八、新增orderer节点
在192.168.1.112的服务器上新增一个排序节点orderer1.example.com
在增加orderer节点时,必须保证系统通道内的大多数已加入orderer在正常工作,如果正常工作的不能达到大多数,则系统通道将彻底无法修改。
在这里遇到很多坑,尤其需要注意版本orderer(2.2版)的可执行文件必须是go1.14.6以上版本。
编辑各个主机的/etc/hosts
192.168.1.108 orderer.example.com
192.168.1.112 orderer1.example.com
192.168.1.112 peer0.org1.example.com
192.168.1.138 peer1.org1.example.com
192.168.1.111 peer0.org2.example.com
192.168.1.138 peer0.org3.example.com
1.获取orderer1.example.com的msp
mkdir ~/work/example/ca_order_server
cd ~/work/example/ca_order_server
1.初始化
fabric-ca-server init -b admin:adminpw --port 7055
2.修改fabric-ca-server-config.yaml
ca:
# Name of this CA
name: OrdererOrg
# Key file (is only used to import a private key into BCCSP)
keyfile: ../organizations/ordererOrganizations/example.com/ca/priv_sk
# Certificate file (default: ca-cert.pem)
certfile: ../organizations/ordererOrganizations/example.com/ca/ca.example.com-cert.pem
# Chain file
chainfile:
因9443端口在peer中占用,所以暂时将本配置文件中operations部分注释掉
3.启动server
fabric-ca-server start -b admin:adminpw --port 7055
4.client登陆
mkdir ~/work/example/ca_order_client
cd ~/work/example/ca_order_client
export FABRIC_CA_CLIENT_HOME=$PWD
fabric-ca-client enroll -u http://admin:adminpw@localhost:7055
fabric-ca-client register -d --id.name orderer1.example.com --id.secret orderPW --id.type orderer -u http://0.0.0.0:7055
5.登陆orderer1.example.com获取msp
cd ~/work/example/organizations/ordererOrganizations/example.com/orderers
mkdir orderer1.example.com
cd orderer1.example.com
export FABRIC_CA_CLIENT_HOME=$PWD
fabric-ca-client enroll -u http://orderer1.example.com:orderPW@0.0.0.0:7055 -M $FABRIC_CA_CLIENT_HOME/msp
6.声明管理员用户
mkdir msp/admincerts
cp ../../users/Admin@example.com/msp/signcerts/Admin@example.com-cert.pem msp/admincerts/
2.获取orderer1.example.com的tls
1.启动TLS server
mkdir ~/work/example/tlsca_order_server
cd ~/work/example/tlsca_order_server
fabric-ca-server init -b tlsadmin:tlsadminpw
2.修改配置文件
ca:
# Name of this CA
name: tlsca-OrdererOrg
# Key file (is only used to import a private key into BCCSP)
keyfile: ../organizations/ordererOrganizations/example.com/tlsca/priv_sk
# Certificate file (default: ca-cert.pem)
certfile: ../organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
# Chain file
chainfile:
因9443端口在peer中占用,所以暂时将本配置文件中operations部分注释掉
3.开启server
fabric-ca-server start -b tlsadmin:tlsadminpw --port 7056
4.使用client注册账号
mkdir ~/work/example/tlsca_order_client
cd ~/work/example/tlsca_order_client
export FABRIC_CA_CLIENT_HOME=$PWD
fabric-ca-client enroll -u http://tlsadmin:tlsadminpw@localhost:7056
fabric-ca-client register -d --id.name orderer1.example.com --id.secret orderPW --id.type orderer -u http://0.0.0.0:7056
5.登录orderer1.example.com获取tls
cd ~/work/example/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com
export FABRIC_CA_CLIENT_HOME=$PWD
#注意下方--csr.hosts必须加,否则在将peer加入通道时会报错
fabric-ca-client enroll -u http://orderer1.example.com:orderPW@0.0.0.0:7056 -M $FABRIC_CA_CLIENT_HOME/tls --csr.hosts orderer1.example.com
mv tls/keystore/* tls/keystore/server.key
3.编辑系统区块
首先从peer0.org1.example.com拉取系统配置区块(在core.yaml所在目录执行)
cd ~/work/example/peer
mkdir -p conf-orderer1/sys
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/ #order组织的管理员
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls/ca.crt
export CORE_PEER_LOCALMSPID="OrdererMSP" #order组织mspid
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CH_NAME=system-channel
peer channel fetch config conf-orderer1/sys/config_block.pb -o orderer.example.com:7050 -c $CH_NAME --tls --cafile $ORDERER_TLSCA
cd conf-orderer1/sys/
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
cp config.json modified_config.json
在modified_config.json中修改内容
位置一
找到如下位置
{
"client_tls_cert": "ORDER TLS SERVER CERT",
"host": "orderer.example.com",
"port": 7050,
"server_tls_cert": "ORDER TLS SERVER CERT"
}
其中client_tls_cert和server_tls_cert的内容是以下。
cat ~/work/example/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt |base64
对于Fabric CA server产生的tls msp路径如下:
方式一:
cat ~/work/example/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/cert.pem |base64 > cert.txt
进入python终端获取去掉回车的证书
''.join(file('cert.txt','r').read().split('\n'))
方式二:
进入python终端
f = '/home/dev2/work/example/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/cert.pem'
import base64
base64.b64encode(file(f, 'r').read())
在此位置修改成如下代码(在base64转义后去掉证书中的回车)
{
"client_tls_cert": "ORDER TLS SERVER CERT",
"host": "orderer.example.com",
"port": 7050,
"server_tls_cert": "ORDER TLS SERVER CERT"
},
{
"client_tls_cert": "ORDER1 TLS SERVER CERT",
"host": "orderer1.example.com",
"port": 7050,
"server_tls_cert": "ORDER1 TLS SERVER CERT"
}
位置二
修改如下内容
"Endpoints": {
"mod_policy": "Admins",
"value": {
"addresses": [
"orderer.example.com:7050",
"orderer1.example.com:7050"
]
},
注意如果是以下内容,则后续无法成功添加orderer,请检查orderer版本和go版本
"OrdererAddresses": {
"mod_policy": "/Channel/Orderer/Admins",
"value": {
"addresses": [
"orderer.example.com:7050"
]
}
4.提交修改的配置区块
configtxlator proto_encode --input config.json --type common.Config > config.pb
configtxlator proto_encode --input modified_config.json --type common.Config > modified_config.pb
configtxlator compute_update --channel_id $CH_NAME --original config.pb --updated modified_config.pb --output config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CH_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pb
cd ../../
#以OrdererMSP组织管理员的身份签名
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/ #order组织的管理员
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls/ca.crt
export CORE_PEER_LOCALMSPID="OrdererMSP" #order组织mspid
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel signconfigtx -f ./conf-orderer1/sys/config_update_in_envelope.pb
#提交(不需要其它管理员签名,属于OrdererOrg组织内部增加节点),
peer channel update -f ./conf-orderer1/sys/config_update_in_envelope.pb -c $CH_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA
5.启动orderer1.example.com
#获取最新的系统通道配置区块,仍在peer0服务器上
cd ~/work/example/peer
mkdir system-genesis-block
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/ #order组织的管理员
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls/ca.crt
export CORE_PEER_LOCALMSPID="OrdererMSP" #order组织mspid
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CH_NAME=system-channel
peer channel fetch config system-genesis-block/genesis.block -o orderer.example.com:7050 -c $CH_NAME --tls --cafile $ORDERER_TLSCA
到orderer1的服务器上,
cd ~/work/example/order
现将系统配置的最新区块复制过来
scp -r user@ip:~/work/example/peer/system-genesis-block .
对照原节点的orderer.yaml做如下修改
16 General.ListenAddress: orderer1.example.com
19 General.ListenPort: 7050
25 General.TLS.PrivateKey: ../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/keystore/server.key
27 General.TLS.Certificate: ../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/cert.pem
29 General.TLS.RootCAs: ../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/cacerts/0-0-0-0-7056.pem
52 Cluster.ClientCertificate: ../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/cert.pem
54 Cluster.ClientPrivateKey:
../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/keystore/server.key
89 LocalMSPDir: ../organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/msp
运行orderer1
orderer start
6.将orderer1加入应用通道channel1
当前orderer1仅仅加入了系统通道,并没有加入应用通用channel1,下面将orderer1加入channel1
仍然在peer0的服务器上
cd ~/work/example/peer
mkdir -p conf-orderer1/channel1
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/ #order组织的管理员
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls/ca.crt
export CORE_PEER_LOCALMSPID="OrdererMSP" #order组织mspid
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CH_NAME=channel1
#获取最新的应用通道配置区块
peer channel fetch config conf-orderer1/channel1/config_block.pb -o orderer.example.com:7050 -c $CH_NAME --tls --cafile $ORDERER_TLSCA
cd conf-orderer1/channel1
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
cp config.json modified_config.json
然后按照步骤5的内容修改modified_config.json的两处内容之后
configtxlator proto_encode --input config.json --type common.Config > config.pb
configtxlator proto_encode --input modified_config.json --type common.Config > modified_config.pb
configtxlator compute_update --channel_id $CH_NAME --original config.pb --updated modified_config.pb --output config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CH_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pb
cd ../../
#以OrdererMSP组织管理员的身份签名
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/ #order组织的管理员
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/ordererOrganizations/example.com/users/Admin@example.com/tls/ca.crt
export CORE_PEER_LOCALMSPID="OrdererMSP" #order组织mspid
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel signconfigtx -f ./conf-orderer1/channel1/config_update_in_envelope.pb
#提交(此时不需要其它管理员签名,属于排序组织OrdererOrg内部增加节点),
peer channel update -f ./conf-orderer1/channel1/config_update_in_envelope.pb -c $CH_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA
提交之后一段时间内会在orderer的log中看到报错,忽略即可。
orderer端
[orderer.consensus.etcdraft] logSendFailure -> ERRO 122 Failed to send StepRequest to 2, because: aborted channel=channel1 node=1
peer如果此时调用链码会看到错误
got unexpected status: SERVICE_UNAVAILABLE -- no Raft leader
等待5分钟,错误消失,即可使用orderer1来接收链码调用
九、删除orderer节点
和新增步骤类似,只是从modified_config.json中两处修改该位置中,找到对应orderer信息删除即可。
删除应用通道orderer节点和删除系统通道orderer节点两步要分开执行。
提交时,作者的环境是两个orderer同属一个排序组织。只需要一个orderer对事物变更进行签名,再提交即可。
十、docker模式启动节点
1.在一个新的example文件夹中
cd ~/work/example
mkdir order orderer-production organizations peer0-org1-production chaincode
生成秘钥素材参照Hyperledger Fabric 2.2实战记录(一)的步骤1.1
2.编写docker-compose.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
volumes:
orderer.example.com:
peer0.org1.example.com:
peer0.org2.example.com:
networks:
test:
services:
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer:$IMAGE_TAG
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
# - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
# - ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./order/system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ./organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ./organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls:/var/hyperledger/orderer/tls
- ./orderer-production:/var/hyperledger/production/orderer
ports:
- 7050:7050
networks:
- test
extra_hosts: #虚拟机host地址
- "orderer.example.com:192.168.1.149"
- "peer0.org1.example.com:192.168.1.149"
- "peer0.org2.example.com:192.168.1.147"
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer:$IMAGE_TAG
environment:
#Generic peer variables
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_test
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variabes
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- /var/run/:/host/var/run/
- ./organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ./organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
- ./peer0-org1-production:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 7051:7051
networks:
- test
extra_hosts: #虚拟机host地址
- "orderer.example.com:192.168.1.149"
- "peer0.org1.example.com:192.168.1.149"
- "peer0.org2.example.com:192.168.1.147"
peer0.org2.example.com:
container_name: peer0.org2.example.com
image: hyperledger/fabric-peer:$IMAGE_TAG
environment:
#Generic peer variables
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_test
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
# Peer specific variabes
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- /var/run/:/host/var/run/
- ./organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ./organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
- ./peer0-org2-production:/var/hyperledger/production
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
ports:
- 9051:9051
networks:
- test
extra_hosts: #虚拟机host地址
- "orderer.example.com:192.168.1.149"
- "peer0.org1.example.com:192.168.1.149"
- "peer0.org2.example.com:192.168.1.147"
cli-org1:
container_name: cli-org1
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
# - GOPATH=/opt/gopathdocker-compose.yaml
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_test
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/users/Admin@org1.example.com/msp
- ORDERER_TLSCA=/var/hyperledger/orderer/tlscacerts/tlsca.example.com-cert.pem
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1
command: sh
volumes:
# - /tmp/hyperledger/org1/peer1:/tmp/hyperledger/org1/peer1
# - /tmp/hyperledger/org1/peer1/assets/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode
# - /tmp/hyperledger/org1/admin:/tmp/hyperledger/org1/admin
- /var/run/:/host/var/run/
- ./organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ./organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
- ./organizations/peerOrganizations/org1.example.com/users:/etc/hyperledger/fabric/users
- ./organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts:/var/hyperledger/orderer/tlscacerts
- ./order/channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/org1/channel-artifacts
- ./chaincode:/opt/gopath/src/github.com/hyperledger/fabric/org1/chaincode
- ./organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt:/etc/hyperledger/fabric/org2-peer0-tls/ca.crt #org2的peer0节点身份证书
networks:
- test
extra_hosts: #虚拟机host地址
- "orderer.example.com:192.168.1.149"
- "peer0.org1.example.com:192.168.1.149"
- "peer0.org2.example.com:192.168.1.147"
cli-org2:
container_name: cli-org2
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
# - GOPATH=/opt/gopathdocker-compose.yaml
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_test
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:9051
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/users/Admin@org2.example.com/msp
- ORDERER_TLSCA=/var/hyperledger/orderer/tlscacerts/tlsca.example.com-cert.pem
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2
command: sh
volumes:
# - /tmp/hyperledger/org1/peer1:/tmp/hyperledger/org1/peer1
# - /tmp/hyperledger/org1/peer1/assets/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode
# - /tmp/hyperledger/org1/admin:/tmp/hyperledger/org1/admin
- /var/run/:/host/var/run/
- ./organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ./organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
- ./organizations/peerOrganizations/org2.example.com/users:/etc/hyperledger/fabric/users
- ./organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts:/var/hyperledger/orderer/tlscacerts
- ./order/channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/org2/channel-artifacts
- ./chaincode:/opt/gopath/src/github.com/hyperledger/fabric/org2/chaincode
- ./organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt:/etc/hyperledger/fabric/org1-peer0-tls/ca.crt #org1的peer0节点身份证书
networks:
- test
extra_hosts: #虚拟机host地址
- "orderer.example.com:192.168.1.149"
- "peer0.org1.example.com:192.168.1.149"
- "peer0.org2.example.com:192.168.1.147"
3.创建创始节点和应用通道创建事务
参照Hyperledger Fabric 2.2实战记录(一)的步骤1.3
参照Hyperledger Fabric 2.2实战记录(一)的步骤1.4
4.启动order节点
cd ~/work/example
export IMAGE_TAG=2.2.0
export COMPOSE_PROJECT_NAME=test1
docker-compose up orderer.example.com
5.启动org1的peer节点
cd ~/work/example
export IMAGE_TAG=2.2.0
export COMPOSE_PROJECT_NAME=test1
docker-compose up peer0.org1.example.com
6.启动org1的cli工具
cd ~/work/example
export IMAGE_TAG=2.2.0
export COMPOSE_PROJECT_NAME=test1
docker-compose up cli-org1
6.进入cli工具
cd ~/work/example
docker exec -it cli-org1 sh
7.在cli容器中创建应用通道并将peer加入到通道中
注意:因docker容器中本身变量已经包含所需的一切环境变量,因此只需执行
peer channel create -o orderer.example.com:7050 -c channel1 -f ./channel-artifacts/channel1.tx --outputBlock ./channel-artifacts/channel1.block --tls --cafile $ORDERER_TLSCA
peer channel join -b ./channel-artifacts/channel1.block
8.启动org2的peer
a.将org2的加密素材复制到org2的peer0所在主机
b.将docker-compose.yaml复制到org2的peer0所在主机
9.启动org2的peer0
cd ~/work/example
mkdir peer0-org2-production
export IMAGE_TAG=2.2.0
export COMPOSE_PROJECT_NAME=test1
docker-compose up peer0.org2.example.com
10.启动org2的cli
export IMAGE_TAG=2.2.0
export COMPOSE_PROJECT_NAME=test1
docker-compose up cli-org2
11.将org2的peer加入通道
cd ~/work/example
docker exec -it cli-org2 sh
peer channel fetch 0 ./channel-artifacts/channel_org2.block -o orderer.example.com:7050 -c channel1 --tls --cafile $ORDERER_TLSCA
peer channel join -b ./channel-artifacts/channel_org2.block
12.安装链码
参照参照Hyperledger Fabric 2.2实战记录(一)的步骤2
org1的peer0提交链码,下面/etc/hyperledger/fabric/org2-peer0-tls/ca.crt为org2的peer0证书
peer lifecycle chaincode commit -o orderer.example.com:7050 --channelID channel1 --init-required --name sacc --version 1.0 --sequence 1 --tls --cafile $ORDERER_TLSCA --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /etc/hyperledger/fabric/org2-peer0-tls/ca.crt
13.调用链码
org2的peer0初始化调用链码
peer chaincode invoke -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /etc/hyperledger/fabric/org1-peer0-tls/ca.crt --isInit -c '{"Args":["a","bb"]}'
org1的peer0调用链码
peer chaincode invoke -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /etc/hyperledger/fabric/org2-peer0-tls/ca.crt -c '{"Args":["set","a","cc"]}'