在任意目录下新建network文件夹
一、编写crypto-config.yaml文件
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: QQ
Domain: qq.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
SANS:
- "*"
- "192.168.208.129"
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Taobao
Domain: taobao.com
EnableNodeOUs: false
# ---------------------------------------------------------------------------
# "CA"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of the CA for this
# organization. This entry is a Spec. See "Specs" section below for details.
# ---------------------------------------------------------------------------
# CA:
# Hostname: ca # implicitly ca.org1.example.com
# Country: US
# Province: California
# Locality: San Francisco
# OrganizationalUnit: Hyperledger Fabric
# StreetAddress: address for org # default nil
# PostalCode: postalCode for org # default nil
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# - SANS: (Optional) Specifies one or more Subject Alternative Names
# to be set in the resulting x509. Accepts template
# variables {{.Hostname}}, {{.Domain}}, {{.CommonName}}. IP
# addresses provided here will be properly recognized. Other
# values will be taken as DNS names.
# NOTE: Two implicit entries are created for you:
# - {{ .CommonName }}
# - {{ .Hostname }}
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# SANS:
# - "bar.{{.Domain}}"
# - "altfoo.{{.Domain}}"
# - "{{.Hostname}}.org6.net"
# - 172.16.10.31
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# SANS:
# - "{{.Hostname}}.alt.{{.Domain}}"
SANS:
- "*"
- "192.168.208.129"
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: JD
Domain: jd.com
EnableNodeOUs: false
Template:
Count: 2
SANS:
- "*"
- "192.168.208.129"
Users:
Count: 1
Name和Domain就是关于这个组织的名字和域名,这主要是用于生成证书的时候,证书内会包含该信息。而Template Count=2是说我们要生成2套公私钥和证书,一套是peer0.jd的,还有一套是peer1.jd的。最后Users. Count=1是说每个Template下面会有几个普通User(注意,Admin是Admin,不包含在这个计数中),这里配置了1,也就是说我们只需要一个普通用户User1@JD.com 我们可以根据实际需要调整这个配置文件,增删Org Users等。
二进制文件cryptogen等已上传到https://github.com/MoonShinesSeas/fabric-electricity-java
编写完成后使用cryptogen生成文件
#./bin/cryptogen generate --config=./crypto-config.yaml --output ./crypto-config
查看生成文件的目录
tree crypto-config
控制台显示
├─ordererOrganizations
│ └─qq.com
│ ├─ca
│ │ └─msp
│ │ ├─cacerts
│ │ ├─keystore
│ │ ├─signcerts
│ │ └─user
│ ├─msp
│ │ ├─admincerts
│ │ ├─cacerts
│ │ ├─keystore
│ │ ├─signcerts
│ │ ├─tlscacerts
│ │ └─user
│ ├─orderers
│ │ └─orderer.qq.com
│ │ ├─msp
│ │ │ ├─admincerts
│ │ │ ├─cacerts
│ │ │ ├─keystore
│ │ │ ├─signcerts
│ │ │ └─tlscacerts
│ │ └─tls
│ ├─tlsca
│ └─users
│ └─Admin@qq.com
│ ├─msp
│ │ ├─admincerts
│ │ ├─cacerts
│ │ ├─keystore
│ │ ├─signcerts
│ │ └─tlscacerts
│ └─tls
└─peerOrganizations
├─jd.com
│ ├─ca
│ │ └─msp
│ │ ├─cacerts
│ │ ├─keystore
│ │ ├─signcerts
│ │ └─user
│ ├─msp
│ │ ├─admincerts
│ │ ├─cacerts
│ │ ├─keystore
│ │ ├─signcerts
│ │ ├─tlscacerts
│ │ └─user
│ ├─peers
│ │ ├─peer0.jd.com
│ │ │ ├─msp
│ │ │ │ ├─admincerts
│ │ │ │ ├─cacerts
│ │ │ │ ├─keystore
│ │ │ │ ├─signcerts
│ │ │ │ └─tlscacerts
│ │ │ └─tls
│ │ └─peer1.jd.com
│ │ ├─msp
│ │ │ ├─admincerts
│ │ │ ├─cacerts
│ │ │ ├─keystore
│ │ │ ├─signcerts
│ │ │ └─tlscacerts
│ │ └─tls
│ ├─tlsca
│ └─users
│ ├─Admin@jd.com
│ │ ├─msp
│ │ │ ├─admincerts
│ │ │ ├─cacerts
│ │ │ ├─keystore
│ │ │ ├─signcerts
│ │ │ └─tlscacerts
│ │ └─tls
│ └─User1@jd.com
│ ├─msp
│ │ ├─admincerts
│ │ ├─cacerts
│ │ ├─keystore
│ │ ├─signcerts
│ │ └─tlscacerts
│ └─tls
└─taobao.com
├─ca
│ ├─appUser
│ │ ├─cacerts
│ │ ├─keystore
│ │ ├─signcerts
│ │ └─user
│ └─msp
│ ├─cacerts
│ ├─keystore
│ ├─signcerts
│ └─user
├─msp
│ ├─admincerts
│ ├─cacerts
│ ├─keystore
│ ├─signcerts
│ ├─tlscacerts
│ └─user
├─peers
│ ├─peer0.taobao.com
│ │ ├─msp
│ │ │ ├─admincerts
│ │ │ ├─cacerts
│ │ │ ├─keystore
│ │ │ ├─signcerts
│ │ │ └─tlscacerts
│ │ └─tls
│ └─peer1.taobao.com
│ ├─msp
│ │ ├─admincerts
│ │ ├─cacerts
│ │ ├─keystore
│ │ ├─signcerts
│ │ └─tlscacerts
│ └─tls
├─tlsca
└─users
├─Admin@taobao.com
│ ├─msp
│ │ ├─admincerts
│ │ ├─cacerts
│ │ ├─keystore
│ │ ├─signcerts
│ │ └─tlscacerts
│ └─tls
└─User1@taobao.com
├─msp
│ ├─admincerts
│ ├─cacerts
│ ├─keystore
│ ├─signcerts
│ └─tlscacerts
└─tls
二、编写configtx.yaml文件
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# ORGANIZATIONS
#
# This section defines the organizational identities that can be referenced
# in the configuration profiles.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions.
- &QQ
# Name is the key by which this org will be referenced in channel
# configuration transactions.
# Name can include alphanumeric characters as well as dots and dashes.
Name: QQ
# SkipAsForeign can be set to true for org definitions which are to be
# inherited from the orderer system channel during channel creation. This
# is especially useful when an admin of a single org without access to the
# MSP directories of the other orgs wishes to create a channel. Note
# this property must always be set to false for orgs included in block
# creation.
SkipAsForeign: false
# ID is the key by which this org's MSP definition will be referenced.
# ID can include alphanumeric characters as well as dots and dashes.
ID: QQMSP
# MSPDir is the filesystem path which contains the MSP configuration.
MSPDir: crypto-config/ordererOrganizations/qq.com/msp #?????????????crypto-config??)
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('QQMSP.member')"
# If your MSP is configured with the new NodeOUs, you might
# want to use a more specific rule like the following:
# Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')"
Writers:
Type: Signature
Rule: "OR('QQMSP.member')"
# If your MSP is configured with the new NodeOUs, you might
# want to use a more specific rule like the following:
# Rule: "OR('SampleOrg.admin', 'SampleOrg.client')"
Admins:
Type: Signature
Rule: "OR('QQMSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('QQMSP.member')"
# OrdererEndpoints is a list of all orderers this org runs which clients
# and peers may to connect to push transactions and receive blocks respectively.
OrdererEndpoints:
- "orderer.qq.com:7050"
# - "orderer1.example.com:8050"
# - "orderer2.example.com:9050"
# AnchorPeers defines the location of peers which can be used for
# cross-org gossip communication.
#
# NOTE: this value should only be set when using the deprecated
# `configtxgen --outputAnchorPeersUpdate` command. It is recommended
# to instead use the channel configuration update process to set the
# anchor peers for each organization.
#AnchorPeers:
# - Host: 127.0.0.1
# Port: 7051
- &Taobao
Name: Taobao
ID: TaobaoMSP
MSPDir: ./crypto-config/peerOrganizations/taobao.com/msp
Policies:
Readers:
Type: Signature
#Rule: "OR('TaobaoMSP.admin', 'TaobaoMSP.peer', 'TaobaoMSP.client')"
Rule: "OR('TaobaoMSP.member')"
Writers:
Type: Signature
#Rule: "OR('TaobaoMSP.admin', 'TaobaoMSP.client')"
Rule: "OR('TaobaoMSP.member')"
Admins:
Type: Signature
#Rule: "OR('TaobaoMSP.admin')"
Rule: "OR('TaobaoMSP.admin')"
Endorsement:
Type: Signature
#Rule: "OR('TaobaoMSP.peer')"
Rule: "OR('TaobaoMSP.member')"
AnchorPeers:
- Host: peer0.taobao.com
Port: 7051
- &JD
Name: JD
ID: JDMSP
MSPDir: ./crypto-config/peerOrganizations/jd.com/msp
Policies:
Readers:
Type: Signature
#Rule: "OR('JDMSP.admin', 'JDMSP.peer', 'JDMSP.client')"
Rule: "OR('JDMSP.member')"
Writers:
Type: Signature
#Rule: "OR('JDMSP.admin', 'JDMSP.client')"
Rule: "OR('JDMSP.member')"
Admins:
Type: Signature
#Rule: "OR('JDMSP.admin')"
Rule: "OR('JDMSP.admin')"
Endorsement:
Type: Signature
#Rule: "OR('JDMSP.peer')"
Rule: "OR('JDMSP.member')"
AnchorPeers:
- Host: peer0.jd.com
Port: 9051
################################################################################
#
# CAPABILITIES
#
# This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V2.0 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v2.0.0
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.1 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.1.x
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V2.0 for Application enables the new non-backwards compatible
# features and fixes of fabric v2.0.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
V2_0: true
################################################################################
#
# APPLICATION
#
# This section defines the values to encode into a config transaction or
# genesis block for application-related parameters.
#
################################################################################
Application: &ApplicationDefaults
ACLs: &ACLsDefault
# This section provides defaults for policies for various resources
# in the system. These "resources" could be functions on system chaincodes
# (e.g., "GetBlockByNumber" on the "qscc" system chaincode) or other resources
# (e.g.,who can receive Block events). This section does NOT specify the resource's
# definition or API, but just the ACL policy for it.
#
# Users can override these defaults with their own policy mapping by defining the
# mapping under ACLs in their channel definition
#---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--#
# ACL policy for _lifecycle's "CheckCommitReadiness" function
_lifecycle/CheckCommitReadiness: /Channel/Application/Writers
# ACL policy for _lifecycle's "CommitChaincodeDefinition" function
_lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers
# ACL policy for _lifecycle's "QueryChaincodeDefinition" function
_lifecycle/QueryChaincodeDefinition: /Channel/Application/Writers
# ACL policy for _lifecycle's "QueryChaincodeDefinitions" function
_lifecycle/QueryChaincodeDefinitions: /Channel/Application/Writers
#---Lifecycle System Chaincode (lscc) function to policy mapping for access control---#
# ACL policy for lscc's "getid" function
lscc/ChaincodeExists: /Channel/Application/Readers
# ACL policy for lscc's "getdepspec" function
lscc/GetDeploymentSpec: /Channel/Application/Readers
# ACL policy for lscc's "getccdata" function
lscc/GetChaincodeData: /Channel/Application/Readers
# ACL Policy for lscc's "getchaincodes" function
lscc/GetInstantiatedChaincodes: /Channel/Application/Readers
#---Query System Chaincode (qscc) function to policy mapping for access control---#
# ACL policy for qscc's "GetChainInfo" function
qscc/GetChainInfo: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByNumber" function
qscc/GetBlockByNumber: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByHash" function
qscc/GetBlockByHash: /Channel/Application/Readers
# ACL policy for qscc's "GetTransactionByID" function
qscc/GetTransactionByID: /Channel/Application/Readers
# ACL policy for qscc's "GetBlockByTxID" function
qscc/GetBlockByTxID: /Channel/Application/Readers
#---Configuration System Chaincode (cscc) function to policy mapping for access control---#
# ACL policy for cscc's "GetConfigBlock" function
cscc/GetConfigBlock: /Channel/Application/Readers
# ACL policy for cscc's "GetChannelConfig" function
cscc/GetChannelConfig: /Channel/Application/Readers
#---Miscellaneous peer function to policy mapping for access control---#
# ACL policy for invoking chaincodes on peer
peer/Propose: /Channel/Application/Writers
# ACL policy for chaincode to chaincode invocation
peer/ChaincodeToChaincode: /Channel/Application/Writers
#---Events resource to policy mapping for access control###---#
# ACL policy for sending block events
event/Block: /Channel/Application/Readers
# ACL policy for sending filtered block events
event/FilteredBlock: /Channel/Application/Readers
# Organizations lists the orgs participating on the application side of the
# network.
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies: &ApplicationDefaultPolicies
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the application level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# ORDERER
#
# This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters.
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start.
# Available types are "solo", "kafka" and "etcdraft".
OrdererType: solo
# Addresses used to be the list of orderer addresses that clients and peers
# could connect to. However, this does not allow clients to associate orderer
# addresses and orderer organizations which can be useful for things such
# as TLS validation. The preferred way to specify orderer addresses is now
# to include the OrdererEndpoints item in your org definition
Addresses:
- orderer.qq.com:7050
# - orderer1.example.com:8050
# - orderer2.example.com:9050
# Batch Timeout: The amount of time to wait before creating a batch.
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block.
# The orderer views messages opaquely, but typically, messages may
# be considered to be Fabric transactions. The 'batch' is the group
# of messages in the 'data' field of the block. Blocks will be a few kb
# larger than the batch size, when signatures, hashes, and other metadata
# is applied.
BatchSize:
# Max Message Count: The maximum number of messages to permit in a
# batch. No block will contain more than this number of messages.
MaxMessageCount: 500
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch. The maximum block size is this value
# plus the size of the associated metadata (usually a few KB depending
# upon the size of the signing identities). Any transaction larger than
# this value will be rejected by ordering.
# It is recommended not to exceed 49 MB, given the default grpc max message size of 100 MB
# configured on orderer and peer nodes (and allowing for message expansion during communication).
AbsoluteMaxBytes: 10 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed
# for the serialized messages in a batch. Roughly, this field may be considered
# the best effort maximum size of a batch. A batch will fill with messages
# until this size is reached (or the max message count, or batch timeout is
# exceeded). If adding a new message to the batch would cause the batch to
# exceed the preferred max bytes, then the current batch is closed and written
# to a block, and a new batch containing the new message is created. If a
# message larger than the preferred max bytes is received, then its batch
# will contain only that message. Because messages may be larger than
# preferred max bytes (up to AbsoluteMaxBytes), some batches may exceed
# the preferred max bytes, but will always contain exactly one transaction.
PreferredMaxBytes: 2 MB
# Max Channels is the maximum number of channels to allow on the ordering
# network. When set to 0, this implies no maximum number of channels.
# MaxChannels: 0
# Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects. Edit
# this list to identify the brokers of the ordering service.
# NOTE: Use IP:port notation.
# Brokers:
# - kafka0:9092
# - kafka1:9092
# - kafka2:9092
# EtcdRaft defines configuration which must be set when the "etcdraft"
# orderertype is chosen.
# EtcdRaft:
# The set of Raft replicas for this network. For the etcd/raft-based
# implementation, we expect every replica to also be an OSN. Therefore,
# a subset of the host:port items enumerated in this list should be
# replicated under the Orderer.Addresses key above.
# Consenters:
# - Host: orderer0.example.com
# Port: 7050
# ClientTLSCert: /usr/project/fabric-docker-multiple/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
# ServerTLSCert: /usr/project/fabric-docker-multiple/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
# - Host: orderer1.example.com
# Port: 8050
# ClientTLSCert: /usr/project/fabric-docker-multiple/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
# ServerTLSCert: /usr/project/fabric-docker-multiple/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
# - Host: orderer2.example.com
# Port: 9050
# ClientTLSCert: /usr/project/fabric-docker-multiple/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
# ServerTLSCert: /usr/project/fabric-docker-multiple/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
# Options to be specified for all the etcd/raft nodes. The values here
# are the defaults for all new channels and can be modified on a
# per-channel basis via configuration updates.
# Options:
# TickInterval is the time interval between two Node.Tick invocations.
# TickInterval: 500ms
# ElectionTick is the number of Node.Tick invocations that must pass
# between elections. That is, if a follower does not receive any
# message from the leader of current term before ElectionTick has
# elapsed, it will become candidate and start an election.
# ElectionTick must be greater than HeartbeatTick.
# ElectionTick: 10
# HeartbeatTick is the number of Node.Tick invocations that must
# pass between heartbeats. That is, a leader sends heartbeat
# messages to maintain its leadership every HeartbeatTick ticks.
# HeartbeatTick: 1
# MaxInflightBlocks limits the max number of in-flight append messages
# during optimistic replication phase.
# MaxInflightBlocks: 5
# SnapshotIntervalSize defines number of bytes per which a snapshot is taken
# SnapshotIntervalSize: 16 MB
# Organizations lists the orgs participating on the orderer side of the
# network.
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
# Capabilities describes the orderer level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *OrdererCapabilities
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# PROFILES
#
# Different configuration profiles may be encoded here to be specified as
# parameters to the configtxgen tool. The profiles which specify consortiums
# are to be used for generating the orderer genesis block. With the correct
# consortium members defined in the orderer genesis block, channel creation
# requests may be generated with only the org member names and a consortium
# name.
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *QQ
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Taobao
- *JD
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Taobao
- *JD
Capabilities:
<<: *ApplicationCapabilities
其中包含各种策略,背书规则等等,详细可以去这篇博客了解,大神讲的很好。
echo "生成系统通道初始区块"
./bin/configtxgen -profile TwoOrgsOrdererGenesis -channelID first-channel -outputBlock ./config/genesis.block
echo "生成通道文件"
./bin/configtxgen -profile TwoOrgsChannel -channelID appchannel -outputCreateChannelTx ./config/appchannel.tx
echo "生成锚节点配置更新文件"
./bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./config/TaobaoAnchor.tx -channelID appchannel -asOrg Taobao
./bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./config/JDAnchor.tx -channelID appchannel -asOrg JD
查看config目录下的文件
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 2024/2/11 20:58 1581 appchannel.tx
-a---- 2024/2/11 20:58 0 configtx.yaml
-a---- 2024/2/11 20:58 0 crypto-config.yaml
-a---- 2024/2/11 20:58 11688 genesis.block
-a---- 2024/2/11 20:58 292 JDAnchor.tx
-a---- 2024/2/11 20:58 305 TaobaoAnchor.tx
三、编写docker-compose.yaml文件
version: '2.0'
volumes:
orderer.qq.com:
networks:
fabric_network:
name: fabric_network
services:
# ??????
orderer.qq.com:
container_name: orderer.qq.com
image: hyperledger/fabric-orderer:2.4.1
extra_hosts:
- "orderer.qq.com:192.168.208.129"
- "peer0.taobao.com:192.168.208.129"
- "peer1.taobao.com:192.168.208.129"
- "peer0.jd.com:192.168.208.129"
- "peer1.jd.com:192.168.208.129"
environment:
- FABRIC_LOGGING_FORMAT=%{color}[%{id:03x} %{time:01-02 00:00:00.00 MST}] [%{module}] %{shortfunc} -> %{level:.4s}%{color:reset} %{message}
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_BOOTSTRAPFILE=/etc/hyperledger/config/genesis.block # ??????
- ORDERER_GENERAL_LOCALMSPID=QQMSP
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/orderer/msp # ????
- ORDERER_GENERAL_LEDGERTYPE=file
- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443
- ORDERER_METRICS_PROVIDER=prometheus
# default: false
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/orderer/tls/ca.crt]
- FABRIC_LOGGING_SPEC=DEBUG
# - GODEBUG=netdns=go
command: orderer start
ports:
- "7050:7050"
- "8443:8443"
volumes: # ???cryptogen?configtxgen?????????????
- ./config/genesis.block:/etc/hyperledger/config/genesis.block
- ./crypto-config/ordererOrganizations/qq.com/orderers/orderer.qq.com/:/etc/hyperledger/orderer
# - orderer.qq.com:/var/hyperledger/production/orderer
networks:
- fabric_network
# Taobao ?? peer0 ??
peer0.taobao.com:
extends:
file: docker-compose-base.yaml
service: peer-base
container_name: peer0.taobao.com
environment:
- CORE_PEER_ID=peer0.taobao.com
- CORE_PEER_LOCALMSPID=TaobaoMSP
- CORE_PEER_ADDRESS=peer0.taobao.com:7051
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443
- CORE_PEER_ADDRESSAUTODETECT=false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
#- CORE_PEER_CHAINCODEADDRESS=peer0.taobao.com:7053
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.taobao.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.taobao.com:7051
- CORE_PEER_GOSSIP_ORGLEADER=false # whether this node is the org leader, default to false
- CORE_METRICS_PROVIDER=prometheus # prometheus will pull metrics from fabric via /metrics RESTful API
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/tls/ca.crt
- FABRIC_LOGGING_SPEC=DEBUG # info:core.chaincode=debug
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB # 状态数据库的存储引擎(or CouchDB)
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer0.taobao.couchdb:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
ports:
- "7051:7051" # grpc????
- "7052:7052"
- "9443:9443"
- "7053:7053" # eventhub??
volumes:
- ./crypto-config/peerOrganizations/taobao.com/peers/peer0.taobao.com:/etc/hyperledger/peer
# - peer0.taobao.com:/var/hyperledger/production
depends_on:
- orderer.qq.com
- peer0.taobao.couchdb
# Taobao ?? peer1 ??
peer1.taobao.com:
extends:
file: docker-compose-base.yaml
service: peer-base
container_name: peer1.taobao.com
environment:
- CORE_PEER_ID=peer1.taobao.com
- CORE_PEER_LOCALMSPID=TaobaoMSP
- CORE_PEER_ADDRESS=peer1.taobao.com:8051
- CORE_PEER_ADDRESSAUTODETECT=false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9444
- CORE_PEER_GOSSIP_ORGLEADER=false # whether this node is the org leader, default to false
# - CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443 # operation RESTful API
- CORE_METRICS_PROVIDER=prometheus # prometheus will pull metrics from fabric via /metrics RESTful API
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/tls/ca.crt
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
#- CORE_PEER_CHAINCODEADDRESS=peer1.taobao.com:8053
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.taobao.com:8051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.taobao.com:8051
- FABRIC_LOGGING_SPEC=DEBUG # info:core.chaincode=debug
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB # 状态数据库的存储引擎(or CouchDB)
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer1.taobao.couchdb:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
ports:
- "8051:7051"
- "8052:7052"
- "8053:7053"
- "9444:9443"
volumes:
- ./crypto-config/peerOrganizations/taobao.com/peers/peer1.taobao.com:/etc/hyperledger/peer
# - peer1.taobao.com:/var/hyperledger/production
depends_on:
- orderer.qq.com
- peer1.taobao.couchdb
# JD ?? peer0 ??
peer0.jd.com:
extends:
file: docker-compose-base.yaml
service: peer-base
container_name: peer0.jd.com
environment:
- CORE_PEER_ID=peer0.jd.com
- CORE_PEER_LOCALMSPID=JDMSP
- CORE_PEER_ADDRESS=peer0.jd.com:9051
- CORE_PEER_ADDRESSAUTODETECT=false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false # whether this node is the org leader, default to false
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9445 # operation RESTful API
- CORE_METRICS_PROVIDER=prometheus # prometheus will pull metrics from fabric via /metrics RESTful API
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/tls/ca.crt
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
#- CORE_PEER_CHAINCODEADDRESS=peer0.jd.com:9053
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.jd.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.jd.com:9051
- FABRIC_LOGGING_SPEC=DEBUG # info:core.chaincode=debug
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB # 状态数据库的存储引擎(or CouchDB)
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer0.jd.couchdb:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
ports:
- "9051:7051"
- "9052:7052"
- "9053:7053"
- "9445:9443"
volumes:
- ./crypto-config/peerOrganizations/jd.com/peers/peer0.jd.com:/etc/hyperledger/peer
# - peer0.jd.com:/var/hyperledger/production
depends_on:
- orderer.qq.com
- peer0.jd.couchdb
# JD ?? peer1 ??
peer1.jd.com:
extends:
file: docker-compose-base.yaml
service: peer-base
container_name: peer1.jd.com
environment:
- CORE_PEER_ID=peer1.jd.com
- CORE_PEER_LOCALMSPID=JDMSP
- CORE_PEER_ADDRESS=peer1.jd.com:10051
- CORE_PEER_ADDRESSAUTODETECT=false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false # whether this node is the org leader, default to false
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9446 # operation RESTful API
- CORE_METRICS_PROVIDER=prometheus # prometheus will pull metrics from fabric via /metrics RESTful API
- CORE_PEER_PROFILE_ENABLED=false
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/tls/ca.crt
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
#- CORE_PEER_CHAINCODEADDRESS=peer1.jd.com:10053
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.jd.com:10051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.jd.com:10051
- FABRIC_LOGGING_SPEC=DEBUG # info:core.chaincode=debug
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB # 状态数据库的存储引擎(or CouchDB)
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer1.jd.couchdb:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
ports:
- "10051:7051"
- "10053:7053"
- "10052:7052"
- "9446:9443"
volumes:
- ./crypto-config/peerOrganizations/jd.com/peers/peer1.jd.com:/etc/hyperledger/peer
# - peer1.jd.com:/var/hyperledger/production
depends_on:
- orderer.qq.com
- peer1.jd.couchdb
ca-tls:
container_name: ca-tls
image: hyperledger/fabric-ca:1.4.7
environment:
- FABRIC_CA_SERVER_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=ca-tls
# - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server/ca.qq.com-cert.pem
# - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server/priv_sk
#- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_PORT=7054
- FABRIC_CA_SERVER_DB_TYPE=mysql
- FABRIC_CA_SERVER_DB_DATASOURCE=root:123456@tcp(192.168.208.129:3306)/fabric_ca_tls?parseTime=true
volumes:
- ./crypto-config/ordererOrganizations/qq.com:/etc/hyperledger/fabric-ca-server
# command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server/ca.qq.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server/priv_sk -d -b tls-ca-admin:tls-ca-adminpw --port 7054'
command: sh -c 'fabric-ca-server start -b tls-ca-admin:tls-ca-adminpw -d'
networks:
- fabric_network
ports:
- "7054:7054"
ca-taobao:
image: hyperledger/fabric-ca:1.4.7
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-taobao
#- FABRIC_CA_SERVER_TLS_ENABLED=true
#- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server/ca/ca.taobao.com-cert.pem
#- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server/ca/priv_sk
#- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server/ca/ca.taobao.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server/ca/priv_sk
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_PORT=8054
- FABRIC_CA_SERVER_DB_TYPE=mysql
- FABRIC_CA_SERVER_DB_DATASOURCE=root:123456@tcp(192.168.208.129:3306)/fabric_ca_tb?parseTime=true
ports:
- "8054:8054"
#command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server/ca/ca.taobao.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server/ca/priv_sk -b tb-ca-admin:tb-ca-adminpw -d --port 8054'
command: sh -c 'fabric-ca-server start -b tb-ca-admin:tb-ca-adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/taobao.com:/etc/hyperledger/fabric-ca-server
container_name: ca-taobao
networks:
- fabric_network
ca-jd:
image: hyperledger/fabric-ca:1.4.7
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-jd
#- FABRIC_CA_SERVER_TLS_ENABLED=true
#- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server/ca/ca.jd.com-cert.pem
#- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server/ca/priv_sk
#- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server/ca/ca.jd.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server/ca/priv_sk
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_PORT=9054
- FABRIC_CA_SERVER_DB_TYPE=mysql
- FABRIC_CA_SERVER_DB_DATASOURCE=root:123456@tcp(192.168.208.129:3306)/fabric_ca_jd?parseTime=true
ports:
- "9054:9054"
#command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server/ca/ca.jd.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server/ca/priv_sk -b jd-ca-admin:jd-ca-adminpw -d --port 9054'
command: sh -c 'fabric-ca-server start -b jd-ca-admin:jd-ca-adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/jd.com:/etc/hyperledger/fabric-ca-server
container_name: ca-jd
networks:
- fabric_network
peer0.taobao.couchdb:
container_name: peer0.taobao.couchdb
image: couchdb:3.1.1
# Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
# for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode.
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=adminpw
# Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service,
# for example map it to utilize Fauxton User Interface in dev environments.
ports:
- "5984:5984"
networks:
- fabric_network
peer1.taobao.couchdb:
container_name: peer1.taobao.couchdb
image: couchdb:3.1.1
# Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
# for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode.
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=adminpw
# Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service,
# for example map it to utilize Fauxton User Interface in dev environments.
ports:
- "6984:5984"
networks:
- fabric_network
peer0.jd.couchdb:
container_name: peer0.jd.couchdb
image: couchdb:3.1.1
# Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
# for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode.
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=adminpw
# Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service,
# for example map it to utilize Fauxton User Interface in dev environments.
ports:
- "7984:5984"
networks:
- fabric_network
peer1.jd.couchdb:
container_name: peer1.jd.couchdb
image: couchdb:3.1.1
# Populate the COUCHDB_USER and COUCHDB_PASSWORD to set an admin user and password
# for CouchDB. This will prevent CouchDB from operating in an "Admin Party" mode.
environment:
- COUCHDB_USER=admin
- COUCHDB_PASSWORD=adminpw
# Comment/Uncomment the port mapping if you want to hide/expose the CouchDB service,
# for example map it to utilize Fauxton User Interface in dev environments.
ports:
- "8984:5984"
networks:
- fabric_network
# ?????
cli:
container_name: cli
image: hyperledger/fabric-tools:2.4.1
tty: true
extra_hosts:
- "orderer.qq.com:192.168.208.129"
- "peer0.taobao.com:192.168.208.129"
- "peer1.taobao.com:192.168.208.129"
- "peer0.jd.com:192.168.208.129"
- "peer1.jd.com:192.168.208.129"
environment:
- CORE_PEER_ID=cli
- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_FORMAT=%{color}[%{id:03x} %{time:01-02 00:00:00.00 MST}] [%{module}] %{shortfunc} -> %{level:.4s}%{color:reset} %{message}
- GO111MODULE=auto
- GOPROXY=https://goproxy.cn,direct
- CORE_PEER_ADDRESS=peer0.taobao.com:7051
- CORE_PEER_LOCALMSPID=TaobaoMSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/taobao.com/peers/peer0.taobao.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/taobao.com/peers/peer0.taobao.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/taobao.com/peers/peer0.taobao.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/taobao.com/users/Admin@taobao.com/msp
- ORDERER_CA=/etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem
volumes:
- ./config:/etc/hyperledger/config/
- ./configtx.yaml:/etc/hyperledger/config/configtx.yaml
- ./crypto-config.yaml:/etc/hyperledger/config/crypto-config.yaml
- ./crypto-config/peerOrganizations/taobao.com/:/etc/hyperledger/peer/taobao.com
- ./crypto-config/peerOrganizations/jd.com/:/etc/hyperledger/peer/jd.com
- ./crypto-config/ordererOrganizations/qq.com/:/etc/hyperledger/orderer/qq.com
- ./../chaincode-go/:/go/src/chaincode # ??????
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
networks:
- fabric_network
depends_on:
- orderer.qq.com
- peer0.taobao.com
- peer1.taobao.com
- peer0.jd.com
- peer1.jd.com
docker-compose-base.yaml文件
version: '2.0'
services:
peer-base: # peer的公共服务
image: hyperledger/fabric-peer:2.4.1
extra_hosts:
- "orderer.qq.com:192.168.1.2"
- "peer0.taobao.com:192.168.208.129"
- "peer1.taobao.com:192.168.208.129"
- "peer0.jd.com:192.168.208.129"
- "peer1.jd.com:192.168.208.129"
environment:
- GODEBUG=netdns=go
- FABRIC_LOGGING_SPEC=INFO
- FABRIC_LOGGING_FORMAT="%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}"
- CORE_CHAINCODE_BUILDER=hyperledger/fabric-ccenv:2.4.1
- CORE_CHAINCODE_GOLANG_RUNTIME=hyperledger/fabric-baseos:2.4.1
- CORE_VM_ENDPOINT=unix:///var/run/docker.sock
- CORE_LOGGING_PEER=info
- CORE_CHAINCODE_LOGGING_LEVEL=INFO
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp # msp证书(节点证书)
#- CORE_LEDGER_STATE_STATEDATABASE=goleveldb # 状态数据库的存储引擎(or CouchDB)
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_network # docker 网络
volumes:
- /var/run/docker.sock:/var/run/docker.sock
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
networks:
- fabric_network
CA服务器,使用mysql作为ca的数据库,需要提前创建数据库(fabric_ca_qq、fabric_ca_tb、fabric_ca_jd),并且配置mysql数据库的tls连接。
其中的ip地址需要换成自己的。
configtx.yaml、crypto-config.yaml、docker-compose.yaml、docker-compose-base.yaml文件在同一级目录下,需要自己创建config、cypto-config文件夹。
四、命令启动
由于命令一个一个很多,容易出错,所以我写了一个自动化脚本进行部署。
./start-go.sh
docker-compose -f docker-compose-go.yaml down
echo "生成组织身份文件"
./bin/cryptogen generate --config=./crypto-config.yaml --output ./crypto-config
echo "生成系统通道初始区块"
./bin/configtxgen -profile TwoOrgsOrdererGenesis -channelID first-channel -outputBlock ./config/genesis.block
echo "生成通道文件"
./bin/configtxgen -profile TwoOrgsChannel -channelID appchannel -outputCreateChannelTx ./config/appchannel.tx
echo "生成锚节点配置更新文件"
./bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./config/TaobaoAnchor.tx -channelID appchannel -asOrg Taobao
#./bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./config/JDAnchor.tx -channelID appchannel -asOrg JD
echo "部署 orderer 节点"
docker-compose -f docker-compose-go.yaml up -d
echo "正在等待节点的启动完成,等待3秒"
sleep 3
#
TaobaoPeer0Cli="CORE_PEER_TLS_ENABLED=true CORE_PEER_LOCALMSPID=TaobaoMSP CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/taobao.com/peers/peer0.taobao.com/tls/ca.crt CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/taobao.com/users/Admin@taobao.com/msp CORE_PEER_ADDRESS=peer0.taobao.com:7051"
#
TaobaoPeer1Cli="CORE_PEER_TLS_ENABLED=true CORE_PEER_LOCALMSPID=TaobaoMSP CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/taobao.com/peers/peer1.taobao.com/tls/ca.crt CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/taobao.com/users/Admin@taobao.com/msp CORE_PEER_ADDRESS=peer1.taobao.com:8051"
#
JDPeer0Cli="CORE_PEER_TLS_ENABLED=true CORE_PEER_LOCALMSPID=JDMSP CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/jd.com/peers/peer0.jd.com/tls/ca.crt CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/jd.com/users/Admin@jd.com/msp CORE_PEER_ADDRESS=peer0.jd.com:9051"
JDPeer1Cli="CORE_PEER_TLS_ENABLED=true CORE_PEER_LOCALMSPID=JDMSP CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/jd.com/peers/peer1.jd.com/tls/ca.crt CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/jd.com/users/Admin@jd.com/msp CORE_PEER_ADDRESS=peer1.jd.com:10051"
echo "七、创建通道"
docker exec cli bash -c "$TaobaoPeer0Cli peer channel create -o orderer.qq.com:7050 -c appchannel -f /etc/hyperledger/config/appchannel.tx --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem"
echo "八、将所有节点加入通道"
docker exec cli bash -c "$TaobaoPeer0Cli peer channel join -b appchannel.block"
docker exec cli bash -c "$TaobaoPeer1Cli peer channel join -b appchannel.block"
docker exec cli bash -c "$JDPeer0Cli peer channel join -b appchannel.block"
docker exec cli bash -c "$JDPeer1Cli peer channel join -b appchannel.block"
echo "九、更新锚节点"
docker exec cli bash -c "$TaobaoPeer0Cli peer channel update -o orderer.qq.com:7050 -c appchannel -f /etc/hyperledger/config/TaobaoAnchor.tx --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem"
docker exec cli bash -c "$JDPeer0Cli peer channel update -o orderer.qq.com:7050 -c appchannel -f /etc/hyperledger/config/JDAnchor.tx --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem"
echo "Package chaincode"
docker exec cli bash -c "peer lifecycle chaincode package chaincode.tar.gz --path ./../../../../../../go/src/chaincode/ --lang golang --label chaincode-go_1"
# -n 链码名,可以自己随便设置
# -v 版本号
# -p 链码目录,在 /opt/gopath/src/ 目录下
echo "十、安装链码"
docker exec cli bash -c "$TaobaoPeer0Cli peer lifecycle chaincode install chaincode.tar.gz"
docker exec cli bash -c "$TaobaoPeer1Cli peer lifecycle chaincode install chaincode.tar.gz"
docker exec cli bash -c "$JDPeer0Cli peer lifecycle chaincode install chaincode.tar.gz"
docker exec cli bash -c "$JDPeer1Cli peer lifecycle chaincode install chaincode.tar.gz"
#
echo "在脚本中获取 Package ID"
export PACKAGE_LINE=$(docker exec cli bash -c "$TaobaoPeer0Cli peer lifecycle chaincode queryinstalled | grep \"Package ID:\"")
export PACKAGE_ID=$(echo "$PACKAGE_LINE" | awk '{print substr($3, 1, 82)}')
export CC_PACKAGE_ID=$(echo $PACKAGE_ID | sed 's/.$//')
echo "the output"
echo $CC_PACKAGE_ID
echo "十一、实例化链码"
docker exec cli bash -c "$TaobaoPeer0Cli peer lifecycle chaincode approveformyorg -o orderer.qq.com:7050 --ordererTLSHostnameOverride orderer.qq.com --channelID appchannel --init-required --name chaincode-go_1 --version 1.0.0 --package-id $CC_PACKAGE_ID --sequence 1 --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem"
docker exec cli bash -c "$JDPeer0Cli peer lifecycle chaincode approveformyorg -o orderer.qq.com:7050 --ordererTLSHostnameOverride orderer.qq.com --channelID appchannel --init-required --name chaincode-go_1 --version 1.0.0 --package-id $CC_PACKAGE_ID --sequence 1 --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem"
docker exec cli bash -c "peer lifecycle chaincode checkcommitreadiness --channelID appchannel --name chaincode-go_1 --version 1.0.0 --sequence 1 --init-required --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem --output json"
docker exec cli bash -c "peer lifecycle chaincode commit -o orderer.qq.com:7050 --ordererTLSHostnameOverride orderer.qq.com --channelID appchannel --init-required --name chaincode-go_1 --version 1.0.0 --sequence 1 --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem --peerAddresses peer0.taobao.com:7051 --tlsRootCertFiles /etc/hyperledger/peer/taobao.com/peers/peer0.taobao.com/tls/ca.crt --peerAddresses peer0.jd.com:9051 --tlsRootCertFiles /etc/hyperledger/peer/jd.com/peers/peer0.jd.com/tls/ca.crt"
docker exec cli bash -c "peer lifecycle chaincode querycommitted --channelID appchannel --name chaincode-go_1 --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem"
echo "正在等待链码实例化完成,等待5秒"
sleep 5
docker exec cli bash -c "peer chaincode invoke -o orderer.qq.com:7050 --ordererTLSHostnameOverride orderer.qq.com --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem -C appchannel -n chaincode-go_1 --peerAddresses peer0.taobao.com:7051 --tlsRootCertFiles /etc/hyperledger/peer/taobao.com/peers/peer0.taobao.com/tls/ca.crt --peerAddresses peer0.jd.com:9051 --tlsRootCertFiles /etc/hyperledger/peer/jd.com/peers/peer0.jd.com/tls/ca.crt --isInit -c '{\"Args\":[\"Init\",\"\"]}'"
sleep 5
# 进行链码交互,验证链码是否正确安装及区块链网络能否正常工作
echo "十二、验证链码"
docker exec cli bash -c "peer chaincode invoke -o orderer.qq.com:7050 --ordererTLSHostnameOverride orderer.qq.com --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem -C appchannel -n chaincode-go_1 --peerAddresses peer0.taobao.com:7051 --tlsRootCertFiles /etc/hyperledger/peer/taobao.com/peers/peer0.taobao.com/tls/ca.crt --peerAddresses peer0.jd.com:9051 --tlsRootCertFiles /etc/hyperledger/peer/jd.com/peers/peer0.jd.com/tls/ca.crt -c '{\"Args\":[\"hello\"]}'"
docker exec cli bash -c "peer chaincode invoke -o orderer.qq.com:7050 --ordererTLSHostnameOverride orderer.qq.com --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem -C appchannel -n chaincode-go_1 --peerAddresses peer0.taobao.com:7051 --tlsRootCertFiles /etc/hyperledger/peer/taobao.com/peers/peer0.taobao.com/tls/ca.crt --peerAddresses peer0.jd.com:9051 --tlsRootCertFiles /etc/hyperledger/peer/jd.com/peers/peer0.jd.com/tls/ca.crt -c '{\"Args\":[\"queryAccount\"]}'"
docker exec cli bash -c "peer chaincode invoke -o orderer.qq.com:7050 --ordererTLSHostnameOverride orderer.qq.com --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem -C appchannel -n chaincode-go_1 --peerAddresses peer0.taobao.com:7051 --tlsRootCertFiles /etc/hyperledger/peer/taobao.com/peers/peer0.taobao.com/tls/ca.crt --peerAddresses peer0.jd.com:9051 --tlsRootCertFiles /etc/hyperledger/peer/jd.com/peers/peer0.jd.com/tls/ca.crt -c '{\"Args\":[\"createElectricity\",\"6b86b273ff34\",\"zs\",\"199\",\"2024-2-4\"]}'"
sleep 3
docker exec cli bash -c "peer chaincode invoke -o orderer.qq.com:7050 --ordererTLSHostnameOverride orderer.qq.com --tls --cafile /etc/hyperledger/orderer/qq.com/orderers/orderer.qq.com/msp/tlscacerts/tlsca.qq.com-cert.pem -C appchannel -n chaincode-go_1 --peerAddresses peer0.taobao.com:7051 --tlsRootCertFiles /etc/hyperledger/peer/taobao.com/peers/peer0.taobao.com/tls/ca.crt --peerAddresses peer0.jd.com:9051 --tlsRootCertFiles /etc/hyperledger/peer/jd.com/peers/peer0.jd.com/tls/ca.crt -c '{\"Args\":[\"queryElectricity\"]}'"
运行成功截图
上述操作是已经将链码部署到网络中,链码文件我已经上传在https://github.com/MoonShinesSeas/fabric-electricity-java