HyperLedger Fabric 1.4 生產環境動態添加組織及節點
網易雲課堂視頻在線教學,地址:https://study.163.com/course/introduction/1209401942.htmgit
1.1 操做概述
在「kafka生產環境部署」和「生產環境使用ca生成msp和tls」兩篇文章的搭建的環境基礎上,實現組織及節點的動態添加功能。
1.2 網絡拓撲
github
1.3 新組織配置
1.3.1 生成新組織證書
切換到192.168.235.6服務器上進行CA服務啓動及生成證書操做。
1. CA服務啓動
1) IntermediaCA4啓動
① 初始化CA服務docker
# fabric-ca-server init -b admin4:adminpw4 -u http://admin:adminpw@localhost:7054 --home ./intermediaca4 # vi ./intermediaca4/fabric-ca-server-config.yaml 修改 version: 1.4.0 port: 7058
② 啓動CA服務json
【命令行啓動】 # fabric-ca-server start -b admin4:adminpw4 -u http://admin:adminpw@localhost:7054 --home ./intermediaca4 --cfg.affiliations.allowremove --cfg.identities.allowremove 【docker啓動】 拷貝文件docker-intermediaca4.yml到ca-server目錄 # docker-compose -f docker-intermediaca4.yaml up -d
2) IntermediaCAtls4啓動
1) 初始化CA服務bash
# fabric-ca-server init -b admin4:adminpw4 -u http://admin:adminpw@localhost:7054 --home ./intermediacatls4 # vi ./intermediacatls4/fabric-ca-server-config.yaml 修改 version: 1.4.0 port: 8058
2) 啓動CA服務服務器
【命令行啓動】 # fabric-ca-server start -b admin4:adminpw4 -u http://admin:adminpw@localhost:7054 --home ./intermediacatls4 --cfg.affiliations.allowremove --cfg.identities.allowremove 【docker啓動】 拷貝文件docker-intermediaca4.yml到ca-server目錄 # docker-compose -f docker-intermediacatls4.yaml up -d
2. IntermediaCA4生成證書網絡
1) 生成org3.example.com的msp
① 登記org3.example.comide
# fabric-ca-client enroll --csr.cn=org3.example.com --csr.hosts=['org3.example.com'] -M ./crypto-config/peerOrganizations/org3.example.com/msp -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client # vi ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/msp/config.yaml 輸入: NodeOUs: Enable: true ClientOUIdentifier: Certificate: intermediatecerts/localhost-7058.pem OrganizationalUnitIdentifier: client PeerOUIdentifier: Certificate: intermediatecerts/localhost-7058.pem OrganizationalUnitIdentifier: peer
② 添加聯盟成員工具
# fabric-ca-client affiliation list -M ./crypto-config/peerOrganizations/org3.example.com/msp -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client # fabric-ca-client affiliation remove --force org1 -M ./crypto-config/peerOrganizations/org3.example.com/msp -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client # fabric-ca-client affiliation remove --force org3 -M ./crypto-config/peerOrganizations/org3.example.com/msp -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client # fabric-ca-client affiliation add com -M ./crypto-config/peerOrganizations/org3.example.com/msp -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client # fabric-ca-client affiliation add com.example -M ./crypto-config/peerOrganizations/org3.example.com/msp -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client # fabric-ca-client affiliation add com.example.org3 -M ./crypto-config/peerOrganizations/org3.example.com/msp -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client
2) 生成Admin@example.com的msp
1) 註冊Admin@example.comfetch
# fabric-ca-client register --id.name Admin@org3.example.com --id.type client --id.affiliation "com.example.org3" --id.attrs '"hf.Registrar.Roles=client,orderer,peer,user","hf.Registrar.DelegateRoles=client,orderer,peer,user",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert' --id.secret=123456 --csr.cn=org3.example.com --csr.hosts=['org3.example.com'] -M ./crypto-config/peerOrganizations/org3.example.com/msp -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client
2) 登記Admin@example.com
# fabric-ca-client enroll -u http://Admin@org3.example.com:123456@localhost:7058 --csr.cn=org3.example.com --csr.hosts=['org3.example.com'] -M ./crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp --home ./fabric-ca-client
3) 生成msp
# mkdir ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/admincerts # cp ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/admincerts # mkdir ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/msp/admincerts # cp ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/msp/admincerts
3) 生成peer0.org3.example.com的msp
1) 註冊peer0.org3.example.com
# fabric-ca-client register --id.name peer0.org3.example.com --id.type peer --id.affiliation "com.example.org3" --id.attrs '"role=peer",ecert=true' --id.secret=123456 --csr.cn=peer0.org3.example.com --csr.hosts=['peer0.org3.example.com'] -M ./crypto-config/peerOrganizations/org3.example.com/msp -u http://admin4:adminpw4@localhost:7058 --home ./fabric-ca-client
2) 登記peer0.org3.example.com
# fabric-ca-client enroll -u http://peer0.org3.example.com:123456@localhost:7058 --csr.cn=peer0.org3.example.com --csr.hosts=['peer0.org3.example.com'] -M ./crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp --home ./fabric-ca-client
3) 生成msp
# mkdir ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/admincerts
# cp ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/admincerts
3. IntermediaCAtls4生成證書
1) 生成org3.example.com的tls
① 登記org3.example.com
# fabric-ca-client enroll --csr.cn=org3.example.com --csr.hosts=['org3.example.com'] -M ./crypto-config/peerOrganizations/org3.example.com/tlstmp -u http://admin4:adminpw4@localhost:8057 --home ./fabric-ca-client
② 添加聯盟成員
# fabric-ca-client affiliation list -M ./crypto-config/peerOrganizations/org3.example.com/tlstmp -u http://admin4:adminpw4@localhost:8057 --home ./fabric-ca-client # fabric-ca-client affiliation remove --force org1 -M ./crypto-config/peerOrganizations/org3.example.com/tlstmp -u http://admin4:adminpw4@localhost:8057 --home ./fabric-ca-client # fabric-ca-client affiliation remove --force org3 -M ./crypto-config/peerOrganizations/org3.example.com/tlstmp -u http://admin4:adminpw4@localhost:8057 --home ./fabric-ca-client # fabric-ca-client affiliation add com -M ./crypto-config/peerOrganizations/org3.example.com/tlstmp -u http://admin4:adminpw4@localhost:8057 --home ./fabric-ca-client # fabric-ca-client affiliation add com.example -M ./crypto-config/peerOrganizations/org3.example.com/tlstmp -u http://admin4:adminpw4@localhost:8057 --home ./fabric-ca-client # fabric-ca-client affiliation add com.example.org3 -M ./crypto-config/peerOrganizations/org3.example.com/tlstmp -u http://admin4:adminpw4@localhost:8057 --home ./fabric-ca-client
2) 生成Admin@example.com的tls
1) 註冊Admin@example.com
# fabric-ca-client register --id.name Admin@org3.example.com --id.type client --id.affiliation "com.example.org3" --id.attrs '"hf.Registrar.Roles=client,orderer,peer,user","hf.Registrar.DelegateRoles=client,orderer,peer,user",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert' --id.secret=123456 --csr.cn=org3.example.com --csr.hosts=['org3.example.com'] -M ./crypto-config/peerOrganizations/org3.example.com/tlstmp -u http://admin4:adminpw4@localhost:8057 --home ./fabric-ca-client
2) 登記Admin@example.com
# fabric-ca-client enroll -d --enrollment.profile tls -u http://Admin@org3.example.com:123456@localhost:8057 --csr.cn=org3.example.com --csr.hosts=['org3.example.com'] -M ./crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/tlstmp --home ./fabric-ca-client
1) 生成tls
# mkdir ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/tls # cp ./intermediacatls4/ca-chain.pem ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/tls/ca.crt # cp ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/tlstmp/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/tls/client.crt # cp ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/tlstmp/keystore/xxxxxxx_sk ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/tls/client.key # rm -rf ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/users/Admin@org3.example.com/tlstmp
3) 生成peer0.org3.example.com的tls
1) 註冊peer0.org3.example.com
# fabric-ca-client register --id.name peer0.org3.example.com --id.type peer --id.affiliation "com.example.org3" --id.attrs '"role=peer",ecert=true' --id.secret=123456 --csr.cn=peer0.org3.example.com --csr.hosts=['peer0.org3.example.com'] -M ./crypto-config/peerOrganizations/org3.example.com/tlstmp -u http://admin4:adminpw4@localhost:8057 --home ./fabric-ca-client
2) 登記peer0.org3.example.com
# fabric-ca-client enroll -d --enrollment.profile tls -u http://peer0.org3.example.com:123456@localhost:8057 --csr.cn=peer0.org3.example.com --csr.hosts=['peer0.org3.example.com'] -M ./crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tlstmp --home ./fabric-ca-client
3) 生成tls
# mkdir ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls # cp ./intermediacatls4/ca-chain.pem ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt # cp ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tlstmp/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt # cp ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tlstmp/keystore/xxxxxxx_sk ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key # rm -rf ./fabric-ca-client/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tlstmp
1.3.2 生成新組織配置
切換到192.168.235.7服務器下進行操做。
1. 證書生成的org3.example.com目錄拷貝到/crypto-config/peerOrganizations目錄下。
2. 在configtx.yaml配置文件中加上org3組織信息,並拷貝到kafkapeer目錄下。
3. 將org3的配置以 json 格式輸出
# cd $GOPATH/src/github.com/hyperledger/fabric/kafkapeer # docker-compose -f docker-compose-peer.yaml up -d # ./bin/configtxgen -printOrg Org3MSP -profile ./configtx.yaml > ./channel-artifacts/org3.json
4. 安裝jq工具
jq 是 Linux 下命令行處理 JSON 的工具,能夠對 JSON 進行過濾、格式化、修改等等操做
# yum install epel-release
# yum install jq
5. 獲取當前 channel 的配置
# docker exec -it cli bash # ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlsintermediatecerts/tls-localhost-8055.pem # peer channel fetch config config_block.pb -o orderer0.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA # exit # docker cp xxxxxxxx:/opt/gopath/src/github.com/hyperledger/fabric/peer/config_block.pb /opt/gopath/src/github.com/hyperledger/fabric/kafkapeer
6. 修改原配置文件,新增 org3 配置
# ./bin/configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
7. 修改 config.json,新增 org3
# jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json
8. 將 config.json 和 modified_config.json 轉爲 protobuf 格式
# ./bin/configtxlator proto_encode --input config.json --type common.Config > original_config.pb
# ./bin/configtxlator proto_encode --input modified_config.json --type common.Config > modified_config.pb
9. 根據 config.pb 和 modified_config.pb 計算出 org3_update.pb
# ./bin/configtxlator compute_update --channel_id mychannel --original original_config.pb --updated modified_config.pb > config_update.pb
10. 解碼 config_update.pb 爲 json,而後用 jq 修改,而後在編碼爲 protobuf 格式,最終輸出 org3_update_in_envelope.pb
# ./bin/configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate > config_update.json # echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json # ./bin/configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope > org3_update_in_envelope.pb # docker cp /opt/gopath/src/github.com/hyperledger/fabric/kafkapeer/org3_update_in_envelope.pb xxxxxxxx:/opt/gopath/src/github.com/hyperledger/fabric/peer/
1.3.3 提交新組織配置
1. 爲 Org3 新配置簽名
# docker exec -it cli bash # CORE_PEER_LOCALMSPID="Org1MSP" # CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt # CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp # CORE_PEER_ADDRESS=peer0.org1.example.com:7051 # peer channel signconfigtx -f org3_update_in_envelope.pb # CORE_PEER_LOCALMSPID="Org2MSP" # CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt # CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp # CORE_PEER_ADDRESS=peer0.org2.example.com:7051 # peer channel signconfigtx -f org3_update_in_envelope.pb
2. 提交簽名後的配置交易至 orderer
# ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlsintermediatecerts/tls-localhost-8055.pem # peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer0.example.com:7050 --tls --cafile $ORDERER_CA
1.4 新組織啓動
切換到192.168.235.11服務器上操做。
1. 配置docker-compose-peer.yaml文件,拷貝到kafkapeer目錄下。
2. 服務器(192.168.235.11)啓動
# cd $GOPATH/src/github.com/hyperledger/fabric/kafkapeer
# docker-compose -f docker-compose-peer.yaml up -d
3. 獲取當前 channel 的配置
# docker exec -it cli bash # ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlsintermediatecerts/tls-localhost-8055.pem # peer channel fetch 0 mychannel.block -o orderer0.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA
4. 將 Org 全部 Peer 加入 channel
# peer channel join -b mychannel.block
5. 升級chaincode和背書策略
# peer chaincode install -n mycc -p github.com/hyperledger/fabric/kafkapeer/chaincode/go/example02/ -v 2.0
6. 爲 Org1 的 peer0升級chaincode到2.0
切換到192.168.235.7服務器上
# peer chaincode install -n mycc -p github.com/hyperledger/fabric/kafkapeer/chaincode/go/example02/ -v 2.0 # ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlsintermediatecerts/tls-localhost-8055.pem # peer chaincode upgrade -o orderer0.example.com:7050 --tls --cafile $ORDERER_CA -C mychannel -n mycc -v 2.0 -c '{"Args":["init","a","200","b","400"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer','Org3MSP.peer')"
7. 爲 Org2 的 peer0升級chaincode到2.0
切換到192.168.235.9服務器上
# peer chaincode install -n mycc -p github.com/hyperledger/fabric/kafkapeer/chaincode/go/example02/ -v 2.0
1.5 新組織驗證
切換到192.168.235.11服務上,在Peer上查詢a值。
1) Peer上查詢a,顯示130
# peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
2) Peer上進行a向b轉20交易
# ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlsintermediatecerts/tls-localhost-8055.pem # peer chaincode invoke --tls --cafile $ORDERER_CA -C mychannel -n mycc -c '{"Args":["invoke","a","b","20"]}'
3) Peer上查詢b,顯示110
# peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
相關文章
- 1. hyperledger fabric 1.4 動態添加組織之 eyfn.sh詳解
- 2. Centos7 HyperLedger Fabric 1.4 生產環境部署
- 3. fabric組織動態添加peer
- 4. HyperLedger Fabric 1.4 超級帳本組織(5.3)
- 5. HyperLedger Fabric 1.4 生產環境使用ca生成msp和tls(12)
- 6. fabric-sdk-java 動態添加組織
- 7. HyperLedger Fabric 1.4 kafka生產環境部署(11.1)
- 8. Hyperledger Fabric 1.4 快速環境搭建
- 9. Hyperledger Fabric 1.4 環境搭建-CentOS
- 10. HyperLedger Fabric 1.4 基礎環境搭建(7)
- 更多相關文章...
- • XML DOM 添加節點 - XML DOM 教程
- • C# 動態數組(ArrayList) - C#教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • 互聯網組織的未來:剖析GitHub員工的任性之源
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. hyperledger fabric 1.4 動態添加組織之 eyfn.sh詳解
- 2. Centos7 HyperLedger Fabric 1.4 生產環境部署
- 3. fabric組織動態添加peer
- 4. HyperLedger Fabric 1.4 超級帳本組織(5.3)
- 5. HyperLedger Fabric 1.4 生產環境使用ca生成msp和tls(12)
- 6. fabric-sdk-java 動態添加組織
- 7. HyperLedger Fabric 1.4 kafka生產環境部署(11.1)
- 8. Hyperledger Fabric 1.4 快速環境搭建
- 9. Hyperledger Fabric 1.4 環境搭建-CentOS
- 10. HyperLedger Fabric 1.4 基礎環境搭建(7)