fabric-ca使用(docker实现)
1、启动CA服务
创建目录并且编写文件
mkdir -p /opt/docker/fabric-ca-server
gedit docker-compose.yml
#文件名必须是 docker-compose.yml
########################文本内容###########################
fabric-ca-server:
image: hyperledger/fabric-ca:1.5.1 #注意这里要更改为你要使用的镜像tag
container_name: fabric-ca-server
ports:
- "7054:7054"
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
volumes:
- "./fabric-ca-server:/etc/hyperledger/fabric-ca-server"
command: sh -c 'fabric-ca-server start -b admin:adminpw'
#-b admin:adminpw
#admin 是我们指定的用户,我们现在给admin生成证书
#adminpw 是admin的密码
启动服务
docker-compose up -d
docker ps 查看运行情况
然后关闭刚才运行的服务,并且删除
docker stop 容器ID
docker rm容器ID
修改当前目录下 fabric-ca-server/fabric-ca-server-config.yaml文件
gedit fabric-ca-server/fabric-ca-server-config.yaml
affiliations:
R1:
- admin
- dev
- user
R2:
- admin
- dev
- user
R3:
- admin
- dev
- user
R4:
- admin
- dev
- user
删除当前目录下的fabric-ca-server.db
rm fabric-ca-server/fabric-ca-server.db
重启
docker-compose up -d
2、Fabric CA Server
.
├── docker-compose.yml
└── fabric-ca-server
├── ca-cert.pem
├── fabric-ca-server-config.yaml
├── fabric-ca-server.db
├── IssuerPublicKey
├── IssuerRevocationPublicKey
└── msp
└── keystore
├── 365543fff66f5062d3d053e6323e3faa4a9ad8a4fe6ab86df551060c92694351_sk
├── IssuerRevocationPrivateKey
└── IssuerSecretKey
msp :包含keystore,CA服务器的私钥
ca-cert.pem :CA服务器生成的admin证书
fabric-ca-server.db :CA默认使用的嵌入型数据库 SQLite,存储发放证书信息,可以通过sqllite3或其他可视化工具查看详细信息。
fabric-ca-server-config.yaml :CA服务端的配置文件
3、采用fabric-ca-client来生成证书
mkdir /opt/docker/fabric-ca-client
export FABRIC_CA_CLIENT_HOME=/opt/docker/fabric-ca-client
通过fabric-ca-client程序链接CA服务器并enroll(登录)admin管理员
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
#admin是用户名
#adminpw是admin的密码
#localhost:7054 fabric-ca-server端口,这是刚刚在docker-compose.yml指定的
可以发现/mnt/ca_client目录下生成了一个fabric-ca-client-config.yaml配置文件,以及msp目录,包含管理员的证书和私钥。有了已经成功enroll(登录)的admin用户,接下来将admin作为管理员来register(登记)一个新用户:R4-admin
通过fabric-ca-client register(登记)R4管理员的证书
fabric-ca-client register --id.name r4-admin --id.secret r4-adminpw --id.type admin --id.affiliation r4.admin
4、登录并获取r4-admin的证书到本地
fabric-ca-client enroll -u http://r4-admin:r4-adminpw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/r4-admin
#r4-admin:r4-adminpw 对应的用户名和密码
#-M 指定的是r4-admin证书保存的位置
5、查看已颁发所有证书
apt-get install sqlite3 libsqlite3-dev
sqlite3 /opt/docker/fabric-ca-server/fabric-ca-server/fabric-ca-server.db
sqlite> .tables
sqlite> select * from certificates;
fabric整个docker配置
零、整体架构
下面介绍下本文所采用的整体架构
三个组织
- Org0 —> 组织0
- Org1 —> 组织1
- Org2 —> 组织2
组织中的成员
- Org0: 一个orderer节点,一个Org0的Admin节点
- Org1: 两个Peer节点,一个Org1的Admin节点,一个Org1的User节点
- Org2: 两个Peer节点,一个Org2的Admin节点,一个Org2的User节点
四台CA服务器
- TLS服务器:为网络中所有节点颁发TLS证书,用于通信的加密
- Org1的CA服务器:为组织1中所有用户颁发证书
- Org2的Ca服务器:为组织2中所有用户颁发证书
- Org0的CA服务器:为组织0中所有用户颁发证书
这里的四台CA服务器都是根服务器。彼此之间都是独立的存在,没有任何关系。,也就是说每一个CA服务器生成的证书在其他CA服务器都是不能用的。
介绍完之后,可以进入正题了。
一、CA服务器的配置
1、启动TLS CA服务器
mkdir -p /root/hyperledger/docker-compose/fabric-ca-tls && cd /root/hyperledger/docker-compose/fabric-ca-tls
gedit docker-compose.yaml
version: '2'
networks:
fabric-ca:
services:
ca-tls:
container_name: ca-tls
image: hyperledger/fabric-ca
command: sh -c 'fabric-ca-server start -d -b tls-ca-admin:tls-ca-adminpw --port 7052'
environment:
- FABRIC_CA_SERVER_HOME=/root/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=ca-tls
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_PORT=7052
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /root/hyperledger/fabric-ca-tls:/root/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7052:7052
启动docker容器
docker-compose up -d
同时工作目录/root/hyperledger/fabric-ca/ 下面会出现crypto文件夹
ca-cert.pem文件。这是TLS CA服务器的签名根证书,目的是用来对CA的TLS证书进行验证,同时也需要持有这个证书才可以进行证书的颁发。
多环境下我们需要将它复制到每一台机器上。
1.1 TLS CA服务器注册用户
设置环境变量&登陆
#设置环境变量指定根证书的路径(如果工作目录不同的话记得指定自己的工作目录,以下不再重复说明)
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
#设置环境变量指定CA客户端的HOME文件夹
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/fabric-ca-tls/admin
#登录管理员用户用于之后的节点身份注册
fabric-ca-client enroll -d -u https://tls-ca-admin:tls-ca-adminpw@0.0.0.0:7052 --tls.certfiles /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
登陆成功后会在/root/hyperledger/fabric-ca-tls/目录下生车给你admin文件夹,这里面是 admin相关的证书文件,并且只有登陆了admin,才具有权限进行用户注册,因为该用户具有CA的全部权限,相当于CA服务的root用户。
fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052 --tls.certfiles /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
fabric-ca-client register -d --id.name peer2-org1 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7052 --tls.certfiles /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
fabric-ca-client register -d --id.name peer1-org2 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052 --tls.certfiles /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
fabric-ca-client register -d --id.name peer2-org2 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7052 --tls.certfiles /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052 --tls.certfiles /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
fabric-ca-client register -d --id.name admin-org1 --id.secret org1AdminPW --id.type admin -u https://0.0.0.0:7052 --tls.certfiles /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
fabric-ca-client register -d --id.name admin-org2 --id.secret org2AdminPW --id.type admin -u https://0.0.0.0:7052 --tls.certfiles /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
这里我们为各个节点注册TLS证书,之后Fabric网络的通信则需要通过这一步骤注册过的用户的TLS证书来进行TLS加密通信。
到这里我们只是注册了各个节点的身份,还没有获取到他们的证书。证书可以通过登录获取,不过暂时不着急获取他们的TLS证书。
接下来,我们对其他几个CA服务器进行配置。
1.2 配置Org0的CA服务
再强调一下,本文中的几个CA服务器都是根服务器,彼此之间没有任何关系,所以上一步骤的TLS CA服务器在这一部分并没有用到。
同样,本文使用Docker容器启动CA服务器。
mkdir -p /root/hyperledger/org0/ca
mkdir -p /root/hyperledger/docker-compose/org0/ca && cd /root/hyperledger/docker-compose/org0/ca
gedit docker-compose.yaml
version: '2'
networks:
fabric-ca:
services:
org0:
container_name: org0
image: hyperledger/fabric-ca:latest
command: sh -c 'fabric-ca-server start -d -b org0-admin:org0-adminpw --port 7053'
environment:
- FABRIC_CA_SERVER_HOME=/root/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=org0
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_PORT=7053
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /root/hyperledger/org0/ca:/root/hyperledger/fabric-ca ##重要!!!记得修改这里的路径为自己的工作目录
networks:
- fabric-ca
ports:
- 7053:7053
启动容器
docker-compose up -d
注册org0的用户
设置环境变量&登陆
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org0/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org0/ca/admin
fabric-ca-client enroll -d -u https://org0-admin:org0-adminpw@0.0.0.0:7053 --tls.certfiles /root/hyperledger/org0/ca/crypto/ca-cert.pem
在本组织中共有两个用户:orderer节点和admin用户(这里的admin和管理员是不同的。
将他们注册到org0的CA服务器。
fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererpw --id.type orderer -u https://0.0.0.0:7053 --tls.certfiles /root/hyperledger/org0/ca/crypto/ca-cert.pem
fabric-ca-client register -d --id.name admin-org0 --id.secret org0adminpw --id.type admin --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" -u https://0.0.0.0:7053 --tls.certfiles /root/hyperledger/org0/ca/crypto/ca-cert.pem
命令执行完之后,将会注册一个Orderer节点的身份和一个Admin的身份。同时在工作目录下的org0子文件夹中会有两个文件夹:crypto和admin。crypto中是CA服务器的配置信息,admin是服务器管理员的身份信息。
1.3 配置Org1的CA服务
mkdir -p /root/hyperledger/org1/ca
mkdir -p /root/hyperledger/docker-compose/org1/ca && cd /root/hyperledger/docker-compose/org1/ca
gedit docker-compose.yaml
version: '2'
networks:
fabric-ca:
services:
org1:
container_name: org1
image: hyperledger/fabric-ca:latest
command: sh -c 'fabric-ca-server start -d -b org1-admin:org1-adminpw --port 7054'
environment:
- FABRIC_CA_SERVER_HOME=/root/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=org1
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_PORT=7054
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /root/hyperledger/org1/ca:/root/hyperledger/fabric-ca ##重要!!!记得修改这里的路径为自己的工作目录
networks:
- fabric-ca
ports:
- 7054:7054
启动容器
docker-compose up -d
注册org1的用户
设置环境变量&登陆
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org1/ca/admin
fabric-ca-client enroll -d -u https://org1-admin:org1-adminpw@0.0.0.0:7054 --tls.certfiles /root/hyperledger/org1/ca/crypto/ca-cert.pem
组织一种共有四个用户:peer1,peer2,admin,user,分别注册他们
fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7054 --tls.certfiles /root/hyperledger/org1/ca/crypto/ca-cert.pem
fabric-ca-client register -d --id.name peer2-org1 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7054 --tls.certfiles /root/hyperledger/org1/ca/crypto/ca-cert.pem
fabric-ca-client register -d --id.name admin-org1 --id.secret org1AdminPW --id.type admin -u https://0.0.0.0:7054 --tls.certfiles /root/hyperledger/org1/ca/crypto/ca-cert.pem
fabric-ca-client register -d --id.name user-org1 --id.secret org1UserPW --id.type client -u https://0.0.0.0:7054 --tls.certfiles /root/hyperledger/org1/ca/crypto/ca-cert.pem
1.4 配置Org2的CA服务
mkdir -p /root/hyperledger/org2/ca
mkdir -p /root/hyperledger/docker-compose/org2/ca && cd /root/hyperledger/docker-compose/org2/ca
gedit docker-compose.yaml
并在文件内添加以下内容(tips:内容格式不要乱掉):
version: '2'
networks:
fabric-ca:
services:
org2:
container_name: org2
image: hyperledger/fabric-ca:latest
command: sh -c 'fabric-ca-server start -d -b org2-admin:org2-adminpw --port 7055'
environment:
- FABRIC_CA_SERVER_HOME=/root/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=org2
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_PORT=7055
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /root/hyperledger/org2/ca:/root/hyperledger/fabric-ca ##重要!!!记得修改这里的路径为自己的工作目录
networks:
- fabric-ca
ports:
- 7055:7055
启动容器
docker-compose up -d
注册org1的用户
设置环境变量&登陆
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org2/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org2/ca/admin
fabric-ca-client enroll -d -u https://org2-admin:org2-adminpw@0.0.0.0:7055 --tls.certfiles /root/hyperledger/org2/ca/crypto/ca-cert.pem
组织一种共有四个用户:peer1,peer2,admin,user,分别注册他们
fabric-ca-client register -d --id.name peer1-org2 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7055 --tls.certfiles /root/hyperledger/org2/ca/crypto/ca-cert.pem
fabric-ca-client register -d --id.name peer2-org2 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7055 --tls.certfiles /root/hyperledger/org2/ca/crypto/ca-cert.pem
fabric-ca-client register -d --id.name admin-org2 --id.secret org2AdminPW --id.type admin -u https://0.0.0.0:7055 --tls.certfiles /root/hyperledger/org2/ca/crypto/ca-cert.pem
fabric-ca-client register -d --id.name user-org2 --id.secret org2UserPW --id.type client -u https://0.0.0.0:7055 --tls.certfiles /root/hyperledger/org2/ca/crypto/ca-cert.pem
二、Org1节点配置
2.1 peer1
mkdir -p /root/hyperledger/org1/peer1/assets/ca/
cp /root/hyperledger/org1/ca/crypto/ca-cert.pem /root/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
首先是本组织的MSP证书:
配置环境变量
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org1/peer1
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
登陆peer1节点到org1 CA 服务器上
fabric-ca-client enroll -d -u https://peer1-org1:peer1PW@0.0.0.0:7054 --tls.certfiles /root/hyperledger/org1/ca/crypto/ca-cert.pem
这一步完成后在/root/hyperledger/org1/peer1下出现一个msp文件夹,这是peer1节点的msp证书。
接下来是TLS证书
mkdir -p /root/hyperledger/org1/peer1/assets/tls-ca
cp /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem /root/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem
配置环境变量
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem
登录peer1节点的TLS CA服务器上
fabric-ca-client enroll -d -u https://peer1-org1:peer1PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer1-org1 --tls.certfiles /root/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem
这一步完成后,在/root/hyperledger/org1/peer1下会出现一个tls-msp文件夹,这是peer1节点的TLS证书。
修改秘钥文件名
为什么要修改呢,进入这个文件夹看一下就知道了,由服务器生成的秘钥文件名是一长串无规则的字符串,后期我们使用的时候难道要一个字符一个字符地输入?
mv /root/hyperledger/org1/peer1/tls-msp/keystore/*_sk /root/hyperledger/org1/peer1/tls-msp/keystore/key.pem
2.2 peer2
mkdir -p /root/hyperledger/org1/peer2/assets/ca/
cp /root/hyperledger/org1/ca/crypto/ca-cert.pem /root/hyperledger/org1/peer2/assets/ca/org1-ca-cert.pem
首先是本组织的MSP证书:
配置环境变量
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org1/peer2
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org1/peer2/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
登陆peer1节点到org1 CA 服务器上
fabric-ca-client enroll -d -u https://peer2-org1:peer2PW@0.0.0.0:7054 --tls.certfiles /root/hyperledger/org1/ca/crypto/ca-cert.pem
这一步完成后在/root/hyperledger/org1/peer2下出现一个msp文件夹,这是peer2节点的msp证书。
接下来是TLS证书
mkdir -p /root/hyperledger/org1/peer2/assets/tls-ca/
cp /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem /root/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pem
配置环境变量
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pem
登录peer2节点的TLS CA服务器上
fabric-ca-client enroll -d -u https://peer2-org1:peer2PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer2-org1 --tls.certfiles /root/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pem
这一步完成后,在/root/hyperledger/org1/peer2下会出现一个tls-msp文件夹,这是peer2节点的TLS证书。
修改秘钥文件名
为什么要修改呢,进入这个文件夹看一下就知道了,由服务器生成的秘钥文件名是一长串无规则的字符串,后期我们使用的时候难道要一个字符一个字符地输入?
mv /root/hyperledger/org1/peer2/tls-msp/keystore/*_sk /root/hyperledger/org1/peer2/tls-msp/keystore/key.pem
2.3 admin
首先是本组织的MSP证书:
配置环境变量
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org1/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
登录admin节点的org1 CA 服务器上
fabric-ca-client enroll -d -u https://admin-org1:org1AdminPW@0.0.0.0:7054 --tls.certfiles /root/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
接下来是TLS证书
配置环境变量
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem
登录admin节点的TLS CA服务器上
fabric-ca-client enroll -d -u https://admin-org1:org1AdminPW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts admin-org1 --tls.certfiles /root/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem
复制证书到admincerts文件夹:
去看Fabric官方的例子,每一个peer节点的MSP文件夹下都有admincerts这个子文件夹的,而且是需要我们手动创建的。
mkdir /root/hyperledger/org1/peer1/msp/admincerts
cp /root/hyperledger/org1/admin/msp/signcerts/cert.pem /root/hyperledger/org1/peer1/msp/admincerts/org1-admin-cert.pem
mkdir /root/hyperledger/org1/peer2/msp/admincerts
cp /root/hyperledger/org1/admin/msp/signcerts/cert.pem /root/hyperledger/org1/peer2/msp/admincerts/org1-admin-cert.pem
2.4启动peer节点
到这里,已经配置好了一个节点,所以我们就可以启动这个节点了,当然在之后和orderer节点一起启动也可以,不过忙活了这么多,还是应该提前看到一下所做的工作的成果的!
附上peer1节点的容器配置信息:
peer1节点配置启动
mkdir -p /root/hyperledger/docker-compose/org1/peer1 && cd /root/hyperledger/docker-compose/org1/peer1
gedit docker-compose.yaml
并在文件内添加以下内容(tips:内容格式不要乱掉):
version: '2'
networks:
fabric-ca:
services:
peer1-org1:
container_name: peer1-org1
image: hyperledger/fabric-peer:2.3.2
environment:
- CORE_PEER_ID=peer1-org1
- CORE_PEER_ADDRESS=peer1-org1:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer1-org1:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1-org1:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1-org1:7051
- CORE_PEER_LOCALMSPID=org1MSP
- CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/peer1/msp
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_fabric-ca
- FABRIC_LOGGING_SPEC=debug
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/root/hyperledger/org1/peer1/tls-msp/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/root/hyperledger/org1/peer1/tls-msp/keystore/key.pem
- CORE_PEER_TLS_ROOTCERT_FILE=/root/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1/peer1
volumes:
- /var/run:/host/var/run
- /root/hyperledger/org1/peer1:/root/hyperledger/org1/peer1
networks:
- fabric-ca
启动容器
docker-compose up -d
如果没有报错的话,说明之前配置的没有什么问题,如果出错的话,则需要返回去检查一下了
peer2 节点配置启动
mkdir -p /root/hyperledger/docker-compose/org1/peer2 && cd /root/hyperledger/docker-compose/org1/peer2
gedit docker-compose.yaml
并在文件内添加以下内容(tips:内容格式不要乱掉):
version: '2'
networks:
fabric-ca:
services:
peer2-org1:
container_name: peer2-org1
image: hyperledger/fabric-peer:2.3.2
environment:
- CORE_PEER_ID=peer2-org1
- CORE_PEER_ADDRESS=peer2-org1:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer2-org1:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1-org1:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2-org1:7051
- CORE_PEER_LOCALMSPID=org1MSP
- CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/peer2/msp
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_fabric-ca
- FABRIC_LOGGING_SPEC=debug
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/root/hyperledger/org1/peer2/tls-msp/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/root/hyperledger/org1/peer2/tls-msp/keystore/key.pem
- CORE_PEER_TLS_ROOTCERT_FILE=/root/hyperledger/org1/peer2/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1/peer2
volumes:
- /var/run:/host/var/run
- /root/hyperledger/org1/peer2:/root/hyperledger/org1/peer2
networks:
- fabric-ca
启动容器
docker-compose up -d
三、Org2节点配置
和组织一配置一样,这里就不做过多的解释了,直接上命令
3.1 peer1
mkdir -p /root/hyperledger/org2/peer1/assets/ca
cp /root/hyperledger/org2/ca/crypto/ca-cert.pem /root/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
配置环境变量
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org2/peer1
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
登陆peer1节点到org2 CA服务器上
fabric-ca-client enroll -d -u https://peer1-org2:peer1PW@0.0.0.0:7055 --tls.certfiles /root/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
接下来是TLS
mkdir /root/hyperledger/org2/peer1/assets/tls-ca
cp /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem /root/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem
配置环境变量
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem
登录peer1节点到 TLS CA服务器上
fabric-ca-client enroll -d -u https://peer1-org2:peer1PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer1-org2 --tls.certfiles /root/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem
修改密钥文件
mv /root/hyperledger/org2/peer1/tls-msp/keystore/*_sk /root/hyperledger/org2/peer1/tls-msp/keystore/key.pem
3.2 peer2
mkdir -p /root/hyperledger/org2/peer2/assets/ca
cp /root/hyperledger/org2/ca/crypto/ca-cert.pem /root/hyperledger/org2/peer2/assets/ca/org2-ca-cert.pem
配置环境变量
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org2/peer2
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org2/peer2/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
登陆peer2节点到org2 CA服务器上
fabric-ca-client enroll -d -u https://peer2-org2:peer2PW@0.0.0.0:7055 --tls.certfiles /root/hyperledger/org2/peer2/assets/ca/org2-ca-cert.pem
接下来是TLS
mkdir /root/hyperledger/org2/peer2/assets/tls-ca
cp /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem /root/hyperledger/org2/peer2/assets/tls-ca/tls-ca-cert.pem
配置环境变量
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org2/peer2/assets/tls-ca/tls-ca-cert.pem
登录peer2节点到 TLS CA服务器上
fabric-ca-client enroll -d -u https://peer2-org2:peer2PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer2-org2 --tls.certfiles /root/hyperledger/org2/peer2/assets/tls-ca/tls-ca-cert.pem
修改密钥文件
mv /root/hyperledger/org2/peer2/tls-msp/keystore/*_sk /root/hyperledger/org2/peer2/tls-msp/keystore/key.pem
3.3 admin
配置环境变量
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org2/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
登陆admin节点到org2 CA服务器上
fabric-ca-client enroll -d -u https://admin-org2:org2AdminPW@0.0.0.0:7055 --tls.certfiles /root/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
接下来是TLS
配置环境变量
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem
登录admin节点到 TLS CA服务器上
fabric-ca-client enroll -d -u https://admin-org2:org2AdminPW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts admin-org2 --tls.certfiles /root/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem
3.4 复制证书到admincerts文件夹:
mkdir /root/hyperledger/org2/peer1/msp/admincerts
cp /root/hyperledger/org2/admin/msp/signcerts/cert.pem /root/hyperledger/org2/peer1/msp/admincerts/org2-admin-cert.pem
mkdir /root/hyperledger/org2/peer2/msp/admincerts
cp /root/hyperledger/org2/admin/msp/signcerts/cert.pem /root/hyperledger/org2/peer2/msp/admincerts/org2-admin-cert.pem
3.5 启动peer节点
peer1节点配置
mkdir -p /root/hyperledger/docker-compose/org2/peer1 && cd /root/hyperledger/docker-compose/org2/peer1
gedit docker-compose.yaml
并在文件内添加以下内容(tips:内容格式不要乱掉):
version: '2'
networks:
fabric-ca:
services:
peer1-org2:
container_name: peer1-org2
image: hyperledger/fabric-peer:2.3.2
environment:
- CORE_PEER_ID=peer1-org2
- CORE_PEER_ADDRESS=peer1-org2:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer1-org2:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1-org2:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1-org2:7051
- CORE_PEER_LOCALMSPID=org2MSP
- CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org2/peer1/msp
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_fabric-ca
- FABRIC_LOGGING_SPEC=debug
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/root/hyperledger/org2/peer1/tls-msp/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/root/hyperledger/org2/peer1/tls-msp/keystore/key.pem
- CORE_PEER_TLS_ROOTCERT_FILE=/root/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2/peer1
volumes:
- /var/run:/host/var/run
- /root/hyperledger/org2/peer1:/root/hyperledger/org2/peer1
networks:
- fabric-ca
启动容器
docker-compose up -d
peer2节点配置
mkdir -p /root/hyperledger/docker-compose/org2/peer2 && cd /root/hyperledger/docker-compose/org2/peer2
gedit docker-compose.yaml
并在文件内添加以下内容(tips:内容格式不要乱掉):
version: '2'
networks:
fabric-ca:
services:
peer2-org2:
container_name: peer2-org2
image: hyperledger/fabric-peer:2.3.2
environment:
- CORE_PEER_ID=peer2-org2
- CORE_PEER_ADDRESS=peer2-org2:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer2-org2:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1-org2:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2-org2:7051
- CORE_PEER_LOCALMSPID=org2MSP
- CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org2/peer2/msp
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_fabric-ca
- FABRIC_LOGGING_SPEC=debug
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/root/hyperledger/org2/peer2/tls-msp/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/root/hyperledger/org2/peer2/tls-msp/keystore/key.pem
- CORE_PEER_TLS_ROOTCERT_FILE=/root/hyperledger/org2/peer2/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_PROFILE_ENABLED=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2/peer2
volumes:
- /var/run:/host/var/run
- /root/hyperledger/org2/peer2:/root/hyperledger/org2/peer2
networks:
- fabric-ca
启动容器
docker-compose up -d
四、 排序节点配置
接下来是排序节点的配置,为什么放在最后面呢,因为排序节点的启动需要提前生成创世区块,而创世区块的生成涉及到另一个配置文件,所以就先配置简单的peer节点
4.1 orderer
mkdir -p /root/hyperledger/org0/orderer/assets/ca/
cp /root/hyperledger/org0/ca/crypto/ca-cert.pem /root/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pem
配置环境变量
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org0/orderer
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
登录order节点到org0 CA服务器上
fabric-ca-client enroll -d -u https://orderer1-org0:ordererpw@0.0.0.0:7053 --tls.certfiles /root/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pem
接下来是TLS证书
mkdir /root/hyperledger/org0/orderer/assets/tls-ca/
cp /root/hyperledger/fabric-ca-tls/crypto/ca-cert.pem /root/hyperledger/org0/orderer/assets/tls-ca/tls-ca-cert.pem
配置环境变量
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org0/orderer/assets/tls-ca/tls-ca-cert.pem
登录order节点到TLS CA服务器上
fabric-ca-client enroll -d -u https://orderer1-org0:ordererPW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts orderer1-org0 --tls.certfiles /root/hyperledger/org0/orderer/assets/tls-ca/tls-ca-cert.pem
修改密钥
mv /root/hyperledger/org0/orderer/tls-msp/keystore/*_sk /root/hyperledger/org0/orderer/tls-msp/keystore/key.pem
4.2 admin
配置环境变量
export FABRIC_CA_CLIENT_HOME=/root/hyperledger/org0/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/root/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
登录admin 用户获取msp
fabric-ca-client enroll -d -u https://admin-org0:org0adminpw@0.0.0.0:7053 --tls.certfiles /root/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pem
复制证书到admincerts文件夹:
mkdir /root/hyperledger/org0/orderer/msp/admincerts
cp /root/hyperledger/org0/admin/msp/signcerts/cert.pem /root/hyperledger/org0/orderer/msp/admincerts/orderer-admin-cert.pem
4.3 添加config.yaml
证书都准备好了之后我们还需要在每个msp文件下添加一个config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
#修改对应的证书名称
Certificate: cacerts/0-0-0-0-7053.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/0-0-0-0-7053.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/0-0-0-0-7053.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/0-0-0-0-7053.pem
OrganizationalUnitIdentifier: orderer
需要org0,org1, org2 下所有msp目录下都添加。
org0
cd /root/hyperledger/org0
gedit config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
#修改对应的证书名称
Certificate: cacerts/0-0-0-0-7053.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/0-0-0-0-7053.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/0-0-0-0-7053.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/0-0-0-0-7053.pem
OrganizationalUnitIdentifier: orderer
复制文件到所有msp目录下
find ./ -name msp -type d -exec cp -r /root/hyperledger/org0/config.yaml {} \;
查找所有的config.yaml文件
find ./ -name config.yaml -type f
org1
cd /root/hyperledger/org1
gedit config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
#修改对应的证书名称
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: orderer
复制文件到所有msp目录下
find ./ -name msp -type d -exec cp -r /root/hyperledger/org1/config.yaml {} \;
查找所有的config.yaml文件
find ./ -name config.yaml -type f
org2
cd /root/hyperledger/org2
gedit config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
#修改对应的证书名称
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: orderer
复制文件到所有msp目录下
find ./ -name msp -type d -exec cp -r /root/hyperledger/org2/config.yaml {} \;
查找所有的config.yaml文件
find ./ -name config.yaml -type f
五、Fabric 网络
证书都生成好了,即将要启动网络了。不过在启动网络之前还是有很多准备工作需要做。
5.1 整理MSPDir文件
#---------------org0--------------------
mkdir -p /root/hyperledger/configtx && cd /root/hyperledger/configtx
mkdir org0
cp -r ../org0/admin/msp org0/
cd org0/msp
mkdir tlscacerts && cd tlscacerts
cp /root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem ./
#---------------org1--------------------
cd /root/hyperledger/configtx
mkdir org1
cp -r ../org1/admin/msp org1/
cd org1/msp
mkdir tlscacerts && cd tlscacerts
cp /root/hyperledger/org1/admin/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem ./
#---------------org2--------------------
cd /root/hyperledger/configtx
mkdir org2
cp -r ../org2/admin/msp org2/
cd org2/msp
mkdir tlscacerts && cd tlscacerts
cp /root/hyperledger/org2/admin/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem ./
5.2 configtx.yaml文件配置
在下一个步骤的生成创世区块和通道配置信息需要一个文件:configtx.yaml文件。
cd /root/hyperledger/configtx
gedit configtx.yaml
文件内容
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &org0
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: org0MSP
# ID to load the MSP definition as
ID: org0MSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: ../configtx/org0/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('org0MSP.member')"
Writers:
Type: Signature
Rule: "OR('org0MSP.member')"
Admins:
Type: Signature
Rule: "OR('org0MSP.admin')"
OrdererEndpoints:
- orderer1-org0:7050
- &org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: org1MSP
# ID to load the MSP definition as
ID: org1MSP
MSPDir: ../configtx/org1/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('org1MSP.admin', 'org1MSP.peer', 'org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('org1MSP.admin', 'org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('org1MSP.peer')"
# leave this flag set to true.
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer1-org1
Port: 7051
- &org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: org2MSP
# ID to load the MSP definition as
ID: org2MSP
MSPDir: ../configtx/org2/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('org2MSP.admin', 'org2MSP.peer', 'org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('org2MSP.admin', 'org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('org2MSP.peer')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer1-org2
Port: 7051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V2_0 capability ensures that orderers and peers behave according
# to v2.0 channel capabilities. Orderers and peers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 capability.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V2_0 orderer capability ensures that orderers behave according
# to v2.0 orderer capabilities. Orderers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 orderer capability.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on channel are at v2.0.0 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V2_0 application capability ensures that peers behave according
# to v2.0 application capabilities. Peers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 application capability.
# Prior to enabling V2.0 application capabilities, ensure that all
# peers on channel are at v2.0.0 or later.
V2_0: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer1-org0
Port: 7050
ClientTLSCert: /root/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem
ServerTLSCert: /root/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *org0
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *org1
- *org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
注:根据情况修改MSP的路径
5.3 生成创世区块和通道信息
cd /root/hyperledger/configtx
mkdir system-genesis-block
mkdir channel-artifacts
#生成创世区块文件TwoOrgsOrdererGenesis
export FABRIC_CFG_PATH=$(pwd)
configtxgen -profile TwoOrgsOrdererGenesis -channelID system-channel -outputBlock ./system-genesis-block/genesis.block
#生成通道
export CHANNEL_NAME=mychannel
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/${CHANNEL_NAME}.tx -channelID ${CHANNEL_NAME}
#锚节点更新配置
export orgmsp=org1MSP
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/${orgmsp}anchors.tx -channelID ${CHANNEL_NAME} -asOrg ${orgmsp}
#锚节点更新配置
export orgmsp=org2MSP
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/${orgmsp}anchors.tx -channelID ${CHANNEL_NAME} -asOrg ${orgmsp}
创世区块文件通&道信息生成后启动orderer节
mkdir -p /root/hyperledger/docker-compose/org0/orderer && cd /root/hyperledger/docker-compose/org0/orderer
gedit docker-compose.yaml
并在文件内添加以下内容(tips:内容格式不要乱掉):
version: '2'
networks:
fabric-ca:
services:
orderer1-org0:
container_name: orderer1-org0
image: hyperledger/fabric-orderer:2.3.2
environment:
- ORDERER_HOME=/root/hyperledger/orderer
- ORDERER_HOST=orderer1-org0
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/root/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=org0MSP
- ORDERER_GENERAL_LOCALMSPDIR=/root/hyperledger/org0/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/root/hyperledger/org0/orderer/tls-msp/keystore/key.pem
- ORDERER_GENERAL_TLS_CERTIFICATE=/root/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/root/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/root/hyperledger/org0/orderer/tls-msp/keystore/key.pem
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs
volumes:
- /root/hyperledger/org0/orderer:/root/hyperledger/org0/orderer/
- /root/hyperledger/configtx/system-genesis-block/genesis.block:/root/hyperledger/orderer/orderer.genesis.block
networks:
- fabric-ca
启动容器
docker-compose up -d
5.4 启动Org1的cli
cli容器内容,我们需要这个容器对组织1进行链码的交互
mkdir -p /root/hyperledger/docker-compose/org1/cli
cd /root/hyperledger/docker-compose/org1/cli
gedit docker-compose.yaml
并在文件内添加以下内容(tips:内容格式不要乱掉):
version: '2'
networks:
fabric-ca:
services:
cli-org1:
container_name: cli-org1
image: hyperledger/fabric-tools:2.3.2
tty: true
stdin_open: true
environment:
- SYS_CHANNEL=testchainid
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=cli-org1
- CORE_PEER_ADDRESS=peer1-org1:7051
- CORE_PEER_LOCALMSPID=org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_ROOTCERT_FILE=/root/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_TLS_CERT_FILE=/root/hyperledger/org1/peer1/tls-msp/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/root/hyperledger/org1/peer1/tls-msp/keystore/key.pem
- CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/peer1/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1
command: /bin/bash
volumes:
- /root/hyperledger/org1:/root/hyperledger/org1/
- /root/hyperledger/org2:/root/hyperledger/org2/
- /root/hyperledger/org1/peer1/assets/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode
- /root/hyperledger/org1/admin:/root/hyperledger/org1/admin
- /root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem:/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- /root/hyperledger/org1/peer1/tls-msp/tlscacerts:/root/hyperledger/org1/admin/msp/tlscacerts
- /root/hyperledger/configtx/channel-artifacts:/root/hyperledger/configtx/channel-artifacts
networks:
- fabric-ca
启动容器
docker-compose up -d
5.5 启动Org2的cli
cli容器内容,我们需要这个容器对组织1进行链码的交互
mkdir -p /root/hyperledger/docker-compose/org2/cli
cd /root/hyperledger/docker-compose/org2/cli
gedit docker-compose.yaml
并在文件内添加以下内容(tips:内容格式不要乱掉):
version: '2'
networks:
fabric-ca:
services:
cli-org2:
container_name: cli-org2
image: hyperledger/fabric-tools:2.3.2
tty: true
stdin_open: true
environment:
- SYS_CHANNEL=testchainid
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=cli-org2
- CORE_PEER_ADDRESS=peer1-org2:7051
- CORE_PEER_LOCALMSPID=org2MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_ROOTCERT_FILE=/root/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_TLS_CERT_FILE=/root/hyperledger/org2/peer1/tls-msp/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/root/hyperledger/org2/peer1/tls-msp/keystore/key.pem
- CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org2/peer1/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2
command: /bin/bash
volumes:
- /root/hyperledger/org1:/root/hyperledger/org1/
- /root/hyperledger/org2:/root/hyperledger/org2/
- /root/hyperledger/org2/peer1:/root/hyperledger/org2/peer1
- /root/hyperledger/org2/peer1/assets/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode
- /root/hyperledger/org2/admin:/root/hyperledger/org2/admin
- /root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem:/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- /root/hyperledger/org2/peer1/tls-msp/tlscacerts:/root/hyperledger/org2/peer1/msp/tlscacerts
- /root/hyperledger/configtx/channel-artifacts:/root/hyperledger/configtx/channel-artifacts
networks:
- fabric-ca
启动容器
docker-compose up -d
六、创建&加入通道
6.1 操作容器cli-org1
#进入容器cli-org1进行操作
docker exec -it cli-org1 bash
export CHANNEL_NAME=mychannel
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/admin/msp
cd /root/hyperledger/configtx
#不行的话就重启,然后运行/root/hyperledger/docker-compose/down.sh文件
#然后再启动start.sh文件
#创建通道
peer channel create -o orderer1-org0:7050 -c ${CHANNEL_NAME} --ordererTLSHostnameOverride orderer1-org0 -f ./channel-artifacts/${CHANNEL_NAME}.tx --outputBlock ./channel-artifacts/${CHANNEL_NAME}.block --tls true --cafile ${ORDERER_CA}
#peer1-org1加入通道
export CORE_PEER_ADDRESS=peer1-org1:7051
peer channel join -b ./channel-artifacts/mychannel.block
#peer2-org1加入通道
export CORE_PEER_ADDRESS=peer2-org1:7051
peer channel join -b ./channel-artifacts/mychannel.block
#更新锚点
export CORE_PEER_LOCALMSPID=org1MSP
peer channel update -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 -c $CHANNEL_NAME -f ./channel-artifacts/${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile $ORDERER_CA
#退出容器
exit
6.2 操作容器cli-org2
#进入容器cli-org2进行操作
docker exec -it cli-org2 bash
cd /root/hyperledger/configtx
#peer1-org2加入通道
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org2/admin/msp
export CORE_PEER_ADDRESS=peer1-org2:7051
peer channel join -b ./channel-artifacts/mychannel.block
#peer2-org2加入通道
export CORE_PEER_ADDRESS=peer2-org2:7051
peer channel join -b ./channel-artifacts/mychannel.block
#更新锚点
export CHANNEL_NAME=mychannel
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CORE_PEER_LOCALMSPID=org2MSP
peer channel update -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 -c $CHANNEL_NAME -f ./channel-artifacts/${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile $ORDERER_CA
#退出容器
exit
七、链码安装测试
#拷贝文件到目录下
docker cp /root/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/chaincode/fabcar/javascript cli-org1:/root
#进行打包安装
peer lifecycle chaincode package fabcar.tar.gz --path /root/javascript/ --lang node --label fabcar_1
#然后拷贝到root目录下
docker cp cli-org1:/root/fabcar.tar.gz /root
7.1 链码安装
cli-org1安装
#之后只用拷贝到文件里去就行了
docker cp /root/fabcar.tar.gz cli-org1:/root/hyperledger/org1/peer1/assets/chaincode
#进入cli-org1
docker exec -it cli-org1 bash
cd /root/hyperledger/org1/peer1/assets/chaincode
export CORE_PEER_ADDRESS=peer1-org1:7051
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/admin/msp
peer lifecycle chaincode install fabcar.tar.gz
exit
cli-org2 的安装基本相同,自行登录cli-org2容器中安装
#之后只用拷贝到文件里去就行了
docker cp /root/fabcar.tar.gz cli-org2:/root/hyperledger/org2/peer1/assets/chaincode
#进入cli-org1
docker exec -it cli-org2 bash
cd /root/hyperledger/org2/peer1/assets/chaincode
export CORE_PEER_ADDRESS=peer1-org2:7051
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org2/admin/msp
peer lifecycle chaincode install fabcar.tar.gz
exit
7.2 链码查询
peer lifecycle chaincode queryinstalled
packageid: fabcar_1:2fa9ca83f9294c7519f32c5dc27c1948ba7aa50093abdbd84415e78a1aeccd0e
7.3 链码批准
docker exec -it cli-org1 bash
export VERSION=1
export PACKAGE_ID=fabcar_1:2fa9ca83f9294c7519f32c5dc27c1948ba7aa50093abdbd84415e78a1aeccd0e
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CHANNEL_NAME=mychannel
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/admin/msp
peer lifecycle chaincode approveformyorg -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile ${ORDERER_CA} --channelID ${CHANNEL_NAME} --name fabcar1 --version ${VERSION} --init-required --package-id ${PACKAGE_ID} --sequence ${VERSION}
peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name fabcar1 --version ${VERSION} --sequence ${VERSION} --output json --init-required
exit
同理cli-org2授权基本相同
docker exec -it cli-org2 bash
export VERSION=1
export PACKAGE_ID=fabcar_1:2fa9ca83f9294c7519f32c5dc27c1948ba7aa50093abdbd84415e78a1aeccd0e
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CHANNEL_NAME=mychannel
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org2/admin/msp
peer lifecycle chaincode approveformyorg -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile ${ORDERER_CA} --channelID ${CHANNEL_NAME} --name fabcar1 --version ${VERSION} --init-required --package-id ${PACKAGE_ID} --sequence ${VERSION}
peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name fabcar1 --version ${VERSION} --sequence ${VERSION} --output json --init-required
exit
7.4 提交链码定义
docker exec -it cli-org1 bash
export CHANNEL_NAME=mychannel
export VERSION=1
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/admin/msp
peer lifecycle chaincode commit -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile $ORDERER_CA --channelID $CHANNEL_NAME --name fabcar1 --peerAddresses peer1-org1:7051 --tlsRootCertFiles /root/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --peerAddresses peer1-org2:7051 --tlsRootCertFiles /root/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --version ${VERSION} --sequence ${VERSION} --init-required
peer chaincode list --installed
exit
#只用提交一次吧?,cli2不用提交了
#-------cli-org2-----
docker exec -it cli-org2 bash
export CHANNEL_NAME=mychannel
export VERSION=1
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org2/admin/msp
peer lifecycle chaincode commit -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile $ORDERER_CA --channelID $CHANNEL_NAME --name fabcar --peerAddresses peer1-org1:7051 --tlsRootCertFiles /root/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --peerAddresses peer1-org2:7051 --tlsRootCertFiles /root/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --version ${VERSION} --sequence ${VERSION} --init-required
查询提交内容
export CHANNEL_NAME=mychannel
peer lifecycle chaincode querycommitted --channelID $CHANNEL_NAME --name fabcar
peer lifecycle chaincode queryapproved -C mychannel -n fabcar
7.5 初始化链码
docker exec -it cli-org1 bash
export CHANNEL_NAME=mychannel
export VERSION=1
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/admin/msp
peer chaincode invoke -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile $ORDERER_CA -C $CHANNEL_NAME -n fabcar1 --isInit --peerAddresses peer1-org1:7051 --tlsRootCertFiles /root/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --peerAddresses peer1-org2:7051 --tlsRootCertFiles /root/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem -c '{"function":"initLedger","Args":[]}'
查询
peer chaincode query -C $CHANNEL_NAME -n fabcar1 -c '{"Args":["queryAllCars"]}'
脚本文件
start.sh文件
export COMPOSE_PROJECT_NAME=net
export doc_com=$(pwd)
docker-compose -f ${doc_com}/fabric-ca-tls/docker-compose.yaml -f ${doc_com}/org0/ca/docker-compose.yaml -f ${doc_com}/org0/orderer/docker-compose.yaml -f ${doc_com}/org1/ca/docker-compose.yaml -f ${doc_com}/org1/peer1/docker-compose.yaml -f ${doc_com}/org1/peer2/docker-compose.yaml -f ${doc_com}/org1/cli/docker-compose.yaml -f ${doc_com}/org2/ca/docker-compose.yaml -f ${doc_com}/org2/peer1/docker-compose.yaml -f ${doc_com}/org2/peer2/docker-compose.yaml -f ${doc_com}/org2/cli/docker-compose.yaml up -d
export COMPOSE_PROJECT_NAME=net
export doc_com=$(pwd)
echo ${doc_com}/fabric-ca-tls
cd fabric-ca-tls
docker-compose up -d
sleep 1
echo ${doc_com}/org0/ca
cd ${doc_com}/org0/ca
docker-compose up -d
sleep 1
echo ${doc_com}/org0/orderer
cd ${doc_com}/org0/orderer
docker-compose up -d
sleep 1
echo ${doc_com}/org1/ca
cd ${doc_com}/org1/ca
docker-compose up -d
sleep 1
echo ${doc_com}/org1/peer1
cd ${doc_com}/org1/peer1
docker-compose up -d
sleep 1
echo ${doc_com}/org1/peer2
cd ${doc_com}/org1/peer2
docker-compose up -d
sleep 1
echo ${doc_com}/org1/cli
cd ${doc_com}/org1/cli
docker-compose up -d
sleep 1
echo ${doc_com}/org2/ca
cd ${doc_com}/org2/ca
docker-compose up -d
sleep 1
echo ${doc_com}/org2/peer1
cd ${doc_com}/org2/peer1
docker-compose up -d
sleep 1
echo ${doc_com}/org2/peer2
cd ${doc_com}/org2/peer2
docker-compose up -d
sleep 1
echo ${doc_com}/org2/cli
cd ${doc_com}/org2/cli
docker-compose up -d
down.sh文件
docker kill $(docker ps -a -q) || true
sleep 1
docker rm $(docker ps -a -q) || true
stop.sh
docker stop $(docker ps -a -q) || true
6.1 链码安装
cli-org1安装
#之后只用拷贝到文件里去就行了
docker cp /home/pi/Desktop/simple.tar.gz cli-org1:/root/hyperledger/org1/peer1/assets/chaincode
#进入cli-org1
docker exec -it cli-org1 bash
cd /root/hyperledger/org1/peer1/assets/chaincode
export CORE_PEER_ADDRESS=peer1-org1:7051
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/admin/msp
peer lifecycle chaincode install simple.tar.gz
exit
cli-org2 的安装基本相同,自行登录cli-org2容器中安装
#之后只用拷贝到文件里去就行了
docker cp /home/pi/Desktop/simple.tar.gz cli-org2:/root/hyperledger/org2/peer1/assets/chaincode
#进入cli-org1
docker exec -it cli-org2 bash
cd /root/hyperledger/org2/peer1/assets/chaincode
export CORE_PEER_ADDRESS=peer1-org2:7051
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org2/admin/msp
peer lifecycle chaincode install simple.tar.gz
exit
6.2 链码查询
peer lifecycle chaincode queryinstalled
packageid: simple_1:9b72d7f1eda5c57c0f1a71bf739507db9e2581a036474f12b252e15346a381ea
6.3 链码批准
docker exec -it cli-org1 bash
export VERSION=1
export PACKAGE_ID=simple_1:9b72d7f1eda5c57c0f1a71bf739507db9e2581a036474f12b252e15346a381ea
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CHANNEL_NAME=mychannel
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/admin/msp
peer lifecycle chaincode approveformyorg -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile ${ORDERER_CA} --channelID ${CHANNEL_NAME} --name simple --version ${VERSION} --package-id ${PACKAGE_ID} --sequence ${VERSION} --waitForEvent
peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name simple --version ${VERSION} --sequence ${VERSION} --output json
exit
同理cli-org2授权基本相同
docker exec -it cli-org2 bash
export VERSION=1
export PACKAGE_ID=simple_1:9b72d7f1eda5c57c0f1a71bf739507db9e2581a036474f12b252e15346a381ea
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CHANNEL_NAME=mychannel
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org2/admin/msp
peer lifecycle chaincode approveformyorg -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile ${ORDERER_CA} --channelID ${CHANNEL_NAME} --name simple --version ${VERSION} --package-id ${PACKAGE_ID} --sequence ${VERSION} --waitForEvent
peer lifecycle chaincode checkcommitreadiness --channelID $CHANNEL_NAME --name simple --version ${VERSION} --sequence ${VERSION} --output json
exit
6.4 提交链码定义
docker exec -it cli-org1 bash
export CHANNEL_NAME=mychannel
export VERSION=1
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/admin/msp
peer lifecycle chaincode commit -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile $ORDERER_CA --channelID $CHANNEL_NAME --name simple --peerAddresses peer1-org1:7051 --tlsRootCertFiles /root/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --peerAddresses peer1-org2:7051 --tlsRootCertFiles /root/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --version ${VERSION} --sequence ${VERSION}
exit
#只用提交一次吧?
peer chaincode list --installed
#-------cli-org2-----
docker exec -it cli-org2 bash
export CHANNEL_NAME=mychannel
export VERSION=1
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org2/admin/msp
peer lifecycle chaincode commit -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile $ORDERER_CA --channelID $CHANNEL_NAME --name simple --peerAddresses peer1-org1:7051 --tlsRootCertFiles /root/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --peerAddresses peer1-org2:7051 --tlsRootCertFiles /root/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --version ${VERSION} --sequence ${VERSION}
查询提交内容
export CHANNEL_NAME=mychannel
peer lifecycle chaincode querycommitted --channelID $CHANNEL_NAME --name simple
peer lifecycle chaincode queryapproved -C mychannel -n simple
6.5 初始化链码
docker exec -it cli-org1 bash
export CHANNEL_NAME=mychannel
export VERSION=1
export ORDERER_CA=/root/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
export CORE_PEER_MSPCONFIGPATH=/root/hyperledger/org1/admin/msp
peer chaincode invoke -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile $ORDERER_CA -C $CHANNEL_NAME -n simple --peerAddresses peer1-org1:7051 --tlsRootCertFiles /root/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --peerAddresses peer1-org2:7051 --tlsRootCertFiles /root/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --isInit -c '{"function":"initLedger","Args":[]}'
peer chaincode invoke -o orderer1-org0:7050 --ordererTLSHostnameOverride orderer1-org0 --tls --cafile $ORDERER_CA -C $CHANNEL_NAME -n simple --peerAddresses peer1-org1:7051 --tlsRootCertFiles /root/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem --peerAddresses peer1-org2:7051 --tlsRootCertFiles /root/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem -c '{"function":"Create","Args":["a","10"]}'
查询
peer chaincode query -C mychannel -n simple -c '{"Args":["Read","a"]}'
