加入Fabric联盟链的计算机结点和用户都必须要经过注册并获得CA颁发的证书,才能在联盟链中 *** 作。证书颁发机构可以提供的功能如下:
身份的注册 或连接到LDAP(Lightweight Directory Access Protocol,轻量目录访问协议)作为用户注册表;
签发登记证书(ECerts)(Enrollment Certificates)
签发交易证书(TCerts)(Transaction Certificates),在Hyperledger Fabric blockchain上交易时提供匿名性和不可链接性。
证书续期和撤销
与 Hyperledger Fabric CA 服务器交互的方式有两种:通过 Hyperledger Fabric CA 客户端或通过其中一个 Fabric SDK。与 Hyperledger Fabric CA 服务器的所有通信都是通过 REST API 进行的。
集群中的所有 Hyperledger Fabric CA 服务器共享同一个数据库以跟踪身份和证书。如果配置了 LDAP,身份信息将保存在 LDAP 而不是数据库中。
一个服务器可能包含多个 CA。每个 CA 要么是根 CA,要么是中间 CA。每个中间 CA 都有一个父 CA,它要么是根 CA,要么是另一个中间 CA。
什么是Fabric CAHyperledger Fabric CA 是 Hyperledger Fabric 的证书颁发机构 (CA)。
它提供以下功能:
Fabric CA 由服务器和客户端组件组成
生产环境建议建议为每个组织部署两个 CA,一个组织 CA 和一个 TLS CA
TLS CA:用来保护组织中节点之间的通信,生成所有节点的通信证书组织CA:
用于生成组织和节点身份
排序服务节点不应该与peer所属同一组织,因此需要为peer所在组织和排序服务节点单独创建组织
部署CA 服务时应遵循部署顺序为:
1)TLS CA
2) 组织 CA
###依赖及go环境
yum install libtool libltdl-dev go docker
###另需要
docker-compose
TLS CA 用于颁发 TLS 证书。需要这些证书来保护各种进程之间的通信。
1.启动TLS CA 容器ca-tls:
container_name: ca-tls
image: hyperledger/fabric-ca
command: sh -c 'fabric-ca-server start -d -b tls-ca-admin:tls-ca-adminpw --port 7052'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=ca-tls
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /tmp/hyperledger/tls/ca:/tmp/hyperledger/fabric-ca
ports:
- 7052:7052
docker-compose up -d ca-tls
[root@10 hyperledger]# tree
.
└── tls
└── ca
└── crypto
├── ca-cert.pem ####TLS CA 的签名证书
├── fabric-ca-server-config.yaml
├── fabric-ca-server.db
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── msp ###是定义管理该组织有效身份规则的组件
│ ├── cacerts
│ ├── keystore ####用于身份签名 *** 作
│ │ ├── 5d3c6784f5d5d0df8f368e6cda6c483f5ebe8b7189fa8817c3543b487b654bdf_sk
│ │ ├── IssuerRevocationPrivateKey
│ │ └── IssuerSecretKey
│ ├── signcerts
│ └── user
└── tls-cert.pem
TLS CA 的受信任根证书已复制到/tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem
cp /tmp/hyperledger/tls-ca/crypto/tls-cert.pem /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/tls-ca/admin
fabric-ca-client enroll -d -u https://tls-ca-admin:tls-ca-adminpw@0.0.0.0:7052
fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052
fabric-ca-client register -d --id.name peer2-org1 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7052
fabric-ca-client register -d --id.name peer1-org2 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052
fabric-ca-client register -d --id.name peer2-org2 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7052
fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052
####查看注册的实体
[root@10 tls-ca]# fabric-ca-client identity list
Name: tls-ca-admin, Type: client, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.GenCRL Value:1 ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:hf.AffiliationMgr Value:1 ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:hf.Revoker Value:1 ECert:false} {Name:hf.IntermediateCA Value:1 ECert:false}]
Name: peer1-org1, Type: peer, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.EnrollmentID Value:peer1-org1 ECert:true} {Name:hf.Type Value:peer ECert:true} {Name:hf.Affiliation Value: ECert:true}]
Name: peer2-org1, Type: peer, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.EnrollmentID Value:peer2-org1 ECert:true} {Name:hf.Type Value:peer ECert:true} {Name:hf.Affiliation Value: ECert:true}]
Name: peer1-org2, Type: peer, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.EnrollmentID Value:peer1-org2 ECert:true} {Name:hf.Type Value:peer ECert:true} {Name:hf.Affiliation Value: ECert:true}]
Name: peer2-org2, Type: peer, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.EnrollmentID Value:peer2-org2 ECert:true} {Name:hf.Type Value:peer ECert:true} {Name:hf.Affiliation Value: ECert:true}]
Name: orderer1-org0, Type: orderer, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.EnrollmentID Value:orderer1-org0 ECert:true} {Name:hf.Type Value:orderer ECert:true} {Name:hf.Affiliation Value: ECert:true}]
rca-org0:
container_name: rca-org0
image: hyperledger/fabric-ca
command: /bin/bash -c 'fabric-ca-server start -d -b rca-org0-admin:rca-org0-adminpw --port 7053'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=rca-org0
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /tmp/hyperledger/org0/ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7053:7053
docker-compose up -d rca-org0
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/ca/admin
fabric-ca-client enroll -d -u https://rca-org0-admin:rca-org0-adminpw@0.0.0.0:7053
fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererpw --id.type orderer -u https://0.0.0.0:7053
fabric-ca-client register -d --id.name admin-org0 --id.secret org0adminpw --id.type admin --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" -u https://0.0.0.0:7053
admin/
├── fabric-ca-client-config.yaml
└── msp
├── cacerts
│ └── 0-0-0-0-7053.pem ##CA 的公共证书
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── keystore
│ └── 2da4e5e8d777be61fc29e81b4295c97f40395a0d9cbe7dddbfd12e8c6beda6af_sk ##客户端生成的私钥
├── signcerts
│ └── cert.pem ##CA 签发的 admin 的证书
└── user
rca-org1:
container_name: rca-org1
image: hyperledger/fabric-ca
command: /bin/bash -c 'fabric-ca-server start -d -b rca-org1-admin:rca-org1-adminpw'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=rca-org1
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /tmp/hyperledger/org1/ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7055:7054
docker-compose up -d rca-org1
Peer 1 (peer1-org1)
Peer 2 (peer2-org1)
Admin (admin1-org1)
End user (user-org1)
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/ca/admin
fabric-ca-client enroll -d -u https://rca-org1-admin:rca-org1-adminpw@0.0.0.0:7054
fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7054
fabric-ca-client register -d --id.name peer2-org1 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7054
fabric-ca-client register -d --id.name admin-org1 --id.secret org1AdminPW --id.type user -u https://0.0.0.0:7054
fabric-ca-client register -d --id.name user-org1 --id.secret org1UserPW --id.type user -u https://0.0.0.0:7054
rca-org2:
container_name: rca-org2
image: hyperledger/fabric-ca
command: /bin/bash -c 'fabric-ca-server start -d -b rca-org2-admin:rca-org2-adminpw --port 7055'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=rca-org2
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- /tmp/hyperledger/org2/ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7055:7055
docker-compose up -d rca-org2
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/ca/admin
fabric-ca-client enroll -d -u https://rca-org2-admin:rca-org2-adminpw@0.0.0.0:7055
fabric-ca-client register -d --id.name peer1-org2 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7055
fabric-ca-client register -d --id.name peer2-org2 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7055
fabric-ca-client register -d --id.name admin-org2 --id.secret org2AdminPW --id.type user -u https://0.0.0.0:7055
fabric-ca-client register -d --id.name user-org2 --id.secret org2UserPW --id.type user -u https://0.0.0.0:7055
mkdir -p /tmp/hyperledger/org1/peer1/assets/ca/
cp /tmp/hyperledger/org1/ca/crypto/ca-cert.pem /tmp/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/peer1
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://peer1-org1:peer1PW@0.0.0.0:7054
mkdir -p /tmp/hyperledger/org1/peer1/assets/tls-ca/
cp /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem /tmp/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -d -u https://peer1-org1:peer1PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer1-org1
mv /tmp/hyperledger/org1/peer1/tls-msp/keystore/* /tmp/hyperledger/org1/peer1/tls-msp/keystore/key.pem
peer1/
├── assets
│ ├── ca
│ │ └── org1-ca-cert.pem
│ └── tls-ca
│ └── tls-ca-cert.pem
├── fabric-ca-client-config.yaml
├── msp
│ ├── cacerts
│ │ └── 0-0-0-0-7054.pem
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── keystore
│ │ └── 4e0d66e16474f51dbc65b0d1b32a8db5f6498ab59d906d5777ec3c134c503814_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
└── tls-msp
├── cacerts
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── keystore
│ └── key.pem
├── signcerts
│ └── cert.pem
├── tlscacerts
│ └── tls-0-0-0-0-7052.pem
└── user
总结:org1组织注册peer1节点时需要
1.org1的CA证书
2.因为启用tls,因此需要tls-ca服务器生成的tls-ca-cert.pem
mkdir -p /tmp/hyperledger/org1/peer2/assets/ca/
cp /tmp/hyperledger/org1/ca/crypto/ca-cert.pem /tmp/hyperledger/org1/peer2/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/peer2
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer2/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://peer2-org1:peer2PW@0.0.0.0:7054
mkdir -p /tmp/hyperledger/org1/peer2/assets/tls-ca/
cp /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem /tmp/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -d -u https://peer2-org1:peer2PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer2-org1
mv /tmp/hyperledger/org1/peer2/tls-msp/keystore/* /tmp/hyperledger/org1/peer2/tls-msp/keystore/key.pem
管理员身份负责安装和实例化链码等活动
1.注册export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://admin-org1:org1AdminPW@0.0.0.0:7054
mkdir /tmp/hyperledger/org1/peer1/msp/admincerts
cp /tmp/hyperledger/org1/admin/msp/signcerts/cert.pem /tmp/hyperledger/org1/peer1/msp/admincerts/org1-admin-cert.pem
mkdir /tmp/hyperledger/org1/peer2/msp/admincerts
cp /tmp/hyperledger/org1/admin/msp/signcerts/cert.pem /tmp/hyperledger/org1/peer2/msp/admincerts/org1-admin-cert.pem
peer1-org1:
container_name: peer1-org1
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ID=peer1-org1
- CORE_PEER_ADDRESS=peer1-org1:7051
- CORE_PEER_LOCALMSPID=org1MSP
- CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/peer1/msp
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=guide_fabric-ca
- FABRIC_LOGGING_SPEC=debug
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org1/peer1/tls-msp/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org1/peer1/tls-msp/keystore/key.pem
- CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1-org1:7051
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1/peer1
volumes:
- /var/run:/host/var/run
- /tmp/hyperledger/org1/peer1:/tmp/hyperledger/org1/peer1
networks:
- fabric-ca
peer2-org1:
container_name: peer2-org1
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ID=peer2-org1
- CORE_PEER_ADDRESS=peer2-org1:7051
- CORE_PEER_LOCALMSPID=org1MSP
- CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/peer2/msp
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=guide_fabric-ca
- FABRIC_LOGGING_SPEC=grpc=debug:info
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org1/peer2/tls-msp/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org1/peer2/tls-msp/keystore/key.pem
- CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org1/peer2/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2-org1:7051
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1-org1:7051
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1/peer2
volumes:
- /var/run:/host/var/run
- /tmp/hyperledger/org1/peer2:/tmp/hyperledger/org1/peer2
networks:
- fabric-ca
docker-compose up -d peer1-org1
docker-compose up -d peer2-org1
[root@10 fabric]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
2b7d1147d741 hyperledger/fabric-peer "peer node start" 6 seconds ago Up 4 seconds peer2-org1
fef2d1952d4b hyperledger/fabric-peer "peer node start" 12 seconds ago Up 10 seconds peer1-org1
945dfba7fa98 hyperledger/fabric-ca "/bin/bash -c 'fabri…" 19 minutes ago Up 19 minutes 7054/tcp, 0.0.0.0:7055->7055/tcp, :::7055->7055/tcp rca-org2
7d70b48b744f hyperledger/fabric-ca "sh -c 'fabric-ca-se…" 25 minutes ago Up 25 minutes 0.0.0.0:7054->7054/tcp, :::7054->7054/tcp rca-org1
ad553f6dcd0d hyperledger/fabric-ca "sh -c 'fabric-ca-se…" 26 minutes ago Up 26 minutes 0.0.0.0:7053->7053/tcp, :::7053->7053/tcp, 7054/tcp rca-org0
ef32ef95b701 hyperledger/fabric-ca "sh -c 'fabric-ca-se…" 34 minutes ago Up 34 minutes 0.0.0.0:7052->7052/tcp, :::7052->7052/tcp, 7054/tcp ca-tls
mkdir -p /tmp/hyperledger/org2/peer1/assets/ca/
cp /tmp/hyperledger/org2/ca/crypto/ca-cert.pem /tmp/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/peer1
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://peer1-org2:peer1PW@0.0.0.0:7055
mkdir -p /tmp/hyperledger/org2/peer1/assets/tls-ca/
cp /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem /tmp/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -d -u https://peer1-org2:peer1PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer1-org2
mv /tmp/hyperledger/org2/peer1/tls-msp/keystore/* /tmp/hyperledger/org2/peer1/tls-msp/keystore/key.pem
mkdir -p /tmp/hyperledger/org2/peer2/assets/ca/
cp /tmp/hyperledger/org2/ca/crypto/ca-cert.pem /tmp/hyperledger/org2/peer2/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/peer2
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer2/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://peer2-org2:peer2PW@0.0.0.0:7055
mkdir -p /tmp/hyperledger/org2/peer2/assets/tls-ca/
cp /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem /tmp/hyperledger/org2/peer2/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer2/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -d -u https://peer2-org2:peer2PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer2-org2
mv /tmp/hyperledger/org2/peer2/tls-msp/keystore/* /tmp/hyperledger/org2/peer2/tls-msp/keystore/key.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://admin-org2:org2AdminPW@0.0.0.0:7055
mkdir /tmp/hyperledger/org2/peer1/msp/admincerts
cp /tmp/hyperledger/org2/admin/msp/signcerts/cert.pem /tmp/hyperledger/org2/peer1/msp/admincerts/org2-admin-cert.pem
mkdir /tmp/hyperledger/org2/peer2/msp/admincerts
cp /tmp/hyperledger/org2/admin/msp/signcerts/cert.pem /tmp/hyperledger/org2/peer2/msp/admincerts/org2-admin-cert.pem
peer1-org2:
container_name: peer1-org2
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ID=peer1-org2
- CORE_PEER_ADDRESS=peer1-org2:7051
- CORE_PEER_LOCALMSPID=org2MSP
- CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/peer1/msp
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=guide_fabric-ca
- FABRIC_LOGGING_SPEC=debug
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org2/peer1/tls-msp/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org2/peer1/tls-msp/keystore/key.pem
- CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1-org2:7051
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2/peer1
volumes:
- /var/run:/host/var/run
- /tmp/hyperledger/org2/peer1:/tmp/hyperledger/org2/peer1
networks:
- fabric-ca
peer2-org2:
container_name: peer2-org2
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ID=peer2-org2
- CORE_PEER_ADDRESS=peer2-org2:7051
- CORE_PEER_LOCALMSPID=org2MSP
- CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/peer2/msp
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=guide_fabric-ca
- FABRIC_LOGGING_SPEC=debug
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org2/peer2/tls-msp/signcerts/cert.pem
- CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org2/peer2/tls-msp/keystore/key.pem
- CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org2/peer2/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2-org2:7051
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1-org2:7051
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2/peer2
volumes:
- /var/run:/host/var/run
- /tmp/hyperledger/org2/peer2:/tmp/hyperledger/org2/peer2
networks:
- fabric-ca
docker-compose up -d peer1-org2
docker-compose up -d peer2-org2
[root@10 fabric]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
81f32b4d987c hyperledger/fabric-peer "peer node start" 13 seconds ago Up 11 seconds peer2-org2
87392ed96282 hyperledger/fabric-peer "peer node start" 17 seconds ago Up 16 seconds peer1-org2
2b7d1147d741 hyperledger/fabric-peer "peer node start" 51 minutes ago Up 51 minutes peer2-org1
fef2d1952d4b hyperledger/fabric-peer "peer node start" 51 minutes ago Up 51 minutes peer1-org1
945dfba7fa98 hyperledger/fabric-ca "/bin/bash -c 'fabri…" About an hour ago Up About an hour 7054/tcp, 0.0.0.0:7055->7055/tcp, :::7055->7055/tcp rca-org2
7d70b48b744f hyperledger/fabric-ca "sh -c 'fabric-ca-se…" About an hour ago Up About an hour 0.0.0.0:7054->7054/tcp, :::7054->7054/tcp rca-org1
ad553f6dcd0d hyperledger/fabric-ca "sh -c 'fabric-ca-se…" About an hour ago Up About an hour 0.0.0.0:7053->7053/tcp, :::7053->7053/tcp, 7054/tcp rca-org0
ef32ef95b701 hyperledger/fabric-ca "sh -c 'fabric-ca-se…" About an hour ago Up About an hour 0.0.0.0:7052->7052/tcp, :::7052->7052/tcp, 7054/tcp ca-tls
mkdir -p /tmp/hyperledger/org0/orderer/assets/ca
cp /tmp/hyperledger/org0/ca/crypto/ca-cert.pem /tmp/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderer
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pem
fabric-ca-client enroll -d -u https://orderer1-org0:ordererpw@0.0.0.0:7053
mkdir -p /tmp/hyperledger/org0/orderer/assets/tls-ca/
cp /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem /tmp/hyperledger/org0/orderer/assets/tls-ca/
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -d -u https://orderer1-org0:ordererPW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts orderer1-org0
mv /tmp/hyperledger/org0/orderer/tls-msp/keystore/* /tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://admin-org0:org0adminpw@0.0.0.0:7053
mkdir /tmp/hyperledger/org0/orderer/msp/admincerts
cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /tmp/hyperledger/org0/orderer/msp/admincerts/orderer-admin-cert.pem
mkdir -p /tmp/hyperledger/org0/msp/{admincerts,cacerts,tlscacerts,users}
mkdir -p /tmp/hyperledger/org1/msp/{admincerts,cacerts,tlscacerts,users}
mkdir -p /tmp/hyperledger/org2/msp/{admincerts,cacerts,tlscacerts,users}
org0
cp /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem /tmp/hyperledger/org0/msp/tlscacerts/
cp /tmp/hyperledger/org0/ca/crypto/ca-cert.pem /tmp/hyperledger/org0/msp/cacerts/org0-ca-cert.pem
cp /tmp/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pem /tmp/hyperledger/org0/msp/admincerts/admin-org0-cert.pem
org1
cp /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem /tmp/hyperledger/org1/msp/tlscacerts/
cp /tmp/hyperledger/org1/ca/crypto/ca-cert.pem /tmp/hyperledger/org1/msp/cacerts/org1-ca-cert.pem
cp /tmp/hyperledger/org1/admin/msp/cacerts/0-0-0-0-7054.pem /tmp/hyperledger/org1/msp/admincerts/admin-org1-cert.pem
org2
cp /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem /tmp/hyperledger/org2/msp/tlscacerts/
cp /tmp/hyperledger/org2/ca/crypto/ca-cert.pem /tmp/hyperledger/org2/msp/cacerts/org2-ca-cert.pem
cp /tmp/hyperledger/org2/admin/msp/cacerts/0-0-0-0-7055.pem /tmp/hyperledger/org2/msp/admincerts/admin-org2-cert.pem
Organizations:
- &org0
Name: org0
ID: org0MSP
MSPDir: /tmp/hyperledger/org0/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org0MSP.member')"
Writers:
Type: Signature
Rule: "OR('org0MSP.member')"
Admins:
Type: Signature
Rule: "OR('org0MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('org0MSP.member')"
- &org1
Name: org1
ID: org1MSP
MSPDir: /tmp/hyperledger/org1/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org1MSP.admin', 'org1MSP.peer', 'org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('org1MSP.admin', 'org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('org1MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('org1MSP.peer')"
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
- &org2
Name: org2
ID: org2MSP
MSPDir: /tmp/hyperledger/org2/msp
Policies:
Readers:
Type: Signature
Rule: "OR('org2MSP.admin', 'org2MSP.peer', 'org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('org2MSP.admin', 'org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('org2MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('org2MSP.peer')"
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
Capabilities:
# Channel capabilities apply to both the orderers and the peers and must be
# supported by both.
# Set the value of the capability to true to require it.
Channel: &ChannelCapabilities
# V2.0 for Channel is a catchall flag for behavior which has been
# determined to be desired for all orderers and peers running at the v2.0.0
# level, but which would be incompatible with orderers and peers from
# prior releases.
# Prior to enabling V2.0 channel capabilities, ensure that all
# orderers and peers on a channel are at v2.0.0 or later.
V2_0: true
# Orderer capabilities apply only to the orderers, and may be safely
# used with prior release peers.
# Set the value of the capability to true to require it.
Orderer: &OrdererCapabilities
# V1.1 for Orderer is a catchall flag for behavior which has been
# determined to be desired for all orderers running at the v1.1.x
# level, but which would be incompatible with orderers from prior releases.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
V2_0: true
# Application capabilities apply only to the peer network, and may be safely
# used with prior release orderers.
# Set the value of the capability to true to require it.
Application: &ApplicationCapabilities
# V2.0 for Application enables the new non-backwards compatible
# features and fixes of fabric v2.0.
# Prior to enabling V2.0 orderer capabilities, ensure that all
# orderers on a channel are at v2.0.0 or later.
V2_0: true
Application: &ApplicationDefaults
Organizations:
# Policies defines the set of policies at this level of the config tree
# For Application policies, their canonical path is
# /Channel/Application/cd /tmp/hyperledger
[root@10 hyperledger]# ll
总用量 8
-rwxr-xr-x 1 root root 7460 5月 30 14:48 configtx.yaml
drwxr-xr-x 6 root root 55 5月 31 15:46 org0
drwxr-xr-x 7 root root 66 5月 31 15:46 org1
drwxr-xr-x 7 root root 66 5月 31 15:46 org2
drwxr-xr-x 4 root root 33 5月 31 14:24 tls-ca
[root@10 hyperledger]# export FABRIC_CFG_PATH=$PWD
[root@10 hyperledger]# configtxgen -profile OrgsOrdererGenesis -outputBlock /tmp/hyperledger/org0/orderer/genesis.block -channelID syschannel
2022-05-31 15:54:00.751 CST 0001 INFO [common.tools.configtxgen] main -> Loading configuration
2022-05-31 15:54:00.756 CST 0002 INFO [common.tools.configtxgen.localconfig] completeInitialization -> orderer type: solo
2022-05-31 15:54:00.757 CST 0003 INFO [common.tools.configtxgen.localconfig] Load -> Loaded configuration: /tmp/hyperledger/configtx.yaml
2022-05-31 15:54:00.758 CST 0004 INFO [common.tools.configtxgen] doOutputBlock -> Generating genesis block
2022-05-31 15:54:00.758 CST 0005 INFO [common.tools.configtxgen] doOutputBlock -> Creating system channelgenesis block
2022-05-31 15:54:00.758 CST 0006 INFO [common.tools.configtxgen] doOutputBlock -> Writing genesis block
[root@10 hyperledger]# configtxgen -profile OrgsChannel -outputCreateChannelTx /tmp/hyperledger/org0/orderer/channel.tx -channelID mychannel
2022-05-31 15:54:05.358 CST 0001 INFO [common.tools.configtxgen] main -> Loading configuration
2022-05-31 15:54:05.364 CST 0002 INFO [common.tools.configtxgen.localconfig] Load -> Loaded configuration: /tmp/hyperledger/configtx.yaml
2022-05-31 15:54:05.364 CST 0003 INFO [common.tools.configtxgen] doOutputChannelCreateTx -> Generating new channel configtx
2022-05-31 15:54:05.366 CST 0004 INFO [common.tools.configtxgen] doOutputChannelCreateTx -> Writing new channel tx
查看channel.tx,genesis.block
[root@10 hyperledger]# ls /tmp/hyperledger/org0/orderer/
assets channel.tx fabric-ca-client-config.yaml genesis.block msp tls-msp
docker-compose up -d orderer1-org0
cli-org1:
container_name: cli-org1
image: hyperledger/fabric-tools:1.4.2
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer1-org1:7051
- CORE_PEER_LOCALMSPID=org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1
command: sh
volumes:
- /tmp/hyperledger/org1/peer1:/tmp/hyperledger/org1/peer1
- /tmp/hyperledger/org1/peer2:/tmp/hyperledger/org1/peer2
- /tmp/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode
- /tmp/hyperledger/org1/admin:/tmp/hyperledger/org1/admin
networks:
- fabric-ca
cli-org2:
container_name: cli-org2
image: hyperledger/fabric-tools:1.4.2
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer1-org2:7051
- CORE_PEER_LOCALMSPID=org2MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
- CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/admin/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2
command: sh
volumes:
- /tmp/hyperledger/org2/peer1:/tmp/hyperledger/org2/peer1
- /tmp/hyperledger/org2/peer2:/tmp/hyperledger/org2/peer2
- /tmp/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode
- /tmp/hyperledger/org2/admin:/tmp/hyperledger/org2/admin
networks:
- fabric-ca
docker-compose up -d cli-org1 cli-org2
将通道配置文件复制到peer1
cp /tmp/hyperledger/org0/orderer/channel.tx /tmp/hyperledger/org1/peer1/assets/
docker exec -it cli-org1 sh
peer channel create -c mychannel -f create -c mychannel -f /tmp/hyperledger/org1/peer1/assets/channel.tx -o orderer1-/tmp/hyperledger/org1/peorg0:7050 --outputBlock /tmp/hyperledger/org1/peer1/assets/mychannel.block --tls -acerts/tls-0-0-0-0-7052.-cafile /tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
#2022-06-06 01:33:02.485 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
#2022-06-06 01:33:02.542 UTC [cli.common] readBlock -> INFO 002 Received block: 0
结果是mychannel.block保存在org1/peer1/assets/
3)peer1、peer2加入通道使用 org1 终端加入peer1-org1和peer2 -org1
export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msp
export CORE_PEER_ADDRESS=peer1-org1:7051
peer channel join -b /tmp/hyperledger/org1/peer1/assets/mychannel.block
#2022-06-06 01:37:26.983 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
#2022-06-06 01:37:27.149 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
export CORE_PEER_ADDRESS=peer2-org1:7051
peer channel join -b /tmp/hyperledger/org1/peer1/assets/mychannel.block
#2022-06-06 01:38:39.334 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
#2022-06-06 01:38:39.483 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)