Fabric release-1.1 部署安装记录

一、操作系统

OS: CentOS Linux release 7.5.1804 (Core)

二、部署节点

192.168.1.188 orderer.nx.com
192.168.1.188 tlsca.org1.nx.com
192.168.1.211 peer0.org1.nx.com
192.168.1.232 peer0.org2.nx.com

三、安装软件

1.安装Go

yum install -y go

2.安装依赖包

yum install -y snappy-devel
yum install -y zlib-devel
yum install -y bzip2-devel
yum install -y libtool-ltdl-devel
yum install -y libtool

3.安装docker

yum install -y docker
service docker start

四、设置环境变量

vim /root/.bash_profile
export GOROOT=/usr/lib/golang
export GOPATH=/home/qiudi/go
export PATH=$PATH:$HOME/bin:$GOPATH/bin

五、下载fabric源码并安装组件

mkdir /home/qiudi/go/src/github.com/hyperledger -p
cd  /home/qiudi/go/src/github.com/hyperledger
git clone https://github.com/hyperledger/fabric.git
cd fabric ；git checkout release-1.1; 

1. 编译安装fabric-peer组件
cd  /home/qiudi/go/src/github.com/hyperledger/fabric
make peer
cp /home/qiudi/go/src/github.com/hyperledger/fabric/build/bin/peer /home/qiudi/go/bin/

出现以下错误：
cp build/docker/gotools/bin/protoc-gen-go build/bin/chaintool build/goshim.tar.bz2 build/image/ccenv/payload
cp: 无法获取"build/docker/gotools/bin/protoc-gen-go" 的文件状态(stat): 没有那个文件或目录
make: *** [build/image/ccenv/payload] 错误 1

解决方法：
go get -u github.com/golang/protobuf/protoc-gen-go
cp /home/qiudi/go/bin/protoc-gen-go build/docker/gotools/bin/
make peer

2. 编译安装fabric-orderer组件
cd  /home/qiudi/go/src/github.com/hyperledger/fabric
make orderer
cp /home/qiudi/go/src/github.com/hyperledger/fabric/build/bin/orderer /home/qiudi/go/bin/

六、下载fabric-ca源码并安装组件

cd  /home/qiudi/go/src/github.com/hyperledger
git clone https://github.com/hyperledger/fabric-ca.git
cd fabric-ca ；git checkout release-1.1
make fabric-ca-server
make fabric-ca-client

七、编译安装辅助工具

PROJECT_VERSION=1.1.1
BASEIMAGE_RELEASE=0.4.6

编译安装cryptogen
CGO_CFLAGS=" " \
go install -tags "" -ldflags \
"-X github.com/hyperledger/fabric/common/tools/cryptogen/metadata.Version=${PROJECT_VERSION}"  \
github.com/hyperledger/fabric/common/tools/cryptogen

编译安装configtxgen
CGO_CFLAGS=" " \
go install -tags "nopkcs11" -ldflags \
"-X github.com/hyperledger/fabric/common/configtx/tool/configtxgen/metadata.Version=${PROJECT_VERSION}"  \
github.com/hyperledger/fabric/common/tools/configtxgen

编译安装configtxlator
CGO_CFLAGS=" " \
go install -tags "" -ldflags \
"-X github.com/hyperledger/fabric/common/configtx/tool/configtxlator/metadata.Version=${PROJECT_VERSION}"  \
github.com/hyperledger/fabric/common/tools/configtxlator

八、安装Go语言相关工具

go get github.com/golang/protobuf/protoc-gen-go
go get github.com/kardianos/govendor
go get github.com/golang/lint/golint
go get github.com/golang/tools/cmd/goimports
go get github.com/onsi/ginkgo/ginkgo
go get github.com/axw/gocov/...
go get github.com/client9/misspell/cmd/misspell
go get github.com/AlekSi/gocoverutil

九、配置/etc/hosts

192.168.2.188 orderer.nx.com
192.168.2.188 ca.nx.com
192.168.2.188 tlsca.org1.nx.com
192.168.2.211 peer0.org1.nx.com
192.168.2.232 peer0.org2.nx.com

十、准备配置文件并启动各节点

mkdir /etc/hyperledger/fabric -p
mkdir /etc/hyperledger/fabric-ca -p
cd /home/qiudi/go/src/github.com/hyperledger/fabric/sampleconfig
cp /home/qiudi/go/src/github.com/hyperledger/fabric/sampleconfig/configtx.yaml /etc/hyperledger/fabric/
cp /home/qiudi/go/src/github.com/hyperledger/fabric/sampleconfig/core.yaml /etc/hyperledger/fabric/
cp /home/qiudi/go/src/github.com/hyperledger/fabric/sampleconfig/orderer.yaml /etc/hyperledger/fabric/
cp /home/qiudi/go/src/github.com/hyperledger/fabric-ca/bin/fabric-ca-server-config.yaml  /etc/hyperledger/fabric-ca/

 

1. 生成组织关系和身份认证
cd  /etc/hyperledger/fabric/
编辑crypto-config.yaml配置文件内容如下：

OrdererOrgs:
  - Name: Orderer
    Domain: nx.com
    Specs:
      - Hostname: orderer
PeerOrgs:
  - Name: Org1
    Domain: org1.nx.com
    Template:
      Count: 1
    Users:
      Count: 1
  - Name: Org2
    Domain: org2.nx.com
    Template:
      Count: 1
    Users:
      Count: 1

生成指定拓扑结果的组织和身份文件，存放到crypto-config目录下
cryptogen generate --config=./crypto-config.yaml --output ./crypto-config

2.生成Ordering服务启动初始区块

cd  /etc/hyperledger/fabric/
cp /home/qiudi/go/src/github.com/hyperledger/fabric/examples/e2e_cli/configtx.yaml   /etc/hyperledger/fabric/
对配置文件configtx.yaml 进行修改,内容如下：

Profiles:
    TwoOrgsOrdererGenesis:
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
                    - *Org2
    TwoOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
Organizations:
    - &OrdererOrg
        Name: OrdererOrg
        ID: OrdererMSP
        MSPDir: crypto-config/ordererOrganizations/nx.com/msp
        AdminPrincipal: Role.MEMBER
    - &Org1
        Name: Org1MSP
        ID: Org1MSP
        MSPDir: crypto-config/peerOrganizations/org1.nx.com/msp
        AdminPrincipal: Role.MEMBER
        AnchorPeers:
            - Host: peer0.org1.nx.com
              Port: 7051
    - &Org2
        Name: Org2MSP
        ID: Org2MSP
        MSPDir: crypto-config/peerOrganizations/org2.nx.com/msp
        AdminPrincipal: Role.MEMBER
        AnchorPeers:
            - Host: peer0.org2.nx.com
              Port: 7051

Orderer: &OrdererDefaults
    OrdererType: solo
    Addresses:
        - orderer.nx.com:7050
    BatchTimeout: 2s
    BatchSize:
        MaxMessageCount: 10
        AbsoluteMaxBytes: 98 MB
        PreferredMaxBytes: 512 KB
    Kafka:
        Brokers:
            - 127.0.0.1:9092
    Organizations:

Application: &ApplicationDefaults
    Organizations:

生成Ordering服务启动初始区块
configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./orderer.genesis.block

3. 启动orderer节点

cd /etc/hyperledger/fabric
cp -R crypto-config/ordererOrganizations/nx.com/orderers/orderer.nx.com/* ./
修改配置文件orderer.yaml的以下部分：

    LedgerType: file
    ListenAddress: 192.168.2.188
    ListenPort: 7050
    TLS:
        Enabled: true

启动orderer节点：
orderer start

遇到的错误：

2018-07-06 16:26:43.505 CST [orderer/common/server] initializeMultichannelRegistrar -> INFO 002 Not bootstrapping because of existing chains
2018-07-06 16:26:43.605 CST [orderer/commmon/multichannel] newLedgerResources -> CRIT 003 Error creating channelconfig bundle: initializing channelconfig failed: could not create channel Orderer sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.nx.com")
panic: Error creating channelconfig bundle: initializing channelconfig failed: could not create channel Orderer sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.nx.com")

解决方法：
日志断定创始块中的证书不对，可以将数据清除下，创始块只会被orderer加载一次，更新了创始块，需要将orderer中以前的数据全部删除。
该数据目录在配置文件orderer.yaml中可以找到
FileLedger:
    Location: /var/hyperledger/production/orderer

清空数据：rm -rf /var/hyperledger/production/orderer
Peer节点一起清空：rm -rf /var/hyperledger/production

重新启动：
orderer start > /home/qiudi/logs/orderer.log 2>&1 &

4.启动peer节点

启动org1的peer0节点
cd /etc/hyperledger/fabric
cp -R crypto-config/peerOrganizations/org1.nx.com/peers/peer0.org1.nx.com/* ./
修改配置文件core.yaml的以下配置项：

localMspId: Org1MSP  
    tls:
        enabled:  ture
    mspConfigPath: /etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.nx.com/users/[email protected]/msp
Peer:
    address: peer0.org1.nx.com:7051

启动org2的peer0节点
cd /etc/hyperledger/fabric
cp -R crypto-config/peerOrganizations/org2.nx.com/peers/peer0.org2.nx.com/* ./
修改配置文件core.yaml的以下配置项：

localMspId: Org2MSP  
    tls:
        enabled:  ture
    mspConfigPath: /etc/hyperledger/fabric/crypto-config/peerOrganizations/org2.nx.com/users/[email protected]/msp
Peer:
    address: peer0.org2.nx.com:7051

备注：core.yaml配置文件里的localMspId: 这个配置项的值必须与configtx.yaml这个配置文件里的组织节点ID保持一致。

启动peer节点
peer  node start

十一、创建通道

CHANNEL_NAME=mychannel5

在orderer节点生成新建应用通道的配置交易：
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ${CHANNEL_NAME}.tx -channelID ${CHANNEL_NAME}

在orderer节点生成生成锚节点配置更新文件：
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./Org1MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org1MSP
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./Org2MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org2MSP

将以上生成的*.tx文件复制到所有peer节点的/etc/hyperledger/fabric目录下

在任意一个peer节点创建通道：
peer channel create -o orderer.nx.com:7050 -c ${CHANNEL_NAME} -f ./${CHANNEL_NAME}.tx --tls true --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/nx.com/orderers/orderer.nx.com/msp/tlscacerts/tlsca.nx.com-cert.pem
如果创建不成功，可以查看orderer的日志，那里会有详细的错误信息。

十二、加入通道

将各个peer节点分别加入通道
CHANNEL_NAME=mychannel5
peer channel join -b ${CHANNEL_NAME}.block

十三、更新锚节点配置

peer channel update -o orderer.nx.com:7050 -c ${CHANNEL_NAME} -f ./Org2MSPanchors.tx --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/nx.com/orderers/orderer.nx.com/msp/tlscacerts/tlsca.nx.com-cert.pem

十四、测试链码

在任意peer节点上操作
CHANNEL_NAME=mychannel5

安装链码：
cd /etc/hyperledger/fabric
peer chaincode install -n test_cc1 -v 1.1.0 -p github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02

链码容器实例化：
peer chaincode instantiate -o orderer.nx.com:7050 -C ${CHANNEL_NAME} -n test_cc1 -v 1.1.0 -c '{"Args":["init","a","100","b","200"]}' -P "OR ('Org1MSP.member','Org2MSP.member')" --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/nx.com/orderers/orderer.nx.com/msp/tlscacerts/tlsca.nx.com-cert.pem

向网络中发起交易：
peer chaincode invoke -o orderer.nx.com:7050 -C $CHANNEL_NAME -n test_cc1 -c '{"Args":["invoke","b","a","10"]}' --tls --cafile /etc/hyperledger/fabric/crypto-config/ordererOrganizations/nx.com/orderers/orderer.nx.com/msp/tlscacerts/tlsca.nx.com-cert.pem

查询调用链码后的结果：
peer chaincode query -n test_cc1 -C $CHANNEL_NAME -c '{"Args":["query","a"]}'

十五、Fabric-ca

1.使用ca来代替工具cryptogen生成的证书
对CA服务端进行初始化
mkdir /etc/hyperledger/fabric-ca & cd /etc/hyperledger/fabric-ca
fabric-ca-server init -b "admin:adminpw"

将现有网络的msp根证书复制过来：
mkdir /etc/hyperledger/fabric-ca/ca
cp -R /etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.nx.com/ca /etc/hyperledger/fabric-ca/ca
cp -R /etc/hyperledger/fabric/crypto-config/peerOrganizations/org1.nx.com/tlsca ./tls

删除不需要的文件：
rm -rf ca-cert.pem msp/

修改配置文件：/etc/hyperledger/fabric-ca/fabric-ca-server-config.yaml

tls:
  enabled: true
  certfile: tls/tlsca.org1.nx.com-cert.pem
  keyfile: tls/ea7f8452fe421d5b9b97346b3a591755a144955c739f9f46aa8606b75c943874_sk
  clientauth:
    type: noclientcert
    certfiles:
ca:
  name: ca-admin
  keyfile: ca/a65b18e458b33be14e114a822069c64c27da9b96f1a3094c79099795d1792908_sk
  certfile: ca/ca.org1.nx.com-cert.pem
  chainfile:

启动fabric-ca-server
fabric-ca-server start -b admin:adminpw -c /etc/hyperledger/fabric-ca/fabric-ca-server-config.yaml  > /home/qiudi/logs/fabric-ca-server.log 2>&1 &

修改配置文件：/root/.fabric-ca-client/fabric-ca-client-config.yaml

tls:
  certfiles: /etc/hyperledger/fabric-ca/tls/tlsca.org1.nx.com-cert.pem
  client:
    certfile: /etc/hyperledger/fabric-ca/tls/tlsca.org1.nx.com-cert.pem
    keyfile: /etc/hyperledger/fabric-ca/tls/ea7f8452fe421d5b9b97346b3a591755a144955c739f9f46aa8606b75c943874_sk

1. 登记admin用户
fabric-ca-client  enroll -u https://admin:[email protected]:7054 -M msp_admin
登记admin用户后，获取其证书，只有获取到证书后，才有权限进行接下来的注册新用户、节点等的操作。

2.注册、登记新用户
fabric-ca-client  register --id.name wxl --id.secret wxlpw --id.type user --id.affiliation org1.department1 --id.attrs '"hf.Registrar.Roles=peer,user"' --id.attrs 'hf.Revoker=true,user_feature=value'
fabric-ca-client  enroll -u https://wxl:[email protected]:7054 -M msp_wxl

3.注册peer节点
在fabric-ca机器上执行以下命令
fabric-ca-client register --id.name peer0.org1.nx.com --id.secret peer0.org1.nx.compw --id.type peer --id.affiliation org1.department1 

4.登记peer节点
在peer机器上执行以下命令
fabric-ca-client enroll -u https://peer0.org1.nx.com:[email protected]:7054 -M msp_peer0.org1.nx.com
fabric-ca-client enroll -d --enrollment.profile tls   -u https://peer0.org1.nx.com:[email protected]:7054 -M tls_peer0.org1.nx.com

替换peer的认证文件
cd /etc/hyperledger/fabric
cp /root/.fabric-ca-client/tls_peer0.org1.nx.com/tlscacerts/tls-ca-nx-com-7054.pem  tls/ca.crt
cp /root/.fabric-ca-client/tls_peer0.org1.nx.com/signcerts/cert.pem  tls/server.crt
cp tls/ca.crt  msp/tlscacerts/tlsca.org1.nx.com-cert.pem
cp -R /root/.fabric-ca-client/msp_peer0.org1.nx.com/signcerts msp/
cp -R /root/.fabric-ca-client/msp_peer0.org1.nx.com/cacerts  msp/
cp -R /root/.fabric-ca-client/msp_peer0.org1.nx.com/keystore msp/
mkdir msp/admincerts
cp /root/.fabric-ca-client/msp_admin/signcerts/cert.pem  msp/admincerts/

修改peer的配置core.yaml
mspConfigPath: /etc/hyperledger/fabric/msp

重启peer
peer node start

十六、SDK证书更新

cd fabric-sdk-py/test/fixtures/e2e_cli/crypto-config
scp -r orderer.nx.com:/etc/hyperledger/fabric/crypto-config/* ./

更新目录fabric-sdk-py/test/fixtures/e2e_cli/channel-artifacts的以下文件
mychannel5.block  mychannel5.tx  orderer.genesis.block  Org1MSPanchors.tx  Org2MSPanchors.tx

scp -r orderer.nx.com:/etc/hyperledger/fabric/*** ./

 

更新目录fabric-sdk-py/test/fixtures/e2e_cli下的以下配置文件：
cd fabric-sdk-py/test/fixtures/e2e_cli/
scp -r orderer.nx.com:/etc/hyperledger/fabric/crypto-config.yaml ./
scp -r orderer.nx.com:/etc/hyperledger/fabric/configtx.yaml ./

将configtxgen命令拷贝到/usr/local/bin/目录下
cp /home/qiudi/go/bin/configtxgen /usr/local/bin/