode image is unlikely to be deleted, so the timeout could be
# reduced accordingly.
executetimeout: 30s
# There are 2 modes: "dev" and "net".
# In dev mode, user runs the chaincode after starting peer from
# command line on local machine.
# In net mode, peer will run chaincode in a docker container.
mode: net
# keepalive in seconds. In situations where the communication goes through a
# proxy that does not support keep-alive, this parameter will maintain connection
# between peer and chaincode.
# A value <= 0 turns keepalive off
keepalive: 0
# enabled system chaincodes
system:
_lifecycle: enable
cscc: enable
lscc: enable
qscc: enable
# Logging section for the chaincode container
logging:
# Default level for all loggers within the chaincode container
level: info
# Override default level for the 'shim' logger
shim: warning
# Format for the chaincode container logs
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
###############################################################################
#
# Ledger section - ledger configuration encompasses both the blockchain
# and the state
#
###############################################################################
ledger:
blockchain:
state:
# stateDatabase - options are "goleveldb", "CouchDB"
# goleveldb - default state database stored in goleveldb.
# CouchDB - store state database in CouchDB
stateDatabase: goleveldb
# Limit on the number of records to return per query
totalQueryLimit: 100000
couchDBConfig:
# It is recommended to run CouchDB on the same server as the peer, and
# not map the CouchDB container port to a server port in docker-compose.
# Otherwise proper security must be provided on the connection between
# CouchDB client (on the peer) and server.
couchDBAddress: 127.0.0.1:5984
# This username must have read and write authority on CouchDB
username:
# The password is recommended to pass as an environment variable
# during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD).
# If it is stored here, the file must be access control protected
# to prevent unintended users from discovering the password.
password:
# Number of retries for CouchDB errors
maxRetries: 3
# Number of retries for CouchDB errors during peer startup.
# The delay between retries doubles for each attempt.
# Default of 10 retries results in 11 attempts over 2 minutes.
maxRetriesOnStartup: 10
# CouchDB request timeout (unit: duration, e.g. 20s)
requestTimeout: 35s
# Limit on the number of records per each CouchDB query
# Note that chaincode queries are only bound by totalQueryLimit.
# Internally the chaincode may execute multiple CouchDB queries,
# each of size internalQueryLimit.
internalQueryLimit: 1000
# Limit on the number of records per CouchDB bulk update batch
maxBatchUpdateSize: 1000
# Create the _global_changes system database
# This is optional. Creating the global changes database will require
# additional system resources to track changes and maintain the database
createGlobalChangesDB: false
# CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state
# cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple
# of 32 MB, the peer would round the size to the next multiple of 32 MB.
# To disable the cache, 0 MB needs to be assigned to the cacheSize.
cacheSize: 64
history:
# enableHistoryDatabase - options are true or false
# Indicates if the history of key updates should be stored.
# All history 'index' will be stored in goleveldb, regardless if using
# CouchDB or alternate database for the state.
enableHistoryDatabase: true
pvtdataStore:
# the maximum db batch size for converting
# the ineligible missing data entries to eligible missing data entries
collElgProcMaxDbBatchSize: 5000
# the minimum duration (in milliseconds) between writing
# two consecutive db batches for converting the ineligible missing data entries to eligible missing data entries
collElgProcDbBatchesInterval: 1000
# The missing data entries are classified into two categories:
# (1) prioritized
# (2) deprioritized
# Initially, all missing data are in the prioritized list. When the
# reconciler is unable to fetch the missing data from other peers,
# the unreconciled missing data would be moved to the deprioritized list.
# The reconciler would retry deprioritized missing data after every
# deprioritizedDataReconcilerInterval (unit: minutes). Note that the
# interval needs to be greater than the reconcileSleepInterval
deprioritizedDataReconcilerInterval: 60m
snapshots:
# Path on the file system where peer will store ledger snapshots
rootDir: /var/hyperledger/production/snapshots/org1-peer0
###############################################################################
#
# Operations section
#
###############################################################################
operations:
# host and port for the operations server
listenAddress: 127.0.0.1:9446
# TLS configuration for the operations endpoint
tls:
# TLS enabled
enabled: false
# path to PEM encoded server certificate for the operations server
cert:
file:
# path to PEM encoded server key for the operations server
key:
file:
# most operations service endpoints require client authentication when TLS
# is enabled. clientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
clientAuthRequired: false
# paths to PEM encoded ca certificates to trust for client authentication
clientRootCAs:
files: []
###############################################################################
#
# Metrics section
#
###############################################################################
metrics:
# metrics provider is one of statsd, prometheus, or disabled
provider: disabled
# statsd configuration
statsd:
# network type: tcp or udp
network: udp
# statsd server address
address: 127.0.0.1:8125
# the interval at which locally cached counters and gauges are pushed
# to statsd; timings are pushed immediately
writeInterval: 10s
# prefix is prepended to all emitted statsd metrics
prefix:
启动 org1-peer0 节点:
nohup ./peer node start > org1-peer0.log 2>&1 &后续内容可参考下面的文章
Hyperledger Fabric 二进制安装部署 Peer 节点 - DevX的个人空间 - OSCHINA - 中文开源技术交流社区
九.docker 方式搭建多机网络
3 个 orderer 节点;组织 org1 , org1 下有两个 peer 节点, peer0 和 peer1; 组织 org2 , org2 下有两个 peer 节点, peer0 和 peer1;
因为我只有 3 台虚拟机资源所以没法实现完全的多机部署,资源使用规划如下:
| 节点 | 宿主机 IP | hosts | 端口 |
|---|---|---|---|
| cli | 192.168.0.105 | N/A | N/A |
| orderer0 | 192.168.0.105 | orderer0.example.com | 7050 |
| orderer1 | 192.168.0.105 | orderer1.example.com | 8050 |
| orderer2 | 192.168.0.105 | orderer2.example.com | 9050 |
| org1-peer0 | 192.168.0.109 | peer0.org1.example.com | 7051 |
| org1-peer1 | 192.168.0.109 | peer1.org1.example.com | 8051 |
| org2-peer0 | 192.168.0.110 | peer0.org2.example.com | 7051 |
| org2-peer1 | 192.168.0.110 | peer1.org2.example.com | 8051 |
vim /etc/hosts#新增
192.168.0.105 orderer0.example.com
192.168.0.105 orderer1.example.com
192.168.0.105 orderer2.example.com
192.168.0.109 peer0.org1.example.com
192.168.0.109 peer1.org1.example.com
192.168.0.110 peer0.org2.example.com
192.168.0.110 peer1.org2.example.com
编写 orderer 节点 docker-compose 文件
version: '2.1'
services:
cli:
image: hyperledger/fabric-tools:2.4.1
restart: always
container_name: fabric-cli
hostname: fabric-cli
tty: true
extra_hosts:
- "orderer0.example.com:192.168.44.128"
- "orderer1.example.com:192.168.44.128"
- "orderer2.example.com:192.168.44.128"
- "peer0.org1.example.com:192.168.44.128"
- "peer1.org1.example.com:192.168.44.128"
- "peer0.org2.example.com:192.168.44.128"
- "peer1.org2.example.com:192.168.44.128"
environment:
- CORE_PEER_ID=fabric-cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051 # default to operate on peer0.org1
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_FORMAT=%{color}[%{id:03x} %{time:01-02 15:04:05.00 MST}] [%{module}] %{shortfunc} -> %{level:.4s}%{color:reset} %{message}
- CORE_PEER_TLS_ENABLED=true # to enable TLS, change to true
- ORDERER_CA=/etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
volumes:
- ./config/crypto-config.yaml:/etc/hyperledger/fabric/crypto-config.yaml
- ../config/configtx.yaml:/etc/hyperledger/fabric/configtx.yaml
- ./crypto-config:/etc/hyperledger/fabric/crypto-config
- ./channel-artifacts:/tmp/channel-artifacts
- ./chaincodes:/etc/hyperledger/fabric/chaincodes
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: bash -c 'cd /tmp; source scripts/func.sh; while true; do sleep 20170504; done'
orderer0.example.com: # There can be multiple orderers
image: hyperledger/fabric-orderer:2.4.1
restart: always
container_name: orderer0.example.com
hostname: orderer0.example.com
ports:
- "7050:7050"
extra_hosts:
- "orderer0.example.com:192.168.44.128"
- "orderer1.example.com:192.168.44.128"
- "orderer2.example.com:192.168.44.128"
- "peer0.org1.example.com:192.168.44.128"
- "peer1.org1.example.com:192.168.44.128"
- "peer0.org2.example.com:192.168.44.128"
- "peer1.org2.example.com:192.168.44.128"
environment:
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 # default: 127.0.0.1
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file # default: provisional
- ORDERER_GENERAL_BOOTSTRAPFILE=/etc/hyperledger/fabric/orderer.genesis.block # by default, all materials should be put under $FABRIC_CFG_PATH, which defaults to /etc/hyperledger/fabric
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP # default: DEFAULT
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/fabric/msp
- ORDERER_GENERAL_LEDGERTYPE=file
#- ORDERER_GENERAL_LEDGERTYPE=json # default: file
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443 # operation RESTful API
- ORDERER_METRICS_PROVIDER=prometheus # prometheus will pull metrics from orderer via /metrics RESTful API
#- ORDERER_RAMLEDGER_HISTORY_SIZE=100 #only useful when use ram ledger
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true # default: false
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/fabric/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/fabric/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/fabric/tls/ca.crt]
# Only required by raft mode
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/fabric/tls/server.key
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/fabric/tls/server.crt
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/fabric/tls/ca.crt]
- FABRIC_LOGGING_SPEC=DEBUG
volumes:
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/:/etc/hyperledger/fabric/tls
- ./channel-artifacts/orderer.genesis.block:/etc/hyperledger/fabric/orderer.genesis.block
expose:
- "7050" # gRPC
- "8443" # Operation REST
command: orderer start
orderer1.example.com:
image: hyperledger/fabric-orderer:2.4.1
restart: always
container_name: orderer1.example.com
hostname: orderer1.example.com
ports:
- "8050:7050"
extra_hosts:
- "orderer0.example.com:192.168.44.128"
- "orderer1.example.com:192.168.44.128"
- "orderer2.example.com:192.168.44.128"
- "peer0.org1.example.com:192.168.44.128"
- "peer1.org1.example.com:192.168.44.128"
- "peer0.org2.example.com:192.168.44.128"
- "peer1.org2.example.com:192.168.44.128"
environment:
- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 # default: 127.0.0.1
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file # default: provisional
- ORDERER_GENERAL_BOOTSTRAPFILE=/etc/hyperledger/fabric/orderer.genesis.block # by default, all materials should be put under $FABRIC_CFG_PATH, which defaults to /etc/hyperledger/fabric
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP # default: DEFAULT
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/fabric/msp
- ORDERER_GENERAL_LEDGERTYPE=file
#- ORDERER_GENERAL_LEDGERTYPE=json # default: file
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443 # operation RESTful API
- ORDERER_METRICS_PROVIDER=prometheus # prometheus will pull metrics from orderer via /metrics RESTful API
#- ORDERER_RAMLEDGER_HISTORY_SIZE=100 #only useful when use ram ledger
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true # default: false
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/fabric/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/fabric/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/fabric/tls/ca.crt]
# Only required by raft mode
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/fabric/tls/server.key
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/fabric/tls/server.crt
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/fabric/tls/ca.crt]
- ORDERER_GENERAL_CLUSTER_SENDBUFFERSIZE=10
volumes:
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/:/etc/hyperledger/fabric/tls
- ./channel-artifacts/orderer.genesis.block:/etc/hyperledger/fabric/orderer.genesis.block
command: orderer start
orderer2.example.com:
image: hyperledger/fabric-orderer:2.4.1
restart: always
container_name: orderer2.example.com
hostname: orderer2.example.com
ports:
- "9050:7050"
extra_hosts:
- "orderer0.example.com:192.168.44.128"
- "orderer1.example.com:192.168.44.128"
- "orderer2.example.com:192.168.44.128"
- "peer0.org1.example.com:192.168.44.128"
- "peer1.org1.example.com:192.168.44.128"
- "peer0.org2.example.com:192.168.44.128"
- "peer1.org2.example.com:192.168.44.128"
environment:
- FABRIC_LOGGING_SPEC=DEBUG # default: INFO
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 # default: 127.0.0.1
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file # default: provisional
- ORDERER_GENERAL_BOOTSTRAPFILE=/etc/hyperledger/fabric/orderer.genesis.block # by default, all materials should be put under $FABRIC_CFG_PATH, which defaults to /etc/hyperledger/fabric
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP # default: DEFAULT
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/fabric/msp
- ORDERER_GENERAL_LEDGERTYPE=file
#- ORDERER_GENERAL_LEDGERTYPE=json # default: file
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443 # operation RESTful API
- ORDERER_METRICS_PROVIDER=prometheus # prometheus will pull metrics from orderer via /metrics RESTful API
#- ORDERER_RAMLEDGER_HISTORY_SIZE=100 #only useful when use ram ledger
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true # default: false
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/fabric/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/fabric/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/fabric/tls/ca.crt]
# Only required by raft mode
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/fabric/tls/server.key
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/fabric/tls/server.crt
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/fabric/tls/ca.crt]
- ORDERER_GENERAL_CLUSTER_SENDBUFFERSIZE=10
volumes:
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/:/etc/hyperledger/fabric/tls
- ./channel-artifacts/orderer.genesis.block:/etc/hyperledger/fabric/orderer.genesis.block
command: orderer start
移动到docker目录下
启动 orderer 节点:
docker-compose -f docker-compose-3orderer.yaml up -d
启动后是否共识成功可以查看下日志
docker logs -f --tail=300 orderer0.example.com部署 org1 peer 节点
编写 docker-compose 文件
version: '2.1'
services:
peer0.org1.example.com:
image: hyperledger/fabric-peer:2.4.1
restart: always
container_name: peer0.org1.example.com
hostname: peer0.org1.example.com
ports:
- 7051:7051
- 7052:7052
- 9443:9443
extra_hosts:
- "orderer0.example.com:192.168.44.128"
- "orderer1.example.com:192.168.44.128"
- "orderer2.example.com:192.168.44.128"
- "peer0.org1.example.com:192.168.44.128"
- "peer1.org1.example.com:192.168.44.128"
- "peer0.org2.example.com:192.168.44.128"
- "peer1.org2.example.com:192.168.44.128"
environment:
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
- CORE_PEER_ADDRESSAUTODETECT=false
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=host # uncomment this to use specific network
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false # whether this node is the org leader, default to false
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443 # operation RESTful API
- CORE_METRICS_PROVIDER=prometheus # prometheus will pull metrics from fabric via /metrics RESTful API
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_CHAINCODE_BUILDER=hyperledger/fabric-ccenv:2.4.1
- CORE_CHAINCODE_GOLANG_RUNTIME=hyperledger/fabric-baseos:2.4.1
- CORE_CHAINCODE_JAVA_RUNTIME=hyperledger/fabric-javaenv:2.4.1
- CORE_CHAINCODE_NODE_RUNTIME=hyperledger/fabric-nodeenv:2.4.1
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- FABRIC_LOGGING_SPEC=DEBUG # info:core.chaincode=debug
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer0.org1.couchdb:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
expose:
- "7051" # gRPC
- "9443" # Operation REST
#command: bash -c 'bash /tmp/peer_build.sh; peer node start'
command: peer node start
depends_on:
- peer0.org1.couchdb
peer1.org1.example.com:
image: hyperledger/fabric-peer:2.4.1
restart: always
container_name: peer1.org1.example.com
hostname: peer1.org1.example.com
ports:
- 8051:7051
- 8052:7052
- 9444:9443
extra_hosts:
- "orderer0.example.com:192.168.44.128"
- "orderer1.example.com:192.168.44.128"
- "orderer2.example.com:192.168.44.128"
- "peer0.org1.example.com:192.168.44.128"
- "peer1.org1.example.com:192.168.44.128"
- "peer0.org2.example.com:192.168.44.128"
- "peer1.org2.example.com:192.168.44.128"
environment:
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
- CORE_PEER_ADDRESSAUTODETECT=false
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=host # uncomment this to use specific network
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false # whether this node is the org leader, default to false
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443 # operation RESTful API
- CORE_METRICS_PROVIDER=prometheus # prometheus will pull metrics from fabric via /metrics RESTful API
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_CHAINCODE_BUILDER=hyperledger/fabric-ccenv:2.4.1
- CORE_CHAINCODE_GOLANG_RUNTIME=hyperledger/fabric-baseos:2.4.1
- CORE_CHAINCODE_JAVA_RUNTIME=hyperledger/fabric-javaenv:2.4.1
- CORE_CHAINCODE_NODE_RUNTIME=hyperledger/fabric-nodeenv:2.4.1
- CORE_PEER_ID=peer1.org1.example.com
- CORE_PEER_ADDRESS=peer1.org1.example.com:8051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_CHAINCODEADDRESS=peer1.org1.example.com:8052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:8051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.example.com:8051
- CORE_PEER_LOCALMSPID=Org1MSP
- FABRIC_LOGGING_SPEC=DEBUG # info:core.chaincode=debug
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer1.org1.couchdb:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls
expose:
- "8051" # gRPC
- "8052" # chaincode
- "9444" # Operation REST
#command: bash -c 'bash /tmp/peer_build.sh; peer node start'
command: peer node start
depends_on:
- peer1.org1.couchdb
peer0.org1.couchdb:
image: couchdb:3.1.1
container_name: peer0.org1.couchdb
ports:
- 5984:5984 # this is the restful API addr, can also access fauxton web ui thru http://localhost:5984/_utils/
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=adminpw
peer1.org1.couchdb:
image: couchdb:3.1.1
container_name: peer1.org1.couchdb
ports:
- 6984:5984 # this is the restful API addr, can also access fauxton web ui thru http://localhost:5984/_utils/
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=adminpw
启动 org1 peer 节点:
docker-compose -f docker-compose-org1-2peer-couchdb.yaml up -d部署 org2 peer 节点
编写 docker-compose 文件
version: '2.1'
services:
peer0.org2.example.com:
image: hyperledger/fabric-peer:2.4.1
restart: always
container_name: peer0.org2.example.com
hostname: peer0.org2.example.com
ports:
- 9051:7051
- 9052:7052
- 9445:9443
extra_hosts:
- "orderer0.example.com:192.168.44.128"
- "orderer1.example.com:192.168.44.128"
- "orderer2.example.com:192.168.44.128"
- "peer0.org1.example.com:192.168.44.128"
- "peer1.org1.example.com:192.168.44.128"
- "peer0.org2.example.com:192.168.44.128"
- "peer1.org2.example.com:192.168.44.128"
environment:
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
- CORE_PEER_ADDRESSAUTODETECT=false
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=host # uncomment this to use specific network
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false # whether this node is the org leader, default to false
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443 # operation RESTful API
- CORE_METRICS_PROVIDER=prometheus # prometheus will pull metrics from fabric via /metrics RESTful API
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_CHAINCODE_BUILDER=hyperledger/fabric-ccenv:2.4.1
- CORE_CHAINCODE_GOLANG_RUNTIME=hyperledger/fabric-baseos:2.4.1
- CORE_CHAINCODE_JAVA_RUNTIME=hyperledger/fabric-javaenv:2.4.1
- CORE_CHAINCODE_NODE_RUNTIME=hyperledger/fabric-nodeenv:2.4.1
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051
- CORE_PEER_LOCALMSPID=Org2MSP
- FABRIC_LOGGING_SPEC=DEBUG # info:core.chaincode=debug
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer0.org2.couchdb:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
expose:
- "9051" # gRPC
- "9445" # Operation REST
#command: bash -c 'bash /tmp/peer_build.sh; peer node start'
command: peer node start
depends_on:
- peer0.org2.couchdb
peer1.org2.example.com:
image: hyperledger/fabric-peer:2.4.1
restart: always
container_name: peer1.org2.example.com
hostname: peer1.org2.example.com
ports:
- 10051:7051
- 10052:7052
- 9446:9443
extra_hosts:
- "orderer0.example.com:192.168.44.128"
- "orderer1.example.com:192.168.44.128"
- "orderer2.example.com:192.168.44.128"
- "peer0.org1.example.com:192.168.44.128"
- "peer1.org1.example.com:192.168.44.128"
- "peer0.org2.example.com:192.168.44.128"
- "peer1.org2.example.com:192.168.44.128"
environment:
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
- CORE_PEER_ADDRESSAUTODETECT=false
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=host # uncomment this to use specific network
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false # whether this node is the org leader, default to false
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443 # operation RESTful API
- CORE_METRICS_PROVIDER=prometheus # prometheus will pull metrics from fabric via /metrics RESTful API
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_CHAINCODE_BUILDER=hyperledger/fabric-ccenv:2.4.1
- CORE_CHAINCODE_GOLANG_RUNTIME=hyperledger/fabric-baseos:2.4.1
- CORE_CHAINCODE_JAVA_RUNTIME=hyperledger/fabric-javaenv:2.4.1
- CORE_CHAINCODE_NODE_RUNTIME=hyperledger/fabric-nodeenv:2.4.1
- CORE_PEER_ID=peer1.org2.example.com
- CORE_PEER_ADDRESS=peer1.org2.example.com:8051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_CHAINCODEADDRESS=peer1.org2.example.com:8052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:8051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:8051
- CORE_PEER_LOCALMSPID=Org2MSP
- FABRIC_LOGGING_SPEC=DEBUG # info:core.chaincode=debug
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer1.org2.couchdb:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/etc/hyperledger/fabric/tls
expose:
- "10051" # gRPC
- "9446" # Operation REST
#command: bash -c 'bash /tmp/peer_build.sh; peer node start'
command: peer node start
depends_on:
- peer1.org2.couchdb
peer0.org2.couchdb:
image: couchdb:3.1.1
container_name: peer0.org2.couchdb
ports:
- 7984:5984 # this is the restful API addr, can also access fauxton web ui thru http://localhost:5985/_utils/
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=adminpw
peer1.org2.couchdb:
image: couchdb:3.1.1
container_name: peer1.org2.couchdb
ports:
- 8984:5984 # this is the restful API addr, can also access fauxton web ui thru http://localhost:5985/_utils/
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=adminpw
启动 org2 peer 节点:
docker-compose -f docker-compose-org2-2peer.yaml up -d
最后docker容器中
十.多机网络中创建通道安装 Java 链码
先确保所搭建的节点都是成功运行了的
1.创建通道
进入 cli 容器:
docker exec -it fabric-cli bash
export APP_CHANNEL=businesschannel
export TIMEOUT=30
export CORE_PEER_LOCALMSPID=Org1MSP
export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
peer channel create -o orderer0.example.com:7050 -c ${APP_CHANNEL} -f "/tmp/channel-artifacts/$APP_CHANNEL.tx" --timeout "${TIMEOUT}s" --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
创建成功后会在当前路径下生成 businesschannel.block 文件。
mv businesschannel.block /tmp/channel-artifacts/加入通道
进入 cli 容器:
docker exec -it fabric-cli bash
org1-peer0 加入通道:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=peer0.org1.example.com:7051 peer channel join -b /tmp/channel-artifacts/businesschannel.block结果如下:
[020 02-18 03:57:28.30 UTC] [channelCmd] executeJoin -> INFO Successfully submitted proposal to join channel
org1-peer1 加入通道:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=peer1.org1.example.com:8051 peer channel join -b /tmp/channel-artifacts/businesschannel.blockorg2-peer0 加入通道:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=peer0.org2.example.com:7051 peer channel join -b /tmp/channel-artifacts/businesschannel.blockorg2-peer1 加入通道:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=peer1.org2.example.com:8051 peer channel join -b /tmp/channel-artifacts/businesschannel.block更新锚节点
org1 更新锚节点:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=peer0.org1.example.com:7051 peer channel update -o orderer0.example.com:7050 -c businesschannel -f /tmp/channel-artifacts/Org1MSPanchors.tx --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pemorg2 更新锚节点:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=peer0.org2.example.com:7051 peer channel update -o orderer0.example.com:7050 -c businesschannel -f /tmp/channel-artifacts/Org2MSPanchors.tx --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem锚节点配置更新后,同一通道内不同组织之间的 Peer 也可以进行 Gossip 通信,共同维护通道账本。后续,用户可以通过智能合约使用通道账本。
安装链码
进入 cli 容器:
docker exec -it fabric-cli bash
在宿主机和 docker cli 容器挂载的 chaincodes 目录下下载合约代码:
git clone https://gitee.com/kernelHP/hyperledger-fabric-contract-java-demo.git
cd hyperledger-fabric-contract-java-demo/
编译打包源码:
mvn compile package -DskipTests -Dmaven.test.skip=true
mv target/chaincode.jar $PWD
# 删除编译后产生的 target 目录; src 源代码目录; pom.xml
rm -rf target/ src pom.xml
得到如下结构目录:
hyperledger-fabric-contract-java-demo/ ├── chaincode.jar ├── collections_config.json ├── META-INF │ └── statedb │ └── couchdb │ └── indexes │ └── indexNameColor.json打包链码
在 peer 节点安装链码
cd /etc/hyperledger/fabric/chaincodes/
org1-peer0 节点:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=peer0.org1.example.com:7051 peer lifecycle chaincode install hyperledger-fabric-contract-java-demo.tar.gz结果如下:
[020 02-18 03:26:06.78 UTC] [cli.lifecycle.chaincode] submitInstallProposal -> INFO Installed remotely: response:<status:200 payload:"\nhhyperledger-fabric-contract-java-demo_1:bbc6a881b7cf349cd608a608d32e638b546341575e48614524761ab51fc6a457\022'hyperledger-fabric-contract-java-demo_1" >
[021 02-18 03:26:06.78 UTC] [cli.lifecycle.chaincode] submitInstallProposal -> INFO Chaincode code package identifier: hyperledger-fabric-contract-java-demo_1:bbc6a881b7cf349cd608a608d32e638b546341575e48614524761ab51fc6a457
org1-peer1 节点:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=peer1.org1.example.com:8051 peer lifecycle chaincode install hyperledger-fabric-contract-java-demo.tar.gzorg2-peer0 节点:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=peer0.org2.example.com:7051 peer lifecycle chaincode install hyperledger-fabric-contract-java-demo.tar.gzorg2-peer1 节点:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=peer1.org2.example.com:8051 peer lifecycle chaincode install hyperledger-fabric-contract-java-demo.tar.gz查询包 ID:
peer lifecycle chaincode queryinstalled
包 ID 是链码标签和链码二进制文件的哈希值的组合。每个 peer 节点将生成相同的包 ID。你应该看到类似于以下内容的输出:
Installed chaincodes on peer:
Package ID: hyperledger-fabric-contract-java-demo_1:bbc6a881b7cf349cd608a608d32e638b546341575e48614524761ab51fc6a457, Label: hyperledger-fabric-contract-java-demo_1
将包 ID 保存为环境变量:
export CC_PACKAGE_ID=hyperledger-fabric-contract-java-demo_1:bbc6a881b7cf349cd608a608d32e638b546341575e48614524761ab51fc6a457
批准链码定义
org1 批准链码定义:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=peer0.org1.example.com:7051 peer lifecycle chaincode approveformyorg -o orderer0.example.com:7050 --ordererTLSHostnameOverride orderer0.example.com --channelID businesschannel --name hyperledger-fabric-contract-java-demo --version 1.0 --package-id $CC_PACKAGE_ID --sequence 1 --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem结果如下:
[025 02-18 05:37:12.44 UTC] [chaincodeCmd] ClientWait -> INFO txid [895c0d4b9eee30419e068072b816906f660c1f9ddb7400b63d6892a001470c38] committed with status (VALID) at peer0.org1.example.com:7051
org2 批准链码定义:
export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=peer0.org2.example.com:7051 peer lifecycle chaincode approveformyorg -o orderer0.example.com:7050 --ordererTLSHostnameOverride orderer0.example.com --channelID businesschannel --name hyperledger-fabric-contract-java-demo --version 1.0 --package-id $CC_PACKAGE_ID --sequence 1 --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem检查通道成员是否已批准相同的链码定义:
peer lifecycle chaincode checkcommitreadiness --channelID businesschannel --name hyperledger-fabric-contract-java-demo --version 1.0 --sequence 1 --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --output json
输出结果如下:
{ "approvals": { "Org1MSP": true, "Org2MSP": true } }将链码提交到通道:
peer lifecycle chaincode commit -o orderer0.example.com:7050 --ordererTLSHostnameOverride orderer0.example.com --channelID businesschannel --name hyperledger-fabric-contract-java-demo --version 1.0 --sequence 1 --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
结果如下:
[029 02-18 05:50:47.62 UTC] [chaincodeCmd] ClientWait -> INFO txid [2c06365cd94ebcc95e4fc6e5a5334aafda35e874bf894ef604fd3a9fe18d86be] committed with status (VALID) at peer0.org2.example.com:7051
[02a 02-18 05:50:47.81 UTC] [chaincodeCmd] ClientWait -> INFO txid [2c06365cd94ebcc95e4fc6e5a5334aafda35e874bf894ef604fd3a9fe18d86be] committed with status (VALID) at peer0.org1.example.com:7051
用 peer lifecycle chaincode querycommitted 命令来确认链码定义已提交给通道:
peer lifecycle chaincode querycommitted --channelID businesschannel --name hyperledger-fabric-contract-java-demo --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
结果如下:
Committed chaincode definition for chaincode 'hyperledger-fabric-contract-java-demo' on channel 'businesschannel':
Version: 1.0, Sequence: 1, Endorsement Plugin: escc, Validation Plugin: vscc, Approvals: [Org1MSP: true, Org2MSP: true]
调用链码
# 调用 createCat 函数
peer chaincode invoke -o orderer0.example.com:7050 --ordererTLSHostnameOverride orderer0.example.com --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C businesschannel -n hyperledger-fabric-contract-java-demo --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"function":"createCat","Args":["cat-0" , "tom" , "3" , "蓝色" , "大懒猫"]}'
# 调用 queryCat 函数
peer chaincode query -C businesschannel -n hyperledger-fabric-contract-java-demo -c '{"Args":["queryCat" , "cat-0"]}'
1039
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
