安装Hyperledger Fabric 2.2后执行以下操作
一、搭建基础网络
1.生成证书素材
cd ~/work/example/organizations/
vim crypto-config.yaml
注意当以下EnableNodeOUs: true 身份分类启用后,生成的msp中各自的admincerts中将为空,不再默认添加管理员证书(如Admin@example.com-cert.pem)
OrdererOrgs:
- Name: OrdererOrg
Domain: example.com #此处是根域名不是orderer.example.com
EnableNodeOUs: true #身份分类启用,此项很关键,若不设置peer可能无法连接到orderer
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1MSP
Domain: org1.example.com
EnableNodeOUs: true #身份分类启用,此项很关键,若不设置peer可能无法连接到orderer
Template:
Count: 1
Users:
Count: 1
- Name: Org2MSP
Domain: org2.example.com
EnableNodeOUs: true #身份分类启用,此项很关键,若不设置peer可能无法连接到orderer
Template:
Count: 1
Users:
Count: 1创建证书命令
cryptogen generate --config=crypto-config.yaml --output ./2.配置所有服务器网络host
sudo vim /etc/hosts
192.168.1.108 orderer.example.com
192.168.1.112 peer0.org1.example.com
192.168.1.111 peer0.org2.example.com3.生成系统的创始区块
cd ~/work/example/order
vim configtx.yaml# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: ../organizations/ordererOrganizations/example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
OrdererEndpoints:
- "orderer.example.com:7050"
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: ../organizations/peerOrganizations/org1.example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org1MSP.peer')"
# leave this flag set to true.
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org1.example.com
Port: 7051
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: ../organizations/peerOrganizations/org2.example.com/msp
# Policies defines the set of policies at this level of the config tree
# For organization policies, their canonical path is usually
# /Channel/<Application|Orderer>/<OrgName>/<PolicyName>
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org2MSP.peer')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org2.example.com
Port: 7051
################################################################################
#
# SECTION: Capabilities
#
# - This section defines the capabilities of fabric network. This is a new
# concept as of v1.1.0 and should not be utilized in mixed networks with
# v1.0.x peers and orderers. Capabilities define features which must be
# present in a fabric binary for that binary to safely participate in the
# fabric network. For instance, if a new MSP type is added, newer binaries
# might recognize and validate the signatures from this type, while older
# binaries without this support would be unable to validate those
# transactions. This could lead to different versions of the fabric binaries
# having different world states. Instead, defining a capability for a channel
# informs those binaries without this capability that they must cease
# processing transactions until they have been upgraded. For v1.0.x if any
# capabilities are defined (including a map with all capabilities turned off)
# then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V2_0 capability ensures that orderers and peers behave according
# to v2.0 channel capabilities. Orderers and peers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 capability.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V2_0 orderer capability ensures that orderers behave according
# to v2.0 orderer capabilities. Orderers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 orderer capability.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on channel are at v2.0.0 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V2_0 application capability ensures that peers behave according
# to v2.0 application capabilities. Peers from
# prior releases would behave in an incompatible way, and are therefore
# not able to participate in channels at v2.0 application capability.
# Prior to enabling V2.0 application capabilities, ensure that all
# peers on channel are at v2.0.0 or later.
V2_0: true
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
LifecycleEndorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Endorsement:
Type: ImplicitMeta
Rule: "MAJORITY Endorsement"
Capabilities:
<<: *ApplicationCapabilities
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Orderer policies, their canonical path is
# /Channel/Orderer/<PolicyName>
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# BlockValidation specifies what signatures must be included in the block
# from the orderer for the peer to validate it.
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
################################################################################
#
# CHANNEL
#
# This section defines the values to encode into a config transaction or
# genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
# Policies defines the set of policies at this level of the config tree
# For Channel policies, their canonical path is
# /Channel/<PolicyName>
Policies:
# Who may invoke the 'Deliver' API
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
# Who may invoke the 'Broadcast' API
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
# By default, who may modify elements at this config level
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
# Capabilities describes the channel level capabilities, see the
# dedicated Capabilities section elsewhere in this file for a full
# description
Capabilities:
<<: *ChannelCapabilities
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
生成系统创始区块
configtxgen -profile TwoOrgsOrdererGenesis -channelID system-channel -outputBlock ./system-genesis-block/genesis.block4.创建应用通道创建事务
1.创建通道创建事务
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel1.tx -channelID channel15.启动order
在order目录中放入orderer.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Orderer Configuration
#
# - This controls the type and configuration of the orderer.
#
################################################################################
General:
# Listen address: The IP on which to bind to listen.
ListenAddress: orderer.example.com
# Listen port: The port on which to bind to listen.
ListenPort: 7050
# TLS: TLS settings for the GRPC server.
TLS:
Enabled: true
# PrivateKey governs the file location of the private key of the TLS certificate.
PrivateKey: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
# Certificate governs the file location of the server TLS certificate.
Certificate: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
RootCAs:
- ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
ClientAuthRequired: false #此处暂时为false,正式环境是否需要设置为true,而且下面的值也不确定填写什么(如只写一个组织的那其它组织怎么办)
ClientRootCAs:
# Keepalive settings for the GRPC server.
Keepalive:
# ServerMinInterval is the minimum permitted time between client pings.
# If clients send pings more frequently, the server will
# disconnect them.
ServerMinInterval: 60s
# ServerInterval is the time between pings to clients.
ServerInterval: 7200s
# ServerTimeout is the duration the server waits for a response from
# a client before closing the connection.
ServerTimeout: 20s
# Cluster settings for ordering service nodes that communicate with other ordering service nodes
# such as Raft based ordering service.
Cluster:
# SendBufferSize is the maximum number of messages in the egress buffer.
# Consensus messages are dropped if the buffer is full, and transaction
# messages are waiting for space to be freed.
SendBufferSize: 10
# ClientCertificate governs the file location of the client TLS certificate
# used to establish mutual TLS connections with other ordering service nodes.
ClientCertificate: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
# ClientPrivateKey governs the file location of the private key of the client TLS certificate.
ClientPrivateKey: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
# The below 4 properties should be either set together, or be unset together.
# If they are set, then the orderer node uses a separate listener for intra-cluster
# communication. If they are unset, then the general orderer listener is used.
# This is useful if you want to use a different TLS server certificates on the
# client-facing and the intra-cluster listeners.
# ListenPort defines the port on which the cluster listens to connections.
ListenPort:
# ListenAddress defines the IP on which to listen to intra-cluster communication.
ListenAddress:
# ServerCertificate defines the file location of the server TLS certificate used for intra-cluster
# communication.
ServerCertificate:
# ServerPrivateKey defines the file location of the private key of the TLS certificate.
ServerPrivateKey:
# Bootstrap method: The method by which to obtain the bootstrap block
# system channel is specified. The option can be one of:
# "file" - path to a file containing the genesis block or config block of system channel
# "none" - allows an orderer to start without a system channel configuration
BootstrapMethod: file
# Bootstrap file: The file containing the bootstrap block to use when
# initializing the orderer system channel and BootstrapMethod is set to
# "file". The bootstrap file can be the genesis block, and it can also be
# a config block for late bootstrap of some consensus methods like Raft.
# Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and
# using configtxgen command with "-outputBlock" option.
# Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified.
BootstrapFile: ./system-genesis-block/genesis.block
# LocalMSPDir is where to find the private crypto material needed by the
# orderer. It is set relative here as a default for dev environments but
# should be changed to the real location in production.
LocalMSPDir: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/
# LocalMSPID is the identity to register the local MSP material with the MSP
# manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP
# ID of one of the organizations defined in the orderer system channel's
# /Channel/Orderer configuration. The sample organization defined in the
# sample configuration provided has an MSP ID of "SampleOrg".
LocalMSPID: OrdererMSP #注意这里写ID不要写NAME很容易错
# Enable an HTTP service for Go "pprof" profiling as documented at:
# https://golang.org/pkg/net/http/pprof
Profile:
Enabled: false
Address: 0.0.0.0:6060
# BCCSP configures the blockchain crypto service providers.
BCCSP:
# Default specifies the preferred blockchain crypto service provider
# to use. If the preferred provider is not available, the software
# based provider ("SW") will be used.
# Valid providers are:
# - SW: a software based crypto provider
# - PKCS11: a CA hardware security module crypto provider.
Default: SW
# SW configures the software based blockchain crypto provider.
SW:
# TODO: The default Hash and Security level needs refactoring to be
# fully configurable. Changing these defaults requires coordination
# SHA2 is hardcoded in several places, not only BCCSP
Hash: SHA2
Security: 256
# Location of key store. If this is unset, a location will be
# chosen using: 'LocalMSPDir'/keystore
FileKeyStore:
KeyStore:
# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
PKCS11:
# Location of the PKCS11 module library
Library:
# Token Label
Label:
# User PIN
Pin:
Hash:
Security:
FileKeyStore:
KeyStore:
# Authentication contains configuration parameters related to authenticating
# client messages
Authentication:
# the acceptable difference between the current server time and the
# client's time as specified in a client request message
TimeWindow: 15m
################################################################################
#
# SECTION: File Ledger
#
# - This section applies to the configuration of the file or json ledgers.
#
################################################################################
FileLedger:
# Location: The directory to store the blocks in.
# NOTE: If this is unset, a new temporary location will be chosen every time
# the orderer is restarted, using the prefix specified by Prefix.
Location: production/orderer/
# The prefix to use when generating a ledger directory in temporary space.
# Otherwise, this value is ignored.
Prefix: hyperledger-fabric-ordererledger
################################################################################
#
# SECTION: Kafka
#
# - This section applies to the configuration of the Kafka-based orderer, and
# its interaction with the Kafka cluster.
#
################################################################################
Kafka:
# Retry: What do if a connection to the Kafka cluster cannot be established,
# or if a metadata request to the Kafka cluster needs to be repeated.
Retry:
# When a new channel is created, or when an existing channel is reloaded
# (in case of a just-restarted orderer), the orderer interacts with the
# Kafka cluster in the following ways:
# 1. It creates a Kafka producer (writer) for the Kafka partition that
# corresponds to the channel.
# 2. It uses that producer to post a no-op CONNECT message to that
# partition
# 3. It creates a Kafka consumer (reader) for that partition.
# If any of these steps fail, they will be re-attempted every
# <ShortInterval> for a total of <ShortTotal>, and then every
# <LongInterval> for a total of <LongTotal> until they succeed.
# Note that the orderer will be unable to write to or read from a
# channel until all of the steps above have been completed successfully.
ShortInterval: 5s
ShortTotal: 10m
LongInterval: 5m
LongTotal: 12h
# Affects the socket timeouts when waiting for an initial connection, a
# response, or a transmission. See Config.Net for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
NetworkTimeouts:
DialTimeout: 10s
ReadTimeout: 10s
WriteTimeout: 10s
# Affects the metadata requests when the Kafka cluster is in the middle
# of a leader election.See Config.Metadata for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Metadata:
RetryBackoff: 250ms
RetryMax: 3
# What to do if posting a message to the Kafka cluster fails. See
# Config.Producer for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Producer:
RetryBackoff: 100ms
RetryMax: 3
# What to do if reading from the Kafka cluster fails. See
# Config.Consumer for more info:
# https://godoc.org/github.com/Shopify/sarama#Config
Consumer:
RetryBackoff: 2s
# Settings to use when creating Kafka topics. Only applies when
# Kafka.Version is v0.10.1.0 or higher
Topic:
# The number of Kafka brokers across which to replicate the topic
ReplicationFactor: 3
# Verbose: Enable logging for interactions with the Kafka cluster.
Verbose: false
# TLS: TLS settings for the orderer's connection to the Kafka cluster.
TLS:
# Enabled: Use TLS when connecting to the Kafka cluster.
Enabled: false
# PrivateKey: PEM-encoded private key the orderer will use for
# authentication.
PrivateKey:
# As an alternative to specifying the PrivateKey here, uncomment the
# following "File" key and specify the file name from which to load the
# value of PrivateKey.
#File: path/to/PrivateKey
# Certificate: PEM-encoded signed public key certificate the orderer will
# use for authentication.
Certificate:
# As an alternative to specifying the Certificate here, uncomment the
# following "File" key and specify the file name from which to load the
# value of Certificate.
#File: path/to/Certificate
# RootCAs: PEM-encoded trusted root certificates used to validate
# certificates from the Kafka cluster.
RootCAs:
# As an alternative to specifying the RootCAs here, uncomment the
# following "File" key and specify the file name from which to load the
# value of RootCAs.
#File: path/to/RootCAs
# SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers
SASLPlain:
# Enabled: Use SASL/PLAIN to authenticate with Kafka brokers
Enabled: false
# User: Required when Enabled is set to true
User:
# Password: Required when Enabled is set to true
Password:
# Kafka protocol version used to communicate with the Kafka cluster brokers
# (defaults to 0.10.2.0 if not specified)
Version:
################################################################################
#
# Debug Configuration
#
# - This controls the debugging options for the orderer
#
################################################################################
Debug:
# BroadcastTraceDir when set will cause each request to the Broadcast service
# for this orderer to be written to a file in this directory
BroadcastTraceDir:
# DeliverTraceDir when set will cause each request to the Deliver service
# for this orderer to be written to a file in this directory
DeliverTraceDir:
################################################################################
#
# Operations Configuration
#
# - This configures the operations server endpoint for the orderer
#
################################################################################
Operations: #生产环境此处该如何设置
# host and port for the operations server
ListenAddress: 127.0.0.1:8443
# TLS configuration for the operations endpoint
TLS:
# TLS enabled
Enabled: false
# Certificate is the location of the PEM encoded TLS certificate
Certificate:
# PrivateKey points to the location of the PEM-encoded key
PrivateKey:
# Most operations service endpoints require client authentication when TLS
# is enabled. ClientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
ClientAuthRequired: false
# Paths to PEM encoded ca certificates to trust for client authentication
ClientRootCAs: []
################################################################################
#
# Metrics Configuration
#
# - This configures metrics collection for the orderer
#
################################################################################
Metrics:
# The metrics provider is one of statsd, prometheus, or disabled
Provider: disabled
# The statsd configuration
Statsd:
# network type: tcp or udp
Network: udp
# the statsd server address
Address: 127.0.0.1:8125
# The interval at which locally cached counters and gauges are pushed
# to statsd; timings are pushed immediately
WriteInterval: 30s
# The prefix is prepended to all emitted statsd metrics
Prefix:
################################################################################
#
# Consensus Configuration
#
# - This section contains config options for a consensus plugin. It is opaque
# to orderer, and completely up to consensus implementation to make use of.
#
################################################################################
Consensus:
# The allowed key-value pairs here depend on consensus plugin. For etcd/raft,
# we use following options:
# WALDir specifies the location at which Write Ahead Logs for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
WALDir: etcdraft/wal
# SnapDir specifies the location at which snapshots for etcd/raft are
# stored. Each channel will have its own subdir named after channel ID.
SnapDir: etcdraft/snapshot启动orderer
orderer start6.启动peer
在192.168.1.112上部署Org1MSP的peer peer0.org1.example.com
cd ~/work/example
mkdir organizations/peerOrganizations
cd organizations/peerOrganizations
scp -r dev1@192.168.1.108:/home/dev1/work/example/organizations/peerOrganizations/org1.example.com org1.example.com
cd ~/work/example/peer
vim core.yaml# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
###############################################################################
#
# Peer section
#
###############################################################################
peer:
# The peer id provides a name for this peer instance and is used when
# naming docker resources.
id: peer0.org1.example.com
# The networkId allows for logical separation of networks and is used when
# naming docker resources.
networkId: dev1
# The Address at local network interface this Peer will listen on.
# By default, it will listen on all network interfaces
listenAddress: 0.0.0.0:7051
# The endpoint this peer uses to listen for inbound chaincode connections.
# If this is commented-out, the listen address is selected to be
# the peer's address (see below) with port 7052
# chaincodeListenAddress: 0.0.0.0:7052
# The endpoint the chaincode for this peer uses to connect to the peer.
# If this is not specified, the chaincodeListenAddress address is selected.
# And if chaincodeListenAddress is not specified, address is selected from
# peer listenAddress.
# chaincodeAddress: 0.0.0.0:7052
# When used as peer config, this represents the endpoint to other peers
# in the same organization. For peers in other organization, see
# gossip.externalEndpoint for more info.
# When used as CLI config, this means the peer's endpoint to interact with
address: 0.0.0.0:7051
# Whether the Peer should programmatically determine its address
# This case is useful for docker containers.
addressAutoDetect: false
# Keepalive settings for peer server and clients
keepalive:
# Interval is the duration after which if the server does not see
# any activity from the client it pings the client to see if it's alive
interval: 7200s
# Timeout is the duration the server waits for a response
# from the client after sending a ping before closing the connection
timeout: 20s
# MinInterval is the minimum permitted time between client pings.
# If clients send pings more frequently, the peer server will
# disconnect them
minInterval: 60s
# Client keepalive settings for communicating with other peer nodes
client:
# Interval is the time between pings to peer nodes. This must
# greater than or equal to the minInterval specified by peer
# nodes
interval: 60s
# Timeout is the duration the client waits for a response from
# peer nodes before closing the connection
timeout: 20s
# DeliveryClient keepalive settings for communication with ordering
# nodes.
deliveryClient:
# Interval is the time between pings to ordering nodes. This must
# greater than or equal to the minInterval specified by ordering
# nodes.
interval: 60s
# Timeout is the duration the client waits for a response from
# ordering nodes before closing the connection
timeout: 20s
# Gossip related configuration
gossip:
# Bootstrap set to initialize gossip with.
# This is a list of other peers that this peer reaches out to at startup.
# Important: The endpoints here have to be endpoints of peers in the same
# organization, because the peer would refuse connecting to these endpoints
# unless they are in the same organization as the peer.
bootstrap: 127.0.0.1:7051
# NOTE: orgLeader and useLeaderElection parameters are mutual exclusive.
# Setting both to true would result in the termination of the peer
# since this is undefined state. If the peers are configured with
# useLeaderElection=false, make sure there is at least 1 peer in the
# organization that its orgLeader is set to true.
# Defines whenever peer will initialize dynamic algorithm for
# "leader" selection, where leader is the peer to establish
# connection with ordering service and use delivery protocol
# to pull ledger blocks from ordering service. It is recommended to
# use leader election for large networks of peers.
useLeaderElection: true
# Statically defines peer to be an organization "leader",
# where this means that current peer will maintain connection
# with ordering service and disseminate block across peers in
# its own organization
orgLeader: false
# Interval for membershipTracker polling
membershipTrackerInterval: 5s
# Overrides the endpoint that the peer publishes to peers
# in its organization. For peers in foreign organizations
# see 'externalEndpoint'
endpoint:
# Maximum count of blocks stored in memory
maxBlockCountToStore: 100
# Max time between consecutive message pushes(unit: millisecond)
maxPropagationBurstLatency: 10ms
# Max number of messages stored until a push is triggered to remote peers
maxPropagationBurstSize: 10
# Number of times a message is pushed to remote peers
propagateIterations: 1
# Number of peers selected to push messages to
propagatePeerNum: 3
# Determines frequency of pull phases(unit: second)
# Must be greater than digestWaitTime + responseWaitTime
pullInterval: 4s
# Number of peers to pull from
pullPeerNum: 3
# Determines frequency of pulling state info messages from peers(unit: second)
requestStateInfoInterval: 4s
# Determines frequency of pushing state info messages to peers(unit: second)
publishStateInfoInterval: 4s
# Maximum time a stateInfo message is kept until expired
stateInfoRetentionInterval:
# Time from startup certificates are included in Alive messages(unit: second)
publishCertPeriod: 10s
# Should we skip verifying block messages or not (currently not in use)
skipBlockVerification: false
# Dial timeout(unit: second)
dialTimeout: 3s
# Connection timeout(unit: second)
connTimeout: 2s
# Buffer size of received messages
recvBuffSize: 20
# Buffer size of sending messages
sendBuffSize: 200
# Time to wait before pull engine processes incoming digests (unit: second)
# Should be slightly smaller than requestWaitTime
digestWaitTime: 1s
# Time to wait before pull engine removes incoming nonce (unit: milliseconds)
# Should be slightly bigger than digestWaitTime
requestWaitTime: 1500ms
# Time to wait before pull engine ends pull (unit: second)
responseWaitTime: 2s
# Alive check interval(unit: second)
aliveTimeInterval: 5s
# Alive expiration timeout(unit: second)
aliveExpirationTimeout: 25s
# Reconnect interval(unit: second)
reconnectInterval: 25s
# This is an endpoint that is published to peers outside of the organization.
# If this isn't set, the peer will not be known to other organizations.
externalEndpoint: peer0.org1.example.com:7051
# Leader election service configuration
election:
# Longest time peer waits for stable membership during leader election startup (unit: second)
startupGracePeriod: 15s
# Interval gossip membership samples to check its stability (unit: second)
membershipSampleInterval: 1s
# Time passes since last declaration message before peer decides to perform leader election (unit: second)
leaderAliveThreshold: 10s
# Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second)
leaderElectionDuration: 5s
pvtData:
# pullRetryThreshold determines the maximum duration of time private data corresponding for a given block
# would be attempted to be pulled from peers until the block would be committed without the private data
pullRetryThreshold: 60s
# As private data enters the transient store, it is associated with the peer's ledger's height at that time.
# transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit,
# and the private data residing inside the transient store that is guaranteed not to be purged.
# Private data is purged from the transient store when blocks with sequences that are multiples
# of transientstoreMaxBlockRetention are committed.
transientstoreMaxBlockRetention: 1000
# pushAckTimeout is the maximum time to wait for an acknowledgement from each peer
# at private data push at endorsement time.
pushAckTimeout: 3s
# Block to live pulling margin, used as a buffer
# to prevent peer from trying to pull private data
# from peers that is soon to be purged in next N blocks.
# This helps a newly joined peer catch up to current
# blockchain height quicker.
btlPullMargin: 10
# the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to
# pull from the other peers the most recent missing blocks with a maximum batch size limitation.
# reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a
# single iteration.
reconcileBatchSize: 10
# reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning
# of the next reconciliation iteration.
reconcileSleepInterval: 1m
# reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not.
reconciliationEnabled: true
# skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid
# transaction's private data from other peers need to be skipped during the commit time and pulled
# only through reconciler.
skipPullingInvalidTransactionsDuringCommit: false
# implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection.
# When a peer endorses a proposal that writes to its own implicit collection, below values override the default values
# for disseminating private data.
# Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to
# be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization.
implicitCollectionDisseminationPolicy:
# requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully
# disseminate private data for its own implicit collection during endorsement. Default value is 0.
requiredPeerCount: 0
# maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to
# disseminate private data for its own implicit collection during endorsement. Default value is 1.
maxPeerCount: 1
# Gossip state transfer related configuration
state:
# indicates whenever state transfer is enabled or not
# default value is true, i.e. state transfer is active
# and takes care to sync up missing blocks allowing
# lagging peer to catch up to speed with rest network
enabled: true
# checkInterval interval to check whether peer is lagging behind enough to
# request blocks via state transfer from another peer.
checkInterval: 10s
# responseTimeout amount of time to wait for state transfer response from
# other peers
responseTimeout: 3s
# batchSize the number of blocks to request via state transfer from another peer
batchSize: 10
# blockBufferSize reflects the size of the re-ordering buffer
# which captures blocks and takes care to deliver them in order
# down to the ledger layer. The actually buffer size is bounded between
# 0 and 2*blockBufferSize, each channel maintains its own buffer
blockBufferSize: 100
# maxRetries maximum number of re-tries to ask
# for single state transfer request
maxRetries: 3
# TLS Settings
tls:
# Require server-side TLS
enabled: true
# Require client certificates / mutual TLS.
# Note that clients that are not configured to use a certificate will
# fail to connect to the peer.
clientAuthRequired: false #正式环境是否要设置为true,下方clientKey该如何设置。若为true,在peer channel list会报错
# X.509 certificate used for TLS server
cert:
file: ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
# Private key used for TLS server (and client if clientAuthEnabled
# is set to true
key:
file: ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
# Trusted root certificate chain for tls.cert
rootcert:
file: ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
# Set of root certificate authorities used to verify client certificates
clientRootCAs:
files:
- ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
# Private key used for TLS when making client connections. If
# not set, peer.tls.key.file will be used instead
clientKey:
file:
# X.509 certificate used for TLS when making client connections.
# If not set, peer.tls.cert.file will be used instead
clientCert:
file:
# Authentication contains configuration parameters related to authenticating
# client messages
authentication:
# the acceptable difference between the current server time and the
# client's time as specified in a client request message
timewindow: 15m
# Path on the file system where peer will store data (eg ledger). This
# location must be access control protected to prevent unintended
# modification that might corrupt the peer operations.
fileSystemPath: ./production
# BCCSP (Blockchain crypto provider): Select which crypto implementation or
# library to use
BCCSP:
Default: SW
# Settings for the SW crypto provider (i.e. when DEFAULT: SW)
SW:
# TODO: The default Hash and Security level needs refactoring to be
# fully configurable. Changing these defaults requires coordination
# SHA2 is hardcoded in several places, not only BCCSP
Hash: SHA2
Security: 256
# Location of Key Store
FileKeyStore:
# If "", defaults to 'mspConfigPath'/keystore
KeyStore:
# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)
PKCS11:
# Location of the PKCS11 module library
Library:
# Token Label
Label:
# User PIN
Pin:
Hash:
Security:
# Path on the file system where peer will find MSP local configurations
mspConfigPath: ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp
# Identifier of the local MSP
# ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!----
# Deployers need to change the value of the localMspId string.
# In particular, the name of the local MSP ID of a peer needs
# to match the name of one of the MSPs in each of the channel
# that this peer is a member of. Otherwise this peer's messages
# will not be identified as valid by other nodes.
localMspId: Org1MSP
# CLI common client config options
client:
# connection timeout
connTimeout: 3s
# Delivery service related config
deliveryclient:
# It sets the total time the delivery service may spend in reconnection
# attempts until its retry logic gives up and returns an error
reconnectTotalTimeThreshold: 3600s
# It sets the delivery service <-> ordering service node connection timeout
connTimeout: 3s
# It sets the delivery service maximal delay between consecutive retries
reConnectBackoffThreshold: 3600s
# A list of orderer endpoint addresses which should be overridden
# when found in channel configurations.
addressOverrides:
# - from:
# to:
# caCertsFile:
# - from:
# to:
# caCertsFile:
# Type for the local MSP - by default it's of type bccsp
localMspType: bccsp
# Used with Go profiling tools only in none production environment. In
# production, it should be disabled (eg enabled: false)
profile:
enabled: false
listenAddress: 0.0.0.0:6060
# Handlers defines custom handlers that can filter and mutate
# objects passing within the peer, such as:
# Auth filter - reject or forward proposals from clients
# Decorators - append or mutate the chaincode input passed to the chaincode
# Endorsers - Custom signing over proposal response payload and its mutation
# Valid handler definition contains:
# - A name which is a factory method name defined in
# core/handlers/library/library.go for statically compiled handlers
# - library path to shared object binary for pluggable filters
# Auth filters and decorators are chained and executed in the order that
# they are defined. For example:
# authFilters:
# -
# name: FilterOne
# library: /opt/lib/filter.so
# -
# name: FilterTwo
# decorators:
# -
# name: DecoratorOne
# -
# name: DecoratorTwo
# library: /opt/lib/decorator.so
# Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden.
# Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality
# as the default ESCC.
# If the 'library' property is missing, the name is used as the constructor method in the builtin library similar
# to auth filters and decorators.
# endorsers:
# escc:
# name: DefaultESCC
# library: /etc/hyperledger/fabric/plugin/escc.so
handlers:
authFilters:
-
name: DefaultAuth
-
name: ExpirationCheck # This filter checks identity x509 certificate expiration
decorators:
-
name: DefaultDecorator
endorsers:
escc:
name: DefaultEndorsement
library:
validators:
vscc:
name: DefaultValidation
library:
# library: /etc/hyperledger/fabric/plugin/escc.so
# Number of goroutines that will execute transaction validation in parallel.
# By default, the peer chooses the number of CPUs on the machine. Set this
# variable to override that choice.
# NOTE: overriding this value might negatively influence the performance of
# the peer so please change this value only if you know what you're doing
validatorPoolSize:
# The discovery service is used by clients to query information about peers,
# such as - which peers have joined a certain channel, what is the latest
# channel config, and most importantly - given a chaincode and a channel,
# what possible sets of peers satisfy the endorsement policy.
discovery:
enabled: true
# Whether the authentication cache is enabled or not.
authCacheEnabled: true
# The maximum size of the cache, after which a purge takes place
authCacheMaxSize: 1000
# The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulation
authCachePurgeRetentionRatio: 0.75
# Whether to allow non-admins to perform non channel scoped queries.
# When this is false, it means that only peer admins can perform non channel scoped queries.
orgMembersAllowedAccess: false
# Limits is used to configure some internal resource limits.
limits:
# Concurrency limits the number of concurrently running requests to a service on each peer.
# Currently this option is only applied to endorser service and deliver service.
# When the property is missing or the value is 0, the concurrency limit is disabled for the service.
concurrency:
# endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation,
# including both user chaincodes and system chaincodes.
endorserService: 2500
# deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events.
deliverService: 2500
###############################################################################
#
# VM section
#
###############################################################################
vm:
# Endpoint of the vm management system. For docker can be one of the following in general
# unix:///var/run/docker.sock
# http://localhost:2375
# https://localhost:2376
endpoint: unix:///var/run/docker.sock
# settings for docker vms
docker:
tls:
enabled: false
ca:
file: docker/ca.crt
cert:
file: docker/tls.crt
key:
file: docker/tls.key
# Enables/disables the standard out/err from chaincode containers for
# debugging purposes
attachStdout: false
# Parameters on creating docker container.
# Container may be efficiently created using ipam & dns-server for cluster
# NetworkMode - sets the networking mode for the container. Supported
# standard values are: `host`(default),`bridge`,`ipvlan`,`none`.
# Dns - a list of DNS servers for the container to use.
# Note: `Privileged` `Binds` `Links` and `PortBindings` properties of
# Docker Host Config are not supported and will not be used if set.
# LogConfig - sets the logging driver (Type) and related options
# (Config) for Docker. For more info,
# https://docs.docker.com/engine/admin/logging/overview/
# Note: Set LogConfig using Environment Variables is not supported.
hostConfig:
NetworkMode: host
Dns:
# - 192.168.0.1
LogConfig:
Type: json-file
Config:
max-size: "50m"
max-file: "5"
Memory: 2147483648
###############################################################################
#
# Chaincode section
#
###############################################################################
chaincode:
# The id is used by the Chaincode stub to register the executing Chaincode
# ID with the Peer and is generally supplied through ENV variables
# the `path` form of ID is provided when installing the chaincode.
# The `name` is used for all other requests and can be any string.
id:
path:
name:
# Generic builder environment, suitable for most chaincode types
builder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION)
# Enables/disables force pulling of the base docker images (listed below)
# during user chaincode instantiation.
# Useful when using moving image tags (such as :latest)
pull: false
golang:
# golang will never need more than baseos
runtime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION)
# whether or not golang chaincode should be linked dynamically
dynamicLink: false
java:
# This is an image based on java:openjdk-8 with addition compiler
# tools added for java shim layer packaging.
# This image is packed with shim layer libraries that are necessary
# for Java chaincode runtime.
runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION)
node:
# This is an image based on node:$(NODE_VER)-alpine
runtime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION)
# List of directories to treat as external builders and launchers for
# chaincode. The external builder detection processing will iterate over the
# builders in the order specified below.
externalBuilders: []
# - path: /path/to/directory
# name: descriptive-builder-name
# environmentWhitelist:
# - ENVVAR_NAME_TO_PROPAGATE_FROM_PEER
# - GOPROXY
# The maximum duration to wait for the chaincode build and install process
# to complete.
installTimeout: 300s
# Timeout duration for starting up a container and waiting for Register
# to come through.
startuptimeout: 300s
# Timeout duration for Invoke and Init calls to prevent runaway.
# This timeout is used by all chaincodes in all the channels, including
# system chaincodes.
# Note that during Invoke, if the image is not available (e.g. being
# cleaned up when in development environment), the peer will automatically
# build the image, which might take more time. In production environment,
# the chaincode image is unlikely to be deleted, so the timeout could be
# reduced accordingly.
executetimeout: 30s
# There are 2 modes: "dev" and "net".
# In dev mode, user runs the chaincode after starting peer from
# command line on local machine.
# In net mode, peer will run chaincode in a docker container.
mode: net
# keepalive in seconds. In situations where the communication goes through a
# proxy that does not support keep-alive, this parameter will maintain connection
# between peer and chaincode.
# A value <= 0 turns keepalive off
keepalive: 0
# system chaincodes whitelist. To add system chaincode "myscc" to the
# whitelist, add "myscc: enable" to the list below, and register in
# chaincode/importsysccs.go
system:
_lifecycle: enable
cscc: enable
lscc: enable
escc: enable
vscc: enable
qscc: enable
# Logging section for the chaincode container
logging:
# Default level for all loggers within the chaincode container
level: info
# Override default level for the 'shim' logger
shim: warning
# Format for the chaincode container logs
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
###############################################################################
#
# Ledger section - ledger configuration encompasses both the blockchain
# and the state
#
###############################################################################
ledger:
blockchain:
state:
# stateDatabase - options are "goleveldb", "CouchDB"
# goleveldb - default state database stored in goleveldb.
# CouchDB - store state database in CouchDB
stateDatabase: goleveldb
# Limit on the number of records to return per query
totalQueryLimit: 100000
couchDBConfig:
# It is recommended to run CouchDB on the same server as the peer, and
# not map the CouchDB container port to a server port in docker-compose.
# Otherwise proper security must be provided on the connection between
# CouchDB client (on the peer) and server.
couchDBAddress: 127.0.0.1:5984
# This username must have read and write authority on CouchDB
username:
# The password is recommended to pass as an environment variable
# during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD).
# If it is stored here, the file must be access control protected
# to prevent unintended users from discovering the password.
password:
# Number of retries for CouchDB errors
maxRetries: 3
# Number of retries for CouchDB errors during peer startup
maxRetriesOnStartup: 12
# CouchDB request timeout (unit: duration, e.g. 20s)
requestTimeout: 35s
# Limit on the number of records per each CouchDB query
# Note that chaincode queries are only bound by totalQueryLimit.
# Internally the chaincode may execute multiple CouchDB queries,
# each of size internalQueryLimit.
internalQueryLimit: 1000
# Limit on the number of records per CouchDB bulk update batch
maxBatchUpdateSize: 1000
# Warm indexes after every N blocks.
# This option warms any indexes that have been
# deployed to CouchDB after every N blocks.
# A value of 1 will warm indexes after every block commit,
# to ensure fast selector queries.
# Increasing the value may improve write efficiency of peer and CouchDB,
# but may degrade query response time.
warmIndexesAfterNBlocks: 1
# Create the _global_changes system database
# This is optional. Creating the global changes database will require
# additional system resources to track changes and maintain the database
createGlobalChangesDB: false
# CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state
# cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple
# of 32 MB, the peer would round the size to the next multiple of 32 MB.
# To disable the cache, 0 MB needs to be assigned to the cacheSize.
cacheSize: 64
history:
# enableHistoryDatabase - options are true or false
# Indicates if the history of key updates should be stored.
# All history 'index' will be stored in goleveldb, regardless if using
# CouchDB or alternate database for the state.
enableHistoryDatabase: true
pvtdataStore:
# the maximum db batch size for converting
# the ineligible missing data entries to eligible missing data entries
collElgProcMaxDbBatchSize: 5000
# the minimum duration (in milliseconds) between writing
# two consecutive db batches for converting the ineligible missing data entries to eligible missing data entries
collElgProcDbBatchesInterval: 1000
###############################################################################
#
# Operations section
#
###############################################################################
operations:
# host and port for the operations server
listenAddress: 127.0.0.1:9443
# TLS configuration for the operations endpoint
tls:
# TLS enabled
enabled: false #生产环境是否要设置
# path to PEM encoded server certificate for the operations server
cert:
file:
# path to PEM encoded server key for the operations server
key:
file:
# most operations service endpoints require client authentication when TLS
# is enabled. clientAuthRequired requires client certificate authentication
# at the TLS layer to access all resources.
clientAuthRequired: false
# paths to PEM encoded ca certificates to trust for client authentication
clientRootCAs:
files: []
###############################################################################
#
# Metrics section
#
###############################################################################
metrics:
# metrics provider is one of statsd, prometheus, or disabled
provider: disabled
# statsd configuration
statsd:
# network type: tcp or udp
network: udp
# statsd server address
address: 127.0.0.1:8125
# the interval at which locally cached counters and gauges are pushed
# to statsd; timings are pushed immediately
writeInterval: 10s
# prefix is prepended to all emitted statsd metrics
prefix:
到peer目录中
export FABRIC_CFG_PATH=$PWD
启动peer
peer node start >> log_peer.log 2>&1 &
!注意,不要写以下环境变量,因为所需参数在core.yaml中已经有了,写下面参数容易和peer其它命令混淆,比如CORE_PEER_MSPCONFIGPATH就不是admin的msp而应是peer的msp
# export CORE_PEER_TLS_ENABLED=true
# export CORE_PEER_LOCALMSPID="Org1MSP"
# export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt
# export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
# export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
#以上不要写,注意!!7.创建应用通道
复制所需通信证书和通道创建事务
返回peer目录
cd ~/work/example/peer
scp -r dev1@192.168.1.108:/home/dev1/work/example/order/channel-artifacts channel-artifacts
#export FABRIC_CFG_PATH=$PWD,不写此变量
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
自定义orderer的tls ca证书变量
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
创建通道
peer channel create -o orderer.example.com:7050 -c channel1 -f ./channel-artifacts/channel1.tx --outputBlock ./channel-artifacts/channel1.block --tls --cafile $ORDERER_TLSCA
如报错则将日志调整为DEBUG级别,查看原因
export FABRIC_LOGGING_SPEC=DEBUG
将peer加入到channel中
peer channel join -b ./channel-artifacts/channel1.block
验证peer是否已加入到通道中,命令会列出区块高度和最新的块的哈希值
peer channel getinfo -c channel18. 将org2的peer加入通道
复制org2的证书素材
cd ~/work/example
mkdir -p organizations/peerOrganizations
cd organizations/peerOrganizations
scp -r dev1@192.168.1.108:/home/dev1/work/example/organizations/peerOrganizations/org2.example.com org2.example.com
复制order的tls证书
cd ~/work/example/organizations/
mkdir orderer.example.com
cd orderer.example.com
scp -r dev1@192.168.1.108:/home/dev1/work/example/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts tlscacerts加入配置文件core.yaml
cd ~/work/example/peer
vim core.yaml
对照org1的core.yaml做以下修改
15 peer.id: peer0.org2.example.com
162 peer.gossip.externalEndpoint: peer0.org2.example.com:7051
254 peer.tls.cert.file: ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
258 peer.tls.key.file: ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key
261 peer.tls.rootcert.file:
../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
265 peer.tls.clientRootCAs.files:
- ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
314 peer.mspConfigPath: ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp
323 peer.localMspId: Org2MSP
设置变量,并启动peer
export FABRIC_CFG_PATH=$PWD
启动peer
peer node start >> log_peer.log 2>&1 &
!注意,不要写以下环境变量,容易和peer其它操作所需变量混淆,如CORE_PEER_MSPCONFIGPATH应是peer的msp而其它peer命令多数为admin的msp
# export CORE_PEER_TLS_ENABLED=true
# export CORE_PEER_LOCALMSPID="Org2MSP"
# export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/tls/ca.crt
# export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
# export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
#以上不要写!!系统已经有了通道channel1,Org2从Orderer获取通道的创始区块,命令中0来指定要获取的是创始区块。
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
自定义orderer的tls ca证书变量
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
mkdir channel-artifacts
peer channel fetch 0 ./channel-artifacts/channel_org2.block -o orderer.example.com:7050 -c channel1 --tls --cafile $ORDERER_TLSCA使用这个区块将Org2的peer加入通道channel1
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
自定义orderer的tls ca证书变量
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel join -b ./channel-artifacts/channel_org2.block9.设置锚节点
一个组织至少需要一个peer成为锚节点,最好设置多个锚节点以备冗余。组织的锚节点的信息在通道的配置中,组织通过升级通道来指定自己的锚节点。流程和通道更新的步骤相似。
先设置Org1的锚节点
第一步,设置环境变量,并拉取最新的通道配置区块
#export FABRIC_CFG_PATH=$PWD,不写此变量
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
自定义orderer的tls ca证书变量
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel fetch config channel-artifacts/config_block.pb -o orderer.example.com:7050 -c channel1 --tls --cafile $ORDERER_TLSCA因为最新的通道配置区块是通道创始区块,所以返回block 0
cd channel-artifacts第二步,使用configtxlator工具来操作通道配置,先将区块从protobuf转译到JSON,去掉不能理解的区块数据,只留下通道配置
configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
jq .data.data[0].payload.data.config config_block.json > config.json第三步,编辑配置文件
先复制一份
cp config.json config_copy.json用jq工具来将Org1锚节点加入到通道配置文件。注意下方.channel_group.groups.Application.groups.Org1MSP.values中Org1MSP是组织的Name不是组织的ID
jq '.channel_group.groups.Application.groups.Org1MSP.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "peer0.org1.example.com","port": 7051}]},"version": "0"}}' config_copy.json > modified_config.json
第四步,将原来的配置文件和修改过的配置文件转到protobuf格式,并核算它们之间的不同。
configtxlator proto_encode --input config.json --type common.Config --output config.pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
configtxlator compute_update --channel_id channel1 --original config.pb --updated modified_config.pb --output config_update.pb第五步,将修改的protobuf格式的配置channel_update.pb封装在事务中,并创建通道升级事务。
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"channel1", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pb第六步,更新通道配置,因为修改部分只影响Org1,另一个通道不需要签名本次升级。
cd ..
peer channel update -f channel-artifacts/config_update_in_envelope.pb -c channel1 -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA至此,Org1设置锚节点完成。
下面设置Org2
#export FABRIC_CFG_PATH=$PWD,不写此变量
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel fetch config channel-artifacts/config_block.pb -o orderer.example.com:7050 -c channel1 --tls --cafile $ORDERER_TLSCAcd channel-artifacts
configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
jq .data.data[0].payload.data.config config_block.json > config.json
cp config.json config_copy.json注意此处修改的内容host和port,要改为实际的
jq '.channel_group.groups.Application.groups.Org2MSP.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "peer0.org2.example.com","port": 7051}]},"version": "0"}}' config_copy.json > modified_config.jsonconfigtxlator proto_encode --input config.json --type common.Config --output config.pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
configtxlator compute_update --channel_id channel1 --original config.pb --updated modified_config.pb --output config_update.pbconfigtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"channel1", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pbcd ..
peer channel update -f channel-artifacts/config_update_in_envelope.pb -c channel1 -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA确认是否已升级
peer channel getinfo -c channel1
返回:
Blockchain info: {"height":3,"currentBlockHash":"eBpwWKTNUgnXGpaY2ojF4xeP3bWdjlPHuxiPCTIMxTk=","previousBlockHash":"DpJ8Yvkg79XHXNfdgneDb0jjQlXLb/wxuNypbfHMjas="}
二、部署链码
首先将链码放入自建目录中,先从Org2的peer上操作
cd ~/work/example/peer
mkdir chaincode
cp -r ../../fabric-samples/chaincode/sacc chaincode/saccOrg1从Org2上复制链码源码
cd ~/work/example/peer
mkdir chaincode
scp -r dev3@192.168.1.111:/home/dev3/work/fabric-samples/chaincode/sacc chaincode/sacc第一步,在Org1和Org2的peer上安装链码
在Org1和Org2的peer中,分别执行以下步骤,将链码安装到各自的peer上。
将链码sacc.go放入 ~/work/example/peer/chaincode/sacc中。执行以下代码配置好依赖包
cd chaincode/sacc/
go env -w GO111MODULE=on
go mod init sacc
go mod tidy
go mod vendor打包链码
cd ~/work/example/peer
#!注意此时不要设置多余的变量,以免因msp指错而出现权限问题
peer lifecycle chaincode package chaincode/sacc.tar.gz --path chaincode/sacc --lang golang --label sacc_1在peer上安装链码
Org1上安装
#export FABRIC_CFG_PATH=$PWD,不写此变量
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer lifecycle chaincode install chaincode/sacc.tar.gz
#上述命令执行后基于镜像hyperledger/fabric-ccenv:2.2构建一条安装有链码的新镜像。因此要运行链码需要hyperledger/fabric-ccenv这个镜像
#如果当前的peer运行在docker容器中,那么这个容器在创建时需要加参数“-v /var/run/docker.sock:/var/run/docker.sock”用于和主机通信,告知主机去构建链码镜像
peer lifecycle chaincode queryinstalled 查询确认一下Org2上安装
#export FABRIC_CFG_PATH=$PWD,不写此变量
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
export ORDERER_TLSCA=${PWD}/../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer lifecycle chaincode install chaincode/sacc.tar.gz
peer lifecycle chaincode queryinstalled 查询确认一下第二步,签名(审议)链码定义
Org1和Org2的peer分别执行以下操作
获取Package ID
peer lifecycle chaincode queryinstalled将Package ID放入环境变量(相同的链码,在不同的peer上,PackageID的值是一样的。但只要链码中有一点变化比如多个空格多个注释,PackageID就会不同,但不同的peer上有不同的PackageID值并不影响链码提交上线)
export CC_PACKAGE_ID=sacc_1:b33357c4012471d8bd96ba48fd2a12ada5fedfbfd6d623590295778500a0368d签名链码定义。签名链码定义是组织级别的,所以只需要一个peer节点操作,审议结果会通过gossip协议通知到组织内。
peer lifecycle chaincode approveformyorg -o orderer.example.com:7050 --channelID channel1 --init-required --name sacc --version 1.0 --package-id $CC_PACKAGE_ID --sequence 1 --tls --cafile $ORDERER_TLSCA--package-id标识链码;--sequence是整数序列,第一次部署值为1,当链码升级时值为2;--init-required 表示链码需要初始化,第一次invoke时,使用--isInit来初始化链码,执行init函数。
注意:在链码版本升级时,如果旧版本审议时有参数--init-required,则新版本的链码审议时--init-required也必须要有,否则审议通不过。
查询确认结果
peer lifecycle chaincode checkcommitreadiness --channelID channel1 --init-required --name sacc --version 1.0 --sequence 1 --tls --cafile $ORDERER_TLSCA --output json
第三步,向channel提交链码定义
当通道内大多数成员都已审议了链码定义后,可以提交链码到通道。提交需要用--peerAddresses来指定Org1和Org2中的两个节点,即需要有满足部署链码策略的足够的成员。组织已经同意了链码定义,因此选择组织中任意一个peer即可。
首先现将Org2的peer0.org2.example.com的tls证书复制过来
cd ../organizations/
mkdir -p peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/
scp -r dev1@192.168.1.108:/home/dev1/work/example/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/提交链码
cd ~/work/example/peer
peer lifecycle chaincode commit -o orderer.example.com:7050 --channelID channel1 --init-required --name sacc --version 1.0 --sequence 1 --tls --cafile $ORDERER_TLSCA --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles ${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt查询链码是否已经被提交到通道上
peer lifecycle chaincode querycommitted --channelID channel1 --name sacc --cafile $ORDERER_TLSCA提交成功了会返回
Committed chaincode definition for chaincode 'sacc' on channel 'channel1':
Version: 1.0, Sequence: 1, Endorsement Plugin: escc, Validation Plugin: vscc, Approvals: [Org1MSP: true, Org2MSP: true]三、调用链码
链码调用需要有足够的满足背书策略的节点
链码初始化
因链码定义中有--init-required,所以需要首先调用初始化函数Init。通过--isInit来指定运行Init函数
peer chaincode invoke -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles ${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt --isInit -c '{"Args":["a","bb"]}'此处因链码Init函数中使用stub.GetStringArgs()来获取参数,所以只需要传递具体值即可,不用传函数名。'{"Args":["a","bb"]}'
调用链码
此时链码中的Invoke函数,使用stub.GetFunctionAndParameters()来获取参数。第一个参数是函数名,第二个是函数参数的数组。注意需要使用--peerAddresses来收集足够多的背书节点,否则链码虽然会执行,但不会改变账本的数据。
peer chaincode invoke -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles ${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["set","a","cc"]}'查询
以下两种均可
peer chaincode invoke -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc -c '{"Args":["get","a"]}'
peer chaincode query -C channel1 -n sacc -c '{"Args":["query","a"]}'
扫一扫
789
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
