安裝Fabirc-CA-Client
獲取fabric-ca源碼
go get github.com/hyperledger/fabric-ca
切換到v1.4.0分支
git checkout v1.4.0
編譯安裝client
cd cmd/fabric-ca-client
go install
注意:需要將GOPATH/bin 添加到環境變量
Fabric-CA交互原理
啓用TLS
這裏說的tls是指fabric-ca-server和fabric-ca-client之間加密通信
先看下fabric-ca-server例子:
要啓用tls,需要配置環境變量FABRIC_CA_SERVER_TLS_ENABLED=true
version: '2'
networks:
fabric-ca:
driver: bridge
services:
rca-org1:
container_name: rca-org1
image: hyperledger/fabric-ca:1.4.0
command: sh -c 'fabric-ca-server start -d -b rca-org1-admin:rca-org1-adminpw --port 7054'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto #指定 文件生成目錄
- FABRIC_CA_SERVER_TLS_ENABLED=true # 爲true 開啓tls
- FABRIC_CA_SERVER_CSR_CN=rca-org1
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /tmp/hyperledger/org1/ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7054:7054
當fabric-ca-server啓動後會生成如下文件:
.
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── ca-cert.pem
├── fabric-ca-server-config.yaml
├── fabric-ca-server.db
├── msp
│ ├── cacerts
│ ├── keystore
│ │ ├── 152ffdda48e8cc8d94607b8643879d9be4491407ff7fb4c1276d34a58b1853f3_sk
│ │ ├── 5ec03bf46a18427f01bf1ad4dad0bb1ab2fe5a383a1af199f2f1ef479645b8bf_sk
│ │ ├── IssuerRevocationPrivateKey
│ │ └── IssuerSecretKey
│ ├── signcerts
│ └── user
└── tls-cert.pem
這裏只需要關注ca-cert.pem文件即可,fabric-ca-client要使用該文件與fabric-ca-server安全通信;通過配置環境變量FABRIC_CA_CLIENT_TLS_CERTFILES 指明證書的位置即可以實現安全的通信。
如下例子:
# 證書環境變量
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
# 客戶端 文件生成目錄
export FABRIC_CA_CLIENT_HOME=./ca/admin
# 獲取ca管理員的證書,後續需要ca的管理進行賬號註冊
fabric-ca-client enroll -d -u https://rca-org1-admin:[email protected]:7054
證書生成
證書生成需要兩步:
-
register 註冊賬號
fabric-ca-client register -d --id.name admin-org1 --id.secret org1AdminPW --id.type user -u https://0.0.0.0:7054
–id.name 是賬號名(不可重複)
–id.secret 是密碼(可不填,會自動生成)
–id.type 賬戶類型(有五種:admin、user、peer、orderer、client)
-
enroll 頒發證書
假設生成如下節點的證書:
- peer1
- peer2
- admin (組織的admin)
先註冊賬號,使用ca的管理員(只有ca的管理員纔有這個權限)註冊賬號
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
# 事先已經enroll了 ca管理的證書,這裏可以直接使用了
export FABRIC_CA_CLIENT_HOME=./ca/admin
# 註冊該組織的admin
fabric-ca-client register -d --id.name admin-org1 --id.secret org1AdminPW --id.type client -u https://0.0.0.0:7054
fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7054
fabric-ca-client register -d --id.name peer2-org1 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7054
頒發admin-org1(組織管理員)的證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./admin
fabric-ca-client enroll -d -u https://admin-org1:[email protected]:7054
頒發peer1-org1的證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./peer1
fabric-ca-client enroll -d -u https://peer1-org1:[email protected]:7054
頒發peer2-org1的證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./peer2
fabric-ca-client enroll -d -u https://peer2-org1:[email protected]:7054
證書生成如圖所示:
使用Fabirc-CA生成各節點證書
基於官方案例搭建4Fabric-ca(orderer-ca、org1-ca、org2-ca、tls-ca)節點的2組織(2peer)1排序節點的solo版fabric網絡,peer和orderer使用同一個tls-ca來頒發tls證書。
先分析一下上圖,黃色的線是向tls-ca申請tls證書用於fabric網絡各組件之間的安全通信,藍色的線是指peer與orerer進行通信,黑色的線這有兩種類型,第一種用於peer-cli與peer進行通信(創建通道、安裝鏈碼、實例化鏈碼、調用等),第二種是ca-cli向ca申請各個節點的msp證書。
啓動TLS CA
編寫tls-ca.yaml文件
version: '2'
networks:
fabric-ca:
driver: bridge
services:
ca-tls:
container_name: ca-tls
image: hyperledger/fabric-ca:1.4.0
command: sh -c 'fabric-ca-server start -d -b tls-ca-admin:tls-ca-adminpw --port 7052'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_CSR_CN=tls-ca
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /tmp/hyperledger/tls-ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7052:7052
啓動 tls-ca
docker-compose -f tls-ca.yaml up
頒發tls-ca管理員證書
mkdir tls && cd $_
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./ca/admin
fabric-ca-client enroll -d -u https://tls-ca-admin:[email protected]:7052
註冊其他節點賬號
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./ca/admin
fabric-ca-client register -d --id.name orderer1-orderer --id.secret orderer1PW --id.type orderer -u https://0.0.0.0:7052
fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052
fabric-ca-client register -d --id.name peer2-org1 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7052
fabric-ca-client register -d --id.name peer1-org2 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052
fabric-ca-client register -d --id.name peer2-org2 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7052
啓動Orderer-CA
編寫orderer-ca.yaml文件
version: '2'
networks:
fabric-ca:
driver: bridge
services:
rca-org0:
container_name: orderer-ca
image: hyperledger/fabric-ca:1.4.0
command: sh -c 'fabric-ca-server start -d -b rca-org0-admin:rca-org0-adminpw --port 7053'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=orderer-ca
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /tmp/hyperledger/orderer-ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7053:7053
啓動orderer-ca
docker-compose -f orderer-ca.yaml up
頒發orderer-ca管理員證書
cd ../
mkdir orderer && cd $_
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/orderer-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./ca/admin
fabric-ca-client enroll -d -u https://rca-org0-admin:[email protected]:7053
註冊以下賬號:
- orderer1-orderer
- admin-orderer
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/orderer-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./ca/admin
fabric-ca-client register -d --id.name orderer1-orderer --id.secret orderer1PW --id.type orderer -u https://0.0.0.0:7053
fabric-ca-client register -d --id.name admin-orderer --id.secret adminPW --id.type admin --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" -u https://0.0.0.0:7053
頒發orderer1-orderer的msp證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/orderer-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./orderer1
fabric-ca-client enroll -d -u https://orderer1-orderer:[email protected]:7053
頒發orderer1-orderer的tls證書
# 這裏指定的是tls-ca的ca-cert.pem
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
# 這裏需要指定額外的參數
# --enrollment.profile tls 證書類型tls
# --csr.hosts orderer1-orderer 訪問orderer的域名
fabric-ca-client enroll -d -u https://orderer1-orderer:[email protected]:7052 --enrollment.profile tls --csr.hosts orderer1-orderer
# 將orderer1/tls-msp/keystore/下的文件重命名爲key.pem
mv orderer1/tls-msp/keystore/93b79eab8c8a62e5ba4eba3f361574ad7785ab9da6f0de13a5903eca6add2300_sk orderer1/tls-msp/keystore/key.pem
頒發orderer組織管理員msp證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/orderer-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./admin
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://admin-orderer:[email protected]:7053
# 創建admincerts文件夾
mkdir orderer1/msp/admincerts
# 拷貝文件
cp admin/msp/signcerts/cert.pem orderer1/msp/admincerts
頒發orderer組織的msp證書
組織的msp證書來源於以下途徑:
- 本組織CA的ca-cert.pem
- TLS-CA的ca-cert.pem
- 組織管理員證書下的signcerts/cert.pem證書
mkdir msp
mkdir msp/admincerts
# 拷貝組織管理員證書下的signcerts/cert.pem證書
cp admin/msp/signcerts/cert.pem msp/admincerts/cert.pem
mkdir msp/cacerts
# 拷貝該組織ca的ca-cert.pem證書
cp /tmp/hyperledger/orderer-ca/crypto/ca-cert.pem msp/cacerts/cert.pem
mkdir msp/tlscacerts
# 拷貝tls-ca的ca-cert.pem證書
cp /tmp/hyperledger/tls-ca/crypto/ca-cert.pem msp/tlscacerts/cert.pem
完整的文件目錄如下:
.
├── admin
│ ├── fabric-ca-client-config.yaml
│ └── msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── cacerts
│ │ └── 0-0-0-0-7053.pem
│ ├── keystore
│ │ └── 8ecb3b8f0002e4bbcd180885954a64677e4e6382651db2cc5db675f44d5e32fc_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
├── ca
│ └── admin
│ ├── fabric-ca-client-config.yaml
│ └── msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── cacerts
│ │ └── 0-0-0-0-7053.pem
│ ├── keystore
│ │ └── 665a09c0d2644f05f1526553aa42203ef5f4081852596b12c1f8118b7f373189_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
├── msp
│ ├── admincerts
│ │ └── cert.pem
│ ├── cacerts
│ │ └── cert.pem
│ └── tlscacerts
│ └── cert.pem
└── orderer1
├── fabric-ca-client-config.yaml
├── msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── admincerts
│ │ └── cert.pem
│ ├── cacerts
│ │ └── 0-0-0-0-7053.pem
│ ├── keystore
│ │ └── 8a13b4cbd603ecc7218d18c499eb58ca3b44297ec12ecd7d65074a750459ab63_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
└── tls-msp
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── cacerts
├── keystore
│ └── key.pem
├── signcerts
│ └── cert.pem
├── tlscacerts
│ └── tls-0-0-0-0-7052.pem
└── user
30 directories, 27 files
啓動Org1-CA
編寫rca-org1.yaml文件
version: '2'
networks:
fabric-ca:
driver: bridge
services:
rca-org1:
container_name: rca-org1
image: hyperledger/fabric-ca:1.4.0
command: sh -c 'fabric-ca-server start -d -b rca-org1-admin:rca-org1-adminpw --port 7054'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=rca-org1
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /tmp/hyperledger/org1/ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7054:7054
啓動rca-org1
docker-compose -f rca-org1.yaml up
頒發rca-org1 CA的管理員證書
cd ..
mkdir org1 && cd $_
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_HOME=./ca/admin
fabric-ca-client enroll -d -u https://rca-org1-admin:[email protected]:7054
註冊以下賬號:
- peer1-org1
- peer2-org1
- admin-org1
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./ca/admin
fabric-ca-client register -d --id.name admin-org1 --id.secret org1AdminPW --id.type client -u https://0.0.0.0:7054
fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7054
fabric-ca-client register -d --id.name peer2-org1 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7054
頒發admin-org1的msp證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_HOME=./admin
fabric-ca-client enroll -d -u https://admin-org1:[email protected]:7054
由於高版本的fabric開啓了ou分類,admin的msp下需要添加一個ou分類文件config.yaml。
編寫config.yaml文件
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: orderer
頒發peer1-org1的msp證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_HOME=./peer1
fabric-ca-client enroll -d -u https://peer1-org1:[email protected]:7054
#拷貝證書
mkdir peer1/msp/admincerts
cp admin/msp/signcerts/cert.pem peer1/msp/admincerts
peer1的msp下添加ou分類文件config.yaml:
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: peer
頒發peer1-org1的tls證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_HOME=./peer1
fabric-ca-client enroll -d -u https://peer1-org1:[email protected]:7052 --enrollment.profile tls --csr.hosts peer1-org1
# 重命名
mv peer1/tls-msp/keystore/ca9008081c786e68842e150743017acbaa667d69bb6a03e9ba4b60c0e0e273ca_sk peer1/tls-msp/keystore/key.pem
頒發peer2-org1的msp證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_HOME=./peer2
fabric-ca-client enroll -d -u https://peer2-org1:[email protected]:7054
#拷貝證書
mkdir peer2/msp/admincerts
cp admin/msp/signcerts/cert.pem peer2/msp/admincerts
peer2的msp下添加ou分類文件config.yaml:
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/0-0-0-0-7054.pem
OrganizationalUnitIdentifier: peer
頒發peer2-org1的tls證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_HOME=./peer2
fabric-ca-client enroll -d -u https://peer2-org1:[email protected]:7052 --enrollment.profile tls --csr.hosts peer2-org1
# 重命名
mv peer2/tls-msp/keystore/ca4026081c786e68842e150743017acbaa667d69bb6a03e9ba4b60c0e0e273ca_sk peer2/tls-msp/keystore/key.pem
頒發org1組織的msp
mkdir msp
mkdir msp/admincerts
# 拷貝組織管理員證書下的signcerts/cert.pem證書
cp admin/msp/signcerts/cert.pem msp/admincerts/cert.pem
mkdir msp/cacerts
# 拷貝該組織ca的ca-cert.pem證書
cp /tmp/hyperledger/org1/ca/crypto/ca-cert.pem msp/cacerts/cert.pem
mkdir msp/tlscacerts
# 拷貝tls-ca的ca-cert.pem證書
cp /tmp/hyperledger/tls-ca/crypto/ca-cert.pem msp/tlscacerts/cert.pem
org1組織msp同樣需要ou文件,config.yaml:
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/cert.pem
OrganizationalUnitIdentifier: peer
完整目錄文件如下:
.
├── admin
│ ├── fabric-ca-client-config.yaml
│ └── msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── cacerts
│ │ └── 0-0-0-0-7054.pem
│ ├── config.yaml
│ ├── keystore
│ │ └── f21a48f340f63306e52a0d7279f1170fa62bf0dbd8813b0434d5124d8cc3fa27_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
├── ca
│ └── admin
│ ├── fabric-ca-client-config.yaml
│ └── msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── cacerts
│ │ └── 0-0-0-0-7054.pem
│ ├── keystore
│ │ └── d0b996c220c53215d205650d83ec63e7c68dd5cea3714da14681099bcbd333fd_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
├── msp
│ ├── admincerts
│ │ └── cert.pem
│ ├── cacerts
│ │ └── cert.pem
│ ├── config.yaml
│ └── tlscacerts
│ └── cert.pem
├── peer1
│ ├── fabric-ca-client-config.yaml
│ ├── msp
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── admincerts
│ │ │ └── cert.pem
│ │ ├── cacerts
│ │ │ └── 0-0-0-0-7054.pem
│ │ ├── config.yaml
│ │ ├── keystore
│ │ │ └── 20cb422f931ee2fbffec4dd16fb3d298bc561a9b2192fa7f1364859480548be1_sk
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ └── user
│ └── tls-msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── cacerts
│ ├── keystore
│ │ └── key.pem
│ ├── signcerts
│ │ └── cert.pem
│ ├── tlscacerts
│ │ └── tls-0-0-0-0-7052.pem
│ └── user
└── peer2
├── fabric-ca-client-config.yaml
├── msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── admincerts
│ │ └── cert.pem
│ ├── cacerts
│ │ └── 0-0-0-0-7054.pem
│ ├── config.yaml
│ ├── keystore
│ │ └── 7f2713aa0b8a5b4cc34093a6399cf2603e93443656525d344cb3e0cdc5546f79_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
└── tls-msp
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── cacerts
├── keystore
│ └── key.pem
├── signcerts
│ └── cert.pem
├── tlscacerts
│ └── tls-0-0-0-0-7052.pem
└── user
43 directories, 43 files
啓動Org2-CA
編寫rca-org2.yaml文件
version: '2'
networks:
fabric-ca:
driver: bridge
services:
rca-org2:
container_name: rca-org2
image: hyperledger/fabric-ca:1.4.0
command: sh -c 'fabric-ca-server start -d -b rca-org2-admin:rca-org2-adminpw --port 7055'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=rca-org2
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /tmp/hyperledger/org2/ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7055:7055
啓動rca-org2
docker-compose -f rca-org1.yaml up
頒發rca-org2 CA的管理員證書
cd ..
mkdir org2 && cd $_
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_HOME=./ca/admin
fabric-ca-client enroll -d -u https://rca-org2-admin:[email protected]:7055
註冊以下賬號:
- peer1-org1
- peer2-org1
- admin-org1
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=./ca/admin
fabric-ca-client register -d --id.name admin-org2 --id.secret org2AdminPW --id.type client -u https://0.0.0.0:7055
fabric-ca-client register -d --id.name peer1-org2 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7055
fabric-ca-client register -d --id.name peer2-org2 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7055
頒發admin-org1的msp證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_HOME=./admin
fabric-ca-client enroll -d -u https://admin-org2:[email protected]:7055
同樣的,admin的msp下需要一個ou分類文件config.yaml:
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: orderer
頒發peer1-org2的msp證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_HOME=./peer1
fabric-ca-client enroll -d -u https://peer1-org2:[email protected]:7055
#拷貝證書
mkdir peer1/msp/admincerts
cp admin/msp/signcerts/cert.pem peer1/msp/admincerts
peer1的msp下添加ou分類文件config.yaml:
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: peer
頒發peer1-org2的tls證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_HOME=./peer1
fabric-ca-client enroll -d -u https://peer1-org2:[email protected]:7052 --enrollment.profile tls --csr.hosts peer1-org2
# 重命名
mv peer1/tls-msp/keystore/adb7e0d72fd69df337f9d380e674e1c884f2f5ddb48d562fba52e7709c17adb2_sk peer1/tls-msp/keystore/key.pem
頒發peer2-org2的msp證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_HOME=./peer2
fabric-ca-client enroll -d -u https://peer2-org2:[email protected]:7055
#拷貝證書
mkdir peer2/msp/admincerts
cp admin/msp/signcerts/cert.pem peer2/msp/admincerts
peer2的msp下添加ou分類文件config.yaml:
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/0-0-0-0-7055.pem
OrganizationalUnitIdentifier: peer
頒發peer2-org2的tls證書
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_HOME=./peer2
fabric-ca-client enroll -d -u https://peer2-org2:[email protected]:7052 --enrollment.profile tls --csr.hosts peer2-org2
# 重命名
mv peer2/tls-msp/keystore/ed9f1514f22deb03b15ffbb5c8ccc8997359373cbe29b82544d4cf3148e2c488_sk peer2/tls-msp/keystore/key.pem
頒發org2組織的msp
mkdir msp
mkdir msp/admincerts
# 拷貝組織管理員證書下的signcerts/cert.pem證書
cp admin/msp/signcerts/cert.pem msp/admincerts/cert.pem
mkdir msp/cacerts
# 拷貝該組織ca的ca-cert.pem證書
cp /tmp/hyperledger/org2/ca/crypto/ca-cert.pem msp/cacerts/cert.pem
mkdir msp/tlscacerts
# 拷貝tls-ca的ca-cert.pem證書
cp /tmp/hyperledger/tls-ca/crypto/ca-cert.pem msp/tlscacerts/cert.pem
org2組織msp同樣需要ou文件,config.yaml:
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/cert.pem
OrganizationalUnitIdentifier: peer
完整目錄文件如下:
.
├── admin
│ ├── fabric-ca-client-config.yaml
│ └── msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── cacerts
│ │ └── 0-0-0-0-7055.pem
│ ├── config.yaml
│ ├── keystore
│ │ └── 44f05d0f59f434fc8fcb7d50a1059b9235ba05d954ee7386974a89f9336ba3e4_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
├── ca
│ └── admin
│ ├── fabric-ca-client-config.yaml
│ └── msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── cacerts
│ │ └── 0-0-0-0-7055.pem
│ ├── keystore
│ │ └── 88654d74808c929c79b8585985b32ea2df69630013ffd561b45a182a4c85cdee_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
├── msp
│ ├── admincerts
│ │ └── cert.pem
│ ├── cacerts
│ │ └── cert.pem
│ ├── config.yaml
│ └── tlscacerts
│ └── cert.pem
├── peer1
│ ├── fabric-ca-client-config.yaml
│ ├── msp
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── admincerts
│ │ │ └── cert.pem
│ │ ├── cacerts
│ │ │ └── 0-0-0-0-7055.pem
│ │ ├── config.yaml
│ │ ├── keystore
│ │ │ └── 5538a2a0e8b8bea523a90ca8ab2f49e6b630e7232907316c578b5c2d515dcd2a_sk
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ └── user
│ └── tls-msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── cacerts
│ ├── keystore
│ │ └── key.pem
│ ├── signcerts
│ │ └── cert.pem
│ ├── tlscacerts
│ │ └── tls-0-0-0-0-7052.pem
│ └── user
└── peer2
├── fabric-ca-client-config.yaml
├── msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── admincerts
│ │ └── cert.pem
│ ├── cacerts
│ │ └── 0-0-0-0-7055.pem
│ ├── config.yaml
│ ├── keystore
│ │ └── 0272553b73e8280b17596be21f5ea9a09089b79428eb448f070f7f4e5d4aae03_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
└── tls-msp
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── cacerts
├── keystore
│ └── key.pem
├── signcerts
│ └── cert.pem
├── tlscacerts
│ └── tls-0-0-0-0-7052.pem
└── user
43 directories, 43 files
啓動Fabric網絡組件
生成創世區塊及通道文件
configtx.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ./orderer/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &org1
Name: org1MSP
ID: org1MSP
MSPDir: ./org1/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org1MSP.admin', 'org1MSP.peer', 'org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('org1MSP.admin', 'org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('org1MSP.admin')"
AnchorPeers:
- Host: peer1-org1
Port: 7051
- &org2
Name: org2MSP
ID: org2MSP
MSPDir: ./org2/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org2MSP.admin', 'org2MSP.peer', 'org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('org2MSP.admin', 'org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('org2MSP.admin')"
AnchorPeers:
- Host: peer1-org2
Port: 7051
Capabilities:
Global: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer1-orderer:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 1kafka0:8013
- 1kafka1:8014
- 1kafka2:8015
- 1kafka3:8016
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: "ImplicitMeta"
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *org1
- *org2
OrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *org1
- *org2
Capabilities:
<<: *ApplicationCapabilities
生成創世區塊
configtxgen -outputBlock orderer/orderer1/genesis.block -profile OrgsOrdererGenesis --configPath=./
生成mychannel.tx
configtxgen -profile OrgsChannel --configPath=./ -outputCreateChannelTx mychannel.tx -channelID mychannel
複製mychannel.tx
cp mychannel.tx org1/peer1
cp mychannel.tx org2/peer1
啓動網絡組件
啓動orderer
orderer1.yaml
version: '2'
networks:
fabric-ca:
driver: bridge
services:
orderer1-org0:
container_name: orderer1-orderer
image: hyperledger/fabric-orderer
environment:
- ORDERER_HOME=/tmp/hyperledger/orderer:1.4.0
- ORDERER_HOST=orderer1-orderer
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/orderer/orderer/genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/orderer/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/orderer/orderer/tls-msp/signcerts/cert.pem
- ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/orderer/orderer/tls-msp/keystore/key.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/orderer/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs
volumes:
- /Users/finefine/fabric-ca-tls/orderer/orderer1:/tmp/hyperledger/orderer/orderer/
networks:
- fabric-ca
#啓動orderer
docker-compose -f orderer1.yaml up -d
啓動org1
-
peer1-org1
version: '2' networks: fabric-ca: driver: bridge services: peer1-org1: container_name: peer1-org1 image: hyperledger/fabric-peer:1.4.0 environment: - CORE_PEER_ID=peer1-org1 - CORE_PEER_ADDRESS=peer1-org1:7051 - CORE_PEER_LOCALMSPID=org1MSP - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/peer1/msp - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric-ca-tls_fabric-ca - FABRIC_LOGGING_SPEC=debug - CORE_PEER_TLS_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org1/peer1/tls-msp/signcerts/cert.pem - CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org1/peer1/tls-msp/keystore/key.pem - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem - CORE_PEER_GOSSIP_USELEADERELECTION=true - CORE_PEER_GOSSIP_ORGLEADER=false - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1-org1:7051 - CORE_PEER_GOSSIP_SKIPHANDSHAKE=true working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1/peer1 volumes: - /var/run:/host/var/run - /Users/finefine/fabric-ca-tls/org1/peer1:/tmp/hyperledger/org1/peer1 networks: - fabric-ca
# 啓動peer1-org1 docker-compose -f peer1-org1.yaml up -d
-
peer2-org1
version: '2' networks: fabric-ca: driver: bridge services: peer2-org1: container_name: peer2-org1 image: hyperledger/fabric-peer environment: - CORE_PEER_ID=peer2-org1 - CORE_PEER_ADDRESS=peer2-org1:7051 - CORE_PEER_LOCALMSPID=org1MSP - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/peer2/msp - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric-ca-tls_fabric-ca - FABRIC_LOGGING_SPEC=debug - CORE_PEER_TLS_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org1/peer2/tls-msp/signcerts/cert.pem - CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org1/peer2/tls-msp/keystore/key.pem - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org1/peer2/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem - CORE_PEER_GOSSIP_USELEADERELECTION=true - CORE_PEER_GOSSIP_ORGLEADER=false - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2-org1:7051 - CORE_PEER_GOSSIP_SKIPHANDSHAKE=true working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1/peer2 volumes: - /var/run:/host/var/run - /Users/finefine/fabric-ca-tls/org1/peer2:/tmp/hyperledger/org1/peer2 networks: - fabric-ca
# 啓動peer2-org1 docker-compose -f peer2-org1.yaml up -d
啓動org2
-
peer1-org2
version: '2' networks: fabric-ca: driver: bridge services: peer1-org2: container_name: peer1-org2 image: hyperledger/fabric-peer environment: - CORE_PEER_ID=peer1-org2 - CORE_PEER_ADDRESS=peer1-org2:7051 - CORE_PEER_LOCALMSPID=org2MSP - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/peer1/msp - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric-ca-tls_fabric-ca - FABRIC_LOGGING_SPEC=debug - CORE_PEER_TLS_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org2/peer1/tls-msp/signcerts/cert.pem - CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org2/peer1/tls-msp/keystore/key.pem - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem - CORE_PEER_GOSSIP_USELEADERELECTION=true - CORE_PEER_GOSSIP_ORGLEADER=false - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1-org2:7051 - CORE_PEER_GOSSIP_SKIPHANDSHAKE=true working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2/peer1 volumes: - /var/run:/host/var/run - /Users/finefine/fabric-ca-tls/org2/peer1:/tmp/hyperledger/org2/peer1 networks: - fabric-ca
# 啓動peer1-org2 docker-compose -f peer1-org2.yaml up -d
-
peer1-org2
version: '2' networks: fabric-ca: driver: bridge services: peer2-org2: container_name: peer2-org2 image: hyperledger/fabric-peer environment: - CORE_PEER_ID=peer2-org2 - CORE_PEER_ADDRESS=peer2-org2:7051 - CORE_PEER_LOCALMSPID=org2MSP - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/peer2/msp - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric-ca-tls_fabric-ca - FABRIC_LOGGING_SPEC=debug - CORE_PEER_TLS_ENABLED=true - CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org2/peer2/tls-msp/signcerts/cert.pem - CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org2/peer2/tls-msp/keystore/key.pem - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org2/peer2/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem - CORE_PEER_GOSSIP_USELEADERELECTION=true - CORE_PEER_GOSSIP_ORGLEADER=false - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2-org2:7051 - CORE_PEER_GOSSIP_SKIPHANDSHAKE=true working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2/peer2 volumes: - /var/run:/host/var/run - /Users/finefine/fabric-ca-tls/org2/peer2:/tmp/hyperledger/org2/peer2 networks: - fabric-ca
# 啓動peer2-org2 docker-compose -f peer2-org2.yaml up -d
-
cli-org2
version: '2' networks: fabric-ca: driver: bridge services: cli-org1: container_name: cli-org2 image: hyperledger/fabric-tools tty: true stdin_open: true environment: - GOPATH=/opt/gopath - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock - FABRIC_LOGGING_SPEC=DEBUG - CORE_PEER_ID=cli-org2 - CORE_PEER_ADDRESS=peer1-org2:7051 - CORE_PEER_LOCALMSPID=org2MSP - CORE_PEER_TLS_ENABLED=true - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/admin/msp working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2 command: sh volumes: - /Users/finefine/fabric-ca-tls/org2/peer1:/tmp/hyperledger/org2/peer1 - /Users/finefine/fabric-ca-tls/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode - /Users/finefine/fabric-ca-tls/org2/admin:/tmp/hyperledger/org2/admin networks: - fabric-ca
docker-compose -f cli-org2.yaml up -d
創建通道及加入通道
-
創建通道
# 進入cli-org1容器內 docker exec -it cli-org1 bash export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msp peer channel create -c mychannel -f /tmp/hyperledger/org1/peer1/mychannel.tx -o orderer1-orderer:7050 --outputBlock /tmp/hyperledger/org1/peer1/mychannel.block --tls --cafile /tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem exit # 複製 cp org1/peer1/mychannel.block org2/peer1/mychannel.block
-
加入通道
# 進入 cli-org1 容器 docker exec -it cli-org1 bash export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msp export CORE_PEER_ADDRESS=peer1-org1:7051 peer channel join -b /tmp/hyperledger/org1/peer1/mychannel.block export CORE_PEER_ADDRESS=peer2-org1:7051 peer channel join -b /tmp/hyperledger/org1/peer1/mychannel.block # 退出cli-org1容器 exit # 進入cli-org2容器 docker exec -it cli-org2 bash export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msp export CORE_PEER_ADDRESS=peer1-org2:7051 peer channel join -b /tmp/hyperledger/org2/peer1/mychannel.block export CORE_PEER_ADDRESS=peer2-org2:7051 peer channel join -b /tmp/hyperledger/org2/peer1/mychannel.block exit
安裝chaincode並初始化
安裝
-
org1
docker exec -it cli-org1 bash # peer1-org1 export CORE_PEER_ADDRESS=peer1-org1:7051 export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msp peer chaincode install -n mycc -v 1.0 -p github.com/hyperledger/fabric-samples/chaincode/go/chaincode_example02 # peer2-org1 export CORE_PEER_ADDRESS=peer2-org1:7051 peer chaincode install -n mycc -v 1.0 -p github.com/hyperledger/fabric-samples/chaincode/go/chaincode_example02
-
org2
docker exec -it cli-org2 bash # peer1-org2 export CORE_PEER_ADDRESS=peer1-org2:7051 export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msp peer chaincode install -n mycc -v 1.0 -p github.com/hyperledger/fabric-samples/chaincode/go/chaincode_example02 # peer2-org2 export CORE_PEER_ADDRESS=peer2-org2:7051 peer chaincode install -n mycc -v 1.0 -p github.com/hyperledger/fabric-samples/chaincode/go/chaincode_example02
初始化
docker exec -it cli-org2 bash
peer chaincode instantiate -C mychannel -n mycc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -o orderer1-orderer:7050 --tls --cafile /tmp/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
查詢和調用
cli-org1
docker exec -it cli-org1 bash
export CORE_PEER_ADDRESS=peer1-org1:7051
export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msp
# 查詢結果應該爲100
peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
cli-org2
docker exec -it cli-org2 bash
export CORE_PEER_ADDRESS=peer1-org2:7051
export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/admin/msp
# a轉賬給b 10
peer chaincode invoke -C mychannel -n mycc -c '{"Args":["invoke","a","b","10"]}' --tls --cafile /tmp/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
# a的查詢結果應該爲90
peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
總結
使用Fabric ca生成證書比較麻煩,fabric-ca-server 和 fabric-ca-client之間通信也開啓了tls,這個不要和fabric網絡節點的tls搞混;另外手動生成證書需要考慮高版本fabric的ou問題,如果你有興趣可下載源碼,生成的證書我也都一起打包上去了,稍稍在本地修改一下各組件的路徑,即可搭建solo版的fabric網絡。