349-fabric生成证书

最新推荐文章于 2023-07-04 16:44:43 发布
Lich Howger
最新推荐文章于 2023-07-04 16:44:43 发布
阅读量387
点赞数
分类专栏： fabric
本文链接：https://blog.csdn.net/qq_33781658/article/details/89281384
版权
fabric 专栏收录该内容
22 篇文章 1 订阅
订阅专栏







fabric生成证书






生成fabric证书-yaml

该配置文件的作用
1.名字一般叫crypto-config.yaml(官方例子)
2.配置组织信息 -> 访问组织的域名,组织的名字
	1.peer节点
		访问peer节点的域名,peer节点的名字
		peer节点的个数
	2.用户
		用户的个数









我们可以
cryptogen showtemplate > template.yaml
生成模板yaml文件

我们来看一下这个模板


# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
  # ---------------------------------------------------------------------------
  # Orderer
  # ---------------------------------------------------------------------------
  - Name: Orderer
    Domain: example.com

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer

# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
  # ---------------------------------------------------------------------------
  # Org1
  # ---------------------------------------------------------------------------
  - Name: Org1
    Domain: org1.example.com
    EnableNodeOUs: false

    # ---------------------------------------------------------------------------
    # "CA"
    # ---------------------------------------------------------------------------
    # Uncomment this section to enable the explicit definition of the CA for this
    # organization.  This entry is a Spec.  See "Specs" section below for details.
    # ---------------------------------------------------------------------------
    # CA:
    #    Hostname: ca # implicitly ca.org1.example.com
    #    Country: US
    #    Province: California
    #    Locality: San Francisco
    #    OrganizationalUnit: Hyperledger Fabric
    #    StreetAddress: address for org # default nil
    #    PostalCode: postalCode for org # default nil

    # ---------------------------------------------------------------------------
    # "Specs"
    # ---------------------------------------------------------------------------
    # Uncomment this section to enable the explicit definition of hosts in your
    # configuration.  Most users will want to use Template, below
    #
    # Specs is an array of Spec entries.  Each Spec entry consists of two fields:
    #   - Hostname:   (Required) The desired hostname, sans the domain.
    #   - CommonName: (Optional) Specifies the template or explicit override for
    #                 the CN.  By default, this is the template:
    #
    #                              "{{.Hostname}}.{{.Domain}}"
    #
    #                 which obtains its values from the Spec.Hostname and
    #                 Org.Domain, respectively.
    #   - SANS:       (Optional) Specifies one or more Subject Alternative Names
    #                 to be set in the resulting x509. Accepts template
    #                 variables {{.Hostname}}, {{.Domain}}, {{.CommonName}}. IP
    #                 addresses provided here will be properly recognized. Other
    #                 values will be taken as DNS names.
    #                 NOTE: Two implicit entries are created for you:
    #                     - {{ .CommonName }}
    #                     - {{ .Hostname }}
    # ---------------------------------------------------------------------------
    # Specs:
    #   - Hostname: foo # implicitly "foo.org1.example.com"
    #     CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
    #     SANS:
    #       - "bar.{{.Domain}}"
    #       - "altfoo.{{.Domain}}"
    #       - "{{.Hostname}}.org6.net"
    #       - 172.16.10.31
    #   - Hostname: bar
    #   - Hostname: baz

    # ---------------------------------------------------------------------------
    # "Template"
    # ---------------------------------------------------------------------------
    # Allows for the definition of 1 or more hosts that are created sequentially
    # from a template. By default, this looks like "peer%d" from 0 to Count-1.
    # You may override the number of nodes (Count), the starting index (Start)
    # or the template used to construct the name (Hostname).
    #
    # Note: Template and Specs are not mutually exclusive.  You may define both
    # sections and the aggregate nodes will be created for you.  Take care with
    # name collisions
    # ---------------------------------------------------------------------------
    Template:
      Count: 1
      # Start: 5
      # Hostname: {{.Prefix}}{{.Index}} # default
      # SANS:
      #   - "{{.Hostname}}.alt.{{.Domain}}"

    # ---------------------------------------------------------------------------
    # "Users"
    # ---------------------------------------------------------------------------
    # Count: The number of user accounts _in addition_ to Admin
    # ---------------------------------------------------------------------------
    Users:
      Count: 1

  # ---------------------------------------------------------------------------
  # Org2: See "Org1" for full specification
  # ---------------------------------------------------------------------------
  - Name: Org2
    Domain: org2.example.com
    EnableNodeOUs: false
    Template:
      Count: 1
    Users:
      Count: 1










我们把所有注释都删掉
看一下这个模板的结构

OrdererOrgs:
  - Name: Orderer
    Domain: example.com
    Specs:
      - Hostname: orderer
PeerOrgs:
  - Name: Org1
    Domain: org1.example.com
    EnableNodeOUs: false
    Template:
      Count: 1
    Users:
      Count: 1
  - Name: Org2
    Domain: org2.example.com
    EnableNodeOUs: false
    Template:
      Count: 1
    Users:
      Count: 1
	  
	 
我们可以看到
OrdererOrgs:
	Orderer
PeerOrgs:
	Org1
	Org2











然后我们来修改一下模板文件

OrdererOrgs:					#排序节点组织信息
  - Name: Orderer				#排序节点组织的名字
    Domain: abc.com				#排序节点组织的域名,测试网络中可以随便写
    Specs:
      - Hostname: orderer01		#其中一个orderer节点的名字,orderer01.abc.com

PeerOrgs:						#peer组织
  - Name: Org1					#组织名字
    Domain: org1.abc.com		#域名
    EnableNodeOUs: true			#如果为true,msp目录生成config.yaml配置文件
    Template:					#使用模板生成peer节点证书
      Count: 2					#2个peer节点证书 #peer1.org1.abc.com #peer2.org1.abc.com							
    Users:						#用户
      Count: 3					#生成3个用户账号,管理员和普通用户会默认生成
  - Name: Org2
    Domain: org2.abc.com
    EnableNodeOUs: true
    Template:
      Count: 2
    Users:
      Count: 3











然后,我们通过我们的yaml配置文件
来生成证书
我们把template.yaml重命名一下
改成abc.yaml

OrdererOrgs:					#排序节点组织信息
  - Name: Orderer				#排序节点组织的名字
    Domain: abc.com				#排序节点组织的域名,测试网络中可以随便写
    Specs:
      - Hostname: orderer01		#其中一个orderer节点的名字,orderer01.abc.com

PeerOrgs:						#peer组织
  - Name: Org1					#组织名字
    Domain: org1.abc.com		#域名
    EnableNodeOUs: true			#如果为true,msp目录生成config.yaml配置文件
    Template:					#使用模板生成peer节点证书
      Count: 2					#2个peer节点证书 #peer1.org1.abc.com #peer2.org1.abc.com							
    Users:						#用户
      Count: 3					#生成3个用户账号,管理员和普通用户会默认生成
  - Name: Org2
    Domain: org2.abc.com
    EnableNodeOUs: true
    Template:
      Count: 2
    Users:
      Count: 3

输入
cryptogen generate --config==abc.yaml
然后结果输出了
org1.abc.com
org2.abc.com








我们发现生成了crypto-config文件夹
那么我们看一下这个文件夹

abc@abc:~/workspace/fabric/crypto-config$ tree -L 3
.
├── ordererOrganizations
│   └── abc.com
│       ├── ca
│       ├── msp
│       ├── orderers
│       ├── tlsca
│       └── users
└── peerOrganizations
    ├── org1.abc.com
    │   ├── ca
    │   ├── msp
    │   ├── peers
    │   ├── tlsca
    │   └── users
    └── org2.abc.com
        ├── ca
        ├── msp
        ├── peers
        ├── tlsca
        └── users

20 directories, 0 files




生成了很多目录
ordererOrganizations
	abc.com
peerOrganizations
	org1.abc.com
	org2.abc.com








 



我们重新来看一下模板文件
OrdererOrgs:
  - Name: Orderer
    Domain: example.com
    Specs:
      - Hostname: orderer
PeerOrgs:
  - Name: Org1
    Domain: org1.example.com
    EnableNodeOUs: false
    Template:
      Count: 1
    Users:
      Count: 1
  - Name: Org2
    Domain: org2.example.com
    EnableNodeOUs: false
    Template:
      Count: 1
    Users:
      Count: 1
	  
	  
我们现在再来看一下架构
1.Orderer组织
	1.名字
	2.域名
	3.节点内访问域名
2.peer组织
	1.名字
	2.域名
	3.是否生成config.yaml配置文件
	4.peer节点个数
	5.用户个数










我们进入crypto-config/ordererOrganizations/abc.com目录
然后看一下abc.com文件夹里面有什么文件

abc@abc:~/workspace/fabric/crypto-config/ordererOrganizations/abc.com$ tree -L 3
.
├── ca
│   ├── 64c44a053222f995b91da5ce9e2434eb46c72a0f459ad174f56d7647557f89ce_sk
│   └── ca.abc.com-cert.pem
├── msp
│   ├── admincerts
│   │   └── Admin@abc.com-cert.pem
│   ├── cacerts
│   │   └── ca.abc.com-cert.pem
│   └── tlscacerts
│       └── tlsca.abc.com-cert.pem
├── orderers
│   └── orderer01.abc.com
│       ├── msp
│       └── tls
├── tlsca
│   ├── 40a7d078f7d670ddee506c0d286eb8453717af8c354e249094dae7db2a3555c4_sk
│   └── tlsca.abc.com-cert.pem
└── users
    └── Admin@abc.com
        ├── msp
        └── tls

我们看到有这些目录
1.ca
2.msp
3.orderers
4.tlsca
5.users









然后我们来看msp文件夹

abc@abc:~/workspace/fabric/crypto-config/ordererOrganizations/abc.com/msp$ tree
.
├── admincerts
│   └── Admin@abc.com-cert.pem
├── cacerts
│   └── ca.abc.com-cert.pem
└── tlscacerts
    └── tlsca.abc.com-cert.pem

3 directories, 3 files


里面有三个pem文件
pem文件就是证书文件
这个msp文件夹就是 账号目录













锚节点
1.锚节点是一个peer节点
2.在一个网络中,有多个组织,每个组织有多个peer节点
3.锚节点代表当前组织和其他组织进行对话
4.每个组织选择一个peer节点,代表当前组织,就是锚节点
5.所有的peer节点都可以成为锚节点
6.可以在配置文件中指定锚节点
7.一个组织只能有一个