- 原
fabric 1.3.1 ,全手动部署到5台机器上.支持 kafka 模式的共识机制和 couchdb 存储,以及 fabric ca , fabric explorer的使用。
置顶 2018年10月01日 05:08:21 remote_roamer 阅读数:2043
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/remote_roamer/article/details/82914666
fabric 1.3.1 ,全手动部署到5台机器上.支持 kafka 模式的共识机制和 couchdb 存储,以及 fabric ca , fabric explorer的使用。
参考文档
https://hyperledger-fabric.readthedocs.io/en/release-1.3/
https://www.lijiaocn.com/项目/2018/04/26/hyperledger-fabric-deploy.html
https://hyperledgercn.github.io/hyperledgerDocs/
系统环境:centos 7 64位
docker
docker-compose
A. Fabric 1.3.1 的安装
一. 安装docker
sudo yum -y remove docker docker-common container-selinux
sudo yum -y remove docker-selinux
sudo yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum update
yum install docker-engine
systemctl enable docker
systemctl restart docker
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
二. 安装docker-compose
docker-compose是docker集群管理工具,可自定义一键启动多个docker container。
官网二进制发布:
https://github.com/docker/compose/releases
安装手册见网站 :
https://docs.docker.com/compose/install/
安装命令如下:
curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
docker-compose -v
- 1
- 2
- 3
- 4
- 5
- 6
- 7
三.准备环境。
| IP | host |
|---|---|
| 192.168.188.110 | cli.alcor.com |
| 192.168.188.111 | kafka.alcor.com |
| 192.168.188.112 | ca.alcor.com |
| 192.168.188.113 | explorer.alcor.com |
| 192.168.188.120 | orderer.alcor.com |
| 192.168.188.221 | peer0.org1.alcor.com |
| 192.168.188.222 | peer1.org1.alcor.com |
| 192.168.188.223 | peer0.org2.alcor.com |
| 192.168.188.224 | peer1.org2.alcor.com |
每台机器的 hostname 中都增加 ip 解析
vim /etc/hosts
192.168.188.110 cli.alcor.com
192.168.188.111 kafka.alcor.com
192.168.188.112 ca.alcor.com
192.168.188.113 explorer.alcor.com
192.168.188.120 orderer.alcor.com
192.168.188.221 peer0.org1.alcor.com
192.168.188.222 peer1.org1.alcor.com
192.168.188.223 peer0.org2.alcor.com
192.168.188.224 peer1.org2.alcor.com
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
工作目录是 /root/fabric
在/root/fabric目录下建立2个子目录
- /root/fabric/fabric-deploy 存放部署和配置内容
- /root/fabric/fabric-images 存放自己制作的 docker images
四.安装 kafka 和 zookeeper
我在这里使用 docker-compose 安装 zookeeper 和 kafka(3个 kafka 节点) 环境
配置文件存放在
/Users/roamer/Documents/Docker/本地虚拟机/kafka 目录下
kafka 测试流程参考文档:
kafka 的使用
五.下载 fabric 1.3.1
对应网站查看版本信息
https://nexus.hyperledger.org/#nexus-search;quick~fabric 1.3
#登录 cli 主机
mkdir -p /root/fabric/fabric-deploy
cd ~/fabric/fabric-deploy
wget https://nexus.hyperledger.org/service/local/repositories/releases/content/org/hyperledger/fabric/hyperledger-fabric-1.3.1-stable/linux-amd64.1.3.1-stable-ce1bd72/hyperledger-fabric-1.3.1-stable-linux-amd64.1.3.1-stable-ce1bd72.tar.gz
- 1
- 2
- 3
- 4
tar -xvf hyperledger-fabric-1.3.1-stable-linux-amd64.1.3.1-stable-ce1bd72.tar.gz
- 1
六. hyperledger 的证书准备
证书的准备方式有两种,一种用cryptogen命令生成,一种是通过fabric-ca服务生成。
创建一个配置文件crypto-config.yaml,这里配置了两个组织,org1和 org2的Template 的 Count是2,表示各自两个peer。
vim crypto-config.yaml
#文件内容如下:
OrdererOrgs:
- Name: Orderer
Domain: alcor.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.alcor.com
Template:
Count: 2
Users:
Count: 2
- Name: Org2
Domain: org2.alcor.com
Template:
Count: 2
Users:
Count: 2
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
生成证书, 所有的文件存放在 /root/fabric/fabric-deploy/certs 目录下
cd /root/fabric/fabric-deploy
./bin/cryptogen generate --config=crypto-config.yaml --output ./certs
- 1
- 2
在后续章节进行介绍
七. hyperledger fabric 中的Orderer 配置和安装文件的准备
1. 建立一个存放orderer 配置文件的目录,用于以后复制到 orderer 主机上直接运行 orderer(支持 kafka)
cd /root/fabric/fabric-deploy
mkdir orderer.alcor.com
cd orderer.alcor.com
- 1
- 2
- 3
2. 先将bin/orderer以及证书复制到orderer.alcor.com目录中。
cd /root/fabric/fabric-deploy
cp ./bin/orderer orderer.alcor.com
cp -rf ./certs/ordererOrganizations/alcor.com/orderers/orderer.alcor.com/* ./orderer.alcor.com/
- 1
- 2
- 3
3. 然后准备orderer的配置文件orderer.alcor.com/orderer.yaml
vi /root/fabric/fabric-deploy/orderer.alcor.com/orderer.yaml
#内容如下
General:
LedgerType: file
ListenAddress: 0.0.0.0
ListenPort: 7050
TLS:
Enabled: true
PrivateKey: ./tls/server.key
Certificate: ./tls/server.crt
RootCAs:
- ./tls/ca.crt
# ClientAuthEnabled: false
# ClientRootCAs:
LogLevel: debug
LogFormat: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
# GenesisMethod: provisional
GenesisMethod: file
GenesisProfile: SampleInsecureSolo
GenesisFile: ./genesisblock
LocalMSPDir: ./msp
LocalMSPID: OrdererMSP
Profile:
Enabled: false
Address: 0.0.0.0:6060
BCCSP:
Default: SW
SW:
Hash: SHA2
Security: 256
FileKeyStore:
KeyStore:
FileLedger:
Location: /opt/fabric/orderer/data
Prefix: hyperledger-fabric-ordererledger
RAMLedger:
HistorySize: 1000
Kafka:
Retry:
ShortInterval: 5s
ShortTotal: 10m
LongInterval: 5m
LongTotal: 12h
NetworkTimeouts:
DialTimeout: 10s
ReadTimeout: 10s
WriteTimeout: 10s
Metadata:
RetryBackoff: 250ms
RetryMax: 3
Producer:
RetryBackoff: 100ms
RetryMax: 3
Consumer:
RetryBackoff: 2s
Verbose: false
TLS:
Enabled: false
PrivateKey:
#File: path/to/PrivateKey
Certificate:
#File: path/to/Certificate
RootCAs:
#File: path/to/RootCAs
Version:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
注意,orderer将被部署在目标机器(orderer.alcor.com)的/opt/fabric/orderer目录中,如果要部署在其它目录中,需要修改配置文件中路径。
4. 这里需要用到一个data目录,存放orderer的数据:
mkdir -p /root/fabric/fabric-deploy/orderer.alcor.com/data
- 1
vi /root/fabric/fabric-deploy/orderer.alcor.com/startOrderer.sh
- 1
在startOrderer.sh 中输入如下内容
#!/bin/bash
cd /opt/fabric/orderer
./orderer 2>&1 |tee log
- 1
- 2
- 3
修改成可以执行文件
chmod +x /root/fabric/fabric-deploy/orderer.alcor.com/startOrderer.sh
- 1
八. hyperledger fabric 中的Peer 配置和安装文件的准备
建立4个存放peer 配置信息的目录
1. 先设置 peer0.org1.alcor.com
mkdir -p /root/fabric/fabric-deploy/peer0.org1.alcor.com
- 1
cd /root/fabric/fabric-deploy
cp bin/peer peer0.org1.alcor.com/
cp -rf certs/peerOrganizations/org1.alcor.com/peers/peer0.org1.alcor.com/* peer0.org1.alcor.com/
- 1
- 2
- 3
注意: 一定要复制对应的 peer 和 org 的目录。否则会出现各种错误
b. 生成 peer0.org1.alcor.com 的core.yaml 文件
这里是基于 fabric 1.3.1版本修改的core.yaml 文件。不兼容fabric 1.2 版本 并且是使用 CouchDB 取代缺省的 LevelDB
vi /root/fabric/fabric-deploy/peer0.org1.alcor.com/core.yaml
#内容如下:
logging:
level: info
cauthdsl: warning
gossip: warning
grpc: error
ledger: info
msp: warning
policies: warning
peer:
gossip: warning
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
peer:
id: peer0.org1.alcor.com
networkId: dev
listenAddress: 0.0.0.0:7051
address: 0.0.0.0:7051
addressAutoDetect: false
gomaxprocs: -1
keepalive:
minInterval: 60s
client:
interval: 60s
timeout: 20s
deliveryClient:
interval: 60s
timeout: 20s
gossip:
bootstrap: peer0.org1.alcor.com:7051
useLeaderElection: true
orgLeader: false
endpoint:
maxBlockCountToStore: 100
maxPropagationBurstLatency: 10ms
maxPropagationBurstSize: 10
propagateIterations: 1
propagatePeerNum: 3
pullInterval: 4s
pullPeerNum: 3
requestStateInfoInterval: 4s
publishStateInfoInterval: 4s
stateInfoRetentionInterval:
publishCertPeriod: 10s
skipBlockVerification: false
dialTimeout: 3s
connTimeout: 2s
recvBuffSize: 20
sendBuffSize: 200
digestWaitTime: 1s
requestWaitTime: 1500ms
responseWaitTime: 2s
aliveTimeInterval: 5s
aliveExpirationTimeout: 25s
reconnectInterval: 25s
externalEndpoint:
election:
startupGracePeriod: 15s
membershipSampleInterval: 1s
leaderAliveThreshold: 10s
leaderElectionDuration: 5s
pvtData:
pullRetryThreshold: 60s
transientstoreMaxBlockRetention: 1000
pushAckTimeout: 3s
btlPullMargin: 10
reconcileBatchSize: 10
reconcileSleepInterval: 5m
tls:
enabled: true
clientAuthRequired: false
cert:
file: tls/server.crt
key:
file: tls/server.key
rootcert:
file: tls/ca.crt
clientRootCAs:
files:
- tls/ca.crt
clientKey:
file:
clientCert:
file:
authentication:
timewindow: 15m
fileSystemPath: /var/hyperledger/production
BCCSP:
Default: SW
SW:
Hash: SHA2
Security: 256
FileKeyStore:
KeyStore:
PKCS11:
Library:
Label:
Pin:
Hash:
Security:
FileKeyStore:
KeyStore:
mspConfigPath: msp
localMspId: Org1MSP
client:
connTimeout: 3s
deliveryclient:
reconnectTotalTimeThreshold: 3600s
connTimeout: 3s
reConnectBackoffThreshold: 3600s
localMspType: bccsp
profile:
enabled: false
listenAddress: 0.0.0.0:6060
adminService:
handlers:
authFilters:
-
name: DefaultAuth
-
name: ExpirationCheck # This filter checks identity x509 certificate expiration
decorators:
-
name: DefaultDecorator
endorsers:
escc:
name: DefaultEndorsement
library:
validators:
vscc:
name: DefaultValidation
library:
validatorPoolSize:
discovery:
enabled: true
authCacheEnabled: true
authCacheMaxSize: 1000
authCachePurgeRetentionRatio: 0.75
orgMembersAllowedAccess: false
vm:
endpoint: unix:///var/run/docker.sock
docker:
tls:
enabled: false
ca:
file: docker/ca.crt
cert:
file: docker/tls.crt
key:
file: docker/tls.key
attachStdout: false
hostConfig:
NetworkMode: host
Dns:
LogConfig:
Type: json-file
Config:
max-size: "50m"
max-file: "5"
Memory: 2147483648
chaincode:
id:
path:
name:
builder: $(DOCKER_NS)/fabric-ccenv:latest
pull: false
golang:
runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION)
dynamicLink: false
car:
runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION)
java:
runtime: $(DOCKER_NS)/fabric-javaenv:$(ARCH)-$(PROJECT_VERSION)
node:
runtime: $(BASE_DOCKER_NS)/fabric-baseimage:$(ARCH)-$(BASE_VERSION)
startuptimeout: 300s
executetimeout: 30s
mode: net
keepalive: 0
system:
+lifecycle: enable
cscc: enable
lscc: enable
escc: enable
vscc: enable
qscc: enable
systemPlugins:
logging:
level: info
shim: warning
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
ledger:
blockchain:
state:
stateDatabase: CouchDB #goleveldb
totalQueryLimit: 100000
couchDBConfig:
couchDBAddress: 127.0.0.1:5984
username: admin
password: password
maxRetries: 3
maxRetriesOnStartup: 10
requestTimeout: 35s
internalQueryLimit: 1000
maxBatchUpdateSize: 1000
warmIndexesAfterNBlocks: 1
createGlobalChangesDB: false
history:
enableHistoryDatabase: true
metrics:
enabled: false
reporter: statsd
interval: 1s
statsdReporter:
address: 0.0.0.0:8125
flushInterval: 2s
flushBytes: 1432
promReporter:
listenAddress: 0.0.0.0:8080
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
mkdir -p /root/fabric/fabric-deploy/peer0.org1.alcor.com/data
- 1
vi /root/fabric/fabric-deploy/peer0.org1.alcor.com/startPeer.sh
- 1
在文件中输入以下内容:
#!/bin/bash
cd /opt/fabric/peer
./peer node start 2>&1 |tee log
- 1
- 2
- 3
设置为可执行文件
chmod +x /root/fabric/fabric-deploy/peer0.org1.alcor.com/startPeer.sh
- 1
2. 设置 peer1.org1.alcor.com
mkdir -p /root/fabric/fabric-deploy/peer1.org1.alcor.com
- 1
cd /root/fabric/fabric-deploy
cp bin/peer peer1.org1.alcor.com/
cp -rf certs/peerOrganizations/org1.alcor.com/peers/peer1.org1.alcor.com/* peer1.org1.alcor.com/
- 1
- 2
- 3
b. 最后修改peer1.org1.alcor.com/core.yml,将其中的peer0.org1.alcor.com修改为peer1.org1.alcor.com,这里直接用sed命令替换:
cd /root/fabric/fabric-deploy
cp peer0.org1.alcor.com/core.yaml peer1.org1.alcor.com
sed -i "s/peer0.org1.alcor.com/peer1.org1.alcor.com/g" peer1.org1.alcor.com/core.yaml
- 1
- 2
- 3
mkdir -p /root/fabric/fabric-deploy/peer1.org1.alcor.com/data
- 1
d.复制 staratPeer.sh 文件
cp /root/fabric/fabric-deploy/peer0.org1.alcor.com/startPeer.sh peer1.org1.alcor.com/
- 1
3.设置 peer0.org2.alcor.com
mkdir -p /root/fabric/fabric-deploy/peer0.org2.alcor.com
- 1
cd /root/fabric/fabric-deploy
cp bin/peer peer0.org2.alcor.com/
cp -rf certs/peerOrganizations/org2.alcor.com/peers/peer0.org2.alcor.com/* peer0.org2.alcor.com/
- 1
- 2
- 3
b.最后修改peer0.org1.alcor.com/core.yml,将其中的peer0.org1.alcor.com修改为peer0.org2.alcor.com,这里直接用sed命令替换:
cd /root/fabric/fabric-deploy
cp peer0.org1.alcor.com/core.yaml peer0.org2.alcor.com
sed -i "s/peer0.org1.alcor.com/peer0.org2.alcor.com/g" peer0.org2.alcor.com/core.yaml
- 1
- 2
- 3
sed -i "s/Org1MSP/Org2MSP/g" peer0.org2.alcor.com/core.yaml
- 1
mkdir -p /root/fabric/fabric-deploy/peer0.org2.alcor.com/data
- 1
e.复制 staratPeer.sh 文件
cp /root/fabric/fabric-deploy/peer0.org1.alcor.com/startPeer.sh peer0.org2.alcor.com/
- 1
4. 设置 peer1.org2.alcor.com
mkdir -p /root/fabric/fabric-deploy/peer1.org2.alcor.com
- 1
cd /root/fabric/fabric-deploy
cp bin/peer peer1.org2.alcor.com/
cp -rf certs/peerOrganizations/org2.alcor.com/peers/peer1.org2.alcor.com/* peer1.org2.alcor.com/
- 1
- 2
- 3
b. 最后修改peer0.org1.alcor.com/core.yml,将其中的peer0.org1.alcor.com修改为peer1.org2.alcor.com,这里直接用sed命令替换:
cd /root/fabric/fabric-deploy
cp peer0.org1.alcor.com/core.yaml peer1.org2.alcor.com
sed -i "s/peer0.org1.alcor.com/peer1.org2.alcor.com/g" peer1.org2.alcor.com/core.yaml
- 1
- 2
- 3
sed -i "s/Org1MSP/Org2MSP/g" peer1.org2.alcor.com/core.yaml
- 1
mkdir -p /root/fabric/fabric-deploy/peer1.org2.alcor.com/data
- 1
e. 复制 staratPeer.sh 文件
cp /root/fabric/fabric-deploy/peer0.org1.alcor.com/startPeer.sh peer1.org2.alcor.com/
- 1
九. 准备hyperledger fabric 中的 order 和 peer 目标机器上的 配置文件部署
把准备好的 order 和 peer 上的配置文件复制到宿主机器上。
由于所有配置文件都是在 cli.alcor.com 机器上准备的,所以通过以下步骤复制到相应的主机上。目标地址按照配置文件都是存放在宿主机器/opt/fabric 目录下。
1. 复制到 orderer.alcor.com 上
# 在 orderer.alcor.com 机器上建立 /opt/fabric/orderer 目录
mkdir -p /opt/fabric/orderer
- 1
- 2
#回到 cli.alcor.com机器上,把 orderer的配置文件复制过去
cd /root/fabric/fabric-deploy
scp -r orderer.alcor.com/* root@orderer.alcor.com:/opt/fabric/orderer/
- 1
- 2
- 3
# 在 peer0.org1.alcor.com 机器上建立 /opt/fabric/peer 目录
mkdir -p /opt/fabric/peer
- 1
- 2
#回到 cli.alcor.com机器上,把 peer0.org1.alcor.com的配置文件复制过去
cd /root/fabric/fabric-deploy
scp -r peer0.org1.alcor.com/* root@peer0.org1.alcor.com:/opt/fabric/peer/
- 1
- 2
- 3
# 在 peer1.org1.alcor.com 机器上建立 /opt/fabric/peer 目录
mkdir -p /opt/fabric/peer
- 1
- 2
#回到 cli.alcor.com机器上,把 peer1.org1.alcor.com 的配置文件复制过去
cd /root/fabric/fabric-deploy
scp -r peer1.org1.alcor.com/* root@peer1.org1.alcor.com:/opt/fabric/peer/
- 1
- 2
- 3
# 在 peer0.org2.alcor.com 机器上建立 /opt/fabric/peer 目录
mkdir -p /opt/fabric/peer
- 1
- 2
#回到 cli.alcor.com机器上,把 peer0.org2.alcor.com的配置文件复制过去
cd /root/fabric/fabric-deploy
scp -r peer0.org2.alcor.com/* root@peer0.org2.alcor.com:/opt/fabric/peer/
- 1
- 2
- 3
# 在 peer1.org2.alcor.com 机器上建立 /opt/fabric/peer 目录
mkdir -p /opt/fabric/peer
- 1
- 2
#回到 cli.alcor.com机器上,把 peer1.org2.alcor.com的配置文件复制过去
cd /root/fabric/fabric-deploy
scp -r peer1.org2.alcor.com/* root@peer1.org2.alcor.com:/opt/fabric/peer/
- 1
- 2
- 3
十. 准备创世纪区块 genesisblock(kafka 模式)
1. 在 cli 机器的 /root/fabric/fabric-deploy/目录下,准备创世纪块的生成配置文件 configtx.yaml
vi /root/fabric/fabric-deploy/configtx.yaml
#文件内容如下:
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ./certs/ordererOrganizations/alcor.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: ./certs/peerOrganizations/org1.alcor.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
AnchorPeers:
- Host: peer0.org1.alcor.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: ./certs/peerOrganizations/org2.alcor.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
- Host: peer0.org2.alcor.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: kafka
Addresses:
- orderer.alcor.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- kafka.alcor.com:9092 # 可以填入多个kafka节点的地址
- kafka.alcor.com:9093
- kafka.alcor.com:9094
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
踩坑:
此版本是 fabric 1.3.1版本下使用的配置文件。不向下兼容(不能用在1.2和之前的版本)。
cd /root/fabric/fabric-deploy
./bin/configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./genesisblock -channelID genesis
- 1
- 2
生成创世纪区块文件 genesisblock ,并且指定创世区块的 channel id 是 genesis
3. 然后把区块文件 genesisblock 复制到 oderer.alcor.com机器上
#登录到 cli 主机
cd /root/fabric/fabric-deploy
scp ./genesisblock root@orderer.alcor.com:/opt/fabric/orderer
- 1
- 2
- 3
十一. 启动 orderer 和 peer
# 进入 orderer.alcor.com 主机的 /opt/fabric/orderer 目录,以后台进程方式启动orderer
nohup ./startOrderer.sh &
- 1
- 2
启动成功后,可以去任意一台 kafka 服务器上的控制台查看 topic 列表,是否有一个 genesis 的 channel。
/opt/kafka_2.11-1.1.1/bin/kafka-topics.sh --zookeeper 192.168.188.111:2181 --list
- 1
详细介绍查看 :
fabric peer 节点使用 CouchDB 来替换 LevelDB.
#分别进入4个 peer 主机的 /opt/fabric/peer 目录
#以后台进程方式启动 peer
nohup ./startPeer.sh &
- 1
- 2
- 3
在/etc/init.d 目录下建立一个 autoRunPeer.sh 文件。并且修改成可执行权限。
文件内容如下:
#!/bin/sh
#chkconfig: 2345 80 90
#表示在2/3/4/5运行级别启动,启动序号(S80),关闭序号(K90);
/usr/bin/nohup /opt/fabric/peer/startPeer.sh &
- 1
- 2
- 3
- 4
添加脚本到开机自动启动项目中
chkconfig --add autoRunPeer.sh
chkconfig autoRunPeer.sh on
- 1
- 2
5. 把 orderer 主机上的 orderer 进程注册成开机启动
在/etc/init.d 目录下建立一个 autoRunOrderer.sh 文件。并且修改成可执行权限。
文件内容如下:
#!/bin/sh
#chkconfig: 2345 80 90
#表示在2/3/4/5运行级别启动,启动序号(S80),关闭序号(K90);
/usr/bin/nohup /opt/fabric/orderer/startOrderer.sh &
- 1
- 2
- 3
- 4
添加脚本到开机自动启动项目中
chkconfig --add autoRunOrderer.sh
chkconfig autoRunOrderer.sh on
- 1
- 2
十二. 用户账号创建
cd /root/fabric/fabric-deploy
mkdir users
cd users
- 1
- 2
- 3
2. 创立 org1的Admin 用户信息(对应到 peer0.org1.alcor.com 的节点)
a. 创建用于保存 org1 的 Admin 用户信息的目录
cd /root/fabric/fabric-deploy/users
mkdir Admin@org1.alcor.com
cd Admin@org1.alcor.com
- 1
- 2
- 3
b. 复制Admin@org1.alcor.com用户的证书
cp -rf /root/fabric/fabric-deploy/certs/peerOrganizations/org1.alcor.com/users/Admin@org1.alcor.com/* /root/fabric/fabric-deploy/users/Admin@org1.alcor.com/
- 1
- 2
c. 复制peer0.org1.alcor.com的配置文件(对应到 peer0.org1.alcor.com 的节点)
cp /root/fabric/fabric-deploy/peer0.org1.alcor.com/core.yaml /root/fabric/fabric-deploy/users/Admin@org1.alcor.com/
- 1
d. 创建测试脚本(peer.sh)
#!/bin/bash
cd "/root/fabric/fabric-deploy/users/Admin@org1.alcor.com"
PATH=`pwd`/../../bin:$PATH
export FABRIC_CFG_PATH=`pwd`
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_TLS_CERT_FILE=./tls/client.crt
export CORE_PEER_TLS_KEY_FILE=./tls/client.key
export CORE_PEER_MSPCONFIGPATH=./msp
export CORE_PEER_ADDRESS=peer0.org1.alcor.com:7051
export CORE_PEER_LOCALMSPID=Org1MSP
export CORE_PEER_TLS_ROOTCERT_FILE=./tls/ca.crt
export CORE_PEER_ID=peer0.org1.alcor.com
export CORE_LOGGING_LEVEL=DEBUG
peer $*
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
注意:
其中的 pwd 工作目录 和 CORE_PEER_ADDRESS , CORE_PEER_LOCALMSPID 要和 peer0.org1.alcor.com 节点对应
e. 运行 peer.sh 来查看节点 peer0.org1.aclor.com 的状态
./peer.sh node status
- 1
3. 创立 org1的 User1 用户信息 (对应到 peer1.org1.alcor.com 的节点)
a. 创建保存 org1 的 User1 用户信息的目录(对应到 peer1.org1.alcor.com)
其实是 Admin 的用户证书,如果用的是User1的证书,在 peer node status 的时候,会出现错误: Error trying to connect to local peer: rpc error: code = Unknown desc = access denied
cd /root/fabric/fabric-deploy/users
mkdir User1@org1.alcor.com
cd User1@org1.alcor.com
- 1
- 2
- 3
b. 复制User1@org1.alcor.com用户的证书
cp -rf /root/fabric/fabric-deploy/certs/peerOrganizations/org1.alcor.com/users/Admin@org1.alcor.com/* /root/fabric/fabric-deploy/users/User1@org1.alcor.com/
- 1
- 2
c. 复制peer1.org1.alcor.com的配置文件(对应到 peer1.org1.alcor.com)
cp /root/fabric/fabric-deploy/peer1.org1.alcor.com/core.yaml /root/fabric/fabric-deploy/users/User1@org1.alcor.com/
- 1
d. 创建测试脚本(peer.sh)
#!/bin/bash
cd "/root/fabric/fabric-deploy/users/User1@org1.alcor.com"
PATH=`pwd`/../../bin:$PATH
export FABRIC_CFG_PATH=`pwd`
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_TLS_CERT_FILE=./tls/client.crt
export CORE_PEER_TLS_KEY_FILE=./tls/client.key
export CORE_PEER_MSPCONFIGPATH=./msp
export CORE_PEER_ADDRESS=peer1.org1.alcor.com:7051
export CORE_PEER_LOCALMSPID=Org1MSP
export CORE_PEER_TLS_ROOTCERT_FILE=./tls/ca.crt
export CORE_PEER_ID=peer1.org1.alcor.com
export CORE_LOGGING_LEVEL=DEBUG
peer $*
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
注意:
其中的 pwd 工作目录 和 CORE_PEER_ADDRESS , CORE_PEER_LOCALMSPID 要和 peer1.org1.alcor.com 节点对应
e. 运行 peer.sh 来查看节点 peer1.org1.alcor.com 的状态
./peer.sh node status
- 1
4. 创立 org2的Admin 用户信息(对应到 peer0.org2.alcor.com 的节点)
cd /root/fabric/fabric-deploy/users
mkdir Admin@org2.alcor.com
cd Admin@org2.alcor.com
- 1
- 2
- 3
b. 复制Admin@org2.alcor.com用户的证书
cp -rf /root/fabric/fabric-deploy/certs/peerOrganizations/org2.alcor.com/users/Admin@org2.alcor.com/* /root/fabric/fabric-deploy/users/Admin@org2.alcor.com/
- 1
- 2
c. 复制peer0@org2.alcor.com的配置文件(对应到 peer0.org2.alcor.com 的节点)
cp /root/fabric/fabric-deploy/peer0.org2.alcor.com/core.yaml /root/fabric/fabric-deploy/users/Admin@org2.alcor.com/
- 1
d. 创建测试脚本(peer.sh)
#!/bin/bash
cd "/root/fabric/fabric-deploy/users/Admin@org2.alcor.com"
PATH=`pwd`/../../bin:$PATH
export FABRIC_CFG_PATH=`pwd`
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_TLS_CERT_FILE=./tls/client.crt
export CORE_PEER_TLS_KEY_FILE=./tls/client.key
export CORE_PEER_MSPCONFIGPATH=./msp
export CORE_PEER_ADDRESS=peer0.org2.alcor.com:7051
export CORE_PEER_LOCALMSPID=Org2MSP
export CORE_PEER_TLS_ROOTCERT_FILE=./tls/ca.crt
export CORE_PEER_ID=peer0.org2.alcor.com
export CORE_LOGGING_LEVEL=DEBUG
peer $*
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
注意:
其中的 pwd 工作目录 和 CORE_PEER_ADDRESS , CORE_PEER_LOCALMSPID 要和 peer0.org1.alcor.com 节点对应
e. 运行 peer.sh 来查看节点 peer0.org2.alcor.com 的状态
./peer.sh node status
- 1
5. 创立 org2的User1用户信息(对应到 peer1.org2.alcor.com 的节点)
其实是 Admin 的用户证书,如果用的是User1的证书,在 peer node status 的时候,会出现错误: Error trying to connect to local peer: rpc error: code = Unknown desc = access denied
cd /root/fabric/fabric-deploy/users
mkdir User1@org2.alcor.com
cd User1@org2.alcor.com
- 1
- 2
- 3
b. 复制Admin@org2.alcor.com用户的证书
cp -rf /root/fabric/fabric-deploy/certs/peerOrganizations/org2.alcor.com/users/Admin@org2.alcor.com/* /root/fabric/fabric-deploy/users/User1@org2.alcor.com/
- 1
- 2
c. 复制peer0@org2.alcor.com的配置文件(对应到 peer0.org2.alcor.com 的节点)
cp /root/fabric/fabric-deploy/peer1.org2.alcor.com/core.yaml /root/fabric/fabric-deploy/users/User1@org2.alcor.com/
- 1
d. 创建测试脚本(peer.sh)
#!/bin/bash
cd "/root/fabric/fabric-deploy/users/User1@org2.alcor.com"
PATH=`pwd`/../../bin:$PATH
export FABRIC_CFG_PATH=`pwd`
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_TLS_CERT_FILE=./tls/client.crt
export CORE_PEER_TLS_KEY_FILE=./tls/client.key
export CORE_PEER_MSPCONFIGPATH=./msp
export CORE_PEER_ADDRESS=peer1.org2.alcor.com:7051
export CORE_PEER_LOCALMSPID=Org2MSP
export CORE_PEER_TLS_ROOTCERT_FILE=./tls/ca.crt
export CORE_PEER_ID=peer1.org2.alcor.com
export CORE_LOGGING_LEVEL=DEBUG
peer $*
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
注意:
其中的 pwd 工作目录 和 CORE_PEER_ADDRESS , CORE_PEER_LOCALMSPID 要和 peer0.org1.alcor.com 节点对应
e. 运行 peer.sh 来查看节点 peer0.org2.alcor.com 的状态
./peer.sh node status
- 1
十三. channel 的准备和创建
踩坑:channel ID 不能含有大写字母(myTestChannel , myChannel 这种命名是不行的,在创建 channel 的时候,会报错) initializing configtx manager failed: bad channel ID: channel ID 'myTestChannel' contains illegal characters
1. 准备channel 文件。用configtxgen生成channel文件。
configtxgen 命令会去当前目录下的configtx.yaml(也可以通过FABRIC_CFG_PATH 指定) 中的profiles 部分下的和 -profile 参数对应的部分的内容,生成出一个 -outputCreateChannelTx 指定的输出文件
cd /root/fabric/fabric-deploy/
./bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx mychannel.tx -channelID mychannel
- 1
- 2
- 3
十四. 创建 channel
1. 在Admin@org1.alcor.com目录中执行下面的命令:
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh channel create -o orderer.alcor.com:7050 -c mychannel -f /root/fabric/fabric-deploy/mychannel.tx -t 60s --tls true --cafile /root/fabric/fabric-deploy/certs/ordererOrganizations/alcor.com/tlsca/tlsca.alcor.com-cert.pem
- 1
- 2
- 3
执行完成后,会生成一个mychannel.block文件.
这个文件非常重要!所有加入到这个 channel 里面的 peer,都需要用到这个文件
2.将mychannel.block复制一份到User1@org1.alcor.com 和 Admin@org2.alcor.com、User1@org2.alcor.com中备用
\cp -f /root/fabric/fabric-deploy/users/Admin@org1.alcor.com/mychannel.block /root/fabric/fabric-deploy/users/User1@org1.alcor.com/
\cp -f /root/fabric/fabric-deploy/users/Admin@org1.alcor.com/mychannel.block /root/fabric/fabric-deploy/users/Admin@org2.alcor.com/
\cp -f /root/fabric/fabric-deploy/users/Admin@org1.alcor.com/mychannel.block /root/fabric/fabric-deploy/users/User1@org2.alcor.com/
- 1
- 2
- 3
十五.把 4个 peer加入到 channel 中
1. 把peer0.org1.alcor.com 加入到 channle 中
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh channel join -b mychannel.block
#控制台返回成功后,可以用下面命令来查看
./peer.sh channel list
- 1
- 2
- 3
- 4
2. 把peer1.org1.alcor.com 加入到 channle 中
cd /root/fabric/fabric-deploy/users/User1@org1.alcor.com #这个其实还是org1.alcor.com 的 Admin 用户
./peer.sh channel join -b mychannel.block
#控制台返回成功后,可以用下面命令来查看
./peer.sh channel list
- 1
- 2
- 3
- 4
3. 把peer0.org2.alcor.com 加入到 channle 中
cd /root/fabric/fabric-deploy/users/Admin@org2.alcor.com
./peer.sh channel join -b mychannel.block
#控制台返回成功后,可以用下面命令来查看
./peer.sh channel list
- 1
- 2
- 3
- 4
4. 把peer1.org2.alcor.com 加入到 channle 中
cd /root/fabric/fabric-deploy/users/User1@org2.alcor.com #这个其实还是org2.alcor.com 的 Admin 用户
./peer.sh channel join -b mychannel.block
#控制台返回成功后,可以用下面命令来查看
./peer.sh channel list
- 1
- 2
- 3
- 4
十六.设置锚点 peer .
需要每个组织指定一个anchor peer,anchor peer是组织用来接收orderer下发的区块的peer。
锚点的设置 已经在 configtx.yaml 文件中配置,不需要在进行 peer channel update 操作了。
十七. go 版本的 chaincode 的安装和部署(在 cli 主机上操作)
go 的下载官网
以 root 用户安装
wget https://dl.google.com/go/go1.10.3.linux-amd64.tar.gz
tar -xvf go1.10.3.linux-amd64.tar.gz
mv ./go /usr/local
#修改 /etc/profile,增加 如下2行内容
export GOROOT=/usr/local/go
export PATH=$PATH:$GOROOT/bin
#使得环境变量生效
source /etc/profile
#确定 go 的安装成功和版本信息
go version
#查看 go 的环境
go env
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
这个需要先安装 gcc 组件
cd ~
go get github.com/roamerxv/chaincode/fabric/examples/go/demo
- 1
- 2
完成后,生成一个~/go 目录。下面有 src 和bin 目录。/root/go/src/github.com 目录下有个fabric 和 roamerxv 这2个目录。
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh chaincode install -n demo -v 0.0.1 -p github.com/roamerxv/chaincode/fabric/examples/go/demo
- 1
- 2
- 3
由于 peer.sh 中指定了CORE_PEER_ADDRESS=peer0.org1.alcor.com:7051 ,所以,这个安装其实是把 chaincode 文件复制到 peer0.org1.alcor.com 这台机器的 /var/hyperledger/production/chaincodes/ 目录下. 文件名是 demo.0.0.1.
而 /var/hyperledger/production/chaincodes/ 这个路径是由 core.yaml 里面的 peer.fileSystemPath 这个属性指定的。
#同时,可以在 cli 上,通过以下命令查看 peer 上的 chaincode 信息
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh chaincode list --installed
- 1
- 2
- 3
注意: 这个安装需要在涉及到的所有 peer 上进行一遍,包括另外的组织 org2. 而且一定要用 admin用户来安装。
#进入另外3个目录,再次安装 chaincode 到对应的 peer 上
#这个是 安装到 peer1.org1.alcor.com
cd /root/fabric/fabric-deploy/users/User1@org1.alcor.com
./peer.sh chaincode install -n demo -v 0.0.1 -p github.com/roamerxv/chaincode/fabric/examples/go/demo
#这个是 安装到 peer0.org2.alcor.com
cd /root/fabric/fabric-deploy/users/Admin@org2.alcor.com
./peer.sh chaincode install -n demo -v 0.0.1 -p github.com/roamerxv/chaincode/fabric/examples/go/demo
#这个是 安装到 peer1.org2.alcor.com
cd /root/fabric/fabric-deploy/users/User1@org2.alcor.com
./peer.sh chaincode install -n demo -v 0.0.1 -p github.com/roamerxv/chaincode/fabric/examples/go/demo
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
合约安装之后,需要且只需要进行一次初始化,只能由签署合约的用户进行初始化,并且所有的 peer 上的 docker 服务已经启动。谁签署了 chaincode,谁来进行实例化。
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh chaincode instantiate -o orderer.alcor.com:7050 --tls true --cafile /root/fabric/fabric-deploy/certs/ordererOrganizations/alcor.com/tlsca/tlsca.alcor.com-cert.pem -C mychannel -n demo -v 0.0.1 -c '{"Args":["init"]}' -P "OR('Org1MSP.member','Org2MSP.member')"
- 1
- 2
第一次进行合约初始化的时候的会比较慢,因为peer 上需要创建、启动容器。
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh chaincode invoke -o orderer.alcor.com:7050 --tls true --cafile /root/fabric/fabric-deploy/certs/ordererOrganizations/alcor.com/tlsca/tlsca.alcor.com-cert.pem -C mychannel -n demo -c '{"Args":["write","key1","key1value中文isabc"]}'
- 1
- 2
chaincode 的调用,可以调用任意一台安装了这个 chaincode 的peer。这个时候被调用的 peer 上会启动相应的 chaincode 的 docker。
进行查询操作时,不需要指定orderer,例如:
cd /root/fabric/fabric-deploy/users/User1@org1.alcor.com
./peer.sh chaincode query -C mychannel -n demo -c '{"Args":["query","key1"]}'
- 1
- 2
新的合约也需要在每个peer上单独安装。
#安装到peer0.org1.alcor.com
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh chaincode install -n demo -v 0.0.2 -p github.com/roamerxv/chaincode/fabric/examples/go/demo
#安装到peer1.org1.alcor.com
cd /root/fabric/fabric-deploy/users/User1@org1.alcor.com
./peer.sh chaincode install -n demo -v 0.0.2 -p github.com/roamerxv/chaincode/fabric/examples/go/demo
#安装到peer0.org2.alcor.com
cd /root/fabric/fabric-deploy/users/Admin@org2.alcor.com
./peer.sh chaincode install -n demo -v 0.0.2 -p github.com/roamerxv/chaincode/fabric/examples/go/demo
#安装到peer1.org2.alcor.com
cd /root/fabric/fabric-deploy/users/User1@org2.alcor.com
./peer.sh chaincode install -n demo -v 0.0.2 -p github.com/roamerxv/chaincode/fabric/examples/go/demo
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
更新的合约不需要初始化,需要进行更新操作。
cd /home/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh chaincode upgrade -o orderer.alcor.com:7050 --tls true --cafile /root/fabric/fabric-deploy/certs/ordererOrganizations/alcor.com/tlsca/tlsca.alcor.com-cert.pem -C mychannel -n demo -v 0.0.2 -c '{"Args":["init"]}' -P "OR('Org1MSP.member','Org2MSP.member')"
- 1
- 2
更新后,直接调用新合约。 调用的时候,不需要指定版本号,直接会调用最新版本的 CC
./peer.sh chaincode invoke -o orderer.alcor.com:7050 --tls true --cafile /root/fabric/fabric-deploy/certs/ordererOrganizations/alcor.com/tlsca/tlsca.alcor.com-cert.pem -C mychannel -n demo -c '{"Args":["write","key1","徐泽宇&徐芷攸"]}'
./peer.sh chaincode query -C mychannel -n demo -c '{"Args":["query","key1"]}'
- 1
- 2
./peer.sh chaincode query -C mychannel -n demo -c '{"Args":["history","key1"]}'
- 1
十八. java 版本的 chaincode 的安装和部署
1. 在 cli 主机上拉取 java chaincode 的代码(需要安装java 和 gradle)
cd /root/fabric-chaincode-java
git clone https://github.com/hyperledger/fabric-samples.git
cd /root/fabric-chaincode-java/fabric-samples/chaincode/chaincode_example02/java
gradle build
- 1
- 2
- 3
- 4
在 cli 上的 Admin@org1.alcor.com 主机上安装 java chaincode
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh chaincode install -l java -n mycc -v 1.0.0 -p /root/fabric-chaincode-java/fabric-samples/chaincode/chaincode_example02/java
#同时安装到其他几个 peer 上
cd /root/fabric/fabric-deploy/users/User1@org1.alcor.com
cd /root/fabric/fabric-deploy/users/Admin@org2.alcor.com
cd /root/fabric/fabric-deploy/users/User1@org2.alcor.com
./peer.sh chaincode install -l java -n mycc -v 1.0.0 -p /root/fabric-chaincode-java/fabric-samples/chaincode/chaincode_example02/java
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
在 peer0.org.aclcor.com 主机上会产生一个 docker 容器
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh chaincode instantiate -o orderer.alcor.com:7050 --tls true --cafile /root/fabric/fabric-deploy/certs/ordererOrganizations/alcor.com/tlsca/tlsca.alcor.com-cert.pem -C mychannel -n mycc -v 1.0.0 -c '{"Args":["init","roamer","100","dly","200"]}' -P "OR('Org1MSP.member','Org2MSP.member')"
- 1
- 2
- 3
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh chaincode invoke -o orderer.alcor.com:7050 --tls true --cafile /root/fabric/fabric-deploy/certs/ordererOrganizations/alcor.com/tlsca/tlsca.alcor.com-cert.pem -C mychannel -n mycc -c '{"Args":["invoke","roamer","dly","20"]}'
- 1
- 2
- 3
cd /root/fabric/fabric-deploy/users/Admin@org1.alcor.com
./peer.sh chaincode query -C mychannel -n mycc -c '{"Args":["query","roamer"]}'
- 1
- 2
- 3
踩坑:
- 下载 image : hyperledger/fabric-javaenv:amd64-1.3.0 不存在。
解决办法: 修改 peer 上的 core.yaml 文件中的chaincode-java-runtime 部分,直接指定
java:
#runtime: $(DOCKER_NS)/fabric-javaenv:$(ARCH)-$(PROJECT_VERSION)
runtime: $(DOCKER_NS)/fabric-javaenv:1.3.0
- 1
- 2
- 3
kill 掉原来的 peer 进程,再启动 peer 。在 cli 上重新 instance CC 。peer 节点上会自动 pull image。如果不重启 peer,core.yaml 不会起作用,一直报同样的错误。
B. Fabric explorer 的安装和使用
hyperledger explorer(0.3.7) 安装
C. Fabric CA的安装和使用
参考文档
https://www.lijiaocn.com/项目/2018/05/04/fabric-ca-example.html
https://www.lijiaocn.com/项目/2018/04/27/hyperledger-fabric-ca-usage.html
一. 在 ca.alcor.com 主机上安装 Fabric-ca 1.3
cd /root
wget https://dl.google.com/go/go1.10.4.linux-amd64.tar.gz
tar -xvf go1.10.4.linux-amd64.tar.gz
mv ./go /usr/local
#修改 /etc/profile,增加 如下2行内容
export GOROOT=/usr/local/go
export PATH=$PATH:$GOROOT/bin
export GOPATH=/root
#使得环境变量生效
source /etc/profile
#确定 go 的安装成功和版本信息
go version
#查看 go 的环境
go env
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
yum install libtool libtool-ltdl-devel
cd /root
mkdir -p /root/src/github.com/hyperledger/
cd /root/src/github.com/hyperledger/
git clone https://github.com/hyperledger/fabric-ca.git
cd /root/src/github.com/hyperledger/fabric-ca
git checkout release-1.3
make fabric-ca-server
make fabric-ca-client
ls ./bin/
# 发现有以下2个执行文件
fabric-ca-client fabric-ca-server
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
b. 直接下载的方式(只能下载到 fabric-ca client)
cd \root
wget https://nexus.hyperledger.org/service/local/repositories/releases/content/org/hyperledger/fabric-ca/hyperledger-fabric-ca-1.3.0-stable/linux-amd64.1.3.0-stable-4f6586e/hyperledger-fabric-ca-1.3.0-stable-linux-amd64.1.3.0-stable-4f6586e.tar.gz
- 1
- 2
缺省监听端口 7054
mkdir -p /root/fabric-ca-files/server
fabric-ca-server start -b admin:password --cfg.affiliations.allowremove --cfg.identities.allowremove -H /root/fabric-ca-files/server &
- 1
- 2
- 3
vi /etc/init.d/autoRunFabric-ca-server.sh
- 1
在文件中加入下面内容
#!/bin/sh
#chkconfig: 2345 80 90
#表示在2/3/4/5运行级别启动,启动序号(S80),关闭序号(K90);
/usr/local/bin/fabric-ca-server start -b admin:password --cfg.affiliations.allowremove --cfg.identities.allowremove -H /root/fabric-ca-files/server &
- 1
- 2
- 3
- 4
配置成随系统启动
chmod +x /etc/init.d/autoRunFabric-ca-server.sh
chkconfig --add autoRunFabric-ca-server.sh
chkconfig autoRunFabric-ca-server.sh on
- 1
- 2
- 3
理解/root/fabric-ca-files/admin下的文件。
- msp :包含keystore,CA服务器的私钥
- ca-cert.pem :CA服务端的证书
- fabric-ca-server.db :CA默认使用的嵌入型数据库 SQLite
- fabric-ca-server-config.yaml :CA服务端的配置文件
4. 生成fabric ca 的管理员 (admin)证书和秘钥的流程
a.生成fabric-ca admin的凭证,用-H参数指定client目录:
mkdir -p /root/fabric-ca-files/admin
fabric-ca-client enroll -u http://admin:password@localhost:7054 -H /root/fabric-ca-files/admin
- 1
- 2
也可以用环境变量FABRIC_CA_CLIENT_HOME指定了client的工作目录,生成的用户凭证将存放在这个目录中。
上面的启动方式默认会创建两个组织:
可以通过下面命令进行查看
fabric-ca-client -H /root/fabric-ca-files/admin affiliation list
affiliation: .
affiliation: org2
affiliation: org2.department1
affiliation: org1
affiliation: org1.department1
affiliation: org1.department2
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
fabric-ca-client -H /root/fabric-ca-files/admin affiliation remove --force org1
fabric-ca-client -H /root/fabric-ca-files/admin affiliation remove --force org2
- 1
- 2
fabric-ca-client -H /root/fabric-ca-files/admin affiliation add com
fabric-ca-client -H /root/fabric-ca-files/admin affiliation add com.alcor
fabric-ca-client -H /root/fabric-ca-files/admin affiliation add com.alcor.org1
fabric-ca-client -H /root/fabric-ca-files/admin affiliation add com.alcor.org2
- 1
- 2
- 3
- 4
fabric-ca-client -H /root/fabric-ca-files/admin affiliation list
- 1
f. 为各个组织生成凭证(MSP),就是从Fabric-CA中,读取出用来签署用户的根证书等
1)为 alcor.com 获取证书
fabric-ca-client getcacert -M /root/fabric-ca-files/Organizations/alcor.com/msp
- 1
2)为 org1.alcor.com 获取证书
fabric-ca-client getcacert -M /root/fabric-ca-files/Organizations/org1.alcor.com/msp
- 1
3)为 org2.alcor.com 获取证书
fabric-ca-client getcacert -M /root/fabric-ca-files/Organizations/org2.alcor.com/msp
- 1
这里是用getcacert为每个组织准备需要的ca文件,在生成创始块的时候会用到。
在1.3.0版本的fabric-ca中,只会生成用户在操作区块链的时候用到的证书和密钥,不会生成用来加密grpc通信的证书。
4)这里复用之前在 cli 主机上用 cryptogen 生成的tls证书,需要将验证tls证书的ca添加到msp目录中,如下:
scp -r root@cli.alcor.com:/root/fabric/fabric-deploy/certs/ordererOrganizations/alcor.com/msp/tlscacerts /root/fabric-ca-files/Organizations/alcor.com/msp/
scp -r root@cli.alcor.com:/root/fabric/fabric-deploy/certs/peerOrganizations/org1.alcor.com/msp/tlscacerts/ /root/fabric-ca-files/Organizations/org1.alcor.com/msp/
scp -r root@cli.alcor.com:/root/fabric/fabric-deploy/certs/peerOrganizations/org2.alcor.com/msp/tlscacerts/ /root/fabric-ca-files/Organizations/org2.alcor.com/msp/
- 1
- 2
- 3
如果在你的环境中,各个组件域名的证书,是由第三方CA签署的,就将第三方CA的根证书添加到msp/tlscacerts目录中。
组织的msp目录中,包含都是CA根证书,分别是TLS加密的根证书,和用于身份验证的根证书。另外还需要admin用户的证书,后面的操作中会添加。
openssl x509 -in /root/fabric-ca-files/admin/msp/cacerts/localhost-7054.pem -text
- 1
1) 注册alcor.com的管理员 Admin@alcor.com
·用命令行的方式进行注册(命令行太长,用第二种方式)
fabric-ca-client register -H /root/fabric-ca-files/admin \
--id.name Admin@alcor.com \
--id.type client \
--id.
--id.affiliation "com.alcor" \
--id.attrs \
'"hf.Registrar.Roles=client,orderer,peer,user",\
"hf.Registrar.DelegateRoles=client,orderer,peer,user",\
"hf.Registrar.Attributes=*",\
"hf.GenCRL=true",\
"hf.Revoker=true",\
"hf.AffiliationMgr=true",\
"hf.IntermediateCA=true",\
"role=admin:ecert"'
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
使用配置文件的方式进行注册(主要的使用方法)
-
修改 /root/fabric-ca-files/admin/fabric-ca-client-config.yaml 中的 id 部分
vim /root/fabric-ca-files/admin/fabric-ca-client-config.yaml- 1
修改内容为
id: name: Admin@alcor.com type: client affiliation: com.alcor maxenrollments: 0 attributes: - name: hf.Registrar.Roles value: client,orderer,peer,user - name: hf.Registrar.DelegateRoles value: client,orderer,peer,user - name: hf.Registrar.Attributes value: "*" - name: hf.GenCRL value: true - name: hf.Revoker value: true - name: hf.AffiliationMgr value: true - name: hf.IntermediateCA value: true - name: role value: admin ecert: true- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
注意最后一行role属性,是我们自定义的属性,对于自定义的属性,要设置certs,在配置文件中需要单独设置ecert属性为true或者false。如果在命令行中,添加后缀:ecert表示true.
其它配置的含义是用户名为Admin@alcor.com,类型是client,它能够管理com.alcor.*下的用户,如下:--id.name Admin@alcor.com //用户名 --id.type client //类型为client --id.affiliation "com.alcor" //权利访问 hf.Registrar.Roles=client,orderer,peer,user //能够管理的用户类型 hf.Registrar.DelegateRoles=client,orderer,peer,user //可以授权给子用户管理的用户类型 hf.Registrar.Attributes=* //可以为子用户设置所有属性 hf.GenCRL=true //可以生成撤销证书列表 hf.Revoker=true //可以撤销用户 hf.AffiliationMgr=true //能够管理联盟 hf.IntermediateCA=true //可以作为中间CA role=admin:ecert //自定义属性- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
所有hr 开头的属性,非常重要,是 fabric ca 的内置属性。具体内容可以查看 官方文档的描述。https://hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.html
-
修改完成后,用如下命令注册用户
fabric-ca-client register -H /root/fabric-ca-files/admin --id.secret=password- 1
如果不用
--id.secret指定密码,会自动生成密码 -
注册完成之后,还需要对这个用户生成凭证。
a. 用 命令来确定,刚才注册的用户已经成功生成.
fabric-ca-client identity list -H /root/fabric-ca-files/admin- 1
可以查看当前的用户列表,以及每个用户的详细信息。
b. 生成凭证
fabric-ca-client enroll -u http://Admin@alcor.com:password@localhost:7054 -H /root/fabric-ca-files/Organizations/alcor.com/admin- 1
-H 参数指定Admin@alcor.com 的用户凭证的存放目录。在这个目录下参数了这样的目录和文件
c. 这时候可以用Admin@alcor.com的身份查看联盟信息:
fabric-ca-client affiliation list -H /root/fabric-ca-files/Organizations/alcor.com/admin- 1
#显示结果 affiliation: com affiliation: com.alcor affiliation: com.alcor.org1 affiliation: com.alcor.org2- 1
- 2
- 3
- 4
- 5
-
如果是管理员权限,还需要复制到/msp/admincerts/目录下。
最后将Admin@alcor.com的证书复制到alcor.com/msp/admincerts/中,只有这样,才能具备管理员权限。mkdir /root/fabric-ca-files/Organizations/alcor.com/msp/admincerts/ cp /root/fabric-ca-files/Organizations/alcor.com/admin/msp/signcerts/cert.pem /root/fabric-ca-files/Organizations/alcor.com/msp/admincerts/- 1
- 2
2) 注册org1.alcor.com的管理员 Admin@org1.alcor.com
-
修改 /root/fabric-ca-files/admin/fabric-ca-client-config.yaml 中的 id 部分。
可以使用其他的fabric-ca-client-config.yaml文件,没有必须使用这个ca 的 admin 下面的fabric-ca-client-config.yaml文件的必然要求vim /root/fabric-ca-files/admin/fabric-ca-client-config.yaml- 1
修改内容为
id: name: Admin@org1.alcor.com type: client affiliation: com.alcor.org1 maxenrollments: 0 attributes: - name: hf.Registrar.Roles value: client,orderer,peer,user - name: hf.Registrar.DelegateRoles value: client,orderer,peer,user - name: hf.Registrar.Attributes value: "*" - name: hf.GenCRL value: true - name: hf.Revoker value: true - name: hf.AffiliationMgr value: true - name: hf.IntermediateCA value: true - name: role value: admin ecert: true- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
-
修改注册Admin@org1.alcor.com 用户
fabric-ca-client register -H /root/fabric-ca-files/admin --id.secret=password- 1
-
生成凭证
fabric-ca-client enroll -u http://Admin@org1.alcor.com:password@localhost:7054 -H /root/fabric-ca-files/Organizations/org1.alcor.com/admin- 1
-
用这个凭证查看联盟
fabric-ca-client affiliation list -H /root/fabric-ca-files/Organizations/org1.alcor.com/admin- 1
注意:
这个时候,只能看见 org1.alcor.com 的联盟信息。和 Admin@alcor.com 的权限是不同的 -
把凭证复制到 org1.alcor.com的msp/admincerts 目录下
mkdir -p /root/fabric-ca-files/Organizations/org1.alcor.com/msp/admincerts cp /root/fabric-ca-files/Organizations/org1.alcor.com/admin/msp/signcerts/cert.pem /root/fabric-ca-files/Organizations/org1.alcor.com/msp/admincerts/- 1
- 2
3) 注册org2.alcor.com的管理员 Admin@org2.alcor.com
-
修改 /root/fabric-ca-files/admin/fabric-ca-client-config.yaml 中的 id 部分。
可以使用其他的fabric-ca-client-config.yaml文件,没有必须使用这个ca 的 admin 下面的fabric-ca-client-config.yaml文件的必然要求vim /root/fabric-ca-files/admin/fabric-ca-client-config.yaml- 1
修改内容为
id: name: Admin@org2.alcor.com type: client affiliation: com.alcor.org2 maxenrollments: 0 attributes: - name: hf.Registrar.Roles value: client,orderer,peer,user - name: hf.Registrar.DelegateRoles value: client,orderer,peer,user - name: hf.Registrar.Attributes value: "*" - name: hf.GenCRL value: true - name: hf.Revoker value: true - name: hf.AffiliationMgr value: true - name: hf.IntermediateCA value: true - name: role value: admin ecert: true- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
-
修改注册Admin@org1.alcor.com 用户
fabric-ca-client register -H /root/fabric-ca-files/admin --id.secret=password- 1
-
生成凭证
fabric-ca-client enroll -u http://Admin@org2.alcor.com:password@localhost:7054 -H /root/fabric-ca-files/Organizations/org2.alcor.com/admin- 1
-
用这个凭证查看联盟
fabric-ca-client affiliation list -H /root/fabric-ca-files/Organizations/org2.alcor.com/admin- 1
注意:
这个时候,只能看见 org2.alcor.com 的联盟信息。和 Admin@alcor.com , Admin@org1.alcor.com 的权限是不同的 -
把凭证复制到 org2.alcor.com的msp/admincerts 目录下
mkdir -p /root/fabric-ca-files/Organizations/org2.alcor.com/msp/admincerts cp /root/fabric-ca-files/Organizations/org2.alcor.com/admin/msp/signcerts/cert.pem /root/fabric-ca-files/Organizations/org2.alcor.com/msp/admincerts/- 1
- 2
1). 用 Admin@alcor.com 来创建 orderer.alcor.com 的账号
-
修改 /root/fabric-ca-files/Organizations/alcor.com/admin/fabric-ca-client-config.yaml文件的配置
vi /root/fabric-ca-files/Organizations/alcor.com/admin/fabric-ca-client-config.yaml- 1
配置 id 的部分 用于orderer@alcom.com
id: name: orderer.alcor.com type: orderer affiliation: com.alcor maxenrollments: 0 attributes: - name: role value: orderer ecert: true- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
-
注册 orderer@alcor.com 的用户
fabric-ca-client register -H /root/fabric-ca-files/Organizations/alcor.com/admin --id.secret=password- 1
-
生成证书文件
fabric-ca-client enroll -u http://orderer.alcor.com:password@localhost:7054 -H /root/fabric-ca-files/Organizations/alcor.com/orderer- 1
-
将Admin@alcor.com的证书复制到orderer 的admincerts下
# 建立 orderer 下的 admincerts 目录 mkdir /root/fabric-ca-files/Organizations/alcor.com/orderer/msp/admincerts # 复制 Admin@alcor.com 的证书到 orderer 的 msp/admincerts 目录下 cp /root/fabric-ca-files/Organizations/alcor.com/admin/msp/signcerts/cert.pem /root/fabric-ca-files/Organizations/alcor.com/orderer/msp/admincerts/- 1
- 2
- 3
- 4
- 5
注意:
为什么要这么做?!!!
2). 用 Admin@org1.alcor.com 来创建 peer0.org1.alcor.com 的账号
-
修改 /root/fabric-ca-files/Organizations/org1.alcor.com/admin/fabric-ca-client-config.yaml文件的配置
vi /root/fabric-ca-files/Organizations/org1.alcor.com/admin/fabric-ca-client-config.yaml- 1
配置 id 的部分 用于orderer@alcom.com
id: name: peer0.org1.alcor.com type: peer affiliation: com.alcor.org1 maxenrollments: 0 attributes: - name: role value: peer ecert: true- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
-
注册 orderer@alcor.com 的用户
fabric-ca-client register -H /root/fabric-ca-files/Organizations/org1.alcor.com/admin --id.secret=password- 1
-
生成证书文件
fabric-ca-client enroll -u http://peer0.org1.alcor.com:password@localhost:7054 -H /root/fabric-ca-files/Organizations/org1.alcor.com/peer0- 1
-
将Admin@org1.alcor.com的证书复制到 org1\peer0 的admincerts下
# 建立 peer0 下的 admincerts 目录 mkdir /root/fabric-ca-files/Organizations/org1.alcor.com/peer0/msp/admincerts # 复制 Admin@org1.alcor.com 的证书到 peer0 的 msp/admincerts 目录下 cp /root/fabric-ca-files/Organizations/org1.alcor.com/admin/msp/signcerts/cert.pem /root/fabric-ca-files/Organizations/org1.alcor.com/peer0/msp/admincerts/- 1
- 2
- 3
- 4
- 5
3). 用 Admin@org1.alcor.com 来创建 peer1.org1.alcor.com 的账号
-
修改 /root/fabric-ca-files/Organizations/org1.alcor.com/admin/fabric-ca-client-config.yaml文件的配置
vi /root/fabric-ca-files/Organizations/org1.alcor.com/admin/fabric-ca-client-config.yaml- 1
配置 id 的部分 用于orderer@alcom.com
id: name: peer1.org1.alcor.com type: peer affiliation: com.alcor.org1 maxenrollments: 0 attributes: - name: role value: peer ecert: true- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
-
注册 orderer@alcor.com 的用户
fabric-ca-client register -H /root/fabric-ca-files/Organizations/org1.alcor.com/admin --id.secret=password- 1
-
生成证书文件
fabric-ca-client enroll -u http://peer1.org1.alcor.com:password@localhost:7054 -H /root/fabric-ca-files/Organizations/org1.alcor.com/peer1- 1
-
将Admin@org1.alcor.com的证书复制到 org1\peer1 的admincerts下
# 建立 peer1 下的 admincerts 目录 mkdir /root/fabric-ca-files/Organizations/org1.alcor.com/peer1/msp/admincerts # 复制 Admin@org1.alcor.com 的证书到 peer1 的 msp/admincerts 目录下 cp /root/fabric-ca-files/Organizations/org1.alcor.com/admin/msp/signcerts/cert.pem /root/fabric-ca-files/Organizations/org1.alcor.com/peer1/msp/admincerts/- 1
- 2
- 3
- 4
- 5
4). 用 Admin@org2.alcor.com 来创建 peer0.org2.alcor.com 的账号
-
修改 /root/fabric-ca-files/Organizations/org2.alcor.com/admin/fabric-ca-client-config.yaml文件的配置
vi /root/fabric-ca-files/Organizations/org2.alcor.com/admin/fabric-ca-client-config.yaml- 1
配置 id 的部分 用于orderer@alcom.com
id: name: peer0.org2.alcor.com type: peer affiliation: com.alcor.org2 maxenrollments: 0 attributes: - name: role value: peer ecert: true- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
-
注册 orderer@alcor.com 的用户
fabric-ca-client register -H /root/fabric-ca-files/Organizations/org2.alcor.com/admin --id.secret=password- 1
-
生成证书文件
fabric-ca-client enroll -u http://peer0.org2.alcor.com:password@localhost:7054 -H /root/fabric-ca-files/Organizations/org2.alcor.com/peer0- 1
-
将Admin@org2.alcor.com的证书复制到 org2\peer0 的admincerts下
# 建立 peer0 下的 admincerts 目录 mkdir /root/fabric-ca-files/Organizations/org2.alcor.com/peer0/msp/admincerts # 复制 Admin@org2.alcor.com 的证书到 peer0 的 msp/admincerts 目录下 cp /root/fabric-ca-files/Organizations/org2.alcor.com/admin/msp/signcerts/cert.pem /root/fabric-ca-files/Organizations/org2.alcor.com/peer0/msp/admincerts/- 1
- 2
- 3
- 4
- 5
5). 用 Admin@org2.alcor.com 来创建 peer1.org2.alcor.com 的账号
-
修改 /root/fabric-ca-files/Organizations/org2.alcor.com/admin/fabric-ca-client-config.yaml文件的配置
vi /root/fabric-ca-files/Organizations/org2.alcor.com/admin/fabric-ca-client-config.yaml- 1
配置 id 的部分 用于orderer@alcom.com
id: name: peer1.org2.alcor.com type: peer affiliation: com.alcor.org2 maxenrollments: 0 attributes: - name: role value: peer ecert: true- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
-
注册 orderer@alcor.com 的用户
fabric-ca-client register -H /root/fabric-ca-files/Organizations/org2.alcor.com/admin --id.secret=password- 1
-
生成证书文件
fabric-ca-client enroll -u http://peer1.org2.alcor.com:password@localhost:7054 -H /root/fabric-ca-files/Organizations/org2.alcor.com/peer1- 1
-
将Admin@org2.alcor.com的证书复制到 org2\pee1 的admincerts下
# 建立 peer1 下的 admincerts 目录 mkdir /root/fabric-ca-files/Organizations/org2.alcor.com/peer1/msp/admincerts # 复制 Admin@org2.alcor.com 的证书到 peer1 的 msp/admincerts 目录下 cp /root/fabric-ca-files/Organizations/org2.alcor.com/admin/msp/signcerts/cert.pem /root/fabric-ca-files/Organizations/org2.alcor.com/peer1/msp/admincerts/- 1
- 2
- 3
- 4
- 5
D. 利用Fabric CA颁发的证书,部署 Fabric系统
一. 先把fabric ca 生成的整个目录复制到 cli 主机的fabric-deploy/certs 目录下
scp -r /root/fabric-ca-files/* cli.alcor.com:/root/fabric/fabric-deploy/certs_by_ca
- 1
二.进入 cli 主机,进行后续操作
三.配置genesisblock 和 orderer
vim /root/fabric/fabric-deploy/crypto-config.yaml
- 1
OrdererOrgs:
- Name: Orderer
Domain: alcor.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.alcor.com
Template:
Count: 2
Users:
Count: 2
- Name: Org2
Domain: org2.alcor.com
Template:
Count: 2
Users:
Count: 2
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
2.用cryptogen生成配置文件。(主要是获取tls的秘钥文件)
cd /root/fabric/fabric-deploy
./bin/cryptogen generate --config=crypto-config.yaml --output ./certs_by_crypto
- 1
- 2
3.配置orderer .(详细说明见A 章节),下面只整理命令.
cd /root/fabric/fabric-deploy
mkdir orderer.alcor.com
cp ./bin/orderer ./orderer.alcor.com
#复制 tls 目录(crypto生成的,fabric-ca 没法生成)
cp -rf ./certs_by_crypto/ordererOrganizations/alcor.com/orderers/orderer.alcor.com/tls ./orderer.alcor.com/
#复制 msp 目录(fabric-ca 来生成的)
cp -rf ./certs_by_ca/Organizations/alcor.com/orderer/msp orderer.alcor.com/
- 1
- 2
- 3
- 4
- 5
- 6
- 7
vi /root/fabric/fabric-deploy/orderer.alcor.com/orderer.yaml
- 1
General:
LedgerType: file
ListenAddress: 0.0.0.0
ListenPort: 7050
TLS:
Enabled: true
PrivateKey: ./tls/server.key
Certificate: ./tls/server.crt
RootCAs:
- ./tls/ca.crt
# ClientAuthEnabled: false
# ClientRootCAs:
LogLevel: debug
LogFormat: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
# GenesisMethod: provisional
GenesisMethod: file
GenesisProfile: SampleInsecureSolo
GenesisFile: ./genesisblock
LocalMSPDir: ./msp
LocalMSPID: OrdererMSP
Profile:
Enabled: false
Address: 0.0.0.0:6060
BCCSP:
Default: SW
SW:
Hash: SHA2
Security: 256
FileKeyStore:
KeyStore:
FileLedger:
Location: /opt/fabric/orderer/data
Prefix: hyperledger-fabric-ordererledger
RAMLedger:
HistorySize: 1000
Kafka:
Retry:
ShortInterval: 5s
ShortTotal: 10m
LongInterval: 5m
LongTotal: 12h
NetworkTimeouts:
DialTimeout: 10s
ReadTimeout: 10s
WriteTimeout: 10s
Metadata:
RetryBackoff: 250ms
RetryMax: 3
Producer:
RetryBackoff: 100ms
RetryMax: 3
Consumer:
RetryBackoff: 2s
Verbose: false
TLS:
Enabled: false
PrivateKey:
#File: path/to/PrivateKey
Certificate:
#File: path/to/Certificate
RootCAs:
#File: path/to/RootCAs
Version:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
vi /root/fabric/fabric-deploy/orderer.alcor.com/startOrderer.sh
- 1
#!/bin/bash
cd /opt/fabric/orderer
./orderer 2>&1 |tee log
- 1
- 2
- 3
chmod +x /root/fabric/fabric-deploy/orderer.alcor.com/startOrderer.sh
- 1
4.配置 peer0.org1.alcor.com .(详细说明见A 章节),下面只整理命令.
mkdir -p /root/fabric/fabric-deploy/peer0.org1.alcor.com
cd /root/fabric/fabric-deploy
cp bin/peer peer0.org1.alcor.com/
#复制 tls 目录(crypto生成的,fabric-ca 没法生成)
cp -rf ./certs_by_crypto/peerOrganizations/org1.alcor.com/peers/peer0.org1.alcor.com/tls ./peer0.org1.alcor.com/
#复制 msp 目录(fabric-ca 来生成的)
cp -rf ./certs_by_ca/Organizations/org1.alcor.com/peer0/msp ./peer0.org1.alcor.com/
- 1
- 2
- 3
- 4
- 5
- 6
- 7
vi /root/fabric/fabric-deploy/peer0.org1.alcor.com/core.yaml
- 1
logging:
level: info
cauthdsl: warning
gossip: warning
grpc: error
ledger: info
msp: warning
policies: warning
peer:
gossip: warning
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
peer:
id: peer0.org1.alcor.com
networkId: dev
listenAddress: 0.0.0.0:7051
address: 0.0.0.0:7051
addressAutoDetect: false
gomaxprocs: -1
keepalive:
minInterval: 60s
client:
interval: 60s
timeout: 20s
deliveryClient:
interval: 60s
timeout: 20s
gossip:
bootstrap: peer0.org1.alcor.com:7051
useLeaderElection: true
orgLeader: false
endpoint:
maxBlockCountToStore: 100
maxPropagationBurstLatency: 10ms
maxPropagationBurstSize: 10
propagateIterations: 1
propagatePeerNum: 3
pullInterval: 4s
pullPeerNum: 3
requestStateInfoInterval: 4s
publishStateInfoInterval: 4s
stateInfoRetentionInterval:
publishCertPeriod: 10s
skipBlockVerification: false
dialTimeout: 3s
connTimeout: 2s
recvBuffSize: 20
sendBuffSize: 200
digestWaitTime: 1s
requestWaitTime: 1500ms
responseWaitTime: 2s
aliveTimeInterval: 5s
aliveExpirationTimeout: 25s
reconnectInterval: 25s
externalEndpoint:
election:
startupGracePeriod: 15s
membershipSampleInterval: 1s
leaderAliveThreshold: 10s
leaderElectionDuration: 5s
pvtData:
pullRetryThreshold: 60s
transientstoreMaxBlockRetention: 1000
pushAckTimeout: 3s
btlPullMargin: 10
reconcileBatchSize: 10
reconcileSleepInterval: 5m
tls:
enabled: true
clientAuthRequired: false
cert:
file: tls/server.crt
key:
file: tls/server.key
rootcert:
file: tls/ca.crt
clientRootCAs:
files:
- tls/ca.crt
clientKey:
file:
clientCert:
file:
authentication:
timewindow: 15m
fileSystemPath: /var/hyperledger/production
BCCSP:
Default: SW
SW:
Hash: SHA2
Security: 256
FileKeyStore:
KeyStore:
PKCS11:
Library:
Label:
Pin:
Hash:
Security:
FileKeyStore:
KeyStore:
mspConfigPath: msp
localMspId: Org1MSP
client:
connTimeout: 3s
deliveryclient:
reconnectTotalTimeThreshold: 3600s
connTimeout: 3s
reConnectBackoffThreshold: 3600s
localMspType: bccsp
profile:
enabled: false
listenAddress: 0.0.0.0:6060
adminService:
handlers:
authFilters:
-
name: DefaultAuth
-
name: ExpirationCheck # This filter checks identity x509 certificate expiration
decorators:
-
name: DefaultDecorator
endorsers:
escc:
name: DefaultEndorsement
library:
validators:
vscc:
name: DefaultValidation
library:
validatorPoolSize:
discovery:
enabled: true
authCacheEnabled: true
authCacheMaxSize: 1000
authCachePurgeRetentionRatio: 0.75
orgMembersAllowedAccess: false
vm:
endpoint: unix:///var/run/docker.sock
docker:
tls:
enabled: false
ca:
file: docker/ca.crt
cert:
file: docker/tls.crt
key:
file: docker/tls.key
attachStdout: false
hostConfig:
NetworkMode: host
Dns:
LogConfig:
Type: json-file
Config:
max-size: "50m"
max-file: "5"
Memory: 2147483648
chaincode:
id:
path:
name:
builder: $(DOCKER_NS)/fabric-ccenv:latest
pull: false
golang:
runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION)
dynamicLink: false
car:
runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION)
java:
runtime: $(DOCKER_NS)/fabric-javaenv:$(ARCH)-$(PROJECT_VERSION)
node:
runtime: $(BASE_DOCKER_NS)/fabric-baseimage:$(ARCH)-$(BASE_VERSION)
startuptimeout: 300s
executetimeout: 30s
mode: net
keepalive: 0
system:
+lifecycle: enable
cscc: enable
lscc: enable
escc: enable
vscc: enable
qscc: enable
systemPlugins:
logging:
level: info
shim: warning
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
ledger:
blockchain:
state:
stateDatabase: CouchDB #goleveldb
totalQueryLimit: 100000
couchDBConfig:
couchDBAddress: 127.0.0.1:5984
username: admin
password: password
maxRetries: 3
maxRetriesOnStartup: 10
requestTimeout: 35s
internalQueryLimit: 1000
maxBatchUpdateSize: 1000
warmIndexesAfterNBlocks: 1
createGlobalChangesDB: false
history:
enableHistoryDatabase: true
metrics:
enabled: false
reporter: statsd
interval: 1s
statsdReporter:
address: 0.0.0.0:8125
flushInterval: 2s
flushBytes: 1432
promReporter:
listenAddress: 0.0.0.0:8080
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
vi /root/fabric/fabric-deploy/peer0.org1.alcor.com/startPeer.sh
- 1
#!/bin/bash
cd /opt/fabric/peer
./peer node start 2>&1 |tee log
- 1
- 2
- 3
chmod +x /root/fabric/fabric-deploy/peer0.org1.alcor.com/startPeer.sh
- 1
5.配置 peer1.org1.alcor.com .(详细说明见A 章节),下面只整理命令.
cd /root/fabric/fabric-deploy
mkdir -p /root/fabric/fabric-deploy/peer1.org1.alcor.com
cp bin/peer peer1.org1.alcor.com/
#复制 tls 目录(crypto生成的,fabric-ca 没法生成)
cp -rf ./certs_by_crypto/peerOrganizations/org1.alcor.com/peers/peer1.org1.alcor.com/tls ./peer1.org1.alcor.com/
#复制 msp 目录(fabric-ca 来生成的)
cp -rf ./certs_by_ca/Organizations/org1.alcor.com/peer1/msp ./peer1.org1.alcor.com/
cp peer0.org1.alcor.com/core.yaml peer1.org1.alcor.com
sed -i "s/peer0.org1.alcor.com/peer1.org1.alcor.com/g" peer1.org1.alcor.com/core.yaml
cp /root/fabric/fabric-deploy/peer0.org1.alcor.com/startPeer.sh /root/fabric/fabric-deploy/peer1.org1.alcor.com/
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
6.配置 peer0.org2.alcor.com .(详细说明见A 章节),下面只整理命令.
cd /root/fabric/fabric-deploy
mkdir -p /root/fabric/fabric-deploy/peer0.org2.alcor.com
cp bin/peer ./peer0.org2.alcor.com/
#复制 tls 目录(crypto生成的,fabric-ca 没法生成)
cp -rf ./certs_by_crypto/peerOrganizations/org2.alcor.com/peers/peer0.org2.alcor.com/tls ./peer0.org2.alcor.com/
#复制 msp 目录(fabric-ca 来生成的)
cp -rf ./certs_by_ca/Organizations/org2.alcor.com/peer0/msp ./peer0.org2.alcor.com/
cp peer0.org1.alcor.com/core.yaml peer0.org2.alcor.com
sed -i "s/peer0.org1.alcor.com/peer0.org2.alcor.com/g" peer0.org2.alcor.com/core.yaml
sed -i "s/Org1MSP/Org2MSP/g" peer0.org2.alcor.com/core.yaml
cp /root/fabric/fabric-deploy/peer0.org1.alcor.com/startPeer.sh peer0.org2.alcor.com/
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
7.配置 peer1.org2.alcor.com .(详细说明见A 章节),下面只整理命令.
cd /root/fabric/fabric-deploy
mkdir -p /root/fabric/fabric-deploy/peer1.org2.alcor.com
cp bin/peer ./peer1.org2.alcor.com/
#复制 tls 目录(crypto生成的,fabric-ca 没法生成)
cp -rf ./certs_by_crypto/peerOrganizations/org2.alcor.com/peers/peer1.org2.alcor.com/tls ./peer1.org2.alcor.com/
#复制 msp 目录(fabric-ca 来生成的)
cp -rf ./certs_by_ca/Organizations/org2.alcor.com/peer1/msp ./peer1.org2.alcor.com/
cp peer0.org1.alcor.com/core.yaml peer1.org2.alcor.com
sed -i "s/peer0.org1.alcor.com/peer1.org2.alcor.com/g" peer1.org2.alcor.com/core.yaml
sed -i "s/Org1MSP/Org2MSP/g" peer1.org2.alcor.com/core.yaml
cp /root/fabric/fabric-deploy/peer0.org1.alcor.com/startPeer.sh peer1.org2.alcor.com/
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
注意:为了避免各种问题,先清除 orderer 和 peer 节点上的目录
cd /root/fabric/fabric-deploy
scp -r orderer.alcor.com/* root@orderer.alcor.com:/opt/fabric/orderer/
scp -r peer0.org1.alcor.com/* root@peer0.org1.alcor.com:/opt/fabric/peer/
scp -r peer1.org1.alcor.com/* root@peer1.org1.alcor.com:/opt/fabric/peer/
scp -r peer0.org2.alcor.com/* root@peer0.org2.alcor.com:/opt/fabric/peer/
scp -r peer1.org2.alcor.com/* root@peer1.org2.alcor.com:/opt/fabric/peer/
- 1
- 2
- 3
- 4
- 5
- 6
主要是在原有的文件上修改MSP 文件的路径
vim /root/fabric/fabric-deploy/configtx.yaml
#文件内容如下:
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ./certs_by_ca/Organizations/alcor.com/orderer/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: ./certs_by_ca/Organizations/org1.alcor.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
AnchorPeers:
- Host: peer0.org1.alcor.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: ./certs_by_ca/Organizations/org2.alcor.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.member')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.member')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
- Host: peer0.org2.alcor.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: kafka
Addresses:
- orderer.alcor.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- kafka.alcor.com:9092 # 可以填入多个kafka节点的地址
- kafka.alcor.com:9093
- kafka.alcor.com:9094
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
10.生成genesisblock ,并且复制到 orderer 主机
cd /root/fabric/fabric-deploy
./bin/configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./genesisblock -channelID genesis
scp ./genesisblock root@orderer.alcor.com:/opt/fabric/orderer
- 1
- 2
- 3
进入orderer 主机
/etc/init.d/autoRunOrderer.sh
- 1
进入peer 主机
/etc/init.d/autoRunPeer.sh
- 1
a).构建Admin@org1.alcor.com 的用户目录
cd /root/fabric/fabric-deploy/users
mkdir Admin@org1.alcor.com
cd Admin@org1.alcor.com
cp -rf /root/fabric/fabric-deploy/certs_by_crypto/peerOrganizations/org1.alcor.com/users/Admin@org1.alcor.com/tls /root/fabric/fabric-deploy/users/Admin@org1.alcor.com/
cp -rf /root/fabric/fabric-deploy/certs_by_crypto/peerOrganizations/org1.alcor.com/users/Admin@org1.alcor.com/msp /root/fabric/fabric-deploy/users/Admin@org1.alcor.com/
cp /root/fabric/fabric-deploy/peer0.org1.alcor.com/core.yaml /root/fabric/fabric-deploy/users/Admin@org1.alcor.com/
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
vim /root/fabric/fabric-deploy/users/Admin@org1.alcor.com/peer.sh
- 1
chmod +x /root/fabric/fabric-deploy/users/Admin@org1.alcor.com/peer.sh
./peer.sh node status
- 1
- 2
- 3
E. 一些常用的Fabric 命令
一. Fabric CA 部分
通过 openssh 命令来查看证书信息
openssl x509 -in /root/fabric-ca-files/Organizations/alcor.com/msp/admincerts/cert.pem -text
- 1
fabric-ca-client identity list -H /root/fabric-ca-files/admin
- 1
fabric-ca-client identity remove Admin@alcor.com -H /root/fabric-ca-files/admin
- 1
configtxgen -inspectBlock genesisblock | jq
- 1
把查询信息转换成 json。需要安装 jq
三. 未完!待续…
假蜜大行其道,真蜜无人问津!蜂农辛酸泪流!这才是正宗的蜂蜜! 汇尚鑫易 · 燨燚
qq_35911184: 大神, 你的 kafka的使用 和 couchdb替换leveldb文档没有链接,找不到.....(1个月前#4楼)
ID:funkol2007: 大神 我按照你这个来 发现启动peer的时候报错:dc2-user@10-254-207-154 peer0.org1.alcor.com]$ peer node status 2018-11-05 19:26:18.406 CST [nodeCmd] status -> WARN 001 admin client failed to connect to 0.0.0.0:7051: failed to create new connection: context deadline exceeded status:UNKNOWN Error: admin client failed to connect to 0.0.0.0:7051: failed to create new connection: context deadline exceeded 然后我吧tls关闭了 再执行还是报错:[dc2-user@10-254-207-154 peer0.org1.alcor.com]$ peer node status 2018-11-05 19:36:06.709 CST [nodeCmd] status -> INFO 001 Error trying to get status from local peer: rpc error: code = Unknown desc = access denied status:UNKNOWN Error: Error trying to connect to local peer: rpc error: code = Unknown desc = access denied(1个月前#3楼)
weixin_38086274: 大神,您好。我按照你的部署,创建通道失败,折腾了几天。 order节点关键日志: Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.alcor.com")) for identity [channel: mychannel] Rejecting broadcast of config message from 172.19.132.249:46894 because of error: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remainingError reading from 172.19.132.249:46892: rpc error: code = Canceled desc = context canceled 前面那些步骤都是正常的,启动order和peer,还有话题也产生了,还有检查peer状态也是可以的。折腾了几天没搞出出来,希望大神能够在百忙中指点指点,创建通道指定的签名我也检查了,路径都好像没问题。多谢了(2个月前#2楼)查看回复(1)
扫一扫
332
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
