-
Fabric二进制建链
零、前言
0.1、目标
在
Hyperledger Fabric v2.2.0版本下,参考test-network测试网络(docker)的搭建,使用最原生(二进制)的方式,在192.168.3.128单主机搭建fabric,要求1个排序节点orderer0,1个对等节点peer0,都在单机构org1下;要求使用raft共识类型;同时要求使用Fabric CA服务替代生产网络不推荐的cryptogen的方式。0.2、相关资料
- 官方文档:https://hyperledger-fabric.readthedocs.io/en/release-2.2/
- 项目地址:https://github.com/hyperledger/fabric/tree/v2.2.0
一、准备工作
1.1、建目录
根据默认规则在~/fabric/下,建好组织和节点目录:
mkdir -p ~/fabric/organizations/ordererOrganizations/org1.example.com/msp mkdir -p ~/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com mkdir -p ~/fabric/organizations/peerOrganizations/org1.example.com/msp mkdir -p ~/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com mkdir -p ~/fabric/bin mkdir -p ~/fabric/config- 1
- 2
- 3
- 4
- 5
- 6
1.2、下载二进制和配置文件
根据之前测试网络的经验,查看https://github.com/hyperledger/fabric/blob/v2.2.0/scripts/bootstrap.sh文件,确定Fabric CA和二进制版本:
# if version not passed in, default to latest released version VERSION=2.2.0 # if ca version not passed in, default to latest released version CA_VERSION=1.4.7- 1
- 2
- 3
- 4
所以分别下载对应版本:
- https://github.com/hyperledger/fabric-ca/releases/download/v1.4.7/hyperledger-fabric-ca-linux-amd64-1.4.7.tar.gz
- https://github.com/hyperledger/fabric/releases/download/v2.2.0/hyperledger-fabric-linux-amd64-2.2.0.tar.gz
解压在~/fabric/下,得到:
/home/songzehao/fabric ├── bin │ ├── configtxgen │ ├── configtxlator │ ├── cryptogen │ ├── discover │ ├── fabric-ca-client │ ├── fabric-ca-server │ ├── idemixgen │ ├── orderer │ └── peer ├── config │ ├── configtx.yaml │ ├── core.yaml │ └── orderer.yaml └── organizations ├── ordererOrganizations │ └── org1.example.com │ ├── msp │ └── orderers │ └── orderer0.org1.example.com └── peerOrganizations └── org1.example.com ├── msp └── peers └── peer0.org1.example.com 13 directories, 12 files- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
在/etc/profile中新增环境变量,并source生效:
export PATH=/home/songzehao/fabric/bin:$PATH export FABRIC_CA_CLIENT_HOME=/home/songzehao/fabric/fabric-ca-client export FABRIC_CFG_PATH=/home/songzehao/fabric/config- 1
- 2
- 3
二、fabric-ca-server
2.1、配置fabric-ca-server
在~/fabric下放置fabric-ca服务端配置文件
fabric-ca-server-config.yaml,注意配置csr.hosts为自己机器的IP(192.168.3.128):############################################################################# # This is a configuration file for the fabric-ca-server command. # # COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES # ------------------------------------------------ # Each configuration element can be overridden via command line # arguments or environment variables. The precedence for determining # the value of each element is as follows: # 1) command line argument # Examples: # a) --port 443 # To set the listening port # b) --ca.keyfile ../mykey.pem # To set the "keyfile" element in the "ca" section below; # note the '.' separator character. # 2) environment variable # Examples: # a) FABRIC_CA_SERVER_PORT=443 # To set the listening port # b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem" # To set the "keyfile" element in the "ca" section below; # note the '_' separator character. # 3) configuration file # 4) default value (if there is one) # All default values are shown beside each element below. # # FILE NAME ELEMENTS # ------------------ # The value of all fields whose name ends with "file" or "files" are # name or names of other files. # For example, see "tls.certfile" and "tls.clientauth.certfiles". # The value of each of these fields can be a simple filename, a # relative path, or an absolute path. If the value is not an # absolute path, it is interpretted as being relative to the location # of this configuration file. # ############################################################################# # Version of config file version: 1.2.0 # Server's listening port (default: 7054) port: 7054 # Enables debug logging (default: false) debug: false # Size limit of an acceptable CRL in bytes (default: 512000) crlsizelimit: 512000 ############################################################################# # TLS section for the server's listening port # # The following types are supported for client authentication: NoClientCert, # RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven, # and RequireAndVerifyClientCert. # # Certfiles is a list of root certificate authorities that the server uses # when verifying client certificates. ############################################################################# tls: # Enable TLS (default: false) enabled: true # TLS for the server's listening port certfile: keyfile: clientauth: type: noclientcert certfiles: ############################################################################# # The CA section contains information related to the Certificate Authority # including the name of the CA, which should be unique for all members # of a blockchain network. It also includes the key and certificate files # used when issuing enrollment certificates (ECerts) and transaction # certificates (TCerts). # The chainfile (if it exists) contains the certificate chain which # should be trusted for this CA, where the 1st in the chain is always the # root CA certificate. ############################################################################# ca: # Name of this CA name: ca-org1 # Key file (is only used to import a private key into BCCSP) keyfile: # Certificate file (default: ca-cert.pem) certfile: # Chain file chainfile: ############################################################################# # The gencrl REST endpoint is used to generate a CRL that contains revoked # certificates. This section contains configuration options that are used # during gencrl request processing. ############################################################################# crl: # Specifies expiration for the generated CRL. The number of hours # specified by this property is added to the UTC time, the resulting time # is used to set the 'Next Update' date of the CRL. expiry: 24h ############################################################################# # The registry section controls how the fabric-ca-server does two things: # 1) authenticates enrollment requests which contain a username and password # (also known as an enrollment ID and secret). # 2) once authenticated, retrieves the identity's attribute names and # values which the fabric-ca-server optionally puts into TCerts # which it issues for transacting on the Hyperledger Fabric blockchain. # These attributes are useful for making access control decisions in # chaincode. # There are two main configuration options: # 1) The fabric-ca-server is the registry. # This is true if "ldap.enabled" in the ldap section below is false. # 2) An LDAP server is the registry, in which case the fabric-ca-server # calls the LDAP server to perform these tasks. # This is true if "ldap.enabled" in the ldap section below is true, # which means this "registry" section is ignored. ############################################################################# registry: # Maximum number of times a password/secret can be reused for enrollment # (default: -1, which means there is no limit) maxenrollments: -1 # Contains identity information which is used when LDAP is disabled identities: - name: admin pass: adminpw type: client affiliation: "" attrs: hf.Registrar.Roles: "*" hf.Registrar.DelegateRoles: "*" hf.Revoker: true hf.IntermediateCA: true hf.GenCRL: true hf.Registrar.Attributes: "*" hf.AffiliationMgr: true ############################################################################# # Database section # Supported types are: "sqlite3", "postgres", and "mysql". # The datasource value depends on the type. # If the type is "sqlite3", the datasource value is a file name to use # as the database store. Since "sqlite3" is an embedded database, it # may not be used if you want to run the fabric-ca-server in a cluster. # To run the fabric-ca-server in a cluster, you must choose "postgres" # or "mysql". ############################################################################# db: type: sqlite3 datasource: fabric-ca-server.db tls: enabled: false certfiles: client: certfile: keyfile: ############################################################################# # LDAP section # If LDAP is enabled, the fabric-ca-server calls LDAP to: # 1) authenticate enrollment ID and secret (i.e. username and password) # for enrollment requests; # 2) To retrieve identity attributes ############################################################################# ldap: # Enables or disables the LDAP client (default: false) # If this is set to true, the "registry" section is ignored. enabled: false # The URL of the LDAP server url: ldap://: @ : / # TLS configuration for the client connection to the LDAP server tls: certfiles: client: certfile: keyfile: # Attribute related configuration for mapping from LDAP entries to Fabric CA attributes attribute: # 'names' is an array of strings containing the LDAP attribute names which are # requested from the LDAP server for an LDAP identity's entry names: ['uid','member'] # The 'converters' section is used to convert an LDAP entry to the value of # a fabric CA attribute. # For example, the following converts an LDAP 'uid' attribute # whose value begins with 'revoker' to a fabric CA attribute # named "hf.Revoker" with a value of "true" (because the boolean expression # evaluates to true). # converters: # - name: hf.Revoker # value: attr("uid") =~ "revoker*" converters: - name: value: # The 'maps' section contains named maps which may be referenced by the 'map' # function in the 'converters' section to map LDAP responses to arbitrary values. # For example, assume a user has an LDAP attribute named 'member' which has multiple # values which are each a distinguished name (i.e. a DN). For simplicity, assume the # values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'. # Further assume the following configuration. # converters: # - name: hf.Registrar.Roles # value: map(attr("member"),"groups") # maps: # groups: # - name: dn1 # value: peer # - name: dn2 # value: client # The value of the user's 'hf.Registrar.Roles' attribute is then computed to be # "peer,client,dn3". This is because the value of 'attr("member")' is # "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of # "group" replaces "dn1" with "peer" and "dn2" with "client". maps: groups: - name: value: ############################################################################# # Affiliations section. Fabric CA server can be bootstrapped with the # affiliations specified in this section. Affiliations are specified as maps. # For example: # businessunit1: # department1: # - team1 # businessunit2: # - department2 # - department3 # # Affiliations are hierarchical in nature. In the above example, # department1 (used as businessunit1.department1) is the child of businessunit1. # team1 (used as businessunit1.department1.team1) is the child of department1. # department2 (used as businessunit2.department2) and department3 (businessunit2.department3) # are children of businessunit2. # Note: Affiliations are case sensitive except for the non-leaf affiliations # (like businessunit1, department1, businessunit2) that are specified in the configuration file, # which are always stored in lower case. ############################################################################# affiliations: org1: - department1 - department2 org2: - department1 ############################################################################# # Signing section # # The "default" subsection is used to sign enrollment certificates; # the default expiration ("expiry" field) is "8760h", which is 1 year in hours. # # The "ca" profile subsection is used to sign intermediate CA certificates; # the default expiration ("expiry" field) is "43800h" which is 5 years in hours. # Note that "isca" is true, meaning that it issues a CA certificate. # A maxpathlen of 0 means that the intermediate CA cannot issue other # intermediate CA certificates, though it can still issue end entity certificates. # (See RFC 5280, section 4.2.1.9) # # The "tls" profile subsection is used to sign TLS certificate requests; # the default expiration ("expiry" field) is "8760h", which is 1 year in hours. ############################################################################# signing: default: usage: - digital signature expiry: 8760h profiles: ca: usage: - cert sign - crl sign expiry: 43800h caconstraint: isca: true maxpathlen: 0 tls: usage: - signing - key encipherment - server auth - client auth - key agreement expiry: 8760h ########################################################################### # Certificate Signing Request (CSR) section. # This controls the creation of the root CA certificate. # The expiration for the root CA certificate is configured with the # "ca.expiry" field below, whose default value is "131400h" which is # 15 years in hours. # The pathlength field is used to limit CA certificate hierarchy as described # in section 4.2.1.9 of RFC 5280. # Examples: # 1) No pathlength value means no limit is requested. # 2) pathlength == 1 means a limit of 1 is requested which is the default for # a root CA. This means the root CA can issue intermediate CA certificates, # but these intermediate CAs may not in turn issue other CA certificates # though they can still issue end entity certificates. # 3) pathlength == 0 means a limit of 0 is requested; # this is the default for an intermediate CA, which means it can not issue # CA certificates though it can still issue end entity certificates. ########################################################################### csr: cn: ca.org1.example.com names: - C: US ST: "North Carolina" L: "Durham" O: org1.example.com OU: hosts: - 192.168.3.128 ca: expiry: 131400h pathlength: 1 ############################################################################# # BCCSP (BlockChain Crypto Service Provider) section is used to select which # crypto library implementation to use ############################################################################# bccsp: default: SW sw: hash: SHA2 security: 256 filekeystore: # The directory used for the software file-based keystore keystore: msp/keystore ############################################################################# # Multi CA section # # Each Fabric CA server contains one CA by default. This section is used # to configure multiple CAs in a single server. # # 1) --cacount # Automatically generate non-default CAs. The names of these # additional CAs are "ca1", "ca2", ... "caN", where "N" is # This is particularly useful in a development environment to quickly set up # multiple CAs. Note that, this config option is not applicable to intermediate CA server # i.e., Fabric CA server that is started with intermediate.parentserver.url config # option (-u command line option) # # 2) --cafiles # For each CA config file in the list, generate a separate signing CA. Each CA # config file in this list MAY contain all of the same elements as are found in # the server config file except port, debug, and tls sections. # # Examples: # fabric-ca-server start -b admin:adminpw --cacount 2 # # fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml # --cafiles ca/ca2/fabric-ca-server-config.yaml # ############################################################################# cacount: cafiles: ############################################################################# # Intermediate CA section # # The relationship between servers and CAs is as follows: # 1) A single server process may contain or function as one or more CAs. # This is configured by the "Multi CA section" above. # 2) Each CA is either a root CA or an intermediate CA. # 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA. # # This section pertains to configuration of #2 and #3. # If the "intermediate.parentserver.url" property is set, # then this is an intermediate CA with the specified parent # CA. # # parentserver section # url - The URL of the parent server # caname - Name of the CA to enroll within the server # # enrollment section used to enroll intermediate CA with parent CA # profile - Name of the signing profile to use in issuing the certificate # label - Label to use in HSM operations # # tls section for secure socket connection # certfiles - PEM-encoded list of trusted root certificate files # client: # certfile - PEM-encoded certificate file for when client authentication # is enabled on server # keyfile - PEM-encoded key file for when client authentication # is enabled on server ############################################################################# intermediate: parentserver: url: caname: enrollment: hosts: profile: label: tls: certfiles: client: certfile: keyfile: - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
2.2、初始化fabric-ca-server
初始化fabric-ca-server:
fabric-ca-server init -b admin:adminpw- 1
日志:
2023/11/01 11:04:09 [INFO] Configuration file location: /home/songzehao/fabric/fabric-ca-server-config.yaml 2023/11/01 11:04:09 [WARNING] Unknown provider type: ; metrics disabled 2023/11/01 11:04:09 [INFO] Server Version: 1.4.7 2023/11/01 11:04:09 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1} 2023-11-01 11:04:09.262 CST [bccsp_sw] createKeyStoreIfNotExists -> DEBU 001 KeyStore path [/home/songzehao/fabric/msp/keystore] missing [true]: [] 2023-11-01 11:04:09.262 CST [bccsp_sw] createKeyStore -> DEBU 002 Creating KeyStore at [/home/songzehao/fabric/msp/keystore]... 2023-11-01 11:04:09.262 CST [bccsp_sw] createKeyStore -> DEBU 003 KeyStore created at [/home/songzehao/fabric/msp/keystore]. 2023-11-01 11:04:09.262 CST [bccsp_sw] openKeyStore -> DEBU 004 KeyStore opened at [/home/songzehao/fabric/msp/keystore]...done 2023/11/01 11:04:09 [WARNING] &{69 The specified CA certificate file /home/songzehao/fabric/ca-cert.pem does not exist} 2023/11/01 11:04:09 [INFO] generating key: &{A:ecdsa S:256} 2023/11/01 11:04:09 [INFO] encoded CSR 2023/11/01 11:04:09 [INFO] signed certificate with serial number 515509048791859448169569932922715069374585931842 2023/11/01 11:04:09 [INFO] The CA key and certificate were generated for CA ca-org1 2023/11/01 11:04:09 [INFO] The key was stored by BCCSP provider 'SW' 2023/11/01 11:04:09 [INFO] The certificate is at: /home/songzehao/fabric/ca-cert.pem 2023/11/01 11:04:09 [INFO] Initialized sqlite3 database at /home/songzehao/fabric/fabric-ca-server.db 2023-11-01 11:04:09.357 CST [bccsp_sw] loadPrivateKey -> DEBU 005 Loading private key [6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf] at [/home/songzehao/fabric/msp/keystore/6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf_sk]... 2023-11-01 11:04:09.357 CST [bccsp_sw] loadPrivateKey -> DEBU 006 Loading private key [6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf] at [/home/songzehao/fabric/msp/keystore/6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf_sk]... 2023/11/01 11:04:09 [INFO] The issuer key was successfully stored. The public key is at: /home/songzehao/fabric/IssuerPublicKey, secret key is at: /home/songzehao/fabric/msp/keystore/IssuerSecretKey 2023/11/01 11:04:09 [INFO] Idemix issuer revocation public and secret keys were generated for CA 'ca-org1' 2023/11/01 11:04:09 [INFO] The revocation key was successfully stored. The public key is at: /home/songzehao/fabric/IssuerRevocationPublicKey, private key is at: /home/songzehao/fabric/msp/keystore/IssuerRevocationPrivateKey 2023/11/01 11:04:09 [INFO] Home directory for default CA: /home/songzehao/fabric 2023/11/01 11:04:09 [INFO] Initialization was successful - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
得到:
/home/songzehao/fabric ├── bin │ ├── configtxgen │ ├── configtxlator │ ├── cryptogen │ ├── discover │ ├── fabric-ca-client │ ├── fabric-ca-server │ ├── idemixgen │ ├── orderer │ └── peer ├── ca-cert.pem ├── config │ ├── configtx.yaml │ ├── core.yaml │ └── orderer.yaml ├── fabric-ca-server-config.yaml ├── fabric-ca-server.db ├── IssuerPublicKey ├── IssuerRevocationPublicKey ├── msp │ └── keystore │ ├── 6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf_sk │ ├── IssuerRevocationPrivateKey │ └── IssuerSecretKey └── organizations ├── ordererOrganizations │ └── org1.example.com │ ├── msp │ └── orderers │ └── orderer0.org1.example.com └── peerOrganizations └── org1.example.com ├── msp └── peers └── peer0.org1.example.com 15 directories, 20 files- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
2.3、启动fabric-ca-server
启动fabric-ca-server:
fabric-ca-server start -b admin:adminpw- 1
日志:
2023/11/01 11:04:55 [INFO] Configuration file location: /home/songzehao/fabric/fabric-ca-server-config.yaml 2023/11/01 11:04:55 [INFO] Starting server in home directory: /home/songzehao/fabric 2023/11/01 11:04:55 [WARNING] Unknown provider type: ; metrics disabled 2023/11/01 11:04:55 [INFO] Server Version: 1.4.7 2023/11/01 11:04:55 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1} 2023-11-01 11:04:55.274 CST [bccsp_sw] openKeyStore -> DEBU 001 KeyStore opened at [/home/songzehao/fabric/msp/keystore]...done 2023-11-01 11:04:55.275 CST [bccsp_sw] loadPrivateKey -> DEBU 002 Loading private key [6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf] at [/home/songzehao/fabric/msp/keystore/6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf_sk]... 2023/11/01 11:04:55 [INFO] The CA key and certificate already exist 2023/11/01 11:04:55 [INFO] The key is stored by BCCSP provider 'SW' 2023/11/01 11:04:55 [INFO] The certificate is at: /home/songzehao/fabric/ca-cert.pem 2023/11/01 11:04:55 [INFO] Initialized sqlite3 database at /home/songzehao/fabric/fabric-ca-server.db 2023-11-01 11:04:55.285 CST [bccsp_sw] loadPrivateKey -> DEBU 003 Loading private key [6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf] at [/home/songzehao/fabric/msp/keystore/6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf_sk]... 2023-11-01 11:04:55.285 CST [bccsp_sw] loadPrivateKey -> DEBU 004 Loading private key [6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf] at [/home/songzehao/fabric/msp/keystore/6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf_sk]... 2023/11/01 11:04:55 [INFO] The Idemix issuer public and secret key files already exist 2023/11/01 11:04:55 [INFO] secret key file location: /home/songzehao/fabric/msp/keystore/IssuerSecretKey 2023/11/01 11:04:55 [INFO] public key file location: /home/songzehao/fabric/IssuerPublicKey 2023/11/01 11:04:55 [INFO] The Idemix issuer revocation public and secret key files already exist 2023/11/01 11:04:55 [INFO] private key file location: /home/songzehao/fabric/msp/keystore/IssuerRevocationPrivateKey 2023/11/01 11:04:55 [INFO] public key file location: /home/songzehao/fabric/IssuerRevocationPublicKey 2023/11/01 11:04:55 [INFO] Home directory for default CA: /home/songzehao/fabric 2023/11/01 11:04:55 [INFO] Operation Server Listening on [::]:42729 2023-11-01 11:04:55.308 CST [bccsp_sw] openKeyStore -> DEBU 005 KeyStore opened at [/home/songzehao/fabric/msp/keystore]...done 2023/11/01 11:04:55 [INFO] generating key: &{A:ecdsa S:256} 2023/11/01 11:04:55 [INFO] encoded CSR 2023/11/01 11:04:55 [INFO] signed certificate with serial number 192879327564294815064593336931614473727786194412 2023-11-01 11:04:55.312 CST [bccsp_sw] loadPrivateKey -> DEBU 006 Loading private key [db9281216de1b9a66750dc0cfd6fc6b84a55dd41fde705d15137203f0f7d851b] at [/home/songzehao/fabric/msp/keystore/db9281216de1b9a66750dc0cfd6fc6b84a55dd41fde705d15137203f0f7d851b_sk]... 2023/11/01 11:04:55 [INFO] Listening on https://0.0.0.0:7054- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
得到:
/home/songzehao/fabric ├── bin │ ├── configtxgen │ ├── configtxlator │ ├── cryptogen │ ├── discover │ ├── fabric-ca-client │ ├── fabric-ca-server │ ├── idemixgen │ ├── orderer │ └── peer ├── ca-cert.pem ├── config │ ├── configtx.yaml │ ├── core.yaml │ └── orderer.yaml ├── fabric-ca-server-config.yaml ├── fabric-ca-server.db ├── IssuerPublicKey ├── IssuerRevocationPublicKey ├── msp │ ├── cacerts │ ├── keystore │ │ ├── 6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf_sk │ │ ├── db9281216de1b9a66750dc0cfd6fc6b84a55dd41fde705d15137203f0f7d851b_sk │ │ ├── IssuerRevocationPrivateKey │ │ └── IssuerSecretKey │ ├── signcerts │ └── user ├── organizations │ ├── ordererOrganizations │ │ └── org1.example.com │ │ ├── msp │ │ └── orderers │ │ └── orderer0.org1.example.com │ └── peerOrganizations │ └── org1.example.com │ ├── msp │ └── peers │ └── peer0.org1.example.com └── tls-cert.pem 18 directories, 22 files- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
登记ca的admin用户:
fabric-ca-client enroll -u https://admin:adminpw@192.168.3.128:7054 --caname ca-org1 --tls.certfiles ~/fabric/ca-cert.pem- 1
日志:
2023/11/01 11:05:50 [INFO] Created a default configuration file at /home/songzehao/fabric/fabric-ca-client/fabric-ca-client-config.yaml 2023/11/01 11:05:50 [INFO] TLS Enabled 2023/11/01 11:05:50 [INFO] generating key: &{A:ecdsa S:256} 2023/11/01 11:05:50 [INFO] encoded CSR 2023/11/01 11:05:50 [INFO] Stored client certificate at /home/songzehao/fabric/fabric-ca-client/msp/signcerts/cert.pem 2023/11/01 11:05:50 [INFO] Stored root CA certificate at /home/songzehao/fabric/fabric-ca-client/msp/cacerts/192-168-3-128-7054-ca-org1.pem 2023/11/01 11:05:50 [INFO] Stored Issuer public key at /home/songzehao/fabric/fabric-ca-client/msp/IssuerPublicKey 2023/11/01 11:05:50 [INFO] Stored Issuer revocation public key at /home/songzehao/fabric/fabric-ca-client/msp/IssuerRevocationPublicKey- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
如果没配置
FABRIC_CA_CLIENT_HOME环境变量,则默认生成密钥到 ~/.fabric-ca-client 目录,上面设置了 ~/fabric/fabric-ca-client:/home/songzehao/fabric/fabric-ca-client ├── fabric-ca-client-config.yaml └── msp ├── cacerts │ └── 192-168-3-128-7054-ca-org1.pem ├── IssuerPublicKey ├── IssuerRevocationPublicKey ├── keystore │ └── 87b4e348c0bf8d0bfd83999bfec3ce6ad8f0026f9d488668ce9b31c774647f93_sk ├── signcerts │ └── cert.pem └── user 5 directories, 6 files- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
三、准备peer0
3.1、生成peer组织org1的msp配置
手动生成peerOrganizations下组织org1的msp配置文件:
echo 'NodeOUs: Enable: true ClientOUIdentifier: Certificate: cacerts/192-168-3-128-7054-ca-org1.pem OrganizationalUnitIdentifier: client PeerOUIdentifier: Certificate: cacerts/192-168-3-128-7054-ca-org1.pem OrganizationalUnitIdentifier: peer AdminOUIdentifier: Certificate: cacerts/192-168-3-128-7054-ca-org1.pem OrganizationalUnitIdentifier: admin OrdererOUIdentifier: Certificate: cacerts/192-168-3-128-7054-ca-org1.pem OrganizationalUnitIdentifier: orderer' > /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
并拷贝org1的ca证书到org1的/msp/tlscacerts、/tlsca和/ca目录:
mkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/tlscacerts cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt mkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/tlsca cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem mkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ca cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
3.2、注册peer0
注册org1下面的节点身份peer0:
fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles /home/songzehao/fabric/ca-cert.pem- 1
日志:
2023/11/01 11:11:52 [INFO] Configuration file location: /home/songzehao/fabric/fabric-ca-client/fabric-ca-client-config.yaml 2023/11/01 11:11:52 [INFO] TLS Enabled 2023/11/01 11:11:52 [INFO] TLS Enabled Password: peer0pw- 1
- 2
- 3
- 4
3.3、注册peer组织org1的user
注册org1下面的用户身份user1:
fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles /home/songzehao/fabric/ca-cert.pem- 1
日志:
2023/11/01 11:12:18 [INFO] Configuration file location: /home/songzehao/fabric/fabric-ca-client/fabric-ca-client-config.yaml 2023/11/01 11:12:18 [INFO] TLS Enabled 2023/11/01 11:12:18 [INFO] TLS Enabled Password: user1pw- 1
- 2
- 3
- 4
3.4、注册peer组织org1的admin
注册peer组织org1下面的管理员用户身份org1admin:
fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles /home/songzehao/fabric/ca-cert.pem- 1
日志:
2023/11/01 11:12:28 [INFO] Configuration file location: /home/songzehao/fabric/fabric-ca-client/fabric-ca-client-config.yaml 2023/11/01 11:12:28 [INFO] TLS Enabled 2023/11/01 11:12:28 [INFO] TLS Enabled Password: org1adminpw- 1
- 2
- 3
- 4
3.5、登记peer0
登记生成peer0的msp目录:
fabric-ca-client enroll -u https://peer0:peer0pw@192.168.3.128:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem- 1
并拷贝该组织的msp配置文件到peer0节点目录下:
cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml- 1
日志:
2023/11/01 11:12:38 [INFO] TLS Enabled 2023/11/01 11:12:38 [INFO] generating key: &{A:ecdsa S:256} 2023/11/01 11:12:38 [INFO] encoded CSR 2023/11/01 11:12:38 [INFO] Stored client certificate at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/signcerts/cert.pem 2023/11/01 11:12:38 [INFO] Stored root CA certificate at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts/192-168-3-128-7054-ca-org1.pem 2023/11/01 11:12:38 [INFO] Stored Issuer public key at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/IssuerPublicKey 2023/11/01 11:12:38 [INFO] Stored Issuer revocation public key at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/IssuerRevocationPublicKey- 1
- 2
- 3
- 4
- 5
- 6
- 7
3.6、登记peer0的tls
登记生成peer0的tls证书:
fabric-ca-client enroll -u https://peer0:peer0pw@192.168.3.128:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls --enrollment.profile tls --csr.hosts 192.168.3.128 --tls.certfiles /home/songzehao/fabric/ca-cert.pem- 1
日志:
2023/11/01 11:12:58 [INFO] TLS Enabled 2023/11/01 11:12:58 [INFO] generating key: &{A:ecdsa S:256} 2023/11/01 11:12:59 [INFO] encoded CSR 2023/11/01 11:12:59 [INFO] Stored client certificate at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/cert.pem 2023/11/01 11:12:59 [INFO] Stored TLS root CA certificate at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/tls-192-168-3-128-7054-ca-org1.pem 2023/11/01 11:12:59 [INFO] Stored Issuer public key at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/IssuerPublicKey 2023/11/01 11:12:59 [INFO] Stored Issuer revocation public key at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/IssuerRevocationPublicKey- 1
- 2
- 3
- 4
- 5
- 6
- 7
3.7、登记peer组织org1的user
登记生成peer组织org1下user1的msp目录:
cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key fabric-ca-client enroll -u https://user1:user1pw@192.168.3.128:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/config.yaml- 1
- 2
- 3
- 4
- 5
- 6
- 7
日志:
2023/11/01 11:13:44 [INFO] TLS Enabled 2023/11/01 11:13:44 [INFO] generating key: &{A:ecdsa S:256} 2023/11/01 11:13:44 [INFO] encoded CSR 2023/11/01 11:13:44 [INFO] Stored client certificate at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/signcerts/cert.pem 2023/11/01 11:13:44 [INFO] Stored root CA certificate at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/cacerts/192-168-3-128-7054-ca-org1.pem 2023/11/01 11:13:44 [INFO] Stored Issuer public key at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/IssuerPublicKey 2023/11/01 11:13:44 [INFO] Stored Issuer revocation public key at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/IssuerRevocationPublicKey- 1
- 2
- 3
- 4
- 5
- 6
- 7
3.8、登记peer组织org1的admin
登记生成peer组织org1下的org1admin的msp目录:
fabric-ca-client enroll -u https://org1admin:org1adminpw@192.168.3.128:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem mv /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/priv_sk cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml- 1
- 2
- 3
- 4
日志:
2023/11/01 11:14:05 [INFO] TLS Enabled 2023/11/01 11:14:05 [INFO] generating key: &{A:ecdsa S:256} 2023/11/01 11:14:05 [INFO] encoded CSR 2023/11/01 11:14:05 [INFO] Stored client certificate at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/cert.pem 2023/11/01 11:14:05 [INFO] Stored root CA certificate at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/cacerts/192-168-3-128-7054-ca-org1.pem 2023/11/01 11:14:05 [INFO] Stored Issuer public key at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/IssuerPublicKey 2023/11/01 11:14:05 [INFO] Stored Issuer revocation public key at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/IssuerRevocationPublicKey- 1
- 2
- 3
- 4
- 5
- 6
- 7
四、准备orderer0
4.1、生成orderer组织org1的msp配置
手动生成ordererOrganizations下组织org1的msp配置文件:
echo 'NodeOUs: Enable: true ClientOUIdentifier: Certificate: cacerts/192-168-3-128-7054-ca-org1.pem OrganizationalUnitIdentifier: client PeerOUIdentifier: Certificate: cacerts/192-168-3-128-7054-ca-org1.pem OrganizationalUnitIdentifier: peer AdminOUIdentifier: Certificate: cacerts/192-168-3-128-7054-ca-org1.pem OrganizationalUnitIdentifier: admin OrdererOUIdentifier: Certificate: cacerts/192-168-3-128-7054-ca-org1.pem OrganizationalUnitIdentifier: orderer' > /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yaml- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
继续在ordererOrganizations/org1.example.com/msp目录下,创建tlscacerts子目录:
mkdir -p /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/tlscacerts- 1
拷贝组织的ca证书到tlscacerts子目录:
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem- 1
创建~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca目录:
mkdir ~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca- 1
拷贝组织的ca证书到tlsca子目录:
cp /home/songzehao/fabric/ca-cert.pem ~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem- 1
4.2、注册orderer0
注册排序节点orderer0到ca:
fabric-ca-client register --caname ca-org1 --id.name orderer0 --id.secret orderer0pw --id.type orderer --tls.certfiles /home/songzehao/fabric/ca-cert.pem- 1
日志:
2023/11/01 11:14:47 [INFO] Configuration file location: /home/songzehao/fabric/fabric-ca-client/fabric-ca-client-config.yaml 2023/11/01 11:14:47 [INFO] TLS Enabled 2023/11/01 11:14:47 [INFO] TLS Enabled Password: orderer0pw- 1
- 2
- 3
- 4
4.3、注册orderer组织org1的admin
注册orderer组织org1的管理员ordererOrg1Admin到ca:
fabric-ca-client register --caname ca-org1 --id.name ordererOrg1Admin --id.secret ordererOrg1Adminpw --id.type admin --tls.certfiles /home/songzehao/fabric/ca-cert.pem- 1
日志:
2023/11/01 11:14:58 [INFO] Configuration file location: /home/songzehao/fabric/fabric-ca-client/fabric-ca-client-config.yaml 2023/11/01 11:14:58 [INFO] TLS Enabled 2023/11/01 11:14:58 [INFO] TLS Enabled Password: ordererOrg1Adminpw- 1
- 2
- 3
- 4
4.4、登记orderer0
登记生成排序节点orderer0的msp目录:
fabric-ca-client enroll -u https://orderer0:orderer0pw@192.168.3.128:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem- 1
日志:
2023/11/01 11:15:06 [INFO] TLS Enabled 2023/11/01 11:15:06 [INFO] generating key: &{A:ecdsa S:256} 2023/11/01 11:15:06 [INFO] encoded CSR 2023/11/01 11:15:07 [INFO] Stored client certificate at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/signcerts/cert.pem 2023/11/01 11:15:07 [INFO] Stored root CA certificate at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/cacerts/192-168-3-128-7054-ca-org1.pem 2023/11/01 11:15:07 [INFO] Stored Issuer public key at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/IssuerPublicKey 2023/11/01 11:15:07 [INFO] Stored Issuer revocation public key at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/IssuerRevocationPublicKey- 1
- 2
- 3
- 4
- 5
- 6
- 7
查看orderer0节点的msp目录:
/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/ ├── cacerts │ └── 192-168-3-128-7054-ca-org1.pem ├── IssuerPublicKey ├── IssuerRevocationPublicKey ├── keystore │ └── 9945284853ad9e407ed64a55ca23ce50a6867a8cf4fa70307ced639dbf6a3f48_sk ├── signcerts │ └── cert.pem └── user 4 directories, 5 files- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
并拷贝msp配置文件到orderer0节点目录下:
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/config.yaml- 1
4.6、登记orderer0的tls
登记生成排序节点orderer0的tls证书:
fabric-ca-client enroll -u https://orderer0:orderer0pw@192.168.3.128:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls --enrollment.profile tls --csr.hosts 192.168.3.128 --tls.certfiles /home/songzehao/fabric/ca-cert.pem- 1
日志:
2023/11/01 11:15:34 [INFO] TLS Enabled 2023/11/01 11:15:34 [INFO] generating key: &{A:ecdsa S:256} 2023/11/01 11:15:34 [INFO] encoded CSR 2023/11/01 11:15:34 [INFO] Stored client certificate at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/signcerts/cert.pem 2023/11/01 11:15:34 [INFO] Stored TLS root CA certificate at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/tlscacerts/tls-192-168-3-128-7054-ca-org1.pem 2023/11/01 11:15:34 [INFO] Stored Issuer public key at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/IssuerPublicKey 2023/11/01 11:15:34 [INFO] Stored Issuer revocation public key at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/IssuerRevocationPublicKey- 1
- 2
- 3
- 4
- 5
- 6
- 7
查看生成的tls证书目录:
/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/ ├── cacerts ├── IssuerPublicKey ├── IssuerRevocationPublicKey ├── keystore │ └── df3281616957b26543f3c90274f49cef89bc1d054f21043fe7a7ad3d703ad970_sk ├── signcerts │ └── cert.pem ├── tlscacerts │ └── tls-192-168-3-128-7054-ca-org1.pem └── user 5 directories, 5 files- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
拷贝到tls目录下,并重命名为更好看的文件名:
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/ca.crt cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/signcerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/keystore/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.key- 1
- 2
- 3
重新查看生成的tls证书目录:
/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/ ├── cacerts ├── ca.crt ├── IssuerPublicKey ├── IssuerRevocationPublicKey ├── keystore │ └── df3281616957b26543f3c90274f49cef89bc1d054f21043fe7a7ad3d703ad970_sk ├── server.crt ├── server.key ├── signcerts │ └── cert.pem ├── tlscacerts │ └── tls-192-168-3-128-7054-ca-org1.pem └── user 5 directories, 8 files- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
拷贝该tlsca证书到orderer0节点目录下msp/tlscacerts目录:
mkdir -p /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem- 1
- 2
4.7、登记orderer组织org1的admin
登记生成该组织管理员ordererOrg1Admin的msp:
fabric-ca-client enroll -u https://ordererOrg1Admin:ordererOrg1Adminpw@192.168.3.128:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem mv /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp/keystore/priv_sk- 1
- 2
- 3
日志:
2023/11/01 11:16:29 [INFO] TLS Enabled 2023/11/01 11:16:29 [INFO] generating key: &{A:ecdsa S:256} 2023/11/01 11:16:29 [INFO] encoded CSR 2023/11/01 11:16:29 [INFO] Stored client certificate at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp/signcerts/cert.pem 2023/11/01 11:16:29 [INFO] Stored root CA certificate at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp/cacerts/192-168-3-128-7054-ca-org1.pem 2023/11/01 11:16:29 [INFO] Stored Issuer public key at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp/IssuerPublicKey 2023/11/01 11:16:29 [INFO] Stored Issuer revocation public key at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp/IssuerRevocationPublicKey- 1
- 2
- 3
- 4
- 5
- 6
- 7
拷贝msp配置文件到管理员的msp目录下:
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml- 1
最终的链目录:
/home/songzehao/fabric ├── bin │ ├── configtxgen │ ├── configtxlator │ ├── cryptogen │ ├── discover │ ├── fabric-ca-client │ ├── fabric-ca-server │ ├── idemixgen │ ├── orderer │ └── peer ├── ca-cert.pem ├── config │ ├── configtx.yaml │ ├── core.yaml │ └── orderer.yaml ├── fabric-ca-client │ ├── fabric-ca-client-config.yaml │ └── msp │ ├── cacerts │ │ └── 192-168-3-128-7054-ca-org1.pem │ ├── IssuerPublicKey │ ├── IssuerRevocationPublicKey │ ├── keystore │ │ └── 87b4e348c0bf8d0bfd83999bfec3ce6ad8f0026f9d488668ce9b31c774647f93_sk │ ├── signcerts │ │ └── cert.pem │ └── user ├── fabric-ca-server-config.yaml ├── fabric-ca-server.db ├── IssuerPublicKey ├── IssuerRevocationPublicKey ├── msp │ ├── cacerts │ ├── keystore │ │ ├── 6fbaa8bc899a9d9c17eca6c82521839794cb31d25f5b3ed652ab8cd20c7118bf_sk │ │ ├── db9281216de1b9a66750dc0cfd6fc6b84a55dd41fde705d15137203f0f7d851b_sk │ │ ├── IssuerRevocationPrivateKey │ │ └── IssuerSecretKey │ ├── signcerts │ └── user ├── organizations │ ├── ordererOrganizations │ │ └── org1.example.com │ │ ├── msp │ │ │ ├── config.yaml │ │ │ └── tlscacerts │ │ │ └── tlsca.org1.example.com-cert.pem │ │ ├── orderers │ │ │ └── orderer0.org1.example.com │ │ │ ├── msp │ │ │ │ ├── cacerts │ │ │ │ │ └── 192-168-3-128-7054-ca-org1.pem │ │ │ │ ├── config.yaml │ │ │ │ ├── IssuerPublicKey │ │ │ │ ├── IssuerRevocationPublicKey │ │ │ │ ├── keystore │ │ │ │ │ └── 9945284853ad9e407ed64a55ca23ce50a6867a8cf4fa70307ced639dbf6a3f48_sk │ │ │ │ ├── signcerts │ │ │ │ │ └── cert.pem │ │ │ │ ├── tlscacerts │ │ │ │ │ └── tlsca.org1.example.com-cert.pem │ │ │ │ └── user │ │ │ └── tls │ │ │ ├── cacerts │ │ │ ├── ca.crt │ │ │ ├── IssuerPublicKey │ │ │ ├── IssuerRevocationPublicKey │ │ │ ├── keystore │ │ │ │ └── df3281616957b26543f3c90274f49cef89bc1d054f21043fe7a7ad3d703ad970_sk │ │ │ ├── server.crt │ │ │ ├── server.key │ │ │ ├── signcerts │ │ │ │ └── cert.pem │ │ │ ├── tlscacerts │ │ │ │ └── tls-192-168-3-128-7054-ca-org1.pem │ │ │ └── user │ │ ├── tlsca │ │ │ └── tlsca.org1.example.com-cert.pem │ │ └── users │ │ └── Admin@org1.example.com │ │ └── msp │ │ ├── cacerts │ │ │ └── 192-168-3-128-7054-ca-org1.pem │ │ ├── config.yaml │ │ ├── IssuerPublicKey │ │ ├── IssuerRevocationPublicKey │ │ ├── keystore │ │ │ └── priv_sk │ │ ├── signcerts │ │ │ └── cert.pem │ │ └── user │ └── peerOrganizations │ └── org1.example.com │ ├── ca │ │ └── ca.org1.example.com-cert.pem │ ├── msp │ │ ├── config.yaml │ │ └── tlscacerts │ │ └── ca.crt │ ├── peers │ │ └── peer0.org1.example.com │ │ ├── msp │ │ │ ├── cacerts │ │ │ │ └── 192-168-3-128-7054-ca-org1.pem │ │ │ ├── config.yaml │ │ │ ├── IssuerPublicKey │ │ │ ├── IssuerRevocationPublicKey │ │ │ ├── keystore │ │ │ │ └── 30de30badf40da9a3de007efd469e09316cc1f0c6600baaafe02670639767056_sk │ │ │ ├── signcerts │ │ │ │ └── cert.pem │ │ │ └── user │ │ └── tls │ │ ├── cacerts │ │ ├── ca.crt │ │ ├── IssuerPublicKey │ │ ├── IssuerRevocationPublicKey │ │ ├── keystore │ │ │ └── 697abecd06596b56c5faa1efa535acabad1f450a9895ed958bffc1bc75aa5e15_sk │ │ ├── server.crt │ │ ├── server.key │ │ ├── signcerts │ │ │ └── cert.pem │ │ ├── tlscacerts │ │ │ └── tls-192-168-3-128-7054-ca-org1.pem │ │ └── user │ ├── tlsca │ │ └── tlsca.org1.example.com-cert.pem │ └── users │ ├── Admin@org1.example.com │ │ └── msp │ │ ├── cacerts │ │ │ └── 192-168-3-128-7054-ca-org1.pem │ │ ├── config.yaml │ │ ├── IssuerPublicKey │ │ ├── IssuerRevocationPublicKey │ │ ├── keystore │ │ │ └── priv_sk │ │ ├── signcerts │ │ │ └── cert.pem │ │ └── user │ └── User1@org1.example.com │ └── msp │ ├── cacerts │ │ └── 192-168-3-128-7054-ca-org1.pem │ ├── config.yaml │ ├── IssuerPublicKey │ ├── IssuerRevocationPublicKey │ ├── keystore │ │ └── b17c1696e4e0d3fbd316cb80c333f365bb15bb43d830bf40ac468e1456c68d87_sk │ ├── signcerts │ │ └── cert.pem │ └── user └── tls-cert.pem 72 directories, 82 files- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
五、启动peer0
更改core.yaml文件。最终的
core.yaml:# Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # ############################################################################### # # Peer section # ############################################################################### peer: # The peer id provides a name for this peer instance and is used when # naming docker resources. id: peer0.org1.example.com # The networkId allows for logical separation of networks and is used when # naming docker resources. networkId: dev # The Address at local network interface this Peer will listen on. # By default, it will listen on all network interfaces listenAddress: 0.0.0.0:7051 # The endpoint this peer uses to listen for inbound chaincode connections. # If this is commented-out, the listen address is selected to be # the peer's address (see below) with port 7052 # chaincodeListenAddress: 0.0.0.0:7052 # The endpoint the chaincode for this peer uses to connect to the peer. # If this is not specified, the chaincodeListenAddress address is selected. # And if chaincodeListenAddress is not specified, address is selected from # peer address (see below). If specified peer address is invalid then it # will fallback to the auto detected IP (local IP) regardless of the peer # addressAutoDetect value. # chaincodeAddress: 0.0.0.0:7052 # When used as peer config, this represents the endpoint to other peers # in the same organization. For peers in other organization, see # gossip.externalEndpoint for more info. # When used as CLI config, this means the peer's endpoint to interact with address: 0.0.0.0:7051 # Whether the Peer should programmatically determine its address # This case is useful for docker containers. # When set to true, will override peer address. addressAutoDetect: false # Keepalive settings for peer server and clients keepalive: # Interval is the duration after which if the server does not see # any activity from the client it pings the client to see if it's alive interval: 7200s # Timeout is the duration the server waits for a response # from the client after sending a ping before closing the connection timeout: 20s # MinInterval is the minimum permitted time between client pings. # If clients send pings more frequently, the peer server will # disconnect them minInterval: 60s # Client keepalive settings for communicating with other peer nodes client: # Interval is the time between pings to peer nodes. This must # greater than or equal to the minInterval specified by peer # nodes interval: 60s # Timeout is the duration the client waits for a response from # peer nodes before closing the connection timeout: 20s # DeliveryClient keepalive settings for communication with ordering # nodes. deliveryClient: # Interval is the time between pings to ordering nodes. This must # greater than or equal to the minInterval specified by ordering # nodes. interval: 60s # Timeout is the duration the client waits for a response from # ordering nodes before closing the connection timeout: 20s # Gossip related configuration gossip: # Bootstrap set to initialize gossip with. # This is a list of other peers that this peer reaches out to at startup. # Important: The endpoints here have to be endpoints of peers in the same # organization, because the peer would refuse connecting to these endpoints # unless they are in the same organization as the peer. bootstrap: 192.168.3.128:7051 # NOTE: orgLeader and useLeaderElection parameters are mutual exclusive. # Setting both to true would result in the termination of the peer # since this is undefined state. If the peers are configured with # useLeaderElection=false, make sure there is at least 1 peer in the # organization that its orgLeader is set to true. # Defines whenever peer will initialize dynamic algorithm for # "leader" selection, where leader is the peer to establish # connection with ordering service and use delivery protocol # to pull ledger blocks from ordering service. useLeaderElection: false # Statically defines peer to be an organization "leader", # where this means that current peer will maintain connection # with ordering service and disseminate block across peers in # its own organization. Multiple peers or all peers in an organization # may be configured as org leaders, so that they all pull # blocks directly from ordering service. orgLeader: true # Interval for membershipTracker polling membershipTrackerInterval: 5s # Overrides the endpoint that the peer publishes to peers # in its organization. For peers in foreign organizations # see 'externalEndpoint' endpoint: # Maximum count of blocks stored in memory maxBlockCountToStore: 10 # Max time between consecutive message pushes(unit: millisecond) maxPropagationBurstLatency: 10ms # Max number of messages stored until a push is triggered to remote peers maxPropagationBurstSize: 10 # Number of times a message is pushed to remote peers propagateIterations: 1 # Number of peers selected to push messages to propagatePeerNum: 3 # Determines frequency of pull phases(unit: second) # Must be greater than digestWaitTime + responseWaitTime pullInterval: 4s # Number of peers to pull from pullPeerNum: 3 # Determines frequency of pulling state info messages from peers(unit: second) requestStateInfoInterval: 4s # Determines frequency of pushing state info messages to peers(unit: second) publishStateInfoInterval: 4s # Maximum time a stateInfo message is kept until expired stateInfoRetentionInterval: # Time from startup certificates are included in Alive messages(unit: second) publishCertPeriod: 10s # Should we skip verifying block messages or not (currently not in use) skipBlockVerification: false # Dial timeout(unit: second) dialTimeout: 3s # Connection timeout(unit: second) connTimeout: 2s # Buffer size of received messages recvBuffSize: 20 # Buffer size of sending messages sendBuffSize: 200 # Time to wait before pull engine processes incoming digests (unit: second) # Should be slightly smaller than requestWaitTime digestWaitTime: 1s # Time to wait before pull engine removes incoming nonce (unit: milliseconds) # Should be slightly bigger than digestWaitTime requestWaitTime: 1500ms # Time to wait before pull engine ends pull (unit: second) responseWaitTime: 2s # Alive check interval(unit: second) aliveTimeInterval: 5s # Alive expiration timeout(unit: second) aliveExpirationTimeout: 25s # Reconnect interval(unit: second) reconnectInterval: 25s # Max number of attempts to connect to a peer maxConnectionAttempts: 120 # Message expiration factor for alive messages msgExpirationFactor: 20 # This is an endpoint that is published to peers outside of the organization. # If this isn't set, the peer will not be known to other organizations. externalEndpoint: 192.168.3.128:7051 # Leader election service configuration election: # Longest time peer waits for stable membership during leader election startup (unit: second) startupGracePeriod: 15s # Interval gossip membership samples to check its stability (unit: second) membershipSampleInterval: 1s # Time passes since last declaration message before peer decides to perform leader election (unit: second) leaderAliveThreshold: 10s # Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second) leaderElectionDuration: 5s pvtData: # pullRetryThreshold determines the maximum duration of time private data corresponding for a given block # would be attempted to be pulled from peers until the block would be committed without the private data pullRetryThreshold: 60s # As private data enters the transient store, it is associated with the peer's ledger's height at that time. # transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit, # and the private data residing inside the transient store that is guaranteed not to be purged. # Private data is purged from the transient store when blocks with sequences that are multiples # of transientstoreMaxBlockRetention are committed. transientstoreMaxBlockRetention: 1000 # pushAckTimeout is the maximum time to wait for an acknowledgement from each peer # at private data push at endorsement time. pushAckTimeout: 3s # Block to live pulling margin, used as a buffer # to prevent peer from trying to pull private data # from peers that is soon to be purged in next N blocks. # This helps a newly joined peer catch up to current # blockchain height quicker. btlPullMargin: 10 # the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to # pull from the other peers the most recent missing blocks with a maximum batch size limitation. # reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a # single iteration. reconcileBatchSize: 10 # reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning # of the next reconciliation iteration. reconcileSleepInterval: 1m # reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not. reconciliationEnabled: true # skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid # transaction's private data from other peers need to be skipped during the commit time and pulled # only through reconciler. skipPullingInvalidTransactionsDuringCommit: false # implicitCollectionDisseminationPolicy specifies the dissemination policy for the peer's own implicit collection. # When a peer endorses a proposal that writes to its own implicit collection, below values override the default values # for disseminating private data. # Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to # be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization. implicitCollectionDisseminationPolicy: # requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully # disseminate private data for its own implicit collection during endorsement. Default value is 0. requiredPeerCount: 0 # maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to # disseminate private data for its own implicit collection during endorsement. Default value is 1. maxPeerCount: 1 # Gossip state transfer related configuration state: # indicates whenever state transfer is enabled or not # default value is true, i.e. state transfer is active # and takes care to sync up missing blocks allowing # lagging peer to catch up to speed with rest network enabled: false # checkInterval interval to check whether peer is lagging behind enough to # request blocks via state transfer from another peer. checkInterval: 10s # responseTimeout amount of time to wait for state transfer response from # other peers responseTimeout: 3s # batchSize the number of blocks to request via state transfer from another peer batchSize: 10 # blockBufferSize reflects the size of the re-ordering buffer # which captures blocks and takes care to deliver them in order # down to the ledger layer. The actual buffer size is bounded between # 0 and 2*blockBufferSize, each channel maintains its own buffer blockBufferSize: 20 # maxRetries maximum number of re-tries to ask # for single state transfer request maxRetries: 3 # TLS Settings tls: # Require server-side TLS enabled: true # Require client certificates / mutual TLS. # Note that clients that are not configured to use a certificate will # fail to connect to the peer. clientAuthRequired: false # X.509 certificate used for TLS server cert: file: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt # Private key used for TLS server (and client if clientAuthEnabled # is set to true key: file: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key # Trusted root certificate chain for tls.cert rootcert: file: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt # Set of root certificate authorities used to verify client certificates clientRootCAs: files: - /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt # Private key used for TLS when making client connections. If # not set, peer.tls.key.file will be used instead clientKey: file: # X.509 certificate used for TLS when making client connections. # If not set, peer.tls.cert.file will be used instead clientCert: file: # Authentication contains configuration parameters related to authenticating # client messages authentication: # the acceptable difference between the current server time and the # client's time as specified in a client request message timewindow: 15m # Path on the file system where peer will store data (eg ledger). This # location must be access control protected to prevent unintended # modification that might corrupt the peer operations. fileSystemPath: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/hyperledger/production # BCCSP (Blockchain crypto provider): Select which crypto implementation or # library to use BCCSP: Default: SW # Settings for the SW crypto provider (i.e. when DEFAULT: SW) SW: # TODO: The default Hash and Security level needs refactoring to be # fully configurable. Changing these defaults requires coordination # SHA2 is hardcoded in several places, not only BCCSP Hash: SHA2 Security: 256 # Location of Key Store FileKeyStore: # If "", defaults to 'mspConfigPath'/keystore KeyStore: # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) PKCS11: # Location of the PKCS11 module library Library: # Token Label Label: # User PIN Pin: Hash: Security: # Path on the file system where peer will find MSP local configurations mspConfigPath: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp # Identifier of the local MSP # ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!---- # Deployers need to change the value of the localMspId string. # In particular, the name of the local MSP ID of a peer needs # to match the name of one of the MSPs in each of the channel # that this peer is a member of. Otherwise this peer's messages # will not be identified as valid by other nodes. localMspId: Org1MSP # CLI common client config options client: # connection timeout connTimeout: 3s # Delivery service related config deliveryclient: # It sets the total time the delivery service may spend in reconnection # attempts until its retry logic gives up and returns an error reconnectTotalTimeThreshold: 3600s # It sets the delivery service <-> ordering service node connection timeout connTimeout: 3s # It sets the delivery service maximal delay between consecutive retries reConnectBackoffThreshold: 3600s # A list of orderer endpoint addresses which should be overridden # when found in channel configurations. addressOverrides: # - from: # to: # caCertsFile: # - from: # to: # caCertsFile: # Type for the local MSP - by default it's of type bccsp localMspType: bccsp # Used with Go profiling tools only in none production environment. In # production, it should be disabled (eg enabled: false) profile: enabled: false listenAddress: 0.0.0.0:6060 # Handlers defines custom handlers that can filter and mutate # objects passing within the peer, such as: # Auth filter - reject or forward proposals from clients # Decorators - append or mutate the chaincode input passed to the chaincode # Endorsers - Custom signing over proposal response payload and its mutation # Valid handler definition contains: # - A name which is a factory method name defined in # core/handlers/library/library.go for statically compiled handlers # - library path to shared object binary for pluggable filters # Auth filters and decorators are chained and executed in the order that # they are defined. For example: # authFilters: # - # name: FilterOne # library: /opt/lib/filter.so # - # name: FilterTwo # decorators: # - # name: DecoratorOne # - # name: DecoratorTwo # library: /opt/lib/decorator.so # Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden. # Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality # as the default ESCC. # If the 'library' property is missing, the name is used as the constructor method in the builtin library similar # to auth filters and decorators. # endorsers: # escc: # name: DefaultESCC # library: /etc/hyperledger/fabric/plugin/escc.so handlers: authFilters: - name: DefaultAuth - name: ExpirationCheck # This filter checks identity x509 certificate expiration decorators: - name: DefaultDecorator endorsers: escc: name: DefaultEndorsement library: validators: vscc: name: DefaultValidation library: # library: /etc/hyperledger/fabric/plugin/escc.so # Number of goroutines that will execute transaction validation in parallel. # By default, the peer chooses the number of CPUs on the machine. Set this # variable to override that choice. # NOTE: overriding this value might negatively influence the performance of # the peer so please change this value only if you know what you're doing validatorPoolSize: # The discovery service is used by clients to query information about peers, # such as - which peers have joined a certain channel, what is the latest # channel config, and most importantly - given a chaincode and a channel, # what possible sets of peers satisfy the endorsement policy. discovery: enabled: true # Whether the authentication cache is enabled or not. authCacheEnabled: true # The maximum size of the cache, after which a purge takes place authCacheMaxSize: 1000 # The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulation authCachePurgeRetentionRatio: 0.75 # Whether to allow non-admins to perform non channel scoped queries. # When this is false, it means that only peer admins can perform non channel scoped queries. orgMembersAllowedAccess: false # Limits is used to configure some internal resource limits. limits: # Concurrency limits the number of concurrently running requests to a service on each peer. # Currently this option is only applied to endorser service and deliver service. # When the property is missing or the value is 0, the concurrency limit is disabled for the service. concurrency: # endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation, # including both user chaincodes and system chaincodes. endorserService: 2500 # deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events. deliverService: 2500 ############################################################################### # # VM section # ############################################################################### vm: # Endpoint of the vm management system. For docker can be one of the following in general # unix:///var/run/docker.sock # http://localhost:2375 # https://localhost:2376 endpoint: unix:///var/run/docker.sock # settings for docker vms docker: tls: enabled: false ca: file: docker/ca.crt cert: file: docker/tls.crt key: file: docker/tls.key # Enables/disables the standard out/err from chaincode containers for # debugging purposes attachStdout: false # Parameters on creating docker container. # Container may be efficiently created using ipam & dns-server for cluster # NetworkMode - sets the networking mode for the container. Supported # standard values are: `host`(default),`bridge`,`ipvlan`,`none`. # Dns - a list of DNS servers for the container to use. # Note: `Privileged` `Binds` `Links` and `PortBindings` properties of # Docker Host Config are not supported and will not be used if set. # LogConfig - sets the logging driver (Type) and related options # (Config) for Docker. For more info, # https://docs.docker.com/engine/admin/logging/overview/ # Note: Set LogConfig using Environment Variables is not supported. hostConfig: NetworkMode: host Dns: # - 192.168.0.1 LogConfig: Type: json-file Config: max-size: "50m" max-file: "5" Memory: 2147483648 ############################################################################### # # Chaincode section # ############################################################################### chaincode: # The id is used by the Chaincode stub to register the executing Chaincode # ID with the Peer and is generally supplied through ENV variables # the `path` form of ID is provided when installing the chaincode. # The `name` is used for all other requests and can be any string. id: path: name: # Generic builder environment, suitable for most chaincode types builder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION) # Enables/disables force pulling of the base docker images (listed below) # during user chaincode instantiation. # Useful when using moving image tags (such as :latest) pull: false golang: # golang will never need more than baseos runtime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION) # whether or not golang chaincode should be linked dynamically dynamicLink: false java: # This is an image based on java:openjdk-8 with addition compiler # tools added for java shim layer packaging. # This image is packed with shim layer libraries that are necessary # for Java chaincode runtime. runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION) node: # This is an image based on node:$(NODE_VER)-alpine runtime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION) # List of directories to treat as external builders and launchers for # chaincode. The external builder detection processing will iterate over the # builders in the order specified below. externalBuilders: [] # - path: /path/to/directory # name: descriptive-builder-name # propagateEnvironment: # - ENVVAR_NAME_TO_PROPAGATE_FROM_PEER # - GOPROXY # The maximum duration to wait for the chaincode build and install process # to complete. installTimeout: 300s # Timeout duration for starting up a container and waiting for Register # to come through. startuptimeout: 300s # Timeout duration for Invoke and Init calls to prevent runaway. # This timeout is used by all chaincodes in all the channels, including # system chaincodes. # Note that during Invoke, if the image is not available (e.g. being # cleaned up when in development environment), the peer will automatically # build the image, which might take more time. In production environment, # the chaincode image is unlikely to be deleted, so the timeout could be # reduced accordingly. executetimeout: 30s # There are 2 modes: "dev" and "net". # In dev mode, user runs the chaincode after starting peer from # command line on local machine. # In net mode, peer will run chaincode in a docker container. mode: net # keepalive in seconds. In situations where the communication goes through a # proxy that does not support keep-alive, this parameter will maintain connection # between peer and chaincode. # A value <= 0 turns keepalive off keepalive: 0 # enabled system chaincodes system: _lifecycle: enable cscc: enable lscc: enable escc: enable vscc: enable qscc: enable # Logging section for the chaincode container logging: # Default level for all loggers within the chaincode container level: info # Override default level for the 'shim' logger shim: warning # Format for the chaincode container logs format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}' ############################################################################### # # Ledger section - ledger configuration encompasses both the blockchain # and the state # ############################################################################### ledger: blockchain: state: # stateDatabase - options are "goleveldb", "CouchDB" # goleveldb - default state database stored in goleveldb. # CouchDB - store state database in CouchDB stateDatabase: goleveldb # Limit on the number of records to return per query totalQueryLimit: 100000 couchDBConfig: # It is recommended to run CouchDB on the same server as the peer, and # not map the CouchDB container port to a server port in docker-compose. # Otherwise proper security must be provided on the connection between # CouchDB client (on the peer) and server. couchDBAddress: 192.168.3.128:5984 # This username must have read and write authority on CouchDB username: # The password is recommended to pass as an environment variable # during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD). # If it is stored here, the file must be access control protected # to prevent unintended users from discovering the password. password: # Number of retries for CouchDB errors maxRetries: 3 # Number of retries for CouchDB errors during peer startup. # The delay between retries doubles for each attempt. # Default of 10 retries results in 11 attempts over 2 minutes. maxRetriesOnStartup: 10 # CouchDB request timeout (unit: duration, e.g. 20s) requestTimeout: 35s # Limit on the number of records per each CouchDB query # Note that chaincode queries are only bound by totalQueryLimit. # Internally the chaincode may execute multiple CouchDB queries, # each of size internalQueryLimit. internalQueryLimit: 1000 # Limit on the number of records per CouchDB bulk update batch maxBatchUpdateSize: 1000 # Warm indexes after every N blocks. # This option warms any indexes that have been # deployed to CouchDB after every N blocks. # A value of 1 will warm indexes after every block commit, # to ensure fast selector queries. # Increasing the value may improve write efficiency of peer and CouchDB, # but may degrade query response time. warmIndexesAfterNBlocks: 1 # Create the _global_changes system database # This is optional. Creating the global changes database will require # additional system resources to track changes and maintain the database createGlobalChangesDB: false # CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state # cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple # of 32 MB, the peer would round the size to the next multiple of 32 MB. # To disable the cache, 0 MB needs to be assigned to the cacheSize. cacheSize: 64 history: # enableHistoryDatabase - options are true or false # Indicates if the history of key updates should be stored. # All history 'index' will be stored in goleveldb, regardless if using # CouchDB or alternate database for the state. enableHistoryDatabase: true pvtdataStore: # the maximum db batch size for converting # the ineligible missing data entries to eligible missing data entries collElgProcMaxDbBatchSize: 5000 # the minimum duration (in milliseconds) between writing # two consecutive db batches for converting the ineligible missing data entries to eligible missing data entries collElgProcDbBatchesInterval: 1000 ############################################################################### # # Operations section # ############################################################################### operations: # host and port for the operations server listenAddress: 192.168.3.128:9443 # TLS configuration for the operations endpoint tls: # TLS enabled enabled: false # path to PEM encoded server certificate for the operations server cert: file: # path to PEM encoded server key for the operations server key: file: # most operations service endpoints require client authentication when TLS # is enabled. clientAuthRequired requires client certificate authentication # at the TLS layer to access all resources. clientAuthRequired: false # paths to PEM encoded ca certificates to trust for client authentication clientRootCAs: files: [] ############################################################################### # # Metrics section # ############################################################################### metrics: # metrics provider is one of statsd, prometheus, or disabled provider: disabled # statsd configuration statsd: # network type: tcp or udp network: udp # statsd server address address: 192.168.3.128:8125 # the interval at which locally cached counters and gauges are pushed # to statsd; timings are pushed immediately writeInterval: 10s # prefix is prepended to all emitted statsd metrics prefix:- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
- 465
- 466
- 467
- 468
- 469
- 470
- 471
- 472
- 473
- 474
- 475
- 476
- 477
- 478
- 479
- 480
- 481
- 482
- 483
- 484
- 485
- 486
- 487
- 488
- 489
- 490
- 491
- 492
- 493
- 494
- 495
- 496
- 497
- 498
- 499
- 500
- 501
- 502
- 503
- 504
- 505
- 506
- 507
- 508
- 509
- 510
- 511
- 512
- 513
- 514
- 515
- 516
- 517
- 518
- 519
- 520
- 521
- 522
- 523
- 524
- 525
- 526
- 527
- 528
- 529
- 530
- 531
- 532
- 533
- 534
- 535
- 536
- 537
- 538
- 539
- 540
- 541
- 542
- 543
- 544
- 545
- 546
- 547
- 548
- 549
- 550
- 551
- 552
- 553
- 554
- 555
- 556
- 557
- 558
- 559
- 560
- 561
- 562
- 563
- 564
- 565
- 566
- 567
- 568
- 569
- 570
- 571
- 572
- 573
- 574
- 575
- 576
- 577
- 578
- 579
- 580
- 581
- 582
- 583
- 584
- 585
- 586
- 587
- 588
- 589
- 590
- 591
- 592
- 593
- 594
- 595
- 596
- 597
- 598
- 599
- 600
- 601
- 602
- 603
- 604
- 605
- 606
- 607
- 608
- 609
- 610
- 611
- 612
- 613
- 614
- 615
- 616
- 617
- 618
- 619
- 620
- 621
- 622
- 623
- 624
- 625
- 626
- 627
- 628
- 629
- 630
- 631
- 632
- 633
- 634
- 635
- 636
- 637
- 638
- 639
- 640
- 641
- 642
- 643
- 644
- 645
- 646
- 647
- 648
- 649
- 650
- 651
- 652
- 653
- 654
- 655
- 656
- 657
- 658
- 659
- 660
- 661
- 662
- 663
- 664
- 665
- 666
- 667
- 668
- 669
- 670
- 671
- 672
- 673
- 674
- 675
- 676
- 677
- 678
- 679
- 680
- 681
- 682
- 683
- 684
- 685
- 686
- 687
- 688
- 689
- 690
- 691
- 692
- 693
- 694
- 695
- 696
- 697
- 698
- 699
- 700
- 701
- 702
- 703
- 704
- 705
- 706
- 707
- 708
- 709
- 710
- 711
- 712
- 713
- 714
- 715
- 716
- 717
- 718
- 719
- 720
- 721
- 722
- 723
- 724
- 725
- 726
- 727
- 728
- 729
- 730
- 731
- 732
- 733
- 734
- 735
设置peer0相关的环境变量,以正常运行peer二进制命令:
# export FABRIC_LOGGING_SPEC=DEBUG # 根据需要配置,对服务端和客户端都有效 export CORE_PEER_TLS_ENABLED=true export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=/home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt export CORE_PEER_MSPCONFIGPATH=/home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=192.168.3.128:7051 # export CORE_PEER_GOSSIP_EXTERNALENDPOINT=192.168.3.128:7051- 1
- 2
- 3
- 4
- 5
- 6
- 7
启动peer0:
peer node start- 1
日志:
2023-11-01 11:23:14.743 CST [nodeCmd] serve -> INFO 001 Starting peer: Version: 2.2.0 Commit SHA: 5ea85bc54 Go version: go1.14.4 OS/Arch: linux/amd64 Chaincode: Base Docker Label: org.hyperledger.fabric Docker Namespace: hyperledger 2023-11-01 11:23:14.743 CST [peer] getLocalAddress -> INFO 002 Auto-detected peer address: 192.168.3.128:7051 2023-11-01 11:23:14.744 CST [peer] getLocalAddress -> INFO 003 Returning 192.168.3.128:7051 2023-11-01 11:23:14.750 CST [nodeCmd] initGrpcSemaphores -> INFO 004 concurrency limit for endorser service is 2500 2023-11-01 11:23:14.750 CST [nodeCmd] initGrpcSemaphores -> INFO 005 concurrency limit for deliver service is 2500 2023-11-01 11:23:14.750 CST [nodeCmd] serve -> INFO 006 Starting peer with TLS enabled 2023-11-01 11:23:14.760 CST [ledgermgmt] NewLedgerMgr -> INFO 007 Initializing LedgerMgr 2023-11-01 11:23:14.768 CST [leveldbhelper] openDBAndCheckFormat -> INFO 008 DB is empty Setting db format as 2.0 2023-11-01 11:23:14.769 CST [blkstorage] NewProvider -> INFO 009 Creating new file ledger directory at /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/hyperledger/production/ledgersData/chains/chains 2023-11-01 11:23:14.774 CST [leveldbhelper] openDBAndCheckFormat -> INFO 00a DB is empty Setting db format as 2.0 2023-11-01 11:23:14.781 CST [leveldbhelper] openDBAndCheckFormat -> INFO 00b DB is empty Setting db format as 2.0 2023-11-01 11:23:14.783 CST [ledgermgmt] NewLedgerMgr -> INFO 00c Initialized LedgerMgr 2023-11-01 11:23:14.789 CST [gossip.service] New -> INFO 00d Initialize gossip with endpoint 192.168.3.128:7051 2023-11-01 11:23:14.790 CST [gossip.gossip] New -> INFO 00e Creating gossip service with self membership of Endpoint: 192.168.3.128:7051, InternalEndpoint: 192.168.3.128:7051, PKI-ID: c4ed8c02f6d405ef18af1dee58b19a712a572de390f71b9ac57812aab8522838, Metadata: 2023-11-01 11:23:14.796 CST [gossip.gossip] start -> INFO 00f Gossip instance 192.168.3.128:7051 started 2023-11-01 11:23:14.796 CST [lifecycle] InitializeLocalChaincodes -> INFO 010 Initialized lifecycle cache with 0 already installed chaincodes 2023-11-01 11:23:14.797 CST [nodeCmd] computeChaincodeEndpoint -> INFO 011 Entering computeChaincodeEndpoint with peerHostname: 192.168.3.128 2023-11-01 11:23:14.797 CST [nodeCmd] computeChaincodeEndpoint -> INFO 012 Exit with ccEndpoint: 192.168.3.128:7052 2023-11-01 11:23:14.797 CST [nodeCmd] createChaincodeServer -> WARN 013 peer.chaincodeListenAddress is not set, using 192.168.3.128:7052 2023-11-01 11:23:14.801 CST [sccapi] DeploySysCC -> INFO 014 deploying system chaincode 'lscc' 2023-11-01 11:23:14.801 CST [sccapi] DeploySysCC -> INFO 015 deploying system chaincode 'cscc' 2023-11-01 11:23:14.801 CST [sccapi] DeploySysCC -> INFO 016 deploying system chaincode 'qscc' 2023-11-01 11:23:14.802 CST [sccapi] DeploySysCC -> INFO 017 deploying system chaincode '_lifecycle' 2023-11-01 11:23:14.802 CST [nodeCmd] serve -> INFO 018 Deployed system chaincodes 2023-11-01 11:23:14.802 CST [discovery] NewService -> INFO 019 Created with config TLS: true, authCacheMaxSize: 1000, authCachePurgeRatio: 0.750000 2023-11-01 11:23:14.802 CST [nodeCmd] registerDiscoveryService -> INFO 01a Discovery service activated 2023-11-01 11:23:14.802 CST [nodeCmd] serve -> INFO 01b Starting peer with ID=[peer0.org1.example.com], network ID=[dev], address=[192.168.3.128:7051] 2023-11-01 11:23:14.803 CST [nodeCmd] serve -> INFO 01c Started peer with ID=[peer0.org1.example.com], network ID=[dev], address=[192.168.3.128:7051] 2023-11-01 11:23:14.803 CST [kvledger] LoadPreResetHeight -> INFO 01d Loading prereset height from path [/home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/hyperledger/production/ledgersData/chains] 2023-11-01 11:23:14.803 CST [blkstorage] preResetHtFiles -> INFO 01e No active channels passed- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
六、启动orderer0
6.1、创建排序服务创世块
走到这一步,组织目录下msp/只有tlscacerts目录,缺少cacert:
/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/ ├── config.yaml └── tlscacerts └── tlsca.org1.example.com-cert.pem 1 directory, 2 files- 1
- 2
- 3
- 4
- 5
- 6
所以先将orderer0的msp目录下的cacert,即
~/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/cacerts/放到~/fabric/organizations/ordererOrganizations/org1.example.com/msp/cacerts/,顺带给peer0也一起处理:cp -r /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/cacerts /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp cp -r /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp- 1
- 2
更改configtx.yaml文件。最终的
configtx.yaml:# Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # --- ################################################################################ # # ORGANIZATIONS # # This section defines the organizational identities that can be referenced # in the configuration profiles. # ################################################################################ Organizations: # SampleOrg defines an MSP using the sampleconfig. It should never be used # in production but may be used as a template for other definitions. - &OrdererOrg1 # Name is the key by which this org will be referenced in channel # configuration transactions. # Name can include alphanumeric characters as well as dots and dashes. Name: OrdererOrg1 # SkipAsForeign can be set to true for org definitions which are to be # inherited from the orderer system channel during channel creation. This # is especially useful when an admin of a single org without access to the # MSP directories of the other orgs wishes to create a channel. Note # this property must always be set to false for orgs included in block # creation. SkipAsForeign: false # ID is the key by which this org's MSP definition will be referenced. # ID can include alphanumeric characters as well as dots and dashes. ID: OrdererOrg1MSP # MSPDir is the filesystem path which contains the MSP configuration. MSPDir: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel// Policies: Readers: Type: Signature Rule: "OR('OrdererOrg1MSP.member')" # If your MSP is configured with the new NodeOUs, you might # want to use a more specific rule like the following: # Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')" Writers: Type: Signature Rule: "OR('OrdererOrg1MSP.member')" # If your MSP is configured with the new NodeOUs, you might # want to use a more specific rule like the following: # Rule: "OR('SampleOrg.admin', 'SampleOrg.client')" Admins: Type: Signature Rule: "OR('OrdererOrg1MSP.admin')" # OrdererEndpoints is a list of all orderers this org runs which clients # and peers may to connect to to push transactions and receive blocks respectively. OrdererEndpoints: - "192.168.3.128:7050" - &Org1 # Name is the key by which this org will be referenced in channel # configuration transactions. # Name can include alphanumeric characters as well as dots and dashes. Name: Org1MSP # SkipAsForeign can be set to true for org definitions which are to be # inherited from the orderer system channel during channel creation. This # is especially useful when an admin of a single org without access to the # MSP directories of the other orgs wishes to create a channel. Note # this property must always be set to false for orgs included in block # creation. SkipAsForeign: false # ID is the key by which this org's MSP definition will be referenced. # ID can include alphanumeric characters as well as dots and dashes. ID: Org1MSP # MSPDir is the filesystem path which contains the MSP configuration. MSPDir: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp # Policies defines the set of policies at this level of the config tree # For organization policies, their canonical path is usually # /Channel/ / Policies: Readers: Type: Signature Rule: "OR('Org1MSP.member')" # If your MSP is configured with the new NodeOUs, you might # want to use a more specific rule like the following: # Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')" Writers: Type: Signature Rule: "OR('Org1MSP.member')" # If your MSP is configured with the new NodeOUs, you might # want to use a more specific rule like the following: # Rule: "OR('SampleOrg.admin', 'SampleOrg.client')" Admins: Type: Signature Rule: "OR('Org1MSP.admin')" Endorsement: Type: Signature Rule: "OR('Org1MSP.member')" # AnchorPeers defines the location of peers which can be used for # cross-org gossip communication. Note, this value is only encoded in # the genesis block in the Application section context. AnchorPeers: - Host: 192.168.3.128 Port: 7051 ################################################################################ # # CAPABILITIES # # This section defines the capabilities of fabric network. This is a new # concept as of v1.1.0 and should not be utilized in mixed networks with # v1.0.x peers and orderers. Capabilities define features which must be # present in a fabric binary for that binary to safely participate in the # fabric network. For instance, if a new MSP type is added, newer binaries # might recognize and validate the signatures from this type, while older # binaries without this support would be unable to validate those # transactions. This could lead to different versions of the fabric binaries # having different world states. Instead, defining a capability for a channel # informs those binaries without this capability that they must cease # processing transactions until they have been upgraded. For v1.0.x if any # capabilities are defined (including a map with all capabilities turned off) # then the v1.0.x peer will deliberately crash. # ################################################################################ Capabilities: # Channel capabilities apply to both the orderers and the peers and must be # supported by both. # Set the value of the capability to true to require it. Channel: &ChannelCapabilities # V2.0 for Channel is a catchall flag for behavior which has been # determined to be desired for all orderers and peers running at the v2.0.0 # level, but which would be incompatible with orderers and peers from # prior releases. # Prior to enabling V2.0 channel capabilities, ensure that all # orderers and peers on a channel are at v2.0.0 or later. V2_0: true # Orderer capabilities apply only to the orderers, and may be safely # used with prior release peers. # Set the value of the capability to true to require it. Orderer: &OrdererCapabilities # V1.1 for Orderer is a catchall flag for behavior which has been # determined to be desired for all orderers running at the v1.1.x # level, but which would be incompatible with orderers from prior releases. # Prior to enabling V2.0 orderer capabilities, ensure that all # orderers on a channel are at v2.0.0 or later. V2_0: true # Application capabilities apply only to the peer network, and may be safely # used with prior release orderers. # Set the value of the capability to true to require it. Application: &ApplicationCapabilities # V2.0 for Application enables the new non-backwards compatible # features and fixes of fabric v2.0. # Prior to enabling V2.0 orderer capabilities, ensure that all # orderers on a channel are at v2.0.0 or later. V2_0: true ################################################################################ # # APPLICATION # # This section defines the values to encode into a config transaction or # genesis block for application-related parameters. # ################################################################################ Application: &ApplicationDefaults # ACLs: &ACLsDefault # This section provides defaults for policies for various resources # in the system. These "resources" could be functions on system chaincodes # (e.g., "GetBlockByNumber" on the "qscc" system chaincode) or other resources # (e.g.,who can receive Block events). This section does NOT specify the resource's # definition or API, but just the ACL policy for it. # # Users can override these defaults with their own policy mapping by defining the # mapping under ACLs in their channel definition #---New Lifecycle System Chaincode (_lifecycle) function to policy mapping for access control--# # ACL policy for _lifecycle's "CheckCommitReadiness" function # _lifecycle/CheckCommitReadiness: /Channel/Application/Writers # ACL policy for _lifecycle's "CommitChaincodeDefinition" function # _lifecycle/CommitChaincodeDefinition: /Channel/Application/Writers # ACL policy for _lifecycle's "QueryChaincodeDefinition" function # _lifecycle/QueryChaincodeDefinition: /Channel/Application/Readers # ACL policy for _lifecycle's "QueryChaincodeDefinitions" function # _lifecycle/QueryChaincodeDefinitions: /Channel/Application/Readers #---Lifecycle System Chaincode (lscc) function to policy mapping for access control---# # ACL policy for lscc's "getid" function # lscc/ChaincodeExists: /Channel/Application/Readers # ACL policy for lscc's "getdepspec" function # lscc/GetDeploymentSpec: /Channel/Application/Readers # ACL policy for lscc's "getccdata" function # lscc/GetChaincodeData: /Channel/Application/Readers # ACL Policy for lscc's "getchaincodes" function # lscc/GetInstantiatedChaincodes: /Channel/Application/Readers #---Query System Chaincode (qscc) function to policy mapping for access control---# # ACL policy for qscc's "GetChainInfo" function # qscc/GetChainInfo: /Channel/Application/Readers # ACL policy for qscc's "GetBlockByNumber" function # qscc/GetBlockByNumber: /Channel/Application/Readers # ACL policy for qscc's "GetBlockByHash" function # qscc/GetBlockByHash: /Channel/Application/Readers # ACL policy for qscc's "GetTransactionByID" function # qscc/GetTransactionByID: /Channel/Application/Readers # ACL policy for qscc's "GetBlockByTxID" function # qscc/GetBlockByTxID: /Channel/Application/Readers #---Configuration System Chaincode (cscc) function to policy mapping for access control---# # ACL policy for cscc's "GetConfigBlock" function # cscc/GetConfigBlock: /Channel/Application/Readers # ACL policy for cscc's "GetConfigTree" function # cscc/GetConfigTree: /Channel/Application/Readers # ACL policy for cscc's "SimulateConfigTreeUpdate" function # cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers #---Miscellaneous peer function to policy mapping for access control---# # ACL policy for invoking chaincodes on peer # peer/Propose: /Channel/Application/Writers # ACL policy for chaincode to chaincode invocation # peer/ChaincodeToChaincode: /Channel/Application/Readers #---Events resource to policy mapping for access control###---# # ACL policy for sending block events # event/Block: /Channel/Application/Readers # ACL policy for sending filtered block events # event/FilteredBlock: /Channel/Application/Readers # Organizations lists the orgs participating on the application side of the # network. Organizations: # Policies defines the set of policies at this level of the config tree # For Application policies, their canonical path is # /Channel/Application/ Policies: LifecycleEndorsement: Type: ImplicitMeta Rule: "MAJORITY Endorsement" Endorsement: Type: ImplicitMeta Rule: "MAJORITY Endorsement" Readers: Type: ImplicitMeta Rule: "ANY Readers" Writers: Type: ImplicitMeta Rule: "ANY Writers" Admins: Type: ImplicitMeta Rule: "MAJORITY Admins" # Capabilities describes the application level capabilities, see the # dedicated Capabilities section elsewhere in this file for a full # description Capabilities: <<: *ApplicationCapabilities ################################################################################ # # ORDERER # # This section defines the values to encode into a config transaction or # genesis block for orderer related parameters. # ################################################################################ Orderer: &OrdererDefaults # Orderer Type: The orderer implementation to start. # Available types are "solo", "kafka" and "etcdraft". OrdererType: etcdraft # Addresses used to be the list of orderer addresses that clients and peers # could connect to. However, this does not allow clients to associate orderer # addresses and orderer organizations which can be useful for things such # as TLS validation. The preferred way to specify orderer addresses is now # to include the OrdererEndpoints item in your org definition Addresses: - 192.168.3.128:7050 EtcdRaft: Consenters: - Host: 192.168.3.128 Port: 7050 ClientTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt ServerTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt # Batch Timeout: The amount of time to wait before creating a batch. BatchTimeout: 2s # Batch Size: Controls the number of messages batched into a block. # The orderer views messages opaquely, but typically, messages may # be considered to be Fabric transactions. The 'batch' is the group # of messages in the 'data' field of the block. Blocks will be a few kb # larger than the batch size, when signatures, hashes, and other metadata # is applied. BatchSize: # Max Message Count: The maximum number of messages to permit in a # batch. No block will contain more than this number of messages. MaxMessageCount: 10 # Absolute Max Bytes: The absolute maximum number of bytes allowed for # the serialized messages in a batch. The maximum block size is this value # plus the size of the associated metadata (usually a few KB depending # upon the size of the signing identities). Any transaction larger than # this value will be rejected by ordering. If the "kafka" OrdererType is # selected, set 'message.max.bytes' and 'replica.fetch.max.bytes' on # the Kafka brokers to a value that is larger than this one. AbsoluteMaxBytes: 99 MB # Preferred Max Bytes: The preferred maximum number of bytes allowed # for the serialized messages in a batch. Roughly, this field may be considered # the best effort maximum size of a batch. A batch will fill with messages # until this size is reached (or the max message count, or batch timeout is # exceeded). If adding a new message to the batch would cause the batch to # exceed the preferred max bytes, then the current batch is closed and written # to a block, and a new batch containing the new message is created. If a # message larger than the preferred max bytes is received, then its batch # will contain only that message. Because messages may be larger than # preferred max bytes (up to AbsoluteMaxBytes), some batches may exceed # the preferred max bytes, but will always contain exactly one transaction. PreferredMaxBytes: 521 KB # Max Channels is the maximum number of channels to allow on the ordering # network. When set to 0, this implies no maximum number of channels. MaxChannels: 0 # Kafka: # Brokers: A list of Kafka brokers to which the orderer connects. Edit # this list to identify the brokers of the ordering service. # NOTE: Use IP:port notation. # Brokers: # - kafka0:9092 # - kafka1:9092 # - kafka2:9092 # Organizations lists the orgs participating on the orderer side of the # network. Organizations: # Policies defines the set of policies at this level of the config tree # For Orderer policies, their canonical path is # /Channel/Orderer/ Policies: Readers: Type: ImplicitMeta Rule: "ANY Readers" Writers: Type: ImplicitMeta Rule: "ANY Writers" Admins: Type: ImplicitMeta Rule: "MAJORITY Admins" # BlockValidation specifies what signatures must be included in the block # from the orderer for the peer to validate it. BlockValidation: Type: ImplicitMeta Rule: "ANY Writers" # Capabilities describes the orderer level capabilities, see the # dedicated Capabilities section elsewhere in this file for a full # description # Capabilities: # <<: *OrdererCapabilities ################################################################################ # # CHANNEL # # This section defines the values to encode into a config transaction or # genesis block for channel related parameters. # ################################################################################ Channel: &ChannelDefaults # Policies defines the set of policies at this level of the config tree # For Channel policies, their canonical path is # /Channel/ Policies: # Who may invoke the 'Deliver' API Readers: Type: ImplicitMeta Rule: "ANY Readers" # Who may invoke the 'Broadcast' API Writers: Type: ImplicitMeta Rule: "ANY Writers" # By default, who may modify elements at this config level Admins: Type: ImplicitMeta Rule: "MAJORITY Admins" # Capabilities describes the channel level capabilities, see the # dedicated Capabilities section elsewhere in this file for a full # description Capabilities: <<: *ChannelCapabilities ################################################################################ # # PROFILES # # Different configuration profiles may be encoded here to be specified as # parameters to the configtxgen tool. The profiles which specify consortiums # are to be used for generating the orderer genesis block. With the correct # consortium members defined in the orderer genesis block, channel creation # requests may be generated with only the org member names and a consortium # name. # ################################################################################ Profiles: OneOrgOrdererGenesis: <<: *ChannelDefaults Orderer: <<: *OrdererDefaults Organizations: - *OrdererOrg1 Capabilities: <<: *OrdererCapabilities Consortiums: SampleConsortium: Organizations: - *Org1 Channel1: Consortium: SampleConsortium <<: *ChannelDefaults Application: <<: *ApplicationDefaults Organizations: - *Org1 Capabilities: <<: *ApplicationCapabilities - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
- 363
- 364
- 365
- 366
- 367
- 368
- 369
- 370
- 371
- 372
- 373
- 374
- 375
- 376
- 377
- 378
- 379
- 380
- 381
- 382
- 383
- 384
- 385
- 386
- 387
- 388
- 389
- 390
- 391
- 392
- 393
- 394
- 395
- 396
- 397
- 398
- 399
- 400
- 401
- 402
- 403
- 404
- 405
- 406
- 407
- 408
- 409
- 410
- 411
- 412
- 413
- 414
- 415
- 416
- 417
- 418
- 419
- 420
- 421
- 422
- 423
- 424
- 425
- 426
- 427
- 428
- 429
- 430
- 431
- 432
- 433
- 434
- 435
- 436
- 437
- 438
- 439
- 440
- 441
- 442
- 443
- 444
- 445
- 446
- 447
- 448
- 449
- 450
- 451
- 452
- 453
- 454
- 455
- 456
- 457
- 458
- 459
- 460
- 461
- 462
- 463
- 464
- 465
- 466
- 467
创建创世块:
configtxgen -profile OneOrgOrdererGenesis -channelID system-channel -outputBlock /home/songzehao/fabric/config/system-genesis-block/genesis.block- 1
得到:
/home/songzehao/fabric/config/system-genesis-block/ └── genesis.block 0 directories, 1 file- 1
- 2
- 3
- 4
日志:
2023-11-01 11:26:45.901 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration 2023-11-01 11:26:45.914 CST [common.tools.configtxgen.localconfig] completeInitialization -> INFO 002 orderer type: etcdraft 2023-11-01 11:26:45.915 CST [common.tools.configtxgen.localconfig] completeInitialization -> INFO 003 Orderer.EtcdRaft.Options unset, setting to tick_interval:"500ms" election_tick:10 heartbeat_tick:1 max_inflight_blocks:5 snapshot_interval_size:16777216 2023-11-01 11:26:45.915 CST [common.tools.configtxgen.localconfig] Load -> INFO 004 Loaded configuration: /home/songzehao/fabric/config/configtx.yaml 2023-11-01 11:26:45.916 CST [common.tools.configtxgen] doOutputBlock -> INFO 005 Generating genesis block 2023-11-01 11:26:45.916 CST [common.tools.configtxgen] doOutputBlock -> INFO 006 Writing genesis block- 1
- 2
- 3
- 4
- 5
- 6
6.2、启动orderer0
更改orderer.yaml文件。最终的
orderer.yaml:# Copyright IBM Corp. All Rights Reserved. # # SPDX-License-Identifier: Apache-2.0 # --- ################################################################################ # # Orderer Configuration # # - This controls the type and configuration of the orderer. # ################################################################################ General: # Listen address: The IP on which to bind to listen. ListenAddress: 192.168.3.128 # Listen port: The port on which to bind to listen. ListenPort: 7050 # TLS: TLS settings for the GRPC server. TLS: Enabled: true # PrivateKey governs the file location of the private key of the TLS certificate. PrivateKey: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.key # Certificate governs the file location of the server TLS certificate. Certificate: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt RootCAs: - /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/ca.crt ClientAuthRequired: false ClientRootCAs: # Keepalive settings for the GRPC server. Keepalive: # ServerMinInterval is the minimum permitted time between client pings. # If clients send pings more frequently, the server will # disconnect them. ServerMinInterval: 60s # ServerInterval is the time between pings to clients. ServerInterval: 7200s # ServerTimeout is the duration the server waits for a response from # a client before closing the connection. ServerTimeout: 20s # Cluster settings for ordering service nodes that communicate with other ordering service nodes # such as Raft based ordering service. Cluster: # SendBufferSize is the maximum number of messages in the egress buffer. # Consensus messages are dropped if the buffer is full, and transaction # messages are waiting for space to be freed. SendBufferSize: 10 # ClientCertificate governs the file location of the client TLS certificate # used to establish mutual TLS connections with other ordering service nodes. ClientCertificate: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt # ClientPrivateKey governs the file location of the private key of the client TLS certificate. ClientPrivateKey: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.key # The below 4 properties should be either set together, or be unset together. # If they are set, then the orderer node uses a separate listener for intra-cluster # communication. If they are unset, then the general orderer listener is used. # This is useful if you want to use a different TLS server certificates on the # client-facing and the intra-cluster listeners. # ListenPort defines the port on which the cluster listens to connections. ListenPort: # ListenAddress defines the IP on which to listen to intra-cluster communication. ListenAddress: # ServerCertificate defines the file location of the server TLS certificate used for intra-cluster # communication. ServerCertificate: # ServerPrivateKey defines the file location of the private key of the TLS certificate. ServerPrivateKey: # Bootstrap method: The method by which to obtain the bootstrap block # system channel is specified. The option can be one of: # "file" - path to a file containing the genesis block or config block of system channel # "none" - allows an orderer to start without a system channel configuration BootstrapMethod: file # Bootstrap file: The file containing the bootstrap block to use when # initializing the orderer system channel and BootstrapMethod is set to # "file". The bootstrap file can be the genesis block, and it can also be # a config block for late bootstrap of some consensus methods like Raft. # Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and # using configtxgen command with "-outputBlock" option. # Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified. BootstrapFile: /home/songzehao/fabric/config/system-genesis-block/genesis.block # LocalMSPDir is where to find the private crypto material needed by the # orderer. It is set relative here as a default for dev environments but # should be changed to the real location in production. LocalMSPDir: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp # LocalMSPID is the identity to register the local MSP material with the MSP # manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP # ID of one of the organizations defined in the orderer system channel's # /Channel/Orderer configuration. The sample organization defined in the # sample configuration provided has an MSP ID of "SampleOrg". LocalMSPID: OrdererOrg1MSP # Enable an HTTP service for Go "pprof" profiling as documented at: # https://golang.org/pkg/net/http/pprof Profile: Enabled: false Address: 0.0.0.0:6060 # BCCSP configures the blockchain crypto service providers. BCCSP: # Default specifies the preferred blockchain crypto service provider # to use. If the preferred provider is not available, the software # based provider ("SW") will be used. # Valid providers are: # - SW: a software based crypto provider # - PKCS11: a CA hardware security module crypto provider. Default: SW # SW configures the software based blockchain crypto provider. SW: # TODO: The default Hash and Security level needs refactoring to be # fully configurable. Changing these defaults requires coordination # SHA2 is hardcoded in several places, not only BCCSP Hash: SHA2 Security: 256 # Location of key store. If this is unset, a location will be # chosen using: 'LocalMSPDir'/keystore FileKeyStore: KeyStore: # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) PKCS11: # Location of the PKCS11 module library Library: # Token Label Label: # User PIN Pin: Hash: Security: FileKeyStore: KeyStore: # Authentication contains configuration parameters related to authenticating # client messages Authentication: # the acceptable difference between the current server time and the # client's time as specified in a client request message TimeWindow: 15m ################################################################################ # # SECTION: File Ledger # # - This section applies to the configuration of the file or json ledgers. # ################################################################################ FileLedger: # Location: The directory to store the blocks in. # NOTE: If this is unset, a new temporary location will be chosen every time # the orderer is restarted, using the prefix specified by Prefix. Location: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/hyperledger/production/orderer # The prefix to use when generating a ledger directory in temporary space. # Otherwise, this value is ignored. Prefix: hyperledger-fabric-ordererledger ################################################################################ # # SECTION: Kafka # # - This section applies to the configuration of the Kafka-based orderer, and # its interaction with the Kafka cluster. # ################################################################################ Kafka: # Retry: What do if a connection to the Kafka cluster cannot be established, # or if a metadata request to the Kafka cluster needs to be repeated. Retry: # When a new channel is created, or when an existing channel is reloaded # (in case of a just-restarted orderer), the orderer interacts with the # Kafka cluster in the following ways: # 1. It creates a Kafka producer (writer) for the Kafka partition that # corresponds to the channel. # 2. It uses that producer to post a no-op CONNECT message to that # partition # 3. It creates a Kafka consumer (reader) for that partition. # If any of these steps fail, they will be re-attempted every #for a total of , and then every # for a total of until they succeed. # Note that the orderer will be unable to write to or read from a # channel until all of the steps above have been completed successfully. ShortInterval: 5s ShortTotal: 10m LongInterval: 5m LongTotal: 12h # Affects the socket timeouts when waiting for an initial connection, a # response, or a transmission. See Config.Net for more info: # https://godoc.org/github.com/Shopify/sarama#Config NetworkTimeouts: DialTimeout: 10s ReadTimeout: 10s WriteTimeout: 10s # Affects the metadata requests when the Kafka cluster is in the middle # of a leader election.See Config.Metadata for more info: # https://godoc.org/github.com/Shopify/sarama#Config Metadata: RetryBackoff: 250ms RetryMax: 3 # What to do if posting a message to the Kafka cluster fails. See # Config.Producer for more info: # https://godoc.org/github.com/Shopify/sarama#Config Producer: RetryBackoff: 100ms RetryMax: 3 # What to do if reading from the Kafka cluster fails. See # Config.Consumer for more info: # https://godoc.org/github.com/Shopify/sarama#Config Consumer: RetryBackoff: 2s # Settings to use when creating Kafka topics. Only applies when # Kafka.Version is v0.10.1.0 or higher Topic: # The number of Kafka brokers across which to replicate the topic ReplicationFactor: 3 # Verbose: Enable logging for interactions with the Kafka cluster. Verbose: false # TLS: TLS settings for the orderer's connection to the Kafka cluster. TLS: # Enabled: Use TLS when connecting to the Kafka cluster. Enabled: false # PrivateKey: PEM-encoded private key the orderer will use for # authentication. PrivateKey: # As an alternative to specifying the PrivateKey here, uncomment the # following "File" key and specify the file name from which to load the # value of PrivateKey. #File: path/to/PrivateKey # Certificate: PEM-encoded signed public key certificate the orderer will # use for authentication. Certificate: # As an alternative to specifying the Certificate here, uncomment the # following "File" key and specify the file name from which to load the # value of Certificate. #File: path/to/Certificate # RootCAs: PEM-encoded trusted root certificates used to validate # certificates from the Kafka cluster. RootCAs: # As an alternative to specifying the RootCAs here, uncomment the # following "File" key and specify the file name from which to load the # value of RootCAs. #File: path/to/RootCAs # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers SASLPlain: # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers Enabled: false # User: Required when Enabled is set to true User: # Password: Required when Enabled is set to true Password: # Kafka protocol version used to communicate with the Kafka cluster brokers # (defaults to 0.10.2.0 if not specified) Version: ################################################################################ # # Debug Configuration # # - This controls the debugging options for the orderer # ################################################################################ Debug: # BroadcastTraceDir when set will cause each request to the Broadcast service # for this orderer to be written to a file in this directory BroadcastTraceDir: # DeliverTraceDir when set will cause each request to the Deliver service # for this orderer to be written to a file in this directory DeliverTraceDir: ################################################################################ # # Operations Configuration # # - This configures the operations server endpoint for the orderer # ################################################################################ Operations: # host and port for the operations server ListenAddress: 192.168.3.128:8443 # TLS configuration for the operations endpoint TLS: # TLS enabled Enabled: false # Certificate is the location of the PEM encoded TLS certificate Certificate: # PrivateKey points to the location of the PEM-encoded key PrivateKey: # Most operations service endpoints require client authentication when TLS # is enabled. ClientAuthRequired requires client certificate authentication # at the TLS layer to access all resources. ClientAuthRequired: false # Paths to PEM encoded ca certificates to trust for client authentication ClientRootCAs: [] ################################################################################ # # Metrics Configuration # # - This configures metrics collection for the orderer # ################################################################################ Metrics: # The metrics provider is one of statsd, prometheus, or disabled Provider: disabled # The statsd configuration Statsd: # network type: tcp or udp Network: udp # the statsd server address Address: 192.168.3.128:8125 # The interval at which locally cached counters and gauges are pushed # to statsd; timings are pushed immediately WriteInterval: 30s # The prefix is prepended to all emitted statsd metrics Prefix: ################################################################################ # # Consensus Configuration # # - This section contains config options for a consensus plugin. It is opaque # to orderer, and completely up to consensus implementation to make use of. # ################################################################################ Consensus: # The allowed key-value pairs here depend on consensus plugin. For etcd/raft, # we use following options: # WALDir specifies the location at which Write Ahead Logs for etcd/raft are # stored. Each channel will have its own subdir named after channel ID. WALDir: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/hyperledger/production/orderer/etcdraft/wal # SnapDir specifies the location at which snapshots for etcd/raft are # stored. Each channel will have its own subdir named after channel ID. SnapDir: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/hyperledger/production/orderer/etcdraft/snapshot - 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- 136
- 137
- 138
- 139
- 140
- 141
- 142
- 143
- 144
- 145
- 146
- 147
- 148
- 149
- 150
- 151
- 152
- 153
- 154
- 155
- 156
- 157
- 158
- 159
- 160
- 161
- 162
- 163
- 164
- 165
- 166
- 167
- 168
- 169
- 170
- 171
- 172
- 173
- 174
- 175
- 176
- 177
- 178
- 179
- 180
- 181
- 182
- 183
- 184
- 185
- 186
- 187
- 188
- 189
- 190
- 191
- 192
- 193
- 194
- 195
- 196
- 197
- 198
- 199
- 200
- 201
- 202
- 203
- 204
- 205
- 206
- 207
- 208
- 209
- 210
- 211
- 212
- 213
- 214
- 215
- 216
- 217
- 218
- 219
- 220
- 221
- 222
- 223
- 224
- 225
- 226
- 227
- 228
- 229
- 230
- 231
- 232
- 233
- 234
- 235
- 236
- 237
- 238
- 239
- 240
- 241
- 242
- 243
- 244
- 245
- 246
- 247
- 248
- 249
- 250
- 251
- 252
- 253
- 254
- 255
- 256
- 257
- 258
- 259
- 260
- 261
- 262
- 263
- 264
- 265
- 266
- 267
- 268
- 269
- 270
- 271
- 272
- 273
- 274
- 275
- 276
- 277
- 278
- 279
- 280
- 281
- 282
- 283
- 284
- 285
- 286
- 287
- 288
- 289
- 290
- 291
- 292
- 293
- 294
- 295
- 296
- 297
- 298
- 299
- 300
- 301
- 302
- 303
- 304
- 305
- 306
- 307
- 308
- 309
- 310
- 311
- 312
- 313
- 314
- 315
- 316
- 317
- 318
- 319
- 320
- 321
- 322
- 323
- 324
- 325
- 326
- 327
- 328
- 329
- 330
- 331
- 332
- 333
- 334
- 335
- 336
- 337
- 338
- 339
- 340
- 341
- 342
- 343
- 344
- 345
- 346
- 347
- 348
- 349
- 350
- 351
- 352
- 353
- 354
- 355
- 356
- 357
- 358
- 359
- 360
- 361
- 362
启动orderer:
orderer start- 1
日志:
2023-11-01 11:32:18.760 CST [localconfig] completeInitialization -> INFO 001 Kafka.Version unset, setting to 0.10.2.0 2023-11-01 11:32:18.760 CST [orderer.common.server] prettyPrintStruct -> INFO 002 Orderer config values: General.ListenAddress = "192.168.3.128" General.ListenPort = 7050 General.TLS.Enabled = true General.TLS.PrivateKey = "/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.key" General.TLS.Certificate = "/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt" General.TLS.RootCAs = [/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/ca.crt] General.TLS.ClientAuthRequired = false General.TLS.ClientRootCAs = [] General.Cluster.ListenAddress = "" General.Cluster.ListenPort = 0 General.Cluster.ServerCertificate = "" General.Cluster.ServerPrivateKey = "" General.Cluster.ClientCertificate = "/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt" General.Cluster.ClientPrivateKey = "/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.key" General.Cluster.RootCAs = [] General.Cluster.DialTimeout = 5s General.Cluster.RPCTimeout = 7s General.Cluster.ReplicationBufferSize = 20971520 General.Cluster.ReplicationPullTimeout = 5s General.Cluster.ReplicationRetryTimeout = 5s General.Cluster.ReplicationBackgroundRefreshInterval = 5m0s General.Cluster.ReplicationMaxRetries = 12 General.Cluster.SendBufferSize = 10 General.Cluster.CertExpirationWarningThreshold = 168h0m0s General.Cluster.TLSHandshakeTimeShift = 0s General.Keepalive.ServerMinInterval = 1m0s General.Keepalive.ServerInterval = 2h0m0s General.Keepalive.ServerTimeout = 20s General.ConnectionTimeout = 0s General.GenesisMethod = "" General.GenesisFile = "" General.BootstrapMethod = "file" General.BootstrapFile = "/home/songzehao/fabric/config/system-genesis-block/genesis.block" General.Profile.Enabled = false General.Profile.Address = "0.0.0.0:6060" General.LocalMSPDir = "/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp" General.LocalMSPID = "OrdererOrg1MSP" General.BCCSP.ProviderName = "SW" General.BCCSP.SwOpts.SecLevel = 256 General.BCCSP.SwOpts.HashFamily = "SHA2" General.BCCSP.SwOpts.Ephemeral = true General.BCCSP.SwOpts.FileKeystore.KeyStorePath = "" General.BCCSP.SwOpts.DummyKeystore = General.BCCSP.SwOpts.InmemKeystore = General.Authentication.TimeWindow = 15m0s General.Authentication.NoExpirationChecks = false FileLedger.Location = "/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/hyperledger/production/orderer" FileLedger.Prefix = "hyperledger-fabric-ordererledger" Kafka.Retry.ShortInterval = 5s Kafka.Retry.ShortTotal = 10m0s Kafka.Retry.LongInterval = 5m0s Kafka.Retry.LongTotal = 12h0m0s Kafka.Retry.NetworkTimeouts.DialTimeout = 10s Kafka.Retry.NetworkTimeouts.ReadTimeout = 10s Kafka.Retry.NetworkTimeouts.WriteTimeout = 10s Kafka.Retry.Metadata.RetryMax = 3 Kafka.Retry.Metadata.RetryBackoff = 250ms Kafka.Retry.Producer.RetryMax = 3 Kafka.Retry.Producer.RetryBackoff = 100ms Kafka.Retry.Consumer.RetryBackoff = 2s Kafka.Verbose = false Kafka.Version = 0.10.2.0 Kafka.TLS.Enabled = false Kafka.TLS.PrivateKey = "" Kafka.TLS.Certificate = "" Kafka.TLS.RootCAs = [] Kafka.TLS.ClientAuthRequired = false Kafka.TLS.ClientRootCAs = [] Kafka.SASLPlain.Enabled = false Kafka.SASLPlain.User = "" Kafka.SASLPlain.Password = "" Kafka.Topic.ReplicationFactor = 3 Debug.BroadcastTraceDir = "" Debug.DeliverTraceDir = "" Consensus = map[SnapDir:/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/hyperledger/production/orderer/etcdraft/snapshot WALDir:/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/hyperledger/production/orderer/etcdraft/wal] Operations.ListenAddress = "192.168.3.128:8443" Operations.TLS.Enabled = false Operations.TLS.PrivateKey = "" Operations.TLS.Certificate = "" Operations.TLS.RootCAs = [] Operations.TLS.ClientAuthRequired = false Operations.TLS.ClientRootCAs = [] Metrics.Provider = "disabled" Metrics.Statsd.Network = "udp" Metrics.Statsd.Address = "192.168.3.128:8125" Metrics.Statsd.WriteInterval = 30s Metrics.Statsd.Prefix = "" ChannelParticipation.Enabled = false ChannelParticipation.RemoveStorage = false 2023-11-01 11:32:18.772 CST [orderer.common.server] initializeServerConfig -> INFO 003 Starting orderer with TLS enabled 2023-11-01 11:32:18.774 CST [blkstorage] NewProvider -> INFO 004 Creating new file ledger directory at /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/hyperledger/production/orderer/chains 2023-11-01 11:32:18.776 CST [orderer.common.server] Main -> INFO 005 Bootstrapping the system channel 2023-11-01 11:32:18.776 CST [blkstorage] newBlockfileMgr -> INFO 006 Getting block information from block storage 2023-11-01 11:32:18.778 CST [orderer.common.server] selectClusterBootBlock -> INFO 007 Cluster boot block is bootstrap (genesis) block; Blocks Header.Number system-channel=0, bootstrap=0 2023-11-01 11:32:18.780 CST [orderer.common.server] Main -> INFO 008 Starting with system channel: system-channel, consensus type: etcdraft 2023-11-01 11:32:18.780 CST [orderer.common.server] Main -> INFO 009 Setting up cluster 2023-11-01 11:32:18.780 CST [orderer.common.server] reuseListener -> INFO 00a Cluster listener is not configured, defaulting to use the general listener on port 7050 2023-11-01 11:32:18.781 CST [orderer.common.cluster] loadVerifier -> INFO 00b Loaded verifier for channel system-channel from config block at index 0 2023-11-01 11:32:18.784 CST [orderer.consensus.etcdraft] HandleChain -> INFO 00c EvictionSuspicion not set, defaulting to 10m0s 2023-11-01 11:32:18.784 CST [orderer.consensus.etcdraft] createOrReadWAL -> INFO 00d No WAL data found, creating new WAL at path '/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/hyperledger/production/orderer/etcdraft/wal/system-channel' channel=system-channel node=1 2023-11-01 11:32:18.791 CST [orderer.commmon.multichannel] Initialize -> INFO 00e Starting system channel 'system-channel' with genesis block hash cf0eea12e3ad0e100746fab436a756f291a683dd76e17d4b63b1eb2ce40fe407 and orderer type etcdraft 2023-11-01 11:32:18.792 CST [orderer.consensus.etcdraft] Start -> INFO 00f Starting Raft node channel=system-channel node=1 2023-11-01 11:32:18.792 CST [orderer.common.cluster] Configure -> INFO 010 Entering, channel: system-channel, nodes: [] 2023-11-01 11:32:18.792 CST [orderer.common.cluster] Configure -> INFO 011 Exiting 2023-11-01 11:32:18.792 CST [orderer.consensus.etcdraft] start -> INFO 012 Starting raft node as part of a new channel channel=system-channel node=1 2023-11-01 11:32:18.792 CST [orderer.consensus.etcdraft] becomeFollower -> INFO 013 1 became follower at term 0 channel=system-channel node=1 2023-11-01 11:32:18.792 CST [orderer.consensus.etcdraft] newRaft -> INFO 014 newRaft 1 [peers: [], term: 0, commit: 0, applied: 0, lastindex: 0, lastterm: 0] channel=system-channel node=1 2023-11-01 11:32:18.792 CST [orderer.consensus.etcdraft] becomeFollower -> INFO 015 1 became follower at term 1 channel=system-channel node=1 2023-11-01 11:32:18.792 CST [orderer.common.server] Main -> INFO 016 Starting orderer: Version: 2.2.0 Commit SHA: 5ea85bc54 Go version: go1.14.4 OS/Arch: linux/amd64 2023-11-01 11:32:18.792 CST [orderer.consensus.etcdraft] run -> INFO 017 This node is picked to start campaign channel=system-channel node=1 2023-11-01 11:32:18.792 CST [orderer.common.server] Main -> INFO 018 Beginning to serve requests 2023-11-01 11:32:18.793 CST [orderer.consensus.etcdraft] apply -> INFO 019 Applied config change to add node 1, current nodes in channel: [1] channel=system-channel node=1 2023-11-01 11:32:19.793 CST [orderer.consensus.etcdraft] Step -> INFO 01a 1 is starting a new election at term 1 channel=system-channel node=1 2023-11-01 11:32:19.793 CST [orderer.consensus.etcdraft] becomePreCandidate -> INFO 01b 1 became pre-candidate at term 1 channel=system-channel node=1 2023-11-01 11:32:19.793 CST [orderer.consensus.etcdraft] poll -> INFO 01c 1 received MsgPreVoteResp from 1 at term 1 channel=system-channel node=1 2023-11-01 11:32:19.793 CST [orderer.consensus.etcdraft] becomeCandidate -> INFO 01d 1 became candidate at term 2 channel=system-channel node=1 2023-11-01 11:32:19.793 CST [orderer.consensus.etcdraft] poll -> INFO 01e 1 received MsgVoteResp from 1 at term 2 channel=system-channel node=1 2023-11-01 11:32:19.793 CST [orderer.consensus.etcdraft] becomeLeader -> INFO 01f 1 became leader at term 2 channel=system-channel node=1 2023-11-01 11:32:19.793 CST [orderer.consensus.etcdraft] run -> INFO 020 raft.node: 1 elected leader 1 at term 2 channel=system-channel node=1 2023-11-01 11:32:19.794 CST [orderer.consensus.etcdraft] run -> INFO 021 Leader 1 is present, quit campaign channel=system-channel node=1 2023-11-01 11:32:19.794 CST [orderer.consensus.etcdraft] run -> INFO 022 Raft leader changed: 0 -> 1 channel=system-channel node=1 2023-11-01 11:32:19.794 CST [orderer.consensus.etcdraft] run -> INFO 023 Start accepting requests as Raft leader at block [0] channel=system-channel node=1- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
七、创建新通道
前面已经有系统通道了,现在准备创建一个应用通道。
7.1、创建应用通道tx交易文件
configtxgen -profile Channel1 -outputCreateChannelTx /home/songzehao/fabric/config/channel-artifacts/channel1.tx -channelID channel1- 1
得到:
/home/songzehao/fabric/config/channel-artifacts/ └── channel1.tx 0 directories, 1 file- 1
- 2
- 3
- 4
日志:
2023-11-01 11:33:43.714 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration 2023-11-01 11:33:43.729 CST [common.tools.configtxgen.localconfig] Load -> INFO 002 Loaded configuration: /home/songzehao/fabric/config/configtx.yaml 2023-11-01 11:33:43.729 CST [common.tools.configtxgen] doOutputChannelCreateTx -> INFO 003 Generating new channel configtx 2023-11-01 11:33:43.730 CST [common.tools.configtxgen] doOutputChannelCreateTx -> INFO 004 Writing new channel tx- 1
- 2
- 3
- 4
7.2、创建应用通道区块
peer channel create -o 192.168.3.128:7050 -c channel1 -f /home/songzehao/fabric/config/channel-artifacts/channel1.tx --outputBlock /home/songzehao/fabric/config/channel-artifacts/channel1.block --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem- 1
得到:
/home/songzehao/fabric/config/channel-artifacts/ ├── channel1.block └── channel1.tx 0 directories, 2 files- 1
- 2
- 3
- 4
- 5
日志:
2023-11-01 11:34:05.239 CST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized 2023-11-01 11:34:05.249 CST [cli.common] readBlock -> INFO 002 Expect block, but got status: &{NOT_FOUND} 2023-11-01 11:34:05.253 CST [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized 2023-11-01 11:34:05.454 CST [cli.common] readBlock -> INFO 004 Expect block, but got status: &{SERVICE_UNAVAILABLE} 2023-11-01 11:34:05.456 CST [channelCmd] InitCmdFactory -> INFO 005 Endorser and orderer connections initialized 2023-11-01 11:34:05.658 CST [cli.common] readBlock -> INFO 006 Expect block, but got status: &{SERVICE_UNAVAILABLE} 2023-11-01 11:34:05.660 CST [channelCmd] InitCmdFactory -> INFO 007 Endorser and orderer connections initialized 2023-11-01 11:34:05.862 CST [cli.common] readBlock -> INFO 008 Expect block, but got status: &{SERVICE_UNAVAILABLE} 2023-11-01 11:34:05.865 CST [channelCmd] InitCmdFactory -> INFO 009 Endorser and orderer connections initialized 2023-11-01 11:34:06.067 CST [cli.common] readBlock -> INFO 00a Expect block, but got status: &{SERVICE_UNAVAILABLE} 2023-11-01 11:34:06.069 CST [channelCmd] InitCmdFactory -> INFO 00b Endorser and orderer connections initialized 2023-11-01 11:34:06.271 CST [cli.common] readBlock -> INFO 00c Received block: 0- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
7.3、peer0加入应用通道
peer channel join -b /home/songzehao/fabric/config/channel-artifacts/channel1.block- 1
日志:
2023-11-01 11:34:26.004 CST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized 2023-11-01 11:34:26.018 CST [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel- 1
- 2
查询peer加入的通道:
peer channel list- 1
日志:
2023-11-01 11:34:37.778 CST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized Channels peers has joined: channel1- 1
- 2
- 3
7.4、获取应用通道最近的配置块
peer channel fetch config /home/songzehao/fabric/config/channel-artifacts/config_block.pb -o 192.168.3.128:7050 -c channel1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem- 1
得到:
/home/songzehao/fabric/config/channel-artifacts/ ├── channel1.block ├── channel1.tx └── config_block.pb 0 directories, 3 files- 1
- 2
- 3
- 4
- 5
- 6
日志:
2023-11-01 11:34:53.572 CST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized 2023-11-01 11:34:53.574 CST [cli.common] readBlock -> INFO 002 Received block: 0 2023-11-01 11:34:53.574 CST [channelCmd] fetch -> INFO 003 Retrieving last config block: 0 2023-11-01 11:34:53.575 CST [cli.common] readBlock -> INFO 004 Received block: 0- 1
- 2
- 3
- 4
7.5、生成锚节点更新配置文件
protobuf序列化(编码)后的
.pb配置文件,转化为.json格式:configtxlator proto_decode --input /home/songzehao/fabric/config/channel-artifacts/config_block.pb --type common.Block --output /home/songzehao/fabric/config/channel-artifacts/config_block.json- 1
抽取配置部分的json,得到原始配置:
jq .data.data[0].payload.data.config /home/songzehao/fabric/config/channel-artifacts/config_block.json > /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json- 1
进一步追加锚节点peer0信息到Org1MSP的
values部分,得到更改后配置:jq '.channel_group.groups.Application.groups.Org1MSP.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "192.168.3.128","port": 7051}]},"version": "0"}}' /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json > /home/songzehao/fabric/config/channel-artifacts/Org1MSPmodified_config.json- 1
protobuf编码原始配置:
configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json --type common.Config --output /home/songzehao/fabric/config/channel-artifacts/original_config.pb- 1
protobuf编码更改后配置:
configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/Org1MSPmodified_config.json --type common.Config --output /home/songzehao/fabric/config/channel-artifacts/modified_config.pb- 1
计算更改前后的配置差异,得到
.pb的差异配置:configtxlator compute_update --channel_id channel1 --original /home/songzehao/fabric/config/channel-artifacts/original_config.pb --updated /home/songzehao/fabric/config/channel-artifacts/modified_config.pb --output /home/songzehao/fabric/config/channel-artifacts/config_update.pb- 1
protobuf解码为
.json格式:configtxlator proto_decode --input /home/songzehao/fabric/config/channel-artifacts/config_update.pb --type common.ConfigUpdate --output /home/songzehao/fabric/config/channel-artifacts/config_update.json- 1
追加
.json格式的差异文件内容到新包装后的.json文件:echo '{"payload":{"header":{"channel_header":{"channel_id":"channel1", "type":2}},"data":{"config_update":'$(cat /home/songzehao/fabric/config/channel-artifacts/config_update.json)'}}}' | jq . > /home/songzehao/fabric/config/channel-artifacts/config_update_in_envelope.json- 1
编码为
Envelope类型的新的交易文件:configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/config_update_in_envelope.json --type common.Envelope --output /home/songzehao/fabric/config/channel-artifacts/Org1MSPanchors.tx- 1
最终得到:
/home/songzehao/fabric/config/channel-artifacts/ ├── channel1.block ├── channel1.tx ├── config_block.json ├── config_block.pb ├── config_update_in_envelope.json ├── config_update.json ├── config_update.pb ├── modified_config.pb ├── Org1MSPanchors.tx ├── Org1MSPconfig.json ├── Org1MSPmodified_config.json └── original_config.pb 0 directories, 12 files- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
7.6、提交更新通道配置交易
peer channel update -o 192.168.3.128:7050 -c channel1 -f /home/songzehao/fabric/config/channel-artifacts/Org1MSPanchors.tx --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem- 1
日志:
2023-11-01 11:36:09.564 CST [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized 2023-11-01 11:36:09.572 CST [channelCmd] update -> INFO 002 Successfully submitted channel update- 1
- 2
八、部署链码发送交易
8.1、编译打包链码
将
fabric-samples示例工程https://github.com/hyperledger/fabric-samples/tree/v2.2.0/拉下来:git clone -b v2.2.0 https://gitee.com/hyperledger/fabric-samples.git- 1
以其中一个
asset-transfer-basic链码举例,编译该java链码:rm -rf ~/fabric/fabric-samples/asset-transfer-basic/chaincode-java/build/install/ cd ~/fabric/fabric-samples/asset-transfer-basic/chaincode-java ./gradlew installDist- 1
- 2
- 3
- 4
日志:
Starting a Gradle Daemon (subsequent builds will be faster) > Task :test AssetTransferTest > invokeGetAllAssetsTransaction() PASSED AssetTransferTest > invokeInitLedgerTransaction() PASSED AssetTransferTest > invokeUnknownTransaction() PASSED AssetTransferTest > DeleteAssetTransaction > whenAssetDoesNotExist() PASSED AssetTransferTest > UpdateAssetTransaction > whenAssetExists() PASSED AssetTransferTest > UpdateAssetTransaction > whenAssetDoesNotExist() PASSED AssetTransferTest > TransferAssetTransaction > whenAssetExists() PASSED AssetTransferTest > TransferAssetTransaction > whenAssetDoesNotExist() PASSED AssetTransferTest > InvokeCreateAssetTransaction > whenAssetExists() PASSED AssetTransferTest > InvokeCreateAssetTransaction > whenAssetDoesNotExist() PASSED AssetTransferTest > InvokeReadAssetTransaction > whenAssetExists() PASSED AssetTransferTest > InvokeReadAssetTransaction > whenAssetDoesNotExist() PASSED AssetTest > toStringIdentifiesAsset() PASSED AssetTest > Equality > handlesOtherObjects() PASSED AssetTest > Equality > isReflexive() PASSED AssetTest > Equality > isTransitive() PASSED AssetTest > Equality > handlesInequality() PASSED AssetTest > Equality > isSymmetric() PASSED AssetTest > Equality > handlesNull() PASSED BUILD SUCCESSFUL in 16s 10 actionable tasks: 10 executed- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
并打包为basic.tar.gz:
peer lifecycle chaincode package ~/fabric/config/basic.tar.gz --path ~/fabric/fabric-samples/asset-transfer-basic/chaincode-java/build/install/basic --lang java --label basic_1.0- 1
得到:
$ file ~/fabric/config/basic.tar.gz /home/songzehao/fabric/config/basic.tar.gz: gzip compressed data, original size modulo 2^32 21309440- 1
- 2
8.2、部署链码
进行链码安装:
peer lifecycle chaincode install ~/fabric/config/basic.tar.gz- 1
日志:
2023-11-01 11:54:21.805 CST [cli.lifecycle.chaincode] submitInstallProposal -> INFO 001 Installed remotely: response:- 1
- 2
查看已安装的链码:
peer lifecycle chaincode queryinstalled- 1
日志:
Installed chaincodes on peer: Package ID: basic_1.0:67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773, Label: basic_1.0- 1
- 2
批准链码定义:
peer lifecycle chaincode approveformyorg -o 192.168.3.128:7050 --channelID channel1 --name basic --version 1.0 --package-id basic_1.0:67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773 --sequence 1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem- 1
日志:
2023-11-01 11:54:55.578 CST [chaincodeCmd] ClientWait -> INFO 001 txid [6f0b3c359bed36b71a216475145d0fd384b6d23594e625d202c5874caac1c541] committed with status (VALID) at- 1
检查批准状态:
peer lifecycle chaincode queryapproved -C channel1 -n basic- 1
日志:
Approved chaincode definition for chaincode 'basic' on channel 'channel1': sequence: 1, version: 1.0, init-required: false, package-id: basic_1.0:67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773, endorsement plugin: escc, validation plugin: vscc- 1
- 2
检查提交就绪状态:
peer lifecycle chaincode checkcommitreadiness --channelID channel1 --name basic --version 1.0 --sequence 1 --output json- 1
日志:
{ "approvals": { "Org1MSP": true } }- 1
- 2
- 3
- 4
- 5
提交到peer0:
peer lifecycle chaincode commit -o 192.168.3.128:7050 --channelID channel1 --name basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --version 1.0 --sequence 1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem- 1
日志:
2023-11-01 11:55:28.245 CST [chaincodeCmd] ClientWait -> INFO 001 txid [1d49f6e82ba2414c02f76618e3b73e44ad64ffd1c76debef4d41fcb9f6553b14] committed with status (VALID) at 192.168.3.128:7051- 1
检查提交状态:
peer lifecycle chaincode querycommitted --channelID channel1 --name basic --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem- 1
日志:
Committed chaincode definition for chaincode 'basic' on channel 'channel1': Version: 1.0, Sequence: 1, Endorsement Plugin: escc, Validation Plugin: vscc, Approvals: [Org1MSP: true]- 1
- 2
docker验证新的链代码是否已在您的对等点上提交启动:
$ docker ps --no-trunc CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 8d14f50cb83dd1956e48b6bdab88f03be34611d93512f7ff394282b6ce380837 dev-peer0.org1.example.com-basic_1.0-67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773-4ae135e5fa18d99cbd8dc7e8907079b31a3f779d0137e69204d3307d30236441 "/root/chaincode-java/start --peerAddress 192.168.3.128:7052" 22 seconds ago Up 21 seconds dev-peer0.org1.example.com-basic_1.0-67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773- 1
- 2
- 3
8.3、发送交易
发交易,初始化资产(调用链码的初始化方法InitLedger):
peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"InitLedger","Args":[]}'- 1
日志:
2023-11-01 11:56:26.590 CST [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200- 1
查询初始化后的资产(调用链码的GetAllAssets方法):
peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"GetAllAssets","Args":[]}'- 1
日志:
2023-11-01 11:56:37.940 CST [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200 payload:"[{\"appraisedValue\":300,\"assetID\":\"asset1\",\"color\":\"blue\",\"owner\":\"Tomoko\",\"size\":5},{\"appraisedValue\":400,\"assetID\":\"asset2\",\"color\":\"red\",\"owner\":\"Brad\",\"size\":5},{\"appraisedValue\":500,\"assetID\":\"asset3\",\"color\":\"green\",\"owner\":\"Jin Soo\",\"size\":10},{\"appraisedValue\":600,\"assetID\":\"asset4\",\"color\":\"yellow\",\"owner\":\"Max\",\"size\":10},{\"appraisedValue\":700,\"assetID\":\"asset5\",\"color\":\"black\",\"owner\":\"Adrian\",\"size\":15},{\"appraisedValue\":700,\"assetID\":\"asset6\",\"color\":\"white\",\"owner\":\"Michel\",\"size\":15}]"- 1
发交易,新增资产(调用链码的初始化方法CreateAsset):
peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"CreateAsset","Args":["asset7", "pink", "18", "Jay", "800"]}'- 1
日志:
2023-11-01 11:56:50.588 CST [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200 payload:"{\"owner\":\"Jay\",\"color\":\"pink\",\"size\":18,\"appraisedValue\":800,\"assetID\":\"asset7\"}"- 1
-
相关阅读:
【Redis实战】有MQ为啥不用?用Redis作消息队列!?Redis作消息队列使用方法及底层原理高级进阶
第一季:6成员变量和局部变量【Java面试题】
如何使用Semaphore和CompletableFuture搭配实现控制线程并发数量并等待所有线程执行完成之后在执行其它操作
Unity游戏开发基础之数据结构部分
YOLOv5全新Neck改进:BiSPAN 结构独一无二,为目标检测打造全新融合网络,增强定位信号,对于小目标检测的定位具有重要意义
docker去掉sudo权限方法
Serilog日志框架
【SpringMVC】重定向和转向详解
算力调度和云计算有何区别
k8s之Deployment
- 原文地址:https://blog.csdn.net/songzehao/article/details/134021907
