前言

在试验Hyperledger Fabric无排序组织以Raft协定启动多个Orderer服务、多组织独特运行保护Orderer服务中,咱们曾经实现了让一般组织运行保护 Orderer 服务,然而最初发现因为运行排序服务的组织须要较为凋谢的拜访策略,可能会升高组织的安全性,所以本试验将尝试应用提供 TLS-CA 服务的 council 组织运行保护 Raft 协定的三个 orderer 节点。本文将在之前的试验根底上,启动一个没有 orderer 组织的 Fabric ,其中由 council 组织提供排序服务,其余三个组织保护着各自的 peer 节点,最初胜利在其上部署运行链码。

工作筹备

本文工作

以无排序组织的形式启动 Hyperledger Fabric 网络,其中蕴含四个组织—— council 、 soft 、 web 、 hard , council 组织为网络提供 TLS-CA 服务,并且运行保护着三个 orderer 服务;其余每个组织都运行保护着一个 peer 节点。网络结构为(试验代码已上传至:https://github.com/wefantasy/FabricLearn 的 4-2_RunOrdererByCouncil 下):

运行端口阐明
council.ifantasy.net7050council 组织的 CA 服务, 为联盟链网络提供 TLS-CA 服务
orderer1.council.ifantasy.net7051council 组织的 orderer1 服务
orderer1.council.ifantasy.net7052council 组织的 orderer1 服务的 admin 服务
orderer2.council.ifantasy.net7054council 组织的 orderer2 服务
orderer2.council.ifantasy.net7055council 组织的 orderer2 服务的 admin 服务
orderer3.council.ifantasy.net7057council 组织的 orderer3 服务
orderer3.council.ifantasy.net7058council 组织的 orderer3 服务的 admin 服务
soft.ifantasy.net7250soft 组织的 CA 服务, 蕴含成员: peer1 、 admin1
peer1.soft.ifantasy.net7251soft 组织的 peer1 成员节点
web.ifantasy.net7350web 组织的 CA 服务, 蕴含成员: peer1 、 admin1
peer1.web.ifantasy.net7351web 组织的 peer1 成员节点
hard.ifantasy.net7450hard 组织的 CA 服务, 蕴含成员: peer1 、 admin1
peer1.hard.ifantasy.net7451hard 组织的 peer1 成员节点

试验筹备

本文网络结构间接将 Hyperledger Fabric无排序组织以Raft协定启动多个Orderer服务、多组织独特运行保护Orderer服务 中创立的 4-1_RunOrdererByOneself 复制为 4-2_RunOrdererByCouncil 并批改(倡议间接将本案例仓库 FabricLearn 下的 4-2_RunOrdererByCouncil 目录拷贝到本地运行),文中大部分命令在 Hyperledger Fabric定制联盟链网络工程实际 中已有介绍因而不会具体阐明。默认状况下,所有命令皆在 4-2_RunOrdererByCouncil 根目录下执行,在开始前面的试验前依照以下命令启动根底试验网络:

  1. 设置DNS(如果未设置): ./setDNS.sh
  2. 设置环境变量: source envpeer1soft
  3. 启动CA网络: ./0_Restart.sh

本试验初始 docker 网络为:

试验步骤

配置文件

  1. 批改配置文件 compose/docker-compose.yaml ,批改所有 orderer 的组织为 council :

      orderer1.council.ifantasy.net: container_name: orderer1.council.ifantasy.net extends:   file: docker-base.yaml   service: orderer-base environment:   - ORDERER_HOST=orderer1.council.ifantasy.net   - ORDERER_GENERAL_LOCALMSPID=councilMSP   - ORDERER_GENERAL_LISTENPORT=7051 volumes:   - ${LOCAL_CA_PATH}/council.ifantasy.net/registers/orderer1:${DOCKER_CA_PATH}/orderer ports:   - 7051:7051   - 7052:8888   - 7053:9999  orderer2.council.ifantasy.net: container_name: orderer2.council.ifantasy.net extends:   file: docker-base.yaml   service: orderer-base environment:   - ORDERER_HOST=orderer2.council.ifantasy.net   - ORDERER_GENERAL_LOCALMSPID=councilMSP   - ORDERER_GENERAL_LISTENPORT=7054 volumes:   - ${LOCAL_CA_PATH}/council.ifantasy.net/registers/orderer2:${DOCKER_CA_PATH}/orderer ports:   - 7054:7054   - 7055:8888   - 7056:9999     orderer3.council.ifantasy.net: container_name: orderer3.council.ifantasy.net extends:   file: docker-base.yaml   service: orderer-base environment:   - ORDERER_HOST=orderer3.council.ifantasy.net   - ORDERER_GENERAL_LOCALMSPID=councilMSP   - ORDERER_GENERAL_LISTENPORT=7057 volumes:   - ${LOCAL_CA_PATH}/council.ifantasy.net/registers/orderer3:${DOCKER_CA_PATH}/orderer ports:   - 7057:7057   - 7058:8888   - 7059:9999

  2. 批改配置文件 config/configtx.yaml ,源文件太长在此不贴,其次要批改内容为:

    • 将所有 OrdererEndpoints 相干配置挪动至 councilMSP 下:
    • 更新 Orderer 中排序服务地址:

    • 批改 Profiles 内容如下:

      Profiles:  # OrgsChannel用来生成channel配置信息,名字能够任意  # 须要蕴含Consortium和Applicatioon两局部。  OrgsChannel:      Consortium: SampleConsortium    # 通道所关联的联盟名称      <<: *ChannelDefaults      Orderer:          <<: *OrdererDefaults          Organizations:              - *councilMSP          Capabilities: *OrdererCapabilities      Application:          <<: *ApplicationDefaults          Organizations:              - *softMSP              - *webMSP              - *hardMSP          Capabilities:              <<: *ApplicationCapabilities

注册用户

间接运行根目录下的 1_RegisterUser.sh 即可实现本实验所需用户的注册。

  1. council 用户注册:

    echo "Working on council"export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pemexport FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/council.ifantasy.net/ca/adminfabric-ca-client enroll -d -u https://ca-admin:ca-adminpw@council.ifantasy.net:7050fabric-ca-client register -d --id.name admin1 --id.secret admin1 --id.type admin -u https://council.ifantasy.net:7050fabric-ca-client register -d --id.name orderer1 --id.secret orderer1 --id.type orderer -u https://council.ifantasy.net:7050fabric-ca-client register -d --id.name orderer2 --id.secret orderer2 --id.type orderer -u https://council.ifantasy.net:7050fabric-ca-client register -d --id.name orderer3 --id.secret orderer3 --id.type orderer -u https://council.ifantasy.net:7050fabric-ca-client register -d --id.name peer1soft --id.secret peer1soft --id.type peer -u https://council.ifantasy.net:7050fabric-ca-client register -d --id.name peer1web --id.secret peer1web --id.type peer -u https://council.ifantasy.net:7050fabric-ca-client register -d --id.name peer1hard --id.secret peer1hard --id.type peer -u https://council.ifantasy.net:7050

  2. soft 用户注册:

    echo "Working on soft"export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/soft.ifantasy.net/ca/crypto/ca-cert.pemexport FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/soft.ifantasy.net/ca/adminfabric-ca-client enroll -d -u https://ca-admin:ca-adminpw@soft.ifantasy.net:7250fabric-ca-client register -d --id.name peer1 --id.secret peer1 --id.type peer -u https://soft.ifantasy.net:7250fabric-ca-client register -d --id.name admin1 --id.secret admin1 --id.type admin -u https://soft.ifantasy.net:7250

  3. web 用户注册:

    echo "Working on web"export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/web.ifantasy.net/ca/crypto/ca-cert.pemexport FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/web.ifantasy.net/ca/adminfabric-ca-client enroll -d -u https://ca-admin:ca-adminpw@web.ifantasy.net:7350fabric-ca-client register -d --id.name peer1 --id.secret peer1 --id.type peer -u https://web.ifantasy.net:7350fabric-ca-client register -d --id.name admin1 --id.secret admin1 --id.type admin -u https://web.ifantasy.net:7350

  4. hard 用户注册:

    echo "Working on hard"export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/ca/crypto/ca-cert.pemexport FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/hard.ifantasy.net/ca/adminfabric-ca-client enroll -d -u https://ca-admin:ca-adminpw@hard.ifantasy.net:7450fabric-ca-client register -d --id.name peer1 --id.secret peer1 --id.type peer -u https://hard.ifantasy.net:7450fabric-ca-client register -d --id.name admin1 --id.secret admin1 --id.type admin -u https://hard.ifantasy.net:7450

组织证书构建

间接运行根目录下的 2_EnrollUser.sh 即可实现本实验所需证书的构建。

  1. 组织资产预处理:

    echo "Preparation============================="mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/assetscp $LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pemcp $LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/council.ifantasy.net/assets/tls-ca-cert.pemmkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/assetscp $LOCAL_CA_PATH/soft.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/assets/ca-cert.pemcp $LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/assets/tls-ca-cert.pemmkdir -p $LOCAL_CA_PATH/web.ifantasy.net/assets cp $LOCAL_CA_PATH/web.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/web.ifantasy.net/assets/ca-cert.pemcp $LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/web.ifantasy.net/assets/tls-ca-cert.pemmkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/assetscp $LOCAL_CA_PATH/hard.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pemcp $LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/assets/tls-ca-cert.pemecho "Preparation end=========================="

  2. council 证书构建:

    echo "Start Council============================="echo "Enroll Admin"export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/council.ifantasy.net/registers/admin1export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://admin1:admin1@council.ifantasy.net:7050# 退出通道时会用到admin/msp,其下必须要有admincersmkdir -p $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/admincertscp $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/admincerts/cert.pemecho "Enroll Orderer1"# for identityexport FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://orderer1:orderer1@council.ifantasy.net:7050mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/msp/admincertscp $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/msp/admincerts/cert.pem# for TLSexport FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/tls-ca-cert.pemfabric-ca-client enroll -d -u https://orderer1:orderer1@council.ifantasy.net:7050 --enrollment.profile tls --csr.hosts orderer1.council.ifantasy.netcp $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/tls-msp/keystore/*_sk $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/tls-msp/keystore/key.pemecho "Enroll Orderer2"# for identityexport FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://orderer2:orderer2@council.ifantasy.net:7050mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/msp/admincertscp $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/msp/admincerts/cert.pem# for TLSexport FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/tls-ca-cert.pemfabric-ca-client enroll -d -u https://orderer2:orderer2@council.ifantasy.net:7050 --enrollment.profile tls --csr.hosts orderer2.council.ifantasy.netcp $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/tls-msp/keystore/*_sk $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/tls-msp/keystore/key.pemecho "Enroll Orderer3"# for identityexport FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://orderer3:orderer3@council.ifantasy.net:7050mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/msp/admincertscp $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/msp/admincerts/cert.pem# for TLSexport FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/tls-ca-cert.pemfabric-ca-client enroll -d -u https://orderer3:orderer3@council.ifantasy.net:7050 --enrollment.profile tls --csr.hosts orderer3.council.ifantasy.netcp $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/tls-msp/keystore/*_sk $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/tls-msp/keystore/key.pemmkdir -p $LOCAL_CA_PATH/council.ifantasy.net/msp/admincertsmkdir -p $LOCAL_CA_PATH/council.ifantasy.net/msp/cacertsmkdir -p $LOCAL_CA_PATH/council.ifantasy.net/msp/tlscacertsmkdir -p $LOCAL_CA_PATH/council.ifantasy.net/msp/userscp $LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pem $LOCAL_CA_PATH/council.ifantasy.net/msp/cacerts/cp $LOCAL_CA_PATH/council.ifantasy.net/assets/tls-ca-cert.pem $LOCAL_CA_PATH/council.ifantasy.net/msp/tlscacerts/cp $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/council.ifantasy.net/msp/admincerts/cert.pemcp $LOCAL_ROOT_PATH/config/config-msp.yaml $LOCAL_CA_PATH/council.ifantasy.net/msp/config.yamlecho "End council============================="

  3. soft 证书构建:

    echo "Start Soft============================="echo "Enroll Admin"export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/soft.ifantasy.net/assets/ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://admin1:admin1@soft.ifantasy.net:7250mkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1/msp/admincertscp $LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1/msp/admincerts/cert.pemecho "Enroll Peer1"export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/soft.ifantasy.net/registers/peer1export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/soft.ifantasy.net/assets/ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://peer1:peer1@soft.ifantasy.net:7250# for TLSexport FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/soft.ifantasy.net/assets/tls-ca-cert.pemfabric-ca-client enroll -d -u https://peer1soft:peer1soft@council.ifantasy.net:7050 --enrollment.profile tls --csr.hosts peer1.soft.ifantasy.netcp $LOCAL_CA_PATH/soft.ifantasy.net/registers/peer1/tls-msp/keystore/*_sk $LOCAL_CA_PATH/soft.ifantasy.net/registers/peer1/tls-msp/keystore/key.pemmkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/registers/peer1/msp/admincertscp $LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/registers/peer1/msp/admincerts/cert.pemmkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/msp/admincertsmkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/msp/cacertsmkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/msp/tlscacertsmkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/msp/userscp $LOCAL_CA_PATH/soft.ifantasy.net/assets/ca-cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/msp/cacerts/cp $LOCAL_CA_PATH/soft.ifantasy.net/assets/tls-ca-cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/msp/tlscacerts/cp $LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/msp/admincerts/cert.pemcp $LOCAL_ROOT_PATH/config/config-msp.yaml $LOCAL_CA_PATH/soft.ifantasy.net/msp/config.yamlecho "End Soft============================="

  4. web 证书构建:

    echo "Start Web============================="echo "Enroll Admin"export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/web.ifantasy.net/registers/admin1export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/web.ifantasy.net/assets/ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://admin1:admin1@web.ifantasy.net:7350mkdir -p $LOCAL_CA_PATH/web.ifantasy.net/registers/admin1/msp/admincertscp $LOCAL_CA_PATH/web.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/web.ifantasy.net/registers/admin1/msp/admincerts/cert.pemecho "Enroll Peer1"# for identityexport FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/web.ifantasy.net/registers/peer1export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/web.ifantasy.net/assets/ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://peer1:peer1@web.ifantasy.net:7350# for TLSexport FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/web.ifantasy.net/assets/tls-ca-cert.pemfabric-ca-client enroll -d -u https://peer1web:peer1web@council.ifantasy.net:7050 --enrollment.profile tls --csr.hosts peer1.web.ifantasy.netcp $LOCAL_CA_PATH/web.ifantasy.net/registers/peer1/tls-msp/keystore/*_sk $LOCAL_CA_PATH/web.ifantasy.net/registers/peer1/tls-msp/keystore/key.pemmkdir -p $LOCAL_CA_PATH/web.ifantasy.net/registers/peer1/msp/admincertscp $LOCAL_CA_PATH/web.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/web.ifantasy.net/registers/peer1/msp/admincerts/cert.pemmkdir -p $LOCAL_CA_PATH/web.ifantasy.net/msp/admincertsmkdir -p $LOCAL_CA_PATH/web.ifantasy.net/msp/cacertsmkdir -p $LOCAL_CA_PATH/web.ifantasy.net/msp/tlscacertsmkdir -p $LOCAL_CA_PATH/web.ifantasy.net/msp/userscp $LOCAL_CA_PATH/web.ifantasy.net/assets/ca-cert.pem $LOCAL_CA_PATH/web.ifantasy.net/msp/cacerts/cp $LOCAL_CA_PATH/web.ifantasy.net/assets/tls-ca-cert.pem $LOCAL_CA_PATH/web.ifantasy.net/msp/tlscacerts/cp $LOCAL_CA_PATH/web.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/web.ifantasy.net/msp/admincerts/cert.pemcp $LOCAL_ROOT_PATH/config/config-msp.yaml $LOCAL_CA_PATH/web.ifantasy.net/msp/config.yamlecho "End Web============================="

  5. hard 证书构建:

    echo "Start Hard============================="echo "Enroll Admin"export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://admin1:admin1@hard.ifantasy.net:7450mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/admincertscp $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/admincerts/cert.pemecho "Enroll Peer1"export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://peer1:peer1@hard.ifantasy.net:7450# for TLSexport FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/assets/tls-ca-cert.pemfabric-ca-client enroll -d -u https://peer1hard:peer1hard@council.ifantasy.net:7050 --enrollment.profile tls --csr.hosts peer1.hard.ifantasy.netcp $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/tls-msp/keystore/*_sk $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/tls-msp/keystore/key.pemmkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/msp/admincertscp $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/msp/admincerts/cert.pemmkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/admincertsmkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/cacertsmkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/tlscacertsmkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/userscp $LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/msp/cacerts/cp $LOCAL_CA_PATH/hard.ifantasy.net/assets/tls-ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/msp/tlscacerts/cp $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/msp/admincerts/cert.pemcp $LOCAL_ROOT_PATH/config/config-msp.yaml $LOCAL_CA_PATH/hard.ifantasy.net/msp/config.yamlecho "End Hard============================="

配置通道

间接运行根目录下的 3_Configtxgen.sh 即可实现本实验所需通道配置。

  1. 启动 orderer 和 peer 容器:

    docker-compose -f $LOCAL_ROOT_PATH/compose/docker-compose.yaml up -d peer1.soft.ifantasy.net peer1.web.ifantasy.net peer1.hard.ifantasy.net docker-compose -f $LOCAL_ROOT_PATH/compose/docker-compose.yaml up -d orderer1.council.ifantasy.net orderer2.council.ifantasy.net orderer3.council.ifantasy.net

    此时已启动所有实验所需容器:

  2. 创立创世区块:

    configtxgen -profile OrgsChannel -outputCreateChannelTx $LOCAL_ROOT_PATH/data/testchannel.tx -channelID testchannelconfigtxgen -profile OrgsChannel -outputBlock $LOCAL_ROOT_PATH/data/testchannel.block -channelID testchannelcp $LOCAL_ROOT_PATH/data/testchannel.block $LOCAL_CA_PATH/soft.ifantasy.net/assets/cp $LOCAL_ROOT_PATH/data/testchannel.block $LOCAL_CA_PATH/web.ifantasy.net/assets/cp $LOCAL_ROOT_PATH/data/testchannel.block $LOCAL_CA_PATH/hard.ifantasy.net/assets/

  3. 使三个 orderer 退出 testchannel 通道:

    source envpeer1softexport ORDERER_ADMIN_TLS_SIGN_CERT=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/tls-msp/signcerts/cert.pemexport ORDERER_ADMIN_TLS_PRIVATE_KEY=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/tls-msp/keystore/key.pemosnadmin channel join -o orderer1.council.ifantasy.net:7052 --channelID testchannel --config-block $LOCAL_ROOT_PATH/data/testchannel.block --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY"osnadmin channel list -o orderer1.council.ifantasy.net:7052 --ca-file $ORDERER_CA --client-cert $ORDERER_ADMIN_TLS_SIGN_CERT --client-key $ORDERER_ADMIN_TLS_PRIVATE_KEYexport ORDERER_ADMIN_TLS_SIGN_CERT=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/tls-msp/signcerts/cert.pemexport ORDERER_ADMIN_TLS_PRIVATE_KEY=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/tls-msp/keystore/key.pemosnadmin channel join -o orderer2.council.ifantasy.net:7055 --channelID testchannel --config-block $LOCAL_ROOT_PATH/data/testchannel.block --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY"osnadmin channel list -o orderer2.council.ifantasy.net:7055 --ca-file $ORDERER_CA --client-cert $ORDERER_ADMIN_TLS_SIGN_CERT --client-key $ORDERER_ADMIN_TLS_PRIVATE_KEYexport ORDERER_ADMIN_TLS_SIGN_CERT=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/tls-msp/signcerts/cert.pemexport ORDERER_ADMIN_TLS_PRIVATE_KEY=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/tls-msp/keystore/key.pemosnadmin channel join -o orderer3.council.ifantasy.net:7058 --channelID testchannel --config-block $LOCAL_ROOT_PATH/data/testchannel.block --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY"osnadmin channel list -o orderer3.council.ifantasy.net:7058 --ca-file $ORDERER_CA --client-cert $ORDERER_ADMIN_TLS_SIGN_CERT --client-key $ORDERER_ADMIN_TLS_PRIVATE_KEY

  4. 三组织退出 testchannel 通道:

    source envpeer1softpeer channel join -b $LOCAL_CA_PATH/soft.ifantasy.net/assets/testchannel.blockpeer channel listsource envpeer1webpeer channel join -b $LOCAL_CA_PATH/web.ifantasy.net/assets/testchannel.blockpeer channel listsource envpeer1hardpeer channel join -b $LOCAL_CA_PATH/hard.ifantasy.net/assets/testchannel.blockpeer channel list

    部署测试链码

    间接运行根目录下的 4_TestChaincode.sh 即可实现本试验示例的链码装置和测试。

  5. 三组织装置链码:

    source envpeer1soft# peer lifecycle chaincode package basic.tar.gz --path asset-transfer-basic/chaincode-go --label basic_1peer lifecycle chaincode install basic.tar.gzpeer lifecycle chaincode queryinstalledsource envpeer1webpeer lifecycle chaincode install basic.tar.gzpeer lifecycle chaincode queryinstalledsource envpeer1hardpeer lifecycle chaincode install basic.tar.gzpeer lifecycle chaincode queryinstalled

  6. 三组织批准链码:

    export CHAINCODE_ID=basic_1:06613e463ef6694805dd896ca79634a2de36fdf019fa7976467e6e632104d718source envpeer1softpeer lifecycle chaincode approveformyorg -o orderer1.council.ifantasy.net:7051 --tls --cafile $ORDERER_CA  --channelID testchannel --name basic --version 1.0 --sequence 1 --waitForEvent --init-required --package-id $CHAINCODE_IDpeer lifecycle chaincode queryapproved -C testchannel -n basic --sequence 1source envpeer1webpeer lifecycle chaincode approveformyorg -o orderer3.council.ifantasy.net:7057 --tls --cafile $ORDERER_CA  --channelID testchannel --name basic --version 1.0 --sequence 1 --waitForEvent --init-required --package-id $CHAINCODE_IDpeer lifecycle chaincode queryapproved -C testchannel -n basic --sequence 1source envpeer1hardpeer lifecycle chaincode approveformyorg -o orderer2.council.ifantasy.net:7054 --tls --cafile $ORDERER_CA  --channelID testchannel --name basic --version 1.0 --sequence 1 --waitForEvent --init-required --package-id $CHAINCODE_IDpeer lifecycle chaincode queryapproved -C testchannel -n basic --sequence 1

  7. 查看链码是否筹备好提交:

    peer lifecycle chaincode checkcommitreadiness -o orderer1.council.ifantasy.net:7051 --tls --cafile $ORDERER_CA --channelID testchannel --name basic --version 1.0 --sequence 1 --init-required

  8. 初始化并调用链码:

    source envpeer1softpeer lifecycle chaincode commit -o orderer2.council.ifantasy.net:7054 --tls --cafile $ORDERER_CA --channelID testchannel --name basic --init-required --version 1.0 --sequence 1 --peerAddresses peer1.soft.ifantasy.net:7251 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer1.web.ifantasy.net:7351 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILEpeer lifecycle chaincode querycommitted --channelID testchannel --name basic -o orderer1.council.ifantasy.net:7051 --tls --cafile $ORDERER_CA --peerAddresses peer1.soft.ifantasy.net:7251 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILEpeer chaincode invoke --isInit -o orderer1.council.ifantasy.net:7051 --tls --cafile $ORDERER_CA --channelID testchannel --name basic --peerAddresses peer1.soft.ifantasy.net:7251 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer1.web.ifantasy.net:7351 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE -c '{"Args":["InitLedger"]}'sleep 5peer chaincode invoke -o orderer1.council.ifantasy.net:7051 --tls --cafile $ORDERER_CA --channelID testchannel --name basic --peerAddresses peer1.soft.ifantasy.net:7251 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer1.web.ifantasy.net:7351 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE -c '{"Args":["GetAllAssets"]}'

<!-- 1: 作者. 文章题目. 发表地. [发表或更新日期] -->

  1. 1 ↩