前言
前面写的Fabric的安装过程看起来很详细,但是看起来非常繁杂,让人望而却步。其实有很简单的安装办法。不妨先按简单的来,如果遇到问题,再去参照复杂的安装过程。
1. 准备工作
1.1. 安装Docker及Docker-Compose
sudo apt update
sudo apt install docker.io
sudo apt install docker-compose
1.2 安装常用工具
curl/tree/jq
#curl工具可以方便上传或下载文件,数据。支持ftp,sftp,http,https,scp等很多种协议。功能很强大。
sudo apt install curl
#tree工具可以方便地查看文件夹的结构。
sudo apt install tree
#jq是linux处理JSON文件的工具,可以方便地对JSON文件进行取值,设值等操作。
sudo apt install jq
1.3 安装Golang
Fabric1.2 需要安装go v1.10.x版本。
安装指定的golang版本方法参考:从零构建Fabric开发运行环境手册(三):安装GO语言环境。
1.4 设置github代理(可选项)
国内的很多环境从Github上下载源码很慢,常常会导致git clone失败。如果有这种情况建议按如下方式使用代理。
#设置http/https代理(例子)
git config --global http.proxy 'socks5://127.0.0.1:1080'
git config --global https.proxy 'socks5://127.0.0.1:1080'
#或者只设置github的代理
git config --global http.http://github.com.proxy socks5://127.0.0.1:1080
git config --global https.https://github.com.proxy socks5://127.0.0.1:1080
#检查代理是否正常设置完成
git config --global --get http.proxy
git config --global --get https.proxy
git config --global --get http.http://github.com.proxy
git config --global --get https.https://github.com.proxy
#去掉代理
git config --global --unset http.proxy
git config --global --unset https.proxy
2. 安装
2.1 下载Fabric源代码
mkdir -p $GOPATH/src/github.com/hyperledger
cd $GOPATH/src/github.com/hyperledger
git clone https://github.com/hyperledger/fabric.git
cd fabric
git checkout -b v1.2.1 v1.2.1
2.2 安装Fabric的项目依赖软件包
go get github.com/golang/protobuf/protoc-gen-go
mkdir -p $GOPATH/src/github.com/hyperledger/fabric/build/docker/gotools/bin
cp $GOPATH/bin/protoc-gen-go $GOPATH/src/github.com/hyperledger/fabric/build/docker/gotools/bin
mkdir -p $GOPATH/src/github.com/hyperledger/fabric/.build/docker/gotools/bin
cp $GOPATH/bin/protoc-gen-go $GOPATH/src/github.com/hyperledger/fabric/.build/docker/gotools/bin
2.3 编译Fabric
#编译前的准备工作
sudo chmod 777 /var/run/docker.sock
sudo chmod 777 /.cache
#编译
cd $GOPATH/src/github.com/hyperledger/fabric
make release
#使用docker(可选)
make docker
2.4 设置PATH方便运行Fabric模块
cd $GOPATH/src/github.com/hyperledger/fabric/release/linux-amd64/bin
#变成可执行文件
chmod 775 *
#向用户环境变量文件里面设置PATH,便于在任何地方都可以Fabric模块
sed -i '$aexport PATH=$PATH:$GOPATH/src/github.com/hyperledger/fabric/release/linux-amd64/bin' ~/.bashrc
#刷新
source ~/.bashrc
sed命令行参数解释:
- -i:直接编辑文件插入内容
- $a:定位到文件末
3. 配置和运行Fabric网络–非docker模式
sudo mkdir -p /opt/hyperledger/fabricconfig
sudo chmod 777 hyperledger/
sudo chmod 777 hyperledger/fabricconfig/
3.1 生成证书文件
cd /opt/hyperledger/fabricconfig
# 下面的命令会生成一个标准配置文件,做一些相应的修改就可以使用。
cryptogen showtemplate >> crypto-config.yaml
# 生成证书文件(默认会在./crypto-config目录下生成证书文件,也可以通过--output参数指定输出目录)
cryptogen generate --config=crypto-config.yaml
这里是编辑完成的crypto-config.yaml例子
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: false
Template:
Count: 2
Users:
Count: 1
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: false
Template:
Count: 2
Users:
Count: 1
3.2 编辑域名映射文件
由于我们在证书中使用了域名,开发环境下通常需要编辑一下域名映射。
sudo nano /etc/hosts
增加如下内容:
192.168.11.130 orderer.ihxss.com
192.168.11.130 peer0.org1.ihxss.com
192.168.11.130 peer1.org1.ihxss.com
192.168.11.130 peer0.org2.ihxss.com
192.168.11.130 peer1.org2.ihxss.com
测试配置是否正确:
ping peer0.org1.ihxss.com
3.3 生成创始区块文件
3.3.1 拷贝模板文件并进行编辑
mkdir -p /opt/hyperledger/order/
sudo cp $GOPATH/src/github.com/hyperledger/fabric/sampleconfig/configtx.yaml /opt/hyperledger/order/"
编辑完成后的例子:
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions.
- &OrdererOrg
# Name is the key by which this org will be referenced in channel
# configuration transactions.
# Name can include alphanumeric characters as well as dots and dashes.
Name: OrdererOrg
# ID is the key by which this org's MSP definition will be referenced.
# ID can include alphanumeric characters as well as dots and dashes.
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration.
MSPDir: /opt/hyperledger/fabricconfig/crypto-config/ordererOrganizations/ihxss.com/msp
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/msp
AnchorPeers:
- Host: peer0.org1.ihxss.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org2.ihxss.com/msp
AnchorPeers:
- Host: peer0.org2.ihxss.com
Port: 7051
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both. Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V1.1 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running v1.0.x,
# but the modification of which would cause incompatibilities. Users
# should leave this flag set to true.
V1_1: true
# Orderer capabilities apply only to the orderers, and may be safely
# manipulated without concern for upgrading peers. Set the value of the
# capability to true to require it.
Orderer: &OrdererCapabilities
# V1.1 for Order is a catchall flag for behavior which has been
# determined to be desired for all orderers running v1.0.x, but the
# modification of which would cause incompatibilities. Users should
# leave this flag set to true.
V1_1: true
# Application capabilities apply only to the peer network, and may be
# safely manipulated without concern for upgrading orderers. Set the value
# of the capability to true to require it.
Application: &ApplicationCapabilities
# V1.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.2, it implies V1_1.
V1_2: true
Application: &ApplicationDefaults
# Organizations lists the orgs participating on the application side of the
# network.
Organizations:
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start.
# Available types are "solo" and "kafka".
OrdererType: solo
# Addresses here is a nonexhaustive list of orderers the peers and clients can
# connect to. Adding/removing nodes from this list has no impact on their
# participation in ordering.
# NOTE: In the solo case, this should be a one-item list.
Addresses:
- orderer.ihxss.com:7050
# Batch Timeout: The amount of time to wait before creating a batch.
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block.
BatchSize:
# Max Message Count: The maximum number of messages to permit in a
# batch.
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch. If the "kafka" OrdererType is
# selected, set 'message.max.bytes' and 'replica.fetch.max.bytes' on
# the Kafka brokers to a value that is larger than this one.
AbsoluteMaxBytes: 98 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed
# for the serialized messages in a batch. A message larger than the
# preferred max bytes will result in a batch larger than preferred max
# bytes.
PreferredMaxBytes: 512 KB
# Max Channels is the maximum number of channels to allow on the ordering
# network. When set to 0, this implies no maximum number of channels.
MaxChannels: 0
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects. Edit
# this list to identify the brokers of the ordering service.
# NOTE: Use IP:port notation.
Brokers:
- 127.0.0.1:9092
# Organizations lists the orgs participating on the orderer side of the
# network.
Organizations:
Profiles:
# SampleInsecureSolo defines a configuration which uses the Solo orderer,
# contains no MSP definitions, and allows all transactions and channel
# creation requests for the consortium SampleConsortium.
TestTwoOrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
# SampleSingleMSPChannel defines a channel with only the sample org as a
# member. It is designed to be used in conjunction with SampleSingleMSPSolo
# and SampleSingleMSPKafka orderer profiles. Note, for channel creation
# profiles, only the 'Application' section and consortium # name are
# considered.
TestTwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
3.3.2 生成创始区块
cd /opt/hyperledger/order/
export FABRIC_CFG_PATH=$PWD
configtxgen -profile TestTwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
configtxgen -profile TestTwoOrgsOrdererGenesis -outputBlock ./orderer.genesis.block
3.4 创建channel及锚点文件
创建
channel configtxgen -profile TestTwoOrgsChannel -outputCreateChannelTx ./marktestchannel.tx -channelID marktestchannel
创建锚点文件
#创建锚点文件1
configtxgen -profile TestTwoOrgsChannel -outputAnchorPeersUpdate ./Org1MSPanchors.tx -channelID marktestchannel -asOrg Org1MSP
#创建锚点文件2
configtxgen -profile TestTwoOrgsChannel -outputAnchorPeersUpdate ./Org2MSPanchors.tx -channelID marktestchannel -asOrg Org2MSP
3.5 启动Orderer节点
cd /opt/hyperledger/order
#后台方式启动
orderer start >> log_orderer.log 2>&1 &
3.6 Peer节点启动
3.6.1 编辑节点配置文件core.yaml
首先获得模板文件。
sudo cp /home/mark/golangwork/src/github.com/hyperledger/fabric/sampleconfig/core.yaml /opt/hyperledger/peer/
然后进行编辑,编辑完成后的样子:
# Copyright IBM Corp. All Rights Reserved.
###############################################################################
logging:
level: debug
cauthdsl: warning
gossip: info
grpc: error
ledger: info
msp: warning
policies: warning
peer:
gossip: warning
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
###############################################################################
peer:
# The Peer id is used for identifying this Peer instance.
id: peer0.org1.ihxss.com
# The networkId allows for logical seperation of networks
networkId: dev
listenAddress: 0.0.0.0:7051
chaincodeListenAddress: 0.0.0.0:7052
address: peer0.org1.ihxss.com:7051
# Whether the Peer should programmatically determine its address
# This case is useful for docker containers.
addressAutoDetect: false
# Setting for runtime.GOMAXPROCS(n). If n < 1, it does not change the
# current setting
gomaxprocs: -1
# Keepalive settings for peer server and clients
keepalive:
# MinInterval is the minimum permitted time between client pings.
# If clients send pings more frequently, the peer server will
# disconnect them
minInterval: 60s
# Client keepalive settings for communicating with other peer nodes
client:
# Interval is the time between pings to peer nodes. This must
# greater than or equal to the minInterval specified by peer
# nodes
interval: 60s
# Timeout is the duration the client waits for a response from
# peer nodes before closing the connection
timeout: 20s
# DeliveryClient keepalive settings for communication with ordering
# nodes.
deliveryClient:
# Interval is the time between pings to ordering nodes. This must
# greater than or equal to the minInterval specified by ordering
# nodes.
interval: 60s
# Timeout is the duration the client waits for a response from
# ordering nodes before closing the connection
timeout: 20s
# Gossip related configuration
gossip:
bootstrap: 127.0.0.1:7051
useLeaderElection: true
orgLeader: false
endpoint:
maxBlockCountToStore: 100
maxPropagationBurstLatency: 10ms
maxPropagationBurstSize: 10
propagateIterations: 1
propagatePeerNum: 3
pullInterval: 4s
pullPeerNum: 3
requestStateInfoInterval: 4s
publishStateInfoInterval: 4s
stateInfoRetentionInterval:
publishCertPeriod: 10s
skipBlockVerification: false
dialTimeout: 3s
connTimeout: 2s
recvBuffSize: 20
sendBuffSize: 200
digestWaitTime: 1s
requestWaitTime: 1500ms
responseWaitTime: 2s
aliveTimeInterval: 5s
aliveExpirationTimeout: 25s
reconnectInterval: 25s
externalEndpoint: peer0.org1.ihxss.com:7051
election:
startupGracePeriod: 15s
membershipSampleInterval: 1s
leaderAliveThreshold: 10s
leaderElectionDuration: 5s
pvtData:
pullRetryThreshold: 60s
transientstoreMaxBlockRetention: 1000
pushAckTimeout: 3s
btlPullMargin: 10
events:
address: 0.0.0.0:7053
buffersize: 100
timeout: 10ms
timewindow: 15m
keepalive:
minInterval: 60s
sendTimeout: 60s
tls:
enabled: false
clientAuthRequired: false
cert:
file: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/peers/peer0.org1.ihxss.com/tls/server.crt
key:
file: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/peers/peer0.org1.ihxss.com/tls/server.key
rootcert:
file: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/peers/peer0.org1.ihxss.com/tls/ca.crt
clientRootCAs:
files:
- /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/peers/peer0.org1.ihxss.com/tls/ca.crt
clientKey:
file:
clientCert:
file:
authentication:
timewindow: 15m
fileSystemPath: /var/hyperledger/production
BCCSP:
Default: SW
SW:
Hash: SHA2
Security: 256
FileKeyStore:
KeyStore:
PKCS11:
Library:
Label:
Pin:
Hash:
Security:
FileKeyStore:
KeyStore:
mspConfigPath: /opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/peers/peer0.org1.ihxss.com/msp
localMspId: Org1MSP
client:
connTimeout: 3s
deliveryclient:
reconnectTotalTimeThreshold: 3600s
connTimeout: 3s
reConnectBackoffThreshold: 3600s
localMspType: bccsp
profile:
enabled: false
listenAddress: 0.0.0.0:6060
adminService:
handlers:
authFilters:
-
name: DefaultAuth
-
name: ExpirationCheck
decorators:
-
name: DefaultDecorator
endorsers:
escc:
name: DefaultEndorsement
library:
validators:
vscc:
name: DefaultValidation
library:
validatorPoolSize:
discovery:
enabled: true
authCacheEnabled: true
authCacheMaxSize: 1000
authCachePurgeRetentionRatio: 0.75
orgMembersAllowedAccess: false
###############################################################################
vm:
# Endpoint of the vm management system. For docker can be one of the following in general
# unix:///var/run/docker.sock
# http://localhost:2375
# https://localhost:2376
endpoint: unix:///var/run/docker.sock
# settings for docker vms
docker:
tls:
enabled: false
ca:
file: docker/ca.crt
cert:
file: docker/tls.crt
key:
file: docker/tls.key
# Enables/disables the standard out/err from chaincode containers for
# debugging purposes
attachStdout: false
hostConfig:
NetworkMode: host
Dns:
# - 192.168.0.1
LogConfig:
Type: json-file
Config:
max-size: "50m"
max-file: "5"
Memory: 2147483648
###############################################################################
chaincode:
# The id is used by the Chaincode stub to register the executing Chaincode
# ID with the Peer and is generally supplied through ENV variables
# the `path` form of ID is provided when installing the chaincode.
# The `name` is used for all other requests and can be any string.
id:
path:
name:
# Generic builder environment, suitable for most chaincode types
builder: $(DOCKER_NS)/fabric-ccenv:latest
# Enables/disables force pulling of the base docker images (listed below)
# during user chaincode instantiation.
# Useful when using moving image tags (such as :latest)
pull: false
golang:
# golang will never need more than baseos
runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION)
# whether or not golang chaincode should be linked dynamically
dynamicLink: false
car:
# car may need more facilities (JVM, etc) in the future as the catalog
# of platforms are expanded. For now, we can just use baseos
runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION)
java:
# This is an image based on java:openjdk-8 with addition compiler
# tools added for java shim layer packaging.
# This image is packed with shim layer libraries that are necessary
# for Java chaincode runtime.
Dockerfile: |
from $(DOCKER_NS)/fabric-javaenv:$(ARCH)-1.1.0
node:
# need node.js engine at runtime, currently available in baseimage
# but not in baseos
runtime: $(BASE_DOCKER_NS)/fabric-baseimage:$(ARCH)-$(BASE_VERSION)
# Timeout duration for starting up a container and waiting for Register
# to come through. 1sec should be plenty for chaincode unit tests
startuptimeout: 300s
# Timeout duration for Invoke and Init calls to prevent runaway.
# This timeout is used by all chaincodes in all the channels, including
# system chaincodes.
# Note that during Invoke, if the image is not available (e.g. being
# cleaned up when in development environment), the peer will automatically
# build the image, which might take more time. In production environment,
# the chaincode image is unlikely to be deleted, so the timeout could be
# reduced accordingly.
executetimeout: 30s
# There are 2 modes: "dev" and "net".
# In dev mode, user runs the chaincode after starting peer from
# command line on local machine.
# In net mode, peer will run chaincode in a docker container.
mode: net
# keepalive in seconds. In situations where the communiction goes through a
# proxy that does not support keep-alive, this parameter will maintain connection
# between peer and chaincode.
# A value <= 0 turns keepalive off
keepalive: 0
# system chaincodes whitelist. To add system chaincode "myscc" to the
# whitelist, add "myscc: enable" to the list below, and register in
# chaincode/importsysccs.go
system:
cscc: enable
lscc: enable
escc: enable
vscc: enable
qscc: enable
# System chaincode plugins: in addition to being imported and compiled
# into fabric through core/chaincode/importsysccs.go, system chaincodes
# can also be loaded as shared objects compiled as Go plugins.
# See examples/plugins/scc for an example.
# Like regular system chaincodes, plugins must also be white listed in the
# chaincode.system section above.
systemPlugins:
# example configuration:
# - enabled: true
# name: myscc
# path: /opt/lib/myscc.so
# invokableExternal: true
# invokableCC2CC: true
# Logging section for the chaincode container
logging:
# Default level for all loggers within the chaincode container
level: info
# Override default level for the 'shim' module
shim: warning
# Format for the chaincode container logs
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
###############################################################################
ledger:
blockchain:
state:
# stateDatabase - options are "goleveldb", "CouchDB"
# goleveldb - default state database stored in goleveldb.
# CouchDB - store state database in CouchDB
stateDatabase: goleveldb
couchDBConfig:
# It is recommended to run CouchDB on the same server as the peer, and
# not map the CouchDB container port to a server port in docker-compose.
# Otherwise proper security must be provided on the connection between
# CouchDB client (on the peer) and server.
couchDBAddress: 127.0.0.1:5984
# This username must have read and write authority on CouchDB
username:
# The password is recommended to pass as an environment variable
# during start up (eg LEDGER_COUCHDBCONFIG_PASSWORD).
# If it is stored here, the file must be access control protected
# to prevent unintended users from discovering the password.
password:
# Number of retries for CouchDB errors
maxRetries: 3
# Number of retries for CouchDB errors during peer startup
maxRetriesOnStartup: 10
# CouchDB request timeout (unit: duration, e.g. 20s)
requestTimeout: 35s
# Limit on the number of records to return per query
queryLimit: 10000
# Limit on the number of records per CouchDB bulk update batch
maxBatchUpdateSize: 1000
# Warm indexes after every N blocks.
# This option warms any indexes that have been
# deployed to CouchDB after every N blocks.
# A value of 1 will warm indexes after every block commit,
# to ensure fast selector queries.
# Increasing the value may improve write efficiency of peer and CouchDB,
# but may degrade query response time.
warmIndexesAfterNBlocks: 1
history:
# enableHistoryDatabase - options are true or false
# Indicates if the history of key updates should be stored.
# All history 'index' will be stored in goleveldb, regardless if using
# CouchDB or alternate database for the state.
enableHistoryDatabase: true
###############################################################################
metrics:
# enable or disable metrics server
enabled: false
# when enable metrics server, must specific metrics reporter type
# currently supported type: "statsd","prom"
reporter: statsd
# determines frequency of report metrics(unit: second)
interval: 1s
statsdReporter:
# statsd server address to connect
address: 0.0.0.0:8125
# determines frequency of push metrics to statsd server(unit: second)
flushInterval: 2s
# max size bytes for each push metrics request
# intranet recommend 1432 and internet recommend 512
flushBytes: 1432
promReporter:
# prometheus http server listen address for pull metrics
listenAddress: 0.0.0.0:8080
3.6.2 Peer节点启动(后台方式)
后台方式启动Peer节点
export set FABRIC_CFG_PATH=/opt/hyperledger/peer
peer node start >> log_peer.log 2>&1 &
3.7 创建通道
cd /opt/hyperledger/peer
export set CORE_PEER_LOCALMSPID=Org1MSP
export set CORE_PEER_MSPCONFIGPATH=/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/users/Admin@org1.ihxss.com/msp
peer channel create -t 20s -o orderer.ihxss.com:7050 -c marktestchannel -f /opt/hyperledger/order/marktestchannel.tx
3.8 加入通道
export set CORE_PEER_LOCALMSPID=Org1MSP
export set CORE_PEER_ADDRESS=peer0.org1.ihxss.com:7051
export set CORE_PEER_MSPCONFIGPATH=/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/users/Admin@org1.ihxss.com/msp
peer channel join -b /opt/hyperledger/peer/marktestchannel.block
3.9 更新锚节点
export set CORE_PEER_LOCALMSPID=Org1MSP
export set CORE_PEER_ADDRESS=peer0.org1.ihxss.com:7051
export set CORE_PEER_MSPCONFIGPATH=/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/users/Admin@org1.ihxss.com/msp
peer channel update -o orderer.ihxss.com:7050 -c marktestchannel -f /opt/hyperledger/order/Org1MSPanchors.tx
4 安装Fabric-CA
4.1 获取源码
cd $GOPATH/src/github.com/hyperledger
git clone https://github.com/hyperledger/fabric-ca
cd fabric-ca/
git checkout -b v1.2.1 v1.2.1
4.2 编译
make fabric-ca-server
make fabric-ca-client
4.3 把生成的可执行文件路径加入到PATH
sudo nano ~/.bashrc
export PATH=$PATH:$GOPATH/src/github.com/hyperledger/fabric-ca/bin
source ~/.bashrc
查看版本号
fabric-ca-server version
fabric-ca-client version
4.4 CA服务器初始化
sudo mkdir -p /opt/hyperledger/fabric-ca-server
cd /opt/hyperledger/fabric-ca-server
sudo chmod 777 ./
fabric-ca-server init -b admin:adminpw
4.5 绑定CA服务器到现有体系
cd /opt/hyperledger/fabric-ca-server
nano fabric-ca-server-config.yaml
填写CA段 下面的name,keyfile,certfile,chainfile 信息
填写前:
ca:
# Name of this CA
name:
# Key file (is only used to import a private key into BCCSP)
keyfile:
# Certificate file (default: ca-cert.pem)
certfile:
# Chain file
chainfile:
填写后:
ca:
# CA名字,可以修改
name:ca-org1
# Key file (is only used to import a private key into BCCSP)
keyfile:/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/ca/48f08635c99b8f5fcd32fae8c1f402d0ec64da4ca99d8ea9c687db17b18bb5f7_sk
# Certificate file (default: ca-cert.pem)
certfile:/opt/hyperledger/fabricconfig/crypto-config/peerOrganizations/org1.ihxss.com/ca/ca.org1.ihxss.com-cert.pem
# 链名字,可以修改
chainfile:ca-chain.pem
4.6 后台方式启动CA服务器
fabric-ca-server start -H /opt/hyperledger/fabric-ca-server -b admin:adminpw >>/opt/hyperledger/log_ca.log 2>&1 &
参考1:Fabric官方v1.2手册