配置生成
以下操作均于centos7.6虚拟机环境使用root用户完成,可以根据具体需求进行选择实体机与不同用户选择
该教程(搭建第一个fabric网络1.4.2版本)基本完全基于官方文档进行,适用于缺乏了解的新手与感兴趣的人群
官方文档地址:
1.cryptogen生成证书
使用cryptogen为我们的网络实体生成各种加密材料( x509 证书和签名秘钥)。这些证书是身份的代表,在实体之间通信和交易的时候,它们允许对身份验证进行签名和验证。
首先编辑crypto-config.yaml文件,如下:(这里不对文件内容作解释,之后有专门章节解释)
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs: #orderer组织,生成5个orderer的身份证明
- Name: Orderer
Domain: orderer.com
Specs:
- Hostname: orderer0
- Hostname: orderer1
- Hostname: orderer2
- Hostname: orderer3
- Hostname: orderer4
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs: #peer组织,各1个节点与用户
- Name: Org1
Domain: org1.com
EnableNodeOUs: true
Template:
Count: 1
Users:
Count: 1
- Name: Org2
Domain: org2.com
EnableNodeOUs: true
Template:
Count: 1
Users:
Count: 1
使用命令进行生成:
# 在当前目录执行,执行完毕会在当前目录生成包含身份证明数据(x509 证书和签名秘钥)的目录
cryptogen generate --config=./crypto-config.yaml
生成的文件目录结构如下:
crypto-config
├── ordererOrganizations
│ └── orderer.com
│ ├── ca
│ │ ├── ca.orderer.com-cert.pem
│ │ └── cb40525e702e671eca53aa829ce166dccb4e64df45703902cbe13060c2cb1cfb_sk
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@orderer.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.orderer.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.orderer.com-cert.pem
│ ├── orderers
│ │ ├── orderer0.orderer.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── Admin@orderer.com-cert.pem
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.orderer.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── b6853a1df22aa09f409731486ad9eb5682903a0cad32869527b5a8e4c92305f1_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── orderer0.orderer.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.orderer.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ ├── orderer1.orderer.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── Admin@orderer.com-cert.pem
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.orderer.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 17ee9e7c96496dbb631249a72d1208735c517bd9f151f2363b629c19bbcdd722_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── orderer1.orderer.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.orderer.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ ├── orderer2.orderer.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── Admin@orderer.com-cert.pem
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.orderer.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 67cb0f79598c93ad1e9feeeb4fcc91f56b6d2883f5af2dd759ef0904c79b3e42_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── orderer2.orderer.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.orderer.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ ├── orderer3.orderer.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── Admin@orderer.com-cert.pem
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.orderer.com-cert.pem
│ │ │ │ ├── keystore
│ │ │ │ │ └── 0eb958cd99142e4d3c3828f9e1b8b71e88fabc4bd7e367ca317fb8a387773651_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── orderer3.orderer.com-cert.pem
│ │ │ │ └── tlscacerts
│ │ │ │ └── tlsca.orderer.com-cert.pem
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ └── orderer4.orderer.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── Admin@orderer.com-cert.pem
│ │ │ ├── cacerts
│ │ │ │ └── ca.orderer.com-cert.pem
│ │ │ ├── keystore
│ │ │ │ └── 14b2244bfec1b657ef9b5553f71898affe4b909f514a4ceda0140010fb084e31_sk
│ │ │ ├── signcerts
│ │ │ │ └── orderer4.orderer.com-cert.pem
│ │ │ └── tlscacerts
│ │ │ └── tlsca.orderer.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ ├── tlsca
│ │ ├── b96fccf689f6fc0f9e2eae84d79bc043647e1ca9e42dba611d7e0b4bed964220_sk
│ │ └── tlsca.orderer.com-cert.pem
│ └── users
│ └── Admin@orderer.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@orderer.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.orderer.com-cert.pem
│ │ ├── keystore
│ │ │ └── f07b713faf1a7d5758374e2107d3feedf4d564f6edb747168ce59e1264f74804_sk
│ │ ├── signcerts
│ │ │ └── Admin@orderer.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.orderer.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── client.crt
│ └── client.key
└── peerOrganizations
├── org1.com
│ ├── ca
│ │ ├── ca08395fb3cfb0d1b698416bb3abd9f57483fce46f380ac79bc16c53744439df_sk
│ │ └── ca.org1.com-cert.pem
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@org1.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.org1.com-cert.pem
│ │ ├── config.yaml
│ │ └── tlscacerts
│ │ └── tlsca.org1.com-cert.pem
│ ├── peers
│ │ └── peer0.org1.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── Admin@org1.com-cert.pem
│ │ │ ├── cacerts
│ │ │ │ └── ca.org1.com-cert.pem
│ │ │ ├── config.yaml
│ │ │ ├── keystore
│ │ │ │ └── 72c79456aa95890758259901e37c48487adbb373ddeb4d563c755ecaea900973_sk
│ │ │ ├── signcerts
│ │ │ │ └── peer0.org1.com-cert.pem
│ │ │ └── tlscacerts
│ │ │ └── tlsca.org1.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ ├── tlsca
│ │ ├── 9a0b43daa17c7e5a8e048c51f4d45b97838ab1b0efdc535aba20f0c38129935d_sk
│ │ └── tlsca.org1.com-cert.pem
│ └── users
│ ├── Admin@org1.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── Admin@org1.com-cert.pem
│ │ │ ├── cacerts
│ │ │ │ └── ca.org1.com-cert.pem
│ │ │ ├── keystore
│ │ │ │ └── a9b98d7f41aa787b6738e5289ce1de06ff5248d5d77b8e42ea338a81e11a8482_sk
│ │ │ ├── signcerts
│ │ │ │ └── Admin@org1.com-cert.pem
│ │ │ └── tlscacerts
│ │ │ └── tlsca.org1.com-cert.pem
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── client.crt
│ │ └── client.key
│ └── User1@org1.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── User1@org1.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.org1.com-cert.pem
│ │ ├── keystore
│ │ │ └── f031fec28dbcc5f267941ef4a414ab2b0f5a8a887bb580f9656e694a0f821f67_sk
│ │ ├── signcerts
│ │ │ └── User1@org1.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.org1.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── client.crt
│ └── client.key
└── org2.com
├── ca
│ ├── a4d9659f098499ce52016d3a4f5ecabefb453993424bdafe1f2da9d8ae4a83c7_sk
│ └── ca.org2.com-cert.pem
├── msp
│ ├── admincerts
│ │ └── Admin@org2.com-cert.pem
│ ├── cacerts
│ │ └── ca.org2.com-cert.pem
│ ├── config.yaml
│ └── tlscacerts
│ └── tlsca.org2.com-cert.pem
├── peers
│ └── peer0.org2.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@org2.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.org2.com-cert.pem
│ │ ├── config.yaml
│ │ ├── keystore
│ │ │ └── 846ff9356b6134ead2f5e9e98abfaee96b07aef1d5058977527932290efb439a_sk
│ │ ├── signcerts
│ │ │ └── peer0.org2.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.org2.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
├── tlsca
│ ├── c84a4fb8ac90cfe80826975b8902fa279e38a0947028b663e455ac9da495320b_sk
│ └── tlsca.org2.com-cert.pem
└── users
├── Admin@org2.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── Admin@org2.com-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.org2.com-cert.pem
│ │ ├── keystore
│ │ │ └── 3dbe15dfafd8464c1c2467c1ec07c04d28b33a84a54d86b370c4af04a6821d31_sk
│ │ ├── signcerts
│ │ │ └── Admin@org2.com-cert.pem
│ │ └── tlscacerts
│ │ └── tlsca.org2.com-cert.pem
│ └── tls
│ ├── ca.crt
│ ├── client.crt
│ └── client.key
└── User1@org2.com
├── msp
│ ├── admincerts
│ │ └── User1@org2.com-cert.pem
│ ├── cacerts
│ │ └── ca.org2.com-cert.pem
│ ├── keystore
│ │ └── 2ac7ac78c2037355571ead990e2ad10ed3d47f1fa9580c37d90d9d27d7bb769a_sk
│ ├── signcerts
│ │ └── User1@org2.com-cert.pem
│ └── tlscacerts
│ └── tlsca.org2.com-cert.pem
└── tls
├── ca.crt
├── client.crt
└── client.key
2.configtxgen生成配置交易
configtxgen 工具用来创建四个配置构件:
- 排序节点的
创世区块,- 通道
配置交易,- 两个
锚节点交易,一个对应一个 Peer 组织。
排序区块是排序服务的创世区块,通道配置交易在通道创建的时候广播给排序服务。锚节点交易,指定了每个组织在此通道上的锚节点。
首先编辑configtx.yaml文件,如下:(这里不对文件内容作解释,之后有专门章节解释)
Organizations:
- &Orderer
Name: Orderer
ID: Orderer
MSPDir: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Orderer.member')"
Writers:
Type: Signature
Rule: "OR('Orderer.member')"
Admins:
Type: Signature
Rule: "OR('Orderer.admin')"
- &Org1
Name: Org1
ID: Org1
MSPDir: /home/test/crypto/crypto-config/peerOrganizations/org1.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1.admin', 'Org1.peer', 'Org1.client')"
Writers:
Type: Signature
Rule: "OR('Org1.admin', 'Org1.client')"
Admins:
Type: Signature
Rule: "OR('Org1.admin')"
AnchorPeers:
- Host: peer0.org1.com
Port: 7051
- &Org2
Name: Org2
ID: Org2
MSPDir: /home/test/crypto/crypto-config/peerOrganizations/org2.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2.admin', 'Org2.peer', 'Org2.client')"
Writers:
Type: Signature
Rule: "OR('Org2.admin', 'Org2.client')"
Admins:
Type: Signature
Rule: "OR('Org2.admin')"
AnchorPeers:
- Host: peer0.org2.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_4_2: true
Orderer: &OrdererCapabilities
V1_4_2: true
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies: &ApplicationDefaultPolicies
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: etcdraft
Addresses:
- orderer0.orderer.com:7050
- orderer1.orderer.com:7050
- orderer2.orderer.com:7050
- orderer3.orderer.com:9050
- orderer4.orderer.com:9050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 10 MB
PreferredMaxBytes: 2 MB
MaxChannels: 0
Kafka:
Brokers:
- kafka0:9092
EtcdRaft:
Consenters:
- Host: orderer0.orderer.com
Port: 7050
ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer0.orderer.com/tls/server.crt
ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer0.orderer.com/tls/server.crt
- Host: orderer1.orderer.com
Port: 7050
ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer1.orderer.com/tls/server.crt
ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer1.orderer.com/tls/server.crt
- Host: orderer2.orderer.com
Port: 7050
ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer2.orderer.com/tls/server.crt
ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer2.orderer.com/tls/server.crt
- Host: orderer3.orderer.com
Port: 9050
ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer3.orderer.com/tls/server.crt
ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer3.orderer.com/tls/server.crt
- Host: orderer4.orderer.com
Port: 9050
ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer4.orderer.com/tls/server.crt
ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer4.orderer.com/tls/server.crt
Options:
TickInterval: 500ms
ElectionTick: 10
HeartbeatTick: 1
MaxInflightBlocks: 5
SnapshotIntervalSize: 20 MB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
SampleDevModeEtcdRaft:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *Orderer
Application:
<<: *ApplicationDefaults
Organizations:
- *Orderer
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
使用下列命令进行配置生成:
# 生成创世块
configtxgen -profile SampleDevModeEtcdRaft -channelID test-sys-channel -outputBlock genesis.block
# 通道配置交易
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx channel.tx -channelID mychannel
# 锚节点配置
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate Org1anchors.tx -channelID mychannel -asOrg Org1
# 锚节点配置
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate Org2anchors.tx -channelID mychannel -asOrg Org2
生成后应有如下文件
channel.tx configtx.yaml genesis.block mychannel.block Org1anchors.tx Org2anchors.tx
至此,相关配置已经生成完毕,接下来我们可以使用docker进行网络的启动了。
另外在启动前,我们需要把生成的相关文件copy到其他机器上,使用copy的方式或者scp命令均可,这里不再赘述。
