hyperledger fabric 1.4 官方示例实践(二)
- 2020 年 12 月 25 日
- 筆記
- hyperldeger fabric, Hyperledger Fabric, 全手动
hyperledger fabric 1.4 官方示例实践(二)
1、fabric核心模块及常用命令
1.1、核心模块
模块名词 | 功能 |
---|---|
peer | 主节点模块,负责存储区块链数据,运行维护代码 |
order | 交易打包,排序模块 |
cryptogen | 组织和证书生成模块 |
configtxgen | 区块和交易生成模块 |
configtxlator | 区块和交易解析模块 |
其中peer和order属于系统模块,cryptogen,configtxgen,configtxlator属于工具模块,工具模块负责证书文件,区块链创始块,通道创始块等相关文件和证书的生成工作,不参与系统的运行。
将下载的模块复制到/usr/local/bin/
文件下,便于后续在任何文件下运行,复制命令:
sudo cp configtxlator /usr/local/bin/configtxlator #其他命令类似
核心模块都是通过命令行运行,需要熟悉相关命令–help
其他概念:
1、锚节点:组织中唯一一个节点,在生成创始块文件和通道文件时在配置文件中指定,负责组织之间的通信,一个组织唯一指定一个,其他组织的节点就可以将Gossip消息发送到这个Anchor Peer上,进而Anchor Peer将获得整个网络信息,区块广播到本组织内。
2、leader节点:组织选举出的节点,可以强制性指定,也可以fabric自动选取,用于和order节点通信,接受区块信息,向组织其他节点传播。
1.2、常用命令
#设置环境变量
$ export CHANNEL_NAME=mychannel
#查看环境变量
$ echo $CHANNEL_NAME
#查看docker-compose运行的容器
$ docker-compose -f docker-compose-cli.yaml ps
#shell指令
#输出当前路径
$ pwd
#输出当前docker镜像文件
$ docker images
2、cryptogen
cryptogen模块主要用于生成组织结构和账号相关文件,任何fabric系统的开发都是从cryptogen模块开始,在系统设计完成后首要工作就是根据系统设计编写cryptogen的配置文件。
2.1、模块命令
通过cryptogen –help可以显示相关命令
cryptogen --help
]usage: cryptogen [<flags>] <command> [<args> ...]
Utility for generating Hyperledger Fabric key material
Flags:
--help Show context-sensitive help (also try --help-long and --help-man).
Commands:
help [<command>...]
Show help.
#根据配置文件生成证书信息
generate [<flags>]
Generate key material
#显示系统默认的cryptogen模块配置文件信息
showtemplate
Show the default configuration template
#显示版本号
version
Show version information
#扩展现有网络
extend [<flags>]
Extend existing network
cryptogen generate --help
usage: cryptogen generate [<flags>]
Generate key material
Flags:
--help Show context-sensitive help (also try --help-long
and --help-man).
#指定
--output="crypto-config" The output directory in which to place artifacts
--config=CONFIG The configuration template to use
- 配置文件模板crypto-config.yaml
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs: #排序节点组织
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer #名称
Domain: example.com #根域名,排序节点组织的根域名
EnableNodeOUs: false
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer #子域名,可访问 orderer.example.com,对应一个排序节点
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs: #peer节点
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com #组织1根域名
EnableNodeOUs: false
Template: #模板,根据默认规则生成几个peer存储数据的节点
Count: 2 #访问域名 peer0.org1.example.com
# Start: 5
Users: #创建普通用户的个数
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: false
Template:
Count: 2
Users:
Count: 1
修改后crypto-config.yaml
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: test.com
EnableNodeOUs: true
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Orga
Domain: orga.test.com
EnableNodeOUs: true
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# SANS:
# - "{{.Hostname}}.alt.{{.Domain}}"
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Orgb
Domain: orgb.test.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
3、生成证书文件
-
新建工程目录文件夹fabricnewsample
mkdir fabricnewsample/
-
step1 生成配置文件
#将模版文件重定向生成配置文件
cryptogen showtemplate > crypto-config.yaml
-
step2 修改配置文件 crypto-config.yaml
-
step3 生成证书文件
cryptogen generate --config=crypto-config.yaml #进入文件夹,可查看目录文件 tree ordererOrganizations/ #查看peer文件 tree peerOrganizations/peerOrganizations/
Sepcs和Template指定用户的区别(可分开使用,也可以联合使用)
-
Sepcs是可以指出确定的域名
-
Template是按照0开始排列 peer0,peer1
Specs: - Hostname: orderer #子域名,可访问 orderer.example.com,对应一个节点 Template: Count: 1
-
4、configtxgen
4.1、模块命令
configtxgen --help #通过该命令查询相关参数
运行结果如下:
Usage of configtxgen:
#指定所属的组织
-asOrg string
Performs the config generation as a particular organization (by name), only including values in the write set that org (likely) has privilege to set
#
-channelCreateTxBaseProfile string
Specifies a profile to consider as the orderer system channel current state to allow modification of non-application parameters during channel create tx generation. Only valid in conjuction with 'outputCreateChannelTx'.
#指定创建channel的名字,如果没指定会提供一个特定的名字
-channelID string
The channel ID to use in the configtx
#执行命令要加载的配置文件的路径,不指定会在当前目录下寻找
-configPath string
The path containing the configuration to use (if set)
#打印指定区块文件中的配置内容,,string:查看的区块文件的名字
-inspectBlock string
Prints the configuration contained in the block at the specified path
#打印指定路径中创建通道的交易的配置文件内容
-inspectChannelCreateTx string
Prints the configuration contained in the transaction at the specified path
#更新channel的配置信息
-outputAnchorPeersUpdate string
Creates an config update to update an anchor peer (works only with the default channel creation, and only for the first update)
#输出区块文件的路径
-outputBlock string
The path to write the genesis block to (if set)
#输出通道文件的路径和名字
-outputCreateChannelTx string
The path to write a channel creation configtx to (if set)
#输出组织的定义以json形式打印
-printOrg string
Prints the definition of an organization as JSON. (useful for adding an org to a channel manually)
#指定配置文件中的节点
-profile string
The profile from configtx.yaml to use for generation. (default "SampleInsecureSolo")
-version
Show version information
5、排序服务的创始块文件与通道文件的生成
5.1、编写配置文件configtx.yaml
文件名固定为configtx.yaml
将之前下载的示例下的
configtx.yaml
拷贝到当前目录下:
cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/configtx.yaml ~/fabricnewsample/
configtx.yaml
文件内容为
# configtx.yaml文件
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################组织 ,两个部分,排序组织和peer组织
Organizations: #固定不能变
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg #排序节点组织,可修改名称
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg #组织名
# ID to load the MSP definition as
ID: OrdererMSP #排序节点ID
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp #身份信息路径
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1 #组织1,可修改,后面会引用
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP #第一个组织名
# ID to load the MSP definition as
ID: Org1MSP #第一个组织ID
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp #组织身份路径
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
# leave this flag set to true.
AnchorPeers: #锚节点,任意一个节点都可以作为锚节点,但只能为一个,负责组织之间的交互
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org1.example.com #指定peer节点域名
Port: 7051 #端口,不可修改
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org2.example.com
Port: 9051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities: #通常全部设置为true
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V1.4.3 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v1.4.3
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V1.4.3 channel capabilities, ensure that all
# orderers and peers on a channel are at v1.4.3 or later.
V1_4_3: true
# V1.3 for Channel enables the new non-backwards compatible
# features and fixes of fabric v1.3
V1_3: false
# V1.1 for Channel enables the new non-backwards compatible
# features and fixes of fabric v1.1
V1_1: false
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.4.2 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.4.2
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V1.4.2 orderer capabilities, ensure that all
# orderers on a channel are at v1.4.2 or later.
V1_4_2: true
# V1.1 for Orderer enables the new non-backwards compatible
# features and fixes of fabric v1.1
V1_1: false
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V1.4.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.4.2.
V1_4_2: true
# V1.3 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.3.
V1_3: false
# V1.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.2 (note, this need not be set if
# later version capabilities are set)
V1_2: false
# V1.1 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.1 (note, this need not be set if
# later version capabilities are set).
V1_1: false
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo","kafka" and "etcdraft"
OrdererType: solo #排序算法,或者共识机制,sofo适合测试环境,kafka适合生产 环境
Addresses: #排序节点域名,如果为kafka,需要添加其他排序节点域名
- orderer.example.com:7050
#BatchTimeout,MaxMessageCount,AbsoluteMaxBytes,满足其中一种就会产生区块
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s #产生区块的时间
# Batch Size: Controls the number of messages batched into a block
BatchSize: #产生区块的大小
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10 #交易的最大条数
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB #允许区块的最大容量
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers: #和order节点相连的kafka的broker的IP
- 127.0.0.1:9092
# EtcdRaft defines configuration which must be set when the "etcdraft"
# orderertype is chosen.
EtcdRaft:
# The set of Raft replicas for this network. For the etcd/raft-based
# implementation, we expect every replica to also be an OSN. Therefore,
# a subset of the host:port items enumerated in this list should be
# replicated under the Orderer.Addresses key above.
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles: #对之前分散的部分一个总结,这个名不能改
TwoOrgsOrdererGenesis: #区块名,可修改
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg #和前面呼应,前面修改,此处也要改
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium: #可修改,但和下方对应,此处改,$$$也要改
Organizations:
- *Org1
- *Org2
TwoOrgsChannel: #通道名,可修改
Consortium: SampleConsortium #$$$上面改,此处也要改
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
SampleDevModeKafka:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Kafka:
Brokers:
- kafka.example.com:9092
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
Addresses:
- orderer.example.com:7050
- orderer2.example.com:7050
- orderer3.example.com:7050
- orderer4.example.com:7050
- orderer5.example.com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
修改之后的configtx.yaml文件内容为:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/test.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Orga
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrgaMSP
# ID to load the MSP definition as
ID: OrgaMSP
MSPDir: crypto-config/peerOrganizations/orga.test.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrgaMSP.admin', 'OrgaMSP.peer', 'OrgaMSP.client')"
Writers:
Type: Signature
Rule: "OR('OrgaMSP.admin', 'OrgaMSP.client')"
Admins:
Type: Signature
Rule: "OR('OrgaMSP.admin')"
# leave this flag set to true.
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.orga.test.com
Port: 7051
- &Orgb
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrgbMSP
# ID to load the MSP definition as
ID: OrgbMSP
MSPDir: crypto-config/peerOrganizations/orgb.test.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrgbMSP.admin', 'OrgbMSP.peer', 'OrgbMSP.client')"
Writers:
Type: Signature
Rule: "OR('OrgbMSP.admin', 'OrgbMSP.client')"
Admins:
Type: Signature
Rule: "OR('OrgbMSP.admin')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.orgb.test.com
Port: 9051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V1.4.3 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v1.4.3
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V1.4.3 channel capabilities, ensure that all
# orderers and peers on a channel are at v1.4.3 or later.
V1_4_3: true
# V1.3 for Channel enables the new non-backwards compatible
# features and fixes of fabric v1.3
V1_3: true
# V1.1 for Channel enables the new non-backwards compatible
# features and fixes of fabric v1.1
V1_1: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.4.2 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.4.2
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V1.4.2 orderer capabilities, ensure that all
# orderers on a channel are at v1.4.2 or later.
V1_4_2: true
# V1.1 for Orderer enables the new non-backwards compatible
# features and fixes of fabric v1.1
V1_1: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V1.4.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.4.2.
V1_4_2: true
# V1.3 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.3.
V1_3: true
# V1.2 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.2 (note, this need not be set if
# later version capabilities are set)
V1_2: true
# V1.1 for Application enables the new non-backwards compatible
# features and fixes of fabric v1.1 (note, this need not be set if
# later version capabilities are set).
V1_1: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo","kafka" and "etcdraft"
OrdererType: solo
Addresses:
- orderer.test.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# EtcdRaft defines configuration which must be set when the "etcdraft"
# orderertype is chosen.
EtcdRaft:
# The set of Raft replicas for this network. For the etcd/raft-based
# implementation, we expect every replica to also be an OSN. Therefore,
# a subset of the host:port items enumerated in this list should be
# replicated under the Orderer.Addresses key above.
Consenters:
- Host: orderer.test.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/server.crt
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Orga
- *Orgb
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Orga
- *Orgb
Capabilities:
<<: *ApplicationCapabilities
SampleDevModeKafka:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: kafka
Kafka:
Brokers:
- kafka.example.com:9092
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Orga
- *Orgb
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
Addresses:
- orderer.example.com:7050
- orderer2.example.com:7050
- orderer3.example.com:7050
- orderer4.example.com:7050
- orderer5.example.com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Orga
- *Orgb
5.2、生成排序服务的创始块文件
-
首先在主文件夹fabricnewsample下创建channel-artifacts文件夹(为后面docker-compose作准备)
mkdir channel-artifacts
-
在主文件下之执行生成创始块命令(一定要在configtx.yaml文件的同级目录下),生成genesis.block文件
-
根据文件最后配置的不同,选择不同的profile,比如官方命令为:
-
此处的通道ID和之后的通道ID名不能一样,此处也可以不设置,默认为
testchainid
FABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block -channelID firstchannel
5.3、生成通道文件
-
主文件夹下执行生成通道文件的命令,生成channel.tx文件,可指定channelD,通道名字,如果不指定默认为
mychannel
#设置当前通道ID export CHANNEL_NAME=secondchannel #查询是否设置成功 echo $CHANNEL_NAME #生成通道文件 FABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
5.4、生成锚节点更新文件
-
需要为每个组织各生成一份锚节点更新文件
FABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/aMSPanchors.tx -channelID $CHANNEL_NAME -asOrg OrgaMSP
FABRIC_CFG_PATH=$PWD configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/bMSPanchors.tx -channelID $CHANNEL_NAME -asOrg OrgbMSP
命名解读:
- -profile:指定configtx.yaml文件中profiles中的组织名
- -outputAnchorPeersUpdate:指定生成锚节点更新文件的文件名
- -channelID: 指定锚节点所属通道,通道名为之前生成通道文件时命名的
- -asOrg: 指定锚节点所属的组织名
6、docker-compose
首先将文件复制到工程目录下
#将docker-compose-cli.yaml复制到工程目录下
sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/docker-compose-cli.yaml ~/fabricnewsample/docker-compose-cli.yaml
cd ~/fabricnewsample
#工程目录下创建base文件,用于存储下面两个文件
mkdir base
sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/base/docker-compose-base.yaml ~/fabricnewsample/base/docker-compose-base.yaml
sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/base/peer-base.yaml ~/fabricnewsample/base/peer-base.yaml
#如果文件没有权限,设置一下文件权限
sudo chmod 777 ~/fabricnewsample/docker-compose-cli.yaml
sudo chmod 777 ~/fabricnewsample/base/docker-compose-base.yaml
sudo chmod 777 ~/fabricnewsample/base/peer-base.yaml
6.1、docker-compose-cli,修改客户端配置
客户端角色使用的环境变量
#docker-compose-cli.yaml文件
cli:
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- SYS_CHANNEL=$SYS_CHANNEL
#客户端docker容器启动之后,Go的工作目录,不需要修改
- GOPATH=/opt/gopath
#docker容器启动之后,对应的守护进程的本地套接字,不需要修改
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_SPEC=INFO #日志级别
- CORE_PEER_ID=cli #当前客户端节点的ID,自己指定
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051 #客户端链接的peer节点
- CORE_PEER_LOCALMSPID=Org1MSP #链接的peer节点的所属的组织ID
- CORE_PEER_TLS_ENABLED=true #通信是否需要加密
#与客户端链接对应的peer节点的3个文件
#证书文件
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
#私钥文件
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
#根证书文件
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
#指定当前客户端身份,此处设置为用户中的管理员身份
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
#如果为当前文件下,需要修改文件路径为./chaincode/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer1.org1.example.com
- peer0.org2.example.com
- peer1.org2.example.com
networks:
- byfn
本实例修改之后的cli内容为:
#docker-compose-cli.yaml文件
cli:
container_name: cli
image: hyperledger/fabric-tools:latest
tty: true
stdin_open: true
environment:
- SYS_CHANNEL=$SYS_CHANNEL
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.orga.test.com:7051
- CORE_PEER_LOCALMSPID=OrgaMSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.test.com
- peer0.orga.test.com
- peer1.orga.test.com
- peer0.orgb.test.com
- peer1.orgb.test.com
networks:
- byfn
6.2、修改docker中order节点配置
修改三处文件
- docker-compose-cli.yaml
- docker-compose-base.yaml
- peer-base.yaml
1、修改docker-compose-cli.yaml
orderer.test.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.test.com
container_name: orderer.test.com
networks:
- byfn
2、修改
#docker-compose-base.yaml文件修改后
services:
orderer.test.com:
container_name: orderer.test.com
extends:
file: peer-base.yaml
service: orderer-base
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/:/var/hyperledger/orderer/tls
- orderer.test.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
3、修改peer-base.yaml文件
#peer-base.yaml文件解释及修改
#仅需修改一处,第二行修改为 image: hyperledger/fabric-orderer:latest
orderer-base:
image: hyperledger/fabric-orderer:latest
environment:
- FABRIC_LOGGING_SPEC=INFO #日志级别
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 #orderer节点监听的地址
- ORDERER_GENERAL_GENESISMETHOD=file #创始块来源,file为来源于文件中
#创始块对应的文件,这个不需要改,因为已经挂在到docker镜像中
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP #order节点所属的组的ID
#不需要修改,已经挂载在指定路径
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp #当前节点的MSP账号路径
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true #是否使用tls加密
- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key #私钥
- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt #证书
- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] #根证书
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
6.3、修改docker中peer节点配置
1、修改peer-base.yaml
代码中解析环境变量
peer-base:
#主要修改此处,修改为latest
image: hyperledger/fabric-peer:latest
environment:
#docker的本地套接字地址,不需要修改
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# //docs.docker.com/compose/networking/
#该peer所属的网络,此处为byfn,与docker-compose-cli中每个peer的networks呼应
#此处${COMPOSE_PROJECT_NAME}为docker-compose-cli.yaml所处的文件名。
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
#修改为CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=test-fabric_byfn
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
#是否通信加密
- CORE_PEER_TLS_ENABLED=true
#是否采用fabric规则选取leader peer,如果为true,则下一个必须为false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
#是否强制指定为leader peer
- CORE_PEER_GOSSIP_ORGLEADER=false
#peer节点的中profile服务,不需要修改
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
2、修改docker-compose-cli.yaml文件
orderer.test.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.test.com
container_name: orderer.test.com
networks:
- byfn
peer0.orga.test.com:
container_name: peer0.orga.test.com
extends:
file: base/docker-compose-base.yaml
service: peer0.orga.test.com
networks:
- byfn
peer1.orga.test.com:
container_name: peer1.orga.test.com
extends:
file: base/docker-compose-base.yaml
service: peer1.orga.test.com
networks:
- byfn
peer0.orgb.test.com:
container_name: peer0.orgb.test.com
extends:
file: base/docker-compose-base.yaml
service: peer0.orgb.test.com
networks:
- byfn
peer1.orgb.test.com:
container_name: peer1.orgb.test.com
extends:
file: base/docker-compose-base.yaml
service: peer1.orgb.test.com
networks:
- byfn
3、修改docker-compose-base.yaml文件,对每个peer文件进行细心修改
version: '2'
services:
orderer.test.com:
container_name: orderer.test.com
extends:
file: peer-base.yaml
service: orderer-base
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/test.com/orderers/orderer.test.com/tls/:/var/hyperledger/orderer/tls
- orderer.test.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
peer0.orga.test.com:
container_name: peer0.orga.test.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.orga.test.com
- CORE_PEER_ADDRESS=peer0.orga.test.com:7051
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.orga.test.com:7052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
#启动时,选择链接哪个节点,可以链接自己或其他节点,但必须为同一组织
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.orga.test.com:8051
#对外显示的自己的地址,如果不设置,则该结点不可见
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orga.test.com:7051
- CORE_PEER_LOCALMSPID=OrgaMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls:/etc/hyperledger/fabric/tls
- peer0.orga.test.com:/var/hyperledger/production
ports:
- 7051:7051
peer1.orga.test.com:
container_name: peer1.orga.test.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.orga.test.com
- CORE_PEER_ADDRESS=peer1.orga.test.com:8051
- CORE_PEER_LISTENADDRESS=0.0.0.0:8051
- CORE_PEER_CHAINCODEADDRESS=peer1.orga.test.com:8052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orga.test.com:8051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orga.test.com:7051
- CORE_PEER_LOCALMSPID=OrgaMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls:/etc/hyperledger/fabric/tls
- peer1.orga.test.com:/var/hyperledger/production
ports:
- 8051:8051
peer0.orgb.test.com:
container_name: peer0.orgb.test.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.orgb.test.com
- CORE_PEER_ADDRESS=peer0.orgb.test.com:9051
- CORE_PEER_LISTENADDRESS=0.0.0.0:9051
- CORE_PEER_CHAINCODEADDRESS=peer0.orgb.test.com:9052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.orgb.test.com:9051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.orgb.test.com:10051
- CORE_PEER_LOCALMSPID=OrgbMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls:/etc/hyperledger/fabric/tls
- peer0.orgb.test.com:/var/hyperledger/production
ports:
- 9051:9051
peer1.orgb.test.com:
container_name: peer1.orgb.test.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.orgb.test.com
- CORE_PEER_ADDRESS=peer1.orgb.test.com:10051
- CORE_PEER_LISTENADDRESS=0.0.0.0:10051
- CORE_PEER_CHAINCODEADDRESS=peer1.orgb.test.com:10052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.orgb.test.com:10051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.orgb.test.com:9051
- CORE_PEER_LOCALMSPID=OrgbMSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls:/etc/hyperledger/fabric/tls
- peer1.orgb.test.com:/var/hyperledger/production
ports:
- 10051:10051
6.4、启动docker compose
执行docker-compose默认执行
docker-compose.yml
文件,因此需要将docker-compose-cli.yaml
文件重新命名为docker-compose.yml
文件放在主文件下。
如果没有设置docker-compose.yml
文件则为以下命令
$ docker-compose -f docker-compose-cli.yaml up -d
执行结果
WARNING: The SYS_CHANNEL variable is not set. Defaulting to a blank string.
Creating network "fabricnewsample_byfn" with the default driver
Creating volume "fabricnewsample_orderer.test.com" with default driver
Creating volume "fabricnewsample_peer0.orga.test.com" with default driver
Creating volume "fabricnewsample_peer1.orga.test.com" with default driver
Creating volume "fabricnewsample_peer0.orgb.test.com" with default driver
Creating volume "fabricnewsample_peer1.orgb.test.com" with default driver
Creating orderer.test.com ... done
Creating peer1.orgb.test.com ... done
Creating peer0.orgb.test.com ... done
Creating peer0.orga.test.com ... done
Creating peer1.orga.test.com ... done
Creating cli ... done
可以使用以下命令查看网络是否启动成功
$ docker-compose -f docker-compose-cli.yaml ps
运行结果显示每个port都有对应的端口即为启动成功
Name Command State Ports
----------------------------------------------------------------------------
cli /bin/bash Up
orderer.test.com orderer Up 0.0.0.0:7050->7050/tcp
peer0.orga.test.com peer node start Up 0.0.0.0:9051->9051/tcp
peer0.orgb.test.com peer node start Up 0.0.0.0:7051->7051/tcp
peer1.orga.test.com peer node start Up 0.0.0.0:10051->10051/tcp
peer1.orgb.test.com peer node start Up 0.0.0.0:8051->8051/tcp
7、channel管理
7.1、通过客户端操作各节点
-
进入客户端容器中进行通道管理
$ docker exec -it cli bash
显示结果为:
root@e0514821f4dd:/opt/gopath/src/github.com/hyperledger/fabric/peer#
7.2、创建通道
-
peer命令生成通道,将channel.tx复制到channel-artifacts文件夹下
#设置并查看通道名 export CHANNEL_NAME=secondchannel echo $CHANNEL_NAME #生成通道 peer channel create -o orderer.test.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/test.com/orderers/orderer.test.com/msp/tlscacerts/tlsca.test.com-cert.pem
运行结果:
2020-08-03 07:14:06.722 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized 2020-08-03 07:14:06.899 UTC [cli.common] readBlock -> INFO 002 Received block: 0
运行结果生成secondchannel.block文件,可以当前目录下使用
ll
命令查看total 40 drwxr-xr-x 5 root root 4096 Aug 3 07:14 ./ drwxr-xr-x 3 root root 4096 Aug 3 07:08 ../ drwxr-xr-x 2 1000 1000 4096 Aug 3 07:03 channel-artifacts/ drwxr-xr-x 4 1000 1000 4096 Aug 3 06:53 crypto/ -rw-r--r-- 1 root root 17973 Aug 3 07:14 secondchannel.block drwxr-xr-x 2 root root 4096 Aug 3 07:08 scripts/
7.3、各节点加入通道
-
将每个组织的每个节点分别加入通道中,通过客户端完成
-
客户端每次只能链接一个peer节点,因此需要不断的重新设置环境变量
首先将当前节点加入通道中
peer channel join -b secondchannel.block
切换每个节点的环境变量,然后将节点加入到通道中
#将orga的peer1节点加入通道 export CORE_PEER_ADDRESS=peer1.orga.test.com:8051 export CORE_PEER_LOCALMSPID=OrgaMSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/users/[email protected]/msp export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls/server.crt export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls/server.key export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer1.orga.test.com/tls/ca.crt peer channel join -b secondchannel.block #将org2的peer0节点加入通道 export CORE_PEER_ADDRESS=peer0.orgb.test.com:9051 export CORE_PEER_LOCALMSPID=OrgbMSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/users/[email protected]/msp export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls/server.crt export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls/server.key export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer0.orgb.test.com/tls/ca.crt peer channel join -b secondchannel.block #将org2的peer1节点加入通道 export CORE_PEER_ADDRESS=peer1.orgb.test.com:10051 export CORE_PEER_LOCALMSPID=OrgbMSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/users/[email protected]/msp export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls/server.crt export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls/server.key export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orgb.test.com/peers/peer1.orgb.test.com/tls/ca.crt peer channel join -b secondchannel.block
-
7.4、更新锚节点
-
(如果锚节点没有更新,则不需要执行此步)
通道更新,它会传递到通道的定义中去。实际上,我们在通道创世区块的头部添加了额外的配置信息。注意我们没有编辑创世区块,但是简单的把将会定义锚节点的增量添加到了链中。
更新通道定义,将 Orga 的锚节点定义为
peer0.orga.test.com
#配置组织1的环境变量 export CORE_PEER_ADDRESS=peer0.orga.test.com:7051 export CORE_PEER_LOCALMSPID=OrgaMSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/users/[email protected]/msp export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.crt export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/server.key export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/orga.test.com/peers/peer0.orga.test.com/tls/ca.crt #更新锚节点 peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
将Org2的锚节点定义为
peer0.org2.example.com
#配置组织2的环境变量 export CORE_PEER_ADDRESS=peer0.org2.example.com:9051 export CORE_PEER_LOCALMSPID=Org2MSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp export CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt export CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt #更新锚节点 peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org2MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
7.5、安装及初始化链码
-
给每个peer节点安装智能合约->链代码
-
可选语言Golang,java,Node.js
#设置文件权限 sudo chmod 777 chaincode sudo chmod 777 scripts #将官方提供的链码文件copy到工程目录下 sudo cp ~/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/chaincode/chaincode_example02/go/chaincode_example02.go ~/fabricnewsample/chaincode/ #设置链码文件权限 sudo chmod 777 ./chaincode/chaincode_example02.go #客户端容器中安装链码,重新设置环境变量,需要的背书节点都要执行一遍安装链码 $ peer chaincode install -n 链码的名字 -v 链码的版本 -l 链码的语言 -p 链码的位置 peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/
运行结果
2020-08-03 16:39:48.709 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc 2020-08-03 16:39:48.710 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc 2020-08-03 16:39:50.540 UTC [chaincodeCmd] install -> INFO 003 Installed remotely response:<status:200 payload:"OK" >
-
对智能合约进行初始化,对应智能合约中的init函数
-
只需要在任意节点初始化一次即可,数据会自动同步到各个组织的各个节点
peer chaincode instantiate -o orderer节点地址:端口 --tls --cafile orderer节点的pem格式的证书文件 -C 通道名称 -n 链码名称 -l 链码语言 -v 链码版本 -c 链码函数调用 -P 背书策略 peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "AND ('Org1MSP.peer','Org2MSP.peer')"
-
7.6、查询,调用链码转账
#查询账户
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
#转账交易
peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["invoke","a","b","10"]}'