Hyperledger Fabric 2.2实战记录(三)

最新推荐文章于 2022-06-23 09:53:54 发布
最新推荐文章于 2022-06-23 09:53:54 发布
阅读量2.5k 收藏 7
点赞数 3
分类专栏: 区块链 Hyperledger Fabric
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zhanglingge/article/details/107918039
版权

八、新增orderer节点

在192.168.1.112的服务器上新增一个排序节点orderer1.example.com

在增加orderer节点时,必须保证系统通道内的大多数已加入orderer在正常工作,如果正常工作的不能达到大多数,则系统通道将彻底无法修改。

在这里遇到很多坑,尤其需要注意版本orderer(2.2版)的可执行文件必须是go1.14.6以上版本。

编辑各个主机的/etc/hosts

192.168.1.108 orderer.example.com
192.168.1.112 orderer1.example.com
192.168.1.112 peer0.org1.example.com
192.168.1.138 peer1.org1.example.com
192.168.1.111 peer0.org2.example.com
192.168.1.138 peer0.org3.example.com

1.获取orderer1.example.com的msp

mkdir ~/work/example/ca_order_server
cd ~/work/example/ca_order_server
1.初始化
fabric-ca-server init -b admin:adminpw --port 7055
2.修改fabric-ca-server-config.yaml
ca:
  # Name of this CA
  name: OrdererOrg
  # Key file (is only used to import a private key into BCCSP)
  keyfile: ../organizations/ordererOrganizations/example.com/ca/priv_sk
  # Certificate file (default: ca-cert.pem)
  certfile: ../organizations/ordererOrganizations/example.com/ca/ca.example.com-cert.pem
  # Chain file
  chainfile:
因9443端口在peer中占用,所以暂时将本配置文件中operations部分注释掉

3.启动server
fabric-ca-server start  -b admin:adminpw --port 7055

4.client登陆
mkdir ~/work/example/ca_order_client
cd ~/work/example/ca_order_client

export FABRIC_CA_CLIENT_HOME=$PWD
fabric-ca-client enroll -u http://admin:adminpw@localhost:7055

fabric-ca-client register -d --id.name orderer1.example.com --id.secret orderPW --id.type orderer -u http://0.0.0.0:7055

5.登陆orderer1.example.com获取msp
cd ~/work/example/organizations/ordererOrganizations/example.com/orderers
mkdir orderer1.example.com
cd orderer1.example.com

export FABRIC_CA_CLIENT_HOME=$PWD
fabric-ca-client enroll -u http://orderer1.example.com:orderPW@0.0.0.0:7055 -M $FABRIC_CA_CLIENT_HOME/msp


6.声明管理员用户
mkdir msp/admincerts
cp ../../users/Admin@example.com/msp/signcerts/Admin@example.com-cert.pem msp/admincerts/

2.获取orderer1.example.com的tls

1.启动TLS server
mkdir ~/work/example/tlsca_order_server
cd ~/work/example/tlsca_order_server
fabric-ca-server init -b tlsadmin:tlsadminpw
2.修改配置文件
ca:
  # Name of this CA
  name: tlsca-OrdererOrg
  # Key file (is only used to import a private key into BCCSP)
  keyfile: ../organizations/ordererOrganizations/example.com/tlsca/priv_sk
  # Certificate file (default: ca-cert.pem)
  certfile: ../organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
  # Chain file
  chainfile:
因9443端口在peer中占用,所以暂时将本配置文件中operations部分注释掉
3.开启server
fabric-ca-server start  -b tlsadmin:tlsadminpw --port 7056
4.使用client注册账号
mkdir ~/work/example/tlsca_order_client
cd ~/work/example/tlsca_order_client
export FABRIC_CA_CLIENT_HOME=$PWD
fabric-ca-client enroll -u http://tlsadmin:tlsadminpw@localhost:7056
fabric-ca-client register -d --id.name orderer1.example.com --id.secret orderPW --id.type orderer -u http://0.0.0.0:7056
5.登录orderer1.example.com获取tls
cd ~/work/example/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com

export FABRIC_CA_CLIENT_HOME=$PWD
#注意下方--csr.hosts必须加,否则在将peer加入通道时会报错
fabric-ca-client enroll -u http://orderer1.example.com:orderPW@0.0.0.0:7056 -M $FABRIC_CA_CLIENT_HOME/tls --csr.hosts orderer1.example.com

mv tls/keystore/* tls/keystore/server.key

3.编辑系统区块

首先从peer0.org1.example.com拉取系统配置区块(在core.yaml所在目录执行)
cd ~/work/example/peer
mkdir -p conf-orderer1/sys


export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/ #order组织的管理员
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls/ca.crt
export CORE_PEER_LOCALMSPID="OrdererMSP" #order组织mspid
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051

export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

export CH_NAME=system-channel

peer channel fetch config conf-orderer1/sys/config_block.pb -o orderer.example.com:7050 -c $CH_NAME --tls --cafile $ORDERER_TLSCA

cd conf-orderer1/sys/
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
cp config.json modified_config.json

在modified_config.json中修改内容

位置一

找到如下位置


{
  "client_tls_cert": "ORDER TLS SERVER CERT",
  "host": "orderer.example.com",
  "port": 7050,
  "server_tls_cert": "ORDER TLS SERVER CERT"
}

其中client_tls_cert和server_tls_cert的内容是以下。

cat ~/work/example/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt |base64

对于Fabric CA server产生的tls msp路径如下:

方式一:
cat ~/work/example/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/cert.pem |base64  > cert.txt

进入python终端获取去掉回车的证书
''.join(file('cert.txt','r').read().split('\n'))

方式二:
进入python终端
f = '/home/dev2/work/example/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/cert.pem'
import base64
base64.b64encode(file(f, 'r').read())

在此位置修改成如下代码(在base64转义后去掉证书中的回车

{
  "client_tls_cert": "ORDER TLS SERVER CERT",
  "host": "orderer.example.com",
  "port": 7050,
  "server_tls_cert": "ORDER TLS SERVER CERT"
},
{
  "client_tls_cert": "ORDER1 TLS SERVER CERT",
  "host": "orderer1.example.com",
  "port": 7050,
  "server_tls_cert": "ORDER1 TLS SERVER CERT"
}

位置二

修改如下内容

"Endpoints": {
"mod_policy": "Admins",
"value": {
  "addresses": [
    "orderer.example.com:7050",
    "orderer1.example.com:7050"
  ]
},

注意如果是以下内容,则后续无法成功添加orderer,请检查orderer版本和go版本
"OrdererAddresses": {
	"mod_policy": "/Channel/Orderer/Admins",
	"value": {
	  "addresses": [
	    "orderer.example.com:7050"
	  ]
}

4.提交修改的配置区块

configtxlator proto_encode --input config.json --type common.Config > config.pb
configtxlator proto_encode --input modified_config.json --type common.Config > modified_config.pb
configtxlator compute_update --channel_id $CH_NAME --original config.pb --updated modified_config.pb --output config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CH_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pb

cd ../../
#以OrdererMSP组织管理员的身份签名
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/ #order组织的管理员
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls/ca.crt
export CORE_PEER_LOCALMSPID="OrdererMSP" #order组织mspid
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

peer channel signconfigtx -f ./conf-orderer1/sys/config_update_in_envelope.pb
#提交(不需要其它管理员签名,属于OrdererOrg组织内部增加节点),
peer channel update -f ./conf-orderer1/sys/config_update_in_envelope.pb -c $CH_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA

5.启动orderer1.example.com

#获取最新的系统通道配置区块,仍在peer0服务器上
cd ~/work/example/peer
mkdir system-genesis-block
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/ #order组织的管理员
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls/ca.crt
export CORE_PEER_LOCALMSPID="OrdererMSP" #order组织mspid
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CH_NAME=system-channel

peer channel fetch config system-genesis-block/genesis.block -o orderer.example.com:7050 -c $CH_NAME --tls --cafile $ORDERER_TLSCA

到orderer1的服务器上,

cd ~/work/example/order

现将系统配置的最新区块复制过来

scp -r user@ip:~/work/example/peer/system-genesis-block .

对照原节点的orderer.yaml做如下修改

16 General.ListenAddress: orderer1.example.com
19 General.ListenPort: 7050
25 General.TLS.PrivateKey: ../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/keystore/server.key
27 General.TLS.Certificate: ../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/cert.pem
29 General.TLS.RootCAs: ../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/cacerts/0-0-0-0-7056.pem
52 Cluster.ClientCertificate: ../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/cert.pem
54 Cluster.ClientPrivateKey:
../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/keystore/server.key
89 LocalMSPDir: ../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/msp

运行orderer1

orderer start

6.将orderer1加入应用通道channel1

当前orderer1仅仅加入了系统通道,并没有加入应用通用channel1,下面将orderer1加入channel1

仍然在peer0的服务器上

cd ~/work/example/peer
mkdir -p conf-orderer1/channel1
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/ #order组织的管理员
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls/ca.crt
export CORE_PEER_LOCALMSPID="OrdererMSP" #order组织mspid
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CH_NAME=channel1
#获取最新的应用通道配置区块
peer channel fetch config conf-orderer1/channel1/config_block.pb -o orderer.example.com:7050 -c $CH_NAME --tls --cafile $ORDERER_TLSCA

cd conf-orderer1/channel1
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
cp config.json modified_config.json

然后按照步骤5的内容修改modified_config.json的两处内容之后

configtxlator proto_encode --input config.json --type common.Config > config.pb
configtxlator proto_encode --input modified_config.json --type common.Config > modified_config.pb
configtxlator compute_update --channel_id $CH_NAME --original config.pb --updated modified_config.pb --output config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CH_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pb
cd ../../
#以OrdererMSP组织管理员的身份签名
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/ #order组织的管理员
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls/ca.crt
export CORE_PEER_LOCALMSPID="OrdererMSP" #order组织mspid
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

peer channel signconfigtx -f ./conf-orderer1/channel1/config_update_in_envelope.pb
#提交(此时不需要其它管理员签名,属于排序组织OrdererOrg内部增加节点),
peer channel update -f ./conf-orderer1/channel1/config_update_in_envelope.pb -c $CH_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA

提交之后一段时间内会在orderer的log中看到报错,忽略即可。

orderer端
[orderer.consensus.etcdraft] logSendFailure -> ERRO 122 Failed to send StepRequest to 2, because: aborted channel=channel1 node=1

peer如果此时调用链码会看到错误
got unexpected status: SERVICE_UNAVAILABLE -- no Raft leader

等待5分钟,错误消失,即可使用orderer1来接收链码调用

九、删除orderer节点

和新增步骤类似,只是从modified_config.json中两处修改该位置中,找到对应orderer信息删除即可。

删除应用通道orderer节点和删除系统通道orderer节点两步要分开执行。

提交时,作者的环境是两个orderer同属一个排序组织。只需要一个orderer对事物变更进行签名,再提交即可。

 十、docker模式启动节点

1.在一个新的example文件夹中

cd ~/work/example
mkdir order  orderer-production  organizations  peer0-org1-production chaincode

生成秘钥素材参照Hyperledger Fabric 2.2实战记录(一)的步骤1.1

2.编写docker-compose.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

volumes:
  orderer.example.com:
  peer0.org1.example.com:
  peer0.org2.example.com:

networks:
  test:

services:

  orderer.example.com:
    container_name: orderer.example.com
    image: hyperledger/fabric-orderer:$IMAGE_TAG
    environment:
      - FABRIC_LOGGING_SPEC=INFO
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_LISTENPORT=7050
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      # - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
      # - ORDERER_KAFKA_VERBOSE=true
      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
        - ./order/system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ./organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
        - ./organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls:/var/hyperledger/orderer/tls
        - ./orderer-production:/var/hyperledger/production/orderer
    ports:
      - 7050:7050
    networks:
      - test
    extra_hosts: #虚拟机host地址
      - "orderer.example.com:192.168.1.149"
      - "peer0.org1.example.com:192.168.1.149"
      - "peer0.org2.example.com:192.168.1.147"

  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    image: hyperledger/fabric-peer:$IMAGE_TAG
    environment:
      #Generic peer variables
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      # the following setting starts chaincode containers on the same
      # bridge network as the peers
      # https://docs.docker.com/compose/networking/
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_test
      - FABRIC_LOGGING_SPEC=INFO
      #- FABRIC_LOGGING_SPEC=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_GOSSIP_USELEADERELECTION=true
      - CORE_PEER_GOSSIP_ORGLEADER=false
      - CORE_PEER_PROFILE_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      # Peer specific variabes
      - CORE_PEER_ID=peer0.org1.example.com
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:7051
      - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
    volumes:
        - /var/run/:/host/var/run/
        - ./organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
        - ./organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
        - ./peer0-org1-production:/var/hyperledger/production
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start
    ports:
      - 7051:7051
    networks:
      - test
    extra_hosts:  #虚拟机host地址
      - "orderer.example.com:192.168.1.149"
      - "peer0.org1.example.com:192.168.1.149"
      - "peer0.org2.example.com:192.168.1.147"

  peer0.org2.example.com:
    container_name: peer0.org2.example.com
    image: hyperledger/fabric-peer:$IMAGE_TAG
    environment:
      #Generic peer variables
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      # the following setting starts chaincode containers on the same
      # bridge network as the peers
      # https://docs.docker.com/compose/networking/
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_test
      - FABRIC_LOGGING_SPEC=INFO
      #- FABRIC_LOGGING_SPEC=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_GOSSIP_USELEADERELECTION=true
      - CORE_PEER_GOSSIP_ORGLEADER=false
      - CORE_PEER_PROFILE_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      # Peer specific variabes
      - CORE_PEER_ID=peer0.org2.example.com
      - CORE_PEER_ADDRESS=peer0.org2.example.com:9051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:9051
      - CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051
      - CORE_PEER_LOCALMSPID=Org2MSP
    volumes:
        - /var/run/:/host/var/run/
        - ./organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
        - ./organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
        - ./peer0-org2-production:/var/hyperledger/production
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start
    ports:
      - 9051:9051
    networks:
      - test
    extra_hosts: #虚拟机host地址
      - "orderer.example.com:192.168.1.149"
      - "peer0.org1.example.com:192.168.1.149"
      - "peer0.org2.example.com:192.168.1.147"

  cli-org1:
      container_name: cli-org1
      image: hyperledger/fabric-tools:$IMAGE_TAG
      tty: true
      stdin_open: true
      environment:
        # - GOPATH=/opt/gopathdocker-compose.yaml
        - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
        - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_test

        - FABRIC_LOGGING_SPEC=INFO
        - CORE_PEER_ID=peer0.org1.example.com
        - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
        - CORE_PEER_LOCALMSPID=Org1MSP
        - CORE_PEER_TLS_ENABLED=true
        - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
        - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/users/Admin@org1.example.com/msp
        - ORDERER_TLSCA=/var/hyperledger/orderer/tlscacerts/tlsca.example.com-cert.pem
      working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1
      command: sh
      volumes:
        # - /tmp/hyperledger/org1/peer1:/tmp/hyperledger/org1/peer1
        # - /tmp/hyperledger/org1/peer1/assets/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode
        # - /tmp/hyperledger/org1/admin:/tmp/hyperledger/org1/admin

        - /var/run/:/host/var/run/
        - ./organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
        - ./organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
        - ./organizations/peerOrganizations/org1.example.com/users:/etc/hyperledger/fabric/users
        - ./organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts:/var/hyperledger/orderer/tlscacerts
        - ./order/channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/org1/channel-artifacts
        - ./chaincode:/opt/gopath/src/github.com/hyperledger/fabric/org1/chaincode
        - ./organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt:/etc/hyperledger/fabric/org2-peer0-tls/ca.crt #org2的peer0节点身份证书
      networks:
        - test
      extra_hosts: #虚拟机host地址
        - "orderer.example.com:192.168.1.149"
        - "peer0.org1.example.com:192.168.1.149"
        - "peer0.org2.example.com:192.168.1.147"

  cli-org2:
      container_name: cli-org2
      image: hyperledger/fabric-tools:$IMAGE_TAG
      tty: true
      stdin_open: true
      environment:
        # - GOPATH=/opt/gopathdocker-compose.yaml
        - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
        - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_test

        - FABRIC_LOGGING_SPEC=INFO
        - CORE_PEER_ID=peer0.org2.example.com
        - CORE_PEER_ADDRESS=peer0.org2.example.com:9051
        - CORE_PEER_LOCALMSPID=Org2MSP
        - CORE_PEER_TLS_ENABLED=true
        - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
        - CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/users/Admin@org2.example.com/msp
        - ORDERER_TLSCA=/var/hyperledger/orderer/tlscacerts/tlsca.example.com-cert.pem
      working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2
      command: sh
      volumes:
        # - /tmp/hyperledger/org1/peer1:/tmp/hyperledger/org1/peer1
        # - /tmp/hyperledger/org1/peer1/assets/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode
        # - /tmp/hyperledger/org1/admin:/tmp/hyperledger/org1/admin

        - /var/run/:/host/var/run/
        - ./organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
        - ./organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
        - ./organizations/peerOrganizations/org2.example.com/users:/etc/hyperledger/fabric/users
        - ./organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts:/var/hyperledger/orderer/tlscacerts
        - ./order/channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/org2/channel-artifacts
        - ./chaincode:/opt/gopath/src/github.com/hyperledger/fabric/org2/chaincode
        - ./organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt:/etc/hyperledger/fabric/org1-peer0-tls/ca.crt #org1的peer0节点身份证书
      networks:
        - test
      extra_hosts: #虚拟机host地址
        - "orderer.example.com:192.168.1.149"
        - "peer0.org1.example.com:192.168.1.149"
        - "peer0.org2.example.com:192.168.1.147"

3.创建创始节点和应用通道创建事务

参照Hyperledger Fabric 2.2实战记录(一)的步骤1.3

参照Hyperledger Fabric 2.2实战记录(一)的步骤1.4

4.启动order节点

cd ~/work/example
export IMAGE_TAG=2.2.0
export COMPOSE_PROJECT_NAME=test1
docker-compose up orderer.example.com

5.启动org1的peer节点

cd ~/work/example
export IMAGE_TAG=2.2.0
export COMPOSE_PROJECT_NAME=test1
docker-compose up peer0.org1.example.com

6.启动org1的cli工具

cd ~/work/example
export IMAGE_TAG=2.2.0
export COMPOSE_PROJECT_NAME=test1
docker-compose up cli-org1

6.进入cli工具

cd ~/work/example
docker exec -it cli-org1 sh

7.在cli容器中创建应用通道并将peer加入到通道中

注意:因docker容器中本身变量已经包含所需的一切环境变量,因此只需执行

peer channel create -o orderer.example.com:7050  -c channel1 -f ./channel-artifacts/channel1.tx --outputBlock ./channel-artifacts/channel1.block --tls --cafile $ORDERER_TLSCA
peer channel join -b ./channel-artifacts/channel1.block

8.启动org2的peer

a.将org2的加密素材复制到org2的peer0所在主机

b.将docker-compose.yaml复制到org2的peer0所在主机

9.启动org2的peer0

cd ~/work/example
mkdir peer0-org2-production

export IMAGE_TAG=2.2.0
export COMPOSE_PROJECT_NAME=test1
docker-compose up peer0.org2.example.com

10.启动org2的cli

export IMAGE_TAG=2.2.0
export COMPOSE_PROJECT_NAME=test1
docker-compose up cli-org2

11.将org2的peer加入通道

cd ~/work/example
docker exec -it cli-org2 sh
peer channel fetch 0 ./channel-artifacts/channel_org2.block -o orderer.example.com:7050  -c channel1 --tls --cafile $ORDERER_TLSCA
peer channel join -b ./channel-artifacts/channel_org2.block

12.安装链码

参照参照Hyperledger Fabric 2.2实战记录(一)的步骤2

org1的peer0提交链码,下面/etc/hyperledger/fabric/org2-peer0-tls/ca.crt为org2的peer0证书

peer lifecycle chaincode commit -o orderer.example.com:7050 --channelID channel1 --init-required --name sacc --version 1.0 --sequence 1 --tls --cafile $ORDERER_TLSCA --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /etc/hyperledger/fabric/org2-peer0-tls/ca.crt

13.调用链码

org2的peer0初始化调用链码
peer chaincode invoke -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /etc/hyperledger/fabric/org1-peer0-tls/ca.crt --isInit -c '{"Args":["a","bb"]}'

org1的peer0调用链码
peer chaincode invoke -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /etc/hyperledger/fabric/org2-peer0-tls/ca.crt  -c '{"Args":["set","a","cc"]}'

 

寒木
关注
  • 3
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 12
    评论
专栏目录
StarRocks 报错以及解决方案
lg4546的专栏
12-22 4418
1 搭建starRocks 只有一台机器 按照官方网站 提供语句 , 创建 明细模型表 CREATE TABLE IF NOT EXISTS detail ( event_time DATETIME NOT NULL COMMENT "datetime of event", event_type INT NOT NULL COMMENT "type of event", user_id INT COMMENT "id of user" device_code IN...
fabric网络 Raft排序 问题记录
WANG_LEI222的博客
01-18 803
fabric网路有5个order节点,2个组织和4个peer节点。 通过查询order节点,有以下问题: docker logs -f orderer.example.com --tail=300 UTC [orderer.consensus.etcdraft] logSendFailure -> ERRO 02e Failed to send StepRequest to 5, because: rpc error: code = Unavailable desc = connection
fabric1.4.4手动部署网络创建通道时报错no Raft leader
Veissia_的博客
06-23 918
fabric1.4.4手动部署网络创建通道时报错no Raft leader
Fabric1.4.x_Error
qq_22016915的博客
08-22 2910
1.ERROR: for cli b'cannot stop container: 81ea509ef7934b2059d47c0c8ffd5c17e229356a8465c28ff0cf42fd7afa06e3: Cannot kill container 81ea509ef7934b2059d47c0c8ffd5c17e229356a8465c28ff0cf42fd7afa06e3: unknown error after kill: runc did not terminate sucessfully
java remoteexception,Android RemoteExceptions和服务
weixin_39885383的博客
03-20 610
这些异常确实会被抛出,您应该编写适当的try / catch逻辑来处理在服务上调用的远程方法未完成的情况。如果使用在执行请求中间的另一个进程中运行的服务,活动将会看到此异常。通过对Marko Gargenta’s AIDLDemo example进行以下细微修改,我能够证明这一点。首先,通过更新AndroidManifest.xml,确保服务在自己的进程中运行:package="com.marak...
学习Hyperledger Fabric 实战联盟链全套视频
09-09
学习Hyperledger Fabric 实战联盟链全套视频,附资料。
HyperLedger Fabric开发实战——快速掌握区块链技术-配套资源.zip
06-26
Hyperledger Fabric开发实战——快速掌握区块链技术》是一本深入探讨企业级区块链解决方案Hyperledger Fabric的书籍,其配套资源提供了丰富的实践材料,帮助读者更好地理解和应用这一技术。Hyperledger Fabric是...
Hyperledger Fabric 链码开发实战1
08-04
Hyperledger Fabric 链码开发实战 Hyperledger Fabric 是一个开源的分布式账本技术,旨在提供一个灵活、可扩展、安全的平台,以便开发者构建区块链应用程序。链码是 Fabric 中的一种业务逻辑实现,用于处理具体的...
fabric-sample配置常见错误解析
tianlongtc的博客
06-29 9151
1、运行docker-compose -f docker-compose-simple.yaml up 出现下面错误 ERROR: An HTTP request took too long to complete. Retry with --verbose to obtain debug information. 解决:https://github.com/docker/compose...
fabric sdk java调用测试及问题解决
馒 的技术空间
12-17 1761
1、编译生成fabircsdkjava的jar包 2、编写调用sdk的jar包 3、运行时报错处理: org.hyperledger.fabric.sdk.exception.TransactionException: Channel foo, send transactions failed on orderer OrdererClient Could not connect to Endpoint: peer0.org1.example.com:7051
创建应用通道失败:Orderer Client Status Code: (2) CONNECTION_FAILED. Description: ........
weixin_53408575的博客
02-17 2641
创建应用通道失败: create channel failed: create channel failed: SendEnvelope failed: calling orderer 'localhost:7050' failed: Orderer Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [localhost:7050]: connection is in TRANSIENT_
2.0.0搭建自己的fabric网络
qq_45368275的博客
10-22 1096
前提是byfn可以运行 之前配置了好多次了,这次记录一下 1.第一步 使用cryptogen为fabric网络产生组织结构和证书 相关的文件是crypt-config.yaml ../bin/cryptogen generate --config=./crypto-config.yaml 终端显示 org1.example.com org2.example.com 2.我们接下来要告诉configtxgen工具去找这个configtx.yaml文件,让他在当前的工作目录寻找: export FABRIC
TLS报错 :Error: rpc error: code = Unavailable desc = transport is closing
热门推荐
boss2967的博客
06-06 2万+
如果要开启tls,只需要将orderer、peer、cli、ca的tls属性设置为true,并配置证书、密钥等文件地址即可。也就是下面这几个属性: CORE_PEER_TLS_ENABLED=true CORE_PEER_TLS_CERT_FILE=xxx/tls/server.crt CORE_PEER_TLS_KEY_FILE=xxx/tls/server.key CORE_PEER_TLS...
学习Hyperledger Fabric2.X遇到的错误(更新中)
好一个区块链
03-21 1万+
1. 将节点加入通道时,配置环境变量出现错误,如以下代码: CORE_PEER_ADDRESS=peer0.org2.example.com:7051 可能出现的错误代码 Error: error getting endorser client for channel: endorser client failed to connect to peer0.org2.example.com:7051: failed to create new connection: connection error: de
docker 1.13.1报 rpc error: code = 14 desc = grpc: the connection is unavailable 解决办法
纵横四海的博客
12-11 8603
现象 [root@slave-140 ~]# docker exec -it fe289c21a69d sh rpc error: code = 14 desc = grpc: the connection is unavailable 日志信息 ... Dec 11 17:03:22 slave-140 dockerd[16589]: time="2018-12-11T17:03:22.46...
docker遇到问题五:swarm 添加worker机报错,信息如“Error response from daemon: rpc error: code = Unavailable desc = ”
测试极客
06-13 6767
参照 官方文档 part4的示例,添加worker机报错,整个过程如下: 创建两台VM cappuccinooos-MacBook-Pro:part3 cappuccinooo$ docker-machine create --driver virtualbox myvm1 Running pre-create checks... Creating machine... (myvm1) C...
elasticsearch 集群无法启动出现如下提示 failed to send join request to master
第一天
11-10 1万+
[node-2] failed to send join request to master [{node-1}{WbcP0pC_T32jWpYvu5is1A}{2_LCVHx1QEaBZYZ7XQEkMg}{10.10.11.200}{10.10.11.200:9300}], reason [RemoteTransportException[[node-1][10.10.11.200:9300]...
hyperledger fabric2.2
最新发布
03-16
Hyperledger Fabric 2.2是一个开源的分布式账本平台,它提供了一个可扩展的、高度灵活的架构,可以满足企业级应用的需求。它支持智能合约的编写和执行,同时提供了丰富的安全性和隐私保护功能,可以满足不同行业的...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 12
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值