搭建第一個fabric網(wǎng)絡(luò)(版本1.4.2)——(四)配置生成

配置生成

以下操作均于centos7.6虛擬機(jī)環(huán)境使用root用戶完成,可以根據(jù)具體需求進(jìn)行選擇實體機(jī)與不同用戶選擇

該教程(搭建第一個fabric網(wǎng)絡(luò)1.4.2版本)基本完全基于官方文檔進(jìn)行,適用于缺乏了解的新手與感興趣的人群

官方文檔地址:

1.cryptogen生成證書

使用cryptogen為我們的網(wǎng)絡(luò)實體生成各種加密材料( x509 證書和簽名秘鑰)。這些證書是身份的代表,在實體之間通信和交易的時候,它們允許對身份驗證進(jìn)行簽名和驗證。

首先編輯crypto-config.yaml文件,如下:(這里不對文件內(nèi)容作解釋,之后有專門章節(jié)解釋

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs: #orderer組織,生成5個orderer的身份證明
  - Name: Orderer
    Domain: orderer.com
    Specs:
      - Hostname: orderer0
      - Hostname: orderer1
      - Hostname: orderer2
      - Hostname: orderer3
      - Hostname: orderer4
  
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs: #peer組織,各1個節(jié)點與用戶
  - Name: Org1
    Domain: org1.com
    EnableNodeOUs: true
    Template:
      Count: 1
    Users:
      Count: 1
  - Name: Org2
    Domain: org2.com
    EnableNodeOUs: true
    Template:
      Count: 1
    Users:
      Count: 1

使用命令進(jìn)行生成:

# 在當(dāng)前目錄執(zhí)行,執(zhí)行完畢會在當(dāng)前目錄生成包含身份證明數(shù)據(jù)(x509 證書和簽名秘鑰)的目錄
cryptogen generate --config=./crypto-config.yaml

生成的文件目錄結(jié)構(gòu)如下:

crypto-config
├── ordererOrganizations
│   └── orderer.com
│       ├── ca
│       │   ├── ca.orderer.com-cert.pem
│       │   └── cb40525e702e671eca53aa829ce166dccb4e64df45703902cbe13060c2cb1cfb_sk
│       ├── msp
│       │   ├── admincerts
│       │   │   └── Admin@orderer.com-cert.pem
│       │   ├── cacerts
│       │   │   └── ca.orderer.com-cert.pem
│       │   └── tlscacerts
│       │       └── tlsca.orderer.com-cert.pem
│       ├── orderers
│       │   ├── orderer0.orderer.com
│       │   │   ├── msp
│       │   │   │   ├── admincerts
│       │   │   │   │   └── Admin@orderer.com-cert.pem
│       │   │   │   ├── cacerts
│       │   │   │   │   └── ca.orderer.com-cert.pem
│       │   │   │   ├── keystore
│       │   │   │   │   └── b6853a1df22aa09f409731486ad9eb5682903a0cad32869527b5a8e4c92305f1_sk
│       │   │   │   ├── signcerts
│       │   │   │   │   └── orderer0.orderer.com-cert.pem
│       │   │   │   └── tlscacerts
│       │   │   │       └── tlsca.orderer.com-cert.pem
│       │   │   └── tls
│       │   │       ├── ca.crt
│       │   │       ├── server.crt
│       │   │       └── server.key
│       │   ├── orderer1.orderer.com
│       │   │   ├── msp
│       │   │   │   ├── admincerts
│       │   │   │   │   └── Admin@orderer.com-cert.pem
│       │   │   │   ├── cacerts
│       │   │   │   │   └── ca.orderer.com-cert.pem
│       │   │   │   ├── keystore
│       │   │   │   │   └── 17ee9e7c96496dbb631249a72d1208735c517bd9f151f2363b629c19bbcdd722_sk
│       │   │   │   ├── signcerts
│       │   │   │   │   └── orderer1.orderer.com-cert.pem
│       │   │   │   └── tlscacerts
│       │   │   │       └── tlsca.orderer.com-cert.pem
│       │   │   └── tls
│       │   │       ├── ca.crt
│       │   │       ├── server.crt
│       │   │       └── server.key
│       │   ├── orderer2.orderer.com
│       │   │   ├── msp
│       │   │   │   ├── admincerts
│       │   │   │   │   └── Admin@orderer.com-cert.pem
│       │   │   │   ├── cacerts
│       │   │   │   │   └── ca.orderer.com-cert.pem
│       │   │   │   ├── keystore
│       │   │   │   │   └── 67cb0f79598c93ad1e9feeeb4fcc91f56b6d2883f5af2dd759ef0904c79b3e42_sk
│       │   │   │   ├── signcerts
│       │   │   │   │   └── orderer2.orderer.com-cert.pem
│       │   │   │   └── tlscacerts
│       │   │   │       └── tlsca.orderer.com-cert.pem
│       │   │   └── tls
│       │   │       ├── ca.crt
│       │   │       ├── server.crt
│       │   │       └── server.key
│       │   ├── orderer3.orderer.com
│       │   │   ├── msp
│       │   │   │   ├── admincerts
│       │   │   │   │   └── Admin@orderer.com-cert.pem
│       │   │   │   ├── cacerts
│       │   │   │   │   └── ca.orderer.com-cert.pem
│       │   │   │   ├── keystore
│       │   │   │   │   └── 0eb958cd99142e4d3c3828f9e1b8b71e88fabc4bd7e367ca317fb8a387773651_sk
│       │   │   │   ├── signcerts
│       │   │   │   │   └── orderer3.orderer.com-cert.pem
│       │   │   │   └── tlscacerts
│       │   │   │       └── tlsca.orderer.com-cert.pem
│       │   │   └── tls
│       │   │       ├── ca.crt
│       │   │       ├── server.crt
│       │   │       └── server.key
│       │   └── orderer4.orderer.com
│       │       ├── msp
│       │       │   ├── admincerts
│       │       │   │   └── Admin@orderer.com-cert.pem
│       │       │   ├── cacerts
│       │       │   │   └── ca.orderer.com-cert.pem
│       │       │   ├── keystore
│       │       │   │   └── 14b2244bfec1b657ef9b5553f71898affe4b909f514a4ceda0140010fb084e31_sk
│       │       │   ├── signcerts
│       │       │   │   └── orderer4.orderer.com-cert.pem
│       │       │   └── tlscacerts
│       │       │       └── tlsca.orderer.com-cert.pem
│       │       └── tls
│       │           ├── ca.crt
│       │           ├── server.crt
│       │           └── server.key
│       ├── tlsca
│       │   ├── b96fccf689f6fc0f9e2eae84d79bc043647e1ca9e42dba611d7e0b4bed964220_sk
│       │   └── tlsca.orderer.com-cert.pem
│       └── users
│           └── Admin@orderer.com
│               ├── msp
│               │   ├── admincerts
│               │   │   └── Admin@orderer.com-cert.pem
│               │   ├── cacerts
│               │   │   └── ca.orderer.com-cert.pem
│               │   ├── keystore
│               │   │   └── f07b713faf1a7d5758374e2107d3feedf4d564f6edb747168ce59e1264f74804_sk
│               │   ├── signcerts
│               │   │   └── Admin@orderer.com-cert.pem
│               │   └── tlscacerts
│               │       └── tlsca.orderer.com-cert.pem
│               └── tls
│                   ├── ca.crt
│                   ├── client.crt
│                   └── client.key
└── peerOrganizations
    ├── org1.com
    │   ├── ca
    │   │   ├── ca08395fb3cfb0d1b698416bb3abd9f57483fce46f380ac79bc16c53744439df_sk
    │   │   └── ca.org1.com-cert.pem
    │   ├── msp
    │   │   ├── admincerts
    │   │   │   └── Admin@org1.com-cert.pem
    │   │   ├── cacerts
    │   │   │   └── ca.org1.com-cert.pem
    │   │   ├── config.yaml
    │   │   └── tlscacerts
    │   │       └── tlsca.org1.com-cert.pem
    │   ├── peers
    │   │   └── peer0.org1.com
    │   │       ├── msp
    │   │       │   ├── admincerts
    │   │       │   │   └── Admin@org1.com-cert.pem
    │   │       │   ├── cacerts
    │   │       │   │   └── ca.org1.com-cert.pem
    │   │       │   ├── config.yaml
    │   │       │   ├── keystore
    │   │       │   │   └── 72c79456aa95890758259901e37c48487adbb373ddeb4d563c755ecaea900973_sk
    │   │       │   ├── signcerts
    │   │       │   │   └── peer0.org1.com-cert.pem
    │   │       │   └── tlscacerts
    │   │       │       └── tlsca.org1.com-cert.pem
    │   │       └── tls
    │   │           ├── ca.crt
    │   │           ├── server.crt
    │   │           └── server.key
    │   ├── tlsca
    │   │   ├── 9a0b43daa17c7e5a8e048c51f4d45b97838ab1b0efdc535aba20f0c38129935d_sk
    │   │   └── tlsca.org1.com-cert.pem
    │   └── users
    │       ├── Admin@org1.com
    │       │   ├── msp
    │       │   │   ├── admincerts
    │       │   │   │   └── Admin@org1.com-cert.pem
    │       │   │   ├── cacerts
    │       │   │   │   └── ca.org1.com-cert.pem
    │       │   │   ├── keystore
    │       │   │   │   └── a9b98d7f41aa787b6738e5289ce1de06ff5248d5d77b8e42ea338a81e11a8482_sk
    │       │   │   ├── signcerts
    │       │   │   │   └── Admin@org1.com-cert.pem
    │       │   │   └── tlscacerts
    │       │   │       └── tlsca.org1.com-cert.pem
    │       │   └── tls
    │       │       ├── ca.crt
    │       │       ├── client.crt
    │       │       └── client.key
    │       └── User1@org1.com
    │           ├── msp
    │           │   ├── admincerts
    │           │   │   └── User1@org1.com-cert.pem
    │           │   ├── cacerts
    │           │   │   └── ca.org1.com-cert.pem
    │           │   ├── keystore
    │           │   │   └── f031fec28dbcc5f267941ef4a414ab2b0f5a8a887bb580f9656e694a0f821f67_sk
    │           │   ├── signcerts
    │           │   │   └── User1@org1.com-cert.pem
    │           │   └── tlscacerts
    │           │       └── tlsca.org1.com-cert.pem
    │           └── tls
    │               ├── ca.crt
    │               ├── client.crt
    │               └── client.key
    └── org2.com
        ├── ca
        │   ├── a4d9659f098499ce52016d3a4f5ecabefb453993424bdafe1f2da9d8ae4a83c7_sk
        │   └── ca.org2.com-cert.pem
        ├── msp
        │   ├── admincerts
        │   │   └── Admin@org2.com-cert.pem
        │   ├── cacerts
        │   │   └── ca.org2.com-cert.pem
        │   ├── config.yaml
        │   └── tlscacerts
        │       └── tlsca.org2.com-cert.pem
        ├── peers
        │   └── peer0.org2.com
        │       ├── msp
        │       │   ├── admincerts
        │       │   │   └── Admin@org2.com-cert.pem
        │       │   ├── cacerts
        │       │   │   └── ca.org2.com-cert.pem
        │       │   ├── config.yaml
        │       │   ├── keystore
        │       │   │   └── 846ff9356b6134ead2f5e9e98abfaee96b07aef1d5058977527932290efb439a_sk
        │       │   ├── signcerts
        │       │   │   └── peer0.org2.com-cert.pem
        │       │   └── tlscacerts
        │       │       └── tlsca.org2.com-cert.pem
        │       └── tls
        │           ├── ca.crt
        │           ├── server.crt
        │           └── server.key
        ├── tlsca
        │   ├── c84a4fb8ac90cfe80826975b8902fa279e38a0947028b663e455ac9da495320b_sk
        │   └── tlsca.org2.com-cert.pem
        └── users
            ├── Admin@org2.com
            │   ├── msp
            │   │   ├── admincerts
            │   │   │   └── Admin@org2.com-cert.pem
            │   │   ├── cacerts
            │   │   │   └── ca.org2.com-cert.pem
            │   │   ├── keystore
            │   │   │   └── 3dbe15dfafd8464c1c2467c1ec07c04d28b33a84a54d86b370c4af04a6821d31_sk
            │   │   ├── signcerts
            │   │   │   └── Admin@org2.com-cert.pem
            │   │   └── tlscacerts
            │   │       └── tlsca.org2.com-cert.pem
            │   └── tls
            │       ├── ca.crt
            │       ├── client.crt
            │       └── client.key
            └── User1@org2.com
                ├── msp
                │   ├── admincerts
                │   │   └── User1@org2.com-cert.pem
                │   ├── cacerts
                │   │   └── ca.org2.com-cert.pem
                │   ├── keystore
                │   │   └── 2ac7ac78c2037355571ead990e2ad10ed3d47f1fa9580c37d90d9d27d7bb769a_sk
                │   ├── signcerts
                │   │   └── User1@org2.com-cert.pem
                │   └── tlscacerts
                │       └── tlsca.org2.com-cert.pem
                └── tls
                    ├── ca.crt
                    ├── client.crt
                    └── client.key

2.configtxgen生成配置交易

configtxgen 工具用來創(chuàng)建四個配置構(gòu)件:

  • 排序節(jié)點的 創(chuàng)世區(qū)塊,
  • 通道 配置交易,
  • 兩個 錨節(jié)點交易,一個對應(yīng)一個 Peer 組織。

排序區(qū)塊是排序服務(wù)的創(chuàng)世區(qū)塊,通道配置交易在通道創(chuàng)建的時候廣播給排序服務(wù)。錨節(jié)點交易,指定了每個組織在此通道上的錨節(jié)點。

首先編輯configtx.yaml文件,如下:(這里不對文件內(nèi)容作解釋,之后有專門章節(jié)解釋

Organizations:
    - &Orderer
        Name: Orderer
        ID: Orderer
        MSPDir: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Orderer.member')"
            Writers:
                Type: Signature
                Rule: "OR('Orderer.member')"
            Admins:
                Type: Signature
                Rule: "OR('Orderer.admin')"
    - &Org1
        Name: Org1
        ID: Org1
        MSPDir: /home/test/crypto/crypto-config/peerOrganizations/org1.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org1.admin', 'Org1.peer', 'Org1.client')"
            Writers:
                Type: Signature
                Rule: "OR('Org1.admin', 'Org1.client')"
            Admins:
                Type: Signature
                Rule: "OR('Org1.admin')"
        AnchorPeers:
            - Host: peer0.org1.com
              Port: 7051
    - &Org2
        Name: Org2
        ID: Org2
        MSPDir: /home/test/crypto/crypto-config/peerOrganizations/org2.com/msp
        Policies:
            Readers:
                Type: Signature
                Rule: "OR('Org2.admin', 'Org2.peer', 'Org2.client')"
            Writers:
                Type: Signature
                Rule: "OR('Org2.admin', 'Org2.client')"
            Admins:
                Type: Signature
                Rule: "OR('Org2.admin')"
        AnchorPeers:
            - Host: peer0.org2.com
              Port: 7051

Capabilities:
    Channel: &ChannelCapabilities
        V1_4_2: true
    Orderer: &OrdererCapabilities
        V1_4_2: true
    Application: &ApplicationCapabilities
        V1_4_2: true
        V1_3: false
        V1_2: false
        V1_1: false
Application: &ApplicationDefaults
    Organizations:
    Policies: &ApplicationDefaultPolicies
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
    Capabilities:
        <<: *ApplicationCapabilities
Orderer: &OrdererDefaults
    OrdererType: etcdraft
    Addresses:
        - orderer0.orderer.com:7050
        - orderer1.orderer.com:7050
        - orderer2.orderer.com:7050
        - orderer3.orderer.com:9050
        - orderer4.orderer.com:9050
    BatchTimeout: 2s
    BatchSize:
        MaxMessageCount: 10
        AbsoluteMaxBytes: 10 MB
        PreferredMaxBytes: 2 MB
    MaxChannels: 0
    Kafka:
        Brokers:
            - kafka0:9092
    EtcdRaft:
        Consenters:
            - Host: orderer0.orderer.com
              Port: 7050
              ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer0.orderer.com/tls/server.crt
              ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer0.orderer.com/tls/server.crt
            - Host: orderer1.orderer.com
              Port: 7050
              ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer1.orderer.com/tls/server.crt
              ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer1.orderer.com/tls/server.crt
            - Host: orderer2.orderer.com
              Port: 7050
              ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer2.orderer.com/tls/server.crt
              ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer2.orderer.com/tls/server.crt
            - Host: orderer3.orderer.com
              Port: 9050
              ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer3.orderer.com/tls/server.crt
              ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer3.orderer.com/tls/server.crt
            - Host: orderer4.orderer.com
              Port: 9050
              ClientTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer4.orderer.com/tls/server.crt
              ServerTLSCert: /home/test/crypto/crypto-config/ordererOrganizations/orderer.com/orderers/orderer4.orderer.com/tls/server.crt
        Options:
            TickInterval: 500ms
            ElectionTick: 10
            HeartbeatTick: 1
            MaxInflightBlocks: 5
            SnapshotIntervalSize: 20 MB
    Organizations:
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
        BlockValidation:
            Type: ImplicitMeta
            Rule: "ANY Writers"
    Capabilities:
        <<: *OrdererCapabilities
Channel: &ChannelDefaults
    Policies:
        Readers:
            Type: ImplicitMeta
            Rule: "ANY Readers"
        Writers:
            Type: ImplicitMeta
            Rule: "ANY Writers"
        Admins:
            Type: ImplicitMeta
            Rule: "MAJORITY Admins"
    Capabilities:
        <<: *ChannelCapabilities

Profiles:
    SampleDevModeEtcdRaft:
        <<: *ChannelDefaults
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *Orderer
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Orderer
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
                    - *Org2

    TwoOrgsChannel:
        Consortium: SampleConsortium
        <<: *ChannelDefaults
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
            Capabilities:
                <<: *ApplicationCapabilities

使用下列命令進(jìn)行配置生成:

# 生成創(chuàng)世塊
configtxgen -profile SampleDevModeEtcdRaft -channelID test-sys-channel -outputBlock genesis.block
# 通道配置交易
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx channel.tx -channelID mychannel
# 錨節(jié)點配置
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate Org1anchors.tx -channelID mychannel -asOrg Org1
# 錨節(jié)點配置
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate Org2anchors.tx -channelID mychannel -asOrg Org2

生成后應(yīng)有如下文件

channel.tx  configtx.yaml  genesis.block  mychannel.block  Org1anchors.tx  Org2anchors.tx

至此,相關(guān)配置已經(jīng)生成完畢,接下來我們可以使用docker進(jìn)行網(wǎng)絡(luò)的啟動了。

另外在啟動前,我們需要把生成的相關(guān)文件copy到其他機(jī)器上,使用copy的方式或者scp命令均可,這里不再贅述。

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容