配置生成
以下操作均于centos7.6虛擬機(jī)環(huán)境使用root用戶完成,可以根據(jù)具體需求進(jìn)行選擇實(shí)體機(jī)與不同用戶選擇
該教程(搭建第一個(gè)fabric網(wǎng)絡(luò)1.4.2版本)基本完全基于官方文檔進(jìn)行转质,適用于缺乏了解的新手與感興趣的人群
官方文檔地址:
1.cryptogen生成證書
使用cryptogen為我們的網(wǎng)絡(luò)實(shí)體生成各種加密材料( x509 證書和簽名秘鑰)歇式。這些證書是身份的代表腰根,在實(shí)體之間通信和交易的時(shí)候召川,它們?cè)试S對(duì)身份驗(yàn)證進(jìn)行簽名和驗(yàn)證划址。
首先編輯crypto-config.yaml文件,如下:(這里不對(duì)文件內(nèi)容作解釋,之后有專門章節(jié)解釋)
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs: #orderer組織儒喊,生成5個(gè)orderer的身份證明
- Name: Orderer
Domain: orderer.com
Specs:
- Hostname: orderer0
- Hostname: orderer1
- Hostname: orderer2
- Hostname: orderer3
- Hostname: orderer4
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs: #peer組織镣奋,各1個(gè)節(jié)點(diǎn)與用戶
- Name: Org1
Domain: org1.com
EnableNodeOUs: true
Template:
Count: 1
Users:
Count: 1
- Name: Org2
Domain: org2.com
EnableNodeOUs: true
Template:
Count: 1
Users:
Count: 1
使用命令進(jìn)行生成:
# 在當(dāng)前目錄執(zhí)行,執(zhí)行完畢會(huì)在當(dāng)前目錄生成包含身份證明數(shù)據(jù)(x509 證書和簽名秘鑰)的目錄
cryptogen generate --config=./crypto-config.yaml
生成的文件目錄結(jié)構(gòu)如下:
crypto-config
├── ordererOrganizations
│ └── orderer.com
│ ├── ca
│ │ ├── ca.orderer.com-cert.pem
│ │ └── cb40525e702e671eca53aa829ce166dccb4e64df45703902cbe13060c2cb1cfb_sk
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@orderer.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.orderer.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.orderer.com-cert.pem
│ ├── orderers
│ │ ├── orderer0.orderer.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── Admin@orderer.com-cert.pem
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.orderer.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── b6853a1df22aa09f409731486ad9eb5682903a0cad32869527b5a8e4c92305f1_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── orderer0.orderer.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.orderer.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ ├── orderer1.orderer.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── Admin@orderer.com-cert.pem
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.orderer.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 17ee9e7c96496dbb631249a72d1208735c517bd9f151f2363b629c19bbcdd722_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── orderer1.orderer.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.orderer.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ ├── orderer2.orderer.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── Admin@orderer.com-cert.pem
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.orderer.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 67cb0f79598c93ad1e9feeeb4fcc91f56b6d2883f5af2dd759ef0904c79b3e42_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── orderer2.orderer.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.orderer.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ ├── orderer3.orderer.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── Admin@orderer.com-cert.pem
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.orderer.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 0eb958cd99142e4d3c3828f9e1b8b71e88fabc4bd7e367ca317fb8a387773651_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── orderer3.orderer.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.orderer.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ └── orderer4.orderer.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── Admin@orderer.com-cert.pem
│ │ │ ├── cacerts
│ │ │ │ └── ca.orderer.com-cert.pem
│ │ │ ├── keystore
│ │ │ │ └── 14b2244bfec1b657ef9b5553f71898affe4b909f514a4ceda0140010fb084e31_sk
│ │ │ ├── signcerts
│ │ │ │ └── orderer4.orderer.com-cert.pem
│ │ │ └── tlscacerts
│ │ │ └── tlsca.orderer.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ ├── tlsca
│ │ ├── b96fccf689f6fc0f9e2eae84d79bc043647e1ca9e42dba611d7e0b4bed964220_sk
│ │ └── tlsca.orderer.com-cert.pem
│ └── users
│ └── Admin@orderer.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@orderer.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.orderer.com-cert.pem
│ │ ├── keystore
│ │ │ └── f07b713faf1a7d5758374e2107d3feedf4d564f6edb747168ce59e1264f74804_sk
│ │ ├── signcerts
│ │ │ └── Admin@orderer.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.orderer.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── client.crt
│ └── client.key
└── peerOrganizations
├── org1.com
│ ├── ca
│ │ ├── ca08395fb3cfb0d1b698416bb3abd9f57483fce46f380ac79bc16c53744439df_sk
│ │ └── ca.org1.com-cert.pem
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@org1.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.org1.com-cert.pem
│ │ ├── config.yaml
│ │ └── tlscacerts
│ │ └── tlsca.org1.com-cert.pem
│ ├── peers
│ │ └── peer0.org1.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── Admin@org1.com-cert.pem
│ │ │ ├── cacerts
│ │ │ │ └── ca.org1.com-cert.pem
│ │ │ ├── config.yaml
│ │ │ ├── keystore
│ │ │ │ └── 72c79456aa95890758259901e37c48487adbb373ddeb4d563c755ecaea900973_sk
│ │ │ ├── signcerts
│ │ │ │ └── peer0.org1.com-cert.pem
│ │ │ └── tlscacerts
│ │ │ └── tlsca.org1.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ ├── tlsca
│ │ ├── 9a0b43daa17c7e5a8e048c51f4d45b97838ab1b0efdc535aba20f0c38129935d_sk
│ │ └── tlsca.org1.com-cert.pem
│ └── users
│ ├── Admin@org1.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── Admin@org1.com-cert.pem
│ │ │ ├── cacerts
│ │ │ │ └── ca.org1.com-cert.pem
│ │ │ ├── keystore
│ │ │ │ └── a9b98d7f41aa787b6738e5289ce1de06ff5248d5d77b8e42ea338a81e11a8482_sk
│ │ │ ├── signcerts
│ │ │ │ └── Admin@org1.com-cert.pem
│ │ │ └── tlscacerts
│ │ │ └── tlsca.org1.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── client.crt
│ │ └── client.key
│ └── User1@org1.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── User1@org1.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.org1.com-cert.pem
│ │ ├── keystore
│ │ │ └── f031fec28dbcc5f267941ef4a414ab2b0f5a8a887bb580f9656e694a0f821f67_sk
│ │ ├── signcerts
│ │ │ └── User1@org1.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.org1.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── client.crt
│ └── client.key
└── org2.com
├── ca
│ ├── a4d9659f098499ce52016d3a4f5ecabefb453993424bdafe1f2da9d8ae4a83c7_sk
│ └── ca.org2.com-cert.pem
├── msp
│ ├── admincerts
│ │ └── Admin@org2.com-cert.pem
│ ├── cacerts
│ │ └── ca.org2.com-cert.pem
│ ├── config.yaml
│ └── tlscacerts
│ └── tlsca.org2.com-cert.pem
├── peers
│ └── peer0.org2.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@org2.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.org2.com-cert.pem
│ │ ├── config.yaml
│ │ ├── keystore
│ │ │ └── 846ff9356b6134ead2f5e9e98abfaee96b07aef1d5058977527932290efb439a_sk
│ │ ├── signcerts
│ │ │ └── peer0.org2.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.org2.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
├── tlsca
│ ├── c84a4fb8ac90cfe80826975b8902fa279e38a0947028b663e455ac9da495320b_sk
│ └── tlsca.org2.com-cert.pem
└── users
├── Admin@org2.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@org2.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.org2.com-cert.pem
│ │ ├── keystore
│ │ │ └── 3dbe15dfafd8464c1c2467c1ec07c04d28b33a84a54d86b370c4af04a6821d31_sk
│ │ ├── signcerts
│ │ │ └── Admin@org2.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.org2.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── client.crt
│ └── client.key
└── User1@org2.com
├── msp
│ ├── admincerts
│ │ └── User1@org2.com-cert.pem
│ ├── cacerts
│ │ └── ca.org2.com-cert.pem
│ ├── keystore
│ │ └── 2ac7ac78c2037355571ead990e2ad10ed3d47f1fa9580c37d90d9d27d7bb769a_sk
│ ├── signcerts
│ │ └── User1@org2.com-cert.pem
│ └── tlscacerts
│ └── tlsca.org2.com-cert.pem
└── tls
├── ca.crt
├── client.crt
└── client.key
2.configtxgen生成配置交易
configtxgen 工具用來(lái)創(chuàng)建四個(gè)配置構(gòu)件:
- 排序節(jié)點(diǎn)的
創(chuàng)世區(qū)塊,- 通道
配置交易,- 兩個(gè)
錨節(jié)點(diǎn)交易怀愧,一個(gè)對(duì)應(yīng)一個(gè) Peer 組織侨颈。
排序區(qū)塊是排序服務(wù)的創(chuàng)世區(qū)塊,通道配置交易在通道創(chuàng)建的時(shí)候廣播給排序服務(wù)芯义。錨節(jié)點(diǎn)交易哈垢,指定了每個(gè)組織在此通道上的錨節(jié)點(diǎn)。
首先編輯configtx.yaml文件扛拨,如下:(這里不對(duì)文件內(nèi)容作解釋耘分,之后有專門章節(jié)解釋)
Organizations:
- &Orderer
Name: Orderer
ID: Orderer
MSPDir: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orderer.member')"
Writers:
Type: Signature
Rule: "OR('Orderer.member')"
Admins:
Type: Signature
Rule: "OR('Orderer.admin')"
- &Org1
Name: Org1
ID: Org1
MSPDir: /home/test/crypto/crypto-config/peerOrganizations/org1.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1.admin', 'Org1.peer', 'Org1.client')"
Writers:
Type: Signature
Rule: "OR('Org1.admin', 'Org1.client')"
Admins:
Type: Signature
Rule: "OR('Org1.admin')"
AnchorPeers:
- Host: peer0.org1.com
Port: 7051
- &Org2
Name: Org2
ID: Org2
MSPDir: /home/test/crypto/crypto-config/peerOrganizations/org2.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2.admin', 'Org2.peer', 'Org2.client')"
Writers:
Type: Signature
Rule: "OR('Org2.admin', 'Org2.client')"
Admins:
Type: Signature
Rule: "OR('Org2.admin')"
AnchorPeers:
- Host: peer0.org2.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_2: true
Orderer: &OrdererCapabilities
V1_4_2: true
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies: &ApplicationDefaultPolicies
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses:
- orderer0.orderer.com:7050
- orderer1.orderer.com:7050
- orderer2.orderer.com:7050
- orderer3.orderer.com:9050
- orderer4.orderer.com:9050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 10 MB
PreferredMaxBytes: 2 MB
MaxChannels: 0
Kafka:
Brokers:
- kafka0:9092
EtcdRaft:
Consenters:
- Host: orderer0.orderer.com
Port: 7050
ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer0.orderer.com/tls/server.crt
ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer0.orderer.com/tls/server.crt
- Host: orderer1.orderer.com
Port: 7050
ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer1.orderer.com/tls/server.crt
ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer1.orderer.com/tls/server.crt
- Host: orderer2.orderer.com
Port: 7050
ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer2.orderer.com/tls/server.crt
ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer2.orderer.com/tls/server.crt
- Host: orderer3.orderer.com
Port: 9050
ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer3.orderer.com/tls/server.crt
ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer3.orderer.com/tls/server.crt
- Host: orderer4.orderer.com
Port: 9050
ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer4.orderer.com/tls/server.crt
ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer4.orderer.com/tls/server.crt
Options:
TickInterval: 500ms
ElectionTick: 10
HeartbeatTick: 1
MaxInflightBlocks: 5
SnapshotIntervalSize: 20 MB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
SampleDevModeEtcdRaft:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *Orderer
Application:
<<: *ApplicationDefaults
Organizations:
- *Orderer
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
使用下列命令進(jìn)行配置生成:
# 生成創(chuàng)世塊
configtxgen -profile SampleDevModeEtcdRaft -channelID test-sys-channel -outputBlock genesis.block
# 通道配置交易
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx channel.tx -channelID mychannel
# 錨節(jié)點(diǎn)配置
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate Org1anchors.tx -channelID mychannel -asOrg Org1
# 錨節(jié)點(diǎn)配置
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate Org2anchors.tx -channelID mychannel -asOrg Org2
生成后應(yīng)有如下文件
channel.tx configtx.yaml genesis.block mychannel.block Org1anchors.tx Org2anchors.tx
至此,相關(guān)配置已經(jīng)生成完畢绑警,接下來(lái)我們可以使用docker進(jìn)行網(wǎng)絡(luò)的啟動(dòng)了求泰。
另外在啟動(dòng)前,我們需要把生成的相關(guān)文件copy到其他機(jī)器上计盒,使用copy的方式或者scp命令均可渴频,這里不再贅述。
