关于fabric:进阶篇一Fabric-20-手动生成CA证书搭建Fabric网络Raft协议多orderer节点

本文不会在从0开始搭建这个那个网络，咱们会在<<Hyperledger Fabric 2.0 手动生成CA证书搭建Fabric网络-Raft协定>>的根底上来改良，有上文中单orderer节点改成多节点共识。

本次将orderer改为三个节点， 本人须要更多节点的能够本人依据机会状况进行减少，步骤和办法雷同。

一、orderer节点用户注册（TLS）

在向TLS注册用户是，有以前注册单用户改成注册多用户（三个节点、orderer1-org0，orderer2-org0，orderer3-org0）
https://0.0.0.0:7052为TLS CA 地址，

fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererPW --id.type orderer-u https://0.0.0.0:7052 --tls.certfiles /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pemfabric-ca-client register -d --id.name orderer2-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052 --tls.certfiles /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pemfabric-ca-client register -d --id.name orderer3-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052 --tls.certfiles /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pem

二、org0注册用户

同样须要注册三个节点用户

export FABRIC_CA_CLIENT_TLS_CERTFILES=/data/hyperledger/org0/ca/crypto/ca-cert.pemexport FABRIC_CA_CLIENT_HOME=/data/hyperledger/org0/ca/adminfabric-ca-client enroll -d -u https://org0-admin:org0-adminpw@0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem#注册order1用户fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererpw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:7053  --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem#注册order2用户fabric-ca-client register -d --id.name orderer2-org0 --id.secret ordererpw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:7053  --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem#注册order3用户fabric-ca-client register -d --id.name orderer3-org0 --id.secret ordererpw --id.type orderer --id.attrs '"hf.Registrar.Roles=orderer"' -u https://0.0.0.0:7053  --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pemfabric-ca-client register -d --id.name admin-org0 --id.secret org0adminpw --id.type admin --id.attrs "hf.Registrar.Roles=client,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert,abac.init=true:ecert" -u https://0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem

三、生成oerders MSP证书

mkdir -p /tmp/hyperledger/org0/orderers/assets/ca/cp /tmp/hyperledger/org0/ca/crypto/ca-cert.pem /tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pemexport FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderers/orderer1-org0#orderer1 msp证书export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -u https://orderer1-org0:ordererpw@0.0.0.0:7053 -M /tmp/hyperledger/org0/orderers/orderer1-org0/msp --csr.hosts orderer1-org0 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem#orderer2 msp证书export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderers/orderer2-org0export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -u https://orderer2-org0:ordererpw@0.0.0.0:7053 -M /tmp/hyperledger/org0/orderers/orderer2-org0/msp --csr.hosts orderer2-org0 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem#orderer3 msp证书export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderers/orderer3-org0export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -u https://orderer3-org0:ordererpw@0.0.0.0:7053 -M /tmp/hyperledger/org0/orderers/orderer3-org0/msp --csr.hosts orderer3-org0 --tls.certfiles /tmp/hyperledger/org0/ca/crypto/ca-cert.pem#admin msp证书export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/adminexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://admin-org0:org0adminpw@0.0.0.0:7053 --tls.certfiles /tmp/hyperledger/org0/orderers/assets/ca/org0-ca-cert.pem

四、生成oerders tls-ca证书

mkdir /tmp/hyperledger/org0/orderers/assets/tls-ca/cp /tmp/hyperledger/fabric-ca-tls/crypto/ca-cert.pem /tmp/hyperledger/org0/orderers/assets/tls-ca/tls-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderers/assets/tls-ca/tls-ca-cert.pemfabric-ca-client enroll -u https://orderer1-org0:ordererPW@0.0.0.0:7052  -M /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp --enrollment.profile tls --csr.hosts orderer1-org0 --tls.certfiles /data/hyperledger/org0/orderers/tls-ca-cert.pemfabric-ca-client enroll -u https://orderer2-org0:ordererPW@0.0.0.0:7052  -M /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp --enrollment.profile tls --csr.hosts orderer2-org0 --tls.certfiles /data/hyperledger/org0/orderers/tls-ca-cert.pemfabric-ca-client enroll -u https://orderer3-org0:ordererPW@0.0.0.0:7052  -M /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp --enrollment.profile tls --csr.hosts orderer3-org0 --tls.certfiles /data/hyperledger/org0/orderers/tls-ca-cert.pem#批改keystore名称mv /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/keystore/*_sk /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/keystore/key.pemmv /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/keystore/*_sk /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/keystore/key.pemmv /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/keystore/*_sk /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/keystore/key.pem#生成admincerts目录mkdir /tmp/hyperledger/org0/orderers/orderer1-org0/msp/admincertscp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /data/hyperledger/org0/orderers/orderer1-org0/msp/admincerts/orderer-admin-cert.pemmkdir /tmp/hyperledger/org0/orderers/orderer2-org0/msp/admincertscp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /data/hyperledger/org0/orderers/orderer2-org0/msp/admincerts/orderer-admin-cert.pemmkdir /tmp/hyperledger/org0/orderers/orderer3-org0/msp/admincertscp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /data/hyperledger/org0/orderers/orderer3-org0/msp/admincerts/orderer-admin-cert.pem

⚠️： 同理在每个orderer节点msp上面增加config.yaml文件

五、批改configtx.yaml共识策略

configtx.yaml 文件内容比拟长，我在这就不贴全副，只贴出须要批改的中央， 残缺文件请参照上一篇文章，

Orderer: &OrdererDefaults    # Orderer Type: The orderer implementation to start    OrdererType: etcdraft    EtcdRaft:        Consenters:        - Host: orderer1-org0          Port: 7050          ClientTLSCert: /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/signcerts/cert..pem          ServerTLSCert: /tmp/hyperledger/org0/orderers/orderer1-org0/tls-msp/signcerts/cert..pem        - Host: orderer2-org0          Port: 7050          ClientTLSCert: /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/signcerts/cert..pem          ServerTLSCert: /tmp/hyperledger/org0/orderers/orderer2-org0/tls-msp/signcerts/cert..pem        - Host: orderer3-org0          Port: 7050          ClientTLSCert: /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/signcerts/cert..pem          ServerTLSCert: /tmp/hyperledger/org0/orderers/orderer3-org0/tls-msp/signcerts/cert..pem    Addresses:        - orderer1-org0:7050        - orderer2-org0:7050        - orderer3-org0:7050

只须要批改orderer共识策略这块就能够了，其它依照原流程不须要变。

六、启动所有orderer节点

6.1 orderer1启动

version: '2'networks:  fabric-ca:services:   orderer1-org0:    container_name: orderer1-org0    image: hyperledger/fabric-orderer:2.1.0    environment:      - ORDERER_HOME=/tmp/hyperledger/orderer      - ORDERER_HOST=orderer1-org0      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0      - ORDERER_GENERAL_GENESISMETHOD=file      - ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/genesis.block      - ORDERER_GENERAL_LOCALMSPID=org0MSP      - ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/org0/orderer/msp      - ORDERER_GENERAL_TLS_ENABLED=true      - ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem      - ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem      - ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]      - ORDERER_GENERAL_LOGLEVEL=debug      - ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs    volumes:      - /tmp/hyperledger/org0/fabric-ca-client/orderers/orderer1-org0:/tmp/hyperledger/org0/orderer/      - /tmp/hyperledger/block:/tmp/hyperledger/    networks:      - fabric-ca

6.2 orderer3启动

version: '2'networks:  fabric-ca:services:   orderer2-org0:    container_name: orderer2-org0    image: hyperledger/fabric-orderer:2.1.0    environment:      - ORDERER_HOME=/tmp/hyperledger/orderer      - ORDERER_HOST=orderer2-org0      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0      - ORDERER_GENERAL_GENESISMETHOD=file      - ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/genesis.block      - ORDERER_GENERAL_LOCALMSPID=org0MSP      - ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/org0/orderer/msp      - ORDERER_GENERAL_TLS_ENABLED=true      - ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem      - ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem      - ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]      - ORDERER_GENERAL_LOGLEVEL=debug      - ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs    volumes:      - /tmp/hyperledger/org0/fabric-ca-client/orderers/orderer2-org0:/tmp/hyperledger/org0/orderer/      - /tmp/hyperledger/block:/tmp/hyperledger/    networks:      - fabric-ca

6.3 orderer3启动

version: '2'networks:  fabric-ca:services:   orderer3-org0:    container_name: orderer3-org0    image: hyperledger/fabric-orderer:2.0.0    environment:      - ORDERER_HOME=/tmp/hyperledger/orderer      - ORDERER_HOST=orderer2-org0      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0      - ORDERER_GENERAL_GENESISMETHOD=file      - ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/genesis.block      - ORDERER_GENERAL_LOCALMSPID=org0MSP      - ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/org0/orderer/msp      - ORDERER_GENERAL_TLS_ENABLED=true      - ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem      - ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem      - ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]      - ORDERER_GENERAL_LOGLEVEL=debug      - ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs    volumes:      - /tmp/hyperledger/org0/fabric-ca-client/orderers/orderer3-org0:/tmp/hyperledger/org0/orderer/      - /tmp/hyperledger/block:/tmp/hyperledger/    networks:      - fabric-ca

到这多节点改变曾经实现， 上述在<<Hyperledger Fabric 2.0 手动生成CA证书搭建Fabric网络-Raft协定>>根底上来批改ordderer共识节点流程，其它流程不变。再次申明这个篇文章不是一个残缺程序的流程。

联合这两篇文章，Hyperledger Fabric 2.0 手动生成CA证书搭建Fabric网络-Raft协定-多orderer节点部署用该不会有任何问题， 能够间接用于生产环境。

如有谬误，请指教。谢谢！