Hyperledger Fabric散记

1.各个环节使用msp的类型

configtx.yaml创建创始区块使用的是组织的msp
    例： example.com/msp
orderer启动 orderer.yaml使用的是orderer节点的msp
    例：example.com/orderers/orderer.example.com/msp/
peer启动 core.yaml使用的是peer节点的msp
    例： org1.example.com/peers/peer0.org1.example.com/msp
peer命令创建应用通道，打包链码，安装链码，审议链码，提交链码使用的是用户admin的msp
    例： org1.example.com/users/[email protected]/msp

注意CORE_PEER_MSPCONFIGPATH就是设置peer或admin的msp变量，在启动peer或已管理员身份执行peer命令时，务必注意不能用错。一般peer node start时，不要指定此变量，会重写core.yaml中的值

2.org1.example.com（组织）目录下以下四个文件内容相同

users/[email protected]/msp/signcerts/[email protected] 根本来源，以下四个全复制此出处users/[email protected]/msp/admincerts/[email protected]  [email protected]（admin，client）的管理员证书
msp/admincerts/[email protected]        Org1组织的管理员证书
peers/peer0.org1.example.com/msp/admincerts/[email protected]  peer0节点的管理员证书 

3.approveformyorg链码时报错Error: timed out waiting for txid on all peers

主要是peer和orderer通信不畅导致，作者犯错是因为configtx.yaml中Organizations.OrdererOrg.OrdererEndpoints地址写错了

4.常见错误首先找的几点

常见错误主要检查configtx.yaml

1.策略中设置
2.组织名大小写
3.组织名和组织ID用混

5.安装并提交后的链码容器无法启动

以下情况是，已经安装好运行完毕，但又重置了数据后报错。删除链码镜像依然不起作用，但重启服务器后，症状消失。

Error: could not assemble transaction: proposal response was not successful, error code 500, msg error in simulation: failed to execute transaction 6754c2559d6d803c1787d8a8c158b29c9d0aff5c0520c4d07689c0211155dcfc: could not launch chaincode sacc_1:b33357c4012471d8bd96ba48fd2a12ada5fedfbfd6d623590295778500a0368d: error starting container: error starting container: API error (403): endpoint with name dev1-peer0.org1.example.com-sacc_1-b33357c4012471d8bd96ba48fd2a12ada5fedfbfd6d623590295778500a0368d already exists in network host 

6.CORE_PEER_TLS_ROOTCERT_FILE

以下路径均可用，是TLS的根证书，且以下文件中内容完全相同

${PWD}/../organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/cacerts/0-0-0-0-7055.pem # Fabric CA server 签发的msp时生成的

${PWD}/../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt #组织的tls根证书

${PWD}/../organizations/peerOrganizations/org1.example.com/users/[email protected]/tls/ca.crt #cryptogen 工具生成的msp中包含的

7.如何查看链码中的log输出

1. docker ps 找到对应链码版本的容器ID
2. docker logs -f 容器ID

8.链码PackageID

同样链码，链码中任何变化（包括注释，或多一个空格）都会形成不同的PackageID，但在不同的peer上有不同的PackageID值并不影响链码审议和提交。

9.链码升级版本

在链码升级时，如果旧版本审议时有参数--init-required，则新版本的链码审议时--init-required也必须要有，否则审议通不过

10.启动多排序节点时orderer无法启动

报错

panic: field raftpb.Message.type has invalid type: got raftpb.MessageType, want pointer

更换go版本到1.14.6以上，并重新编译生成peer order等命令

11.query查询连码，应是查本地peer的数据，不会向orderer请求（猜测）

peer chaincode query -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc  -c '{"Args":["query","a"]}'
#此处-o orderer.example.com:7050没有任何意义，应直接写
peer chaincode query --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc  -c '{"Args":["query","a"]}'

12  报错Error: error getting endorser client for channel: endorser client failed to connect to peer0.org1.example.com:7051: failed to create new connection: context deadline exceeded

在于使用Fabric ca client时，没有加参数--csr.hosts peer0.org1.example.com

13 报错Got error while attempting to receive blocks: received bad status FORBIDDEN from orderer channel=channel1 orderer-address=orderer.example.com:7050

需要在加密素材的所有msp中加上config.yaml

NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/ca.org1.example.com-cert.pem
    OrganizationalUnitIdentifier: orderer

14 查看证书信息

openssl x509 -in cert.pem -noout -text

15 failed to create channel context: failed to get client context to create channel client: user not found

对于完全有Fabric CA生成的加密素材组成的MSP，在Go SDK时需要在配置文件中加上users，其中的Admin及User1就是SDK中需要的user

organizations:
  # Org1:
  Org1MSP:
    mspid: Org1MSP
 
    # This org's MSP store (absolute path or relative to client.cryptoconfig)
    # cryptoPath:  peerOrganizations/org1.example.com/users/[email protected]/msp
    cryptoPath:  ../organizations/peerOrganizations/org1.example.com/users/[email protected]/msp
 
    peers:
      - peer0.org1.example.com
    users:
      Admin:
        cert:
          path: ../organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/signcerts/cert.pem
      User1:
        cert:
          path: ../organizations/peerOrganizations/org1.example.com/users/user3/msp/signcerts/cert.pem


  OrdererOrg:
    # Membership Service Provider ID for this organization
    mspID: OrdererMSP

      # Needed to load users crypto keys and certs for this org (absolute path or relative to global crypto path, DEV mode)
      # cryptoPath: ordererOrganizations/example.com/users/{username}@example.com/msp
    cryptoPath: ../organizations/ordererOrganizations/example.com/users/admin1/msp/
    users:
      Admin:
        cert:
          path: ../organizations/ordererOrganizations/example.com/users/admin1/msp/signcerts/cert.pem
 

16.在升级链码的第一步，打包链码时label是否需要修改

最好修改，因为即便不修改也可以安装成功，但会出现无法区分的情况如下

dev3@ubuntu:~/work/example/peer$ peer lifecycle chaincode queryinstalled
Installed chaincodes on peer:
Package ID: test3:b9efba86a3cdffd5677d562e626de525ae71b740e5b84e3cd66b119860b2cc6e, Label: test3
Package ID: test3:91b5357c7086eab253be5fbf775c4dace42603d5d568f7401f934b7c28266e25, Label: test3