手动部署hyperledger fabric单机多节点网络

0 导言

       之前的文章《在Ubuntu 18.04上搭建HyperLedger Fabric 1.2.0 环境》,我们通过官方给定的脚本bootstrap.sh,可以快速安装好fabric的运行环境,又通过官方给定的first-network示例,运行byfn.sh脚本可以快速的构建和启动节点网络,并测试了智能合约(链码)。可以说官方写的这两个脚本实在是太完美了,太自动化了。但为了理解清楚里面的逻辑顺序,我们还是决定来手动部署一次。

1 本示例的组织和节点架构

       本示例采用单机多组织,每个组织又包含若干个节点,每个组织有若干个用户。如图:


image.png

2 准备好bin目录和可执行文件

2.1 创建solo-single-demo目录

$ mkdir solo-single-demo

2.2 复制bin目录

      进入solo-single-demo目录,并将编译好的二进制可执行文件所在的bin目录整个复制到当前目录下。如果不知道怎么编译,请参考《如何编译fabric和fabric-ca源码生成二进制可执行文件》

$ cd solo-single-demo
$ cp -r $GOPATH/src/github.com/hyperledger/fabric/release/linux-amd64/bin ./

3 准备crypto-config.yaml配置文件

      该配置文件用来生成证书文件

$ ./bin/cryptogen showtemplate > crypto-config.yaml

      用文本编辑器或vi打开,去掉#注释,并修改成如下

OrdererOrgs:
  - Name: Orderer
    Domain: example.com
    Specs:
      - Hostname: orderer

PeerOrgs:
  - Name: Org1
    Domain: org1.example.com
    EnableNodeOUs: false
    Template:
      Count: 2
    Users:
      Count: 3
  - Name: Org2
    Domain: org2.example.com
    EnableNodeOUs: false
    Template:
      Count: 2
    Users:
      Count: 2

4 生成证书文件

$ ./bin/cryptogen generate --config=./crypto-config.yaml
org1.example.com
org2.example.com

      上面命令会生成crypto-config文件夹,可以通过tree查看目录的层次结构

$ tree -L 3
.
├── bin
│   ├── configtxgen
│   ├── configtxlator
│   ├── cryptogen
│   ├── discover
│   ├── get-docker-images.sh
│   ├── idemixgen
│   ├── orderer
│   └── peer
├── crypto-config
│   ├── ordererOrganizations
│   │   └── example.com
│   └── peerOrganizations
│       ├── org1.example.com
│       └── org2.example.com
└── crypto-config.yaml

5 准备configtx.yaml

      复制configtx.yaml到当前文件夹

$ cp -r $GOPATH/src/github.com/hyperledger/fabric/sampleconfig/configtx.yaml ./

      复制后修改configtx.yaml(注:一定要亲自去修改一遍,这样你才能对这个配置文件更加了解)

Organizations:

    - &OrdererOrg

        Name: OrdererOrg
        ID: OrdererMSP
        MSPDir: crypto-config/ordererOrganizations/example.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('OrdererMSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('OrdererMSP.admin')"

    - &Org1
        Name: Org1MSP        
        ID: Org1MSP
        MSPDir: crypto-config/peerOrganizations/org1.example.com/msp

       
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('Org1MSP.admin')"

        AnchorPeers:
            
            - Host: peer0.org1.example.com
              Port: 7051

    - &Org2
        
        Name: Org2MSP   
        ID: Org2MSP
        MSPDir: crypto-config/peerOrganizations/org2.example.com/msp

        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
            Writers:
                Type: Signature
                Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
            Admins:
                Type: Signature
                Rule: "OR('Org2MSP.admin')"

        AnchorPeers:
            
            - Host: peer0.org2.example.com
              Port: 7051


Capabilities:

    Global: &ChannelCapabilities
        V1_1: true

    Orderer: &OrdererCapabilities
        V1_1: true

    Application: &ApplicationCapabilities
        V1_2: true


Application: &ApplicationDefaults

    Organizations:
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    Capabilities:
        <<: *ApplicationCapabilities

Orderer: &OrdererDefaults
    OrdererType: solo

    Addresses:
        - orderer.example.com:7050

    BatchTimeout: 2s
    BatchSize:
        MaxMessageCount: 10
        AbsoluteMaxBytes: 98 MB
        PreferredMaxBytes: 512 KB

    Kafka:
        Brokers:
            - kafka0:9092
            - kafka1:9092
            - kafka2:9092
            - kafka3:9092

    Organizations:

    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"

    Capabilities:
        <<: *OrdererCapabilities


Channel: &ChannelDefaults
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    Capabilities:
        <<: *ChannelCapabilities


Profiles:

    TwoOrgsOrdererGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
                    - *Org2
    TwoOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2

6 生成创世区块

$ mkdir channel-artifacts
$ ./bin/configtxgen -profile TwoOrgsOrdererGenesis -channelID mychannel -outputBlock ./channel-artifacts/genesis.block
$ ls channel-artifacts/
genesis.block

7 生成通道文件channel.txt

      通道名称叫mychannel

$ ./bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID mychannel
$ ls channel-artifacts/
channel.tx  genesis.block

8 生成锚点文件

      生成组织1的锚点文件

./bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID mychannel -asOrg Org1MSP
ls channel-artifacts/
channel.tx  genesis.block  Org1MSPanchors.tx

      生成组织2的锚点文件

$ ./bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID mychannel -asOrg Org2MSP
$ ls channel-artifacts/
channel.tx  genesis.block  Org1MSPanchors.tx  Org2MSPanchors.tx

9 准备docker容器用到的配置文件

      创建docker-compose-cli.yaml文件(文件名不必一定要叫docker-compose-cli.yaml)

$ touch docker-compose-cli.yaml

      用记事本或vi编辑docker-compose-cli.yaml,填入如下内容

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ssn - solo-single-net SOLO单机网络
#

version: '2'

volumes:
  orderer.example.com:
  peer0.org1.example.com:
  peer1.org1.example.com:
  peer0.org2.example.com:
  peer1.org2.example.com:

networks:
  ssn:

services:

  orderer.example.com:
    container_name: orderer.example.com
    image: hyperledger/fabric-orderer:$IMAGE_TAG
    environment:
      - ORDERER_GENERAL_LOGLEVEL=INFO
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
    - ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
    - ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
    - ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
    - orderer.example.com:/var/hyperledger/production/orderer
    ports:
      - 7050:7050
    networks:
      - ssn

  peer0.org1.example.com:
    container_name: peer0.org1.example.com
   image: hyperledger/fabric-peer:$IMAGE_TAG
    environment:
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      # the following setting starts chaincode containers on the same
      # bridge network as the peers
      # https://docs.docker.com/compose/networking/
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
      - CORE_LOGGING_LEVEL=INFO
      #- CORE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_GOSSIP_USELEADERELECTION=true
      - CORE_PEER_GOSSIP_ORGLEADER=false
      - CORE_PEER_PROFILE_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      - CORE_PEER_ID=peer0.org1.example.com
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.example.com:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start
    volumes:
        - /var/run/:/host/var/run/
        - ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
        - ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
        - peer0.org1.example.com:/var/hyperledger/production
    ports:
      - 7051:7051
      - 7053:7053
    networks:
      - ssn

  peer1.org1.example.com:
    container_name: peer1.org1.example.com
   image: hyperledger/fabric-peer:$IMAGE_TAG
    environment:
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      # the following setting starts chaincode containers on the same
      # bridge network as the peers
      # https://docs.docker.com/compose/networking/
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
      - CORE_LOGGING_LEVEL=INFO
      #- CORE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_GOSSIP_USELEADERELECTION=true
      - CORE_PEER_GOSSIP_ORGLEADER=false
      - CORE_PEER_PROFILE_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      - CORE_PEER_ID=peer1.org1.example.com
      - CORE_PEER_ADDRESS=peer1.org1.example.com:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:7051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start
    volumes:
        - /var/run/:/host/var/run/
        - ./crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp
        - ./crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls
        - peer1.org1.example.com:/var/hyperledger/production

    ports:
      - 8051:7051
      - 8053:7053
    networks:
      - ssn

  peer0.org2.example.com:
    container_name: peer0.org2.example.com
   image: hyperledger/fabric-peer:$IMAGE_TAG
    environment:
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      # the following setting starts chaincode containers on the same
      # bridge network as the peers
      # https://docs.docker.com/compose/networking/
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
      - CORE_LOGGING_LEVEL=INFO
      #- CORE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_GOSSIP_USELEADERELECTION=true
      - CORE_PEER_GOSSIP_ORGLEADER=false
      - CORE_PEER_PROFILE_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      - CORE_PEER_ID=peer0.org2.example.com
      - CORE_PEER_ADDRESS=peer0.org2.example.com:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:7051
      - CORE_PEER_LOCALMSPID=Org2MSP
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start
    volumes:
        - /var/run/:/host/var/run/
        - ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
        - ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
        - peer0.org2.example.com:/var/hyperledger/production
    ports:
      - 9051:7051
      - 9053:7053
    networks:
      - ssn

  peer1.org2.example.com:
    container_name: peer1.org2.example.com
   image: hyperledger/fabric-peer:$IMAGE_TAG
    environment:
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      # the following setting starts chaincode containers on the same
      # bridge network as the peers
      # https://docs.docker.com/compose/networking/
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
      - CORE_LOGGING_LEVEL=INFO
      #- CORE_LOGGING_LEVEL=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_GOSSIP_USELEADERELECTION=true
      - CORE_PEER_GOSSIP_ORGLEADER=false
      - CORE_PEER_PROFILE_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      - CORE_PEER_ID=peer1.org2.example.com
      - CORE_PEER_ADDRESS=peer1.org2.example.com:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:7051
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051
      - CORE_PEER_LOCALMSPID=Org2MSP
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start
    volumes:
        - /var/run/:/host/var/run/
        - ./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/etc/hyperledger/fabric/msp
        - ./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/etc/hyperledger/fabric/tls
        - peer1.org2.example.com:/var/hyperledger/production
    ports:
      - 10051:7051
      - 10053:7053
    networks:
      - ssn

  cli:
    container_name: cli
    image: hyperledger/fabric-tools:$IMAGE_TAG
    tty: true
    stdin_open: true
    environment:
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      #- CORE_LOGGING_LEVEL=DEBUG
      - CORE_LOGGING_LEVEL=INFO
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        - ./chaincode/:/opt/gopath/src/github.com/chaincode
        - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
        - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
    depends_on:
      - orderer.example.com
      - peer0.org1.example.com
      - peer1.org1.example.com
      - peer0.org2.example.com
      - peer1.org2.example.com
    networks:
      - ssn

10 启动网络

      执行下列命令启动

$ export IMAGE_TAG="latest"
$ docker-compose -f docker-compose-cli.yaml up -d

      执行时遇到如下错误

WARNING: The COMPOSE_PROJECT_NAME variable is not set. Defaulting to a blank string.
Creating peer1.org2.example.com ... 
Creating peer1.org1.example.com ... 
Creating peer0.org2.example.com ... error
Creating peer0.org1.example.com ... 
Creating peer1.org2.example.com ... error

ERROR: for peer0.org2.example.com  Cannot create container for service peer0.org2.example.com: b'Conflict. The container name "/peer0.org2.example.com" is already in use by container "892fc7a85421b97fdab029ff6e6e69e8ff9a73100be75e25bfce99f32e0e4a72". You have to remove (or rename) that container to be able to reuse that name.'

      上面错误的原因是因为之前已经启动过相同名称的容器,可通过docker ps -a查看到

$ docker ps -a
CONTAINER ID        IMAGE                               COMMAND                  CREATED             STATUS                    PORTS               NAMES
7af2444f822f        hyperledger/fabric-tools:latest     "/bin/bash"              2 months ago        Exited (0) 2 months ago                       cli
87bae3603f9f        hyperledger/fabric-peer:latest      "peer node start"        2 months ago        Exited (0) 2 months ago                       peer1.org2.example.com
892fc7a85421        hyperledger/fabric-peer:latest      "peer node start"        2 months ago        Exited (0) 2 months ago                       peer0.org2.example.com
29dffe82eead        hyperledger/fabric-peer:latest      "peer node start"        2 months ago        Exited (0) 2 months ago                       peer1.org1.example.com
9ddb369570ce        hyperledger/fabric-orderer:latest   "orderer"                2 months ago        Exited (2) 2 months ago                       orderer.example.com
545dea72868d        hyperledger/fabric-peer:latest      "peer node start"        2 months ago        Exited (0) 2 months ago                       peer0.org1.example.com
477806c85707        b8faaf2a4b88                        "chaincode -peer.add…"   2 months ago        Exited (2) 2 months ago                       dev-peer1.org2.example.com-mycc-1.0
0d5b302f3fd9        acef1e7f815a                        "chaincode -peer.add…"   2 months ago        Exited (2) 2 months ago                       dev-peer0.org1.example.com-mycc-1.0
e67f61b03dc5        d6b1e60ff1cc                        "chaincode -peer.add…"   2 months ago        Exited (0) 2 months ago                       dev-peer0.org2.example.com-mycc-1.0
aae5c8e02390        hello-world                         "/hello"                 2 months ago        Exited (0) 2 months ago                       nervous_mahavira
0390cab69235        hello-world                         "/hello"                 2 months ago        Exited (0) 2 months ago                       wizardly_goldberg

      删除这些启动过的容器(这是测试环境可以随意删,真实生产环境切记要小心)

$ sudo docker rm -f $(docker ps -a | grep "hyperledger/*" | awk "{print \$1}")

      删除之后重新执行,启动成功

$ export IMAGE_TAG="latest"
$ docker-compose -f docker-compose-cli.yaml up -d
WARNING: The COMPOSE_PROJECT_NAME variable is not set. Defaulting to a blank string.
Creating peer1.org1.example.com ... done
Creating peer0.org2.example.com ... done
Creating peer0.org1.example.com ... done
Creating peer1.org2.example.com ... done
Creating orderer.example.com    ... done
Creating cli                    ... done

11 进入docker客户端

$ docker exec -it cli bash

12 创建通道mychannel

# export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
# peer channel create -o orderer.example.com:7050 -c mychannel -t 50s -f ./channel-artifacts/channel.tx --tls --cafile $ORDERER_CA

      上面没有启动成功,可能会遇到的错误(以及解决方案),错误提示如下:
cli错误提示:

Error: Got unexpected status: BAD_REQUEST -- Error authorizing update: Error validating DeltaSet: Policy for [Groups] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining

或者:
Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied

容器内部提示:

UTC [cauthdsl] deduplicate -> ERRO 014 Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.example.com")) for identity 

      错误原因:由于启动过网络并且更新了证书,在没有删除干净的环境中启动复用的之前的volume,所以导致证书认证失败。

解决方案:执行如下命令删除卷

docker-compose -f docker-compose-cli.yaml down --volumes --remove-orphans
sudo docker rm -f $(docker ps -a | grep "hyperledger/*" | awk "{print \$1}")
sudo  docker volume prune

12 加入通道

# peer channel join -b mychannel.block

13 总结

       至此,我们已经完成了channel的创建并成功加入了该channel。通过手动去修改配置文件,以及运行相应的命令,让我们更了解部署的过程。现在回过头去捋一捋byfn.sh这个脚本文件,你就不至于茫然了。

14 参考资料

1.https://hyperledger-fabric.readthedocs.io/en/release-1.2/index.html
2.《深度探索区块链:Hyperledger技术与应用》作者:张增骏,董宁,朱轩彤,陈剑雄 著 出版社:机械工业出版社
3.《区块链开发实战:Hyperledger Fabric关键技术与案例分析》作者:冯翔,刘涛,吴寿鹤,周广益 著 出版社:机械工业出版社

你可能感兴趣的:(手动部署hyperledger fabric单机多节点网络)