Fabric-CA生产环境部署

配置并启动peer节点

小韦云科技-区块链+小程序+公众号+商城+分销+直播+企业官网+外贸电商-为您提供优质的开发服务-电话/微信联系:18123611282

配置组织1的节点

配置组织1里的第一个节点:peer1-org1

把组织1的CA服务器上的ca-cert.pem复制(或下载)到指定目录

mkdir -p /opt/hyperledger/org1/peer1/assets/ca/
cp /opt/hyperledger/org1/ca/crypto/ca-cert.pem /opt/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem

获取组织1节点1的节点证书

export FABRIC_CA_CLIENT_HOME=/opt/hyperledger/org1/peer1
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://peer1-org1:peer1PW@0.0.0.0:7054

获取组织1节点1的TLS证书,用于HTTPS请求,需要先从组织0(注意不是组织1的CA服务器)上的TLS CA服务器上的ca-cert.pem复制(或下载)到指定目录

mkdir -p /opt/hyperledger/org1/peer1/assets/tls-ca
cp /opt/hyperledger/tls-ca/crypto/tls-cert.pem /opt/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem

执行获取组织1节点1的TLS证书操作

export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -d -u https://peer1-org1:peer1PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer1-org1

接着把/opt/hyperledger/org1/peer1/tls-msp/keystore下的文件修改为固定的名称key.pem,方便后续调用

find /opt/hyperledger/org1/peer1/tls-msp/keystore/* -exec mv {} /opt/hyperledger/org1/peer1/tls-msp/keystore/key.pem \;

可能会报mv无法将目录移动至自身的子目录下,不用理会,它已经重命名成功

配置组织1里的第二个节点:peer2-org1

和上面每一个节点一样,不再详细说明,直接执行

#获取组织1节点2的节点证书
mkdir -p /opt/hyperledger/org1/peer2/assets/ca/
cp /opt/hyperledger/org1/ca/crypto/ca-cert.pem /opt/hyperledger/org1/peer2/assets/ca/org1-ca-cert.pem

export FABRIC_CA_CLIENT_HOME=/opt/hyperledger/org1/peer2
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/hyperledger/org1/peer2/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://peer2-org1:peer2PW@0.0.0.0:7054

#获取组织1节点2的TLS证书
mkdir -p /opt/hyperledger/org1/peer2/assets/tls-ca
cp /opt/hyperledger/tls-ca/crypto/tls-cert.pem /opt/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pem

#执行获取组织1节点2的TLS证书操作
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -d -u https://peer2-org1:peer2PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer2-org1

find /opt/hyperledger/org1/peer2/tls-msp/keystore/* -exec mv {} /opt/hyperledger/org1/peer2/tls-msp/keystore/key.pem \;

如果提示 -bash: cd: /opt/hyperledger/org1/peer2/tls-msp/keystore: No such file or directory 这个错误,需要重复执行最后两个命令直到成功

获取org1的管理员证书

获取org1的管理员证书

export FABRIC_CA_CLIENT_HOME=/opt/hyperledger/org1/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://admin-org1:org1AdminPW@0.0.0.0:7054

把组织1的admin证书复制(或下载)到peer1指定的admincerts目录下

mkdir /opt/hyperledger/org1/peer1/msp/admincerts
cp /opt/hyperledger/org1/admin/msp/signcerts/cert.pem /opt/hyperledger/org1/peer1/msp/admincerts/org1-admin-cert.pem

同样复制到peer2上,如果同一个组织下还有其它peer节点,同时需要复制

mkdir /opt/hyperledger/org1/peer2/msp/admincerts
cp /opt/hyperledger/org1/admin/msp/signcerts/cert.pem /opt/hyperledger/org1/peer2/msp/admincerts/org1-admin-cert.pem

以peer1-org1为例子总结下一个peer节点需要的证书

配置组织2的节点

重复上面的操作,只需要把org1 换成 org2,把7054换成7055 就行,如下

mkdir -p /opt/hyperledger/org2/peer1/assets/ca/
cp /opt/hyperledger/org2/ca/crypto/ca-cert.pem /opt/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem

export FABRIC_CA_CLIENT_HOME=/opt/hyperledger/org2/peer1
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://peer1-org2:peer1PW@0.0.0.0:7055

mkdir -p /opt/hyperledger/org2/peer1/assets/tls-ca
cp /opt/hyperledger/tls-ca/crypto/tls-cert.pem /opt/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem

export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -d -u https://peer1-org2:peer1PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer1-org2

find /opt/hyperledger/org2/peer1/tls-msp/keystore/* -exec mv {} /opt/hyperledger/org2/peer1/tls-msp/keystore/key.pem \;

mkdir -p /opt/hyperledger/org2/peer2/assets/ca/
cp /opt/hyperledger/org2/ca/crypto/ca-cert.pem /opt/hyperledger/org2/peer2/assets/ca/org2-ca-cert.pem

export FABRIC_CA_CLIENT_HOME=/opt/hyperledger/org2/peer2
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/hyperledger/org2/peer2/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://peer2-org2:peer2PW@0.0.0.0:7055

mkdir -p /opt/hyperledger/org2/peer2/assets/tls-ca
cp /opt/hyperledger/tls-ca/crypto/tls-cert.pem /opt/hyperledger/org2/peer2/assets/tls-ca/tls-ca-cert.pem

export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/hyperledger/org2/peer2/assets/tls-ca/tls-ca-cert.pem
fabric-ca-client enroll -d -u https://peer2-org2:peer2PW@0.0.0.0:7052 --enrollment.profile tls --csr.hosts peer2-org2

find /opt/hyperledger/org2/peer2/tls-msp/keystore/* -exec mv {} /opt/hyperledger/org2/peer2/tls-msp/keystore/key.pem \;

export FABRIC_CA_CLIENT_HOME=/opt/hyperledger/org2/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/opt/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
fabric-ca-client enroll -d -u https://admin-org2:org2AdminPW@0.0.0.0:7055

mkdir /opt/hyperledger/org2/peer1/msp/admincerts
cp /opt/hyperledger/org2/admin/msp/signcerts/cert.pem /opt/hyperledger/org2/peer1/msp/admincerts/org2-admin-cert.pem

mkdir /opt/hyperledger/org2/peer2/msp/admincerts
cp /opt/hyperledger/org2/admin/msp/signcerts/cert.pem /opt/hyperledger/org2/peer2/msp/admincerts/org2-admin-cert.pem

启动所有peer节点

上面组织1和组织2的节点配置完后,就可以启动了

cd ~/test-ca
docker-compose -f peer-all.yml up -d

peer-all.yml 可从这里下载,它包括下面几个容器

peer1-org1:组织1的peer1容器
peer2-org1:组织1的peer2容器
peer1-org2:组织2的peer1容器
peer2-org2:组织2的peer2容器

总结如下

常见错误

启动peer节点乱码问题

按官网手册,启动peer1-org1节点时会出现乱码,需要把yml里的- FABRIC_LOGGING_SPEC=debug 换成- FABRIC_LOGGING_SPEC=grpc=debug:info才行

networks选项问题

官方手册里有networks这个选项,但直接执行会报错,因为手册里只是其中一部分,它还有外层结构,如

version: '2'
networks:
   fabric-ca:

services:
   peer1-org1:
   # 下面省略节点的配置

需要补充完外层version,networks和services三个选项才算完整的yml文件

本文由小韦云原创,转载请注明出处:https://bctos.cn/doc/14/1906,否则追究其法律责任

关键词:peer节点

广告位招商