Hyperledger fabric non sorting organization starts multiple orderer services with raft protocol, and TLS organization runs and maintains orderer services

Time:2022-5-11

preface

In the experiment, hyperledger fabric non sorting organization starts multiple orderer services with raft protocol and multiple organizations jointly run and maintain orderer services, we have completed the operation and maintenance of orderer services by ordinary organizations, but finally found that the security of the organization may be reduced because the organization running sorting services needs more open access policies, Therefore, this experiment will try to use the Council organization that provides tls-ca service to run and maintain the three orderer nodes of raft protocol. Based on the previous experiments, this paper will start a fabric without order organization, in which the Council organization provides sorting services, and the other three organizations maintain their respective peer nodes. Finally, the running chain code is successfully deployed on it.

Work preparation

Paper work

Start the hyperledger fabric network in an unordered way, including four organizations – Council, soft, web and hard. Council provides tls-ca services for the network and runs and maintains three orderer services; Every other organization runs and maintains a peer node. The network structure is (the experimental code has been uploaded to: https://github.com/wefantasy/FabricLearn of4-2_RunOrdererByCouncilBelow):

term Run port explain
council.ifantasy.net 7050 The CA service of Council organization provides tls-ca service for alliance chain network
orderer1.council.ifantasy.net 7051 Orderer1 service of Council Organization
orderer1.council.ifantasy.net 7052 Admin service of orderer1 service of Council Organization
orderer2.council.ifantasy.net 7054 Orderer2 service of Council Organization
orderer2.council.ifantasy.net 7055 Admin service of orderer2 service of Council Organization
orderer3.council.ifantasy.net 7057 Orderr3 service of Council Organization
orderer3.council.ifantasy.net 7058 Admin service of orderer3 service of Council Organization
soft.ifantasy.net 7250 CA service of soft organization, including members: peer1 and admin1
peer1.soft.ifantasy.net 7251 Peer1 member node of soft organization
web.ifantasy.net 7350 CA service of Web Organization, including members: peer1, admin1
peer1.web.ifantasy.net 7351 Peer1 member node of Web Organization
hard.ifantasy.net 7450 The CA service of hard organization includes members: peer1 and admin1
peer1.hard.ifantasy.net 7451 Peer1 member node of hard organization

Experimental preparation

The network structure of this paper directly uses the non sorting organization of hyperledger fabric to start multiple orderer services with raft protocol, and multiple organizations jointly run and maintain the order service4-1_RunOrdererByOneselfCopy as4-2_RunOrdererByCouncilAnd modify (it is recommended to directly transfer the information under fabriclearn in the case warehouse)4-2_RunOrdererByCouncilCopy the directory to the local operation), most of the commands in this article have been introduced in the network engineering practice of hyperledger fabric customized alliance chain, so they will not be described in detail. By default, all commands are in the4-2_RunOrdererByCouncilExecute under the root directory, and start the basic experiment network according to the following command before starting the subsequent experiment:

  1. Set DNS (if not set):./setDNS.sh
  2. Set environment variables:source envpeer1soft
  3. Start CA network:./0_Restart.sh

The initial docker network of this experiment is:
Hyperledger fabric non sorting organization starts multiple orderer services with raft protocol, and TLS organization runs and maintains orderer services

Experimental steps

configuration file

  1. Modify profilecompose/docker-compose.yaml, change the organization of all orderers to Council:

      orderer1.council.ifantasy.net:
     container_name: orderer1.council.ifantasy.net
     extends:
       file: docker-base.yaml
       service: orderer-base
     environment:
       - ORDERER_HOST=orderer1.council.ifantasy.net
       - ORDERER_GENERAL_LOCALMSPID=councilMSP
       - ORDERER_GENERAL_LISTENPORT=7051
     volumes:
       - ${LOCAL_CA_PATH}/council.ifantasy.net/registers/orderer1:${DOCKER_CA_PATH}/orderer
     ports:
       - 7051:7051
       - 7052:8888
       - 7053:9999
    
      orderer2.council.ifantasy.net:
     container_name: orderer2.council.ifantasy.net
     extends:
       file: docker-base.yaml
       service: orderer-base
     environment:
       - ORDERER_HOST=orderer2.council.ifantasy.net
       - ORDERER_GENERAL_LOCALMSPID=councilMSP
       - ORDERER_GENERAL_LISTENPORT=7054
     volumes:
       - ${LOCAL_CA_PATH}/council.ifantasy.net/registers/orderer2:${DOCKER_CA_PATH}/orderer
     ports:
       - 7054:7054
       - 7055:8888
       - 7056:9999
       
      orderer3.council.ifantasy.net:
     container_name: orderer3.council.ifantasy.net
     extends:
       file: docker-base.yaml
       service: orderer-base
     environment:
       - ORDERER_HOST=orderer3.council.ifantasy.net
       - ORDERER_GENERAL_LOCALMSPID=councilMSP
       - ORDERER_GENERAL_LISTENPORT=7057
     volumes:
       - ${LOCAL_CA_PATH}/council.ifantasy.net/registers/orderer3:${DOCKER_CA_PATH}/orderer
     ports:
       - 7057:7057
       - 7058:8888
       - 7059:9999
  2. Modify profileconfig/configtx.yaml, the source file is too long and will not be pasted here. The main modifications are as follows:

    • Will allOrdererEndpointsMove related configuration tocouncilMSPBelow:
      Hyperledger fabric non sorting organization starts multiple orderer services with raft protocol, and TLS organization runs and maintains orderer services
    • to updateOrdererSort service address in:
      Hyperledger fabric non sorting organization starts multiple orderer services with raft protocol, and TLS organization runs and maintains orderer services
    • modifyProfilesThe contents are as follows:

      Profiles:
        #Orgschannel is used to generate channel configuration information. The name can be arbitrary
        #It needs to include consortium and application.
        OrgsChannel:
            Consortium: the name of the Federation associated with the sampleconsortium # channel
            <<: *ChannelDefaults
            Orderer:
                <<: *OrdererDefaults
                Organizations:
                    - *councilMSP
                Capabilities: *OrdererCapabilities
            Application:
                <<: *ApplicationDefaults
                Organizations:
                    - *softMSP
                    - *webMSP
                    - *hardMSP
                Capabilities:
                    <<: *ApplicationCapabilities

Registered user

Run directly under the root directory1_RegisterUser.shYou can complete the registration of users required for this experiment.

  1. Council user registration:

    echo "Working on council"
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/council.ifantasy.net/ca/admin
    fabric-ca-client enroll -d -u https://ca-admin:[email protected]:7050
    fabric-ca-client register -d --id.name admin1 --id.secret admin1 --id.type admin -u https://council.ifantasy.net:7050
    fabric-ca-client register -d --id.name orderer1 --id.secret orderer1 --id.type orderer -u https://council.ifantasy.net:7050
    fabric-ca-client register -d --id.name orderer2 --id.secret orderer2 --id.type orderer -u https://council.ifantasy.net:7050
    fabric-ca-client register -d --id.name orderer3 --id.secret orderer3 --id.type orderer -u https://council.ifantasy.net:7050
    fabric-ca-client register -d --id.name peer1soft --id.secret peer1soft --id.type peer -u https://council.ifantasy.net:7050
    fabric-ca-client register -d --id.name peer1web --id.secret peer1web --id.type peer -u https://council.ifantasy.net:7050
    fabric-ca-client register -d --id.name peer1hard --id.secret peer1hard --id.type peer -u https://council.ifantasy.net:7050
  2. Soft user registration:

    echo "Working on soft"
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/soft.ifantasy.net/ca/crypto/ca-cert.pem
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/soft.ifantasy.net/ca/admin
    fabric-ca-client enroll -d -u https://ca-admin:[email protected]:7250
    fabric-ca-client register -d --id.name peer1 --id.secret peer1 --id.type peer -u https://soft.ifantasy.net:7250
    fabric-ca-client register -d --id.name admin1 --id.secret admin1 --id.type admin -u https://soft.ifantasy.net:7250
  3. Web user registration:

    echo "Working on web"
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/web.ifantasy.net/ca/crypto/ca-cert.pem
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/web.ifantasy.net/ca/admin
    fabric-ca-client enroll -d -u https://ca-admin:[email protected]:7350
    fabric-ca-client register -d --id.name peer1 --id.secret peer1 --id.type peer -u https://web.ifantasy.net:7350
    fabric-ca-client register -d --id.name admin1 --id.secret admin1 --id.type admin -u https://web.ifantasy.net:7350
  4. Hard user registration:

    echo "Working on hard"
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/ca/crypto/ca-cert.pem
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/hard.ifantasy.net/ca/admin
    fabric-ca-client enroll -d -u https://ca-admin:[email protected]:7450
    fabric-ca-client register -d --id.name peer1 --id.secret peer1 --id.type peer -u https://hard.ifantasy.net:7450
    fabric-ca-client register -d --id.name admin1 --id.secret admin1 --id.type admin -u https://hard.ifantasy.net:7450

Organization certificate construction

Run directly under the root directory2_EnrollUser.shYou can complete the construction of the certificate required for this experiment.

  1. Organization asset preprocessing:

    echo "Preparation============================="
    mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/assets
    cp $LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pem
    cp $LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/council.ifantasy.net/assets/tls-ca-cert.pem
    
    mkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/assets
    cp $LOCAL_CA_PATH/soft.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/assets/ca-cert.pem
    cp $LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/assets/tls-ca-cert.pem
    
    mkdir -p $LOCAL_CA_PATH/web.ifantasy.net/assets 
    cp $LOCAL_CA_PATH/web.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/web.ifantasy.net/assets/ca-cert.pem
    cp $LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/web.ifantasy.net/assets/tls-ca-cert.pem
    
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/assets
    cp $LOCAL_CA_PATH/hard.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pem
    cp $LOCAL_CA_PATH/council.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/assets/tls-ca-cert.pem
    echo "Preparation end=========================="
  2. Council certificate Construction:

    echo "Start Council============================="
    echo "Enroll Admin"
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/council.ifantasy.net/registers/admin1
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://admin1:[email protected]:7050
    #Admin / MSP will be used when joining the channel, and there must be admincers under it
    mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/admincerts
    cp $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/admincerts/cert.pem
    
    echo "Enroll Orderer1"
    # for identity
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://orderer1:[email protected]:7050
    mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/msp/admincerts
    cp $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/msp/admincerts/cert.pem
    # for TLS
    export FABRIC_CA_CLIENT_MSPDIR=tls-msp
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/tls-ca-cert.pem
    fabric-ca-client enroll -d -u https://orderer1:[email protected]:7050 --enrollment.profile tls --csr.hosts orderer1.council.ifantasy.net
    cp $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/tls-msp/keystore/*_sk $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/tls-msp/keystore/key.pem
    
    echo "Enroll Orderer2"
    # for identity
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://orderer2:[email protected]:7050
    mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/msp/admincerts
    cp $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/msp/admincerts/cert.pem
    # for TLS
    export FABRIC_CA_CLIENT_MSPDIR=tls-msp
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/tls-ca-cert.pem
    fabric-ca-client enroll -d -u https://orderer2:[email protected]:7050 --enrollment.profile tls --csr.hosts orderer2.council.ifantasy.net
    cp $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/tls-msp/keystore/*_sk $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/tls-msp/keystore/key.pem
    
    echo "Enroll Orderer3"
    # for identity
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://orderer3:[email protected]:7050
    mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/msp/admincerts
    cp $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/msp/admincerts/cert.pem
    # for TLS
    export FABRIC_CA_CLIENT_MSPDIR=tls-msp
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/council.ifantasy.net/assets/tls-ca-cert.pem
    fabric-ca-client enroll -d -u https://orderer3:[email protected]:7050 --enrollment.profile tls --csr.hosts orderer3.council.ifantasy.net
    cp $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/tls-msp/keystore/*_sk $LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/tls-msp/keystore/key.pem
    
    mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/msp/admincerts
    mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/msp/cacerts
    mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/msp/tlscacerts
    mkdir -p $LOCAL_CA_PATH/council.ifantasy.net/msp/users
    cp $LOCAL_CA_PATH/council.ifantasy.net/assets/ca-cert.pem $LOCAL_CA_PATH/council.ifantasy.net/msp/cacerts/
    cp $LOCAL_CA_PATH/council.ifantasy.net/assets/tls-ca-cert.pem $LOCAL_CA_PATH/council.ifantasy.net/msp/tlscacerts/
    cp $LOCAL_CA_PATH/council.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/council.ifantasy.net/msp/admincerts/cert.pem
    cp $LOCAL_ROOT_PATH/config/config-msp.yaml $LOCAL_CA_PATH/council.ifantasy.net/msp/config.yaml
    echo "End council============================="
  3. Soft certificate Construction:

    echo "Start Soft============================="
    echo "Enroll Admin"
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/soft.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://admin1:[email protected]:7250
    mkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1/msp/admincerts
    cp $LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1/msp/admincerts/cert.pem
    
    echo "Enroll Peer1"
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/soft.ifantasy.net/registers/peer1
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/soft.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://peer1:[email protected]:7250
    # for TLS
    export FABRIC_CA_CLIENT_MSPDIR=tls-msp
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/soft.ifantasy.net/assets/tls-ca-cert.pem
    fabric-ca-client enroll -d -u https://peer1soft:[email protected]:7050 --enrollment.profile tls --csr.hosts peer1.soft.ifantasy.net
    cp $LOCAL_CA_PATH/soft.ifantasy.net/registers/peer1/tls-msp/keystore/*_sk $LOCAL_CA_PATH/soft.ifantasy.net/registers/peer1/tls-msp/keystore/key.pem
    mkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/registers/peer1/msp/admincerts
    cp $LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/registers/peer1/msp/admincerts/cert.pem
    
    mkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/msp/admincerts
    mkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/msp/cacerts
    mkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/msp/tlscacerts
    mkdir -p $LOCAL_CA_PATH/soft.ifantasy.net/msp/users
    cp $LOCAL_CA_PATH/soft.ifantasy.net/assets/ca-cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/msp/cacerts/
    cp $LOCAL_CA_PATH/soft.ifantasy.net/assets/tls-ca-cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/msp/tlscacerts/
    cp $LOCAL_CA_PATH/soft.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/soft.ifantasy.net/msp/admincerts/cert.pem
    cp $LOCAL_ROOT_PATH/config/config-msp.yaml $LOCAL_CA_PATH/soft.ifantasy.net/msp/config.yaml
    echo "End Soft============================="
    
  4. Web certificate building:

    echo "Start Web============================="
    echo "Enroll Admin"
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/web.ifantasy.net/registers/admin1
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/web.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://admin1:[email protected]:7350
    mkdir -p $LOCAL_CA_PATH/web.ifantasy.net/registers/admin1/msp/admincerts
    cp $LOCAL_CA_PATH/web.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/web.ifantasy.net/registers/admin1/msp/admincerts/cert.pem
    
    echo "Enroll Peer1"
    # for identity
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/web.ifantasy.net/registers/peer1
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/web.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://peer1:[email protected]:7350
    # for TLS
    export FABRIC_CA_CLIENT_MSPDIR=tls-msp
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/web.ifantasy.net/assets/tls-ca-cert.pem
    fabric-ca-client enroll -d -u https://peer1web:[email protected]:7050 --enrollment.profile tls --csr.hosts peer1.web.ifantasy.net
    cp $LOCAL_CA_PATH/web.ifantasy.net/registers/peer1/tls-msp/keystore/*_sk $LOCAL_CA_PATH/web.ifantasy.net/registers/peer1/tls-msp/keystore/key.pem
    mkdir -p $LOCAL_CA_PATH/web.ifantasy.net/registers/peer1/msp/admincerts
    cp $LOCAL_CA_PATH/web.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/web.ifantasy.net/registers/peer1/msp/admincerts/cert.pem
    
    mkdir -p $LOCAL_CA_PATH/web.ifantasy.net/msp/admincerts
    mkdir -p $LOCAL_CA_PATH/web.ifantasy.net/msp/cacerts
    mkdir -p $LOCAL_CA_PATH/web.ifantasy.net/msp/tlscacerts
    mkdir -p $LOCAL_CA_PATH/web.ifantasy.net/msp/users
    cp $LOCAL_CA_PATH/web.ifantasy.net/assets/ca-cert.pem $LOCAL_CA_PATH/web.ifantasy.net/msp/cacerts/
    cp $LOCAL_CA_PATH/web.ifantasy.net/assets/tls-ca-cert.pem $LOCAL_CA_PATH/web.ifantasy.net/msp/tlscacerts/
    cp $LOCAL_CA_PATH/web.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/web.ifantasy.net/msp/admincerts/cert.pem
    cp $LOCAL_ROOT_PATH/config/config-msp.yaml $LOCAL_CA_PATH/web.ifantasy.net/msp/config.yaml
    echo "End Web============================="
  5. Hard certificate Construction:

    echo "Start Hard============================="
    echo "Enroll Admin"
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://admin1:[email protected]:7450
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/admincerts
    cp $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/admincerts/cert.pem
    
    echo "Enroll Peer1"
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://peer1:[email protected]:7450
    # for TLS
    export FABRIC_CA_CLIENT_MSPDIR=tls-msp
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/assets/tls-ca-cert.pem
    fabric-ca-client enroll -d -u https://peer1hard:[email protected]:7050 --enrollment.profile tls --csr.hosts peer1.hard.ifantasy.net
    cp $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/tls-msp/keystore/*_sk $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/tls-msp/keystore/key.pem
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/msp/admincerts
    cp $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/msp/admincerts/cert.pem
    
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/admincerts
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/cacerts
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/tlscacerts
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/users
    cp $LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/msp/cacerts/
    cp $LOCAL_CA_PATH/hard.ifantasy.net/assets/tls-ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/msp/tlscacerts/
    cp $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/msp/admincerts/cert.pem
    cp $LOCAL_ROOT_PATH/config/config-msp.yaml $LOCAL_CA_PATH/hard.ifantasy.net/msp/config.yaml
    echo "End Hard============================="

Configure channel

Run directly under the root directory3_Configtxgen.shThe channel configuration required for this experiment can be completed.

  1. Start the order and peer containers:

    docker-compose -f $LOCAL_ROOT_PATH/compose/docker-compose.yaml up -d peer1.soft.ifantasy.net peer1.web.ifantasy.net peer1.hard.ifantasy.net 
    docker-compose -f $LOCAL_ROOT_PATH/compose/docker-compose.yaml up -d orderer1.council.ifantasy.net orderer2.council.ifantasy.net orderer3.council.ifantasy.net

    At this time, all containers required for the experiment have been started:
    Hyperledger fabric non sorting organization starts multiple orderer services with raft protocol, and TLS organization runs and maintains orderer services

  2. Create Genesis block:

    configtxgen -profile OrgsChannel -outputCreateChannelTx $LOCAL_ROOT_PATH/data/testchannel.tx -channelID testchannel
    configtxgen -profile OrgsChannel -outputBlock $LOCAL_ROOT_PATH/data/testchannel.block -channelID testchannel
    
    cp $LOCAL_ROOT_PATH/data/testchannel.block $LOCAL_CA_PATH/soft.ifantasy.net/assets/
    cp $LOCAL_ROOT_PATH/data/testchannel.block $LOCAL_CA_PATH/web.ifantasy.net/assets/
    cp $LOCAL_ROOT_PATH/data/testchannel.block $LOCAL_CA_PATH/hard.ifantasy.net/assets/
  3. Add three ordererstestchannelChannel:

    source envpeer1soft
    export ORDERER_ADMIN_TLS_SIGN_CERT=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/tls-msp/signcerts/cert.pem
    export ORDERER_ADMIN_TLS_PRIVATE_KEY=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer1/tls-msp/keystore/key.pem
    osnadmin channel join -o orderer1.council.ifantasy.net:7052 --channelID testchannel --config-block $LOCAL_ROOT_PATH/data/testchannel.block --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY"
    osnadmin channel list -o orderer1.council.ifantasy.net:7052 --ca-file $ORDERER_CA --client-cert $ORDERER_ADMIN_TLS_SIGN_CERT --client-key $ORDERER_ADMIN_TLS_PRIVATE_KEY
    export ORDERER_ADMIN_TLS_SIGN_CERT=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/tls-msp/signcerts/cert.pem
    export ORDERER_ADMIN_TLS_PRIVATE_KEY=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer2/tls-msp/keystore/key.pem
    osnadmin channel join -o orderer2.council.ifantasy.net:7055 --channelID testchannel --config-block $LOCAL_ROOT_PATH/data/testchannel.block --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY"
    osnadmin channel list -o orderer2.council.ifantasy.net:7055 --ca-file $ORDERER_CA --client-cert $ORDERER_ADMIN_TLS_SIGN_CERT --client-key $ORDERER_ADMIN_TLS_PRIVATE_KEY
    export ORDERER_ADMIN_TLS_SIGN_CERT=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/tls-msp/signcerts/cert.pem
    export ORDERER_ADMIN_TLS_PRIVATE_KEY=$LOCAL_CA_PATH/council.ifantasy.net/registers/orderer3/tls-msp/keystore/key.pem
    osnadmin channel join -o orderer3.council.ifantasy.net:7058 --channelID testchannel --config-block $LOCAL_ROOT_PATH/data/testchannel.block --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY"
    osnadmin channel list -o orderer3.council.ifantasy.net:7058 --ca-file $ORDERER_CA --client-cert $ORDERER_ADMIN_TLS_SIGN_CERT --client-key $ORDERER_ADMIN_TLS_PRIVATE_KEY
  4. (III) membership of organizationstestchannelChannel:

    source envpeer1soft
    peer channel join -b $LOCAL_CA_PATH/soft.ifantasy.net/assets/testchannel.block
    peer channel list
    source envpeer1web
    peer channel join -b $LOCAL_CA_PATH/web.ifantasy.net/assets/testchannel.block
    peer channel list
    source envpeer1hard
    peer channel join -b $LOCAL_CA_PATH/hard.ifantasy.net/assets/testchannel.block
    peer channel list

    Deploy test chain code

    Run directly under the root directory4_TestChaincode.shThe chain code installation and test of this experimental example can be completed.

  5. III. organization and installation chain code:

    source envpeer1soft
    # peer lifecycle chaincode package basic.tar.gz --path asset-transfer-basic/chaincode-go --label basic_1
    peer lifecycle chaincode install basic.tar.gz
    peer lifecycle chaincode queryinstalled
    source envpeer1web
    peer lifecycle chaincode install basic.tar.gz
    peer lifecycle chaincode queryinstalled
    source envpeer1hard
    peer lifecycle chaincode install basic.tar.gz
    peer lifecycle chaincode queryinstalled
  6. III. organization approval chain code:

    export CHAINCODE_ID=basic_1:06613e463ef6694805dd896ca79634a2de36fdf019fa7976467e6e632104d718
    source envpeer1soft
    peer lifecycle chaincode approveformyorg -o orderer1.council.ifantasy.net:7051 --tls --cafile $ORDERER_CA  --channelID testchannel --name basic --version 1.0 --sequence 1 --waitForEvent --init-required --package-id $CHAINCODE_ID
    peer lifecycle chaincode queryapproved -C testchannel -n basic --sequence 1
    source envpeer1web
    peer lifecycle chaincode approveformyorg -o orderer3.council.ifantasy.net:7057 --tls --cafile $ORDERER_CA  --channelID testchannel --name basic --version 1.0 --sequence 1 --waitForEvent --init-required --package-id $CHAINCODE_ID
    peer lifecycle chaincode queryapproved -C testchannel -n basic --sequence 1
    source envpeer1hard
    peer lifecycle chaincode approveformyorg -o orderer2.council.ifantasy.net:7054 --tls --cafile $ORDERER_CA  --channelID testchannel --name basic --version 1.0 --sequence 1 --waitForEvent --init-required --package-id $CHAINCODE_ID
    peer lifecycle chaincode queryapproved -C testchannel -n basic --sequence 1
  7. Check whether the chain code is ready for submission:

    peer lifecycle chaincode checkcommitreadiness -o orderer1.council.ifantasy.net:7051 --tls --cafile $ORDERER_CA --channelID testchannel --name basic --version 1.0 --sequence 1 --init-required

    Hyperledger fabric non sorting organization starts multiple orderer services with raft protocol, and TLS organization runs and maintains orderer services

  8. Initialize and call chain code:

    source envpeer1soft
    peer lifecycle chaincode commit -o orderer2.council.ifantasy.net:7054 --tls --cafile $ORDERER_CA --channelID testchannel --name basic --init-required --version 1.0 --sequence 1 --peerAddresses peer1.soft.ifantasy.net:7251 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer1.web.ifantasy.net:7351 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE
    peer lifecycle chaincode querycommitted --channelID testchannel --name basic -o orderer1.council.ifantasy.net:7051 --tls --cafile $ORDERER_CA --peerAddresses peer1.soft.ifantasy.net:7251 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE
    peer chaincode invoke --isInit -o orderer1.council.ifantasy.net:7051 --tls --cafile $ORDERER_CA --channelID testchannel --name basic --peerAddresses peer1.soft.ifantasy.net:7251 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer1.web.ifantasy.net:7351 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE -c '{"Args":["InitLedger"]}'
    sleep 5
    peer chaincode invoke -o orderer1.council.ifantasy.net:7051 --tls --cafile $ORDERER_CA --channelID testchannel --name basic --peerAddresses peer1.soft.ifantasy.net:7251 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer1.web.ifantasy.net:7351 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE -c '{"Args":["GetAllAssets"]}'

    Hyperledger fabric non sorting organization starts multiple orderer services with raft protocol, and TLS organization runs and maintains orderer services

<!– 1: author Article title Place of publication [date published or updated] – >


  1. 1 ↩