本文不会在从0开始搭建这个那个网络,我们会在<
本次将orderer改为三个节点, 自己需要更多节点的可以自己根据时机情况进行增加,步骤和方法相同。
一、orderer节点用户注册(TLS)
在向TLS注册用户是,有以前注册单用户改成注册多用户(三个节点、orderer1-org0,orderer2-org0,orderer3-org0)
https://0.0.0.0:7052为TLS CA 地址,
fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererPW --id.type orderer
-u https://0.0.0.0:7052 --tls.certfiles /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
fabric-ca-client register -d --id.name orderer2-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052 --tls.certfiles /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
fabric-ca-client register -d --id.name orderer3-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052 --tls.certfiles /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pem二、org0注册用户
同样需要注册三个节点用户
export FABRIC_CA_CLIENT_TLS_CERTFILES=/data/hyperledger/org0/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/data/hyperledger/org0/ca/admin
fabric-ca-client enroll -d -u https://org0-admin:[email protected]:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#注册order1用户
fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererpw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#注册order2用户
fabric-ca-client register -d --id.name orderer2-org0 --id.secret ordererpw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#注册order3用户
fabric-ca-client register -d --id.name orderer3-org0 --id.secret ordererpw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
fabric-ca-client register -d --id.name admin-org0 --id.secret org0adminpw --id.type admin --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" -u https://0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem三、生成oerders MSP证书
mkdir -p /tmp/hyperledger/org0/orderers/assets/ca/
cp /tmp/hyperledger/org0/ca/crypto/ca-cert.pem /tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderers/orderer1-org0
#orderer1 msp证书
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -u https://orderer1-org0:[email protected]:7053 -M /tmp/hyperledger/org0/orderers/orderer1-org0/msp --csr.hosts orderer1-org0 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#orderer2 msp证书
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderers/orderer2-org0
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -u https://orderer2-org0:[email protected]:7053 -M /tmp/hyperledger/org0/orderers/orderer2-org0/msp --csr.hosts orderer2-org0 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#orderer3 msp证书
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderers/orderer3-org0
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -u https://orderer3-org0:[email protected]:7053 -M /tmp/hyperledger/org0/orderers/orderer3-org0/msp --csr.hosts orderer3-org0 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#admin msp证书
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://admin-org0:[email protected]:7053 --tls.certfiles /tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem四、生成oerders tls-ca证书
mkdir /tmp/hyperledger/org0/orderers/assets/tls-ca/
cp /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pem /tmp/hyperledger/org0/orderers/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -u https://orderer1-org0:[email protected]:7052 -M /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp --enrollment.profile tls --csr.hosts orderer1-org0 --tls.certfiles /data/hyperledger/org0/orderers/tls-ca-cert.pem
fabric-ca-client enroll -u https://orderer2-org0:[email protected]:7052 -M /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp --enrollment.profile tls --csr.hosts orderer2-org0 --tls.certfiles /data/hyperledger/org0/orderers/tls-ca-cert.pem
fabric-ca-client enroll -u https://orderer3-org0:[email protected]:7052 -M /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp --enrollment.profile tls --csr.hosts orderer3-org0 --tls.certfiles /data/hyperledger/org0/orderers/tls-ca-cert.pem
#修改keystore名称
mv /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/keystore/*_sk /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/keystore/key.pem
mv /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/keystore/*_sk /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/keystore/key.pem
mv /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/keystore/*_sk /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/keystore/key.pem
#生成admincerts目录
mkdir /tmp/hyperledger/org0/orderers/orderer1-org0/msp/admincerts
cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /data/hyperledger/org0/orderers/orderer1-org0/msp/admincerts/orderer-admin-cert.pem
mkdir /tmp/hyperledger/org0/orderers/orderer2-org0/msp/admincerts
cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /data/hyperledger/org0/orderers/orderer2-org0/msp/admincerts/orderer-admin-cert.pem
mkdir /tmp/hyperledger/org0/orderers/orderer3-org0/msp/admincerts
cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /data/hyperledger/org0/orderers/orderer3-org0/msp/admincerts/orderer-admin-cert.pem⚠️: 同理在每个orderer节点msp下面添加config.yaml文件
五、修改configtx.yaml共识策略
configtx.yaml 文件内容比较长,我在这就不贴全部,只贴出需要修改的地方, 完整文件请参照上一篇文章,
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer1-org0
Port: 7050
ClientTLSCert: /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/signcerts/cert..
pem
ServerTLSCert: /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/signcerts/cert..
pem
- Host: orderer2-org0
Port: 7050
ClientTLSCert: /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/signcerts/cert..
pem
ServerTLSCert: /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/signcerts/cert..
pem
- Host: orderer3-org0
Port: 7050
ClientTLSCert: /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/signcerts/cert..
pem
ServerTLSCert: /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/signcerts/cert..
pem
Addresses:
- orderer1-org0:7050
- orderer2-org0:7050
- orderer3-org0:7050
只需要修改orderer共识策略这块就可以了,其它按照原流程不需要变。
六、启动所有orderer节点
6.1 orderer1启动
version: '2'
networks:
fabric-ca:
services:
orderer1-org0:
container_name: orderer1-org0
image: hyperledger/fabric-orderer:2.1.0
environment:
- ORDERER_HOME=/tmp/hyperledger/orderer
- ORDERER_HOST=orderer1-org0
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/genesis.block
- ORDERER_GENERAL_LOCALMSPID=org0MSP
- ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/org0/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem
- ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs
volumes:
- /tmp/hyperledger/org0/fabric-ca-client/orderers/orderer1-org0:/tmp/hyperledger/org0/orderer/
- /tmp/hyperledger/block:/tmp/hyperledger/
networks:
- fabric-ca6.2 orderer3启动
version: '2'
networks:
fabric-ca:
services:
orderer2-org0:
container_name: orderer2-org0
image: hyperledger/fabric-orderer:2.1.0
environment:
- ORDERER_HOME=/tmp/hyperledger/orderer
- ORDERER_HOST=orderer2-org0
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/genesis.block
- ORDERER_GENERAL_LOCALMSPID=org0MSP
- ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/org0/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem
- ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs
volumes:
- /tmp/hyperledger/org0/fabric-ca-client/orderers/orderer2-org0:/tmp/hyperledger/org0/orderer/
- /tmp/hyperledger/block:/tmp/hyperledger/
networks:
- fabric-ca6.3 orderer3启动
version: '2'
networks:
fabric-ca:
services:
orderer3-org0:
container_name: orderer3-org0
image: hyperledger/fabric-orderer:2.0.0
environment:
- ORDERER_HOME=/tmp/hyperledger/orderer
- ORDERER_HOST=orderer2-org0
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/genesis.block
- ORDERER_GENERAL_LOCALMSPID=org0MSP
- ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/org0/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem
- ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs
volumes:
- /tmp/hyperledger/org0/fabric-ca-client/orderers/orderer3-org0:/tmp/hyperledger/org0/orderer/
- /tmp/hyperledger/block:/tmp/hyperledger/
networks:
- fabric-ca到这多节点改动已经完成, 上述在<
结合这两篇文章,Hyperledger Fabric 2.0 手动生成CA证书搭建Fabric网络-Raft协议-多orderer节点部署用该不会有任何问题, 可以直接用于生产环境。
如有错误,请指教。谢谢!