构建fabric 服务器,实现一台服务器一个组织,双节点操作,同步实现两台服务器及组织通信。
- 设置docker-compose-cli.yaml文件加载模式为- CORE_LOGGING_LEVEL=DEBUG,注释掉自动安装的模式 #- CORE_LOGGING_LEVEL=INFO
- Cryptogen 可以为机构和机构下属生成唯一的根证书和密匙。成员使用ca来进行交易和通信,并由私钥签名,公钥校验。crypto-config.yaml介绍:
OrdererOrgs:
- Name: Orderer //组织名
Domain: example.com //域名
- Hostname: orderer //网络实体的命名约定如下 - “{ {.Hostname}}.{ {.Domain}}” 。以我们的排序服务节点为例,我们设置了一个名为 - orderer.example.com 的排序服务节点,
- Name: Org1 //组织名
Domain: org1.example.com //域名
EnableNodeOUs: true //启用组织单元
Template: //对等节点数量
Count: 2
Users: //普通用户数量(除过管理员)
Count: 1
运行 cryptogen 工具后,生成的证书和密钥将被保存到 crypto-config 文件夹中。
运行命令生成证书密匙命令:../bin/cryptogen generate --config=./crypto-config.yaml
3.configtxgen 工具用于创建排序服务节点(创世区块)、通道配置、锚节点。先构建创世区块,然后构建通道,最后通道绑定机构锚节点。
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org3 //增加组织时增加以下
Name: Org3MSP
ID: Org3MSP
MSPDir: crypto-config/peerOrganizations/org3.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org3MSP.admin', 'Org3MSP.peer', 'Org3MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org3MSP.admin', 'Org3MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org3MSP.admin')"
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
Profiles: //结尾增加如下
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
- *Org3
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
Capabilities:
<<: *ApplicationCapabilities
创建初始区块运行命令:../bin/configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block
创建通道配置文件:export CHANNEL_NAME=mychannel && ../bin/configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME //mychannel为通道名字,可以修改。
指定机构锚节点:../bin/configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org3MSP //重复为每个机构指定
4.启动网络:修改docker-compose-cli.yaml docker-compose-base.yaml 文件
docker-compose-cli.yaml
volumes:
orderer.example.com:
peer0.org1.example.com:
peer1.org1.example.com:
peer0.org2.example.com:
peer1.org2.example.com:
peer0.org3.example.com:
peer1.org3.example.com:
services:
peer0.org3.example.com:
container_name: peer0.org3.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org3.example.com
networks:
- byfn
peer1.org3.example.com:
container_name: peer1.org3.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org3.example.com
networks:
- byfn
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer1.org1.example.com
- peer0.org2.example.com
- peer1.org2.example.com
- peer0.org3.example.com
- peer1.org3.example.com
docker-compose-base.yaml
peer0.org3.example.com:
container_name: peer0.org3.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org3.example.com
- CORE_PEER_ADDRESS=peer0.org3.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org3.example.com:7051
- CORE_PEER_LOCALMSPID=Org3MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls
- peer0.org3.example.com:/var/hyperledger/production
ports:
- 11051:7051
- 11053:7053
peer1.org3.example.com:
container_name: peer1.org3.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org3.example.com
- CORE_PEER_ADDRESS=peer1.org3.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org3.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org3.example.com:7051
- CORE_PEER_LOCALMSPID=Org3MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls:/etc/hyperledger/fabric/tls
- peer1.org3.example.com:/var/hyperledger/production
ports:
- 12051:7051
- 12053:7053
进入节点cli容器命令:docker exec -it cli bash
规定通道名字常量:export CHANNEL_NAME=mychannel
生成通道命令:peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
节点加入通道命令:peer channel join -b mychannel.block //如果你修改了通道名称,请传入相应的 .block 文件名
更改节点环境变量:CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp CORE_PEER_ADDRESS=peer0.org1.example.com:7051 CORE_PEER_LOCALMSPID="Org1MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt peer channel join -b mychannel.block //将组织1的节点加入通道
设置锚节点:CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp CORE_PEER_ADDRESS=peer0.org1.example.com:7051 CORE_PEER_LOCALMSPID="Org1MSP" CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem //重复多次
安装go链码命令:peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go/
实例化链码:peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer')" //需要指定export CHANNEL_NAME=mychannel
策略为 -P "OR ('Org0MSP.peer','Org1MSP.peer')"。这表示我们需要机构 Org1 或者 机构 Org2 中一个节点的 “背书”(即只需要一个背书)。如果我们将策略改为 AND,则我们需要两个背书。
测试功能:
查询命令:peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
调用命令:peer chaincode invoke -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","10"]}'