区块链兄弟社区，区块链技术专业问答先行者，中国区块链技术爱好者聚集地

作者：吴寿鹤

来源：区块链兄弟

原文链接：http://www.blockchainbrother.com/article/18

著权归作者所有。商业转载请联系作者获得授权，非商业转载请注明出处。

编译fabric tools 我们会编译以下几个工具： github.com/hyperledger/fabric/common/configtx/tool/configtxgen github.com/hyperledger/fabric/common/tools/cryptogen github.com/hyperledger/fabric/common/tools/configtxlator github.com/hyperledger/fabric/peer 以上每个工具都需要读取一个yaml文件配置，在配置文件中我们指明网络的拓扑结构，证书地址等。 cd $GOPATH/src/github.com/hyperledger/fabric make release

ls -rtl release/linux-amd64/bin

-rwxrwxr-x 1 shouhewu shouhewu 15124356 Jul 17 13:58 configtxgen -rwxrwxr-x 1 shouhewu shouhewu 7315638 Jul 17 13:58 cryptogen -rwxrwxr-x 1 shouhewu shouhewu 16141847 Jul 17 13:58 configtxlator -rwxrwxr-x 1 shouhewu shouhewu 22949903 Jul 17 13:58 peer -rwxrwxr-x 1 shouhewu shouhewu 19942880 Jul 17 13:59 orderer -rwxrwxr-x 1 shouhewu shouhewu 774 Jul 17 13:59 get-docker-images.sh -rwxrwxr-x 1 shouhewu shouhewu 458 Jul 17 13:59 get-byfn.sh Cryptogen Tool（cryptogen) 我们会使用crptogen tool 为网络中的节点，用户生成密码证书(x509 certs)。 怎么运行的？ Cryptogen 读取 crypto-config.yaml 文件，yaml文件中包含网络拓扑结构，这个yaml文件可以帮我们为每个组织和组织中的成员生成证书库。每个组织分配一个根证书（ca-cert)，这个根证书会绑定一些peers和orders到这个组织。fabric中的交易和通信都会被一个参与者的私钥（keystore）签名，并会被公钥（signcerts)验证.yaml配置文件中有一个"count"变量，我们用这个变量表示一个组织中会有多少个节点。在我们的文档的例子中每个组织会有两个节点。 crypto-config.yaml ：

Copyright IBM Corp. All Rights Reserved.

SPDX-License-Identifier: Apache-2.0

---------------------------------------------------------------------------

"OrdererOrgs" - Definition of organizations managing orderer nodes

---------------------------------------------------------------------------

OrdererOrgs:

---------------------------------------------------------------------------

Orderer

---------------------------------------------------------------------------

- Name: Orderer

Domain: example.com

---------------------------------------------------------------------------

"Specs" - See PeerOrgs below for complete description

---------------------------------------------------------------------------

Specs:

• Hostname: orderer

---------------------------------------------------------------------------

"PeerOrgs" - Definition of organizations managing peer nodes

---------------------------------------------------------------------------

PeerOrgs:

---------------------------------------------------------------------------

Org1

---------------------------------------------------------------------------

- Name: Org1

Domain: org1.example.com

---------------------------------------------------------------------------

"Specs"

---------------------------------------------------------------------------

Uncomment this section to enable the explicit definition of hosts in your

configuration. Most users will want to use Template, below

Specs is an array of Spec entries. Each Spec entry consists of two fields:

#   - Hostname:   (Required) The desired hostname, sans the domain.

- CommonName: (Optional) Specifies the template or explicit override for

the CN. By default, this is the template:

#

"{{.Hostname}}.{{.Domain}}"

which obtains its values from the Spec.Hostname and

Org.Domain, respectively.

---------------------------------------------------------------------------

Specs:

#   - Hostname: foo # implicitly "foo.org1.example.com"

CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above

- Hostname: bar

- Hostname: baz

---------------------------------------------------------------------------

"Template"

---------------------------------------------------------------------------

Allows for the definition of 1 or more hosts that are created sequentially

from a template. By default, this looks like "peer%d" from 0 to Count-1.

You may override the number of nodes (Count), the starting index (Start)

or the template used to construct the name (Hostname).

Note: Template and Specs are not mutually exclusive. You may define both

sections and the aggregate nodes will be created for you. Take care with

name collisions

---------------------------------------------------------------------------

Template:

Count: 2

Start: 5

Hostname: {{.Prefix}}{{.Index}} # default

---------------------------------------------------------------------------

"Users"

---------------------------------------------------------------------------

Count: The number of user accounts in addition to Admin

---------------------------------------------------------------------------

Users:

Count: 1

---------------------------------------------------------------------------

Org2: See "Org1" for full specification

---------------------------------------------------------------------------

- Name: Org2

Domain: org2.example.com Template: Count: 2 Users: Count: 1

执行结果 执行完cryptogen命令后，生成的证书会放在 crypto-config 文件夹中 。 ll crypto-config

drwxr-xr-x 4 shouhewu shouhewu 4096 Jul 17 15:15 ./ drwxr-xr-x 9 shouhewu shouhewu 4096 Jul 17 15:18 ../ drwxr-xr-x 3 shouhewu shouhewu 4096 Jul 17 15:15 ordererOrganizations/ drwxr-xr-x 4 shouhewu shouhewu 4096 Jul 17 15:15 peerOrganizations/

Configuration Transaction Generator（configtxgen) configtxgen tool 用来生成四个artifacts：orderer bootstrap block,fabric channel configuration transaction,two anchor peer transactions（每个组织一个） orderer block 是ordering service 的创世区块，在channel创建的时候channel transaction 文件会广播给orderer。anchor peer transaction表示每个组织在channel中的anchor 节点。 怎么工作的？ configtxgen会读取 configtx.yaml 配置文件。这个yaml 文件包含网络的定义，网络中有三个成员 一个orderer(OrdererOrg),两个peer(Org1,Org2)，yaml文件中还包含一个由两个组织构成的联盟(SampleConsortium)。 在yaml文件最上方 “Profile”段落中，有两个header，一个是orderer genesis block - TwoOrgsOrdererGenesis ,另一个是channel - TwoOrgsChannel。这两个header十分重要，我们创建artifacts是我们会把他们作为参数传入。yaml文件中还包含另外两个东西：1.每个peer 组中的anchor peer（peer0.org1.example.com & peer0.org2.example.com） 。2. 每个成员的MSP 目录位置，它允许我们把每个组织的根证书会存在orderer genesis block中。 configtx.yaml

################################################################################

Profile

- Different configuration profiles may be encoded here to be specified

as parameters to the configtxgen tool

################################################################################ Profiles:

TwoOrgsOrdererGenesis:
    Orderer:
        <<: *OrdererDefaults

Organizations: - *OrdererOrg Consortiums: SampleConsortium: Organizations: - *Org1 - *Org2 TwoOrgsChannel: Consortium: SampleConsortium Application: <<: *ApplicationDefaults Organizations: - *Org1 - *Org2

################################################################################

Section: Organizations

- This section defines the different organizational identities which will

be referenced later in the configuration.

################################################################################ Organizations:

# SampleOrg defines an MSP using the sampleconfig.  It should never be used

in production but may be used as a template for other definitions

• &OrdererOrg

DefaultOrg defines the organization which is used in the sampleconfig

of the fabric.git development environment

Name: OrdererOrg

ID to load the MSP definition as

ID: OrdererMSP

MSPDir is the filesystem path which contains the MSP configuration

MSPDir: crypto-config/ordererOrganizations/example.com/msp

• &Org1

DefaultOrg defines the organization which is used in the sampleconfig

of the fabric.git development environment

Name: Org1MSP

ID to load the MSP definition as

ID: Org1MSP

MSPDir: crypto-config/peerOrganizations/org1.example.com/msp

AnchorPeers: # AnchorPeers defines the location of peers which can be used

for cross org gossip communication. Note, this value is only

encoded in the genesis block in the Application section context

• Host: peer0.org1.example.com Port: 7051

• &Org2

DefaultOrg defines the organization which is used in the sampleconfig

of the fabric.git development environment

Name: Org2MSP

ID to load the MSP definition as

ID: Org2MSP

MSPDir: crypto-config/peerOrganizations/org2.example.com/msp

AnchorPeers: # AnchorPeers defines the location of peers which can be used

for cross org gossip communication. Note, this value is only

encoded in the genesis block in the Application section context

• Host: peer0.org2.example.com Port: 7051

################################################################################

SECTION: Orderer

- This section defines the values to encode into a config transaction or

genesis block for orderer related parameters

################################################################################ Orderer: &OrdererDefaults

Orderer Type: The orderer implementation to start

Available types are "solo" and "kafka"

OrdererType: solo

Addresses: - orderer.example.com:7050

Batch Timeout: The amount of time to wait before creating a batch

BatchTimeout: 2s

Batch Size: Controls the number of messages batched into a block

BatchSize:

# Max Message Count: The maximum number of messages to permit in a batch

MaxMessageCount: 10

Absolute Max Bytes: The absolute maximum number of bytes allowed for

the serialized messages in a batch.

AbsoluteMaxBytes: 98 MB

Preferred Max Bytes: The preferred maximum number of bytes allowed for

the serialized messages in a batch. A message larger than the preferred

max bytes will result in a batch larger than preferred max bytes.

PreferredMaxBytes: 512 KB

Kafka: # Brokers: A list of Kafka brokers to which the orderer connects

NOTE: Use IP:port notation

Brokers: - 127.0.0.1:9092

Organizations is the list of orgs which are defined as participants on

the orderer side of the network

Organizations:

################################################################################

SECTION: Application

- This section defines the values to encode into a config transaction or

genesis block for application related parameters

################################################################################ Application: &ApplicationDefaults

Organizations is the list of orgs which are defined as participants on

the application side of the network

Organizations:

执行结果 configtxgen 会把每个成员的证书打包，输出一个orderer genesis block 和三个channel transaction artifacts。 ll channel-artifacts/

drwxr-xr-x 2 shouhewu shouhewu 4096 Jul 17 15:15 ./ drwxr-xr-x 9 shouhewu shouhewu 4096 Jul 17 15:18 ../ -rw-r--r-- 1 shouhewu shouhewu 369 Jul 17 15:21 channel.tx -rw-r--r-- 1 shouhewu shouhewu 9076 Jul 17 15:21 genesis.block -rw-rw-r-- 1 shouhewu shouhewu 0 Jul 17 15:14 .gitkeep -rw-r--r-- 1 shouhewu shouhewu 250 Jul 17 15:21 Org1MSPanchors.tx -rw-r--r-- 1 shouhewu shouhewu 250 Jul 17 15:21 Org2MSPanchors.tx 文章发布只为分享区块链技术内容，版权归原作者所有，观点仅代表作者本人，绝不代表区块链兄弟赞同其观点或证实其描述