hyperledger fabric 1.4 官方示例实践(二)

hyperledger fabric 1.4 官方示例实践(二)

1、fabric核心模块及常用命令

1.1、核心模块

模块名词 功能
peer 主节点模块,负责存储区块链数据,运行维护代码
order 交易打包,排序模块
cryptogen 组织和证书生成模块
configtxgen 区块和交易生成模块
configtxlator 区块和交易解析模块

其中peer和order属于系统模块,cryptogen,configtxgen,configtxlator属于工具模块,工具模块负责证书文件,区块链创始块,通道创始块等相关文件和证书的生成工作,不参与系统的运行。

将下载的模块复制到/usr/local/bin/文件下,便于后续在任何文件下运行,复制命令:

sudo cp configtxlator /usr/local/bin/configtxlator          #其他命令类似

核心模块都是通过命令行运行,需要熟悉相关命令–help

其他概念:

1、锚节点:组织中唯一一个节点,在生成创始块文件和通道文件时在配置文件中指定,负责组织之间的通信,一个组织唯一指定一个,其他组织的节点就可以将Gossip消息发送到这个Anchor Peer上,进而Anchor Peer将获得整个网络信息,区块广播到本组织内。

2、leader节点:组织选举出的节点,可以强制性指定,也可以fabric自动选取,用于和order节点通信,接受区块信息,向组织其他节点传播。

1.2、常用命令

#设置环境变量
$ export CHANNEL_NAME=mychannel
#查看环境变量
$ echo $CHANNEL_NAME
#查看docker-compose运行的容器
$ docker-compose -f docker-compose-cli.yaml ps
#shell指令
#输出当前路径
$ pwd
#输出当前docker镜像文件
$ docker images

2、cryptogen

cryptogen模块主要用于生成组织结构和账号相关文件,任何fabric系统的开发都是从cryptogen模块开始,在系统设计完成后首要工作就是根据系统设计编写cryptogen的配置文件。

2.1、模块命令

通过cryptogen –help可以显示相关命令

cryptogen --help
]usage: cryptogen [<flags>] <command> [<args> ...]

Utility for generating Hyperledger Fabric key material

Flags:
  --help  Show context-sensitive help (also try --help-long and --help-man).

Commands:
  help [<command>...]
    Show help.
#根据配置文件生成证书信息
  generate [<flags>]
    Generate key material
#显示系统默认的cryptogen模块配置文件信息
  showtemplate
    Show the default configuration template
#显示版本号
  version
    Show version information
#扩展现有网络
  extend [<flags>]
    Extend existing network
cryptogen generate --help
usage: cryptogen generate [<flags>]

Generate key material

Flags:
  --help                    Show context-sensitive help (also try --help-long
                            and --help-man).
    #指定
  --output="crypto-config"  The output directory in which to place artifacts
  --config=CONFIG           The configuration template to use

  • 配置文件模板crypto-config.yaml
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:                   #排序节点组织
  # ---------------------------------------------------------------------------
  # Orderer
  # ---------------------------------------------------------------------------
  - Name: Orderer                          #名称
    Domain: example.com          #根域名,排序节点组织的根域名
    EnableNodeOUs: false

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer           #子域名,可访问 orderer.example.com,对应一个排序节点

# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:                      #peer节点
  # ---------------------------------------------------------------------------
  # Org1
  # ---------------------------------------------------------------------------
  - Name: Org1
    Domain: org1.example.com         #组织1根域名
    EnableNodeOUs: false
    Template:                  #模板,根据默认规则生成几个peer存储数据的节点
      Count: 2                   #访问域名 peer0.org1.example.com
      # Start: 5
    Users:                    #创建普通用户的个数
      Count: 1

  # ---------------------------------------------------------------------------
  # Org2: See "Org1" for full specification
  # ---------------------------------------------------------------------------
  - Name: Org2
    Domain: org2.example.com
    EnableNodeOUs: false
    Template:
      Count: 2
    Users:
      Count: 1

修改后crypto-config.yaml

# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
  # ---------------------------------------------------------------------------
  # Orderer
  # ---------------------------------------------------------------------------
  - Name: Orderer
    Domain: test.com
    EnableNodeOUs: true

    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer

# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
  # ---------------------------------------------------------------------------
  # Org1
  # ---------------------------------------------------------------------------
  - Name: Orga
    Domain: orga.test.com
    EnableNodeOUs: true
    Template:
      Count: 2
      # Start: 5
      # Hostname: {{.Prefix}}{{.Index}} # default
      # SANS:
      #   - "{{.Hostname}}.alt.{{.Domain}}"
    Users:
      Count: 1

  # ---------------------------------------------------------------------------
  # Org2: See "Org1" for full specification
  # ---------------------------------------------------------------------------
  - Name: Orgb
    Domain: orgb.test.com
    EnableNodeOUs: true
    Template:
      Count: 2
    Users:
      Count: 1

3、生成证书文件

  • 新建工程目录文件夹fabricnewsample

    mkdir fabricnewsample/
    
  • step1 生成配置文件

#将模版文件重定向生成配置文件
cryptogen showtemplate >  crypto-config.yaml
  • step2 修改配置文件 crypto-config.yaml

  • step3 生成证书文件

    cryptogen generate --config=crypto-config.yaml
    #进入文件夹,可查看目录文件
    tree ordererOrganizations/
    #查看peer文件
    tree peerOrganizations/peerOrganizations/
    

    Sepcs和Template指定用户的区别(可分开使用,也可以联合使用)

    • Sepcs是可以指出确定的域名

    • Template是按照0开始排列 peer0,peer1

     Specs:
          - Hostname: orderer           #子域名,可访问 orderer.example.com,对应一个节点
      Template:
      		Count: 1
    

4、configtxgen

4.1、模块命令

configtxgen --help             #通过该命令查询相关参数

运行结果如下:

Usage of configtxgen:
#指定所属的组织
  -asOrg string
    	Performs the config generation as a particular organization (by name), only including values in the write set that org (likely) has privilege to set
  #
  -channelCreateTxBaseProfile string
    	Specifies a profile to consider as the orderer system channel current state to allow modification of non-application parameters during channel create tx generation. Only valid in conjuction with 'outputCreateChannelTx'.
   #指定创建channel的名字,如果没指定会提供一个特定的名字
  -channelID string
    	The channel ID to use in the configtx
    #执行命令要加载的配置文件的路径,不指定会在当前目录下寻找
  -configPath string
    	The path containing the configuration to use (if set)
    #打印指定区块文件中的配置内容,,string:查看的区块文件的名字
  -inspectBlock string
    	Prints the configuration contained in the block at the specified path
    #打印指定路径中创建通道的交易的配置文件内容
  -inspectChannelCreateTx string
    	Prints the configuration contained in the transaction at the specified path
    #更新channel的配置信息
  -outputAnchorPeersUpdate string
    	Creates an config update to update an anchor peer (works only with the default channel creation, and only for the first update)
    #输出区块文件的路径
  -outputBlock string
    	The path to write the genesis block to (if set)
  #输出通道文件的路径和名字
  -outputCreateChannelTx string
    	The path to write a channel creation configtx to (if set)
   #输出组织的定义以json形式打印
  -printOrg string
    	Prints the definition of an organization as JSON. (useful for adding an org to a channel manually)
    #指定配置文件中的节点
  -profile string
    	The profile from configtx.yaml to use for generation. (default "SampleInsecureSolo")
  -version
    	Show version information

5、排序服务的创始块文件与通道文件的生成

5.1、编写配置文件configtx.yaml

文件名固定为configtx.yaml

将之前下载的示例下的configtx.yaml拷贝到当前目录下:

cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/configtx.yaml ~/fabricnewsample/

configtx.yaml文件内容为

#   configtx.yaml文件
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
# 

---
################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################组织	,两个部分,排序组织和peer组织
Organizations:                                  #固定不能变

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &OrdererOrg                                #排序节点组织,可修改名称
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrdererOrg                  #组织名

        # ID to load the MSP definition as
        ID: OrdererMSP                          #排序节点ID

        # MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/example.com/msp   #身份信息路径

        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('OrdererMSP.admin')"

    - &Org1                                  #组织1,可修改,后面会引用
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: Org1MSP         #第一个组织名

        # ID to load the MSP definition as
        ID: Org1MSP                #第一个组织ID

        MSPDir: crypto-config/peerOrganizations/org1.example.com/msp      #组织身份路径

        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('Org1MSP.admin')"

        # leave this flag set to true.
        AnchorPeers:                                           #锚节点,任意一个节点都可以作为锚节点,但只能为一个,负责组织之间的交互
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.org1.example.com         #指定peer节点域名
              Port: 7051                                                    #端口,不可修改

    - &Org2
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: Org2MSP

        # ID to load the MSP definition as
        ID: Org2MSP

        MSPDir: crypto-config/peerOrganizations/org2.example.com/msp

        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('Org2MSP.admin')"

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.org2.example.com
              Port: 9051

################################################################################
#
#   SECTION: Capabilities
#
#   - This section defines the capabilities of fabric network. This is a new
#   concept as of v1.1.0 and should not be utilized in mixed networks with
#   v1.0.x peers and orderers.  Capabilities define features which must be
#   present in a fabric binary for that binary to safely participate in the
#   fabric network.  For instance, if a new MSP type is added, newer binaries
#   might recognize and validate the signatures from this type, while older
#   binaries without this support would be unable to validate those
#   transactions.  This could lead to different versions of the fabric binaries
#   having different world states.  Instead, defining a capability for a channel
#   informs those binaries without this capability that they must cease
#   processing transactions until they have been upgraded.  For v1.0.x if any
#   capabilities are defined (including a map with all capabilities turned off)
#   then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:                          #通常全部设置为true
    # Channel capabilities apply to both the orderers and the peers and must be
    # supported by both.
    # Set the value of the capability to true to require it.
    Channel: &ChannelCapabilities
        # V1.4.3 for Channel is a catchall flag for behavior which has been
        # determined to be desired for all orderers and peers running at the v1.4.3
        # level, but which would be incompatible with orderers and peers from
        # prior releases.
        # Prior to enabling V1.4.3 channel capabilities, ensure that all
        # orderers and peers on a channel are at v1.4.3 or later.
        V1_4_3: true
        # V1.3 for Channel enables the new non-backwards compatible
        # features and fixes of fabric v1.3
        V1_3: false
        # V1.1 for Channel enables the new non-backwards compatible
        # features and fixes of fabric v1.1
        V1_1: false

    # Orderer capabilities apply only to the orderers, and may be safely
    # used with prior release peers.
    # Set the value of the capability to true to require it.
    Orderer: &OrdererCapabilities
        # V1.4.2 for Orderer is a catchall flag for behavior which has been
        # determined to be desired for all orderers running at the v1.4.2
        # level, but which would be incompatible with orderers from prior releases.
        # Prior to enabling V1.4.2 orderer capabilities, ensure that all
        # orderers on a channel are at v1.4.2 or later.
        V1_4_2: true
        # V1.1 for Orderer enables the new non-backwards compatible
        # features and fixes of fabric v1.1
        V1_1: false

    # Application capabilities apply only to the peer network, and may be safely
    # used with prior release orderers.
    # Set the value of the capability to true to require it.
    Application: &ApplicationCapabilities
        # V1.4.2 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.4.2.
        V1_4_2: true
        # V1.3 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.3.
        V1_3: false
        # V1.2 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.2 (note, this need not be set if
        # later version capabilities are set)
        V1_2: false
        # V1.1 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.1 (note, this need not be set if
        # later version capabilities are set).
        V1_1: false

################################################################################
#
#   SECTION: Application
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults

    # Organizations is the list of orgs which are defined as participants on
    # the application side of the network
    Organizations:

    # Policies defines the set of policies at this level of the config tree
    # For Application policies, their canonical path is
    #   /Channel/Application/<PolicyName>
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    Capabilities:
        <<: *ApplicationCapabilities
################################################################################
#
#   SECTION: Orderer
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults

    # Orderer Type: The orderer implementation to start
    # Available types are "solo","kafka"  and "etcdraft"
    OrdererType: solo                           #排序算法,或者共识机制,sofo适合测试环境,kafka适合生产																				环境

    Addresses:                                        #排序节点域名,如果为kafka,需要添加其他排序节点域名
        - orderer.example.com:7050
	#BatchTimeout,MaxMessageCount,AbsoluteMaxBytes,满足其中一种就会产生区块
    # Batch Timeout: The amount of time to wait before creating a batch
    BatchTimeout: 2s                          #产生区块的时间

    # Batch Size: Controls the number of messages batched into a block
    BatchSize:                                       #产生区块的大小

        # Max Message Count: The maximum number of messages to permit in a batch
        MaxMessageCount: 10           #交易的最大条数

        # Absolute Max Bytes: The absolute maximum number of bytes allowed for
        # the serialized messages in a batch.
        AbsoluteMaxBytes: 99 MB     #允许区块的最大容量

        # Preferred Max Bytes: The preferred maximum number of bytes allowed for
        # the serialized messages in a batch. A message larger than the preferred
        # max bytes will result in a batch larger than preferred max bytes.
        PreferredMaxBytes: 512 KB

    Kafka:
        # Brokers: A list of Kafka brokers to which the orderer connects
        # NOTE: Use IP:port notation
        Brokers:                          #和order节点相连的kafka的broker的IP
            - 127.0.0.1:9092              

    # EtcdRaft defines configuration which must be set when the "etcdraft"
    # orderertype is chosen.
    EtcdRaft:
        # The set of Raft replicas for this network. For the etcd/raft-based
        # implementation, we expect every replica to also be an OSN. Therefore,
        # a subset of the host:port items enumerated in this list should be
        # replicated under the Orderer.Addresses key above.
        Consenters:
            - Host: orderer.example.com
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
              ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
            - Host: orderer2.example.com
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
              ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
            - Host: orderer3.example.com
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
              ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
            - Host: orderer4.example.com
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
              ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
            - Host: orderer5.example.com
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
              ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt

    # Organizations is the list of orgs which are defined as participants on
    # the orderer side of the network
    Organizations:

    # Policies defines the set of policies at this level of the config tree
    # For Orderer policies, their canonical path is
    #   /Channel/Orderer/<PolicyName>
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        # BlockValidation specifies what signatures must be included in the block
        # from the orderer for the peer to validate it.
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"

################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
    # Policies defines the set of policies at this level of the config tree
    # For Channel policies, their canonical path is
    #   /Channel/<PolicyName>
    Policies:
        # Who may invoke the 'Deliver' API
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        # Who may invoke the 'Broadcast' API
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        # By default, who may modify elements at this config level
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    # Capabilities describes the channel level capabilities, see the
    # dedicated Capabilities section elsewhere in this file for a full
    # description
    Capabilities:
        <<: *ChannelCapabilities

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:                            #对之前分散的部分一个总结,这个名不能改

    TwoOrgsOrdererGenesis:                     #区块名,可修改
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg                                 #和前面呼应,前面修改,此处也要改
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            SampleConsortium:                      #可修改,但和下方对应,此处改,$$$也要改
                Organizations:
                    - *Org1
                    - *Org2
    TwoOrgsChannel:                                         #通道名,可修改
        Consortium: SampleConsortium    #$$$上面改,此处也要改
        <<: *ChannelDefaults
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
            Capabilities:
                <<: *ApplicationCapabilities

    SampleDevModeKafka:
        <<: *ChannelDefaults
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            OrdererType: kafka
            Kafka:
                Brokers:
                - kafka.example.com:9092

            Organizations:
            - *OrdererOrg
            Capabilities:
                <<: *OrdererCapabilities
        Application:
            <<: *ApplicationDefaults
            Organizations:
            - <<: *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                - *Org1
                - *Org2

    SampleMultiNodeEtcdRaft:
        <<: *ChannelDefaults
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            OrdererType: etcdraft
            EtcdRaft:
                Consenters:
                - Host: orderer.example.com
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
                - Host: orderer2.example.com
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
                - Host: orderer3.example.com
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
                - Host: orderer4.example.com
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
                - Host: orderer5.example.com
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
            Addresses:
                - orderer.example.com:7050
                - orderer2.example.com:7050
                - orderer3.example.com:7050
                - orderer4.example.com:7050
                - orderer5.example.com:7050

            Organizations:
            - *OrdererOrg
            Capabilities:
                <<: *OrdererCapabilities
        Application:
            <<: *ApplicationDefaults
            Organizations:
            - <<: *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                - *Org1
                - *Org2

修改之后的configtx.yaml文件内容为:

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

---
################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################
Organizations:

    # SampleOrg defines an MSP using the sampleconfig.  It should never be used
    # in production but may be used as a template for other definitions
    - &OrdererOrg
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrdererOrg

        # ID to load the MSP definition as
        ID: OrdererMSP

        # MSPDir is the filesystem path which contains the MSP configuration
        MSPDir: crypto-config/ordererOrganizations/test.com/msp

        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('OrdererMSP.admin')"

    - &Orga
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrgaMSP

        # ID to load the MSP definition as
        ID: OrgaMSP

        MSPDir: crypto-config/peerOrganizations/orga.test.com/msp

        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrgaMSP.admin', 'OrgaMSP.peer', 'OrgaMSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('OrgaMSP.admin', 'OrgaMSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('OrgaMSP.admin')"

        # leave this flag set to true.
        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.orga.test.com
              Port: 7051

    - &Orgb
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: OrgbMSP

        # ID to load the MSP definition as
        ID: OrgbMSP

        MSPDir: crypto-config/peerOrganizations/orgb.test.com/msp

        # Policies defines the set of policies at this level of the config tree
        # For organization policies, their canonical path is usually
        #   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrgbMSP.admin', 'OrgbMSP.peer', 'OrgbMSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('OrgbMSP.admin', 'OrgbMSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('OrgbMSP.admin')"

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.orgb.test.com
              Port: 9051

################################################################################
#
#   SECTION: Capabilities
#
#   - This section defines the capabilities of fabric network. This is a new
#   concept as of v1.1.0 and should not be utilized in mixed networks with
#   v1.0.x peers and orderers.  Capabilities define features which must be
#   present in a fabric binary for that binary to safely participate in the
#   fabric network.  For instance, if a new MSP type is added, newer binaries
#   might recognize and validate the signatures from this type, while older
#   binaries without this support would be unable to validate those
#   transactions.  This could lead to different versions of the fabric binaries
#   having different world states.  Instead, defining a capability for a channel
#   informs those binaries without this capability that they must cease
#   processing transactions until they have been upgraded.  For v1.0.x if any
#   capabilities are defined (including a map with all capabilities turned off)
#   then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
    # Channel capabilities apply to both the orderers and the peers and must be
    # supported by both.
    # Set the value of the capability to true to require it.
    Channel: &ChannelCapabilities
        # V1.4.3 for Channel is a catchall flag for behavior which has been
        # determined to be desired for all orderers and peers running at the v1.4.3
        # level, but which would be incompatible with orderers and peers from
        # prior releases.
        # Prior to enabling V1.4.3 channel capabilities, ensure that all
        # orderers and peers on a channel are at v1.4.3 or later.
        V1_4_3: true
        # V1.3 for Channel enables the new non-backwards compatible
        # features and fixes of fabric v1.3
        V1_3: true
        # V1.1 for Channel enables the new non-backwards compatible
        # features and fixes of fabric v1.1
        V1_1: true

    # Orderer capabilities apply only to the orderers, and may be safely
    # used with prior release peers.
    # Set the value of the capability to true to require it.
    Orderer: &OrdererCapabilities
        # V1.4.2 for Orderer is a catchall flag for behavior which has been
        # determined to be desired for all orderers running at the v1.4.2
        # level, but which would be incompatible with orderers from prior releases.
        # Prior to enabling V1.4.2 orderer capabilities, ensure that all
        # orderers on a channel are at v1.4.2 or later.
        V1_4_2: true
        # V1.1 for Orderer enables the new non-backwards compatible
        # features and fixes of fabric v1.1
        V1_1: true

    # Application capabilities apply only to the peer network, and may be safely
    # used with prior release orderers.
    # Set the value of the capability to true to require it.
    Application: &ApplicationCapabilities
        # V1.4.2 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.4.2.
        V1_4_2: true
        # V1.3 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.3.
        V1_3: true
        # V1.2 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.2 (note, this need not be set if
        # later version capabilities are set)
        V1_2: true
        # V1.1 for Application enables the new non-backwards compatible
        # features and fixes of fabric v1.1 (note, this need not be set if
        # later version capabilities are set).
        V1_1: true

################################################################################
#
#   SECTION: Application
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults

    # Organizations is the list of orgs which are defined as participants on
    # the application side of the network
    Organizations:

    # Policies defines the set of policies at this level of the config tree
    # For Application policies, their canonical path is
    #   /Channel/Application/<PolicyName>
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    Capabilities:
        <<: *ApplicationCapabilities
################################################################################
#
#   SECTION: Orderer
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults

    # Orderer Type: The orderer implementation to start
    # Available types are "solo","kafka"  and "etcdraft"
    OrdererType: solo

    Addresses:
        - orderer.test.com:7050

    # Batch Timeout: The amount of time to wait before creating a batch
    BatchTimeout: 2s

    # Batch Size: Controls the number of messages batched into a block
    BatchSize:

        # Max Message Count: The maximum number of messages to permit in a batch
        MaxMessageCount: 10

        # Absolute Max Bytes: The absolute maximum number of bytes allowed for
        # the serialized messages in a batch.
        AbsoluteMaxBytes: 99 MB

        # Preferred Max Bytes: The preferred maximum number of bytes allowed for
        # the serialized messages in a batch. A message larger than the preferred
        # max bytes will result in a batch larger than preferred max bytes.
        PreferredMaxBytes: 512 KB

    Kafka:
        # Brokers: A list of Kafka brokers to which the orderer connects
        # NOTE: Use IP:port notation
        Brokers:
            - 127.0.0.1:9092

    # EtcdRaft defines configuration which must be set when the "etcdraft"
    # orderertype is chosen.
    EtcdRaft:
        # The set of Raft replicas for this network. For the etcd/raft-based
        # implementation, we expect every replica to also be an OSN. Therefore,
        # a subset of the host:port items enumerated in this list should be
        # replicated under the Orderer.Addresses key above.
        Consenters:
            - Host: orderer.test.com
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/server.crt
              ServerTLSCert: crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/server.crt
            - Host: orderer2.example.com
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
              ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
            - Host: orderer3.example.com
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
              ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
            - Host: orderer4.example.com
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
              ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
            - Host: orderer5.example.com
              Port: 7050
              ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
              ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt

    # Organizations is the list of orgs which are defined as participants on
    # the orderer side of the network
    Organizations:

    # Policies defines the set of policies at this level of the config tree
    # For Orderer policies, their canonical path is
    #   /Channel/Orderer/<PolicyName>
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        # BlockValidation specifies what signatures must be included in the block
        # from the orderer for the peer to validate it.
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"

################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
    # Policies defines the set of policies at this level of the config tree
    # For Channel policies, their canonical path is
    #   /Channel/<PolicyName>
    Policies:
        # Who may invoke the 'Deliver' API
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        # Who may invoke the 'Broadcast' API
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        # By default, who may modify elements at this config level
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    # Capabilities describes the channel level capabilities, see the
    # dedicated Capabilities section elsewhere in this file for a full
    # description
    Capabilities:
        <<: *ChannelCapabilities

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

    TwoOrgsOrdererGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Orga
                    - *Orgb
    TwoOrgsChannel:
        Consortium: SampleConsortium
        <<: *ChannelDefaults
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Orga
                - *Orgb
            Capabilities:
                <<: *ApplicationCapabilities

    SampleDevModeKafka:
        <<: *ChannelDefaults
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            OrdererType: kafka
            Kafka:
                Brokers:
                - kafka.example.com:9092

            Organizations:
            - *OrdererOrg
            Capabilities:
                <<: *OrdererCapabilities
        Application:
            <<: *ApplicationDefaults
            Organizations:
            - <<: *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                - *Orga
                - *Orgb

    SampleMultiNodeEtcdRaft:
        <<: *ChannelDefaults
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            OrdererType: etcdraft
            EtcdRaft:
                Consenters:
                - Host: orderer.example.com
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
                - Host: orderer2.example.com
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
                - Host: orderer3.example.com
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
                - Host: orderer4.example.com
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
                - Host: orderer5.example.com
                  Port: 7050
                  ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
                  ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
            Addresses:
                - orderer.example.com:7050
                - orderer2.example.com:7050
                - orderer3.example.com:7050
                - orderer4.example.com:7050
                - orderer5.example.com:7050

            Organizations:
            - *OrdererOrg
            Capabilities:
                <<: *OrdererCapabilities
        Application:
            <<: *ApplicationDefaults
            Organizations:
            - <<: *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                - *Orga
                - *Orgb

5.2、生成排序服务的创始块文件

  • 首先在主文件夹fabricnewsample下创建channel-artifacts文件夹(为后面docker-compose作准备)

    mkdir channel-artifacts
    
  • 在主文件下之执行生成创始块命令(一定要在configtx.yaml文件的同级目录下),生成genesis.block文件

  • 根据文件最后配置的不同,选择不同的profile,比如官方命令为:

  • 此处的通道ID和之后的通道ID名不能一样,此处也可以不设置,默认为testchainid

    FABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block -channelID firstchannel
    

5.3、生成通道文件

  • 主文件夹下执行生成通道文件的命令,生成channel.tx文件,可指定channelD,通道名字,如果不指定默认为mychannel

    #设置当前通道ID
    export CHANNEL_NAME=secondchannel
    #查询是否设置成功
    echo $CHANNEL_NAME
    #生成通道文件
    FABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
    

5.4、生成锚节点更新文件

  • 需要为每个组织各生成一份锚节点更新文件

    FABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/aMSPanchors.tx -channelID $CHANNEL_NAME -asOrg OrgaMSP
    
    FABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/bMSPanchors.tx -channelID $CHANNEL_NAME -asOrg OrgbMSP
    

命名解读:

  • -profile:指定configtx.yaml文件中profiles中的组织名
  • -outputAnchorPeersUpdate:指定生成锚节点更新文件的文件名
  • -channelID: 指定锚节点所属通道,通道名为之前生成通道文件时命名的
  • -asOrg: 指定锚节点所属的组织名

6、docker-compose

首先将文件复制到工程目录下

#将docker-compose-cli.yaml复制到工程目录下
sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/docker-compose-cli.yaml ~/fabricnewsample/docker-compose-cli.yaml
cd ~/fabricnewsample
#工程目录下创建base文件,用于存储下面两个文件
mkdir base
sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/base/docker-compose-base.yaml ~/fabricnewsample/base/docker-compose-base.yaml
sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/base/peer-base.yaml ~/fabricnewsample/base/peer-base.yaml
#如果文件没有权限,设置一下文件权限
sudo chmod 777 ~/fabricnewsample/docker-compose-cli.yaml
sudo chmod 777 ~/fabricnewsample/base/docker-compose-base.yaml
sudo chmod 777 ~/fabricnewsample/base/peer-base.yaml

6.1、docker-compose-cli,修改客户端配置

客户端角色使用的环境变量

#docker-compose-cli.yaml文件
cli:
    container_name: cli
    image: hyperledger/fabric-tools:$IMAGE_TAG
    tty: true
    stdin_open: true
    environment:
      - SYS_CHANNEL=$SYS_CHANNEL
      #客户端docker容器启动之后,Go的工作目录,不需要修改
      - GOPATH=/opt/gopath
      #docker容器启动之后,对应的守护进程的本地套接字,不需要修改
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      #- FABRIC_LOGGING_SPEC=DEBUG
      - FABRIC_LOGGING_SPEC=INFO                #日志级别
      - CORE_PEER_ID=cli                                        #当前客户端节点的ID,自己指定
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051    #客户端链接的peer节点
      - CORE_PEER_LOCALMSPID=Org1MSP                                        #链接的peer节点的所属的组织ID
      - CORE_PEER_TLS_ENABLED=true                                                #通信是否需要加密
      #与客户端链接对应的peer节点的3个文件
      #证书文件
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
      #私钥文件
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
      #根证书文件
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
      #指定当前客户端身份,此处设置为用户中的管理员身份
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        #如果为当前文件下,需要修改文件路径为./chaincode/
        - ./../chaincode/:/opt/gopath/src/github.com/chaincode
        - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
        - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
    depends_on:
      - orderer.example.com
      - peer0.org1.example.com
      - peer1.org1.example.com
      - peer0.org2.example.com
      - peer1.org2.example.com
    networks:
      - byfn

本实例修改之后的cli内容为:

#docker-compose-cli.yaml文件
cli:
    container_name: cli
    image: hyperledger/fabric-tools:latest
    tty: true
    stdin_open: true
    environment:
      - SYS_CHANNEL=$SYS_CHANNEL
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      #- FABRIC_LOGGING_SPEC=DEBUG
      - FABRIC_LOGGING_SPEC=INFO
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.orga.test.com:7051
      - CORE_PEER_LOCALMSPID=OrgaMSP
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/ca.crt
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/users/[email protected]/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        - ./chaincode/:/opt/gopath/src/github.com/chaincode
        - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
        - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
    depends_on:
      - orderer.test.com
      - peer0.orga.test.com
      - peer1.orga.test.com
      - peer0.orgb.test.com
      - peer1.orgb.test.com
    networks:
      - byfn

6.2、修改docker中order节点配置

修改三处文件

  • docker-compose-cli.yaml
  • docker-compose-base.yaml
  • peer-base.yaml

1、修改docker-compose-cli.yaml

orderer.test.com:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.test.com
    container_name: orderer.test.com
    networks:
      - byfn

2、修改

#docker-compose-base.yaml文件修改后
services:

  orderer.test.com:
    container_name: orderer.test.com
    extends:
      file: peer-base.yaml
      service: orderer-base
    volumes:
        - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/msp:/var/hyperledger/orderer/msp
        - ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/:/var/hyperledger/orderer/tls
        - orderer.test.com:/var/hyperledger/production/orderer
    ports:
      - 7050:7050

3、修改peer-base.yaml文件

#peer-base.yaml文件解释及修改
#仅需修改一处,第二行修改为 image: hyperledger/fabric-orderer:latest
orderer-base:
    image: hyperledger/fabric-orderer:latest
    environment:
      - FABRIC_LOGGING_SPEC=INFO                                               #日志级别
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0               #orderer节点监听的地址
      - ORDERER_GENERAL_GENESISMETHOD=file                    #创始块来源,file为来源于文件中
      #创始块对应的文件,这个不需要改,因为已经挂在到docker镜像中
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP            #order节点所属的组的ID
      #不需要修改,已经挂载在指定路径
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp    #当前节点的MSP账号路径
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true                          #是否使用tls加密
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key   #私钥
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt   #证书
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]               #根证书
      - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
      - ORDERER_KAFKA_VERBOSE=true
      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer

6.3、修改docker中peer节点配置

1、修改peer-base.yaml

代码中解析环境变量

peer-base:
  #主要修改此处,修改为latest
    image: hyperledger/fabric-peer:latest
    environment:
    #docker的本地套接字地址,不需要修改
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      # the following setting starts chaincode containers on the same
      # bridge network as the peers
      # //docs.docker.com/compose/networking/
      #该peer所属的网络,此处为byfn,与docker-compose-cli中每个peer的networks呼应
      #此处${COMPOSE_PROJECT_NAME}为docker-compose-cli.yaml所处的文件名。
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
      #修改为CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=test-fabric_byfn
      - FABRIC_LOGGING_SPEC=INFO
      #- FABRIC_LOGGING_SPEC=DEBUG
      #是否通信加密
      - CORE_PEER_TLS_ENABLED=true
      #是否采用fabric规则选取leader peer,如果为true,则下一个必须为false
      - CORE_PEER_GOSSIP_USELEADERELECTION=true
      #是否强制指定为leader peer
      - CORE_PEER_GOSSIP_ORGLEADER=false
      #peer节点的中profile服务,不需要修改
      - CORE_PEER_PROFILE_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start

2、修改docker-compose-cli.yaml文件

orderer.test.com:
    extends:
      file:   base/docker-compose-base.yaml
      service: orderer.test.com
    container_name: orderer.test.com
    networks:
      - byfn

  peer0.orga.test.com:
    container_name: peer0.orga.test.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.orga.test.com
    networks:
      - byfn

  peer1.orga.test.com:
    container_name: peer1.orga.test.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer1.orga.test.com
    networks:
      - byfn

  peer0.orgb.test.com:
    container_name: peer0.orgb.test.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer0.orgb.test.com
    networks:
      - byfn

  peer1.orgb.test.com:
    container_name: peer1.orgb.test.com
    extends:
      file:  base/docker-compose-base.yaml
      service: peer1.orgb.test.com
    networks:
      - byfn

3、修改docker-compose-base.yaml文件,对每个peer文件进行细心修改

version: '2'

services:

  orderer.test.com:
    container_name: orderer.test.com
    extends:
      file: peer-base.yaml
      service: orderer-base
    volumes:
        - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/msp:/var/hyperledger/orderer/msp
        - ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/:/var/hyperledger/orderer/tls
        - orderer.test.com:/var/hyperledger/production/orderer
    ports:
      - 7050:7050

  peer0.orga.test.com:
    container_name: peer0.orga.test.com
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer0.orga.test.com
      - CORE_PEER_ADDRESS=peer0.orga.test.com:7051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:7051
      - CORE_PEER_CHAINCODEADDRESS=peer0.orga.test.com:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      #启动时,选择链接哪个节点,可以链接自己或其他节点,但必须为同一组织
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.orga.test.com:8051
      #对外显示的自己的地址,如果不设置,则该结点不可见
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orga.test.com:7051
      - CORE_PEER_LOCALMSPID=OrgaMSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls:/etc/hyperledger/fabric/tls
        - peer0.orga.test.com:/var/hyperledger/production
    ports:
      - 7051:7051

  peer1.orga.test.com:
    container_name: peer1.orga.test.com
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer1.orga.test.com
      - CORE_PEER_ADDRESS=peer1.orga.test.com:8051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:8051
      - CORE_PEER_CHAINCODEADDRESS=peer1.orga.test.com:8052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orga.test.com:8051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orga.test.com:7051
      - CORE_PEER_LOCALMSPID=OrgaMSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls:/etc/hyperledger/fabric/tls
        - peer1.orga.test.com:/var/hyperledger/production

    ports:
      - 8051:8051

  peer0.orgb.test.com:
    container_name: peer0.orgb.test.com
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer0.orgb.test.com
      - CORE_PEER_ADDRESS=peer0.orgb.test.com:9051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:9051
      - CORE_PEER_CHAINCODEADDRESS=peer0.orgb.test.com:9052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgb.test.com:9051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.orgb.test.com:10051
      - CORE_PEER_LOCALMSPID=OrgbMSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls:/etc/hyperledger/fabric/tls
        - peer0.orgb.test.com:/var/hyperledger/production
    ports:
      - 9051:9051

  peer1.orgb.test.com:
    container_name: peer1.orgb.test.com
    extends:
      file: peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer1.orgb.test.com
      - CORE_PEER_ADDRESS=peer1.orgb.test.com:10051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:10051
      - CORE_PEER_CHAINCODEADDRESS=peer1.orgb.test.com:10052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orgb.test.com:10051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgb.test.com:9051
      - CORE_PEER_LOCALMSPID=OrgbMSP
    volumes:
        - /var/run/:/host/var/run/
        - ../crypto-config/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/msp:/etc/hyperledger/fabric/msp
        - ../crypto-config/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls:/etc/hyperledger/fabric/tls
        - peer1.orgb.test.com:/var/hyperledger/production
    ports:
      - 10051:10051

6.4、启动docker compose

执行docker-compose默认执行docker-compose.yml文件,因此需要将docker-compose-cli.yaml文件重新命名为docker-compose.yml文件放在主文件下。

如果没有设置docker-compose.yml文件则为以下命令

$ docker-compose -f docker-compose-cli.yaml up -d

执行结果

WARNING: The SYS_CHANNEL variable is not set. Defaulting to a blank string.
Creating network "fabricnewsample_byfn" with the default driver
Creating volume "fabricnewsample_orderer.test.com" with default driver
Creating volume "fabricnewsample_peer0.orga.test.com" with default driver
Creating volume "fabricnewsample_peer1.orga.test.com" with default driver
Creating volume "fabricnewsample_peer0.orgb.test.com" with default driver
Creating volume "fabricnewsample_peer1.orgb.test.com" with default driver
Creating orderer.test.com    ... done
Creating peer1.orgb.test.com ... done
Creating peer0.orgb.test.com ... done
Creating peer0.orga.test.com ... done
Creating peer1.orga.test.com ... done
Creating cli                 ... done

可以使用以下命令查看网络是否启动成功

$ docker-compose -f docker-compose-cli.yaml ps

运行结果显示每个port都有对应的端口即为启动成功

         Name                                  Command          State            Ports          
----------------------------------------------------------------------------
cli                                                     /bin/bash             Up                              
orderer.test.com                   orderer                      Up      0.0.0.0:7050->7050/tcp  
peer0.orga.test.com      peer node start            Up      0.0.0.0:9051->9051/tcp  
peer0.orgb.test.com         peer node start        Up      0.0.0.0:7051->7051/tcp  
peer1.orga.test.com      peer node start           Up      0.0.0.0:10051->10051/tcp
peer1.orgb.test.com        peer node start         Up      0.0.0.0:8051->8051/tcp 

7、channel管理

7.1、通过客户端操作各节点

  • 进入客户端容器中进行通道管理

    $ docker exec -it cli bash
    

    显示结果为:

    root@e0514821f4dd:/opt/gopath/src/github.com/hyperledger/fabric/peer# 
    

7.2、创建通道

  • peer命令生成通道,将channel.tx复制到channel-artifacts文件夹下

    #设置并查看通道名
    export CHANNEL_NAME=secondchannel
    echo $CHANNEL_NAME
    #生成通道
    peer channel create -o orderer.test.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/test.com/orderers/orderer.test.com/msp/tlscacerts/tlsca.test.com-cert.pem
    

    运行结果:

    2020-08-03 07:14:06.722 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
    2020-08-03 07:14:06.899 UTC [cli.common] readBlock -> INFO 002 Received block: 0
    

    运行结果生成secondchannel.block文件,可以当前目录下使用ll命令查看

    total 40
    drwxr-xr-x 5 root root  4096 Aug  3 07:14 ./
    drwxr-xr-x 3 root root  4096 Aug  3 07:08 ../
    drwxr-xr-x 2 1000 1000  4096 Aug  3 07:03 channel-artifacts/
    drwxr-xr-x 4 1000 1000  4096 Aug  3 06:53 crypto/
    -rw-r--r-- 1 root root 17973 Aug  3 07:14 secondchannel.block
    drwxr-xr-x 2 root root  4096 Aug  3 07:08 scripts/
    

7.3、各节点加入通道

  • 将每个组织的每个节点分别加入通道中,通过客户端完成

    • 客户端每次只能链接一个peer节点,因此需要不断的重新设置环境变量

      首先将当前节点加入通道中

      peer channel join -b secondchannel.block
      

      切换每个节点的环境变量,然后将节点加入到通道中

      #将orga的peer1节点加入通道
      export CORE_PEER_ADDRESS=peer1.orga.test.com:8051
      export CORE_PEER_LOCALMSPID=OrgaMSP
      export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/users/[email protected]/msp
      export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls/server.crt
      export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls/server.key
      export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls/ca.crt 
      
      peer channel join -b secondchannel.block
      
      #将org2的peer0节点加入通道
      export CORE_PEER_ADDRESS=peer0.orgb.test.com:9051 
      export CORE_PEER_LOCALMSPID=OrgbMSP
      export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/users/[email protected]/msp
      export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls/server.crt
      export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls/server.key
      export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls/ca.crt 
      
      peer channel join -b secondchannel.block
      #将org2的peer1节点加入通道
      export CORE_PEER_ADDRESS=peer1.orgb.test.com:10051 
      export CORE_PEER_LOCALMSPID=OrgbMSP
      export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/users/[email protected]/msp
      export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls/server.crt
      export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls/server.key
      export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls/ca.crt 
      
      peer channel join -b secondchannel.block
      

7.4、更新锚节点

  • (如果锚节点没有更新,则不需要执行此步)

    通道更新,它会传递到通道的定义中去。实际上,我们在通道创世区块的头部添加了额外的配置信息。注意我们没有编辑创世区块,但是简单的把将会定义锚节点的增量添加到了链中。

    更新通道定义,将 Orga 的锚节点定义为 peer0.orga.test.com

    #配置组织1的环境变量
    export CORE_PEER_ADDRESS=peer0.orga.test.com:7051
    export CORE_PEER_LOCALMSPID=OrgaMSP
    export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/users/[email protected]/msp
    export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.crt
    export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.key
    export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/ca.crt 
    #更新锚节点
    peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
    
    

    将Org2的锚节点定义为peer0.org2.example.com

    #配置组织2的环境变量
    export CORE_PEER_ADDRESS=peer0.org2.example.com:9051 
    export CORE_PEER_LOCALMSPID=Org2MSP
    export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
    export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
    export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key
    export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt 
    #更新锚节点
    peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org2MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
    

7.5、安装及初始化链码

  • 给每个peer节点安装智能合约->链代码

  • 可选语言Golang,java,Node.js

    #设置文件权限
    sudo chmod 777 chaincode
    sudo chmod 777 scripts
    #将官方提供的链码文件copy到工程目录下
    sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/chaincode/chaincode_example02/go/chaincode_example02.go ~/fabricnewsample/chaincode/
    #设置链码文件权限
    sudo chmod 777 ./chaincode/chaincode_example02.go
    #客户端容器中安装链码,重新设置环境变量,需要的背书节点都要执行一遍安装链码
    $ peer chaincode install -n 链码的名字 -v 链码的版本 -l 链码的语言 -p 链码的位置
    peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/
    

    运行结果

    2020-08-03 16:39:48.709 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc
    2020-08-03 16:39:48.710 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc
    2020-08-03 16:39:50.540 UTC [chaincodeCmd] install -> INFO 003 Installed remotely response:<status:200 payload:"OK" > 
    
  • 对智能合约进行初始化,对应智能合约中的init函数

    • 只需要在任意节点初始化一次即可,数据会自动同步到各个组织的各个节点

      peer chaincode instantiate -o orderer节点地址:端口 --tls --cafile orderer节点的pem格式的证书文件 -C 通道名称 -n 链码名称 -l 链码语言 -v 链码版本 -c 链码函数调用 -P 背书策略
      peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
      

7.6、查询,调用链码转账

#查询账户
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
#转账交易
peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["invoke","a","b","10"]}'