共计 9882 个字符,预计需要花费 25 分钟才能阅读完成。
本文不会在从 0 开始搭建这个那个网络,咱们会在 <<Hyperledger Fabric 2.0 手动生成 CA 证书搭建 Fabric 网络 -Raft 协定 >> 的根底上来改良,有上文中单 orderer 节点改成多节点共识。
本次将 orderer 改为三个节点,本人须要更多节点的能够本人依据机会状况进行减少,步骤和办法雷同。
一、orderer 节点用户注册(TLS)
在向 TLS 注册用户是,有以前注册单用户改成注册多用户(三个节点、orderer1-org0,orderer2-org0,orderer3-org0)
https://0.0.0.0:7052 为 TLS CA 地址,
fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererPW --id.type orderer
-u https://0.0.0.0:7052 --tls.certfiles /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
fabric-ca-client register -d --id.name orderer2-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052 --tls.certfiles /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pem
fabric-ca-client register -d --id.name orderer3-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052 --tls.certfiles /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pem二、org0 注册用户
同样须要注册三个节点用户
export FABRIC_CA_CLIENT_TLS_CERTFILES=/data/hyperledger/org0/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/data/hyperledger/org0/ca/admin
fabric-ca-client enroll -d -u https://org0-admin:org0-adminpw@0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#注册 order1 用户
fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererpw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#注册 order2 用户
fabric-ca-client register -d --id.name orderer2-org0 --id.secret ordererpw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#注册 order3 用户
fabric-ca-client register -d --id.name orderer3-org0 --id.secret ordererpw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
fabric-ca-client register -d --id.name admin-org0 --id.secret org0adminpw --id.type admin --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" -u https://0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem三、生成 oerders MSP 证书
mkdir -p /tmp/hyperledger/org0/orderers/assets/ca/
cp /tmp/hyperledger/org0/ca/crypto/ca-cert.pem /tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderers/orderer1-org0
#orderer1 msp 证书
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -u https://orderer1-org0:ordererpw@0.0.0.0:7053 -M /tmp/hyperledger/org0/orderers/orderer1-org0/msp --csr.hosts orderer1-org0 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#orderer2 msp 证书
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderers/orderer2-org0
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -u https://orderer2-org0:ordererpw@0.0.0.0:7053 -M /tmp/hyperledger/org0/orderers/orderer2-org0/msp --csr.hosts orderer2-org0 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#orderer3 msp 证书
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderers/orderer3-org0
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -u https://orderer3-org0:ordererpw@0.0.0.0:7053 -M /tmp/hyperledger/org0/orderers/orderer3-org0/msp --csr.hosts orderer3-org0 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem
#admin msp 证书
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://admin-org0:org0adminpw@0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem四、生成 oerders tls-ca 证书
mkdir /tmp/hyperledger/org0/orderers/assets/tls-ca/
cp /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pem /tmp/hyperledger/org0/orderers/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -u https://orderer1-org0:ordererPW@0.0.0.0:7052 -M /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp --enrollment.profile tls --csr.hosts orderer1-org0 --tls.certfiles /data/hyperledger/org0/orderers/tls-ca-cert.pem
fabric-ca-client enroll -u https://orderer2-org0:ordererPW@0.0.0.0:7052 -M /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp --enrollment.profile tls --csr.hosts orderer2-org0 --tls.certfiles /data/hyperledger/org0/orderers/tls-ca-cert.pem
fabric-ca-client enroll -u https://orderer3-org0:ordererPW@0.0.0.0:7052 -M /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp --enrollment.profile tls --csr.hosts orderer3-org0 --tls.certfiles /data/hyperledger/org0/orderers/tls-ca-cert.pem
#批改 keystore 名称
mv /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/keystore/*_sk /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/keystore/key.pem
mv /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/keystore/*_sk /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/keystore/key.pem
mv /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/keystore/*_sk /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/keystore/key.pem
#生成 admincerts 目录
mkdir /tmp/hyperledger/org0/orderers/orderer1-org0/msp/admincerts
cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /data/hyperledger/org0/orderers/orderer1-org0/msp/admincerts/orderer-admin-cert.pem
mkdir /tmp/hyperledger/org0/orderers/orderer2-org0/msp/admincerts
cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /data/hyperledger/org0/orderers/orderer2-org0/msp/admincerts/orderer-admin-cert.pem
mkdir /tmp/hyperledger/org0/orderers/orderer3-org0/msp/admincerts
cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /data/hyperledger/org0/orderers/orderer3-org0/msp/admincerts/orderer-admin-cert.pem⚠️:同理在每个 orderer 节点 msp 上面增加 config.yaml 文件
五、批改 configtx.yaml 共识策略
configtx.yaml 文件内容比拟长,我在这就不贴全副,只贴出须要批改的中央,残缺文件请参照上一篇文章,
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer1-org0
Port: 7050
ClientTLSCert: /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/signcerts/cert..
pem
ServerTLSCert: /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/signcerts/cert..
pem
- Host: orderer2-org0
Port: 7050
ClientTLSCert: /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/signcerts/cert..
pem
ServerTLSCert: /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/signcerts/cert..
pem
- Host: orderer3-org0
Port: 7050
ClientTLSCert: /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/signcerts/cert..
pem
ServerTLSCert: /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/signcerts/cert..
pem
Addresses:
- orderer1-org0:7050
- orderer2-org0:7050
- orderer3-org0:7050
只须要批改 orderer 共识策略这块就能够了,其它依照原流程不须要变。
六、启动所有 orderer 节点
6.1 orderer1 启动
version: '2'
networks:
fabric-ca:
services:
orderer1-org0:
container_name: orderer1-org0
image: hyperledger/fabric-orderer:2.1.0
environment:
- ORDERER_HOME=/tmp/hyperledger/orderer
- ORDERER_HOST=orderer1-org0
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/genesis.block
- ORDERER_GENERAL_LOCALMSPID=org0MSP
- ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/org0/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem
- ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs
volumes:
- /tmp/hyperledger/org0/fabric-ca-client/orderers/orderer1-org0:/tmp/hyperledger/org0/orderer/
- /tmp/hyperledger/block:/tmp/hyperledger/
networks:
- fabric-ca6.2 orderer3 启动
version: '2'
networks:
fabric-ca:
services:
orderer2-org0:
container_name: orderer2-org0
image: hyperledger/fabric-orderer:2.1.0
environment:
- ORDERER_HOME=/tmp/hyperledger/orderer
- ORDERER_HOST=orderer2-org0
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/genesis.block
- ORDERER_GENERAL_LOCALMSPID=org0MSP
- ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/org0/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem
- ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs
volumes:
- /tmp/hyperledger/org0/fabric-ca-client/orderers/orderer2-org0:/tmp/hyperledger/org0/orderer/
- /tmp/hyperledger/block:/tmp/hyperledger/
networks:
- fabric-ca6.3 orderer3 启动
version: '2'
networks:
fabric-ca:
services:
orderer3-org0:
container_name: orderer3-org0
image: hyperledger/fabric-orderer:2.0.0
environment:
- ORDERER_HOME=/tmp/hyperledger/orderer
- ORDERER_HOST=orderer2-org0
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/genesis.block
- ORDERER_GENERAL_LOCALMSPID=org0MSP
- ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/org0/orderer/msp
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem
- ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs
volumes:
- /tmp/hyperledger/org0/fabric-ca-client/orderers/orderer3-org0:/tmp/hyperledger/org0/orderer/
- /tmp/hyperledger/block:/tmp/hyperledger/
networks:
- fabric-ca到这多节点改变曾经实现,上述在 <<Hyperledger Fabric 2.0 手动生成 CA 证书搭建 Fabric 网络 -Raft 协定 >> 根底上来批改 ordderer 共识节点流程,其它流程不变。再次申明这个篇文章不是一个残缺程序的流程。
联合这两篇文章,Hyperledger Fabric 2.0 手动生成 CA 证书搭建 Fabric 网络 -Raft 协定 - 多 orderer 节点部署用该不会有任何问题,能够间接用于生产环境。
如有谬误,请指教。谢谢!
正文完
