Fabric CA 学习记录

- 什么是Fabric CA
- 生产环境建议
- 总体架构
- 一、安装
- - 1. 依赖条件
- 二、设置TLS CA
- - 1启动TLS CA 容器
  - 1.2 目录结构
  - 2.注册 TLS CA 的管理员
- 三、设置Orderer的CA 管理
- - 1. 启动容器
  - 2.注册orderer的 CA 管理员
  - 目录结构
- 四、设置 Org1 的 CA
- - 1.启动容器
  - 2.注册 Org1 的 CA 管理员
- 五、设置 org2 的CA
- - 1.启动容器
  - 2.注册org2的管理员
- 六、注册org0
- - 1. 准备证书
  - 2. 注册身份
  - 3. tls-ca注册
- 七、注册org1
- - 1. 准备证书
  - 2. 注册peer1
  - 3. tls-ca注册
  - 4.准备证书
  - 5.注册peer2
  - 6.tls-ca 注册
  - 7.注册org1的admin
- 八、注册0rg2
- - 1.准备证书
  - 2.注册peer1
  - 3.tls-ca注册
  - 4.准备证书
  - 5.注册peer2
  - 6.tls-ca 注册
  - 7.注册org2的admin
- 九、启动org1，org2、orderer
- - 1.启动org1，org2的peer节点
  - 2.查看configtx.yaml
  - 3.创建创世块和通道交易
  - 4.启动orderer,cli-org1,cli-org2
  - 5.查看容器状态
- 十、创建和加入通道
- - 1.peer1创建通道
  - 2.创建通道并加入
  - - 1)org1创建通道
    - 2)peer1、peer2加入通道
    - 3)org2加入通道
    - 4) peer1、peer2加入通道
    - 5)检查通道是否加入成功
- 十一、安装和实例化链码
- - 1.链码拷贝到cli-org1 容器内
  - 2.在cli-org1安装
  - 3. 在cli-org2安装

加入Fabric联盟链的计算机结点和用户都必须要经过注册并获得CA颁发的证书，才能在联盟链中操作。证书颁发机构可以提供的功能如下：

身份的注册或连接到LDAP（Lightweight Directory Access Protocol，轻量目录访问协议）作为用户注册表;
签发登记证书（ECerts）（Enrollment Certificates）
签发交易证书（TCerts）（Transaction Certificates），在Hyperledger Fabric blockchain上交易时提供匿名性和不可链接性。
证书续期和撤销

与 Hyperledger Fabric CA 服务器交互的方式有两种：通过 Hyperledger Fabric CA 客户端或通过其中一个 Fabric SDK。与 Hyperledger Fabric CA 服务器的所有通信都是通过 REST API 进行的。

集群中的所有 Hyperledger Fabric CA 服务器共享同一个数据库以跟踪身份和证书。如果配置了 LDAP，身份信息将保存在 LDAP 而不是数据库中。

一个服务器可能包含多个 CA。每个 CA 要么是根 CA，要么是中间 CA。每个中间 CA 都有一个父 CA，它要么是根 CA，要么是另一个中间 CA。

什么是Fabric CA

Hyperledger Fabric CA 是 Hyperledger Fabric 的证书颁发机构 (CA)。
它提供以下功能：

身份注册，或作为用户注册表连接到 LDAP
颁发注册证书 (ECerts)
证书更新和撤销

Fabric CA 由服务器和客户端组件组成

TLS证书用于TLS协商。这些证书用于确保组件之间的网络链路完整性。使用标准的TLS，可以确保客户端连接到的服务器实际上就是他们想要的服务器，而不是伪装成他们的目的地的另一方。当相互TLS被启用时，除了来自标准TLS的标准客户端->服务器保证之外，服务器还可以验证客户端被授权形成TLS链接。

CA证书用于在Fabric网络上进行交易。客户使用他们的签名者证书来签署发送给对等点的提案和发送给订单者的事务，对等点使用他们的签名者证书来签署提案响应(创建背书)，而订购者使用他们的签名者证书来签署块，这些块被传播回对等点和客户。当你看到一个没有明确注明为TLS的“证书”的引用时，这个证书通常是一个签名者证书

生产环境建议

建议为每个组织部署两个 CA，一个组织 CA 和一个 TLS CA

TLS CA：
用来保护组织中节点之间的通信,生成所有节点的通信证书
组织CA：
用于生成组织和节点身份

排序服务节点不应该与peer所属同一组织，因此需要为peer所在组织和排序服务节点单独创建组织

部署CA 服务时应遵循部署顺序为：
1）TLS CA
2）组织 CA

总体架构

官方采用的是多机部署环境、这里就简化下下，所有操作就简化下都在一台机器上。

下面介绍下本文所采用的整体架构
三个组织

Org0 —> 组织0
Org1 —> 组织1
Org2 —> 组织2
组织中的成员

Org0: 一个orderer节点,一个Org0的Admin节点
Org1: 两个Peer节点,一个Org1的Admin节点,一个Org1的User节点
Org2: 两个Peer节点,一个Org2的Admin节点,一个Org2的User节点
四台CA服务器

TLS服务器：为网络中所有节点颁发TLS证书，用于通信的加密
Org1的CA服务器：为组织1中所有用户颁发证书
Org2的Ca服务器：为组织2中所有用户颁发证书
Org0的CA服务器：为组织0中所有用户颁发证书
这里的四台CA服务器都是根服务器。彼此之间都是独立的存在，没有任何关系。，也就是说每一个CA服务器生成的证书在其他CA服务器都是不能用的。

一、安装

1. 依赖条件

###依赖及go环境yum install libtool libltdl-dev go  docker###另需要docker-compose

二、设置TLS CA

TLS CA 用于颁发 TLS 证书。需要这些证书来保护各种进程之间的通信。

1启动TLS CA 容器

  ca-tls:    container_name: ca-tls    image: hyperledger/fabric-ca:1.4.9    command: sh -c 'fabric-ca-server start -d -b tls-ca-admin:tls-ca-adminpw --port 7052'    environment:        - FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto        - FABRIC_CA_SERVER_TLS_ENABLED=true        - FABRIC_CA_SERVER_CSR_CN=tls-ca        - FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0        - FABRIC_CA_SERVER_DEBUG=true    volumes:        - /tmp/hyperledger/tls-ca:/tmp/hyperledger/fabric-ca    networks:        - fabric-ca    ports:        - 7052:7052

docker-compose up -d ca-tls

1.2 目录结构

[root@10 hyperledger]# tree           crypto            ├── ca-cert.pem        ####TLS CA 的签名证书            ├── fabric-ca-server-config.yaml            ├── fabric-ca-server.db            ├── IssuerPublicKey            ├── IssuerRevocationPublicKey            ├── msp        ###是定义管理该组织有效身份规则的组件，存放签名用的证书文件和加密用的私钥文件            │   ├── cacerts  ##CA服务器的证书            │   ├── keystore    ####节点或者账号的私钥            │   │   ├── 5d3c6784f5d5d0df8f368e6cda6c483f5ebe8b7189fa8817c3543b487b654bdf_sk            │   │   ├── IssuerRevocationPrivateKey            │   │   └── IssuerSecretKey            │   ├── signcerts ##符合X.509的节点或者账户证书文件。可以理解为账户的ID，将其复制到某个peer或Org的admincerts目录下代表管理员账号            │   └── user            └── tls-cert.pem  ###TLS根CA的证书在/tmp/hyperledger/tls-ca/crypto/路径下的ca-cert.pem文件。这是TLS CA服务器的签名根证书，目的是用来对CA的TLS证书进行验证，同时也需要持有这个证书才可以进行证书的颁发。多环境下我们需要将它复制到每一台机器上。

2.注册 TLS CA 的管理员

export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/tls-cert.pemexport FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/tls-ca/adminfabric-ca-client enroll -d -u https://tls-ca-admin:tls-ca-adminpw@0.0.0.0:7052fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052fabric-ca-client register -d --id.name peer2-org1 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7052fabric-ca-client register -d --id.name peer1-org2 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7052fabric-ca-client register -d --id.name peer2-org2 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7052fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7052

####查看注册的实体[root@10 tls-ca]# fabric-ca-client identity listName: tls-ca-admin, Type: client, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.GenCRL Value:1 ECert:false} {Name:hf.Registrar.Attributes Value:* ECert:false} {Name:hf.AffiliationMgr Value:1 ECert:false} {Name:hf.Registrar.Roles Value:* ECert:false} {Name:hf.Registrar.DelegateRoles Value:* ECert:false} {Name:hf.Revoker Value:1 ECert:false} {Name:hf.IntermediateCA Value:1 ECert:false}]Name: peer1-org1, Type: peer, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.EnrollmentID Value:peer1-org1 ECert:true} {Name:hf.Type Value:peer ECert:true} {Name:hf.Affiliation Value: ECert:true}]Name: peer2-org1, Type: peer, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.EnrollmentID Value:peer2-org1 ECert:true} {Name:hf.Type Value:peer ECert:true} {Name:hf.Affiliation Value: ECert:true}]Name: peer1-org2, Type: peer, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.EnrollmentID Value:peer1-org2 ECert:true} {Name:hf.Type Value:peer ECert:true} {Name:hf.Affiliation Value: ECert:true}]Name: peer2-org2, Type: peer, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.EnrollmentID Value:peer2-org2 ECert:true} {Name:hf.Type Value:peer ECert:true} {Name:hf.Affiliation Value: ECert:true}]Name: orderer1-org0, Type: orderer, Affiliation: , Max Enrollments: -1, Attributes: [{Name:hf.EnrollmentID Value:orderer1-org0 ECert:true} {Name:hf.Type Value:orderer ECert:true} {Name:hf.Affiliation Value: ECert:true}]

三、设置Orderer的CA 管理

1. 启动容器

  rca-org0:    container_name: rca-org0    image: hyperledger/fabric-ca:1.4.9    command: sh -c 'fabric-ca-server start -d -b rca-org0-admin:rca-org0-adminpw --port 7053'    environment:        - FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto        - FABRIC_CA_SERVER_TLS_ENABLED=true        - FABRIC_CA_SERVER_CSR_CN=rca-org0        - FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0        - FABRIC_CA_SERVER_DEBUG=true    volumes:        - /tmp/hyperledger/org0/ca:/tmp/hyperledger/fabric-ca    networks:        - fabric-ca    ports:        - 7053:7053

docker-compose up -d rca-org0

2.注册orderer的 CA 管理员

export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/ca/crypto/ca-cert.pemexport FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/ca/adminfabric-ca-client enroll -d -u https://rca-org0-admin:rca-org0-adminpw@0.0.0.0:7053sleep 5fabric-ca-client register -d --id.name orderer1-org0 --id.secret ordererpw --id.type orderer -u https://0.0.0.0:7053fabric-ca-client register -d --id.name admin-org0 --id.secret org0adminpw --id.type user -u https://0.0.0.0:7053

目录结构

admin/├── fabric-ca-client-config.yaml└── msp    ├── cacerts    │   └── 0-0-0-0-7053.pem   ##CA 的公共证书    ├── IssuerPublicKey    ├── IssuerRevocationPublicKey    ├── keystore    │   └── 2da4e5e8d777be61fc29e81b4295c97f40395a0d9cbe7dddbfd12e8c6beda6af_sk   ##客户端生成的私钥    ├── signcerts    │   └── cert.pem ##CA 签发的 admin 的证书    └── user

四、设置 Org1 的 CA

1.启动容器

 rca-org1:    container_name: rca-org1    image: hyperledger/fabric-ca:1.4.9    command: sh -c 'fabric-ca-server start -d -b rca-org1-admin:rca-org1-adminpw --port 7054'    environment:        - FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto        - FABRIC_CA_SERVER_TLS_ENABLED=true        - FABRIC_CA_SERVER_CSR_CN=rca-org1        - FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0        - FABRIC_CA_SERVER_DEBUG=true    volumes:        - /tmp/hyperledger/org1/ca:/tmp/hyperledger/fabric-ca    networks:        - fabric-ca    ports:        - 7054:7054

docker-compose up -d rca-org1

2.注册 Org1 的 CA 管理员

Peer 1 (peer1-org1)
Peer 2 (peer2-org1)
Admin (admin1-org1)
End user (user-org1)

export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pemexport FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/ca/adminfabric-ca-client enroll -d -u https://rca-org1-admin:rca-org1-adminpw@0.0.0.0:7054fabric-ca-client register -d --id.name peer1-org1 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7054fabric-ca-client register -d --id.name peer2-org1 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7054fabric-ca-client register -d --id.name admin-org1 --id.secret org1AdminPW --id.type user -u https://0.0.0.0:7054fabric-ca-client register -d --id.name user-org1 --id.secret org1UserPW --id.type user -u https://0.0.0.0:7054

五、设置 org2 的CA

1.启动容器

rca-org2:    container_name: rca-org2    image: hyperledger/fabric-ca:1.4.9    command: /bin/bash -c 'fabric-ca-server start -d -b rca-org2-admin:rca-org2-adminpw --port 7055'    environment:        - FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto        - FABRIC_CA_SERVER_TLS_ENABLED=true        - FABRIC_CA_SERVER_CSR_CN=rca-org2        - FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0        - FABRIC_CA_SERVER_DEBUG=true    volumes:        - /tmp/hyperledger/org2/ca:/tmp/hyperledger/fabric-ca    networks:        - fabric-ca    ports:        - 7055:7055

docker-compose up -d rca-org2

2.注册org2的管理员

export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/ca/crypto/ca-cert.pemexport FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/ca/adminfabric-ca-client enroll -d -u https://rca-org2-admin:rca-org2-adminpw@0.0.0.0:7055fabric-ca-client register -d --id.name peer1-org2 --id.secret peer1PW --id.type peer -u https://0.0.0.0:7055fabric-ca-client register -d --id.name peer2-org2 --id.secret peer2PW --id.type peer -u https://0.0.0.0:7055fabric-ca-client register -d --id.name admin-org2 --id.secret org2AdminPW --id.type user --id.attrs "abac.init=true:ecert" -u https://0.0.0.0:7055fabric-ca-client register -d --id.name user-org2 --id.secret org2UserPW --id.type user -u https://0.0.0.0:7055

六、注册org0

1. 准备证书

mkdir -p /tmp/hyperledger/org0/orderer/assets/cacp /tmp/hyperledger/org0/ca/admin/msp/cacerts/0-0-0-0-7053.pem /tmp/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pemmkdir -p /tmp/hyperledger/org0/orderer/assets/tls-cacp /tmp/hyperledger/tls-ca/admin/msp/cacerts/0-0-0-0-7052.pem /tmp/hyperledger/org0/orderer/assets/tls-ca/tls-ca-cert.pem

2. 注册身份

export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/ordererexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://orderer1-org0:ordererpw@0.0.0.0:7053

3. tls-ca注册

export FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer/assets/tls-ca/tls-ca-cert.pemfabric-ca-client enroll -d -u https://orderer1-org0:ordererPW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts orderer1-org0####修改私钥名称为key.pemcp /tmp/hyperledger/org0/orderer/tls-msp/keystore/*_sk /tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pemecho "Enroll Admin"export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/adminexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://admin-org0:org0adminpw@0.0.0.0:7053mkdir -p /tmp/hyperledger/org0/orderer/msp/admincertscp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /tmp/hyperledger/org0/orderer/msp/admincerts/orderer-admin-cert.pemmkdir -p /tmp/hyperledger/org0/msp/{admincerts,cacerts,tlscacerts,users}cp /tmp/hyperledger/org0/orderer/assets/ca/org0-ca-cert.pem /tmp/hyperledger/org0/msp/cacerts/cp /tmp/hyperledger/org0/orderer/assets/tls-ca/tls-ca-cert.pem /tmp/hyperledger/org0/msp/tlscacerts/cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /tmp/hyperledger/org0/msp/admincerts/admin-org0-cert.pemecho "Org0 done"

七、注册org1

1. 准备证书

echo "Enroll Peer1"mkdir -p /tmp/hyperledger/org1/peer1/assets/cacp /tmp/hyperledger/org1/ca/admin/msp/cacerts/0-0-0-0-7054.pem /tmp/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pemmkdir -p /tmp/hyperledger/org1/peer1/assets/tls-cacp /tmp/hyperledger/tls-ca/admin/msp/cacerts/0-0-0-0-7052.pem /tmp/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem

2. 注册peer1

export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/peer1export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://peer1-org1:peer1PW@0.0.0.0:7054

3. tls-ca注册

mkdir -p /tmp/hyperledger/org1/peer2/assets/tls-ca/cp /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem /tmp/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pemfabric-ca-client enroll -d -u https://peer2-org1:peer2PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer2-org1mv /tmp/hyperledger/org1/peer2/tls-msp/keystore/* /tmp/hyperledger/org1/peer2/tls-msp/keystore/key.pem

4.准备证书

echo "Enroll Peer2"mkdir -p /tmp/hyperledger/org1/peer2/assets/cacp /tmp/hyperledger/org1/ca/admin/msp/cacerts/0-0-0-0-7054.pem /tmp/hyperledger/org1/peer2/assets/ca/org1-ca-cert.pemmkdir -p /tmp/hyperledger/org1/peer2/assets/tls-cacp /tmp/hyperledger/tls-ca/admin/msp/cacerts/0-0-0-0-7052.pem /tmp/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pem

5.注册peer2

export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/peer2export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer2/assets/ca/org1-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://peer2-org1:peer2PW@0.0.0.0:7054

6.tls-ca 注册

export FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pemfabric-ca-client enroll -d -u https://peer2-org1:peer2PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer2-org1cp /tmp/hyperledger/org1/peer2/tls-msp/keystore/*_sk /tmp/hyperledger/org1/peer2/tls-msp/keystore/key.pem

7.注册org1的admin

echo "Enroll Admin"export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/adminexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://admin-org1:org1AdminPW@0.0.0.0:7054mkdir -p /tmp/hyperledger/org1/peer1/msp/admincertscp /tmp/hyperledger/org1/admin/msp/signcerts/cert.pem /tmp/hyperledger/org1/peer1/msp/admincerts/org1-admin-cert.pemmkdir -p /tmp/hyperledger/org1/peer2/msp/admincertscp /tmp/hyperledger/org1/admin/msp/signcerts/cert.pem /tmp/hyperledger/org1/peer2/msp/admincerts/org1-admin-cert.pemmkdir -p /tmp/hyperledger/org1/admin/msp/admincertscp /tmp/hyperledger/org1/admin/msp/signcerts/cert.pem /tmp/hyperledger/org1/admin/msp/admincerts/org1-admin-cert.pemmkdir -p /tmp/hyperledger/org1/msp/{admincerts,cacerts,tlscacerts,users}cp /tmp/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem /tmp/hyperledger/org1/msp/cacerts/cp /tmp/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem /tmp/hyperledger/org1/msp/tlscacerts/cp /tmp/hyperledger/org1/admin/msp/signcerts/cert.pem /tmp/hyperledger/org1/msp/admincerts/admin-org1-cert.pem

八、注册0rg2

1.准备证书

echo "Enroll Peer1"mkdir -p /tmp/hyperledger/org2/peer1/assets/cacp /tmp/hyperledger/org2/ca/admin/msp/cacerts/0-0-0-0-7055.pem /tmp/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pemmkdir -p /tmp/hyperledger/org2/peer1/assets/tls-cacp /tmp/hyperledger/tls-ca/admin/msp/cacerts/0-0-0-0-7052.pem /tmp/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem

2.注册peer1

export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/peer1export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://peer1-org2:peer1PW@0.0.0.0:7055

3.tls-ca注册

export FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pemfabric-ca-client enroll -d -u https://peer1-org2:peer1PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer1-org2sleep 5cp /tmp/hyperledger/org2/peer1/tls-msp/keystore/*_sk /tmp/hyperledger/org2/peer1/tls-msp/keystore/key.pem

4.准备证书

echo "Enroll Peer2"mkdir -p /tmp/hyperledger/org2/peer2/assets/cacp /tmp/hyperledger/org2/ca/admin/msp/cacerts/0-0-0-0-7055.pem /tmp/hyperledger/org2/peer2/assets/ca/org2-ca-cert.pemmkdir -p /tmp/hyperledger/org2/peer2/assets/tls-cacp /tmp/hyperledger/tls-ca/admin/msp/cacerts/0-0-0-0-7052.pem /tmp/hyperledger/org2/peer2/assets/tls-ca/tls-ca-cert.pem

5.注册peer2

export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/peer2export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer2/assets/ca/org2-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://peer2-org2:peer2PW@0.0.0.0:7055

6.tls-ca 注册

export FABRIC_CA_CLIENT_MSPDIR=tls-mspexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer2/assets/tls-ca/tls-ca-cert.pemfabric-ca-client enroll -d -u https://peer2-org2:peer2PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer2-org2sleep 5cp /tmp/hyperledger/org2/peer2/tls-msp/keystore/*_sk /tmp/hyperledger/org2/peer2/tls-msp/keystore/key.pem

7.注册org2的admin

echo "Enroll Admin"export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/adminexport FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pemexport FABRIC_CA_CLIENT_MSPDIR=mspfabric-ca-client enroll -d -u https://admin-org2:org2AdminPW@0.0.0.0:7055mkdir -p /tmp/hyperledger/org2/peer1/msp/admincertscp /tmp/hyperledger/org2/admin/msp/signcerts/cert.pem /tmp/hyperledger/org2/peer1/msp/admincerts/org2-admin-cert.pemmkdir -p /tmp/hyperledger/org2/peer2/msp/admincertscp /tmp/hyperledger/org2/admin/msp/signcerts/cert.pem /tmp/hyperledger/org2/peer2/msp/admincerts/org2-admin-cert.pemmkdir -p /tmp/hyperledger/org2/admin/msp/admincertscp /tmp/hyperledger/org2/admin/msp/signcerts/cert.pem /tmp/hyperledger/org2/admin/msp/admincerts/org2-admin-cert.pemmkdir -p /tmp/hyperledger/org2/msp/{admincerts,cacerts,tlscacerts,users}cp /tmp/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem /tmp/hyperledger/org2/msp/cacerts/cp /tmp/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem /tmp/hyperledger/org2/msp/tlscacerts/cp /tmp/hyperledger/org2/admin/msp/signcerts/cert.pem /tmp/hyperledger/org2/msp/admincerts/admin-org2-cert.pem

九、启动org1，org2、orderer

1.启动org1，org2的peer节点

查看docker-compose 文件  peer1-org1:    container_name: peer1-org1    image: hyperledger/fabric-peer:2.2.2    environment:        - CORE_PEER_ID=peer1-org1        - CORE_PEER_ADDRESS=peer1-org1:7051        - CORE_PEER_LOCALMSPID=org1MSP        - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/peer1/msp        - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock        - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=guide_fabric-ca        - FABRIC_LOGGING_SPEC=info        - CORE_PEER_TLS_ENABLED=true        - CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org1/peer1/tls-msp/signcerts/cert.pem        - CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org1/peer1/tls-msp/keystore/key.pem        - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem        - CORE_PEER_GOSSIP_USELEADERELECTION=true        - CORE_PEER_GOSSIP_ORGLEADER=false        - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1-org1:7051        - CORE_PEER_GOSSIP_SKIPHANDSHAKE=true    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1/peer1    volumes:        - /var/run:/host/var/run        - /tmp/hyperledger/org1/peer1:/tmp/hyperledger/org1/peer1    networks:        - fabric-capeer2-org1:    container_name: peer2-org1    image: hyperledger/fabric-peer:2.2.2    environment:        - CORE_PEER_ID=peer2-org1        - CORE_PEER_ADDRESS=peer2-org1:7051        - CORE_PEER_LOCALMSPID=org1MSP        - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/peer2/msp        - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock        - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=guide_fabric-ca        - FABRIC_LOGGING_SPEC=info        - CORE_PEER_TLS_ENABLED=true        - CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org1/peer2/tls-msp/signcerts/cert.pem        - CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org1/peer2/tls-msp/keystore/key.pem        - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org1/peer2/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem        - CORE_PEER_GOSSIP_USELEADERELECTION=true        - CORE_PEER_GOSSIP_ORGLEADER=false        - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2-org1:7051        - CORE_PEER_GOSSIP_SKIPHANDSHAKE=true        - CORE_PEER_GOSSIP_BOOTSTRAP=peer1-org1:7051    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1/peer2    volumes:        - /var/run:/host/var/run        - /tmp/hyperledger/org1/peer2:/tmp/hyperledger/org1/peer2    networks:           - fabric-ca peer1-org2:    container_name: peer1-org2    image: hyperledger/fabric-peer:2.2.2    environment:        - CORE_PEER_ID=peer1-org2        - CORE_PEER_ADDRESS=peer1-org2:7051        - CORE_PEER_LOCALMSPID=org2MSP        - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/peer1/msp        - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock        - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=guide_fabric-ca        - FABRIC_LOGGING_SPEC=info        - CORE_PEER_TLS_ENABLED=true        - CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org2/peer1/tls-msp/signcerts/cert.pem        - CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org2/peer1/tls-msp/keystore/key.pem        - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem        - CORE_PEER_GOSSIP_USELEADERELECTION=true        - CORE_PEER_GOSSIP_ORGLEADER=false        - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1-org2:7051        - CORE_PEER_GOSSIP_SKIPHANDSHAKE=true    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2/peer1    volumes:        - /var/run:/host/var/run        - /tmp/hyperledger/org2/peer1:/tmp/hyperledger/org2/peer1    networks:        - fabric-ca peer2-org2:    container_name: peer2-org2    image: hyperledger/fabric-peer:2.2.2    environment:        - CORE_PEER_ID=peer2-org2        - CORE_PEER_ADDRESS=peer2-org2:7051        - CORE_PEER_LOCALMSPID=org2MSP        - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/peer2/msp        - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock        - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=guide_fabric-ca        - FABRIC_LOGGING_SPEC=info        - CORE_PEER_TLS_ENABLED=true        - CORE_PEER_TLS_CERT_FILE=/tmp/hyperledger/org2/peer2/tls-msp/signcerts/cert.pem        - CORE_PEER_TLS_KEY_FILE=/tmp/hyperledger/org2/peer2/tls-msp/keystore/key.pem        - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org2/peer2/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem        - CORE_PEER_GOSSIP_USELEADERELECTION=true        - CORE_PEER_GOSSIP_ORGLEADER=false        - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2-org2:7051        - CORE_PEER_GOSSIP_SKIPHANDSHAKE=true        - CORE_PEER_GOSSIP_BOOTSTRAP=peer1-org2:7051    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2/peer2    volumes:        - /var/run:/host/var/run        - /tmp/hyperledger/org2/peer2:/tmp/hyperledger/org2/peer2    networks:            - fabric-ca

docker-compose up -d peer1-org1 peer2-org1 peer1-org2 peer2-org2

2.查看configtx.yaml

 export FABRIC_CFG_PATH=$PWD

# Copyright IBM Corp. All Rights Reserved.## SPDX-License-Identifier: Apache-2.0#---##################################################################################   Section: Organizations##   - This section defines the different organizational identities which will#   be referenced later in the configuration.#################################################################################Organizations:    # SampleOrg defines an MSP using the sampleconfig.  It should never be used    # in production but may be used as a template for other definitions    - &org0        # DefaultOrg defines the organization which is used in the sampleconfig        # of the fabric.git development environment        Name: org0MSP        # ID to load the MSP definition as        ID: org0MSP        # MSPDir is the filesystem path which contains the MSP configuration        #MSPDir: ../configtx/org0/msp        MSPDir: /tmp/hyperledger/org0/msp        # Policies defines the set of policies at this level of the config tree        # For organization policies, their canonical path is usually        #   /Channel///        Policies:            Readers:                Type: Signature                Rule: "OR('org0MSP.member')"            Writers:                Type: Signature                Rule: "OR('org0MSP.member')"            Admins:                Type: Signature                Rule: "OR('org0MSP.admin')"        OrdererEndpoints:            - orderer1-org0:7050    - &org1        # DefaultOrg defines the organization which is used in the sampleconfig        # of the fabric.git development environment        Name: org1MSP        # ID to load the MSP definition as        ID: org1MSP        #MSPDir: ../configtx/org1/msp        MSPDir: /tmp/hyperledger/org1/msp        # Policies defines the set of policies at this level of the config tree        # For organization policies, their canonical path is usually        #   /Channel///        Policies:            Readers:                Type: Signature                Rule: "OR('org1MSP.admin', 'org1MSP.peer', 'org1MSP.client')"            Writers:                Type: Signature                Rule: "OR('org1MSP.admin', 'org1MSP.client')"            Admins:                Type: Signature                Rule: "OR('org1MSP.admin')"            Endorsement:                Type: Signature                Rule: "OR('org1MSP.peer')"        # leave this flag set to true.        AnchorPeers:            # AnchorPeers defines the location of peers which can be used            # for cross org gossip communication.  Note, this value is only            # encoded in the genesis block in the Application section context            - Host: peer1-org1              Port: 7051    - &org2        # DefaultOrg defines the organization which is used in the sampleconfig        # of the fabric.git development environment        Name: org2MSP        # ID to load the MSP definition as        ID: org2MSP        #MSPDir: ../configtx/org2/msp        MSPDir: /tmp/hyperledger/org2/msp        # Policies defines the set of policies at this level of the config tree        # For organization policies, their canonical path is usually        #   /Channel///        Policies:            Readers:                Type: Signature                Rule: "OR('org2MSP.admin', 'org2MSP.peer', 'org2MSP.client')"            Writers:                Type: Signature                Rule: "OR('org2MSP.admin', 'org2MSP.client')"            Admins:                Type: Signature                Rule: "OR('org2MSP.admin')"            Endorsement:                Type: Signature                Rule: "OR('org2MSP.peer')"        AnchorPeers:            # AnchorPeers defines the location of peers which can be used            # for cross org gossip communication.  Note, this value is only            # encoded in the genesis block in the Application section context            - Host: peer1-org2              Port: 7051##################################################################################   SECTION: Capabilities##   - This section defines the capabilities of fabric network. This is a new#   concept as of v1.1.0 and should not be utilized in mixed networks with#   v1.0.x peers and orderers.  Capabilities define features which must be#   present in a fabric binary for that binary to safely participate in the#   fabric network.  For instance, if a new MSP type is added, newer binaries#   might recognize and validate the signatures from this type, while older#   binaries without this support would be unable to validate those#   transactions.  This could lead to different versions of the fabric binaries#   having different world states.  Instead, defining a capability for a channel#   informs those binaries without this capability that they must cease#   processing transactions until they have been upgraded.  For v1.0.x if any#   capabilities are defined (including a map with all capabilities turned off)#   then the v1.0.x peer will deliberately crash.#################################################################################Capabilities:    # Channel capabilities apply to both the orderers and the peers and must be    # supported by both.    # Set the value of the capability to true to require it.    Channel: &ChannelCapabilities        # V2_0 capability ensures that orderers and peers behave according        # to v2.0 channel capabilities. Orderers and peers from        # prior releases would behave in an incompatible way, and are therefore        # not able to participate in channels at v2.0 capability.        # Prior to enabling V2.0 channel capabilities, ensure that all        # orderers and peers on a channel are at v2.0.0 or later.        V2_0: true    # Orderer capabilities apply only to the orderers, and may be safely    # used with prior release peers.    # Set the value of the capability to true to require it.    Orderer: &OrdererCapabilities        # V2_0 orderer capability ensures that orderers behave according        # to v2.0 orderer capabilities. Orderers from        # prior releases would behave in an incompatible way, and are therefore        # not able to participate in channels at v2.0 orderer capability.        # Prior to enabling V2.0 orderer capabilities, ensure that all        # orderers on channel are at v2.0.0 or later.        V2_0: true    # Application capabilities apply only to the peer network, and may be safely    # used with prior release orderers.    # Set the value of the capability to true to require it.    Application: &ApplicationCapabilities        # V2_0 application capability ensures that peers behave according        # to v2.0 application capabilities. Peers from        # prior releases would behave in an incompatible way, and are therefore        # not able to participate in channels at v2.0 application capability.        # Prior to enabling V2.0 application capabilities, ensure that all        # peers on channel are at v2.0.0 or later.        V2_0: true##################################################################################   SECTION: Application##   - This section defines the values to encode into a config transaction or#   genesis block for application related parameters#################################################################################Application: &ApplicationDefaults    # Organizations is the list of orgs which are defined as participants on    # the application side of the network    Organizations:    # Policies defines the set of policies at this level of the config tree    # For Application policies, their canonical path is    #   /Channel/Application/    Policies:        Readers:            Type: ImplicitMeta            Rule: "ANY Readers"        Writers:            Type: ImplicitMeta            Rule: "ANY Writers"        Admins:            Type: ImplicitMeta            Rule: "MAJORITY Admins"        LifecycleEndorsement:            Type: ImplicitMeta            Rule: "MAJORITY Endorsement"        Endorsement:            Type: ImplicitMeta            Rule: "MAJORITY Endorsement"    Capabilities:        <<: *ApplicationCapabilities##################################################################################   SECTION: Orderer##   - This section defines the values to encode into a config transaction or#   genesis block for orderer related parameters#################################################################################Orderer: &OrdererDefaults    # Orderer Type: The orderer implementation to start    OrdererType: etcdraft    EtcdRaft:        Consenters:        - Host: orderer1-org0          Port: 7050          ClientTLSCert: /tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem          ServerTLSCert: /tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem    # Batch Timeout: The amount of time to wait before creating a batch    BatchTimeout: 2s    # Batch Size: Controls the number of messages batched into a block    BatchSize:        # Max Message Count: The maximum number of messages to permit in a batch        MaxMessageCount: 10        # Absolute Max Bytes: The absolute maximum number of bytes allowed for        # the serialized messages in a batch.        AbsoluteMaxBytes: 99 MB        # Preferred Max Bytes: The preferred maximum number of bytes allowed for        # the serialized messages in a batch. A message larger than the preferred        # max bytes will result in a batch larger than preferred max bytes.        PreferredMaxBytes: 512 KB    # Organizations is the list of orgs which are defined as participants on    # the orderer side of the network    Organizations:    # Policies defines the set of policies at this level of the config tree    # For Orderer policies, their canonical path is    #   /Channel/Orderer/    Policies:        Readers:            Type: ImplicitMeta            Rule: "ANY Readers"        Writers:            Type: ImplicitMeta            Rule: "ANY Writers"        Admins:            Type: ImplicitMeta            Rule: "MAJORITY Admins"        # BlockValidation specifies what signatures must be included in the block        # from the orderer for the peer to validate it.        BlockValidation:            Type: ImplicitMeta            Rule: "ANY Writers"##################################################################################   CHANNEL##   This section defines the values to encode into a config transaction or#   genesis block for channel related parameters.#################################################################################Channel: &ChannelDefaults    # Policies defines the set of policies at this level of the config tree    # For Channel policies, their canonical path is    #   /Channel/    Policies:        # Who may invoke the 'Deliver' API        Readers:            Type: ImplicitMeta            Rule: "ANY Readers"        # Who may invoke the 'Broadcast' API        Writers:            Type: ImplicitMeta            Rule: "ANY Writers"        # By default, who may modify elements at this config level        Admins:            Type: ImplicitMeta            Rule: "MAJORITY Admins"    # Capabilities describes the channel level capabilities, see the    # dedicated Capabilities section elsewhere in this file for a full    # description    Capabilities:        <<: *ChannelCapabilities##################################################################################   Profile##   - Different configuration profiles may be encoded here to be specified#   as parameters to the configtxgen tool#################################################################################Profiles:    TwoOrgsOrdererGenesis:        <<: *ChannelDefaults        Orderer:            <<: *OrdererDefaults            Organizations:                - *org0            Capabilities:                <<: *OrdererCapabilities        Consortiums:            SampleConsortium:                Organizations:                    - *org1                    - *org2    TwoOrgsChannel:        Consortium: SampleConsortium        <<: *ChannelDefaults        Application:            <<: *ApplicationDefaults            Organizations:                - *org1                - *org2            Capabilities:                <<: *ApplicationCapabilities

3.创建创世块和通道交易

configtxgen -profile TwoOrgsOrdererGenesis -outputBlock /tmp/hyperledger/org0/orderer/genesis.block -channelID syschannelsleep 5configtxgen -profile TwoOrgsChannel -outputCreateChannelTx /tmp/hyperledger/org0/orderer/channel.tx -channelID mychannel

4.启动orderer,cli-org1,cli-org2

查看docker-compose  orderer1-org0:    container_name: orderer1-org0    image: hyperledger/fabric-orderer:2.2.2    environment:        - ORDERER_HOME=/tmp/hyperledger/orderer        - ORDERER_HOST=orderer1-org0        - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0        - ORDERER_GENERAL_GENESISMETHOD=file        - ORDERER_GENERAL_GENESISFILE=/tmp/hyperledger/org0/orderer/genesis.block        - ORDERER_GENERAL_LOCALMSPID=org0MSP        - ORDERER_GENERAL_LOCALMSPDIR=/tmp/hyperledger/org0/orderer/msp        - ORDERER_GENERAL_TLS_ENABLED=true        - ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/hyperledger/org0/orderer/tls-msp/signcerts/cert.pem        - ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/hyperledger/org0/orderer/tls-msp/keystore/key.pem        - ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/hyperledger/org0/orderer/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem]        - ORDERER_GENERAL_LOGLEVEL=debug        - ORDERER_DEBUG_BROADCASTTRACEDIR=data/logs    volumes:      - /tmp/hyperledger/org0/orderer:/tmp/hyperledger/org0/orderer/    networks:      - fabric-ca    ports:      - 7050:7050  cli-org1:    container_name: cli-org1    image: hyperledger/fabric-tools:2.2.2    tty: true    stdin_open: true    environment:      - GOPATH=/opt/gopath      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock      - FABRIC_LOGGING_SPEC=DEBUG      - CORE_PEER_ID=cli-org1      - CORE_PEER_ADDRESS=peer1-org1:7051      - CORE_PEER_LOCALMSPID=org1MSP      - CORE_PEER_TLS_ENABLED=true      - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem      - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/peer1/msp    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org1    command: sh    volumes:      - /tmp/hyperledger/org1/peer1:/tmp/hyperledger/org1/peer1      - /tmp/hyperledger/org1/peer1/assets/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode      - /tmp/hyperledger/org1/admin:/tmp/hyperledger/org1/admin    networks:      - fabric-ca  cli-org2:    container_name: cli-org2    image: hyperledger/fabric-tools:2.2.2    tty: true    stdin_open: true    environment:      - GOPATH=/opt/gopath      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock      - FABRIC_LOGGING_SPEC=DEBUG      - CORE_PEER_ID=cli-org2      - CORE_PEER_ADDRESS=peer1-org2:7051      - CORE_PEER_LOCALMSPID=org2MSP      - CORE_PEER_TLS_ENABLED=true      - CORE_PEER_TLS_ROOTCERT_FILE=/tmp/hyperledger/org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem      - CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/peer1/msp    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/org2    command: sh    volumes:      - /tmp/hyperledger/org2/peer1:/tmp/hyperledger/org2/peer1      - /tmp/hyperledger/org1/peer1/assets/chaincode:/opt/gopath/src/github.com/hyperledger/fabric-samples/chaincode      - /tmp/hyperledger/org2/admin:/tmp/hyperledger/org2/admin    networks:      - fabric-ca

docker-compose up -d orderer1-org0 cli-org1 cli-org2

5.查看容器状态

[root@10 fabric]# docker ps -aCONTAINER ID   IMAGE                              COMMAND                  CREATED        STATUS        PORTS                                                 NAMESb0b8cfdf19fc   hyperledger/fabric-tools:2.2.2     "sh"                     11 hours ago   Up 11 hours                                                    cli-org18d09489a5f5c   hyperledger/fabric-tools:2.2.2     "sh"                     11 hours ago   Up 11 hours                                                    cli-org202479659e0a2   hyperledger/fabric-orderer:2.2.2   "orderer"                11 hours ago   Up 11 hours   0.0.0.0:7050->7050/tcp, :::7050->7050/tcp             orderer1-org091252c73d1ae   hyperledger/fabric-peer:2.2.2      "peer node start"        11 hours ago   Up 11 hours   7051/tcp                                              peer2-org2717b6ff28cee   hyperledger/fabric-peer:2.2.2      "peer node start"        11 hours ago   Up 11 hours   7051/tcp                                              peer2-org17ed9b9ed7038   hyperledger/fabric-peer:2.2.2      "peer node start"        11 hours ago   Up 11 hours   7051/tcp                                              peer1-org14c11783e2513   hyperledger/fabric-peer:2.2.2      "peer node start"        11 hours ago   Up 11 hours   7051/tcp                                              peer1-org24c2cbaebfb85   hyperledger/fabric-ca:1.4.9        "/bin/bash -c 'fabri…"   11 hours ago   Up 11 hours   7054/tcp, 0.0.0.0:7055->7055/tcp, :::7055->7055/tcp   rca-org2efa57941cf30   hyperledger/fabric-ca:1.4.9        "sh -c 'fabric-ca-se…"   11 hours ago   Up 11 hours   0.0.0.0:7054->7054/tcp, :::7054->7054/tcp             rca-org1bdd73fe9529a   hyperledger/fabric-ca:1.4.9        "sh -c 'fabric-ca-se…"   11 hours ago   Up 11 hours   0.0.0.0:7053->7053/tcp, :::7053->7053/tcp, 7054/tcp   rca-org0af6ac116c410   hyperledger/fabric-ca:1.4.9        "sh -c 'fabric-ca-se…"   11 hours ago   Up 11 hours   0.0.0.0:7052->7052/tcp, :::7052->7052/tcp, 7054/tcp   ca-tls

十、创建和加入通道

1.peer1创建通道

将通道配置文件复制到peer1

cp /tmp/hyperledger/org0/orderer/channel.tx /tmp/hyperledger/org1/peer1/assets/

2.创建通道并加入

1)org1创建通道

docker exec -it cli-org1 sh

export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msppeer channel create -c mychannel -f /tmp/hyperledger/org1/peer1/assets/channel.tx -o orderer1-org0:7050 --outputBlock /tmp/hyperledger/org1/peer1/assets/mychannel.block --tls --cafile /tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem#2022-06-08 06:47:47.572 UTC [msp.identity] Sign -> DEBU 03f Sign: plaintext: 0AFB070A1508051A0608938C81950622...421646E0A4CE12080A021A0012021A00#2022-06-08 06:47:47.572 UTC [msp.identity] Sign -> DEBU 040 Sign: digest: 81B641C28BB08FADBA8BD3498A47E9E63D2DF25829F9C9BF3FA72B0BA741BC45#2022-06-08 06:47:47.613 UTC [cli.common] readBlock -> INFO 041 Received block: 0

结果是mychannel.block保存在org1/peer1/assets/

2)peer1、peer2加入通道

使用 org1 终端加入peer1-org1和peer2 -org1

export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/mspexport CORE_PEER_ADDRESS=peer1-org1:7051peer channel join -b /tmp/hyperledger/org1/peer1/assets/mychannel.block#2022-06-08 06:48:27.246 UTC [msp.identity] Sign -> DEBU 02c Sign: plaintext: 0AC1080A5B08011A0B08BB8C81950610...8C4986F31A0A0A000A000A000A000A00#2022-06-08 06:48:27.246 UTC [msp.identity] Sign -> DEBU 02d Sign: digest: B697CD25AFDCF753EB09C44319F04BA3CBBA13B2DCD4B09EE132AC27E78DB9A5#2022-06-08 06:48:27.365 UTC [channelCmd] executeJoin -> INFO 02e Successfully submitted proposal to join channelexport CORE_PEER_ADDRESS=peer2-org1:7051peer channel join -b /tmp/hyperledger/org1/peer1/assets/mychannel.block#2022-06-08 06:49:07.257 UTC [msp.identity] Sign -> DEBU 02c Sign: plaintext: 0AC1080A5B08011A0B08E38C81950610...8C4986F31A0A0A000A000A000A000A00#2022-06-08 06:49:07.257 UTC [msp.identity] Sign -> DEBU 02d Sign: digest: 1C4926FB92DA59227BDB629D0CB918583533191B6413EEE51FA42FA36B3FC1C3#2022-06-08 06:49:07.360 UTC [channelCmd] executeJoin -> INFO 02e Successfully submitted proposal to join channel

3)org2加入通道

cp /tmp/hyperledger/org1/peer1/assets/mychannel.block /tmp/hyperledger/org2/peer1/assets/

4) peer1、peer2加入通道

使用 org2 终端加入peer1-org1和peer2 -org1

docker exec -it cli-org2 sh

export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/admin/mspexport CORE_PEER_ADDRESS=peer1-org2:7051peer channel join -b /tmp/hyperledger/org2/peer1/assets/mychannel.block#2022-06-08 06:50:13.319 UTC [msp.identity] Sign -> DEBU 02c Sign: plaintext: 0ADB080A5C08011A0C08A58D81950610...8C4986F31A0A0A000A000A000A000A00#2022-06-08 06:50:13.319 UTC [msp.identity] Sign -> DEBU 02d Sign: digest: D52F4ED7EBBEC8AAD901B0EEA677027BD142B1582E239E8A175ADA8EEE798D01#2022-06-08 06:50:13.450 UTC [channelCmd] executeJoin -> INFO 02e Successfully submitted proposal to join channelexport CORE_PEER_ADDRESS=peer2-org2:7051peer channel join -b /tmp/hyperledger/org2/peer1/assets/mychannel.block#2022-06-08 06:50:44.337 UTC [msp.identity] Sign -> DEBU 02c Sign: plaintext: 0ADB080A5C08011A0C08C48D81950610...8C4986F31A0A0A000A000A000A000A00#2022-06-08 06:50:44.337 UTC [msp.identity] Sign -> DEBU 02d Sign: digest: 1A019F2C1A98DF6B276317A24734BB892D4BD996EBEF76BB8ECADE18FA9935E4#2022-06-08 06:50:44.471 UTC [channelCmd] executeJoin -> INFO 02e Successfully submitted proposal to join channel

5)检查通道是否加入成功

在org1终端peer channel getinfo -c mychannel#2022-06-08 06:51:34.362 UTC [msp.identity] Sign -> DEBU 02c Sign: plaintext: 0AC2080A5C08031A0C08F68D81950610...6E496E666F0A096D796368616E6E656C#2022-06-08 06:51:34.362 UTC [msp.identity] Sign -> DEBU 02d Sign: digest: 96F334B615878C69A800D21C7BB73FB07C001A6651B2025B4E1F813A0BC0E0E1#Blockchain info: {"height":1,"currentBlockHash":"fSiblHfyDAgNcTnsCMY5jfEu9tW9kBcUDw9h5a74APs="}CORE_PEER_ADDRESS=peer2-org1:7051 peer channel getinfo -c mychannel#2022-06-08 06:52:19.102 UTC [msp.identity] Sign -> DEBU 02c Sign: plaintext: 0AC1080A5B08031A0B08A38E81950610...6E496E666F0A096D796368616E6E656C#2022-06-08 06:52:19.102 UTC [msp.identity] Sign -> DEBU 02d Sign: digest: DCB3D1F065993FEF0D30B8FE9F9380B90BD7D8CDE9AC4E0B4BAEE20EBCA428A9#Blockchain info: {"height":1,"currentBlockHash":"fSiblHfyDAgNcTnsCMY5jfEu9tW9kBcUDw9h5a74APs="}在org2终端peer channel getinfo -c mychannel#2022-06-08 06:52:57.106 UTC [msp.identity] Sign -> DEBU 02c Sign: plaintext: 0ADA080A5B08031A0B08C98E81950610...6E496E666F0A096D796368616E6E656C#2022-06-08 06:52:57.106 UTC [msp.identity] Sign -> DEBU 02d Sign: digest: 3DC6AE9852CBD7D1FF12EE739CB2F659518A9F71075B2A1711E5A52B29C0E833#Blockchain info: {"height":1,"currentBlockHash":"fSiblHfyDAgNcTnsCMY5jfEu9tW9kBcUDw9h5a74APs="}CORE_PEER_ADDRESS=peer2-org2:7051 peer channel getinfo -c mychannel#2022-06-08 06:53:27.249 UTC [msp.identity] Sign -> DEBU 02c Sign: plaintext: 0ADA080A5B08031A0B08E78E81950610...6E496E666F0A096D796368616E6E656C#2022-06-08 06:53:27.249 UTC [msp.identity] Sign -> DEBU 02d Sign: digest: 41FB0E99481FE63FF419E66336E595EAAA4BF21E4BD6942C776CDB8D08D0FC6D#Blockchain info: {"height":1,"currentBlockHash":"fSiblHfyDAgNcTnsCMY5jfEu9tW9kBcUDw9h5a74APs="}我们应该得到上面四个命令的相同结果，这意味着所有peer都具有相同的账本（区块链）

十一、安装和实例化链码

1.链码拷贝到cli-org1 容器内

cp -rp /tmp/fabric-samples/fabcar/go/* /tmp/hyperledger/org1/peer1/assets/chaincode

2.在cli-org1安装

#{containerID} 是cli-org1 #docker cp /tmp/fabric-samples/chaincode {containerID}:/opt/gopath/src/github.com/hyperledger/fabric-samples/#docker cp /tmp/fabric-samples/asset-transfer-basic/chaincode-go/vendor/github.com/hyperledger/fabric-contract-api-go {containerID}:/opt/gopath/src/github.com/hyperledger/ docker exec -it cli-org1 bash

export GOPROXY=https://goproxy.cn,directexport GO111MODULE=on go mod vendorgo mod vendor export CORE_PEER_ADDRESS=peer1-org1:7051export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/mspcd  /root打包链码peer lifecycle chaincode package basic.tar.gz --path /tmp/hyperledger/org1/peer1/assets/chaincode/ --lang golang --label basic_1.0安装链码peer lifecycle chaincode install basic.tar.gzexport CORE_PEER_ADDRESS=peer2-org1:7051export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org1/admin/msppeer lifecycle chaincode install basic.tar.gz

3. 在cli-org2安装

宿主机执行docker  cp  ${containerId-cli-org1}:/basic.tar.gz /root将打包的链码传到cli-org2

#docker cp /tmp/fabric-samples/chaincode {containerID}:/opt/gopath/src/github.com/hyperledger/fabric-samples/#docker cp /tmp/fabric-samples/asset-transfer-basic/chaincode-go/vendor/github.com/hyperledger/fabric-contract-api-go {containerID}:/opt/gopath/src/github.com/hyperledger/

docker exec -it cli-org2 bash

export GOPROXY=https://goproxy.cn,directexport GO111MODULE=on go mod vendorexport CORE_PEER_ADDRESS=peer1-org2:7051export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/admin/msp安装链码peer lifecycle chaincode install /root/basic.tar.gzexport CORE_PEER_ADDRESS=peer2-org2:7051export CORE_PEER_MSPCONFIGPATH=/tmp/hyperledger/org2/admin/msp安装链码peer lifecycle chaincode install /root/basic.tar.gz查看链码IDpeer lifecycle chaincode queryinstalled#Installed chaincodes on peer:#Package ID: basic_1.0:0e4c1bdc4fa1888d5cb876e91ca3c53cd4630752207e4cc17819ac4ca1a512cd, Label: basic_1.0

Fabric CA 学习记录