Fabric建链docker-compose方式(客户端与节点主机分离)

目录

  • 一、客户端准备
    • 1.1、准备链目录和配置文件
    • 1.2、设置环境变量
    • 1.3、初始化和启动fabric-ca-server
    • 1.4、登记ca的admin用户
  • 二、准备组织org1
    • 2.1、准备组织目录
    • 2.2、生成组织org1的msp配置
  • 三、准备peer0节点
    • 3.1、注册peer0
    • 3.2、注册peer组织org1的user
    • 3.3、注册peer组织org1的admin
    • 3.4、登记peer0
    • 3.5、登记peer0的tls
    • 3.6、登记peer组织org1的user
    • 3.7、登记peer组织org1的admin
  • 四、准备orderer0节点
    • 4.1、注册orderer0
    • 4.2、注册orderer组织org1的admin
    • 4.3、登记orderer0
    • 4.4、登记orderer0的tls
    • 4.5、登记orderer组织org1的admin
  • 五、准备创世区块
  • 六、服务端准备
    • 6.1、准备peer0
    • 6.2、准备orderer0
    • 6.3、docker-compose启动节点
  • 七、创建应用通道channel1
    • 7.1、创建应用通道tx交易文件
    • 7.2、创建应用通道区块
    • 7.3、peer0加入应用通道
    • 7.4、获取应用通道最近的配置块
    • 7.5、生成锚节点更新配置文件
    • 7.6、提交更新通道配置交易
  • 八、部署链码发送交易
    • 8.1、编译打包链码
    • 8.2、部署链码
    • 8.3、发送交易

前文 Fabric二进制建链(客户端与节点主机分离)启动节点都是在主机本地,这里将换用docker容器启动各个节点,同样也是保证客户端和节点主机不在一个机器。假设客户端主机在192.168.2.195,在节点主机192.168.3.128部署1个orderer节点和1个peer节点。

拉下来Fabric v2.2.0相关的docker镜像:

hyperledger/fabric-tools:2.2.0     # 包含二进制工具
hyperledger/fabric-peer:2.2.0      # 对等节点
hyperledger/fabric-orderer:2.2.0   # 排序节点
hyperledger/fabric-ccenv:2.2.0     # 合约运行环境
hyperledger/fabric-baseos:2.2.0    # 基础操作系统
hyperledger/fabric-nodeenv:2.2.0   # 提供node环境
hyperledger/fabric-javaenv:2.2.0   # 提供java环境
hyperledger/fabric-ca:1.4.7        # 身份认证和秘钥管理

节点主机192.168.3.128上需要的docker-compose配置:

version: '2'

volumes:
  orderer0.org1.example.com:
  peer0.org1.example.com:

networks:
  dev:
    name: fabric_dev

services:

  orderer0.org1.example.com:
    container_name: orderer0.org1.example.com
    image: hyperledger/fabric-orderer:2.2.0
    environment:
      #- FABRIC_LOGGING_SPEC=INFO
      - FABRIC_LOGGING_SPEC=DEBUG
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_LISTENPORT=7050
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererOrg1MSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      - ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:17050
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
      - ORDERER_KAFKA_VERBOSE=true
      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
        - /home/songzehao/fabric/config/system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp:/var/hyperledger/orderer/msp
        - /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/:/var/hyperledger/orderer/tls
        - /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com:/var/hyperledger/production/orderer
    ports:
      - 7050:7050
      - 17050:17050
    networks:
      - dev

  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    image: hyperledger/fabric-peer:2.2.0
    environment:
      #Generic peer variables
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_dev
      #- FABRIC_LOGGING_SPEC=INFO
      - FABRIC_LOGGING_SPEC=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_PROFILE_ENABLED=false
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      # Peer specific variabes
      - CORE_PEER_ID=peer0.org1.example.com
      - CORE_PEER_ADDRESS=0.0.0.0:7051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:7051
      #- CORE_PEER_CHAINCODEADDRESS=0.0.0.0:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      - CORE_PEER_GOSSIP_BOOTSTRAP=0.0.0.0:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=0.0.0.0:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:17051
    volumes:
        - /var/run/docker.sock:/host/var/run/docker.sock
        - /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
        - /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
        - /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/peer0.org1.example.com:/var/hyperledger/production
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start
    ports:
      - 7051:7051
      - 17051:17051
    networks:
      - dev

一、客户端准备

1.1、准备链目录和配置文件

mkdir -p ~/fabric/organizations/ordererOrganizations
mkdir -p ~/fabric/organizations/peerOrganizations

mkdir -p ~/fabric/bin
# fabric-ca-server
# fabric-ca-client
# peer
# configtxgen
# configtxlator

mkdir -p ~/fabric/config
# configtx.yaml

mkdir -p ~/fabric/log

configtx.yaml模板:

Organizations:

    - &OrdererOrg1
        Name: OrdererOrg1

        SkipAsForeign: false

        ID: OrdererOrg1MSP

        MSPDir: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp

        Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrdererOrg1MSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('OrdererOrg1MSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('OrdererOrg1MSP.admin')"

        OrdererEndpoints:
            - "192.168.3.128:7050"

    - &Org1
        Name: Org1MSP

        SkipAsForeign: false

        ID: Org1MSP

        MSPDir: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp

        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org1MSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('Org1MSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('Org1MSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('Org1MSP.member')"

        AnchorPeers:
            - Host: 192.168.3.128
              Port: 7051

Capabilities:
    Channel: &ChannelCapabilities
        V2_0: true

    Orderer: &OrdererCapabilities
        V2_0: true

    Application: &ApplicationCapabilities
        V2_0: true

Application: &ApplicationDefaults
    Organizations:

    Policies:
        LifecycleEndorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Endorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    Capabilities:
        <<: *ApplicationCapabilities

Orderer: &OrdererDefaults

    OrdererType: etcdraft

    Addresses:
        - 192.168.3.128:7050

    
    EtcdRaft:
        Consenters:
        - Host: 192.168.3.128
          Port: 7050
          ClientTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt
          ServerTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt

    BatchTimeout: 2s

    BatchSize:

        MaxMessageCount: 10

        AbsoluteMaxBytes: 99 MB

        PreferredMaxBytes: 521 KB

    MaxChannels: 0

    Organizations:

    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"

Channel: &ChannelDefaults
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    Capabilities:
        <<: *ChannelCapabilities

Profiles:

    OneOrgOrdererGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg1
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
    Channel1:
        Consortium: SampleConsortium
        <<: *ChannelDefaults
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
            Capabilities:
                <<: *ApplicationCapabilities

还需要ca-server的配置文件fabric-ca-server-config.yaml

version: 1.2.0

port: 7054

debug: false

crlsizelimit: 512000

tls:
  # Enable TLS (default: false)
  enabled: true
  # TLS for the server's listening port
  certfile:
  keyfile:
  clientauth:
    type: noclientcert
    certfiles:

ca:
  name: ca-org1
  keyfile:
  certfile:
  chainfile:

crl:
  expiry: 24h

registry:
  maxenrollments: -1

  identities:
     - name: admin
       pass: adminpw
       type: client
       affiliation: ""
       attrs:
          hf.Registrar.Roles: "*"
          hf.Registrar.DelegateRoles: "*"
          hf.Revoker: true
          hf.IntermediateCA: true
          hf.GenCRL: true
          hf.Registrar.Attributes: "*"
          hf.AffiliationMgr: true

db:
  type: sqlite3
  datasource: fabric-ca-server.db
  tls:
      enabled: false
      certfiles:
      client:
        certfile:
        keyfile:

ldap:
   enabled: false
   url: ldap://:@:/
   tls:
      certfiles:
      client:
         certfile:
         keyfile:
   attribute:
      names: ['uid','member']
      converters:
         - name:
           value:
      maps:
         groups:
            - name:
              value:

affiliations:
   org1:
      - department1
      - department2
   org2:
      - department1

signing:
    default:
      usage:
        - digital signature
      expiry: 8760h
    profiles:
      ca:
         usage:
           - cert sign
           - crl sign
         expiry: 43800h
         caconstraint:
           isca: true
           maxpathlen: 0
      tls:
         usage:
            - signing
            - key encipherment
            - server auth
            - client auth
            - key agreement
         expiry: 8760h

csr:
   cn: ca.org1.example.com
   names:
      - C: US
        ST: "North Carolina"
        L: "Durham"
        O: org1.example.com
        OU:
   hosts:
     - 192.168.2.195
   ca:
      expiry: 131400h
      pathlength: 1

bccsp:
    default: SW
    sw:
        hash: SHA2
        security: 256
        filekeystore:
            # The directory used for the software file-based keystore
            keystore: msp/keystore

cacount:

cafiles:

intermediate:
  parentserver:
    url:
    caname:

  enrollment:
    hosts:
    profile:
    label:

  tls:
    certfiles:
    client:
      certfile:
      keyfile:

目录如下:

/home/songzehao/fabric
├── bin
│   ├── configtxgen
│   ├── configtxlator
│   ├── fabric-ca-client
│   ├── fabric-ca-server
│   └── peer
├── config
│   └── configtx.yaml
├── fabric-ca-server-config.yaml
├── log
└── organizations
    ├── ordererOrganizations
    └── peerOrganizations

6 directories, 6 files

1.2、设置环境变量

export PATH=/home/songzehao/fabric/bin:$PATH
export FABRIC_CA_CLIENT_HOME=/home/songzehao/fabric/fabric-ca-client
export FABRIC_CFG_PATH=/home/songzehao/fabric/config

1.3、初始化和启动fabric-ca-server

初始化:

fabric-ca-server init -b admin:adminpw

启动:

nohup fabric-ca-server start -b admin:adminpw >> ~/fabric/log/fabric-ca-server.log 2>&1 &

1.4、登记ca的admin用户

fabric-ca-client enroll -u https://admin:[email protected]:7054 --caname ca-org1 --tls.certfiles ~/fabric/ca-cert.pem

到这一步的目录如下:

/home/songzehao/fabric
├── bin
│   ├── configtxgen
│   ├── fabric-ca-client
│   ├── fabric-ca-server
│   └── peer
├── ca-cert.pem
├── config
│   └── configtx.yaml
├── fabric-ca-client
│   ├── fabric-ca-client-config.yaml
│   └── msp
│       ├── cacerts
│       │   └── 192-168-2-195-7054-ca-org1.pem
│       ├── IssuerPublicKey
│       ├── IssuerRevocationPublicKey
│       ├── keystore
│       │   └── c7292654834ac0d85b2af25206296449117b39a0f124b6faa4247ea3752863bd_sk
│       ├── signcerts
│       │   └── cert.pem
│       └── user
├── fabric-ca-server-config.yaml
├── fabric-ca-server.db
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── log
│   └── fabric-ca-server.log
├── msp
│   ├── cacerts
│   ├── keystore
│   │   ├── e0f304d534998a7756e8be945abd630a235dbd3125c768a7d2be54e708f739da_sk
│   │   ├── f9300aaa0a24d69fdc62cfb30384870f9b8184fca4b14416e075d38ed0e1bdd2_sk
│   │   ├── IssuerRevocationPrivateKey
│   │   └── IssuerSecretKey
│   ├── signcerts
│   └── user
├── organizations
│   ├── ordererOrganizations
│   └── peerOrganizations
└── tls-cert.pem

17 directories, 22 files

二、准备组织org1

2.1、准备组织目录

mkdir -p ~/fabric/organizations/peerOrganizations/org1.example.com/msp
mkdir -p ~/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com
mkdir -p ~/fabric/organizations/ordererOrganizations/org1.example.com/msp
mkdir -p ~/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com

2.2、生成组织org1的msp配置

echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/192-168-2-195-7054-ca-org1.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/192-168-2-195-7054-ca-org1.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/192-168-2-195-7054-ca-org1.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/192-168-2-195-7054-ca-org1.pem
    OrganizationalUnitIdentifier: orderer' > /home/songzehao/fabric/config.yaml

并拷贝org1的ca证书到org1的/msp/tlscacerts、/tlsca和/ca目录:

mkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/tlscacerts
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt

mkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/tlsca
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem

mkdir -p /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ca
cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem

三、准备peer0节点

3.1、注册peer0

fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles /home/songzehao/fabric/ca-cert.pem

3.2、注册peer组织org1的user

fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles /home/songzehao/fabric/ca-cert.pem

3.3、注册peer组织org1的admin

fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles /home/songzehao/fabric/ca-cert.pem

3.4、登记peer0

fabric-ca-client enroll -u https://peer0:[email protected]:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem

并拷贝该组织的msp配置文件到peer0节点目录下:

cp /home/songzehao/fabric/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml

cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml

3.5、登记peer0的tls

fabric-ca-client enroll -u https://peer0:[email protected]:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls --enrollment.profile tls --csr.hosts 192.168.3.128 --tls.certfiles /home/songzehao/fabric/ca-cert.pem

3.6、登记peer组织org1的user

cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/* /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key

fabric-ca-client enroll -u https://user1:[email protected]:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem

cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/config.yaml

3.7、登记peer组织org1的admin

fabric-ca-client enroll -u https://org1admin:[email protected]:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem

cp /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/config.yaml

四、准备orderer0节点

在ordererOrganizations/org1.example.com/msp目录下,创建tlscacerts子目录:

mkdir -p /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/tlscacerts

拷贝组织的ca证书到tlscacerts子目录:

cp /home/songzehao/fabric/ca-cert.pem /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

创建~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca目录:

mkdir ~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca

拷贝组织的ca证书到tlsca子目录:

cp /home/songzehao/fabric/ca-cert.pem ~/fabric/organizations/ordererOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem

4.1、注册orderer0

fabric-ca-client register --caname ca-org1 --id.name orderer0 --id.secret orderer0pw --id.type orderer --tls.certfiles /home/songzehao/fabric/ca-cert.pem

4.2、注册orderer组织org1的admin

fabric-ca-client register --caname ca-org1 --id.name ordererOrg1Admin --id.secret ordererOrg1Adminpw --id.type admin --tls.certfiles /home/songzehao/fabric/ca-cert.pem

4.3、登记orderer0

fabric-ca-client enroll -u https://orderer0:[email protected]:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem

并拷贝msp配置文件到orderer0节点目录下:

cp /home/songzehao/fabric/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yaml

cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/config.yaml

4.4、登记orderer0的tls

fabric-ca-client enroll -u https://orderer0:[email protected]:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls --enrollment.profile tls --csr.hosts 192.168.3.128 --tls.certfiles /home/songzehao/fabric/ca-cert.pem

拷贝到tls目录下,并重命名为更好看的文件名:

cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/ca.crt
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/signcerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/keystore/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.key

拷贝该tlsca证书到orderer0节点目录下msp/tlscacerts目录:

mkdir -p /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts
cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/tlscacerts/* /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

4.5、登记orderer组织org1的admin

fabric-ca-client enroll -u https://ordererOrg1Admin:[email protected]:7054 --caname ca-org1 -M /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/[email protected]/msp --tls.certfiles /home/songzehao/fabric/ca-cert.pem

拷贝msp配置文件到管理员的msp目录下:

cp /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/config.yaml /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/users/[email protected]/msp/config.yaml

五、准备创世区块

走到这一步,组织目录下msp/只有tlscacerts目录,缺少cacert:

/home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp/
├── config.yaml
└── tlscacerts
    └── tlsca.org1.example.com-cert.pem

1 directory, 2 files

所以先将orderer0的msp目录下的cacert,即~/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/cacerts/放到~/fabric/organizations/ordererOrganizations/org1.example.com/msp/cacerts/,顺带给peer0也一起处理:

cp -r /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/cacerts /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp
cp -r /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp

更改configtx.yaml

Organizations:

    - &OrdererOrg1
        Name: OrdererOrg1

        SkipAsForeign: false

        ID: OrdererOrg1MSP

        MSPDir: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/msp

        Policies:
            Readers:
                Type: Signature
                Rule: "OR('OrdererOrg1MSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('OrdererOrg1MSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('OrdererOrg1MSP.admin')"

        OrdererEndpoints:
            - "192.168.3.128:7050"

    - &Org1
        Name: Org1MSP

        SkipAsForeign: false

        ID: Org1MSP

        MSPDir: /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/msp

        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org1MSP.member')"
            Writers:
                Type: Signature
                Rule: "OR('Org1MSP.member')"
            Admins:
                Type: Signature
                Rule: "OR('Org1MSP.admin')"
            Endorsement:
                Type: Signature
                Rule: "OR('Org1MSP.member')"

        AnchorPeers:
            - Host: 192.168.3.128
              Port: 7051

Capabilities:
    Channel: &ChannelCapabilities
        V2_0: true

    Orderer: &OrdererCapabilities
        V2_0: true

    Application: &ApplicationCapabilities
        V2_0: true

Application: &ApplicationDefaults
    Organizations:

    Policies:
        LifecycleEndorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Endorsement:
            Type: ImplicitMeta
            Rule: "MAJORITY Endorsement"
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    Capabilities:
        <<: *ApplicationCapabilities

Orderer: &OrdererDefaults

    OrdererType: etcdraft

    Addresses:
        - 192.168.3.128:7050

    
    EtcdRaft:
        Consenters:
        - Host: 192.168.3.128
          Port: 7050
          ClientTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt
          ServerTLSCert: /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/server.crt

    BatchTimeout: 2s

    BatchSize:

        MaxMessageCount: 10

        AbsoluteMaxBytes: 99 MB

        PreferredMaxBytes: 521 KB

    MaxChannels: 0

    Organizations:

    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"

Channel: &ChannelDefaults
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"

    Capabilities:
        <<: *ChannelCapabilities

Profiles:

    OneOrgOrdererGenesis:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg1
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
    Channel1:
        Consortium: SampleConsortium
        <<: *ChannelDefaults
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
            Capabilities:
                <<: *ApplicationCapabilities

创建创世块:

configtxgen -profile OneOrgOrdererGenesis -channelID system-channel -outputBlock /home/songzehao/fabric/config/system-genesis-block/genesis.block

六、服务端准备

6.1、准备peer0

在节点主机创建同样的链组织节点目录:

mkdir -p ~/fabric/organizations/peerOrganizations/

从客户端主机传送peer组织目录到peer0节点主机:

scp -r /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/ [email protected]:/home/songzehao/fabric/organizations/peerOrganizations

调整docker-compose.yaml中peer0相关的部分:

version: '2'

volumes:
  orderer0.org1.example.com:
  peer0.org1.example.com:

networks:
  dev:
    name: fabric_dev

services:
  peer0.org1.example.com:
    container_name: peer0.org1.example.com
    image: hyperledger/fabric-peer:2.2.0
    environment:
      #Generic peer variables
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_dev
      #- FABRIC_LOGGING_SPEC=INFO
      - FABRIC_LOGGING_SPEC=DEBUG
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_PROFILE_ENABLED=false
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      # Peer specific variabes
      - CORE_PEER_ID=peer0.org1.example.com
      - CORE_PEER_ADDRESS=0.0.0.0:7051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:7051
      #- CORE_PEER_CHAINCODEADDRESS=0.0.0.0:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      - CORE_PEER_GOSSIP_BOOTSTRAP=192.168.3.128:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=0.0.0.0:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:17051
    volumes:
        - /var/run/docker.sock:/host/var/run/docker.sock
        - /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
        - /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
        - /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/peer0.org1.example.com:/var/hyperledger/production
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start
    ports:
      - 7051:7051
      - 17051:17051
    networks:
      - dev

6.2、准备orderer0

在节点主机创建同样的链组织节点目录。

mkdir -p ~/fabric/organizations/ordererOrganizations/
mkdir -p ~/fabric/config/system-genesis-block/

从客户端主机传送orderer组织目录到orderer0节点主机:

scp -r /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/ [email protected]:/home/songzehao/fabric/organizations/ordererOrganizations
scp -r /home/songzehao/fabric/config/system-genesis-block/genesis.block [email protected]:/home/songzehao/fabric/config/system-genesis-block/

调整docker-compose.yaml中orderer0相关的部分:

version: '2'

volumes:
  orderer0.org1.example.com:
  peer0.org1.example.com:

networks:
  dev:
    name: fabric_dev

services:

  orderer0.org1.example.com:
    container_name: orderer0.org1.example.com
    image: hyperledger/fabric-orderer:2.2.0
    environment:
      #- FABRIC_LOGGING_SPEC=INFO
      - FABRIC_LOGGING_SPEC=DEBUG
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_LISTENPORT=7050
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererOrg1MSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      - ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:17050
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
      - ORDERER_KAFKA_VERBOSE=true
      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
        - /home/songzehao/fabric/config/system-genesis-block/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
        - /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp:/var/hyperledger/orderer/msp
        - /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/tls/:/var/hyperledger/orderer/tls
        - /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com:/var/hyperledger/production/orderer
    ports:
      - 7050:7050
      - 17050:17050
    networks:
      - dev

6.3、docker-compose启动节点

客户端传送docker-compose.yaml到节点主机之后,节点主机启动节点:

docker-compose -f docker-compose.yaml up -d

七、创建应用通道channel1

7.1、创建应用通道tx交易文件

configtxgen -profile Channel1 -outputCreateChannelTx /home/songzehao/fabric/config/channel-artifacts/channel1.tx -channelID channel1

7.2、创建应用通道区块

首先需要在客户端主机配置peer0相关环境变量:

export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=192.168.3.128:7051
export CORE_PEER_GOSSIP_EXTERNALENDPOINT=192.168.3.128:7051

【注意】:客户端也需要一份core.yaml才能成功执行peer客户端命令。

再创建channel1区块:

peer channel create -o 192.168.3.128:7050 -c channel1 -f /home/songzehao/fabric/config/channel-artifacts/channel1.tx --outputBlock /home/songzehao/fabric/config/channel-artifacts/channel1.block --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

7.3、peer0加入应用通道

peer channel join -b /home/songzehao/fabric/config/channel-artifacts/channel1.block

7.4、获取应用通道最近的配置块

peer channel fetch config /home/songzehao/fabric/config/channel-artifacts/config_block.pb -o 192.168.3.128:7050 -c channel1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

7.5、生成锚节点更新配置文件

protobuf序列化(编码)后的.pb配置文件,转化为.json格式:

configtxlator proto_decode --input /home/songzehao/fabric/config/channel-artifacts/config_block.pb --type common.Block --output /home/songzehao/fabric/config/channel-artifacts/config_block.json

抽取配置部分的json,得到原始配置:

jq .data.data[0].payload.data.config /home/songzehao/fabric/config/channel-artifacts/config_block.json > /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json

进一步追加锚节点peer0信息到Org1MSP的values部分,得到更改后配置:

jq '.channel_group.groups.Application.groups.Org1MSP.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "192.168.3.128","port": 7051}]},"version": "0"}}' /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json > /home/songzehao/fabric/config/channel-artifacts/Org1MSPmodified_config.json

protobuf编码原始配置:

configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/Org1MSPconfig.json --type common.Config --output /home/songzehao/fabric/config/channel-artifacts/original_config.pb

protobuf编码更改后配置:

configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/Org1MSPmodified_config.json --type common.Config --output /home/songzehao/fabric/config/channel-artifacts/modified_config.pb

计算更改前后的配置差异,得到.pb的差异配置:

configtxlator compute_update --channel_id channel1 --original /home/songzehao/fabric/config/channel-artifacts/original_config.pb --updated /home/songzehao/fabric/config/channel-artifacts/modified_config.pb --output /home/songzehao/fabric/config/channel-artifacts/config_update.pb

protobuf解码为.json格式:

configtxlator proto_decode --input /home/songzehao/fabric/config/channel-artifacts/config_update.pb --type common.ConfigUpdate --output /home/songzehao/fabric/config/channel-artifacts/config_update.json

追加.json格式的差异文件内容到新包装后的.json文件:

echo '{"payload":{"header":{"channel_header":{"channel_id":"channel1", "type":2}},"data":{"config_update":'$(cat /home/songzehao/fabric/config/channel-artifacts/config_update.json)'}}}' | jq . > /home/songzehao/fabric/config/channel-artifacts/config_update_in_envelope.json

编码为Envelope类型的新的交易文件:

configtxlator proto_encode --input /home/songzehao/fabric/config/channel-artifacts/config_update_in_envelope.json --type common.Envelope --output /home/songzehao/fabric/config/channel-artifacts/Org1MSPanchors.tx

7.6、提交更新通道配置交易

peer channel update -o 192.168.3.128:7050 -c channel1 -f /home/songzehao/fabric/config/channel-artifacts/Org1MSPanchors.tx --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

八、部署链码发送交易

8.1、编译打包链码

fabric-samples示例工程https://github.com/hyperledger/fabric-samples/tree/v2.2.0/拉下来:

git clone -b v2.2.0 https://gitee.com/hyperledger/fabric-samples.git

以其中一个asset-transfer-basic链码举例,编译该java链码,并打包为basic.tar.gz:

rm -rf ~/fabric/fabric-samples/asset-transfer-basic/chaincode-java/build/install/

./gradlew installDist

peer lifecycle chaincode package ~/fabric/config/basic.tar.gz --path ~/fabric/fabric-samples/asset-transfer-basic/chaincode-java/build/install/basic --lang java --label basic_1.0

8.2、部署链码

进行链码安装:

peer lifecycle chaincode install /home/songzehao/fabric/config/basic.tar.gz

查看已安装的链码:

peer lifecycle chaincode queryinstalled

批准链码定义:

peer lifecycle chaincode approveformyorg -o 192.168.3.128:7050 --channelID channel1 --name basic --version 1.0 --package-id basic_1.0:67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773 --sequence 1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

检查批准状态:

peer lifecycle chaincode queryapproved -C channel1 -n basic

检查提交就绪状态:

peer lifecycle chaincode checkcommitreadiness --channelID channel1 --name basic --version 1.0 --sequence 1 --output json

提交到peer0:

peer lifecycle chaincode commit -o 192.168.3.128:7050 --channelID channel1 --name basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --version 1.0 --sequence 1 --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

检查提交状态:

peer lifecycle chaincode querycommitted --channelID channel1 --name basic --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem

docker验证新的链代码是否已在您的对等点192.168.3.128上提交启动:

docker ps --no-trunc
CONTAINER ID                                                       IMAGE                                                                                                                                                                    COMMAND                                                     CREATED              STATUS              PORTS     NAMES
660ab24842f1c96dc644f931b6540befca1cfb953399d880d9fe6e02560e4dc0   dev-peer0.org1.example.com-basic_1.0-67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773-4ae135e5fa18d99cbd8dc7e8907079b31a3f779d0137e69204d3307d30236441   "/root/chaincode-java/start --peerAddress localhost:7052"   About a minute ago   Up About a minute             dev-peer0.org1.example.com-basic_1.0-67b9d7ef205254d9b8ff59e5904d1d18a27f74d7d1679abe0e7ccde064826773

8.3、发送交易

发交易,初始化资产(调用链码的初始化方法InitLedger):

peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"InitLedger","Args":[]}'

查询初始化后的资产(调用链码的GetAllAssets方法):

peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"GetAllAssets","Args":[]}'

发交易,新增资产(调用链码的初始化方法CreateAsset):

peer chaincode invoke -o 192.168.3.128:7050 -C channel1 -n basic --peerAddresses 192.168.3.128:7051 --tlsRootCertFiles /home/songzehao/fabric/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --tls --cafile /home/songzehao/fabric/organizations/ordererOrganizations/org1.example.com/orderers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem -c '{"function":"CreateAsset","Args":["asset7", "pink", "18", "Jay", "800"]}'

你可能感兴趣的:(区块链,Hyperledger,Fabric,区块链,docker,compose,对等节点,排序节点,链码)