2. 程式人生 > >HyperLedger Fabric 1.2 生產環境使用ca生成msp和tls(12)

HyperLedger Fabric 1.2 生產環境使用ca生成msp和tls(12)

阿新 發佈:2018-12-15

       在上一章:Fabric kafka生產環境部署的基礎上部署Fabric CA,使用Fabric CA進行生成公私鑰和證書等檔案,全部替換cryptogen工具,包括生成TLS相關的私鑰和證書等檔案。       Fabric kafka生產環境部署有三個組織,分別為orderer(排序)組織和兩個Peer(節點)組織,對應的ID為example.com、org1.example.com和org2.example.com。為了讓生產環境Fabric CA具有擴充套件性和安全性,存在一個邏輯的根CA(RootCA)和三個中間CA(Intermedia CA),三個中間CA(Intermedia CA)都隸屬根CA(RootCA)。

       三個中間CA(Intermedia CA)分別負責orderer(排序)組織和兩個Peer(節點)組織的公私鑰和證書生成。當有新的組織加入,只需再生成一箇中間CA(Intermedia CA)接入到根CA(RootCA)下,不會影響其它中間CA(Intermedia CA),生產環境CA網路拓撲圖如下:

       

       根據生產環境CA網路拓撲圖,實現生產環境CA的部署及生成上一章:Fabric kafka生產環境部署所需要公私鑰、證書及TLS證書等檔案。生產環境CA部署到上一章:Fabric kafka生產環境部署的kafka3(192.168.235.6)伺服器上;由於四CA都在同一臺電腦,埠號不能使用同一個,對應的埠號如下表:

執行和配置步驟如下:

(一) CA服務啟動1. RootCA啟動1) 建立目錄

# cd $GOPATH/src/github.com/hyperledger/fabric-ca/bin
# mkdir ca-server
# cd ca-server

2) 初始化CA服務

# fabric-ca-server init -b admin:adminpw --home ./rootca

3) 啟動CA服務【命令列啟動】

# fabric-ca-server start -b admin:adminpw --home ./rootca --cfg.affiliations.allowremove --cfg.identities.allowremove

【docker啟動】拷貝檔案docker-rootca.yml到ca-server目錄

# docker-compose -f docker-rootca.yaml up -d

2. IntermediaCA1啟動1) 初始化CA服務

# fabric-ca-server init -b admin1:adminpw1 -u http://admin:[email protected]:7054 --home ./intermediaca1
# vi ./intermediaca1/fabric-ca-server-config.yaml
修改
port: 7055

2) 啟動CA服務【命令列啟動】

# fabric-ca-server start -b admin1:adminpw1 -u http://admin:[email protected]:7054 --home ./intermediaca1 --cfg.affiliations.allowremove --cfg.identities.allowremove

【docker啟動】拷貝檔案docker-intermediaca1.yml到ca-server目錄

# docker-compose -f docker-intermediaca1.yaml up -d

3. IntermediaCAtls1啟動1) 初始化CA服務

# fabric-ca-server init -b admin1:adminpw1 -u http://admin:[email protected]:7054 --home ./intermediacatls1
# vi ./intermediacatls1/fabric-ca-server-config.yaml
修改
port: 8055

2) 啟動CA服務【命令列啟動】

# fabric-ca-server start -b admin1:adminpw1 -u http://admin:[email protected]:7054 --home ./intermediacatls1 --cfg.affiliations.allowremove --cfg.identities.allowremove

【docker啟動】拷貝檔案docker-intermediaca1.yml到ca-server目錄

# docker-compose -f docker-intermediacatls1.yaml up -d

4. IntermediaCA2啟動1) 初始化CA服務

# fabric-ca-server init -b admin2:adminpw2 -u http://admin:[email protected]:7054 --home ./intermediaca2
# vi ./intermediaca2/fabric-ca-server-config.yaml
修改
port:7056

2) 啟動CA服務【命令列啟動】

# fabric-ca-server start -b admin2:adminpw2 -u http://admin:[email protected]:7054 --home ./intermediaca2 --cfg.affiliations.allowremove --cfg.identities.allowremove

【docker啟動】拷貝檔案docker-intermediaca2.yml到ca-server目錄

# docker-compose -f docker-intermediaca2.yaml up -d

5. IntermediaCAtls2啟動1) 初始化CA服務

# fabric-ca-server init -b admin2:adminpw2 -u http://admin:[email protected]:7054 --home ./intermediacatls2
# vi ./intermediacatls2/fabric-ca-server-config.yaml
修改
port:8056

2) 啟動CA服務【命令列啟動】

# fabric-ca-server start -b admin2:adminpw2 -u http://admin:[email protected]:7054 --home ./intermediacatls2 --cfg.affiliations.allowremove --cfg.identities.allowremove

【docker啟動】拷貝檔案docker-intermediaca2.yml到ca-server目錄

# docker-compose -f docker-intermediacatls2.yaml up -d

6. IntermediaCA3啟動1) 初始化CA服務

# fabric-ca-server init -b admin3:adminpw3 -u http://admin:[email protected]:7054 --home ./intermediaca3
# vi ./intermediaca3/fabric-ca-server-config.yaml
修改
port: 7057

2) 啟動CA服務【命令列啟動】

# fabric-ca-server start -b admin3:adminpw3 -u http://admin:[email protected]:7054 --home ./intermediaca3 --cfg.affiliations.allowremove --cfg.identities.allowremove

【docker啟動】拷貝檔案docker-intermediaca3.yml到ca-server目錄

# docker-compose -f docker-intermediaca3.yaml up -d

7. IntermediaCAtls3啟動1) 初始化CA服務

# fabric-ca-server init -b admin3:adminpw3 -u http://admin:[email protected]:7054 --home ./intermediacatls3
# vi ./intermediacatls3/fabric-ca-server-config.yaml
修改
port: 8057

2) 啟動CA服務【命令列啟動】

# fabric-ca-server start -b admin3:adminpw3 -u http://admin:[email protected]:7054 --home ./intermediacatls3 --cfg.affiliations.allowremove --cfg.identities.allowremove

【docker啟動】拷貝檔案docker-intermediaca3.yml到ca-server目錄

# docker-compose -f docker-intermediacatls3.yaml up -d

(二) IntermediaCA1生成證書1. 生成example.com的msp1) 登記example.com

# cd /opt/gopath/src/github.com/hyperledger/fabric-ca/bin/ca-server
# fabric-ca-client enroll -M ./crypto-config/ordererOrganizations/example.com/msp -u http://admin1:[email protected]:7055 --home ./fabric-ca-client

2) 新增聯盟成員

# fabric-ca-client affiliation list -M ./crypto-config/ordererOrganizations/example.com/msp -u http://admin1:[email protected]:7055 --home ./fabric-ca-client
# fabric-ca-client affiliation remove --force org1 -M ./crypto-config/ordererOrganizations/example.com/msp -u http://admin1:[email protected]:7055 --home ./fabric-ca-client
# fabric-ca-client affiliation remove --force org2 -M ./crypto-config/ordererOrganizations/example.com/msp -u http://admin1:[email protected]:7055 --home ./fabric-ca-client
# fabric-ca-client affiliation add com -M ./crypto-config/ordererOrganizations/example.com/msp -u http://admin1:[email protected]:7055 --home ./fabric-ca-client
# fabric-ca-client affiliation add com.example -M ./crypto-config/ordererOrganizations/example.com/msp -u http://admin1:[email protected]t:7055 --home ./fabric-ca-client

2. 生成[email protected]的msp1) 註冊[email protected]

# fabric-ca-client register --id.name [email protected] --id.type client --id.affiliation "com.example" --id.attrs '"hf.Registrar.Roles=client,orderer,peer,user","hf.Registrar.DelegateRoles=client,orderer,peer,user",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert' --id.secret=123456 --csr.cn=example.com --csr.hosts=['example.com'] -M ./crypto-config/ordererOrganizations/example.com/msp -u http://admin1:[email protected]:7055 --home ./fabric-ca-client

2) 登記[email protected]

# fabric-ca-client enroll -u http://[email protected]:[email protected]:7055 --csr.cn=example.com --csr.hosts=['example.com'] -M ./crypto-config/ordererOrganizations/example.com/users/[email protected]/msp --home ./fabric-ca-client

3) 生成msp

# mkdir ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/admincerts
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/admincerts
# mkdir ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/msp/admincerts
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/msp/admincerts

3. 生成orderer0.example.com的msp和tls1) 註冊orderer0.example.com

# fabric-ca-client register --id.name orderer0.example.com --id.type orderer --id.affiliation "com.example" --id.attrs '"role=orderer",ecert=true' --id.secret=123456 --csr.cn=orderer0.example.com --csr.hosts=['orderer0.example.com'] -M ./crypto-config/ordererOrganizations/example.com/msp -u http://admin1:[email protected]:7055 --home ./fabric-ca-client

2) 登記orderer0.example.com

# fabric-ca-client enroll -u http://orderer0.example.com:[email protected]:7055 --csr.cn=orderer0.example.com --csr.hosts=['orderer0.example.com'] -M ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp --home ./fabric-ca-client

3) 生成msp

# mkdir ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/admincerts
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/admincerts

4. 生成orderer1.example.com的msp1) 註冊orderer1.example.com

# fabric-ca-client register --id.name orderer1.example.com --id.type orderer --id.affiliation "com.example" --id.attrs '"role=orderer",ecert=true' --id.secret=123456 --csr.cn=orderer1.example.com --csr.hosts=['orderer1.example.com'] -M ./crypto-config/ordererOrganizations/example.com/msp -u http://admin1:[email protected]:7055 --home ./fabric-ca-client

2) 登記orderer1.example.com

# fabric-ca-client enroll -u http://orderer1.example.com:[email protected]:7055 --csr.cn=orderer1.example.com --csr.hosts=['orderer1.example.com'] -M ./crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp --home ./fabric-ca-client

3) 生成msp

# mkdir ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/admincerts
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/admincerts

5. 生成orderer2.example.com的msp1) 註冊orderer2.example.com

# fabric-ca-client register --id.name orderer2.example.com --id.type orderer --id.affiliation "com.example" --id.attrs '"role=orderer",ecert=true' --id.secret=123456 --csr.cn=orderer2.example.com --csr.hosts=['orderer2.example.com'] -M ./crypto-config/ordererOrganizations/example.com/msp -u http://admin1:[email protected]:7055 --home ./fabric-ca-client

2) 登記orderer2.example.com

# fabric-ca-client enroll -u http://orderer2.example.com:[email protected]:7055 --csr.cn=orderer2.example.com --csr.hosts=['orderer2.example.com'] -M ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp --home ./fabric-ca-client

3) 生成msp

# mkdir ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/admincerts
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/admincerts

(三) IntermediaCAtls1生成證書1. 生成example.com的msp1) 登記example.com

# cd /opt/gopath/src/github.com/hyperledger/fabric-ca/bin/ca-server
# fabric-ca-client enroll -M ./crypto-config/ordererOrganizations/example.com/tls -u http://admin1:[email protected]:8055 --home ./fabric-ca-client

2) 新增聯盟成員

# fabric-ca-client affiliation list -M ./crypto-config/ordererOrganizations/example.com/tls -u http://admin1:[email protected]:8055 --home ./fabric-ca-client
# fabric-ca-client affiliation remove --force org1 -M ./crypto-config/ordererOrganizations/example.com/tls -u http://admin1:[email protected]:8055 --home ./fabric-ca-client
# fabric-ca-client affiliation remove --force org2 -M ./crypto-config/ordererOrganizations/example.com/tls -u http://admin1:[email protected]:8055 --home ./fabric-ca-client
# fabric-ca-client affiliation add com -M ./crypto-config/ordererOrganizations/example.com/tls -u http://admin1:[email protected]:8055 --home ./fabric-ca-client
# fabric-ca-client affiliation add com.example -M ./crypto-config/ordererOrganizations/example.com/tls -u http://admin1:[email protected]:8055 --home ./fabric-ca-client

2. 生成[email protected]的tls1) 註冊[email protected]

# fabric-ca-client register --id.name [email protected] --id.type client --id.affiliation "com.example" --id.attrs '"hf.Registrar.Roles=client,orderer,peer,user","hf.Registrar.DelegateRoles=client,orderer,peer,user",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert' --id.secret=123456 --csr.cn=example.com --csr.hosts=['example.com'] -M ./crypto-config/ordererOrganizations/example.com/tls -u http://admin1:[email protected]:8055 --home ./fabric-ca-client

2) 登記[email protected]

# fabric-ca-client enroll -d --enrollment.profile tls -u http://[email protected]:[email protected]:8055 --csr.cn=example.com --csr.hosts=['example.com'] -M ./crypto-config/ordererOrganizations/example.com/users/[email protected]/tls --home ./fabric-ca-client

3) 生成tls

# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/tls/tlsintermediatecerts/tls-localhost-8055.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/tls/ca.crt
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/tls/signcerts/cert.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/tls/client.crt
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/tls/keystore/xxxxxxx_sk ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/users/[email protected]/tls/client.key

3. 生成orderer0.example.com的msp和tls1) 註冊orderer0.example.com

# fabric-ca-client register --id.name orderer0.example.com --id.type orderer --id.affiliation "com.example" --id.attrs '"role=orderer",ecert=true' --id.secret=123456 --csr.cn=orderer0.example.com --csr.hosts=['orderer0.example.com'] -M ./crypto-config/ordererOrganizations/example.com/tls -u http://admin1:[email protected]:8055 --home ./fabric-ca-client

2) 登記orderer0.example.com

# fabric-ca-client enroll -d --enrollment.profile tls -u http://orderer0.example.com:[email protected]:8055 --csr.cn=orderer0.example.com --csr.hosts=['orderer0.example.com'] -M ./crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls --home ./fabric-ca-client

3) 生成tls

# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/tlsintermediatecerts/tls-localhost-8055.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/signcerts/cert.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/keystore/xxxxxxx_sk ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.key

4. 生成orderer1.example.com的msp1) 註冊orderer1.example.com

# fabric-ca-client register --id.name orderer1.example.com --id.type orderer --id.affiliation "com.example" --id.attrs '"role=orderer",ecert=true' --id.secret=123456 --csr.cn=orderer1.example.com --csr.hosts=['orderer1.example.com'] -M ./crypto-config/ordererOrganizations/example.com/tls -u http://admin1:[email protected]:8055 --home ./fabric-ca-client

2) 登記orderer1.example.com

# fabric-ca-client enroll -d --enrollment.profile tls -u http://orderer1.example.com:[email protected]:8055 --csr.cn=orderer1.example.com --csr.hosts=['orderer1.example.com'] -M ./crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls --home ./fabric-ca-client

3) 生成tls

# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/tlsintermediatecerts/tls-localhost-8055.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/ca.crt
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/cert.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/keystore/xxxxxxx_sk ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.key

5. 生成orderer2.example.com的msp1) 註冊orderer2.example.com

# fabric-ca-client register --id.name orderer2.example.com --id.type orderer --id.affiliation "com.example" --id.attrs '"role=orderer",ecert=true' --id.secret=123456 --csr.cn=orderer2.example.com --csr.hosts=['orderer2.example.com'] -M ./crypto-config/ordererOrganizations/example.com/tls -u http://admin1:[email protected]:8055 --home ./fabric-ca-client

2) 登記orderer2.example.com

# fabric-ca-client enroll -d --enrollment.profile tls -u http://orderer2.example.com:[email protected]:8055 --csr.cn=orderer2.example.com --csr.hosts=['orderer2.example.com'] -M ./crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls --home ./fabric-ca-client

3) 生成tls

# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/tlsintermediatecerts/tls-localhost-8055.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/ca.crt
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/signcerts/cert.pem ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
# cp ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/keystore/xxxxxxx_sk ./fabric-ca-client/crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key

(四) IntermediaCA2生成證書1. 生成org1.example.com的msp1) 登記org1.example.com

# fabric-ca-client enroll --csr.cn=org1.example.com --csr.hosts=['org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/msp -u http://admin2:[email protected]:7056 --home ./fabric-ca-client

2) 新增聯盟成員

# fabric-ca-client affiliation list -M ./crypto-config/peerOrganizations/org1.example.com/msp -u http://admin2:[email protected]:7056 --home ./fabric-ca-client
# fabric-ca-client affiliation remove --force org1 -M ./crypto-config/peerOrganizations/org1.example.com/msp -u http://admin2:[email protected]:7056 --home ./fabric-ca-client
# fabric-ca-client affiliation remove --force org2 -M ./crypto-config/peerOrganizations/org1.example.com/msp -u http://admin2:[email protected]:7056 --home ./fabric-ca-client
# fabric-ca-client affiliation add com -M ./crypto-config/peerOrganizations/org1.example.com/msp -u http://admin2:[email protected]:7056 --home ./fabric-ca-client
# fabric-ca-client affiliation add com.example -M ./crypto-config/peerOrganizations/org1.example.com/msp -u http://admin2:[email protected]:7056 --home ./fabric-ca-client
# fabric-ca-client affiliation add com.example.org1 -M ./crypto-config/peerOrganizations/org1.example.com/msp -u http://admin2:[email protected]:7056 --home ./fabric-ca-client

2. 生成[email protected]的msp1) 註冊[email protected]

# fabric-ca-client register --id.name [email protected] --id.type client --id.affiliation "com.example.org1" --id.attrs '"hf.Registrar.Roles=client,orderer,peer,user","hf.Registrar.DelegateRoles=client,orderer,peer,user",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert' --id.secret=123456 --csr.cn=org1.example.com --csr.hosts=['org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/msp -u http://admin2:[email protected]:7056 --home ./fabric-ca-client

2) 登記[email protected]

# fabric-ca-client enroll -u http://[email protected]:[email protected]:7056 --csr.cn=org1.example.com --csr.hosts=['org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp --home ./fabric-ca-client

3) 生成msp

# mkdir ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/admincerts
# cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/admincerts
# mkdir ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/msp/admincerts
# cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/msp/admincerts

3. 生成peer0.org1.example.com的msp1) 註冊peer0.org1.example.com

# fabric-ca-client register --id.name peer0.org1.example.com --id.type peer --id.affiliation "com.example.org1" --id.attrs '"role=peer",ecert=true' --id.secret=123456 --csr.cn=peer0.org1.example.com --csr.hosts=['peer0.org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/msp -u http://admin2:[email protected]:7056 --home ./fabric-ca-client

2) 登記peer0.org1.example.com

# fabric-ca-client enroll -u http://peer0.org1.example.com:[email protected]:7056 --csr.cn=peer0.org1.example.com --csr.hosts=['peer0.org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp --home ./fabric-ca-client

3) 生成msp

# mkdir ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/admincerts
# cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/admincerts

4. 生成peer1.org1.example.com的msp1) 註冊peer1.org1.example.com

# fabric-ca-client register --id.name peer1.org1.example.com --id.type peer --id.affiliation "com.example.org1" --id.attrs '"role=peer",ecert=true' --id.secret=123456 --csr.cn=peer1.org1.example.com --csr.hosts=['peer1.org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/msp -u http://admin2:[email protected]:7056 --home ./fabric-ca-client

2) 登記peer1.org1.example.com

# fabric-ca-client enroll -u http://peer1.org1.example.com:[email protected]:7056 --csr.cn=peer1.org1.example.com --csr.hosts=['peer1.org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp --home ./fabric-ca-client

3) 生成msp

# mkdir ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/admincerts
# cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/admincerts

(五) IntermediaCAtls2生成證書1. 生成org1.example.com的msp1) 登記org1.example.com

# fabric-ca-client enroll --csr.cn=org1.example.com --csr.hosts=['org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/tls -u http://admin2:[email protected]:8056 --home ./fabric-ca-client

2) 新增聯盟成員

# fabric-ca-client affiliation list -M ./crypto-config/peerOrganizations/org1.example.com/tls -u http://admin2:[email protected]:8056 --home ./fabric-ca-client
# fabric-ca-client affiliation remove --force org1 -M ./crypto-config/peerOrganizations/org1.example.com/tls -u http://admin2:[email protected]:8056 --home ./fabric-ca-client
# fabric-ca-client affiliation remove --force org2 -M ./crypto-config/peerOrganizations/org1.example.com/tls -u http://admin2:[email protected]:8056 --home ./fabric-ca-client
# fabric-ca-client affiliation add com -M ./crypto-config/peerOrganizations/org1.example.com/tls -u http://admin2:[email protected]:8056 --home ./fabric-ca-client
# fabric-ca-client affiliation add com.example -M ./crypto-config/peerOrganizations/org1.example.com/tls -u http://admin2:[email protected]:8056 --home ./fabric-ca-client
# fabric-ca-client affiliation add com.example.org1 -M ./crypto-config/peerOrganizations/org1.example.com/tls -u http://admin2:[email protected]:8056 --home ./fabric-ca-client

2. 生成[email protected]的msp1) 註冊[email protected]

# fabric-ca-client register --id.name [email protected] --id.type client --id.affiliation "com.example.org1" --id.attrs '"hf.Registrar.Roles=client,orderer,peer,user","hf.Registrar.DelegateRoles=client,orderer,peer,user",hf.Registrar.Attributes=*,hf.GenCRL=true,hf.Revoker=true,hf.AffiliationMgr=true,hf.IntermediateCA=true,role=admin:ecert' --id.secret=123456 --csr.cn=org1.example.com --csr.hosts=['org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/tls -u http://admin2:[email protected]:8056 --home ./fabric-ca-client

2) 登記[email protected]

# fabric-ca-client enroll -d --enrollment.profile tls -u http://[email protected]:[email protected]:8056 --csr.cn=org1.example.com --csr.hosts=['org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/users/[email protected]/tls --home ./fabric-ca-client

3) 生成tls

# cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/tls/tlsintermediatecerts/tls-localhost-8056.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/tls/ca.crt
# cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/tls/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/tls/client.crt
# cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/tls/keystore/xxxxxxx_sk ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/users/[email protected]/tls/client.key

3. 生成peer0.org1.example.com的msp1) 註冊peer0.org1.example.com

# fabric-ca-client register --id.name peer0.org1.example.com --id.type peer --id.affiliation "com.example.org1" --id.attrs '"role=peer",ecert=true' --id.secret=123456 --csr.cn=peer0.org1.example.com --csr.hosts=['peer0.org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/tls -u http://admin2:[email protected]:8056 --home ./fabric-ca-client

2) 登記peer0.org1.example.com

# fabric-ca-client enroll -d --enrollment.profile tls -u http://peer0.org1.example.com:[email protected]:8056 --csr.cn=peer0.org1.example.com --csr.hosts=['peer0.org1.example.com'] -M ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls --home ./fabric-ca-client

3) 生成tls

# cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlsintermediatecerts/tls-localhost-8056.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
# cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/cert.pem ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
# cp ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/xxxxxxx_sk ./fabric-ca-client/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key

4. 生成peer1.org1.example.com的tls1) 註冊peer1.org1.example.com

# fabric-ca-client register --id.name peer1.org1.example.com --id.type peer --id.affiliation " 
 

            
  

           

              
              

            

            
相關推薦

			   
            
            
            
 

    


    
    
HyperLedger Fabric 1.2 生產環境使用ca生成msptls12

     
 
       在上一章:Fabric kafka生產環境部署的基礎上部署Fabric CA,使用Fabric CA進行生成公私鑰和證書等檔案,全部替換cryptogen工具,包括生成TLS相關的私鑰和證書等檔案。       Fabric kafka生產環境部署有三個組織,分別為orderer(排序)組織和 



  
 

    


    
    
轉載簡書沙漠中的猴Hyperledger Fabric 1.2系列:1. 環境準備

     
  
 
 問題:mac Mojave系統,之前按照官網教程https://hyperledger-fabric.readthedocs.io/en/latest/build_network.html 
 搭建過fabric網路一次,sucess。後面估計是刪除了東西,導致網路啟動不了。 
 出現問題可能原因: 



  
 

    


    
    
區塊鏈Hyperledger Fabric 1.2環境搭建:1. 開發環境的比較

     
 
							
							
							Hyperledger Fabric三種開發環境的介紹

1.  Hyperledger Fabric本地開發環境



缺點: 
MacOS, Windows,Ubuntu安裝方法不同, 需要手動安裝, 版本容易衝突,安裝時間較長,對初級程式設計師來說存在一定 



  
 

    


    
    
HyperLedger Fabric 1.2 Solo模式簡介10.1

     
 ive   高可用   測試環境   成功   nbsp   高可用性   連接   spa   進行          Solo模式指單節點通信模式,該環境中只有一個排序(orderer)服務,從節點(peer)發送來的消息由一個orderer進行排序和產生區塊;由於排序(orderer)服務只有一個ord 



  
 

    


    
    
HyperLedger Fabric 1.2 單機單節點部署10.2

     
 point   having   itl   img   chm   same   value   lock   eat          單機單節點指在一臺電腦上部署一個排序(Orderer)服務、一個組織(Org1),一個節點(Peer,屬於Org1),然後運行官方案例中的example02智能合約例子, 



  
 

    


    
    
hyperledger fabric-1.2 demo部署除錯

     
  
  
  
 最近工作相對輕鬆,玩了一下區塊鏈,儘管幣圈讓人很受傷,但依然不改學習區塊鏈的熱情,這幾天在鋸超級賬本,按照文件部署了第一個demo.這裡做一個記錄. 
 說實話,走了很多彎路,主要原因是版本適配的問題,hyperledger還是屬於比較新的技術,這就意味著它本身以及demo的迭代速度快,如果 



  
 

    


    
    
超級記賬本:快速搭建一個Hyperledger Fabric 1.0的環境 親測有效

     
 

下面開始我們的環境搭建工作:
1. 使用VirtualBox並在其中安裝好Ubuntu

這一步其實沒啥好說的,下載好最新版的VirtualBox,下載Ubuntu Server,我用的是Ubuntu16.04.2 X64 Server。在安裝完Ubuntu後,需要保證apt source是國內的,不然如 



  
 

    


    
    
Hyperledger Fabric 1.2系列:3.啟動first-network網路,解析byfn.sh啟動指令碼

     
  
 
 簡介 
 在啟動網路之前,確保你已經安裝了所必要的依賴。如果沒有安裝,請參考之前的兩篇內容。 
 啟動網路 
 進入fabric-samples/first-network資料夾內,執行byfn.sh指令碼 
 cd fabric-samples/first-network
./byfn.sh
 
 



  
 

    


    
    
Hyperledger Fabric 1.2系列:byfn.sh啟動指令碼

     
  
 
 簡介 
 這篇內容是為了配合Hyperledger Fabric 1.2系列 第三篇內容而copy下來的。 
 指令碼內容 
 #!/bin/bash
#
# Copyright IBM Corp All Rights Reserved
#
# SPDX-License-Identifier: Ap 



  
 

    


    
    
Hyperledger Fabric 1.2系列:2.下載二進位制、Docker 映象及解析官方提供的下載指令碼

     
  
 
 轉簡書-沙漠中的猴 
 簡介 
 該小結會介紹 
 
  官方指令碼 
  下載fabric-samples程式碼 
  下載二進位制檔案 
  下載Docker映象 
  將二進位制檔案新增進PATH路徑 
 
 下載fabric-samples程式碼 
 選擇一個存放程式碼的目錄。我將程式碼放在 



  
 

    


    
    
生產環境項目問題記錄系列:同步方法調用異步方法

     
 多少   api接口   調用   能說   訪問   記錄   服務化   fig   難了   描述一下問題背景,公司部分項目還在使用老三層框架,存在跨庫join的情況,在服務化的改造過程中,這些跨庫join的老三層從都要被換成對應的服務接口。
目前有個項目通過sql訪問了C端產品組的三張表,並且時跨庫j 



  
 

    


    
    
第十二週實驗指導--任務2--分別定義Teacher(教師)類Cadre幹部類,採用多重繼承方式由這兩個類派生出新類Teacher_Cadre教師兼幹部

     
 
                


/* (程式頭部註釋開始)
* 程式的版權和版本宣告部分
* Copyright (c) 2011, 煙臺大學計算機學院學生 
* All rights reserved.
* 檔名稱:分別定義Teacher(教師)類和Cadre(幹部)類,採用多重繼承方式由這兩個類派 



  
 

    


    
    
第十二週實驗指導--任務2--分別定義Teacher(教師)類Cadre幹部類,採用多重繼承方式由這兩個類派生出新類Teacher_Cadre教師兼幹部...

     
 
                

/* (程式頭部註釋開始)
* 程式的版權和版本宣告部分
* Copyright (c) 2011, 煙臺大學計算機學院學生
* All rights reserved.
* 檔名稱:分別定義Teacher(教師)類和Cadre(幹部)類,採用多重繼承方式由這兩個類派生出 



  
 

    


    
    
Hyperledger Fabric 1.0 從零開始——公網環境構建

     
 1.3   項目   htm   move   自己   lvm2   fast   情況   tor   1:環境構建
在本文中用到的宿主機環境是Centos ,版本為Centos.x86_647.2,通過Docker 容器來運行Fabric的節點,版本為v1.0。因此,啟動Fabric網絡中的節點需要先安 



  
 

    


    
    
ChainDesk第1Hyperledger Fabric的認知與環境搭建-邁出第一步

     
  
 
   
   
 作者:ChainDesk韓小東,ChainDesk區塊鏈行業分析師, ChainDesk區塊鏈工程師 
 ChainDesk官網:http://www.chaindesk.cn/?20181211xinlangmeiti 
 本篇文章閱讀時間:2.3分鐘 



  
 

    


    
    
HyperLedger Fabric 實戰》—— 十七、升級 Fabric 1.2 —— 6、部署驗證合約

     
 
							
							
							
1、載入智慧合約(以 211 機器為例)
拷貝~/fabric/examples/chaincode/go/資料夾下的example02及marbles02兩個目錄到~/fabric/aberic/chaincode/go/目錄下。
重啟 Peer 服務。
d 



  
 

    


    
    
CentOs7 +Jexus 5.8.2部署Asp.Net Core WebApi 1.0生產環境

     
 Jexus 是一款運行於 Linux 平臺,以支援  ASP.NET、PHP 為特色的集高安全性和高效能為一體的 WEB 伺服器和反向代理伺服器。最新版 5.8.2 已經發布,有如下更新:
1,現在大部分網站已經部署HTTPS,大家對於安全越來越重視,順應潮流新增HTTPS多證書支援,每個網站都可以配置自己 



  
 

    


    
    
Hyperledger Fabric 1.0 從零開始——Fabric多節點叢集生產部署

     
 6.1、平臺特定使用的二進位制檔案配置
該方案與Hyperledger Fabric 1.0 從零開始(五)——執行測試e2e類似,根據企業需要,可以控制各節點的域名,及聯盟鏈的統一域名。可以指定單獨節點的訪問,生成指定的公私鑰、證書等檔案。具體的引數配置可以參考generateArtifacts.sh檔案, 



  
 

    


    
    
ubuntu18.04搭建Hyperledger-fabric 1.1.0開發環境

     
 
							
							
							Hyperledger-fabric 1.1.0更新已經兩三個月了,ubuntu18.04也更新了快一個月了。今天在ubuntu18. 04上進行了Hyperledger-fabric 1.1.0的環境搭建,現在把過程記錄下來。



Go語言環境

下載Go環 



  
 

    


    
    
Hyperledger Fabric 1.0 實戰開發系列 第二課 Fabric環境搭建

     
 
								
								            
						
                
一.安裝GO語言
下載最新版的go
開啟Terminal,輸入命令(以下命令都是以root管理員的角色進行的)
su
輸入密碼:*****
wget https://storage.googleapi