为什么80%的码农都做不了架构师?>>>
搭建一个三个组织的kafka共识网络
其主要目录结构如下:
.
├── bin
│ ├── configtxgen
│ ├── configtxlator
│ ├── cryptogen
│ ├── discover
│ ├── fabric-ca-client
│ ├── get-docker-images.sh
│ ├── idemixgen
│ ├── orderer
│ └── peer
├── channel
│ ├── artifacts
│ │ ├── genesis.block
│ │ ├── mychannel.tx
│ │ ├── Org1MSPanchors.tx
│ │ ├── Org2MSPanchors.tx
│ │ └── Org3MSPanchors.tx
│ ├── configtx.yaml
│ ├── crypto-config
│ │ ├── ordererOrganizations
│ │ │ └── example.com
│ │ │ ├── ca
│ │ │ │ ├── bf90753e7d72dfd7eac113059031536baffbe3049224f8019647ce811aa8423d_sk
│ │ │ │ └── ca.example.com-cert.pem
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── [email protected]
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.example.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ ├── orderers
│ │ │ │ ├── orderer0.example.com
│ │ │ │ │ ├── msp
│ │ │ │ │ │ ├── admincerts
│ │ │ │ │ │ │ └── [email protected]
│ │ │ │ │ │ ├── cacerts
│ │ │ │ │ │ │ └── ca.example.com-cert.pem
│ │ │ │ │ │ ├── keystore
│ │ │ │ │ │ │ └── 01bb019b91dad9102497c555f03971a0c98c8c912ae991cd054f03c3f197dbb4_sk
│ │ │ │ │ │ ├── signcerts
│ │ │ │ │ │ │ └── orderer0.example.com-cert.pem
│ │ │ │ │ │ └── tlscacerts
│ │ │ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ │ │ └── tls
│ │ │ │ │ ├── ca.crt
│ │ │ │ │ ├── server.crt
│ │ │ │ │ └── server.key
│ │ │ │ ├── orderer1.example.com
│ │ │ │ │ ├── msp
│ │ │ │ │ │ ├── admincerts
│ │ │ │ │ │ │ └── [email protected]
│ │ │ │ │ │ ├── cacerts
│ │ │ │ │ │ │ └── ca.example.com-cert.pem
│ │ │ │ │ │ ├── keystore
│ │ │ │ │ │ │ └── da30d2639d047e8b31959a309558d8bf47b42f8b225dffb2f74ffc1a5e3c833a_sk
│ │ │ │ │ │ ├── signcerts
│ │ │ │ │ │ │ └── orderer1.example.com-cert.pem
│ │ │ │ │ │ └── tlscacerts
│ │ │ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ │ │ └── tls
│ │ │ │ │ ├── ca.crt
│ │ │ │ │ ├── server.crt
│ │ │ │ │ └── server.key
│ │ │ │ └── orderer2.example.com
│ │ │ │ ├── msp
│ │ │ │ │ ├── admincerts
│ │ │ │ │ │ └── [email protected]
│ │ │ │ │ ├── cacerts
│ │ │ │ │ │ └── ca.example.com-cert.pem
│ │ │ │ │ ├── keystore
│ │ │ │ │ │ └── 3f92ec7da1093cdfade49b10debdfe543357b6ea21426c1a33134abada51ecbf_sk
│ │ │ │ │ ├── signcerts
│ │ │ │ │ │ └── orderer2.example.com-cert.pem
│ │ │ │ │ └── tlscacerts
│ │ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ │ └── tls
│ │ │ │ ├── ca.crt
│ │ │ │ ├── server.crt
│ │ │ │ └── server.key
│ │ │ ├── tlsca
│ │ │ │ ├── 6133ccd42f299399299d63acd89211c14d3f49c2e05ade95e1ca962f698365bd_sk
│ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ └── users
│ │ │ └── [email protected]
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── [email protected]
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.example.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── c3dbbefab480b85f9809359d429db10d621db68db80739b62745030be97fa1b7_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── [email protected]
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── client.crt
│ │ │ └── client.key
│ │ └── peerOrganizations
│ │ ├── org1.example.com
│ │ │ ├── ca
│ │ │ │ ├── 67b55aed53112c2a7ef57c50734bbecc3e8406b238f591e2685c99990188c94a_sk
│ │ │ │ └── ca.org1.example.com-cert.pem
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── [email protected]
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.org1.example.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.org1.example.com-cert.pem
│ │ │ ├── peers
│ │ │ │ ├── peer0.org1.example.com
│ │ │ │ │ ├── msp
│ │ │ │ │ │ ├── admincerts
│ │ │ │ │ │ │ └── [email protected]
│ │ │ │ │ │ ├── cacerts
│ │ │ │ │ │ │ └── ca.org1.example.com-cert.pem
│ │ │ │ │ │ ├── keystore
│ │ │ │ │ │ │ └── afa834686f7312864966c133ec3931aaa3b625f5715431c5ac4c83f6ab5bb3e5_sk
│ │ │ │ │ │ ├── signcerts
│ │ │ │ │ │ │ └── peer0.org1.example.com-cert.pem
│ │ │ │ │ │ └── tlscacerts
│ │ │ │ │ │ └── tlsca.org1.example.com-cert.pem
│ │ │ │ │ └── tls
│ │ │ │ │ ├── ca.crt
│ │ │ │ │ ├── server.crt
│ │ │ │ │ └── server.key
│ │ │ │ └── peer1.org1.example.com
│ │ │ │ ├── msp
│ │ │ │ │ ├── admincerts
│ │ │ │ │ │ └── [email protected]
│ │ │ │ │ ├── cacerts
│ │ │ │ │ │ └── ca.org1.example.com-cert.pem
│ │ │ │ │ ├── keystore
│ │ │ │ │ │ └── c51c5500c6577dd727ad0f3492972f72bb4ae8ea1bb8b7a7bcd3fcfc077b2fdb_sk
│ │ │ │ │ ├── signcerts
│ │ │ │ │ │ └── peer1.org1.example.com-cert.pem
│ │ │ │ │ └── tlscacerts
│ │ │ │ │ └── tlsca.org1.example.com-cert.pem
│ │ │ │ └── tls
│ │ │ │ ├── ca.crt
│ │ │ │ ├── server.crt
│ │ │ │ └── server.key
│ │ │ ├── tlsca
│ │ │ │ ├── c7b2b5e46abc78ef066c793eccd17c63d011fa3b197b8498633a26e8f523a44e_sk
│ │ │ │ └── tlsca.org1.example.com-cert.pem
│ │ │ └── users
│ │ │ ├── [email protected]
│ │ │ │ ├── msp
│ │ │ │ │ ├── admincerts
│ │ │ │ │ │ └── [email protected]
│ │ │ │ │ ├── cacerts
│ │ │ │ │ │ └── ca.org1.example.com-cert.pem
│ │ │ │ │ ├── keystore
│ │ │ │ │ │ └── 23e66fee0dbe604f3c23f17227aabdcf0ee56aba29000afb2213f5997fe22064_sk
│ │ │ │ │ ├── signcerts
│ │ │ │ │ │ └── [email protected]
│ │ │ │ │ └── tlscacerts
│ │ │ │ │ └── tlsca.org1.example.com-cert.pem
│ │ │ │ └── tls
│ │ │ │ ├── ca.crt
│ │ │ │ ├── client.crt
│ │ │ │ └── client.key
│ │ │ └── [email protected]
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── [email protected]
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.org1.example.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 98e1c043874dba69b2442d90ce3ccf3bbe73eead29a837c3291c452b6cc8b2ae_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── [email protected]
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.org1.example.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── client.crt
│ │ │ └── client.key
│ │ ├── org2.example.com
│ │ │ ├── ca
│ │ │ │ ├── 64582bb48d828f0bc9c76fc35d232a434cff09e367614d0a0e3b3688299385dc_sk
│ │ │ │ └── ca.org2.example.com-cert.pem
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── [email protected]
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.org2.example.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.org2.example.com-cert.pem
│ │ │ ├── peers
│ │ │ │ ├── peer0.org2.example.com
│ │ │ │ │ ├── msp
│ │ │ │ │ │ ├── admincerts
│ │ │ │ │ │ │ └── [email protected]
│ │ │ │ │ │ ├── cacerts
│ │ │ │ │ │ │ └── ca.org2.example.com-cert.pem
│ │ │ │ │ │ ├── keystore
│ │ │ │ │ │ │ └── a88c99f97546ec6ebad5ab3e02c8e1cfdc984cff7d27eae85b5819a0a370640e_sk
│ │ │ │ │ │ ├── signcerts
│ │ │ │ │ │ │ └── peer0.org2.example.com-cert.pem
│ │ │ │ │ │ └── tlscacerts
│ │ │ │ │ │ └── tlsca.org2.example.com-cert.pem
│ │ │ │ │ └── tls
│ │ │ │ │ ├── ca.crt
│ │ │ │ │ ├── server.crt
│ │ │ │ │ └── server.key
│ │ │ │ └── peer1.org2.example.com
│ │ │ │ ├── msp
│ │ │ │ │ ├── admincerts
│ │ │ │ │ │ └── [email protected]
│ │ │ │ │ ├── cacerts
│ │ │ │ │ │ └── ca.org2.example.com-cert.pem
│ │ │ │ │ ├── keystore
│ │ │ │ │ │ └── e6a4fa4652b71820b281d7794eb5dbfbc56749ad3315fb91d83c3cea724c9871_sk
│ │ │ │ │ ├── signcerts
│ │ │ │ │ │ └── peer1.org2.example.com-cert.pem
│ │ │ │ │ └── tlscacerts
│ │ │ │ │ └── tlsca.org2.example.com-cert.pem
│ │ │ │ └── tls
│ │ │ │ ├── ca.crt
│ │ │ │ ├── server.crt
│ │ │ │ └── server.key
│ │ │ ├── tlsca
│ │ │ │ ├── cfaf751772444fe6169af8f832e79bffa555b4157d002865af27715d14311d98_sk
│ │ │ │ └── tlsca.org2.example.com-cert.pem
│ │ │ └── users
│ │ │ ├── [email protected]
│ │ │ │ ├── msp
│ │ │ │ │ ├── admincerts
│ │ │ │ │ │ └── [email protected]
│ │ │ │ │ ├── cacerts
│ │ │ │ │ │ └── ca.org2.example.com-cert.pem
│ │ │ │ │ ├── keystore
│ │ │ │ │ │ └── 7bcac812a1a2d3949e6bf3c0c9de0a005dc45fac4e7d67c3d0631287a465c7da_sk
│ │ │ │ │ ├── signcerts
│ │ │ │ │ │ └── [email protected]
│ │ │ │ │ └── tlscacerts
│ │ │ │ │ └── tlsca.org2.example.com-cert.pem
│ │ │ │ └── tls
│ │ │ │ ├── ca.crt
│ │ │ │ ├── client.crt
│ │ │ │ └── client.key
│ │ │ └── [email protected]
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── [email protected]
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.org2.example.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 3d4b206ff6abc9fe6f63490a1bf8f7a9e2fd2857bc8d6282d66bab2c14ec1244_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── [email protected]
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.org2.example.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── client.crt
│ │ │ └── client.key
│ │ └── org3.example.com
│ │ ├── ca
│ │ │ ├── af254a45bcf63d18c03f1f8c142f5ff0037a3adc349fdf7822cd25369fd2068e_sk
│ │ │ └── ca.org3.example.com-cert.pem
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── [email protected]
│ │ │ ├── cacerts
│ │ │ │ └── ca.org3.example.com-cert.pem
│ │ │ └── tlscacerts
│ │ │ └── tlsca.org3.example.com-cert.pem
│ │ ├── peers
│ │ │ ├── peer0.org3.example.com
│ │ │ │ ├── msp
│ │ │ │ │ ├── admincerts
│ │ │ │ │ │ └── [email protected]
│ │ │ │ │ ├── cacerts
│ │ │ │ │ │ └── ca.org3.example.com-cert.pem
│ │ │ │ │ ├── keystore
│ │ │ │ │ │ └── f14d03f5baeac62cab6cae3ab6d9f272909172bffe8836db750ec2002ee5a1f7_sk
│ │ │ │ │ ├── signcerts
│ │ │ │ │ │ └── peer0.org3.example.com-cert.pem
│ │ │ │ │ └── tlscacerts
│ │ │ │ │ └── tlsca.org3.example.com-cert.pem
│ │ │ │ └── tls
│ │ │ │ ├── ca.crt
│ │ │ │ ├── server.crt
│ │ │ │ └── server.key
│ │ │ └── peer1.org3.example.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── [email protected]
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.org3.example.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 30936ba5761c453c32bdd74d9f4060711aa45054801ae40f5f17433b68d1479b_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── peer1.org3.example.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.org3.example.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ ├── tlsca
│ │ │ ├── 93e6fd19b2bbd58fdda863adc802ed4017100477c11465625f75d5b759cef085_sk
│ │ │ └── tlsca.org3.example.com-cert.pem
│ │ └── users
│ │ ├── [email protected]
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── [email protected]
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.org3.example.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 72d5f1f2cbd43c5656bfbc97c51859e97b6f33ce82bdc38b0931189d16265cbd_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── [email protected]
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.org3.example.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── client.crt
│ │ │ └── client.key
│ │ └── [email protected]
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── [email protected]
│ │ │ ├── cacerts
│ │ │ │ └── ca.org3.example.com-cert.pem
│ │ │ ├── keystore
│ │ │ │ └── b5db8c9850931e6ba44f426216203ebba33db57a76bdfc5d8f7fbcb3f9cc2638_sk
│ │ │ ├── signcerts
│ │ │ │ └── [email protected]
│ │ │ └── tlscacerts
│ │ │ └── tlsca.org3.example.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── client.crt
│ │ └── client.key
│ ├── cryptogen.yaml
│ └── fabric-ca-server-config.yaml
├── create-channel-artifacts.sh
├── docker-compose
│ ├── base.yaml
│ └── docker-compose.yaml
└── start-network.sh
接着一一讲解
- bin目录 : hyperledger fabric 的工具
- channel目录 : 网络的配置和生成创世块,msp密钥证书等
- artifacts 存放 创世块, channel.tx 等 , 用脚本生成
- crypto-config 存放 msp证书密钥等 , 用脚本生成
- configtx.yaml : fabric网络配置
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererMSP
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org1.example.com
Port: 7051
- &Org2
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org2MSP
# ID to load the MSP definition as
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org2.example.com
Port: 7051
- &Org3
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org3MSP
# ID to load the MSP definition as
ID: Org3MSP
MSPDir: crypto-config/peerOrganizations/org3.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org3.example.com
Port: 7051
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: kafka
Addresses:
- orderer0.example.com:7050
- orderer1.example.com:7050
- orderer2.example.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 98 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- kafka0:9092
- kafka1:9092
- kafka2:9092
- kafka3:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
OrgsOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
- *Org3
OrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
- cryptogen.yaml : fabric msp 配置
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer0
- Hostname: orderer1
- Hostname: orderer2
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
# ---------------------------------------------------------------------------
# "CA"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of the CA for this
# organization. This entry is a Spec. See "Specs" section below for details.
# ---------------------------------------------------------------------------
CA:
Hostname: ca # implicitly ca.org1.example.com
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# - SANS: (Optional) Specifies one or more Subject Alternative Names
# the be set in the resulting x509. Accepts template
# variables {{.Hostname}}, {{.Domain}}, {{.CommonName}}
# NOTE: Two implicit entries are created for you:
# - {{ .CommonName }}
# - {{ .Hostname }}
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# SANS:
# - "bar.{{.Domain}}"
# - "altfoo.{{.Domain}}"
# - "{{.Hostname}}.org6.net"
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
SANS:
- "localhost"
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
CA:
Hostname: ca # implicitly ca.org1.example.com
Template:
Count: 2
SANS:
- "localhost"
Users:
Count: 1
- Name: Org3
Domain: org3.example.com
CA:
Hostname: ca # implicitly ca.org1.example.com
Template:
Count: 2
SANS:
- "localhost"
Users:
Count: 1
- fabric-ca-server-config.yaml : fabric ca 服务端的配置
#############################################################################
# This is a configuration file for the fabric-ca-server command.
#
# COMMAND LINE ARGUMENTS AND ENVIRONMENT VARIABLES
# ------------------------------------------------
# Each configuration element can be overridden via command line
# arguments or environment variables. The precedence for determining
# the value of each element is as follows:
# 1) command line argument
# Examples:
# a) --port 443
# To set the listening port
# b) --ca.keyfile ../mykey.pem
# To set the "keyfile" element in the "ca" section below;
# note the '.' separator character.
# 2) environment variable
# Examples:
# a) FABRIC_CA_SERVER_PORT=443
# To set the listening port
# b) FABRIC_CA_SERVER_CA_KEYFILE="../mykey.pem"
# To set the "keyfile" element in the "ca" section below;
# note the '_' separator character.
# 3) configuration file
# 4) default value (if there is one)
# All default values are shown beside each element below.
#
# FILE NAME ELEMENTS
# ------------------
# The value of all fields whose name ends with "file" or "files" are
# name or names of other files.
# For example, see "tls.certfile" and "tls.clientauth.certfiles".
# The value of each of these fields can be a simple filename, a
# relative path, or an absolute path. If the value is not an
# absolute path, it is interpretted as being relative to the location
# of this configuration file.
#
#############################################################################
# Version of config file
version: 1.2.0-stable
# Server's listening port (default: 7054)
port: 7054
# Enables debug logging (default: false)
debug: false
# Size limit of an acceptable CRL in bytes (default: 512000)
crlsizelimit: 512000
#############################################################################
# TLS section for the server's listening port
#
# The following types are supported for client authentication: NoClientCert,
# RequestClientCert, RequireAnyClientCert, VerifyClientCertIfGiven,
# and RequireAndVerifyClientCert.
#
# Certfiles is a list of root certificate authorities that the server uses
# when verifying client certificates.
#############################################################################
tls:
# Enable TLS (default: false)
enabled: false
# TLS for the server's listening port
certfile:
keyfile:
clientauth:
type: noclientcert
certfiles:
#############################################################################
# The CA section contains information related to the Certificate Authority
# including the name of the CA, which should be unique for all members
# of a blockchain network. It also includes the key and certificate files
# used when issuing enrollment certificates (ECerts) and transaction
# certificates (TCerts).
# The chainfile (if it exists) contains the certificate chain which
# should be trusted for this CA, where the 1st in the chain is always the
# root CA certificate.
#############################################################################
ca:
# Name of this CA
name:
# Key file (is only used to import a private key into BCCSP)
keyfile:
# Certificate file (default: ca-cert.pem)
certfile:
# Chain file
chainfile:
#############################################################################
# The gencrl REST endpoint is used to generate a CRL that contains revoked
# certificates. This section contains configuration options that are used
# during gencrl request processing.
#############################################################################
crl:
# Specifies expiration for the generated CRL. The number of hours
# specified by this property is added to the UTC time, the resulting time
# is used to set the 'Next Update' date of the CRL.
expiry: 24h
#############################################################################
# The registry section controls how the fabric-ca-server does two things:
# 1) authenticates enrollment requests which contain a username and password
# (also known as an enrollment ID and secret).
# 2) once authenticated, retrieves the identity's attribute names and
# values which the fabric-ca-server optionally puts into TCerts
# which it issues for transacting on the Hyperledger Fabric blockchain.
# These attributes are useful for making access control decisions in
# chaincode.
# There are two main configuration options:
# 1) The fabric-ca-server is the registry.
# This is true if "ldap.enabled" in the ldap section below is false.
# 2) An LDAP server is the registry, in which case the fabric-ca-server
# calls the LDAP server to perform these tasks.
# This is true if "ldap.enabled" in the ldap section below is true,
# which means this "registry" section is ignored.
#############################################################################
registry:
# Maximum number of times a password/secret can be reused for enrollment
# (default: -1, which means there is no limit)
maxenrollments: -1
# Contains identity information which is used when LDAP is disabled
identities:
- name: admin
pass: adminpw
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "*"
hf.Registrar.DelegateRoles: "*"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
#############################################################################
# Database section
# Supported types are: "sqlite3", "postgres", and "mysql".
# The datasource value depends on the type.
# If the type is "sqlite3", the datasource value is a file name to use
# as the database store. Since "sqlite3" is an embedded database, it
# may not be used if you want to run the fabric-ca-server in a cluster.
# To run the fabric-ca-server in a cluster, you must choose "postgres"
# or "mysql".
#############################################################################
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
#############################################################################
# LDAP section
# If LDAP is enabled, the fabric-ca-server calls LDAP to:
# 1) authenticate enrollment ID and secret (i.e. username and password)
# for enrollment requests;
# 2) To retrieve identity attributes
#############################################################################
ldap:
# Enables or disables the LDAP client (default: false)
# If this is set to true, the "registry" section is ignored.
enabled: false
# The URL of the LDAP server
url: ldap://:@:/
# TLS configuration for the client connection to the LDAP server
tls:
certfiles:
client:
certfile:
keyfile:
# Attribute related configuration for mapping from LDAP entries to Fabric CA attributes
attribute:
# 'names' is an array of strings containing the LDAP attribute names which are
# requested from the LDAP server for an LDAP identity's entry
names: ['uid','member']
# The 'converters' section is used to convert an LDAP entry to the value of
# a fabric CA attribute.
# For example, the following converts an LDAP 'uid' attribute
# whose value begins with 'revoker' to a fabric CA attribute
# named "hf.Revoker" with a value of "true" (because the boolean expression
# evaluates to true).
# converters:
# - name: hf.Revoker
# value: attr("uid") =~ "revoker*"
converters:
- name:
value:
# The 'maps' section contains named maps which may be referenced by the 'map'
# function in the 'converters' section to map LDAP responses to arbitrary values.
# For example, assume a user has an LDAP attribute named 'member' which has multiple
# values which are each a distinguished name (i.e. a DN). For simplicity, assume the
# values of the 'member' attribute are 'dn1', 'dn2', and 'dn3'.
# Further assume the following configuration.
# converters:
# - name: hf.Registrar.Roles
# value: map(attr("member"),"groups")
# maps:
# groups:
# - name: dn1
# value: peer
# - name: dn2
# value: client
# The value of the user's 'hf.Registrar.Roles' attribute is then computed to be
# "peer,client,dn3". This is because the value of 'attr("member")' is
# "dn1,dn2,dn3", and the call to 'map' with a 2nd argument of
# "group" replaces "dn1" with "peer" and "dn2" with "client".
maps:
groups:
- name:
value:
#############################################################################
# Affiliations section. Fabric CA server can be bootstrapped with the
# affiliations specified in this section. Affiliations are specified as maps.
# For example:
# businessunit1:
# department1:
# - team1
# businessunit2:
# - department2
# - department3
#
# Affiliations are hierarchical in nature. In the above example,
# department1 (used as businessunit1.department1) is the child of businessunit1.
# team1 (used as businessunit1.department1.team1) is the child of department1.
# department2 (used as businessunit2.department2) and department3 (businessunit2.department3)
# are children of businessunit2.
# Note: Affiliations are case sensitive except for the non-leaf affiliations
# (like businessunit1, department1, businessunit2) that are specified in the configuration file,
# which are always stored in lower case.
#############################################################################
affiliations:
org1:
- department1
- department2
org2:
- department1
- department2
org3:
- department1
- department2
#############################################################################
# Signing section
#
# The "default" subsection is used to sign enrollment certificates;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#
# The "ca" profile subsection is used to sign intermediate CA certificates;
# the default expiration ("expiry" field) is "43800h" which is 5 years in hours.
# Note that "isca" is true, meaning that it issues a CA certificate.
# A maxpathlen of 0 means that the intermediate CA cannot issue other
# intermediate CA certificates, though it can still issue end entity certificates.
# (See RFC 5280, section 4.2.1.9)
#
# The "tls" profile subsection is used to sign TLS certificate requests;
# the default expiration ("expiry" field) is "8760h", which is 1 year in hours.
#############################################################################
signing:
default:
usage:
- digital signature
expiry: 8760h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 8760h
###########################################################################
# Certificate Signing Request (CSR) section.
# This controls the creation of the root CA certificate.
# The expiration for the root CA certificate is configured with the
# "ca.expiry" field below, whose default value is "131400h" which is
# 15 years in hours.
# The pathlength field is used to limit CA certificate hierarchy as described
# in section 4.2.1.9 of RFC 5280.
# Examples:
# 1) No pathlength value means no limit is requested.
# 2) pathlength == 1 means a limit of 1 is requested which is the default for
# a root CA. This means the root CA can issue intermediate CA certificates,
# but these intermediate CAs may not in turn issue other CA certificates
# though they can still issue end entity certificates.
# 3) pathlength == 0 means a limit of 0 is requested;
# this is the default for an intermediate CA, which means it can not issue
# CA certificates though it can still issue end entity certificates.
###########################################################################
csr:
cn: fabric-ca-server
names:
- C: US
ST: "North Carolina"
L:
O: Hyperledger
OU: Fabric
hosts:
- 95407623262a
- localhost
ca:
expiry: 131400h
pathlength: 1
#############################################################################
# BCCSP (BlockChain Crypto Service Provider) section is used to select which
# crypto library implementation to use
#############################################################################
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
# The directory used for the software file-based keystore
keystore: msp/keystore
#############################################################################
# Multi CA section
#
# Each Fabric CA server contains one CA by default. This section is used
# to configure multiple CAs in a single server.
#
# 1) --cacount
# Automatically generate non-default CAs. The names of these
# additional CAs are "ca1", "ca2", ... "caN", where "N" is
# This is particularly useful in a development environment to quickly set up
# multiple CAs. Note that, this config option is not applicable to intermediate CA server
# i.e., Fabric CA server that is started with intermediate.parentserver.url config
# option (-u command line option)
#
# 2) --cafiles
# For each CA config file in the list, generate a separate signing CA. Each CA
# config file in this list MAY contain all of the same elements as are found in
# the server config file except port, debug, and tls sections.
#
# Examples:
# fabric-ca-server start -b admin:adminpw --cacount 2
#
# fabric-ca-server start -b admin:adminpw --cafiles ca/ca1/fabric-ca-server-config.yaml
# --cafiles ca/ca2/fabric-ca-server-config.yaml
#
#############################################################################
cacount:
cafiles:
#############################################################################
# Intermediate CA section
#
# The relationship between servers and CAs is as follows:
# 1) A single server process may contain or function as one or more CAs.
# This is configured by the "Multi CA section" above.
# 2) Each CA is either a root CA or an intermediate CA.
# 3) Each intermediate CA has a parent CA which is either a root CA or another intermediate CA.
#
# This section pertains to configuration of #2 and #3.
# If the "intermediate.parentserver.url" property is set,
# then this is an intermediate CA with the specified parent
# CA.
#
# parentserver section
# url - The URL of the parent server
# caname - Name of the CA to enroll within the server
#
# enrollment section used to enroll intermediate CA with parent CA
# profile - Name of the signing profile to use in issuing the certificate
# label - Label to use in HSM operations
#
# tls section for secure socket connection
# certfiles - PEM-encoded list of trusted root certificate files
# client:
# certfile - PEM-encoded certificate file for when client authentication
# is enabled on server
# keyfile - PEM-encoded key file for when client authentication
# is enabled on server
#############################################################################
intermediate:
parentserver:
url:
caname:
enrollment:
hosts:
profile:
label:
tls:
certfiles:
client:
certfile:
keyfile:
- create-channel-artifacts.sh : 用于生成 fabric 各组织的 msp 文件
echo "##########################################################"
echo "##### Generate certificates using cryptogen tool #########"
echo "##########################################################"
if [ -d "channel/crypto-config" ]; then
rm -Rf channel/crypto-config
fi
set -x
./bin/cryptogen generate --output=./channel/crypto-config --config=./channel/cryptogen.yaml
res=$?
set +x
if [ $res -ne 0 ]; then
echo "Failed to generate certificates..."
exit 1
fi
echo "##########################################################"
echo "######### Generating Orderer Genesis block ##############"
echo "##########################################################"
# Note: For some unknown reason (at least for now) the block file can't be
# named orderer.genesis.block or the orderer will fail to launch!
if [ -d "channel/artifacts" ]; then
rm -Rf channel/artifacts
fi
mkdir ./channel/artifacts
set -x
./bin/configtxgen -configPath ./channel -profile OrgsOrdererGenesis -outputBlock ./channel/artifacts/genesis.block
res=$?
set +x
if [ $res -ne 0 ]; then
echo "Failed to generate orderer genesis block..."
exit 1
fi
echo
echo "#################################################################"
echo "### Generating channel configuration transaction 'mychannel.tx' ###"
echo "#################################################################"
set -x
./bin/configtxgen -configPath ./channel -profile OrgsChannel -outputCreateChannelTx ./channel/artifacts/mychannel.tx -channelID mychannel
res=$?
set +x
if [ $res -ne 0 ]; then
echo "Failed to generate channel configuration transaction..."
exit 1
fi
echo
echo "#################################################################"
echo "####### Generating anchor peer update for Org1MSP ##########"
echo "#################################################################"
set -x
./bin/configtxgen -configPath ./channel -profile OrgsChannel -outputAnchorPeersUpdate ./channel/artifacts/Org1MSPanchors.tx -channelID mychannel -asOrg Org1MSP
res=$?
set +x
if [ $res -ne 0 ]; then
echo "Failed to generate anchor peer update for Org1MSP..."
exit 1
fi
echo
echo "#################################################################"
echo "####### Generating anchor peer update for Org2MSP ##########"
echo "#################################################################"
set -x
./bin/configtxgen -configPath ./channel -profile OrgsChannel -outputAnchorPeersUpdate ./channel/artifacts/Org2MSPanchors.tx -channelID mychannel -asOrg Org2MSP
res=$?
set +x
if [ $res -ne 0 ]; then
echo "Failed to generate anchor peer update for Org2MSP..."
exit 1
fi
echo
echo "#################################################################"
echo "####### Generating anchor peer update for Org3MSP ##########"
echo "#################################################################"
set -x
./bin/configtxgen -configPath ./channel -profile OrgsChannel -outputAnchorPeersUpdate ./channel/artifacts/Org3MSPanchors.tx -channelID mychannel -asOrg Org3MSP
res=$?
set +x
if [ $res -ne 0 ]; then
echo "Failed to generate anchor peer update for Org3MSP..."
exit 1
fi
- docker-compose 存放启动网络的docker compose文件
- base.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
zookeeper:
image: hyperledger/fabric-zookeeper
restart: always
environment:
- ZOO_SERVERS=server.1=zookeeper0:2888:3888 server.2=zookeeper1:2888:3888 server.3=zookeeper2:2888:3888
ports:
- '2181'
- '2888'
- '3888'
kafka:
image: hyperledger/fabric-kafka
restart: always
environment:
- KAFKA_MESSAGE_MAX_BYTES=103809024 # 99 * 1024 * 1024 B (比 configtx.yaml 的 AbsoluteMaxBytes 要大 1M)
- KAFKA_REPLICA_FETCH_MAX_BYTES=103809024 # 99 * 1024 * 1024 B (比 configtx.yaml 的 AbsoluteMaxBytes 要大 1M)
- KAFKA_UNCLEAN_LEADER_ELECTION_ENABLE=false # 数据一致性在区块链环境中是至关重要的,不能从in-sync 副本(ISR)集合之外选取channel leader
- KAFKA_MIN_INSYNC_REPLICAS=2 # ISR 当同步M个副本后才可以重新可以写,至少为2
- KAFKA_DEFAULT_REPLICATION_FACTOR=3 # 副本因子,比kafka代理节点少 ,比 KAFKA_MIN_INSYNC_REPLICAS 要大,所以至少为3,由此得到kafka的最少节点是4个,容错一个节点
- KAFKA_NUM_PARTITIONS=4 # 每个topic 4个 partitions
- KAFKA_ZOOKEEPER_CONNECT=zookeeper0:2181,zookeeper1:2181,zookeeper2:2181
ports:
- '9092'
orderer-base:
image: hyperledger/fabric-orderer
environment:
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_KAFKA_RETRY_SHORTINTERVAL=1s
- ORDERER_KAFKA_RETRY_SHORTTOTAL=30s
- ORDERER_KAFKA_VERBOSE=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/orderer
command: orderer
peer-base:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=docker-compose_byfn
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
# The following setting skips the gossip handshake since we are
# are not doing mutual TLS
- CORE_PEER_GOSSIP_SKIPHANDSHAKE=true
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/crypto/peer/msp
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/crypto/peer/tls/server.key
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/crypto/peer/tls/server.crt
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/crypto/peer/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/
- docker-compose.yaml : 注意重新生成msp文件后要相应修改证书密钥的名称
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
networks:
byfn:
services:
zookeeper0:
container_name: zookeeper0
extends:
file: base.yaml
service: zookeeper
environment:
- ZOO_MY_ID=1 #1-255
networks:
- byfn
zookeeper1:
container_name: zookeeper1
extends:
file: base.yaml
service: zookeeper
environment:
- ZOO_MY_ID=2
networks:
- byfn
zookeeper2:
container_name: zookeeper2
extends:
file: base.yaml
service: zookeeper
environment:
- ZOO_MY_ID=3
networks:
- byfn
kafka0:
container_name: kafka0
extends:
file: base.yaml
service: kafka
environment:
- KAFKA_BROKER_ID=0
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- byfn
kafka1:
container_name: kafka1
extends:
file: base.yaml
service: kafka
environment:
- KAFKA_BROKER_ID=1
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- byfn
kafka2:
container_name: kafka2
extends:
file: base.yaml
service: kafka
environment:
- KAFKA_BROKER_ID=2
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- byfn
kafka3:
container_name: kafka3
extends:
file: base.yaml
service: kafka
environment:
- KAFKA_BROKER_ID=3
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
networks:
- byfn
ca.org1.example.com:
container_name: ca.org1.example.com
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/67b55aed53112c2a7ef57c50734bbecc3e8406b238f591e2685c99990188c94a_sk
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/67b55aed53112c2a7ef57c50734bbecc3e8406b238f591e2685c99990188c94a_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ../channel/crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ../channel/fabric-ca-server-config.yaml:/etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
networks:
- byfn
ca.org2.example.com:
container_name: ca.org2.example.com
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org2
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/64582bb48d828f0bc9c76fc35d232a434cff09e367614d0a0e3b3688299385dc_sk
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/64582bb48d828f0bc9c76fc35d232a434cff09e367614d0a0e3b3688299385dc_sk
ports:
- "8054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ../channel/crypto-config/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ../channel/fabric-ca-server-config.yaml:/etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
networks:
- byfn
ca.org3.example.com:
container_name: ca.org3.example.com
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org3
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/af254a45bcf63d18c03f1f8c142f5ff0037a3adc349fdf7822cd25369fd2068e_sk
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/af254a45bcf63d18c03f1f8c142f5ff0037a3adc349fdf7822cd25369fd2068e_sk
ports:
- "9054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ../channel/crypto-config/peerOrganizations/org3.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
- ../channel/fabric-ca-server-config.yaml:/etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
networks:
- byfn
orderer0.example.com:
container_name: orderer0.example.com
extends:
file: base.yaml
service: orderer-base
environment:
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/crypto/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/crypto/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/crypto/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/crypto/orderer/tls/ca.crt, /etc/hyperledger/crypto/peerOrg1/tls/ca.crt, /etc/hyperledger/crypto/peerOrg2/tls/ca.crt, /etc/hyperledger/crypto/peerOrg3/tls/ca.crt]
ports:
- 7050:7050
volumes:
- ../channel/artifacts:/etc/hyperledger/configtx
- ../channel/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/:/etc/hyperledger/crypto/orderer
- ../channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/:/etc/hyperledger/crypto/peerOrg1
- ../channel/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/:/etc/hyperledger/crypto/peerOrg2
- ../channel/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/:/etc/hyperledger/crypto/peerOrg3
networks:
- byfn
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
- kafka0
- kafka1
- kafka2
- kafka3
orderer1.example.com:
container_name: orderer1.example.com
extends:
file: base.yaml
service: orderer-base
environment:
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/crypto/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/crypto/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/crypto/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/crypto/orderer/tls/ca.crt, /etc/hyperledger/crypto/peerOrg1/tls/ca.crt, /etc/hyperledger/crypto/peerOrg2/tls/ca.crt, /etc/hyperledger/crypto/peerOrg3/tls/ca.crt]
ports:
- 8050:7050
volumes:
- ../channel/artifacts:/etc/hyperledger/configtx
- ../channel/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/:/etc/hyperledger/crypto/orderer
- ../channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/:/etc/hyperledger/crypto/peerOrg1
- ../channel/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/:/etc/hyperledger/crypto/peerOrg2
- ../channel/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/:/etc/hyperledger/crypto/peerOrg3
networks:
- byfn
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
- kafka0
- kafka1
- kafka2
- kafka3
orderer2.example.com:
container_name: orderer2.example.com
extends:
file: base.yaml
service: orderer-base
environment:
- ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/genesis.block
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/crypto/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/crypto/orderer/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/crypto/orderer/tls/server.crt
- ORDERER_GENERAL_TLS_ROOTCAS=[/etc/hyperledger/crypto/orderer/tls/ca.crt, /etc/hyperledger/crypto/peerOrg1/tls/ca.crt, /etc/hyperledger/crypto/peerOrg2/tls/ca.crt, /etc/hyperledger/crypto/peerOrg3/tls/ca.crt]
ports:
- 9050:7050
volumes:
- ../channel/artifacts:/etc/hyperledger/configtx
- ../channel/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/:/etc/hyperledger/crypto/orderer
- ../channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/:/etc/hyperledger/crypto/peerOrg1
- ../channel/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/:/etc/hyperledger/crypto/peerOrg2
- ../channel/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/:/etc/hyperledger/crypto/peerOrg3
networks:
- byfn
depends_on:
- zookeeper0
- zookeeper1
- zookeeper2
- kafka0
- kafka1
- kafka2
- kafka3
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
ports:
- 7051:7051
- 7053:7053
volumes:
- ../channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/:/etc/hyperledger/crypto/peer
depends_on:
- orderer0.example.com
- orderer1.example.com
- orderer2.example.com
networks:
- byfn
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org1.example.com
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_ADDRESS=peer1.org1.example.com:7051
ports:
- 7056:7051
- 7058:7053
volumes:
- ../channel/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/:/etc/hyperledger/crypto/peer
depends_on:
- orderer0.example.com
- orderer1.example.com
- orderer2.example.com
networks:
- byfn
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
ports:
- 8051:7051
- 8053:7053
volumes:
- ../channel/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/:/etc/hyperledger/crypto/peer
depends_on:
- orderer0.example.com
- orderer1.example.com
- orderer2.example.com
networks:
- byfn
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org2.example.com
- CORE_PEER_LOCALMSPID=Org2MSP
- CORE_PEER_ADDRESS=peer1.org2.example.com:7051
ports:
- 8056:7051
- 8058:7053
volumes:
- ../channel/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/:/etc/hyperledger/crypto/peer
depends_on:
- orderer0.example.com
- orderer1.example.com
- orderer2.example.com
networks:
- byfn
peer0.org3.example.com:
container_name: peer0.org3.example.com
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org3.example.com
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_PEER_ADDRESS=peer0.org3.example.com:7051
ports:
- 9051:7051
- 9053:7053
volumes:
- ../channel/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/:/etc/hyperledger/crypto/peer
depends_on:
- orderer0.example.com
- orderer1.example.com
- orderer2.example.com
networks:
- byfn
peer1.org3.example.com:
container_name: peer1.org3.example.com
extends:
file: base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org3.example.com
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_PEER_ADDRESS=peer1.org3.example.com:7051
ports:
- 9056:7051
- 9058:7053
volumes:
- ../channel/crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/:/etc/hyperledger/crypto/peer
depends_on:
- orderer0.example.com
- orderer1.example.com
- orderer2.example.com
networks:
- byfn
- start-network.sh : 利用脚本启动网络
#!/bin/bash
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
function dkcl(){
CONTAINER_IDS=$(docker ps -aq)
echo
if [ -z "$CONTAINER_IDS" -o "$CONTAINER_IDS" = " " ]; then
echo "========== No containers available for deletion =========="
else
docker rm -f $CONTAINER_IDS
fi
echo
}
function dkrm(){
DOCKER_IMAGE_IDS=$(docker images | grep "dev\|none\|test-vp\|peer[0-9]-" | awk '{print $3}')
echo
if [ -z "$DOCKER_IMAGE_IDS" -o "$DOCKER_IMAGE_IDS" = " " ]; then
echo "========== No images available for deletion ==========="
else
docker rmi -f $DOCKER_IMAGE_IDS
fi
echo
}
function restartNetwork() {
echo
#teardown the network and clean the containers and intermediate images
docker-compose -f ./docker-compose/docker-compose.yaml down
dkcl
dkrm
#Cleanup the stores
rm -rf ./fabric-client-kv-org*
#Start the network
docker-compose -f ./docker-compose/docker-compose.yaml up -d
echo
}
restartNetwork
搭建网络具体流程
- 创建 network 目录
- 搭建 fabric 网络工具:bin文件夹下 (具体来源fabric-samples项目)
- 在channel下编写configtx.yaml,cryptogen.yaml,fabric-ca-server-config.yaml 文件
- 注意 fabric-ca-server-config.yaml 下的 affiliations节点的组织与网络对应
- 执行 create-channel-artifacts.sh 创建证书和密钥文件
- 在docker-compose下编写base.yaml,docker-compose.yaml 文件
- 注意 base.yaml的 CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE 要与docker-compose的启动网络对应
- 注意 docker-compose.yaml的 *_KEYFILE 修改为相应的密钥文件
- 执行 start-network.sh
- 完成网络