本文主要是介绍Fabric建链docker-compose方式(客户端与节点主机分离),希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
目录
- 一、客户端准备
- 1.1、准备链目录和配置文件
- 1.2、设置环境变量
- 1.3、初始化和启动fabric-ca-server
- 1.4、登记ca的admin用户
- 二、准备组织org1
- 2.1、准备组织目录
- 2.2、生成组织org1的msp配置
- 三、准备peer0节点
- 3.1、注册peer0
- 3.2、注册peer组织org1的user
- 3.3、注册peer组织org1的admin
- 3.4、登记peer0
- 3.5、登记peer0的tls
- 3.6、登记peer组织org1的user
- 3.7、登记peer组织org1的admin
- 四、准备orderer0节点
- 4.1、注册orderer0
- 4.2、注册orderer组织org1的admin
- 4.3、登记orderer0
- 4.4、登记orderer0的tls
- 4.5、登记orderer组织org1的admin
- 五、准备创世区块
- 六、服务端准备
- 6.1、准备peer0
- 6.2、准备orderer0
- 6.3、docker-compose启动节点
- 七、创建应用通道channel1
- 7.1、创建应用通道tx交易文件
- 7.2、创建应用通道区块
- 7.3、peer0加入应用通道
- 7.4、获取应用通道最近的配置块
- 7.5、生成锚节点更新配置文件
- 7.6、提交更新通道配置交易
- 八、部署链码发送交易
- 8.1、编译打包链码
- 8.2、部署链码
- 8.3、发送交易
前文 Fabric二进制建链(客户端与节点主机分离)启动节点都是在主机本地,这里将换用docker容器启动各个节点,同样也是保证客户端和节点主机不在一个机器。假设客户端主机在192.168.2.195,在节点主机192.168.3.128部署1个orderer节点和1个peer节点。
拉下来Fabric v2.2.0
相关的docker镜像:
hyperledger/fabric-tools:2.2.0 # 包含二进制工具
hyperledger/fabric-peer:2.2.0 # 对等节点
hyperledger/fabric-orderer:2.2.0 # 排序节点
hyperledger/fabric-ccenv:2.2.0 # 合约运行环境
hyperledger/fabric-baseos:2.2.0 # 基础操作系统
hyperledger/fabric-nodeenv:2.2.0 # 提供node环境
hyperledger/fabric-javaenv:2.2.0 # 提供java环境
hyperledger/fabric-ca:1.4.7 # 身份认证和秘钥管理
节点主机192.168.3.128上需要的docker-compose
配置:
version: '2'volumes:orderer0.org1.example.com:peer0.org1.example.com:networks:dev:name: fabric_devservices:orderer0.org1.example.com:container_name: orderer0.org1.example.comimage: hyperledger/fabric-orderer:2.2.0environment:#- FABRIC_LOGGING_SPEC=INFO- FABRIC_LOGGING_SPEC=DEBUG- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0- ORDERER_GENERAL_LISTENPORT=7050- ORDERER_GENERAL_GENESISMETHOD=file- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block- ORDERER_GENERAL_LOCALMSPID=OrdererOrg1MSP- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:17050# enabled TLS- ORDERER_GENERAL_TLS_ENABLED=true- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1- ORDERER_KAFKA_VERBOSE=true- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]working_dir: /opt/gopath/src/github.com/hyperledger/fabriccommand: orderervolumes:- /home/songzehao/fabric/config/system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp:/var/hyperledger/orderer/msp- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/:/var/hyperledger/orderer/tls- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com:/var/hyperledger/production/ordererports:- 7050:7050- 17050:17050networks:- devpeer0.org1.example.com:container_name: peer0.org1.example.comimage: hyperledger/fabric-peer:2.2.0environment:#Generic peer variables- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_dev#- FABRIC_LOGGING_SPEC=INFO- FABRIC_LOGGING_SPEC=DEBUG- CORE_PEER_TLS_ENABLED=true- CORE_PEER_PROFILE_ENABLED=false- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt# Peer specific variabes- CORE_PEER_ID=peer0.org1.example.com- CORE_PEER_ADDRESS=0.0.0.0:7051- CORE_PEER_LISTENADDRESS=0.0.0.0:7051#- CORE_PEER_CHAINCODEADDRESS=0.0.0.0:7052- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052- CORE_PEER_GOSSIP_BOOTSTRAP=0.0.0.0:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=0.0.0.0:7051- CORE_PEER_LOCALMSPID=Org1MSP- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:17051volumes:- /var/run/docker.sock:/host/var/run/docker.sock- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/peer0.org1.example.com:/var/hyperledger/productionworking_dir: /opt/gopath/src/github.com/hyperledger/fabric/peercommand: peer node startports:- 7051:7051- 17051:17051networks:- dev
一、客户端准备
1.1、准备链目录和配置文件
mkdir -p ~/fabric/organizations/ordererOrganizations
mkdir -p ~/fabric/organizations/peerOrganizationsmkdir -p ~/fabric/bin
# fabric-ca-server
# fabric-ca-client
# peer
# configtxgen
# configtxlatormkdir -p ~/fabric/config
# configtx.yamlmkdir -p ~/fabric/log
configtx.yaml
模板:
Organizations:- &OrdererOrg1Name: OrdererOrg1SkipAsForeign: falseID: OrdererOrg1MSPMSPDir: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/mspPolicies:Readers:Type: SignatureRule: "OR('OrdererOrg1MSP.member')"Writers:Type: SignatureRule: "OR('OrdererOrg1MSP.member')"Admins:Type: SignatureRule: "OR('OrdererOrg1MSP.admin')"OrdererEndpoints:- "192.168.3.128:7050"- &Org1Name: Org1MSPSkipAsForeign: falseID: Org1MSPMSPDir: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/mspPolicies:Readers:Type: SignatureRule: "OR('Org1MSP.member')"Writers:Type: SignatureRule: "OR('Org1MSP.member')"Admins:Type: SignatureRule: "OR('Org1MSP.admin')"Endorsement:Type: SignatureRule: "OR('Org1MSP.member')"AnchorPeers:- Host: 192.168.3.128Port: 7051Capabilities:Channel: &ChannelCapabilitiesV2_0: trueOrderer: &OrdererCapabilitiesV2_0: trueApplication: &ApplicationCapabilitiesV2_0: trueApplication: &ApplicationDefaultsOrganizations:Policies:LifecycleEndorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Endorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"Capabilities:<<: *ApplicationCapabilitiesOrderer: &OrdererDefaultsOrdererType: etcdraftAddresses:- 192.168.3.128:7050EtcdRaft:Consenters:- Host: 192.168.3.128Port: 7050ClientTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crtServerTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crtBatchTimeout: 2sBatchSize:MaxMessageCount: 10AbsoluteMaxBytes: 99 MBPreferredMaxBytes: 521 KBMaxChannels: 0Organizations:Policies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"BlockValidation:Type: ImplicitMetaRule: "ANY Writers"Channel: &ChannelDefaultsPolicies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"Capabilities:<<: *ChannelCapabilitiesProfiles:OneOrgOrdererGenesis:<<: *ChannelDefaultsOrderer:<<: *OrdererDefaultsOrganizations:- *OrdererOrg1Capabilities:<<: *OrdererCapabilitiesConsortiums:SampleConsortium:Organizations:- *Org1Channel1:Consortium: SampleConsortium<<: *ChannelDefaultsApplication:<<: *ApplicationDefaultsOrganizations:- *Org1Capabilities:<<: *ApplicationCapabilities
还需要ca-server的配置文件fabric-ca-server-config.yaml
:
version: 1.2.0port: 7054debug: falsecrlsizelimit: 512000tls:# Enable TLS (default: false)enabled: true# TLS for the server's listening portcertfile:keyfile:clientauth:type: noclientcertcertfiles:ca:name: ca-org1keyfile:certfile:chainfile:crl:expiry: 24hregistry:maxenrollments: -1identities:- name: adminpass: adminpwtype: clientaffiliation: ""attrs:hf.Registrar.Roles: "*"hf.Registrar.DelegateRoles: "*"hf.Revoker: truehf.IntermediateCA: truehf.GenCRL: truehf.Registrar.Attributes: "*"hf.AffiliationMgr: truedb:type: sqlite3datasource: fabric-ca-server.dbtls:enabled: falsecertfiles:client:certfile:keyfile:ldap:enabled: falseurl: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>tls:certfiles:client:certfile:keyfile:attribute:names: ['uid','member']converters:- name:value:maps:groups:- name:value:affiliations:org1:- department1- department2org2:- department1signing:default:usage:- digital signatureexpiry: 8760hprofiles:ca:usage:- cert sign- crl signexpiry: 43800hcaconstraint:isca: truemaxpathlen: 0tls:usage:- signing- key encipherment- server auth- client auth- key agreementexpiry: 8760hcsr:cn: ca.org1.example.comnames:- C: USST: "North Carolina"L: "Durham"O: org1.example.comOU:hosts:- 192.168.2.195ca:expiry: 131400hpathlength: 1bccsp:default: SWsw:hash: SHA2security: 256filekeystore:# The directory used for the software file-based keystorekeystore: msp/keystorecacount:cafiles:intermediate:parentserver:url:caname:enrollment:hosts:profile:label:tls:certfiles:client:certfile:keyfile:
目录如下:
/home/songzehao/fabric
├── bin
│ ├── configtxgen
│ ├── configtxlator
│ ├── fabric-ca-client
│ ├── fabric-ca-server
│ └── peer
├── config
│ └── configtx.yaml
├── fabric-ca-server-config.yaml
├── log
└── organizations├── ordererOrganizations└── peerOrganizations6 directories, 6 files
1.2、设置环境变量
export PATH=/home/songzehao/fabric/bin:$PATH
export FABRIC_CA_CLIENT_HOME=/home/songzehao/fabric/fabric-ca-client
export FABRIC_CFG_PATH=/home/songzehao/fabric/config
1.3、初始化和启动fabric-ca-server
初始化:
fabric-ca-server init -b admin:adminpw
启动:
nohup fabric-ca-server start -b admin:adminpw >> ~/fabric/log/fabric-ca-server.log 2>&1 &
1.4、登记ca的admin用户
fabric-ca-client enroll -u https://admin:adminpw@192.168.2.195:7054 --caname ca-org1 --tls.certfiles ~/fabric/ca-cert.pem
到这一步的目录如下:
/home/songzehao/fabric
├── bin
│ ├── configtxgen
│ ├── fabric-ca-client
│ ├── fabric-ca-server
│ └── peer
├── ca-cert.pem
├── config
│ └── configtx.yaml
├── fabric-ca-client
│ ├── fabric-ca-client-config.yaml
│ └── msp
│ ├── cacerts
│ │ └── 192-168-2-195-7054-ca-org1.pem
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── keystore
│ │ └── c7292654834ac0d85b2af25206296449117b39a0f124b6faa4247ea3752863bd_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
├── fabric-ca-server-config.yaml
├── fabric-ca-server.db
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── log
│ └── fabric-ca-server.log
├── msp
│ ├── cacerts
│ ├── keystore
│ │ ├── e0f304d534998a7756e8be945abd630a235dbd3125c768a7d2be54e708f739da_sk
│ │ ├── f9300aaa0a24d69fdc62cfb30384870f9b8184fca4b14416e075d38ed0e1bdd2_sk
│ │ ├── IssuerRevocationPrivateKey
│ │ └── IssuerSecretKey
│ ├── signcerts
│ └── user
├── organizations
│ ├── ordererOrganizations
│ └── peerOrganizations
└── tls-cert.pem17 directories, 22 files
二、准备组织org1
2.1、准备组织目录
mkdir -p ~/fabric/organizations/peerOrganizations/org1.example.com/msp
mkdir -p ~/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com
mkdir -p ~/fabric/organizations/ordererOrganizations/org1.example.com/msp
mkdir -p ~/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com
2.2、生成组织org1的msp配置
echo 'NodeOUs:Enable: trueClientOUIdentifier:Certificate: cacerts/192-168-2-195-7054-ca-org1.pemOrganizationalUnitIdentifier: clientPeerOUIdentifier:Certificate: cacerts/192-168-2-195-7054-ca-org1.pemOrganizationalUnitIdentifier: peerAdminOUIdentifier:Certificate: cacerts/192-168-2-195-7054-ca-org1.pemOrganizationalUnitIdentifier: adminOrdererOUIdentifier:Certificate: cacerts/192-168-2-195-7054-ca-org1.pemOrganizationalUnitIdentifier: orderer' > /home/songzehao/fabric/config.yaml
并拷贝org1的ca证书到org1的/msp/tlscacerts、/tlsca和/ca目录:
mkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/tlscacerts
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crtmkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/tlsca
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pemmkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ca
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
三、准备peer0节点
3.1、注册peer0
fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles /home/songzehao/fabric/ca-cert.pem
3.2、注册peer组织org1的user
fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles /home/songzehao/fabric/ca-cert.pem
3.3、注册peer组织org1的admin
fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles /home/songzehao/fabric/ca-cert.pem
3.4、登记peer0
fabric-ca-client enroll -u https://peer0:peer0pw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem
并拷贝该组织的msp配置文件到peer0节点目录下:
cp /home/songzehao/fabric/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yamlcp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml
3.5、登记peer0的tls
fabric-ca-client enroll -u https://peer0:peer0pw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls --enrollment.profile tls --csr.hosts 192.168.3.128 --tls.certfiles /home/songzehao/fabric/ca-cert.pem
3.6、登记peer组织org1的user
cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.keyfabric-ca-client enroll -u https://user1:user1pw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pemcp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/config.yaml
3.7、登记peer组织org1的admin
fabric-ca-client enroll -u https://org1admin:org1adminpw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pemcp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml
四、准备orderer0节点
在ordererOrganizations/org1.example.com/msp目录下,创建tlscacerts子目录:
mkdir -p /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/tlscacerts
拷贝组织的ca证书到tlscacerts子目录:
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
创建~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca目录:
mkdir ~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca
拷贝组织的ca证书到tlsca子目录:
cp /home/songzehao/fabric/ca-cert.pem ~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
4.1、注册orderer0
fabric-ca-client register --caname ca-org1 --id.name orderer0 --id.secret orderer0pw --id.type orderer --tls.certfiles /home/songzehao/fabric/ca-cert.pem
4.2、注册orderer组织org1的admin
fabric-ca-client register --caname ca-org1 --id.name ordererOrg1Admin --id.secret ordererOrg1Adminpw --id.type admin --tls.certfiles /home/songzehao/fabric/ca-cert.pem
4.3、登记orderer0
fabric-ca-client enroll -u https://orderer0:orderer0pw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem
并拷贝msp配置文件到orderer0节点目录下:
cp /home/songzehao/fabric/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yamlcp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/config.yaml
4.4、登记orderer0的tls
fabric-ca-client enroll -u https://orderer0:orderer0pw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls --enrollment.profile tls --csr.hosts 192.168.3.128 --tls.certfiles /home/songzehao/fabric/ca-cert.pem
拷贝到tls目录下,并重命名为更好看的文件名:
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/ca.crt
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/signcerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/keystore/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.key
拷贝该tlsca证书到orderer0节点目录下msp/tlscacerts目录:
mkdir -p /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
4.5、登记orderer组织org1的admin
fabric-ca-client enroll -u https://ordererOrg1Admin:ordererOrg1Adminpw@192.168.2.195:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem
拷贝msp配置文件到管理员的msp目录下:
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml
五、准备创世区块
走到这一步,组织目录下msp/只有tlscacerts目录,缺少cacert:
/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/
├── config.yaml
└── tlscacerts└── tlsca.org1.example.com-cert.pem1 directory, 2 files
所以先将orderer0的msp目录下的cacert,即~/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/cacerts/
放到~/fabric/organizations/ordererOrganizations/org1.example.com/msp/cacerts/
,顺带给peer0也一起处理:
cp -r /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/cacerts /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp
cp -r /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp
更改configtx.yaml
:
Organizations:- &OrdererOrg1Name: OrdererOrg1SkipAsForeign: falseID: OrdererOrg1MSPMSPDir: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/mspPolicies:Readers:Type: SignatureRule: "OR('OrdererOrg1MSP.member')"Writers:Type: SignatureRule: "OR('OrdererOrg1MSP.member')"Admins:Type: SignatureRule: "OR('OrdererOrg1MSP.admin')"OrdererEndpoints:- "192.168.3.128:7050"- &Org1Name: Org1MSPSkipAsForeign: falseID: Org1MSPMSPDir: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/mspPolicies:Readers:Type: SignatureRule: "OR('Org1MSP.member')"Writers:Type: SignatureRule: "OR('Org1MSP.member')"Admins:Type: SignatureRule: "OR('Org1MSP.admin')"Endorsement:Type: SignatureRule: "OR('Org1MSP.member')"AnchorPeers:- Host: 192.168.3.128Port: 7051Capabilities:Channel: &ChannelCapabilitiesV2_0: trueOrderer: &OrdererCapabilitiesV2_0: trueApplication: &ApplicationCapabilitiesV2_0: trueApplication: &ApplicationDefaultsOrganizations:Policies:LifecycleEndorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Endorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"Capabilities:<<: *ApplicationCapabilitiesOrderer: &OrdererDefaultsOrdererType: etcdraftAddresses:- 192.168.3.128:7050EtcdRaft:Consenters:- Host: 192.168.3.128Port: 7050ClientTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crtServerTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crtBatchTimeout: 2sBatchSize:MaxMessageCount: 10AbsoluteMaxBytes: 99 MBPreferredMaxBytes: 521 KBMaxChannels: 0Organizations:Policies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"BlockValidation:Type: ImplicitMetaRule: "ANY Writers"Channel: &ChannelDefaultsPolicies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"Capabilities:<<: *ChannelCapabilitiesProfiles:OneOrgOrdererGenesis:<<: *ChannelDefaultsOrderer:<<: *OrdererDefaultsOrganizations:- *OrdererOrg1Capabilities:<<: *OrdererCapabilitiesConsortiums:SampleConsortium:Organizations:- *Org1Channel1:Consortium: SampleConsortium<<: *ChannelDefaultsApplication:<<: *ApplicationDefaultsOrganizations:- *Org1Capabilities:<<: *ApplicationCapabilities
创建创世块:
configtxgen -profile OneOrgOrdererGenesis -channelID system-channel -outputBlock /home/songzehao/fabric/config/system-genesis-block/genesis.block
六、服务端准备
6.1、准备peer0
在节点主机创建同样的链组织节点目录:
mkdir -p ~/fabric/organizations/peerOrganizations/
从客户端主机传送peer组织目录到peer0节点主机:
scp -r /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ songzehao@192.168.3.128:/home/songzehao/fabric/organizations/peerOrganizations
调整docker-compose.yaml
中peer0相关的部分:
version: '2'volumes:orderer0.org1.example.com:peer0.org1.example.com:networks:dev:name: fabric_devservices:peer0.org1.example.com:container_name: peer0.org1.example.comimage: hyperledger/fabric-peer:2.2.0environment:#Generic peer variables- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_dev#- FABRIC_LOGGING_SPEC=INFO- FABRIC_LOGGING_SPEC=DEBUG- CORE_PEER_TLS_ENABLED=true- CORE_PEER_PROFILE_ENABLED=false- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt# Peer specific variabes- CORE_PEER_ID=peer0.org1.example.com- CORE_PEER_ADDRESS=0.0.0.0:7051- CORE_PEER_LISTENADDRESS=0.0.0.0:7051#- CORE_PEER_CHAINCODEADDRESS=0.0.0.0:7052- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052- CORE_PEER_GOSSIP_BOOTSTRAP=192.168.3.128:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=0.0.0.0:7051- CORE_PEER_LOCALMSPID=Org1MSP- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:17051volumes:- /var/run/docker.sock:/host/var/run/docker.sock- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls- /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/peer0.org1.example.com:/var/hyperledger/productionworking_dir: /opt/gopath/src/github.com/hyperledger/fabric/peercommand: peer node startports:- 7051:7051- 17051:17051networks:- dev
6.2、准备orderer0
在节点主机创建同样的链组织节点目录。
mkdir -p ~/fabric/organizations/ordererOrganizations/
mkdir -p ~/fabric/config/system-genesis-block/
从客户端主机传送orderer组织目录到orderer0节点主机:
scp -r /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/ songzehao@192.168.3.128:/home/songzehao/fabric/organizations/ordererOrganizations
scp -r /home/songzehao/fabric/config/system-genesis-block/genesis.block songzehao@192.168.3.128:/home/songzehao/fabric/config/system-genesis-block/
调整docker-compose.yaml
中orderer0相关的部分:
version: '2'volumes:orderer0.org1.example.com:peer0.org1.example.com:networks:dev:name: fabric_devservices:orderer0.org1.example.com:container_name: orderer0.org1.example.comimage: hyperledger/fabric-orderer:2.2.0environment:#- FABRIC_LOGGING_SPEC=INFO- FABRIC_LOGGING_SPEC=DEBUG- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0- ORDERER_GENERAL_LISTENPORT=7050- ORDERER_GENERAL_GENESISMETHOD=file- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block- ORDERER_GENERAL_LOCALMSPID=OrdererOrg1MSP- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp- ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:17050# enabled TLS- ORDERER_GENERAL_TLS_ENABLED=true- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1- ORDERER_KAFKA_VERBOSE=true- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]working_dir: /opt/gopath/src/github.com/hyperledger/fabriccommand: orderervolumes:- /home/songzehao/fabric/config/system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp:/var/hyperledger/orderer/msp- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/:/var/hyperledger/orderer/tls- /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com:/var/hyperledger/production/ordererports:- 7050:7050- 17050:17050networks:- dev
6.3、docker-compose启动节点
客户端传送docker-compose.yaml到节点主机之后,节点主机启动节点:
docker-compose -f docker-compose.yaml up -d
七、创建应用通道channel1
7.1、创建应用通道tx交易文件
configtxgen -profile Channel1 -outputCreateChannelTx /home/songzehao/fabric/config/channel-artifacts/channel1.tx -channelID channel1
7.2、创建应用通道区块
首先需要在客户端主机配置peer0相关环境变量:
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=192.168.3.128:7051
export CORE_PEER_GOSSIP_EXTERNALENDPOINT=192.168.3.128:7051
【注意】:客户端也需要一份core.yaml才能成功执行peer客户端命令。
再创建channel1区块:
peer channel create -o 192.168.3.128:7050 -c channel1 -f /home/songzehao/fabric/config/channel-artifacts/channel1.tx --outputBlock /home/songzehao/fabric/config/channel-artifacts/channel1.block --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
7.3、peer0加入应用通道
peer channel join -b /home/songzehao/fabric/config/channel-artifacts/channel1.block
7.4、获取应用通道最近的配置块
peer channel fetch config /home/songzehao/fabric/config/channel-artifacts/config_block.pb -o 192.168.3.128:7050 -c channel1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
7.5、生成锚节点更新配置文件
protobuf序列化(编码)后的.pb
配置文件,转化为.json
格式:
configtxlator proto_decode --input /home/songzehao/fabric/config/channel-artifacts/config_block.pb --type common.Block --output /home/songzehao/fabric/config/channel-artifacts/config_block.json
抽取配置部分的json,得到原始配置:
jq .data.data[0].payload.data.config /home/songzehao/fabric/config/channel-artifacts/config_block.json > /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json
进一步追加锚节点peer0信息到Org1MSP的values
部分,得到更改后配置:
jq '.channel_group.groups.Application.groups.Org1MSP.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "192.168.3.128","port": 7051}]},"version": "0"}}' /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json > /home/songzehao/fabric/config/channel-artifacts/Org1MSPmodified_config.json
protobuf编码原始配置:
configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json --type common.Config --output /home/songzehao/fabric/config/channel-artifacts/original_config.pb
protobuf编码更改后配置:
configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/Org1MSPmodified_config.json --type common.Config --output /home/songzehao/fabric/config/channel-artifacts/modified_config.pb
计算更改前后的配置差异,得到.pb
的差异配置:
configtxlator compute_update --channel_id channel1 --original /home/songzehao/fabric/config/channel-artifacts/original_config.pb --updated /home/songzehao/fabric/config/channel-artifacts/modified_config.pb --output /home/songzehao/fabric/config/channel-artifacts/config_update.pb
protobuf解码为.json
格式:
configtxlator proto_decode --input /home/songzehao/fabric/config/channel-artifacts/config_update.pb --type common.ConfigUpdate --output /home/songzehao/fabric/config/channel-artifacts/config_update.json
追加.json
格式的差异文件内容到新包装后的.json
文件:
echo '{"payload":{"header":{"channel_header":{"channel_id":"channel1", "type":2}},"data":{"config_update":'$(cat /home/songzehao/fabric/config/channel-artifacts/config_update.json)'}}}' | jq . > /home/songzehao/fabric/config/channel-artifacts/config_update_in_envelope.json
编码为Envelope
类型的新的交易文件:
configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/config_update_in_envelope.json --type common.Envelope --output /home/songzehao/fabric/config/channel-artifacts/Org1MSPanchors.tx
7.6、提交更新通道配置交易
peer channel update -o 192.168.3.128:7050 -c channel1 -f /home/songzehao/fabric/config/channel-artifacts/Org1MSPanchors.tx --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
八、部署链码发送交易
8.1、编译打包链码
将fabric-samples
示例工程https://github.com/hyperledger/fabric-samples/tree/v2.2.0/拉下来:
git clone -b v2.2.0 https://gitee.com/hyperledger/fabric-samples.git
以其中一个asset-transfer-basic
链码举例,编译该java链码,并打包为basic.tar.gz:
rm -rf ~/fabric/fabric-samples/asset-transfer-basic/chaincode-java/build/install/./gradlew installDistpeer lifecycle chaincode package ~/fabric/config/basic.tar.gz --path ~/fabric/fabric-samples/asset-transfer-basic/chaincode-java/build/install/basic --lang java --label basic_1.0
8.2、部署链码
进行链码安装:
peer lifecycle chaincode install /home/songzehao/fabric/config/basic.tar.gz
查看已安装的链码:
peer lifecycle chaincode queryinstalled
批准链码定义:
peer lifecycle chaincode approveformyorg -o 192.168.3.128:7050 --channelID channel1 --name basic --version 1.0 --package-id basic_1.0:67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773 --sequence 1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
检查批准状态:
peer lifecycle chaincode queryapproved -C channel1 -n basic
检查提交就绪状态:
peer lifecycle chaincode checkcommitreadiness --channelID channel1 --name basic --version 1.0 --sequence 1 --output json
提交到peer0:
peer lifecycle chaincode commit -o 192.168.3.128:7050 --channelID channel1 --name basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --version 1.0 --sequence 1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
检查提交状态:
peer lifecycle chaincode querycommitted --channelID channel1 --name basic --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
docker验证新的链代码是否已在您的对等点192.168.3.128上提交启动:
docker ps --no-trunc
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
660ab24842f1c96dc644f931b6540befca1cfb953399d880d9fe6e02560e4dc0 dev-peer0.org1.example.com-basic_1.0-67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773-4ae135e5fa18d99cbd8dc7e8907079b31a3f779d0137e69204d3307d30236441 "/root/chaincode-java/start --peerAddress localhost:7052" About a minute ago Up About a minute dev-peer0.org1.example.com-basic_1.0-67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773
8.3、发送交易
发交易,初始化资产(调用链码的初始化方法InitLedger):
peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"InitLedger","Args":[]}'
查询初始化后的资产(调用链码的GetAllAssets方法):
peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"GetAllAssets","Args":[]}'
发交易,新增资产(调用链码的初始化方法CreateAsset):
peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"CreateAsset","Args":["asset7", "pink", "18", "Jay", "800"]}'
这篇关于Fabric建链docker-compose方式(客户端与节点主机分离)的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!