Fabric建链docker-compose方式（客户端与节点主机分离）

本文主要是介绍Fabric建链docker-compose方式（客户端与节点主机分离），希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

一、客户端准备
- 1.1、准备链目录和配置文件
- 1.2、设置环境变量
- 1.3、初始化和启动fabric-ca-server
- 1.4、登记ca的admin用户
二、准备组织org1
- 2.1、准备组织目录
- 2.2、生成组织org1的msp配置
三、准备peer0节点
- 3.1、注册peer0
- 3.2、注册peer组织org1的user
- 3.3、注册peer组织org1的admin
- 3.4、登记peer0
- 3.5、登记peer0的tls
- 3.6、登记peer组织org1的user
- 3.7、登记peer组织org1的admin
四、准备orderer0节点
- 4.1、注册orderer0
- 4.2、注册orderer组织org1的admin
- 4.3、登记orderer0
- 4.4、登记orderer0的tls
- 4.5、登记orderer组织org1的admin
五、准备创世区块
六、服务端准备
- 6.1、准备peer0
- 6.2、准备orderer0
- 6.3、docker-compose启动节点
七、创建应用通道channel1
- 7.1、创建应用通道tx交易文件
- 7.2、创建应用通道区块
- 7.3、peer0加入应用通道
- 7.4、获取应用通道最近的配置块
- 7.5、生成锚节点更新配置文件
- 7.6、提交更新通道配置交易
八、部署链码发送交易
- 8.1、编译打包链码
- 8.2、部署链码
- 8.3、发送交易

前文 Fabric二进制建链（客户端与节点主机分离）启动节点都是在主机本地，这里将换用docker容器启动各个节点，同样也是保证客户端和节点主机不在一个机器。假设客户端主机在192.168.2.195，在节点主机192.168.3.128部署1个orderer节点和1个peer节点。

拉下来Fabric v2.2.0相关的docker镜像：

hyperledger/fabric-tools:2.2.0     # 包含二进制工具
hyperledger/fabric-peer:2.2.0      # 对等节点
hyperledger/fabric-orderer:2.2.0   # 排序节点
hyperledger/fabric-ccenv:2.2.0     # 合约运行环境
hyperledger/fabric-baseos:2.2.0    # 基础操作系统
hyperledger/fabric-nodeenv:2.2.0   # 提供node环境
hyperledger/fabric-javaenv:2.2.0   # 提供java环境
hyperledger/fabric-ca:1.4.7        # 身份认证和秘钥管理

节点主机192.168.3.128上需要的docker-compose配置：

version: '2'volumes:orderer0.org1.example.com:peer0.org1.example.com:networks:dev:name: fabric_devservices:orderer0.org1.example.com:container_name: orderer0.org1.example.comimage: hyperledger/fabric-orderer:2.2.0environment:#- FABRIC_LOGGING_SPEC=INFO- FABRIC_LOGGING_SPEC=DEBUG- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0- ORDERER_GENERAL_LISTENPORT=7050- ORDERER_GENERAL_GENESISMETHOD=file- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block- ORDERER_GENERAL_LOCALMSPID=OrdererOrg1MSP- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:17050# enabled TLS- ORDERER_GENERAL_TLS_ENABLED=true- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1- ORDERER_KAFKA_VERBOSE=true- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]working_dir: /opt/gopath/src/github.com/hyperledger/fabriccommand: orderervolumes:- /home/songzehao/fabric/config/system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp:/var/hyperledger/orderer/msp- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/:/var/hyperledger/orderer/tls- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com:/var/hyperledger/production/ordererports:- 7050:7050- 17050:17050networks:- devpeer0.org1.example.com:container_name: peer0.org1.example.comimage: hyperledger/fabric-peer:2.2.0environment:#Generic peer variables- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_dev#- FABRIC_LOGGING_SPEC=INFO- FABRIC_LOGGING_SPEC=DEBUG- CORE_PEER_TLS_ENABLED=true- CORE_PEER_PROFILE_ENABLED=false- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt# Peer specific variabes- CORE_PEER_ID=peer0.org1.example.com- CORE_PEER_ADDRESS=0.0.0.0:7051- CORE_PEER_LISTENADDRESS=0.0.0.0:7051#- CORE_PEER_CHAINCODEADDRESS=0.0.0.0:7052- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052- CORE_PEER_GOSSIP_BOOTSTRAP=0.0.0.0:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=0.0.0.0:7051- CORE_PEER_LOCALMSPID=Org1MSP- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:17051volumes:- /var/run/docker.sock:/host/var/run/docker.sock- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/peer0.org1.example.com:/var/hyperledger/productionworking_dir: /opt/gopath/src/github.com/hyperledger/fabric/peercommand: peer node startports:- 7051:7051- 17051:17051networks:- dev

一、客户端准备

1.1、准备链目录和配置文件

mkdir -p ~/fabric/organizations/ordererOrganizations
mkdir -p ~/fabric/organizations/peerOrganizationsmkdir -p ~/fabric/bin
# fabric-ca-server
# fabric-ca-client
# peer
# configtxgen
# configtxlatormkdir -p ~/fabric/config
# configtx.yamlmkdir -p ~/fabric/log

configtx.yaml模板：

Organizations:- &OrdererOrg1Name: OrdererOrg1SkipAsForeign: falseID: OrdererOrg1MSPMSPDir: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/mspPolicies:Readers:Type: SignatureRule: "OR('OrdererOrg1MSP.member')"Writers:Type: SignatureRule: "OR('OrdererOrg1MSP.member')"Admins:Type: SignatureRule: "OR('OrdererOrg1MSP.admin')"OrdererEndpoints:- "192.168.3.128:7050"- &Org1Name: Org1MSPSkipAsForeign: falseID: Org1MSPMSPDir: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/mspPolicies:Readers:Type: SignatureRule: "OR('Org1MSP.member')"Writers:Type: SignatureRule: "OR('Org1MSP.member')"Admins:Type: SignatureRule: "OR('Org1MSP.admin')"Endorsement:Type: SignatureRule: "OR('Org1MSP.member')"AnchorPeers:- Host: 192.168.3.128Port: 7051Capabilities:Channel: &ChannelCapabilitiesV2_0: trueOrderer: &OrdererCapabilitiesV2_0: trueApplication: &ApplicationCapabilitiesV2_0: trueApplication: &ApplicationDefaultsOrganizations:Policies:LifecycleEndorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Endorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"Capabilities:<<: *ApplicationCapabilitiesOrderer: &OrdererDefaultsOrdererType: etcdraftAddresses:- 192.168.3.128:7050EtcdRaft:Consenters:- Host: 192.168.3.128Port: 7050ClientTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crtServerTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crtBatchTimeout: 2sBatchSize:MaxMessageCount: 10AbsoluteMaxBytes: 99 MBPreferredMaxBytes: 521 KBMaxChannels: 0Organizations:Policies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"BlockValidation:Type: ImplicitMetaRule: "ANY Writers"Channel: &ChannelDefaultsPolicies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"Capabilities:<<: *ChannelCapabilitiesProfiles:OneOrgOrdererGenesis:<<: *ChannelDefaultsOrderer:<<: *OrdererDefaultsOrganizations:- *OrdererOrg1Capabilities:<<: *OrdererCapabilitiesConsortiums:SampleConsortium:Organizations:- *Org1Channel1:Consortium: SampleConsortium<<: *ChannelDefaultsApplication:<<: *ApplicationDefaultsOrganizations:- *Org1Capabilities:<<: *ApplicationCapabilities

还需要ca-server的配置文件fabric-ca-server-config.yaml：

version: 1.2.0port: 7054debug: falsecrlsizelimit: 512000tls:# Enable TLS (default: false)enabled: true# TLS for the server's listening portcertfile:keyfile:clientauth:type: noclientcertcertfiles:ca:name: ca-org1keyfile:certfile:chainfile:crl:expiry: 24hregistry:maxenrollments: -1identities:- name: adminpass: adminpwtype: clientaffiliation: ""attrs:hf.Registrar.Roles: "*"hf.Registrar.DelegateRoles: "*"hf.Revoker: truehf.IntermediateCA: truehf.GenCRL: truehf.Registrar.Attributes: "*"hf.AffiliationMgr: truedb:type: sqlite3datasource: fabric-ca-server.dbtls:enabled: falsecertfiles:client:certfile:keyfile:ldap:enabled: falseurl: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>tls:certfiles:client:certfile:keyfile:attribute:names: ['uid','member']converters:- name:value:maps:groups:- name:value:affiliations:org1:- department1- department2org2:- department1signing:default:usage:- digital signatureexpiry: 8760hprofiles:ca:usage:- cert sign- crl signexpiry: 43800hcaconstraint:isca: truemaxpathlen: 0tls:usage:- signing- key encipherment- server auth- client auth- key agreementexpiry: 8760hcsr:cn: ca.org1.example.comnames:- C: USST: "North Carolina"L: "Durham"O: org1.example.comOU:hosts:- 192.168.2.195ca:expiry: 131400hpathlength: 1bccsp:default: SWsw:hash: SHA2security: 256filekeystore:# The directory used for the software file-based keystorekeystore: msp/keystorecacount:cafiles:intermediate:parentserver:url:caname:enrollment:hosts:profile:label:tls:certfiles:client:certfile:keyfile:

目录如下：

/home/songzehao/fabric
├── bin
│   ├── configtxgen
│   ├── configtxlator
│   ├── fabric-ca-client
│   ├── fabric-ca-server
│   └── peer
├── config
│   └── configtx.yaml
├── fabric-ca-server-config.yaml
├── log
└── organizations├── ordererOrganizations└── peerOrganizations6 directories, 6 files

1.2、设置环境变量

export PATH=/home/songzehao/fabric/bin:$PATH
export FABRIC_CA_CLIENT_HOME=/home/songzehao/fabric/fabric-ca-client
export FABRIC_CFG_PATH=/home/songzehao/fabric/config

1.3、初始化和启动fabric-ca-server

初始化：

fabric-ca-server init -b admin:adminpw

启动：

nohup fabric-ca-server start -b admin:adminpw >> ~/fabric/log/fabric-ca-server.log 2>&1 &

1.4、登记ca的admin用户

fabric-ca-client enroll -u https://admin:adminpw@192.168.2.195:7054 --caname ca-org1 --tls.certfiles ~/fabric/ca-cert.pem

到这一步的目录如下：

/home/songzehao/fabric
├── bin
│   ├── configtxgen
│   ├── fabric-ca-client
│   ├── fabric-ca-server
│   └── peer
├── ca-cert.pem
├── config
│   └── configtx.yaml
├── fabric-ca-client
│   ├── fabric-ca-client-config.yaml
│   └── msp
│       ├── cacerts
│       │   └── 192-168-2-195-7054-ca-org1.pem
│       ├── IssuerPublicKey
│       ├── IssuerRevocationPublicKey
│       ├── keystore
│       │   └── c7292654834ac0d85b2af25206296449117b39a0f124b6faa4247ea3752863bd_sk
│       ├── signcerts
│       │   └── cert.pem
│       └── user
├── fabric-ca-server-config.yaml
├── fabric-ca-server.db
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── log
│   └── fabric-ca-server.log
├── msp
│   ├── cacerts
│   ├── keystore
│   │   ├── e0f304d534998a7756e8be945abd630a235dbd3125c768a7d2be54e708f739da_sk
│   │   ├── f9300aaa0a24d69fdc62cfb30384870f9b8184fca4b14416e075d38ed0e1bdd2_sk
│   │   ├── IssuerRevocationPrivateKey
│   │   └── IssuerSecretKey
│   ├── signcerts
│   └── user
├── organizations
│   ├── ordererOrganizations
│   └── peerOrganizations
└── tls-cert.pem17 directories, 22 files

二、准备组织org1

2.1、准备组织目录

mkdir -p ~/fabric/organizations/peerOrganizations/org1.example.com/msp
mkdir -p ~/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com
mkdir -p ~/fabric/organizations/ordererOrganizations/org1.example.com/msp
mkdir -p ~/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com

2.2、生成组织org1的msp配置

echo 'NodeOUs:Enable: trueClientOUIdentifier:Certificate: cacerts/192-168-2-195-7054-ca-org1.pemOrganizationalUnitIdentifier: clientPeerOUIdentifier:Certificate: cacerts/192-168-2-195-7054-ca-org1.pemOrganizationalUnitIdentifier: peerAdminOUIdentifier:Certificate: cacerts/192-168-2-195-7054-ca-org1.pemOrganizationalUnitIdentifier: adminOrdererOUIdentifier:Certificate: cacerts/192-168-2-195-7054-ca-org1.pemOrganizationalUnitIdentifier: orderer' > /home/songzehao/fabric/config.yaml

并拷贝org1的ca证书到org1的/msp/tlscacerts、/tlsca和/ca目录：

mkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/tlscacerts
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crtmkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/tlsca
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pemmkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ca
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem

三、准备peer0节点

3.1、注册peer0

fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles /home/songzehao/fabric/ca-cert.pem

3.2、注册peer组织org1的user

fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles /home/songzehao/fabric/ca-cert.pem

3.3、注册peer组织org1的admin

fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles /home/songzehao/fabric/ca-cert.pem

3.4、登记peer0

fabric-ca-client enroll -u https://peer0:peer0pw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem

并拷贝该组织的msp配置文件到peer0节点目录下：

cp /home/songzehao/fabric/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yamlcp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml

3.5、登记peer0的tls

fabric-ca-client enroll -u https://peer0:peer0pw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls --enrollment.profile tls --csr.hosts 192.168.3.128 --tls.certfiles /home/songzehao/fabric/ca-cert.pem

3.6、登记peer组织org1的user

cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.keyfabric-ca-client enroll -u https://user1:user1pw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pemcp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/config.yaml

3.7、登记peer组织org1的admin

fabric-ca-client enroll -u https://org1admin:org1adminpw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pemcp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml

四、准备orderer0节点

在ordererOrganizations/org1.example.com/msp目录下，创建tlscacerts子目录：

mkdir -p /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/tlscacerts

拷贝组织的ca证书到tlscacerts子目录：

cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

创建~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca目录：

mkdir ~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca

拷贝组织的ca证书到tlsca子目录：

cp /home/songzehao/fabric/ca-cert.pem ~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem

4.1、注册orderer0

fabric-ca-client register --caname ca-org1 --id.name orderer0 --id.secret orderer0pw --id.type orderer --tls.certfiles /home/songzehao/fabric/ca-cert.pem

4.2、注册orderer组织org1的admin

fabric-ca-client register --caname ca-org1 --id.name ordererOrg1Admin --id.secret ordererOrg1Adminpw --id.type admin --tls.certfiles /home/songzehao/fabric/ca-cert.pem

4.3、登记orderer0

fabric-ca-client enroll -u https://orderer0:orderer0pw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem

并拷贝msp配置文件到orderer0节点目录下：

cp /home/songzehao/fabric/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yamlcp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/config.yaml

4.4、登记orderer0的tls

fabric-ca-client enroll -u https://orderer0:orderer0pw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls --enrollment.profile tls --csr.hosts 192.168.3.128 --tls.certfiles /home/songzehao/fabric/ca-cert.pem

拷贝到tls目录下，并重命名为更好看的文件名：

cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/ca.crt
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/signcerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/keystore/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.key

拷贝该tlsca证书到orderer0节点目录下msp/tlscacerts目录：

mkdir -p /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

4.5、登记orderer组织org1的admin

fabric-ca-client enroll -u https://ordererOrg1Admin:ordererOrg1Adminpw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem

拷贝msp配置文件到管理员的msp目录下：

cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml

五、准备创世区块

走到这一步，组织目录下msp/只有tlscacerts目录，缺少cacert：

/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/
├── config.yaml
└── tlscacerts└── tlsca.org1.example.com-cert.pem1 directory, 2 files

所以先将orderer0的msp目录下的cacert，即~/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/cacerts/放到~/fabric/organizations/ordererOrganizations/org1.example.com/msp/cacerts/，顺带给peer0也一起处理：

cp -r /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/cacerts /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp
cp -r /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp

更改configtx.yaml：

Organizations:- &OrdererOrg1Name: OrdererOrg1SkipAsForeign: falseID: OrdererOrg1MSPMSPDir: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/mspPolicies:Readers:Type: SignatureRule: "OR('OrdererOrg1MSP.member')"Writers:Type: SignatureRule: "OR('OrdererOrg1MSP.member')"Admins:Type: SignatureRule: "OR('OrdererOrg1MSP.admin')"OrdererEndpoints:- "192.168.3.128:7050"- &Org1Name: Org1MSPSkipAsForeign: falseID: Org1MSPMSPDir: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/mspPolicies:Readers:Type: SignatureRule: "OR('Org1MSP.member')"Writers:Type: SignatureRule: "OR('Org1MSP.member')"Admins:Type: SignatureRule: "OR('Org1MSP.admin')"Endorsement:Type: SignatureRule: "OR('Org1MSP.member')"AnchorPeers:- Host: 192.168.3.128Port: 7051Capabilities:Channel: &ChannelCapabilitiesV2_0: trueOrderer: &OrdererCapabilitiesV2_0: trueApplication: &ApplicationCapabilitiesV2_0: trueApplication: &ApplicationDefaultsOrganizations:Policies:LifecycleEndorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Endorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"Capabilities:<<: *ApplicationCapabilitiesOrderer: &OrdererDefaultsOrdererType: etcdraftAddresses:- 192.168.3.128:7050EtcdRaft:Consenters:- Host: 192.168.3.128Port: 7050ClientTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crtServerTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crtBatchTimeout: 2sBatchSize:MaxMessageCount: 10AbsoluteMaxBytes: 99 MBPreferredMaxBytes: 521 KBMaxChannels: 0Organizations:Policies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"BlockValidation:Type: ImplicitMetaRule: "ANY Writers"Channel: &ChannelDefaultsPolicies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"Capabilities:<<: *ChannelCapabilitiesProfiles:OneOrgOrdererGenesis:<<: *ChannelDefaultsOrderer:<<: *OrdererDefaultsOrganizations:- *OrdererOrg1Capabilities:<<: *OrdererCapabilitiesConsortiums:SampleConsortium:Organizations:- *Org1Channel1:Consortium: SampleConsortium<<: *ChannelDefaultsApplication:<<: *ApplicationDefaultsOrganizations:- *Org1Capabilities:<<: *ApplicationCapabilities

创建创世块：

configtxgen -profile OneOrgOrdererGenesis -channelID system-channel -outputBlock /home/songzehao/fabric/config/system-genesis-block/genesis.block

六、服务端准备

6.1、准备peer0

在节点主机创建同样的链组织节点目录：

mkdir -p ~/fabric/organizations/peerOrganizations/

从客户端主机传送peer组织目录到peer0节点主机：

scp -r /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ songzehao@192.168.3.128:/home/songzehao/fabric/organizations/peerOrganizations

调整docker-compose.yaml中peer0相关的部分：

version: '2'volumes:orderer0.org1.example.com:peer0.org1.example.com:networks:dev:name: fabric_devservices:peer0.org1.example.com:container_name: peer0.org1.example.comimage: hyperledger/fabric-peer:2.2.0environment:#Generic peer variables- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_dev#- FABRIC_LOGGING_SPEC=INFO- FABRIC_LOGGING_SPEC=DEBUG- CORE_PEER_TLS_ENABLED=true- CORE_PEER_PROFILE_ENABLED=false- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt# Peer specific variabes- CORE_PEER_ID=peer0.org1.example.com- CORE_PEER_ADDRESS=0.0.0.0:7051- CORE_PEER_LISTENADDRESS=0.0.0.0:7051#- CORE_PEER_CHAINCODEADDRESS=0.0.0.0:7052- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052- CORE_PEER_GOSSIP_BOOTSTRAP=192.168.3.128:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=0.0.0.0:7051- CORE_PEER_LOCALMSPID=Org1MSP- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:17051volumes:- /var/run/docker.sock:/host/var/run/docker.sock- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/peer0.org1.example.com:/var/hyperledger/productionworking_dir: /opt/gopath/src/github.com/hyperledger/fabric/peercommand: peer node startports:- 7051:7051- 17051:17051networks:- dev

6.2、准备orderer0

在节点主机创建同样的链组织节点目录。

mkdir -p ~/fabric/organizations/ordererOrganizations/
mkdir -p ~/fabric/config/system-genesis-block/

从客户端主机传送orderer组织目录到orderer0节点主机：

scp -r /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/ songzehao@192.168.3.128:/home/songzehao/fabric/organizations/ordererOrganizations
scp -r /home/songzehao/fabric/config/system-genesis-block/genesis.block songzehao@192.168.3.128:/home/songzehao/fabric/config/system-genesis-block/

调整docker-compose.yaml中orderer0相关的部分：

version: '2'volumes:orderer0.org1.example.com:peer0.org1.example.com:networks:dev:name: fabric_devservices:orderer0.org1.example.com:container_name: orderer0.org1.example.comimage: hyperledger/fabric-orderer:2.2.0environment:#- FABRIC_LOGGING_SPEC=INFO- FABRIC_LOGGING_SPEC=DEBUG- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0- ORDERER_GENERAL_LISTENPORT=7050- ORDERER_GENERAL_GENESISMETHOD=file- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block- ORDERER_GENERAL_LOCALMSPID=OrdererOrg1MSP- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:17050# enabled TLS- ORDERER_GENERAL_TLS_ENABLED=true- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1- ORDERER_KAFKA_VERBOSE=true- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]working_dir: /opt/gopath/src/github.com/hyperledger/fabriccommand: orderervolumes:- /home/songzehao/fabric/config/system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp:/var/hyperledger/orderer/msp- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/:/var/hyperledger/orderer/tls- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com:/var/hyperledger/production/ordererports:- 7050:7050- 17050:17050networks:- dev

6.3、docker-compose启动节点

客户端传送docker-compose.yaml到节点主机之后，节点主机启动节点：

docker-compose -f docker-compose.yaml up -d

七、创建应用通道channel1

7.1、创建应用通道tx交易文件

configtxgen -profile Channel1 -outputCreateChannelTx /home/songzehao/fabric/config/channel-artifacts/channel1.tx -channelID channel1

7.2、创建应用通道区块

首先需要在客户端主机配置peer0相关环境变量：

export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=192.168.3.128:7051
export CORE_PEER_GOSSIP_EXTERNALENDPOINT=192.168.3.128:7051

【注意】：客户端也需要一份core.yaml才能成功执行peer客户端命令。

再创建channel1区块：

peer channel create -o 192.168.3.128:7050 -c channel1 -f /home/songzehao/fabric/config/channel-artifacts/channel1.tx --outputBlock /home/songzehao/fabric/config/channel-artifacts/channel1.block --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

7.3、peer0加入应用通道

peer channel join -b /home/songzehao/fabric/config/channel-artifacts/channel1.block

7.4、获取应用通道最近的配置块

peer channel fetch config /home/songzehao/fabric/config/channel-artifacts/config_block.pb -o 192.168.3.128:7050 -c channel1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

7.5、生成锚节点更新配置文件

protobuf序列化（编码）后的.pb配置文件，转化为.json格式：

configtxlator proto_decode --input /home/songzehao/fabric/config/channel-artifacts/config_block.pb --type common.Block --output /home/songzehao/fabric/config/channel-artifacts/config_block.json

抽取配置部分的json，得到原始配置：

jq .data.data[0].payload.data.config /home/songzehao/fabric/config/channel-artifacts/config_block.json > /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json

进一步追加锚节点peer0信息到Org1MSP的values部分，得到更改后配置：

jq '.channel_group.groups.Application.groups.Org1MSP.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "192.168.3.128","port": 7051}]},"version": "0"}}' /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json > /home/songzehao/fabric/config/channel-artifacts/Org1MSPmodified_config.json

protobuf编码原始配置：

configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json --type common.Config --output /home/songzehao/fabric/config/channel-artifacts/original_config.pb

protobuf编码更改后配置：

configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/Org1MSPmodified_config.json --type common.Config --output /home/songzehao/fabric/config/channel-artifacts/modified_config.pb

计算更改前后的配置差异，得到.pb的差异配置：

configtxlator compute_update --channel_id channel1 --original /home/songzehao/fabric/config/channel-artifacts/original_config.pb --updated /home/songzehao/fabric/config/channel-artifacts/modified_config.pb --output /home/songzehao/fabric/config/channel-artifacts/config_update.pb

protobuf解码为.json格式：

configtxlator proto_decode --input /home/songzehao/fabric/config/channel-artifacts/config_update.pb --type common.ConfigUpdate --output /home/songzehao/fabric/config/channel-artifacts/config_update.json

追加.json格式的差异文件内容到新包装后的.json文件：

echo '{"payload":{"header":{"channel_header":{"channel_id":"channel1", "type":2}},"data":{"config_update":'$(cat /home/songzehao/fabric/config/channel-artifacts/config_update.json)'}}}' | jq . > /home/songzehao/fabric/config/channel-artifacts/config_update_in_envelope.json

编码为Envelope类型的新的交易文件：

configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/config_update_in_envelope.json --type common.Envelope --output /home/songzehao/fabric/config/channel-artifacts/Org1MSPanchors.tx

7.6、提交更新通道配置交易

peer channel update -o 192.168.3.128:7050 -c channel1 -f /home/songzehao/fabric/config/channel-artifacts/Org1MSPanchors.tx --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

八、部署链码发送交易

8.1、编译打包链码

将fabric-samples示例工程https://github.com/hyperledger/fabric-samples/tree/v2.2.0/拉下来：

git clone -b v2.2.0 https://gitee.com/hyperledger/fabric-samples.git

以其中一个asset-transfer-basic链码举例，编译该java链码，并打包为basic.tar.gz：

rm -rf ~/fabric/fabric-samples/asset-transfer-basic/chaincode-java/build/install/./gradlew installDistpeer lifecycle chaincode package ~/fabric/config/basic.tar.gz --path ~/fabric/fabric-samples/asset-transfer-basic/chaincode-java/build/install/basic --lang java --label basic_1.0

8.2、部署链码

进行链码安装：

peer lifecycle chaincode install /home/songzehao/fabric/config/basic.tar.gz

查看已安装的链码：

peer lifecycle chaincode queryinstalled

批准链码定义：

peer lifecycle chaincode approveformyorg -o 192.168.3.128:7050 --channelID channel1 --name basic --version 1.0 --package-id basic_1.0:67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773 --sequence 1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

检查批准状态：

peer lifecycle chaincode queryapproved -C channel1 -n basic

检查提交就绪状态：

peer lifecycle chaincode checkcommitreadiness --channelID channel1 --name basic --version 1.0 --sequence 1 --output json

提交到peer0：

peer lifecycle chaincode commit -o 192.168.3.128:7050 --channelID channel1 --name basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --version 1.0 --sequence 1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

检查提交状态：

peer lifecycle chaincode querycommitted --channelID channel1 --name basic --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

docker验证新的链代码是否已在您的对等点192.168.3.128上提交启动：

docker ps --no-trunc
CONTAINER ID                                                       IMAGE                                                                                                                                                                    COMMAND                                                     CREATED              STATUS              PORTS     NAMES
660ab24842f1c96dc644f931b6540befca1cfb953399d880d9fe6e02560e4dc0   dev-peer0.org1.example.com-basic_1.0-67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773-4ae135e5fa18d99cbd8dc7e8907079b31a3f779d0137e69204d3307d30236441   "/root/chaincode-java/start --peerAddress localhost:7052"   About a minute ago   Up About a minute             dev-peer0.org1.example.com-basic_1.0-67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773

8.3、发送交易

发交易，初始化资产（调用链码的初始化方法InitLedger）：

peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"InitLedger","Args":[]}'

查询初始化后的资产（调用链码的GetAllAssets方法）：

peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"GetAllAssets","Args":[]}'

发交易，新增资产（调用链码的初始化方法CreateAsset）：

peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"CreateAsset","Args":["asset7", "pink", "18", "Jay", "800"]}'

这篇关于Fabric建链docker-compose方式（客户端与节点主机分离）的文章就介绍到这儿，希望我们推荐的文章对编程师们有所帮助！