fabric生成证书
生成fabric证书-yaml
该配置文件的作用
1.名字一般叫crypto-config.yaml(官方例子)
2.配置组织信息 -> 访问组织的域名,组织的名字
1.peer节点
访问peer节点的域名,peer节点的名字
peer节点的个数
2.用户
用户的个数
我们可以
cryptogen showtemplate > template.yaml
生成模板yaml文件
我们来看一下这个模板
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: false
# ---------------------------------------------------------------------------
# "CA"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of the CA for this
# organization. This entry is a Spec. See "Specs" section below for details.
# ---------------------------------------------------------------------------
# CA:
# Hostname: ca # implicitly ca.org1.example.com
# Country: US
# Province: California
# Locality: San Francisco
# OrganizationalUnit: Hyperledger Fabric
# StreetAddress: address for org # default nil
# PostalCode: postalCode for org # default nil
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# - SANS: (Optional) Specifies one or more Subject Alternative Names
# to be set in the resulting x509. Accepts template
# variables {{.Hostname}}, {{.Domain}}, {{.CommonName}}. IP
# addresses provided here will be properly recognized. Other
# values will be taken as DNS names.
# NOTE: Two implicit entries are created for you:
# - {{ .CommonName }}
# - {{ .Hostname }}
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# SANS:
# - "bar.{{.Domain}}"
# - "altfoo.{{.Domain}}"
# - "{{.Hostname}}.org6.net"
# - 172.16.10.31
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 1
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# SANS:
# - "{{.Hostname}}.alt.{{.Domain}}"
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: false
Template:
Count: 1
Users:
Count: 1
我们把所有注释都删掉
看一下这个模板的结构
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: false
Template:
Count: 1
Users:
Count: 1
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: false
Template:
Count: 1
Users:
Count: 1
我们可以看到
OrdererOrgs:
Orderer
PeerOrgs:
Org1
Org2
然后我们来修改一下模板文件
OrdererOrgs: #排序节点组织信息
- Name: Orderer #排序节点组织的名字
Domain: abc.com #排序节点组织的域名,测试网络中可以随便写
Specs:
- Hostname: orderer01 #其中一个orderer节点的名字,orderer01.abc.com
PeerOrgs: #peer组织
- Name: Org1 #组织名字
Domain: org1.abc.com #域名
EnableNodeOUs: true #如果为true,msp目录生成config.yaml配置文件
Template: #使用模板生成peer节点证书
Count: 2 #2个peer节点证书 #peer1.org1.abc.com #peer2.org1.abc.com
Users: #用户
Count: 3 #生成3个用户账号,管理员和普通用户会默认生成
- Name: Org2
Domain: org2.abc.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 3
然后,我们通过我们的yaml配置文件
来生成证书
我们把template.yaml重命名一下
改成abc.yaml
OrdererOrgs: #排序节点组织信息
- Name: Orderer #排序节点组织的名字
Domain: abc.com #排序节点组织的域名,测试网络中可以随便写
Specs:
- Hostname: orderer01 #其中一个orderer节点的名字,orderer01.abc.com
PeerOrgs: #peer组织
- Name: Org1 #组织名字
Domain: org1.abc.com #域名
EnableNodeOUs: true #如果为true,msp目录生成config.yaml配置文件
Template: #使用模板生成peer节点证书
Count: 2 #2个peer节点证书 #peer1.org1.abc.com #peer2.org1.abc.com
Users: #用户
Count: 3 #生成3个用户账号,管理员和普通用户会默认生成
- Name: Org2
Domain: org2.abc.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 3
输入
cryptogen generate --config==abc.yaml
然后结果输出了
org1.abc.com
org2.abc.com
我们发现生成了crypto-config文件夹
那么我们看一下这个文件夹
abc@abc:~/workspace/fabric/crypto-config$ tree -L 3
.
├── ordererOrganizations
│ └── abc.com
│ ├── ca
│ ├── msp
│ ├── orderers
│ ├── tlsca
│ └── users
└── peerOrganizations
├── org1.abc.com
│ ├── ca
│ ├── msp
│ ├── peers
│ ├── tlsca
│ └── users
└── org2.abc.com
├── ca
├── msp
├── peers
├── tlsca
└── users
20 directories, 0 files
生成了很多目录
ordererOrganizations
abc.com
peerOrganizations
org1.abc.com
org2.abc.com
我们重新来看一下模板文件
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: false
Template:
Count: 1
Users:
Count: 1
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: false
Template:
Count: 1
Users:
Count: 1
我们现在再来看一下架构
1.Orderer组织
1.名字
2.域名
3.节点内访问域名
2.peer组织
1.名字
2.域名
3.是否生成config.yaml配置文件
4.peer节点个数
5.用户个数
我们进入crypto-config/ordererOrganizations/abc.com目录
然后看一下abc.com文件夹里面有什么文件
abc@abc:~/workspace/fabric/crypto-config/ordererOrganizations/abc.com$ tree -L 3
.
├── ca
│ ├── 64c44a053222f995b91da5ce9e2434eb46c72a0f459ad174f56d7647557f89ce_sk
│ └── ca.abc.com-cert.pem
├── msp
│ ├── admincerts
│ │ └── Admin@abc.com-cert.pem
│ ├── cacerts
│ │ └── ca.abc.com-cert.pem
│ └── tlscacerts
│ └── tlsca.abc.com-cert.pem
├── orderers
│ └── orderer01.abc.com
│ ├── msp
│ └── tls
├── tlsca
│ ├── 40a7d078f7d670ddee506c0d286eb8453717af8c354e249094dae7db2a3555c4_sk
│ └── tlsca.abc.com-cert.pem
└── users
└── Admin@abc.com
├── msp
└── tls
我们看到有这些目录
1.ca
2.msp
3.orderers
4.tlsca
5.users
然后我们来看msp文件夹
abc@abc:~/workspace/fabric/crypto-config/ordererOrganizations/abc.com/msp$ tree
.
├── admincerts
│ └── Admin@abc.com-cert.pem
├── cacerts
│ └── ca.abc.com-cert.pem
└── tlscacerts
└── tlsca.abc.com-cert.pem
3 directories, 3 files
里面有三个pem文件
pem文件就是证书文件
这个msp文件夹就是 账号目录
锚节点
1.锚节点是一个peer节点
2.在一个网络中,有多个组织,每个组织有多个peer节点
3.锚节点代表当前组织和其他组织进行对话
4.每个组织选择一个peer节点,代表当前组织,就是锚节点
5.所有的peer节点都可以成为锚节点
6.可以在配置文件中指定锚节点
7.一个组织只能有一个