Hyperledger Fabric 2.2实战记录(二)
四、使用Fabric-SDK-Go调用链码
在Org1的peer上使用SDK
1.安装Fabric-SDK-GO
go get github.com/hyperledger/fabric-sdk-go2.复制Org2的tls证书
mkdir -p ~/work/example/organizations/peerOrganizations/org2.example.com/tlsca
cd ~/work/example/organizations/peerOrganizations/org2.example.com/
scp [email protected]:/home/dev1/work/example/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem tlsca/3.创建配置文件
cd ~/work/example/sdk
vim connection-profile.yaml#
# Schema version of the content. Used by the SDK to apply the corresponding parsing rules.
#
version: 1.0.0
#
# The client section used by GO SDK.
#
client:
# Which organization does this application instance belong to? The value must be the name of an org
# defined under "organizations"
organization: Org1MSP
logging:
level: info
# Global configuration for peer, event service and orderer timeouts
# if this this section is omitted, then default values will be used (same values as below)
# peer:
# timeout:
# connection: 10s
# response: 180s
# discovery:
# # Expiry period for discovery service greylist filter
# # The channel client will greylist peers that are found to be offline
# # to prevent re-selecting them in subsequent retries.
# # This interval will define how long a peer is greylisted
# greylistExpiry: 10s
# eventService:
# the below timeouts are commented out to use the default values that are found in
# "pkg/fab/endpointconfig.go"
# the client is free to override the default values by uncommenting and resetting
# the values as they see fit in their config file
# timeout:
# registrationResponse: 15s
# orderer:
# timeout:
# connection: 15s
# response: 15s
# global:
# timeout:
# query: 180s
# execute: 180s
# resmgmt: 180s
# cache:
# connectionIdle: 30s
# eventServiceIdle: 2m
# channelConfig: 30m
# channelMembership: 30s
# discovery: 10s
# selection: 10m
# Root of the MSP directories with keys and certs.
cryptoconfig:
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}
path: ../organizations
# Some SDKs support pluggable KV stores, the properties under "credentialStore"
# are implementation specific
credentialStore:
# [Optional]. Used by user store. Not needed if all credentials are embedded in configuration
# and enrollments are performed elswhere.
path: "./tmp/state-store"
# [Optional]. Specific to the CryptoSuite implementation used by GO SDK. Software-based implementations
# requiring a key store. PKCS#11 based implementations does not.
cryptoStore:
# Specific to the underlying KeyValueStore that backs the crypto key store.
path: ../organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/
# [Optional] BCCSP config for the client. Used by GO SDK.
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
# [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false
systemCertPool: true
# [Optional]. Client key and cert for TLS handshake with peers and orderers
client:
key:
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/[email protected]/tls/client.key
path: ../organizations/peerOrganizations/org1.example.com/users/[email protected]/tls/client.key
cert:
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/[email protected]/tls/client.crt
path: ../organizations/peerOrganizations/org1.example.com/users/[email protected]/tls/client.crt
#
# [Optional]. But most apps would have this section so that channel objects can be constructed
# based on the content below. If an app is creating channels, then it likely will not need this
# section.
#
channels:
# Default channel is used if channel configuration is missing or if defined channel configuration is missing info
# If channel doesn't define peers then peers from default channel will be used
# If channel doesn't define orderes then orderes from default channel will be used
# If channel doesn't define policies then policies from default channel will be used.
# Also, if channel defines policies and some policy info is missing than that missing info will be filled from default channel.
_default:
# Optional. list of peers from participating orgs
peers:
peer0.org1.example.com:
# [Optional]. will this peer be sent transaction proposals for endorsement? The peer must
# have the chaincode installed. The app can also use this property to decide which peers
# to send the chaincode install request. Default: true
endorsingPeer: true
# [Optional]. will this peer be sent query proposals? The peer must have the chaincode
# installed. The app can also use this property to decide which peers to send the
# chaincode install request. Default: true
chaincodeQuery: true
# [Optional]. will this peer be sent query proposals that do not require chaincodes, like
# queryBlock(), queryTransaction(), etc. Default: true
ledgerQuery: true
# [Optional]. will this peer be the target of the SDK's listener registration? All peers can
# produce events but the app typically only needs to connect to one to listen to events.
# Default: true
eventSource: true
# [Optional]. The application can use these options to perform channel operations like retrieving channel
# config etc.
policies:
#[Optional] options for retrieving channel configuration blocks
queryChannelConfig:
#[Optional] min number of success responses (from targets/peers)
minResponses: 1
#[Optional] channel config will be retrieved for these number of random targets
maxTargets: 1
#[Optional] retry options for query config block
retryOpts:
#[Optional] number of retry attempts
attempts: 5
#[Optional] the back off interval for the first retry attempt
initialBackoff: 500ms
#[Optional] the maximum back off interval for any retry attempt
maxBackoff: 5s
#[Optional] he factor by which the initial back off period is exponentially incremented
backoffFactor: 2.0
#[Optional] options for retrieving discovery info
discovery:
#[Optional] discovery info will be retrieved for these number of random targets
maxTargets: 2
#[Optional] retry options for retrieving discovery info
retryOpts:
#[Optional] number of retry attempts
attempts: 4
#[Optional] the back off interval for the first retry attempt
initialBackoff: 500ms
#[Optional] the maximum back off interval for any retry attempt
maxBackoff: 5s
#[Optional] he factor by which the initial back off period is exponentially incremented
backoffFactor: 2.0
#[Optional] options for the event service
eventService:
# [Optional] resolverStrategy specifies the peer resolver strategy to use when connecting to a peer
# Possible values: [PreferOrg (default), MinBlockHeight, Balanced]
#
# PreferOrg:
# Determines which peers are suitable based on block height lag threshold, although will prefer the peers in the
# current org (as long as their block height is above a configured threshold). If none of the peers from the current org
# are suitable then a peer from another org is chosen.
# MinBlockHeight:
# Chooses the best peer according to a block height lag threshold. The maximum block height of all peers is
# determined and the peers whose block heights are under the maximum height but above a provided "lag" threshold are load
# balanced. The other peers are not considered.
# Balanced:
# Chooses peers using the configured balancer.
resolverStrategy: PreferOrg
# [Optional] balancer is the balancer to use when choosing a peer to connect to
# Possible values: [Random (default), RoundRobin]
balancer: Random
# [Optional] blockHeightLagThreshold sets the block height lag threshold. This value is used for choosing a peer
# to connect to. If a peer is lagging behind the most up-to-date peer by more than the given number of
# blocks then it will be excluded from selection.
# Note that this parameter is applicable only when minBlockHeightResolverMode is set to ResolveByThreshold.
# Default: 5
blockHeightLagThreshold: 5
# [Optional] reconnectBlockHeightLagThreshold - the event client will disconnect from the peer if the peer's
# block height falls behind the specified number of blocks and will reconnect to a better performing peer.
# Note that this parameter is only applicable if peerMonitor is set to Enabled (default).
# Default: 10
# NOTES:
# - Setting this value too low may cause the event client to disconnect/reconnect too frequently, thereby
# affecting performance.
reconnectBlockHeightLagThreshold: 8
# [Optional] peerMonitorPeriod is the period in which the connected peer is monitored to see if
# the event client should disconnect from it and reconnect to another peer.
# Default: 0 (disabled) for Balanced resolverStrategy; 5s for PreferOrg and MinBlockHeight strategy
peerMonitorPeriod: 6s
#[Required if _default not defined; Optional if _default defined].
# name of the channel
# mychannel:
channel1:
# list of orderers designated by the application to use for transactions on this
# channel. This list can be a result of access control ("org1" can only access "ordererA"), or
# operational decisions to share loads from applications among the orderers. The values must
# be "names" of orgs defined under "organizations/peers"
# deprecated: not recommended, to override any orderer configuration items, entity matchers should be used.
# orderers:
# - orderer.example.com
#[Required if _default peers not defined; Optional if _default peers defined].
# list of peers from participating orgs
peers:
peer0.org1.example.com:
# [Optional]. will this peer be sent transaction proposals for endorsement? The peer must
# have the chaincode installed. The app can also use this property to decide which peers
# to send the chaincode install request. Default: true
endorsingPeer: true
# [Optional]. will this peer be sent query proposals? The peer must have the chaincode
# installed. The app can also use this property to decide which peers to send the
# chaincode install request. Default: true
chaincodeQuery: true
# [Optional]. will this peer be sent query proposals that do not require chaincodes, like
# queryBlock(), queryTransaction(), etc. Default: true
ledgerQuery: true
# [Optional]. will this peer be the target of the SDK's listener registration? All peers can
# produce events but the app typically only needs to connect to one to listen to events.
# Default: true
eventSource: true
#
# list of participating organizations in this network
#
organizations:
# Org1:
Org1MSP:
mspid: Org1MSP
# This org's MSP store (absolute path or relative to client.cryptoconfig)
# cryptoPath: peerOrganizations/org1.example.com/users/[email protected]/msp
cryptoPath: ../organizations/peerOrganizations/org1.example.com/users/[email protected]/msp
peers:
- peer0.org1.example.com
# [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based
# network. Typically certificates provisioning is done in a separate process outside of the
# runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for
# dynamic certificate management (enroll, revoke, re-enroll). The following section is only for
# Fabric-CA servers.
# certificateAuthorities:
# - ca.org1.example.com
# the profile will contain public information about organizations other than the one it belongs to.
# These are necessary information to make transaction lifecycles work, including MSP IDs and
# peers with a public URL to send transaction proposals. The file will not contain private
# information reserved for members of the organization, such as admin key and certificate,
# fabric-ca registrar enroll ID and secret, etc.
# Org2:
# mspid: Org2MSP
# # This org's MSP store (absolute path or relative to client.cryptoconfig)
# cryptoPath: peerOrganizations/org2.example.com/users/{username}@org2.example.com/msp
# peers:
# - peer0.org2.example.com
# certificateAuthorities:
# - ca.org2.example.com
# Orderer Org name
# ordererorg:
# OrdererOrg:
# # Membership Service Provider ID for this organization
# mspID: OrdererMSP
# # Needed to load users crypto keys and certs for this org (absolute path or relative to global crypto path, DEV mode)
# cryptoPath: ordererOrganizations/example.com/users/{username}@example.com/msp
# #
# List of orderers to send transaction and channel create/update requests to. For the time
# being only one orderer is needed. If more than one is defined, which one get used by the
# SDK is implementation specific. Consult each SDK's documentation for its handling of orderers.
#
orderers: #这部分内容没有起作用,原因未知
orderer.example.com:
# [Optional] Default: Infer from hostname
url: orderer.example.com:7050
# these are standard properties defined by the gRPC library
# they will be passed in as-is to gRPC client constructor
grpcOptions:
ssl-target-name-override: orderer.example.com
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem
path: ../organizations/orderer.example.com/tlscacerts/tlsca.example.com-cert.pem
#
# List of peers to send various requests to, including endorsement, query
# and event listener registration.
#
peers:
peer0.org1.example.com:
# this URL is used to send endorsement and query requests
# [Optional] Default: Infer from hostname
url: peer0.org1.example.com:7051
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
path: ../organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
# peer1.org1.example.com:
# # this URL is used to send endorsement and query requests
# url: peer1.org1.example.com:7151
# grpcOptions:
# ssl-target-name-override: peer1.org1.example.com
# # These parameters should be set in coordination with the keepalive policy on the server,
# # as incompatible settings can result in closing of connection.
# # When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
# keep-alive-time: 0s
# keep-alive-timeout: 20s
# keep-alive-permit: false
# fail-fast: false
# # allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
# allow-insecure: false
# tlsCACerts:
# # Certificate location absolute path
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
peer0.org2.example.com:
url: peer0.org2.example.com:7051
grpcOptions:
ssl-target-name-override: peer0.org2.example.com
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
path: ../organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
#
# Fabric-CA is a special kind of Certificate Authority provided by Hyperledger Fabric which allows
# certificate management to be done via REST APIs. Application may choose to use a standard
# Certificate Authority instead of Fabric-CA, in which case this section would not be specified.
#
# certificateAuthorities:
# ca.org1.example.com:
# # [Optional] Default: Infer from hostname
# url: https://ca.org1.example.com:7054
# tlsCACerts:
# # Comma-Separated list of paths
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem
# # Client key and cert for SSL handshake with Fabric CA
# client:
# key:
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/[email protected]/tls/client.key
# cert:
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/[email protected]/tls/client.crt
# # Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
# # needed to enroll and invoke new users.
# registrar:
# enrollId: admin
# enrollSecret: adminpw
# # [Optional] The optional name of the CA.
# caName: ca.org1.example.com
# ca.org2.example.com:
# url: https://ca.org2.example.com:8054
# tlsCACerts:
# # Comma-Separated list of paths
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem
# # Client key and cert for SSL handshake with Fabric CA
# client:
# key:
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/[email protected]/tls/client.key
# cert:
# path: ${FABRIC_SDK_GO_PROJECT_PATH}/${CRYPTOCONFIG_FIXTURES_PATH}/peerOrganizations/tls.example.com/users/[email protected]/tls/client.crt
# # Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
# # needed to enroll and invoke new users.
# registrar:
# enrollId: admin
# enrollSecret: adminpw
# # [Optional] The optional name of the CA.
# caName: ca.org2.example.com
# EntityMatchers enable substitution of network hostnames with static configurations
# so that properties can be mapped. Regex can be used for this purpose
# UrlSubstitutionExp can be empty which means the same network hostname will be used
# UrlSubstitutionExp can be given same as mapped peer url, so that mapped peer url can be used
# UrlSubstitutionExp can have golang regex matchers like ${1}.local.example.${2}:${3} for pattern
# like peer0.org1.example.com:1234 which converts peer0.org1.example.com to peer0.org1.local.example.com:1234
# sslTargetOverrideUrlSubstitutionExp follow in the same lines as
# SubstitutionExp for the fields gprcOptions.ssl-target-name-override respectively
# In any case mappedHost's config will be used, so mapped host cannot be empty, if entityMatchers are used
#entityMatchers:
entityMatchers:
peer:
- pattern: (\w+).org1.example.com:(\d+)
urlSubstitutionExp: ${1}.org1.example.com:${2}
sslTargetOverrideUrlSubstitutionExp: ${1}.org1.example.com
mappedHost: peer0.org1.example.com
- pattern: (\w+).org2.example.com:(\d+)
urlSubstitutionExp: ${1}.org2.example.com:${2}
sslTargetOverrideUrlSubstitutionExp: ${1}.org2.example.com
mappedHost: peer0.org2.example.com
orderer:
- pattern: (\w+) #理论上该写(\w+).example.(\w+),但总是访问127.0.0.1:7050,暂时未找到原因,先模糊匹配
urlSubstitutionExp: orderer.example.com:7050
sslTargetOverrideUrlSubstitutionExp: orderer.example.com
mappedHost: orderer.example.com
#
# - pattern: (\w+).example2.(\w+)
# urlSubstitutionExp: localhost:7050
# sslTargetOverrideUrlSubstitutionExp: localhost
# mappedHost: orderer.example.com
#
# - pattern: (\w+).example3.(\w+)
# urlSubstitutionExp:
# sslTargetOverrideUrlSubstitutionExp:
# mappedHost: orderer.example.com
#
# - pattern: (\w+).example4.(\w+):(\d+)
# urlSubstitutionExp: ${1}.example.${2}:${3}
# sslTargetOverrideUrlSubstitutionExp: ${1}.example.${2}
# mappedHost: orderer.example.com
#
# certificateAuthority:
# - pattern: (\w+).org1.example.(\w+)
# urlSubstitutionExp:
# mappedHost: ca.org1.example.com
#
# - pattern: (\w+).org2.example.(\w+)
# urlSubstitutionExp:
# mappedHost: ca.org2.example.com
4.编写sdk调用代码
vim main.gopackage main
import (
"fmt"
"os"
"github.com/hyperledger/fabric-sdk-go/pkg/core/config"
"github.com/hyperledger/fabric-sdk-go/pkg/fabsdk"
"github.com/hyperledger/fabric-sdk-go/pkg/common/logging"
"github.com/hyperledger/fabric-sdk-go/pkg/client/channel"
)
var (
cc = "sacc"
user = "Admin" //此处Admin,但实际中应使用User1
secret = ""
channelName = "channel1"
lvl = logging.INFO
orgName = "Org1MSP"
)
func main(){
c := config.FromFile("./connection-profile.yaml")
sdk, err := fabsdk.New(c)
if err != nil {
fmt.Printf("Failed to create new SDK: %s\n", err)
os.Exit(1)
}
defer sdk.Close()
clientChannelContext := sdk.ChannelContext(channelName, fabsdk.WithUser(user), fabsdk.WithOrg(orgName))
if err != nil {
fmt.Printf("Failed to create channel [%s] client: %#v", channelName, err)
os.Exit(1)
}
client, err := channel.New(clientChannelContext)
if err != nil {
fmt.Printf("Failed to create channel [%s]:", channelName, err)
}
queryCC(client, []byte("a"))
invokeCC(client, "ff55")
queryCC(client, []byte("a"))
}
func invokeCC(client *channel.Client, newValue string) {
invokeArgs := [][]byte{[]byte("a"), []byte(newValue)}
_, err := client.Execute(channel.Request{
ChaincodeID: cc,
Fcn: "set",
Args: invokeArgs,
})
if err != nil {
fmt.Printf("Failed to invoke: %+v\n", err)
}
}
func queryCC(client *channel.Client, name []byte) string {
var queryArgs = [][]byte{name}
response, err := client.Query(channel.Request{
ChaincodeID: cc,
Fcn: "query",
Args: queryArgs,
})
if err != nil {
fmt.Println("Failed to query: ", err)
}
ret := string(response.Payload)
fmt.Println("Chaincode status: ", response.ChaincodeStatus)
fmt.Println("Payload: ", ret)
return ret
}
go mod init
go mod tidy
go mod vendor
go run main.go五、使用Fabric-ca增删账号及peer
1.安装fabric-ca
mkdir -p $GOPATH/src/github.com/hyperledger
cd $GOPATH/src/github.com/hyperledger
git clone https://github.com/hyperledger/fabric-ca.git