安装Hyperledger Fabric 2.2后执行以下操作

一、搭建基础网络

1.生成证书素材

cd  ~/work/example/organizations/

vim crypto-config.yaml 

OrdererOrgs:- Name: OrdererOrgDomain: example.com #此处是根域名不是orderer.example.comSpecs:- Hostname: ordererPeerOrgs:- Name: Org1MSPDomain: org1.example.comTemplate:Count: 1Users:Count: 1- Name: Org2MSPDomain: org2.example.comTemplate:Count: 1Users:Count: 1

创建证书命令

cryptogen generate --config=crypto-config.yaml --output ./

2.配置所有服务器网络host

sudo vim /etc/hosts

192.168.1.108 orderer.example.com
192.168.1.112 peer0.org1.example.com
192.168.1.111 peer0.org2.example.com

3.生成系统的创始区块

cd ~/work/example/order
vim configtx.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#---
################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################
Organizations:# SampleOrg defines an MSP using the sampleconfig.  It should never be used# in production but may be used as a template for other definitions- &OrdererOrg# DefaultOrg defines the organization which is used in the sampleconfig# of the fabric.git development environmentName: OrdererOrg# ID to load the MSP definition asID: OrdererMSP# MSPDir is the filesystem path which contains the MSP configurationMSPDir: ../organizations/ordererOrganizations/example.com/msp# Policies defines the set of policies at this level of the config tree# For organization policies, their canonical path is usually#   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>Policies:Readers:Type: SignatureRule: "OR('OrdererMSP.member')"Writers:Type: SignatureRule: "OR('OrdererMSP.member')"Admins:Type: SignatureRule: "OR('OrdererMSP.admin')"OrdererEndpoints:- orderer.example.com:7050- &Org1# DefaultOrg defines the organization which is used in the sampleconfig# of the fabric.git development environmentName: Org1MSP# ID to load the MSP definition asID: Org1MSPMSPDir: ../organizations/peerOrganizations/org1.example.com/msp# Policies defines the set of policies at this level of the config tree# For organization policies, their canonical path is usually#   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>Policies:Readers:Type: SignatureRule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"Writers:Type: SignatureRule: "OR('Org1MSP.admin', 'Org1MSP.client')"Admins:Type: SignatureRule: "OR('Org1MSP.admin')"Endorsement:Type: Signature# Rule: "OR('Org1MSP.peer')" #写peer时审议代码时总报背书验证错误Rule: "OR('Org1MSP.member')"# leave this flag set to true.AnchorPeers:# AnchorPeers defines the location of peers which can be used# for cross org gossip communication.  Note, this value is only# encoded in the genesis block in the Application section context- Host: peer0.org1.example.comPort: 7051- &Org2# DefaultOrg defines the organization which is used in the sampleconfig# of the fabric.git development environmentName: Org2MSP# ID to load the MSP definition asID: Org2MSPMSPDir: ../organizations/peerOrganizations/org2.example.com/msp# Policies defines the set of policies at this level of the config tree# For organization policies, their canonical path is usually#   /Channel/<Application|Orderer>/<OrgName>/<PolicyName>Policies:Readers:Type: SignatureRule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"Writers:Type: SignatureRule: "OR('Org2MSP.admin', 'Org2MSP.client')"Admins:Type: SignatureRule: "OR('Org2MSP.admin')"Endorsement:Type: Signature# Rule: "OR('Org2MSP.peer')" ##写peer时审议代码时总报背书验证错误Rule: "OR('Org2MSP.member')"AnchorPeers:# AnchorPeers defines the location of peers which can be used# for cross org gossip communication.  Note, this value is only# encoded in the genesis block in the Application section context- Host: peer0.org2.example.comPort: 7051################################################################################
#
#   SECTION: Capabilities
#
#   - This section defines the capabilities of fabric network. This is a new
#   concept as of v1.1.0 and should not be utilized in mixed networks with
#   v1.0.x peers and orderers.  Capabilities define features which must be
#   present in a fabric binary for that binary to safely participate in the
#   fabric network.  For instance, if a new MSP type is added, newer binaries
#   might recognize and validate the signatures from this type, while older
#   binaries without this support would be unable to validate those
#   transactions.  This could lead to different versions of the fabric binaries
#   having different world states.  Instead, defining a capability for a channel
#   informs those binaries without this capability that they must cease
#   processing transactions until they have been upgraded.  For v1.0.x if any
#   capabilities are defined (including a map with all capabilities turned off)
#   then the v1.0.x peer will deliberately crash.
#
################################################################################
Capabilities:# Channel capabilities apply to both the orderers and the peers and must be# supported by both.# Set the value of the capability to true to require it.Channel: &ChannelCapabilities# V2_0 capability ensures that orderers and peers behave according# to v2.0 channel capabilities. Orderers and peers from# prior releases would behave in an incompatible way, and are therefore# not able to participate in channels at v2.0 capability.# Prior to enabling V2.0 channel capabilities, ensure that all# orderers and peers on a channel are at v2.0.0 or later.V2_0: true# Orderer capabilities apply only to the orderers, and may be safely# used with prior release peers.# Set the value of the capability to true to require it.Orderer: &OrdererCapabilities# V2_0 orderer capability ensures that orderers behave according# to v2.0 orderer capabilities. Orderers from# prior releases would behave in an incompatible way, and are therefore# not able to participate in channels at v2.0 orderer capability.# Prior to enabling V2.0 orderer capabilities, ensure that all# orderers on channel are at v2.0.0 or later.V2_0: true# Application capabilities apply only to the peer network, and may be safely# used with prior release orderers.# Set the value of the capability to true to require it.Application: &ApplicationCapabilities# V2_0 application capability ensures that peers behave according# to v2.0 application capabilities. Peers from# prior releases would behave in an incompatible way, and are therefore# not able to participate in channels at v2.0 application capability.# Prior to enabling V2.0 application capabilities, ensure that all# peers on channel are at v2.0.0 or later.V2_0: true################################################################################
#
#   SECTION: Application
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults# Organizations is the list of orgs which are defined as participants on# the application side of the networkOrganizations:# Policies defines the set of policies at this level of the config tree# For Application policies, their canonical path is#   /Channel/Application/<PolicyName>Policies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"LifecycleEndorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Endorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Capabilities:<<: *ApplicationCapabilities
################################################################################
#
#   SECTION: Orderer
#
#   - This section defines the values to encode into a config transaction or
#   genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults# Orderer Type: The orderer implementation to startOrdererType: etcdraftEtcdRaft:Consenters:- Host: orderer.example.comPort: 7050ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crtServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt# Batch Timeout: The amount of time to wait before creating a batchBatchTimeout: 2s# Batch Size: Controls the number of messages batched into a blockBatchSize:# Max Message Count: The maximum number of messages to permit in a batchMaxMessageCount: 10# Absolute Max Bytes: The absolute maximum number of bytes allowed for# the serialized messages in a batch.AbsoluteMaxBytes: 99 MB# Preferred Max Bytes: The preferred maximum number of bytes allowed for# the serialized messages in a batch. A message larger than the preferred# max bytes will result in a batch larger than preferred max bytes.PreferredMaxBytes: 512 KB# Organizations is the list of orgs which are defined as participants on# the orderer side of the networkOrganizations:# Policies defines the set of policies at this level of the config tree# For Orderer policies, their canonical path is#   /Channel/Orderer/<PolicyName>Policies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"# BlockValidation specifies what signatures must be included in the block# from the orderer for the peer to validate it.BlockValidation:Type: ImplicitMetaRule: "ANY Writers"################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults# Policies defines the set of policies at this level of the config tree# For Channel policies, their canonical path is#   /Channel/<PolicyName>Policies:# Who may invoke the 'Deliver' APIReaders:Type: ImplicitMetaRule: "ANY Readers"# Who may invoke the 'Broadcast' APIWriters:Type: ImplicitMetaRule: "ANY Writers"# By default, who may modify elements at this config levelAdmins:Type: ImplicitMetaRule: "MAJORITY Admins"# Capabilities describes the channel level capabilities, see the# dedicated Capabilities section elsewhere in this file for a full# descriptionCapabilities:<<: *ChannelCapabilities################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:TwoOrgsOrdererGenesis:<<: *ChannelDefaultsOrderer:<<: *OrdererDefaultsOrganizations:- *OrdererOrgCapabilities:<<: *OrdererCapabilitiesConsortiums:SampleConsortium:Organizations:- *Org1- *Org2TwoOrgsChannel:Consortium: SampleConsortium<<: *ChannelDefaultsApplication:<<: *ApplicationDefaultsOrganizations:- *Org1- *Org2Capabilities:<<: *ApplicationCapabilities

生成系统创始区块
configtxgen -profile TwoOrgsOrdererGenesis -channelID system-channel -outputBlock ./system-genesis-block/genesis.block

4.创建应用通道创建事务

1.创建通道创建事务
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel1.tx -channelID channel1

5.启动order

在order目录中放入orderer.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#---
################################################################################
#
#   Orderer Configuration
#
#   - This controls the type and configuration of the orderer.
#
################################################################################
General:# Listen address: The IP on which to bind to listen.ListenAddress: orderer.example.com# Listen port: The port on which to bind to listen.ListenPort: 7050# TLS: TLS settings for the GRPC server.TLS:Enabled: true# PrivateKey governs the file location of the private key of the TLS certificate.PrivateKey: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key# Certificate governs the file location of the server TLS certificate.Certificate: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crtRootCAs:- ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crtClientAuthRequired: false #此处暂时为false，正式环境是否需要设置为true，而且下面的值也不确定填写什么（如只写一个组织的那其它组织怎么办）ClientRootCAs:# Keepalive settings for the GRPC server.Keepalive:# ServerMinInterval is the minimum permitted time between client pings.# If clients send pings more frequently, the server will# disconnect them.ServerMinInterval: 60s# ServerInterval is the time between pings to clients.ServerInterval: 7200s# ServerTimeout is the duration the server waits for a response from# a client before closing the connection.ServerTimeout: 20s# Cluster settings for ordering service nodes that communicate with other ordering service nodes# such as Raft based ordering service.Cluster:# SendBufferSize is the maximum number of messages in the egress buffer.# Consensus messages are dropped if the buffer is full, and transaction# messages are waiting for space to be freed.SendBufferSize: 10# ClientCertificate governs the file location of the client TLS certificate# used to establish mutual TLS connections with other ordering service nodes.ClientCertificate:# ClientPrivateKey governs the file location of the private key of the client TLS certificate.ClientPrivateKey:# The below 4 properties should be either set together, or be unset together.# If they are set, then the orderer node uses a separate listener for intra-cluster# communication. If they are unset, then the general orderer listener is used.# This is useful if you want to use a different TLS server certificates on the# client-facing and the intra-cluster listeners.# ListenPort defines the port on which the cluster listens to connections.ListenPort:# ListenAddress defines the IP on which to listen to intra-cluster communication.ListenAddress:# ServerCertificate defines the file location of the server TLS certificate used for intra-cluster# communication.ServerCertificate:# ServerPrivateKey defines the file location of the private key of the TLS certificate.ServerPrivateKey:# Bootstrap method: The method by which to obtain the bootstrap block# system channel is specified. The option can be one of:#   "file" - path to a file containing the genesis block or config block of system channel#   "none" - allows an orderer to start without a system channel configurationBootstrapMethod: file# Bootstrap file: The file containing the bootstrap block to use when# initializing the orderer system channel and BootstrapMethod is set to# "file".  The bootstrap file can be the genesis block, and it can also be# a config block for late bootstrap of some consensus methods like Raft.# Generate a genesis block by updating $FABRIC_CFG_PATH/configtx.yaml and# using configtxgen command with "-outputBlock" option.# Defaults to file "genesisblock" (in $FABRIC_CFG_PATH directory) if not specified.BootstrapFile: ./system-genesis-block/genesis.block# LocalMSPDir is where to find the private crypto material needed by the# orderer. It is set relative here as a default for dev environments but# should be changed to the real location in production.LocalMSPDir: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/# LocalMSPID is the identity to register the local MSP material with the MSP# manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP# ID of one of the organizations defined in the orderer system channel's# /Channel/Orderer configuration. The sample organization defined in the# sample configuration provided has an MSP ID of "SampleOrg".LocalMSPID: OrdererMSP #注意这里写ID不要写NAME很容易错# Enable an HTTP service for Go "pprof" profiling as documented at:# https://golang.org/pkg/net/http/pprofProfile:Enabled: falseAddress: 0.0.0.0:6060# BCCSP configures the blockchain crypto service providers.BCCSP:# Default specifies the preferred blockchain crypto service provider# to use. If the preferred provider is not available, the software# based provider ("SW") will be used.# Valid providers are:#  - SW: a software based crypto provider#  - PKCS11: a CA hardware security module crypto provider.Default: SW# SW configures the software based blockchain crypto provider.SW:# TODO: The default Hash and Security level needs refactoring to be# fully configurable. Changing these defaults requires coordination# SHA2 is hardcoded in several places, not only BCCSPHash: SHA2Security: 256# Location of key store. If this is unset, a location will be# chosen using: 'LocalMSPDir'/keystoreFileKeyStore:KeyStore:# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)PKCS11:# Location of the PKCS11 module libraryLibrary:# Token LabelLabel:# User PINPin:Hash:Security:FileKeyStore:KeyStore:# Authentication contains configuration parameters related to authenticating# client messagesAuthentication:# the acceptable difference between the current server time and the# client's time as specified in a client request messageTimeWindow: 15m################################################################################
#
#   SECTION: File Ledger
#
#   - This section applies to the configuration of the file or json ledgers.
#
################################################################################
FileLedger:# Location: The directory to store the blocks in.# NOTE: If this is unset, a new temporary location will be chosen every time# the orderer is restarted, using the prefix specified by Prefix.Location: production/orderer/# The prefix to use when generating a ledger directory in temporary space.# Otherwise, this value is ignored.Prefix: hyperledger-fabric-ordererledger################################################################################
#
#   SECTION: Kafka
#
#   - This section applies to the configuration of the Kafka-based orderer, and
#     its interaction with the Kafka cluster.
#
################################################################################
Kafka:# Retry: What do if a connection to the Kafka cluster cannot be established,# or if a metadata request to the Kafka cluster needs to be repeated.Retry:# When a new channel is created, or when an existing channel is reloaded# (in case of a just-restarted orderer), the orderer interacts with the# Kafka cluster in the following ways:# 1. It creates a Kafka producer (writer) for the Kafka partition that# corresponds to the channel.# 2. It uses that producer to post a no-op CONNECT message to that# partition# 3. It creates a Kafka consumer (reader) for that partition.# If any of these steps fail, they will be re-attempted every# <ShortInterval> for a total of <ShortTotal>, and then every# <LongInterval> for a total of <LongTotal> until they succeed.# Note that the orderer will be unable to write to or read from a# channel until all of the steps above have been completed successfully.ShortInterval: 5sShortTotal: 10mLongInterval: 5mLongTotal: 12h# Affects the socket timeouts when waiting for an initial connection, a# response, or a transmission. See Config.Net for more info:# https://godoc.org/github.com/Shopify/sarama#ConfigNetworkTimeouts:DialTimeout: 10sReadTimeout: 10sWriteTimeout: 10s# Affects the metadata requests when the Kafka cluster is in the middle# of a leader election.See Config.Metadata for more info:# https://godoc.org/github.com/Shopify/sarama#ConfigMetadata:RetryBackoff: 250msRetryMax: 3# What to do if posting a message to the Kafka cluster fails. See# Config.Producer for more info:# https://godoc.org/github.com/Shopify/sarama#ConfigProducer:RetryBackoff: 100msRetryMax: 3# What to do if reading from the Kafka cluster fails. See# Config.Consumer for more info:# https://godoc.org/github.com/Shopify/sarama#ConfigConsumer:RetryBackoff: 2s# Settings to use when creating Kafka topics.  Only applies when# Kafka.Version is v0.10.1.0 or higherTopic:# The number of Kafka brokers across which to replicate the topicReplicationFactor: 3# Verbose: Enable logging for interactions with the Kafka cluster.Verbose: false# TLS: TLS settings for the orderer's connection to the Kafka cluster.TLS:# Enabled: Use TLS when connecting to the Kafka cluster.Enabled: false# PrivateKey: PEM-encoded private key the orderer will use for# authentication.PrivateKey:# As an alternative to specifying the PrivateKey here, uncomment the# following "File" key and specify the file name from which to load the# value of PrivateKey.#File: path/to/PrivateKey# Certificate: PEM-encoded signed public key certificate the orderer will# use for authentication.Certificate:# As an alternative to specifying the Certificate here, uncomment the# following "File" key and specify the file name from which to load the# value of Certificate.#File: path/to/Certificate# RootCAs: PEM-encoded trusted root certificates used to validate# certificates from the Kafka cluster.RootCAs:# As an alternative to specifying the RootCAs here, uncomment the# following "File" key and specify the file name from which to load the# value of RootCAs.#File: path/to/RootCAs# SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokersSASLPlain:# Enabled: Use SASL/PLAIN to authenticate with Kafka brokersEnabled: false# User: Required when Enabled is set to trueUser:# Password: Required when Enabled is set to truePassword:# Kafka protocol version used to communicate with the Kafka cluster brokers# (defaults to 0.10.2.0 if not specified)Version:################################################################################
#
#   Debug Configuration
#
#   - This controls the debugging options for the orderer
#
################################################################################
Debug:# BroadcastTraceDir when set will cause each request to the Broadcast service# for this orderer to be written to a file in this directoryBroadcastTraceDir:# DeliverTraceDir when set will cause each request to the Deliver service# for this orderer to be written to a file in this directoryDeliverTraceDir:################################################################################
#
#   Operations Configuration
#
#   - This configures the operations server endpoint for the orderer
#
################################################################################
Operations: #生产环境此处该如何设置# host and port for the operations serverListenAddress: 127.0.0.1:8443# TLS configuration for the operations endpointTLS:# TLS enabledEnabled: false# Certificate is the location of the PEM encoded TLS certificateCertificate:# PrivateKey points to the location of the PEM-encoded keyPrivateKey:# Most operations service endpoints require client authentication when TLS# is enabled. ClientAuthRequired requires client certificate authentication# at the TLS layer to access all resources.ClientAuthRequired: false# Paths to PEM encoded ca certificates to trust for client authenticationClientRootCAs: []################################################################################
#
#   Metrics  Configuration
#
#   - This configures metrics collection for the orderer
#
################################################################################
Metrics:# The metrics provider is one of statsd, prometheus, or disabledProvider: disabled# The statsd configurationStatsd:# network type: tcp or udpNetwork: udp# the statsd server addressAddress: 127.0.0.1:8125# The interval at which locally cached counters and gauges are pushed# to statsd; timings are pushed immediatelyWriteInterval: 30s# The prefix is prepended to all emitted statsd metricsPrefix:################################################################################
#
#   Consensus Configuration
#
#   - This section contains config options for a consensus plugin. It is opaque
#     to orderer, and completely up to consensus implementation to make use of.
#
################################################################################
Consensus:# The allowed key-value pairs here depend on consensus plugin. For etcd/raft,# we use following options:# WALDir specifies the location at which Write Ahead Logs for etcd/raft are# stored. Each channel will have its own subdir named after channel ID.WALDir: etcdraft/wal# SnapDir specifies the location at which snapshots for etcd/raft are# stored. Each channel will have its own subdir named after channel ID.SnapDir: etcdraft/snapshot

启动orderer

orderer start

6.启动peer

在192.168.1.112上部署Org1MSP的peer   peer0.org1.example.com

cd ~/work/example
mkdir organizations/peerOrganizations
cd organizations/peerOrganizations
scp -r dev1@192.168.1.108:/home/dev1/work/example/organizations/peerOrganizations/org1.example.com org1.example.comcd ~/work/example/peer
vim core.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
################################################################################
#
#    Peer section
#
###############################################################################
peer:# The peer id provides a name for this peer instance and is used when# naming docker resources.id: peer0.org1.example.com# The networkId allows for logical separation of networks and is used when# naming docker resources.networkId: dev1# The Address at local network interface this Peer will listen on.# By default, it will listen on all network interfaceslistenAddress: 0.0.0.0:7051# The endpoint this peer uses to listen for inbound chaincode connections.# If this is commented-out, the listen address is selected to be# the peer's address (see below) with port 7052# chaincodeListenAddress: 0.0.0.0:7052# The endpoint the chaincode for this peer uses to connect to the peer.# If this is not specified, the chaincodeListenAddress address is selected.# And if chaincodeListenAddress is not specified, address is selected from# peer listenAddress.# chaincodeAddress: 0.0.0.0:7052# When used as peer config, this represents the endpoint to other peers# in the same organization. For peers in other organization, see# gossip.externalEndpoint for more info.# When used as CLI config, this means the peer's endpoint to interact withaddress: 0.0.0.0:7051# Whether the Peer should programmatically determine its address# This case is useful for docker containers.addressAutoDetect: false# Keepalive settings for peer server and clientskeepalive:# Interval is the duration after which if the server does not see# any activity from the client it pings the client to see if it's aliveinterval: 7200s# Timeout is the duration the server waits for a response# from the client after sending a ping before closing the connectiontimeout: 20s# MinInterval is the minimum permitted time between client pings.# If clients send pings more frequently, the peer server will# disconnect themminInterval: 60s# Client keepalive settings for communicating with other peer nodesclient:# Interval is the time between pings to peer nodes.  This must# greater than or equal to the minInterval specified by peer# nodesinterval: 60s# Timeout is the duration the client waits for a response from# peer nodes before closing the connectiontimeout: 20s# DeliveryClient keepalive settings for communication with ordering# nodes.deliveryClient:# Interval is the time between pings to ordering nodes.  This must# greater than or equal to the minInterval specified by ordering# nodes.interval: 60s# Timeout is the duration the client waits for a response from# ordering nodes before closing the connectiontimeout: 20s# Gossip related configurationgossip:# Bootstrap set to initialize gossip with.# This is a list of other peers that this peer reaches out to at startup.# Important: The endpoints here have to be endpoints of peers in the same# organization, because the peer would refuse connecting to these endpoints# unless they are in the same organization as the peer.bootstrap: 127.0.0.1:7051# NOTE: orgLeader and useLeaderElection parameters are mutual exclusive.# Setting both to true would result in the termination of the peer# since this is undefined state. If the peers are configured with# useLeaderElection=false, make sure there is at least 1 peer in the# organization that its orgLeader is set to true.# Defines whenever peer will initialize dynamic algorithm for# "leader" selection, where leader is the peer to establish# connection with ordering service and use delivery protocol# to pull ledger blocks from ordering service. It is recommended to# use leader election for large networks of peers.useLeaderElection: true# Statically defines peer to be an organization "leader",# where this means that current peer will maintain connection# with ordering service and disseminate block across peers in# its own organizationorgLeader: false# Interval for membershipTracker pollingmembershipTrackerInterval: 5s# Overrides the endpoint that the peer publishes to peers# in its organization. For peers in foreign organizations# see 'externalEndpoint'endpoint:# Maximum count of blocks stored in memorymaxBlockCountToStore: 100# Max time between consecutive message pushes(unit: millisecond)maxPropagationBurstLatency: 10ms# Max number of messages stored until a push is triggered to remote peersmaxPropagationBurstSize: 10# Number of times a message is pushed to remote peerspropagateIterations: 1# Number of peers selected to push messages topropagatePeerNum: 3# Determines frequency of pull phases(unit: second)# Must be greater than digestWaitTime + responseWaitTimepullInterval: 4s# Number of peers to pull frompullPeerNum: 3# Determines frequency of pulling state info messages from peers(unit: second)requestStateInfoInterval: 4s# Determines frequency of pushing state info messages to peers(unit: second)publishStateInfoInterval: 4s# Maximum time a stateInfo message is kept until expiredstateInfoRetentionInterval:# Time from startup certificates are included in Alive messages(unit: second)publishCertPeriod: 10s# Should we skip verifying block messages or not (currently not in use)skipBlockVerification: false# Dial timeout(unit: second)dialTimeout: 3s# Connection timeout(unit: second)connTimeout: 2s# Buffer size of received messagesrecvBuffSize: 20# Buffer size of sending messagessendBuffSize: 200# Time to wait before pull engine processes incoming digests (unit: second)# Should be slightly smaller than requestWaitTimedigestWaitTime: 1s# Time to wait before pull engine removes incoming nonce (unit: milliseconds)# Should be slightly bigger than digestWaitTimerequestWaitTime: 1500ms# Time to wait before pull engine ends pull (unit: second)responseWaitTime: 2s# Alive check interval(unit: second)aliveTimeInterval: 5s# Alive expiration timeout(unit: second)aliveExpirationTimeout: 25s# Reconnect interval(unit: second)reconnectInterval: 25s# This is an endpoint that is published to peers outside of the organization.# If this isn't set, the peer will not be known to other organizations.externalEndpoint: peer0.org1.example.com:7051# Leader election service configurationelection:# Longest time peer waits for stable membership during leader election startup (unit: second)startupGracePeriod: 15s# Interval gossip membership samples to check its stability (unit: second)membershipSampleInterval: 1s# Time passes since last declaration message before peer decides to perform leader election (unit: second)leaderAliveThreshold: 10s# Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second)leaderElectionDuration: 5spvtData:# pullRetryThreshold determines the maximum duration of time private data corresponding for a given block# would be attempted to be pulled from peers until the block would be committed without the private datapullRetryThreshold: 60s# As private data enters the transient store, it is associated with the peer's ledger's height at that time.# transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit,# and the private data residing inside the transient store that is guaranteed not to be purged.# Private data is purged from the transient store when blocks with sequences that are multiples# of transientstoreMaxBlockRetention are committed.transientstoreMaxBlockRetention: 1000# pushAckTimeout is the maximum time to wait for an acknowledgement from each peer# at private data push at endorsement time.pushAckTimeout: 3s# Block to live pulling margin, used as a buffer# to prevent peer from trying to pull private data# from peers that is soon to be purged in next N blocks.# This helps a newly joined peer catch up to current# blockchain height quicker.btlPullMargin: 10# the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to# pull from the other peers the most recent missing blocks with a maximum batch size limitation.# reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a# single iteration.reconcileBatchSize: 10# reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning# of the next reconciliation iteration.reconcileSleepInterval: 1m# reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not.reconciliationEnabled: true# skipPullingInvalidTransactionsDuringCommit is a flag that indicates whether pulling of invalid# transaction's private data from other peers need to be skipped during the commit time and pulled# only through reconciler.skipPullingInvalidTransactionsDuringCommit: false# implicitCollectionDisseminationPolicy specifies the dissemination  policy for the peer's own implicit collection.# When a peer endorses a proposal that writes to its own implicit collection, below values override the default values# for disseminating private data.# Note that it is applicable to all channels the peer has joined. The implication is that requiredPeerCount has to# be smaller than the number of peers in a channel that has the lowest numbers of peers from the organization.implicitCollectionDisseminationPolicy:# requiredPeerCount defines the minimum number of eligible peers to which the peer must successfully# disseminate private data for its own implicit collection during endorsement. Default value is 0.requiredPeerCount: 0# maxPeerCount defines the maximum number of eligible peers to which the peer will attempt to# disseminate private data for its own implicit collection during endorsement. Default value is 1.maxPeerCount: 1# Gossip state transfer related configurationstate:# indicates whenever state transfer is enabled or not# default value is true, i.e. state transfer is active# and takes care to sync up missing blocks allowing# lagging peer to catch up to speed with rest networkenabled: true# checkInterval interval to check whether peer is lagging behind enough to# request blocks via state transfer from another peer.checkInterval: 10s# responseTimeout amount of time to wait for state transfer response from# other peersresponseTimeout: 3s# batchSize the number of blocks to request via state transfer from another peerbatchSize: 10# blockBufferSize reflects the size of the re-ordering buffer# which captures blocks and takes care to deliver them in order# down to the ledger layer. The actually buffer size is bounded between# 0 and 2*blockBufferSize, each channel maintains its own bufferblockBufferSize: 100# maxRetries maximum number of re-tries to ask# for single state transfer requestmaxRetries: 3# TLS Settingstls:# Require server-side TLSenabled:  true# Require client certificates / mutual TLS.# Note that clients that are not configured to use a certificate will# fail to connect to the peer.clientAuthRequired: false #正式环境是否要设置为true，下方clientKey该如何设置。若为true，在peer channel list会报错# X.509 certificate used for TLS servercert:file: ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt# Private key used for TLS server (and client if clientAuthEnabled# is set to truekey:file: ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key# Trusted root certificate chain for tls.certrootcert:file: ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt# Set of root certificate authorities used to verify client certificatesclientRootCAs:files:- ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt# Private key used for TLS when making client connections.  If# not set, peer.tls.key.file will be used insteadclientKey:file: # X.509 certificate used for TLS when making client connections.# If not set, peer.tls.cert.file will be used insteadclientCert:file:# Authentication contains configuration parameters related to authenticating# client messagesauthentication:# the acceptable difference between the current server time and the# client's time as specified in a client request messagetimewindow: 15m# Path on the file system where peer will store data (eg ledger). This# location must be access control protected to prevent unintended# modification that might corrupt the peer operations.fileSystemPath: ./production# BCCSP (Blockchain crypto provider): Select which crypto implementation or# library to useBCCSP:Default: SW# Settings for the SW crypto provider (i.e. when DEFAULT: SW)SW:# TODO: The default Hash and Security level needs refactoring to be# fully configurable. Changing these defaults requires coordination# SHA2 is hardcoded in several places, not only BCCSPHash: SHA2Security: 256# Location of Key StoreFileKeyStore:# If "", defaults to 'mspConfigPath'/keystoreKeyStore:# Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11)PKCS11:# Location of the PKCS11 module libraryLibrary:# Token LabelLabel:# User PINPin:Hash:Security:# Path on the file system where peer will find MSP local configurationsmspConfigPath: ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp# Identifier of the local MSP# ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!----# Deployers need to change the value of the localMspId string.# In particular, the name of the local MSP ID of a peer needs# to match the name of one of the MSPs in each of the channel# that this peer is a member of. Otherwise this peer's messages# will not be identified as valid by other nodes.localMspId: Org1MSP# CLI common client config optionsclient:# connection timeoutconnTimeout: 3s# Delivery service related configdeliveryclient:# It sets the total time the delivery service may spend in reconnection# attempts until its retry logic gives up and returns an errorreconnectTotalTimeThreshold: 3600s# It sets the delivery service <-> ordering service node connection timeoutconnTimeout: 3s# It sets the delivery service maximal delay between consecutive retriesreConnectBackoffThreshold: 3600s# A list of orderer endpoint addresses which should be overridden# when found in channel configurations.addressOverrides:#  - from:#    to:#    caCertsFile:#  - from:#    to:#    caCertsFile:# Type for the local MSP - by default it's of type bccsplocalMspType: bccsp# Used with Go profiling tools only in none production environment. In# production, it should be disabled (eg enabled: false)profile:enabled:     falselistenAddress: 0.0.0.0:6060# Handlers defines custom handlers that can filter and mutate# objects passing within the peer, such as:#   Auth filter - reject or forward proposals from clients#   Decorators  - append or mutate the chaincode input passed to the chaincode#   Endorsers   - Custom signing over proposal response payload and its mutation# Valid handler definition contains:#   - A name which is a factory method name defined in#     core/handlers/library/library.go for statically compiled handlers#   - library path to shared object binary for pluggable filters# Auth filters and decorators are chained and executed in the order that# they are defined. For example:# authFilters:#   -#     name: FilterOne#     library: /opt/lib/filter.so#   -#     name: FilterTwo# decorators:#   -#     name: DecoratorOne#   -#     name: DecoratorTwo#     library: /opt/lib/decorator.so# Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden.# Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality# as the default ESCC.# If the 'library' property is missing, the name is used as the constructor method in the builtin library similar# to auth filters and decorators.# endorsers:#   escc:#     name: DefaultESCC#     library: /etc/hyperledger/fabric/plugin/escc.sohandlers:authFilters:-name: DefaultAuth-name: ExpirationCheck    # This filter checks identity x509 certificate expirationdecorators:-name: DefaultDecoratorendorsers:escc:name: DefaultEndorsementlibrary:validators:vscc:name: DefaultValidationlibrary:#    library: /etc/hyperledger/fabric/plugin/escc.so# Number of goroutines that will execute transaction validation in parallel.# By default, the peer chooses the number of CPUs on the machine. Set this# variable to override that choice.# NOTE: overriding this value might negatively influence the performance of# the peer so please change this value only if you know what you're doingvalidatorPoolSize:# The discovery service is used by clients to query information about peers,# such as - which peers have joined a certain channel, what is the latest# channel config, and most importantly - given a chaincode and a channel,# what possible sets of peers satisfy the endorsement policy.discovery:enabled: true# Whether the authentication cache is enabled or not.authCacheEnabled: true# The maximum size of the cache, after which a purge takes placeauthCacheMaxSize: 1000# The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulationauthCachePurgeRetentionRatio: 0.75# Whether to allow non-admins to perform non channel scoped queries.# When this is false, it means that only peer admins can perform non channel scoped queries.orgMembersAllowedAccess: false# Limits is used to configure some internal resource limits.limits:# Concurrency limits the number of concurrently running requests to a service on each peer.# Currently this option is only applied to endorser service and deliver service.# When the property is missing or the value is 0, the concurrency limit is disabled for the service.concurrency:# endorserService limits concurrent requests to endorser service that handles chaincode deployment, query and invocation,# including both user chaincodes and system chaincodes.endorserService: 2500# deliverService limits concurrent event listeners registered to deliver service for blocks and transaction events.deliverService: 2500###############################################################################
#
#    VM section
#
###############################################################################
vm:# Endpoint of the vm management system.  For docker can be one of the following in general# unix:///var/run/docker.sock# http://localhost:2375# https://localhost:2376endpoint: unix:///var/run/docker.sock# settings for docker vmsdocker:tls:enabled: falseca:file: docker/ca.crtcert:file: docker/tls.crtkey:file: docker/tls.key# Enables/disables the standard out/err from chaincode containers for# debugging purposesattachStdout: false# Parameters on creating docker container.# Container may be efficiently created using ipam & dns-server for cluster# NetworkMode - sets the networking mode for the container. Supported# standard values are: `host`(default),`bridge`,`ipvlan`,`none`.# Dns - a list of DNS servers for the container to use.# Note:  `Privileged` `Binds` `Links` and `PortBindings` properties of# Docker Host Config are not supported and will not be used if set.# LogConfig - sets the logging driver (Type) and related options# (Config) for Docker. For more info,# https://docs.docker.com/engine/admin/logging/overview/# Note: Set LogConfig using Environment Variables is not supported.hostConfig:NetworkMode: hostDns:# - 192.168.0.1LogConfig:Type: json-fileConfig:max-size: "50m"max-file: "5"Memory: 2147483648###############################################################################
#
#    Chaincode section
#
###############################################################################
chaincode:# The id is used by the Chaincode stub to register the executing Chaincode# ID with the Peer and is generally supplied through ENV variables# the `path` form of ID is provided when installing the chaincode.# The `name` is used for all other requests and can be any string.id:path:name:# Generic builder environment, suitable for most chaincode typesbuilder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION)# Enables/disables force pulling of the base docker images (listed below)# during user chaincode instantiation.# Useful when using moving image tags (such as :latest)pull: falsegolang:# golang will never need more than baseosruntime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION)# whether or not golang chaincode should be linked dynamicallydynamicLink: falsejava:# This is an image based on java:openjdk-8 with addition compiler# tools added for java shim layer packaging.# This image is packed with shim layer libraries that are necessary# for Java chaincode runtime.runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION)node:# This is an image based on node:$(NODE_VER)-alpineruntime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION)# List of directories to treat as external builders and launchers for# chaincode. The external builder detection processing will iterate over the# builders in the order specified below.externalBuilders: []# - path: /path/to/directory#   name: descriptive-builder-name#   environmentWhitelist:#      - ENVVAR_NAME_TO_PROPAGATE_FROM_PEER#      - GOPROXY# The maximum duration to wait for the chaincode build and install process# to complete.installTimeout: 300s# Timeout duration for starting up a container and waiting for Register# to come through.startuptimeout: 300s# Timeout duration for Invoke and Init calls to prevent runaway.# This timeout is used by all chaincodes in all the channels, including# system chaincodes.# Note that during Invoke, if the image is not available (e.g. being# cleaned up when in development environment), the peer will automatically# build the image, which might take more time. In production environment,# the chaincode image is unlikely to be deleted, so the timeout could be# reduced accordingly.executetimeout: 30s# There are 2 modes: "dev" and "net".# In dev mode, user runs the chaincode after starting peer from# command line on local machine.# In net mode, peer will run chaincode in a docker container.mode: net# keepalive in seconds. In situations where the communication goes through a# proxy that does not support keep-alive, this parameter will maintain connection# between peer and chaincode.# A value <= 0 turns keepalive offkeepalive: 0# system chaincodes whitelist. To add system chaincode "myscc" to the# whitelist, add "myscc: enable" to the list below, and register in# chaincode/importsysccs.gosystem:_lifecycle: enablecscc: enablelscc: enableescc: enablevscc: enableqscc: enable# Logging section for the chaincode containerlogging:# Default level for all loggers within the chaincode containerlevel:  info# Override default level for the 'shim' loggershim:   warning# Format for the chaincode container logsformat: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'###############################################################################
#
#    Ledger section - ledger configuration encompasses both the blockchain
#    and the state
#
###############################################################################
ledger:blockchain:state:# stateDatabase - options are "goleveldb", "CouchDB"# goleveldb - default state database stored in goleveldb.# CouchDB - store state database in CouchDBstateDatabase: goleveldb# Limit on the number of records to return per querytotalQueryLimit: 100000couchDBConfig:# It is recommended to run CouchDB on the same server as the peer, and# not map the CouchDB container port to a server port in docker-compose.# Otherwise proper security must be provided on the connection between# CouchDB client (on the peer) and server.couchDBAddress: 127.0.0.1:5984# This username must have read and write authority on CouchDBusername:# The password is recommended to pass as an environment variable# during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD).# If it is stored here, the file must be access control protected# to prevent unintended users from discovering the password.password:# Number of retries for CouchDB errorsmaxRetries: 3# Number of retries for CouchDB errors during peer startupmaxRetriesOnStartup: 12# CouchDB request timeout (unit: duration, e.g. 20s)requestTimeout: 35s# Limit on the number of records per each CouchDB query# Note that chaincode queries are only bound by totalQueryLimit.# Internally the chaincode may execute multiple CouchDB queries,# each of size internalQueryLimit.internalQueryLimit: 1000# Limit on the number of records per CouchDB bulk update batchmaxBatchUpdateSize: 1000# Warm indexes after every N blocks.# This option warms any indexes that have been# deployed to CouchDB after every N blocks.# A value of 1 will warm indexes after every block commit,# to ensure fast selector queries.# Increasing the value may improve write efficiency of peer and CouchDB,# but may degrade query response time.warmIndexesAfterNBlocks: 1# Create the _global_changes system database# This is optional.  Creating the global changes database will require# additional system resources to track changes and maintain the databasecreateGlobalChangesDB: false# CacheSize denotes the maximum mega bytes (MB) to be allocated for the in-memory state# cache. Note that CacheSize needs to be a multiple of 32 MB. If it is not a multiple# of 32 MB, the peer would round the size to the next multiple of 32 MB.# To disable the cache, 0 MB needs to be assigned to the cacheSize.cacheSize: 64history:# enableHistoryDatabase - options are true or false# Indicates if the history of key updates should be stored.# All history 'index' will be stored in goleveldb, regardless if using# CouchDB or alternate database for the state.enableHistoryDatabase: truepvtdataStore:# the maximum db batch size for converting# the ineligible missing data entries to eligible missing data entriescollElgProcMaxDbBatchSize: 5000# the minimum duration (in milliseconds) between writing# two consecutive db batches for converting the ineligible missing data entries to eligible missing data entriescollElgProcDbBatchesInterval: 1000###############################################################################
#
#    Operations section
#
###############################################################################
operations:# host and port for the operations serverlistenAddress: 127.0.0.1:9443# TLS configuration for the operations endpointtls:# TLS enabledenabled: false #生产环境是否要设置# path to PEM encoded server certificate for the operations servercert:file:# path to PEM encoded server key for the operations serverkey:file:# most operations service endpoints require client authentication when TLS# is enabled. clientAuthRequired requires client certificate authentication# at the TLS layer to access all resources.clientAuthRequired: false# paths to PEM encoded ca certificates to trust for client authenticationclientRootCAs:files: []###############################################################################
#
#    Metrics section
#
###############################################################################
metrics:# metrics provider is one of statsd, prometheus, or disabledprovider: disabled# statsd configurationstatsd:# network type: tcp or udpnetwork: udp# statsd server addressaddress: 127.0.0.1:8125# the interval at which locally cached counters and gauges are pushed# to statsd; timings are pushed immediatelywriteInterval: 10s# prefix is prepended to all emitted statsd metricsprefix:

到peer目录中
export FABRIC_CFG_PATH=$PWDexport CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051启动peer
peer node start >> log_peer.log 2>&1 &

7.创建应用通道

复制所需通信证书和通道创建事务

到organizations目录
cd ../organizations
mkdir orderer.example.com
cd orderer.example.com
scp -r dev1@192.168.1.108:/home/dev1/work/example/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts tlscacerts返回peer目录
cd ../../peer/
scp -r dev1@192.168.1.108:/home/dev1/work/example/order/channel-artifacts channel-artifacts

export FABRIC_CFG_PATH=$PWD
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051自定义orderer的tls ca证书变量
ORDERER_TLSCA=${PWD}/../organizations/orderer.example.com/tlscacerts/tlsca.example.com-cert.pem创建通道
peer channel create -o orderer.example.com:7050  -c channel1 -f ./channel-artifacts/channel1.tx --outputBlock ./channel-artifacts/channel1.block --tls --cafile $ORDERER_TLSCA如报错则将日志调整为DEBUG级别，查看原因
export FABRIC_LOGGING_SPEC=DEBUG将peer加入到channel中
peer channel join -b ./channel-artifacts/channel1.block验证peer是否已加入到通道中，命令会列出区块高度和最新的块的哈希值
peer channel getinfo -c channel1

8. 将org2的peer加入通道

复制org2的证书素材
cd ~/work/example
mkdir -p organizations/peerOrganizations
cd organizations/peerOrganizations
scp -r dev1@192.168.1.108:/home/dev1/work/example/organizations/peerOrganizations/org2.example.com org2.example.com复制order的tls证书
cd ~/work/example/organizations/
mkdir orderer.example.com
cd orderer.example.com
scp -r dev1@192.168.1.108:/home/dev1/work/example/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts tlscacerts

加入配置文件core.yaml

cd ~/work/example/peer
vim core.yaml对照org1的core.yaml做以下修改15 peer.id: peer0.org2.example.com
162 peer.gossip.externalEndpoint: peer0.org2.example.com:7051254 peer.tls.cert.file: ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt258 peer.tls.key.file: ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key261 peer.tls.rootcert.file: 
../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt265 peer.tls.clientRootCAs.files: 
- ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt314 peer.mspConfigPath: ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp323 peer.localMspId: Org2MSP

设置变量，并启动peer

export FABRIC_CFG_PATH=$PWD
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051自定义orderer的tls ca证书变量
ORDERER_TLSCA=${PWD}/../organizations/orderer.example.com/tlscacerts/tlsca.example.com-cert.pem启动peer
peer node start >> log_peer.log 2>&1 &

系统已经有了通道channel1，Org2从Orderer获取通道的创始区块，命令中0来指定要获取的是创始区块。

export FABRIC_CFG_PATH=$PWD
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051自定义orderer的tls ca证书变量
ORDERER_TLSCA=${PWD}/../organizations/orderer.example.com/tlscacerts/tlsca.example.com-cert.pemmkdir channel-artifacts
peer channel fetch 0 ./channel-artifacts/channel_org2.block -o orderer.example.com:7050  -c channel1 --tls --cafile $ORDERER_TLSCA

使用这个区块将Org2的peer加入通道channel1

export FABRIC_CFG_PATH=$PWD
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051自定义orderer的tls ca证书变量
ORDERER_TLSCA=${PWD}/../organizations/orderer.example.com/tlscacerts/tlsca.example.com-cert.pempeer channel join -b ./channel-artifacts/channel_org2.block

9.设置锚节点

一个组织至少需要一个peer成为锚节点，最好设置多个锚节点以备冗余。组织的锚节点的信息在通道的配置中，组织通过升级通道来指定自己的锚节点。流程和通道更新的步骤相似。

先设置Org1的锚节点

第一步，设置环境变量，并拉取最新的通道配置区块

export FABRIC_CFG_PATH=$PWD
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051自定义orderer的tls ca证书变量
ORDERER_TLSCA=${PWD}/../organizations/orderer.example.com/tlscacerts/tlsca.example.com-cert.pempeer channel fetch config channel-artifacts/config_block.pb -o orderer.example.com:7050  -c channel1 --tls --cafile $ORDERER_TLSCA

因为最新的通道配置区块是通道创始区块，所以返回block 0

cd channel-artifacts

第二步，使用configtxlator工具来操作通道配置，先将区块从protobuf转译到JSON，去掉不能理解的区块数据，只留下通道配置

configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
jq .data.data[0].payload.data.config config_block.json > config.json

第三步，编辑配置文件

先复制一份

cp config.json config_copy.json

用jq工具来将Org1锚节点加入到通道配置文件

jq '.channel_group.groups.Application.groups.Org1MSP.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "peer0.org1.example.com","port": 7051}]},"version": "0"}}' config_copy.json > modified_config.json

第四步，将原来的配置文件和修改过的配置文件转到protobuf格式，并核算它们之间的不同。

configtxlator proto_encode --input config.json --type common.Config --output config.pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
configtxlator compute_update --channel_id channel1 --original config.pb --updated modified_config.pb --output config_update.pb

第五步，将修改的protobuf格式的配置channel_update.pb封装在事务中，并创建通道升级事务。

configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"channel1", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pb

第六步，更新通道配置，因为修改部分只影响Org1，另一个通道不需要签名本次升级。

cd ..
peer channel update -f channel-artifacts/config_update_in_envelope.pb -c channel1 -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA

至此，Org1设置锚节点完成。

下面设置Org2

export FABRIC_CFG_PATH=$PWD
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051ORDERER_TLSCA=${PWD}/../organizations/orderer.example.com/tlscacerts/tlsca.example.com-cert.pempeer channel fetch config channel-artifacts/config_block.pb -o orderer.example.com:7050  -c channel1 --tls --cafile $ORDERER_TLSCA

cd channel-artifacts
configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
jq .data.data[0].payload.data.config config_block.json > config.json
cp config.json config_copy.json

注意此处修改的内容host和port，要改为实际的
jq '.channel_group.groups.Application.groups.Org2MSP.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "peer0.org2.example.com","port": 7051}]},"version": "0"}}' config_copy.json > modified_config.json

configtxlator proto_encode --input config.json --type common.Config --output config.pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
configtxlator compute_update --channel_id channel1 --original config.pb --updated modified_config.pb --output config_update.pb

configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"channel1", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pb

cd ..
peer channel update -f channel-artifacts/config_update_in_envelope.pb -c channel1 -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA

确认是否已升级

peer channel getinfo -c channel1返回：
Blockchain info: {"height":3,"currentBlockHash":"eBpwWKTNUgnXGpaY2ojF4xeP3bWdjlPHuxiPCTIMxTk=","previousBlockHash":"DpJ8Yvkg79XHXNfdgneDb0jjQlXLb/wxuNypbfHMjas="}

二、部署链码

首先将链码放入自建目录中，先从Org2的peer上操作

cd ~/work/example/peer
mkdir chaincode
cp -r ../../fabric-samples/chaincode/sacc chaincode/sacc

Org1从Org2上复制链码源码

cd ~/work/example/peer
mkdir chaincode
scp dev3@192.168.1.111:/home/dev3/work/fabric-samples/chaincode/sacc chaincode/sacc

第一步，在Org1和Org2的peer上安装链码

在Org1和Org2的peer中，分别执行以下步骤，将链码安装到各自的peer上。

将链码sacc.go放入 ~/work/example/peer/chaincode/sacc中。执行以下代码配置好依赖包

cd chaincode/sacc/
go env -w GO111MODULE=on
go mod init
go mod tidy
go mod vendor

打包链码

cd ~/work/example/peer
export FABRIC_CFG_PATH=$PWD
peer lifecycle chaincode package chaincode/sacc.tar.gz --path chaincode/sacc --lang golang --label sacc_1

在peer上安装链码

Org1上安装

export FABRIC_CFG_PATH=$PWD
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051ORDERER_TLSCA=${PWD}/../organizations/orderer.example.com/tlscacerts/tlsca.example.com-cert.pempeer lifecycle chaincode install chaincode/sacc.tar.gz
peer lifecycle chaincode queryinstalled 查询确认一下

Org2上安装

export FABRIC_CFG_PATH=$PWD
export CORE_PEER_TLS_ENABLED=true
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PWD}/../organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051ORDERER_TLSCA=${PWD}/../organizations/orderer.example.com/tlscacerts/tlsca.example.com-cert.pempeer lifecycle chaincode install chaincode/sacc.tar.gz
peer lifecycle chaincode queryinstalled 查询确认一下

第二步，签名（审议）链码定义

Org1和Org2的peer分别执行以下操作

获取Package ID

peer lifecycle chaincode queryinstalled

将Package ID放入环境变量（相同的链码，在不同的peer上，PackageID的值是一样的，似乎与证书等都无关）

export CC_PACKAGE_ID=sacc_1:b33357c4012471d8bd96ba48fd2a12ada5fedfbfd6d623590295778500a0368d

签名链码定义。签名链码定义是组织级别的，所以只需要一个peer节点操作，审议结果会通过gossip协议通知到组织内。

peer lifecycle chaincode approveformyorg -o orderer.example.com:7050  --channelID channel1 --init-required --name sacc --version 1.0 --package-id $CC_PACKAGE_ID --sequence 1 --tls --cafile $ORDERER_TLSCA

--package-id标识链码；--sequence是整数序列，第一次部署值为1，当链码升级时值为2；--init-required 表示链码需要初始化，第一次invoke时，使用--isInit来初始化链码，执行init函数。

查询确认结果

peer lifecycle chaincode checkcommitreadiness --channelID channel1 --init-required --name sacc --version 1.0 --sequence 1 --tls --cafile $ORDERER_TLSCA --output json

第三步，向channel提交链码定义

当通道内大多数成员都已审议了链码定义后，可以提交链码到通道。提交需要用--peerAddresses来指定Org1和Org2中的两个节点，即需要有满足部署链码策略的足够的成员。组织已经同意了链码定义，因此选择组织中任意一个peer即可。

首先现将Org2的peer0.org2.example.com的tls证书复制过来

cd ../organizations/
mkdir -p peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/
scp -r dev1@192.168.1.108:/home/dev1/work/example/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/

提交链码

cd ~/work/example/peer
peer lifecycle chaincode commit -o orderer.example.com:7050 --channelID channel1 --init-required --name sacc --version 1.0 --sequence 1 --tls --cafile $ORDERER_TLSCA --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles ${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt

查询链码是否已经被提交到通道上

peer lifecycle chaincode querycommitted --channelID channel1 --name sacc --cafile $ORDERER_TLSCA

提交成功了会返回

Committed chaincode definition for chaincode 'sacc' on channel 'channel1':
Version: 1.0, Sequence: 1, Endorsement Plugin: escc, Validation Plugin: vscc, Approvals: [Org1MSP: true, Org2MSP: true]

三、调用链码

链码调用需要有足够的满足背书策略的节点

链码初始化

因链码定义中有--init-required，所以需要首先调用初始化函数Init。通过--isInit来指定运行Init函数

peer chaincode invoke -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles ${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt --isInit -c '{"Args":["a","bb"]}'

此处因链码Init函数中使用stub.GetStringArgs()来获取参数，所以只需要传递具体值即可，不用传函数名。'{"Args":["a","bb"]}'

调用链码

此时链码中的Invoke函数，使用stub.GetFunctionAndParameters()来获取参数。第一个参数是函数名，第二个是函数参数的数组。注意需要使用--peerAddresses来收集足够多的背书节点，否则链码虽然会执行，但不会改变账本的数据。

peer chaincode invoke -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $CORE_PEER_TLS_ROOTCERT_FILE --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles ${PWD}/../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt  -c '{"Args":["set","a","cc"]}'

查询

以下两种均可

peer chaincode invoke -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc   -c '{"Args":["get","a"]}'peer chaincode query -o orderer.example.com:7050 --tls --cafile $ORDERER_TLSCA -C channel1 -n sacc  -c '{"Args":["query","a"]}'