何可的博客

0%

某厂 Fabric 初探

发表于 更新于 分类于 Valine:
本文字数: 24k 阅读时长 ≈ 22 分钟

版本

Hyperledger Fabric v1.1.1

channel

1
2
3
4
5
6
7
8
9
10
11
12
13
root@b3f3826264fa:/# peer channel list
2019-12-04 02:09:39.549 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2019-12-04 02:09:39.549 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2019-12-04 02:09:39.555 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2019-12-04 02:09:39.555 UTC [msp/identity] Sign -> DEBU 004 Sign: plaintext: 0A9D070A5C08031A0C08E3AA9CEF0510...631A0D0A0B4765744368616E6E656C73
2019-12-04 02:09:39.555 UTC [msp/identity] Sign -> DEBU 005 Sign: digest: A33C440C5A4370A0E455D742CDA69CC36021F5B2FC192C62E99A7A5EAFD254E2
Channels peers has joined:
xxxx004
xxxxchannel
default
factortest
xxxx003
2019-12-04 02:09:39.558 UTC [main] main -> INFO 006 Exiting.....

chaincode

1
2
3
4
5
6
7
8
root@b3f3826264fa:/# peer chaincode list --installed
2019-12-04 02:07:02.544 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2019-12-04 02:07:02.544 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2019-12-04 02:07:02.544 UTC [msp/identity] Sign -> DEBU 003 Sign: plaintext: 0A9D070A5C08031A0C08C6A99CEF0510...74616C6C6564436861696E636F646573
2019-12-04 02:07:02.544 UTC [msp/identity] Sign -> DEBU 004 Sign: digest: 9016D98CD8F36AA34046329907B503286F13C3D987761275FFF21453F4972DCE
Get installed chaincodes on peer:
Name: factor, Version: 1.0.0, Path: /var/hyperledger/production/chaincodes/xxxxchannel/factor.1.0.0, Id: 5fae66d11e0090cf4d5fb6d31c2b0af52312247553392b2653193a364eb146a6, ChannelId: xxxxchannel, TypeName: GOLANGName: factor, Version: 1.0.1, Path: /var/hyperledger/production/chaincodes/xxxxchannel/factor.1.0.1, Id: 6bd9bdeeabc4ebbb883c7e7446a3617abc7df9237f2395418d1d775939d7bde9, ChannelId: xxxxchannel, TypeName: GOLANGName: commondata, Version: 1.0.0, Path: /var/hyperledger/production/chaincodes/default/commondata.1.0.0, Id: 0b9852f6bf0d9012aa04edb7bb23722cbdc989c8ca4151929742f6162b0acd06, ChannelId: default,
TypeName: JAVA2019-12-04 02:07:02.566 UTC [main] main -> INFO 005 Exiting.....

可以查看 system channel

主要差异比较

crypto-config.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
PeerOrgs:
  - Name: xxxx
Domain: xxxxtest.fabric.test
EnableNodeOUs: false
CA:
  Country: CN
  Province: Beijing
  Locality: Beijing
Specs:
  - Hostname: kafka0
  - Hostname: kafka1
  - Hostname: kafka2
  - Hostname: kafka3
  - Hostname: orderer0
  - Hostname: orderer1
  - Hostname: peer0
  - Hostname: peer1
  - Hostname: sdk
Users:
  Count: 1

弃用 OrdererOrgs Ordere 和 Peer 节点用同一套 CA

configtx.yaml

仅差异部分

Profiles 只有 xxxxOrdererGenesis (既是 Orderer 组织,又是 Peer 组织)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Profiles:
xxxxOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *xxxx
Capabilities:
<<: *OrdererCapabilities
Consortiums:
xxxx:
Organizations:
- *xxxx
Consortium: xxxx
Application:
<<: *ApplicationDefaults
Organizations:
- *xxxx
Capabilities:
<<: *ApplicationCapabilities

Organizations 增加了 Role 键, orderer, peer 均用 orderer0 MSP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
Organizations:
  # SampleOrg defines an MSP using the sampleconfig.  It should never be used
  # in production but may be used as a template for other definitions
  - &xxxx
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: xxxx

# ID to load the MSP definition as
ID: xxxx

# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: xxxx.orderer0/msp

# AdminPrincipal: Role.admin

# BCCSP (Blockchain crypto provider): Select which crypto implementation or
# library to use

Role: Core_Member, Main_Member, Operator, developer, KYC
AnchorPeers:
  # AnchorPeers defines the location of peers which can be used
  # for cross org gossip communication.  Note, this value is only
  # encoded in the genesis block in the Application section context
  - Host: peer0.xxxxtest.fabric.test
Port: 7051
  - Host: peer1.xxxxtest.fabric.test
Port: 7051

Application 增加了 EndorsementPolicy 键

1
2
3
4
5
6
7
8
9
10
11
12
13
14
Application: &ApplicationDefaults

# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:

EndorsementPolicy:
   # 核心成员、运营机构和KYC机构参与背书签名
   Role: Core_Member, Operator, KYC, Regulator
   # 要求超过51%的结果一致
   Percentage: 51
   # 可以特别定审计机构参与背书验证
   # AuditOrgMspIDs:
   #- xxxmspid

Policy

某厂版本未配置 Policy ,默认为MAJORITY, 我们定义 Policy.RuleANY

Orderer 切块部分配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Orderer:
  &OrdererDefaults # Batch Timeout: The amount of time to wait before creating a batch
  BatchTimeout: 2s

  # Batch Size: Controls the number of messages batched into a block
  BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 20

# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 32 MB

# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB

对比自己的切块基线值

1
2
3
4
5
Orderer: &OrdererDefaults
  BatchTimeout: 1s
  BatchSize:
MaxMessageCount: 100
AbsoluteMaxBytes: 98 MB

另外如 kafka.timeout, peer.keepalive 等类似切块的键值,对此次验证影响不大,不再列举

orderer docker-compose.yml 及配置

  1. 开启客户端 TLS 认证

    1
    2
    3
    4
    # 设置orderer节点是否开启客户端TLS连接验证
    - ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true
    # 设置orderer所属机构客户端的中间TLS证书,以数组形式指定
    - ORDERER_GENERAL_TLS_CLIENTROOTCAS=[xxxx.orderer0/tls/ca.crt]

  2. oredererkafka 通讯 TLS 证书为 MSP 证书

    1
    2
    3
    4
    5
    6
    7
    8
    Kafka:
      TLS:
    PrivateKey:
      File: /etc/hyperledger/fabric/xxxx.orderer0/tls/server.key
    Certificate:
      File: /etc/hyperledger/fabric/xxxx.orderer0/tls/server.crt
    RootCAs:
      File: /etc/hyperledger/fabric/tlsca.xxxxtest.fabric.test.cer

  3. 增加 Orderer Authentication 

    1
    2
    3
    4
    5
    General:
        # Orderer Authentication
        Authentication:
            Readers:    /Channel/Readers
            Writers:    /Channel/Writes

peer docker-compose.yml 及配置

  1. 开启客户端/双向 TLS 认证

    1
    2
    - CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
    - CORE_PEER_TLS_CLIENTROOTCAS_FILES=xxxx.peer0/tls/ca.crt

  2. 指定 Leader

    1
    2
    3
    4
    peer:
      gossip:
    useLeaderElection: false
    orgLeader: true

  3. system chaincode 启用

    1
    2
    3
    4
    5
    6
    7
    8
    9
    chaincode:
      system:
    cscc: enable
    lscc: enable
    escc: enable
    vscc: enable
    qscc: enable
    rscc: disable
    votescc: enable

操作问题记录

以下操作在测试环境未找找到相关工具及痕迹,故用 fabric-samples 命令执行,记录如下

creat channel artifacts

主要步骤

  1. 使用 fabric-samples configtxgen 工具及某厂版本 configtx.yaml 生成 artifacts,结果如下:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    [root@localhost /home/blockchain/cli-peer0.org1/tools]# ./generate_artifacts.sh 2 xxxxchannel
    xxxxchannel
    mkdir: cannot create directory ‘channel-artifacts’: File exists

    #################################################################
    ### Generating channel configuration transaction 'channel.tx' ###
    #################################################################
    + /home/blockchain/cli-peer0.org1/tools/cryptotool/linux-amd64/bin/configtxgen.old -profile xxxxOrdererGenesis -outputCreateChannelTx ./channel-artifacts/xxxxchannel_tx.pb -channelID xxxxchannel
    2019-12-04 09:43:45.891 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
    2019-12-04 09:43:45.896 CST [common/tools/configtxgen/localconfig] Load -> CRIT 002 Error unmarshaling config into struct:  6 error(s) decoding:

    * 'Application' has invalid keys: EndorsementPolicy
    * 'Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Application' has invalid keys: EndorsementPolicy
    * 'Profiles[xxxxOrdererGenesis].Application.Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Consortiums[xxxx].Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Orderer.Organizations[0]' has invalid keys: Role
    2019-12-04 09:43:45.896 CST [common/tools/configtxgen] func1 -> CRIT 003 Error unmarshaling config into struct: 6 error(s) decoding:

    * 'Application' has invalid keys: EndorsementPolicy
    * 'Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Application' has invalid keys: EndorsementPolicy
    * 'Profiles[xxxxOrdererGenesis].Application.Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Consortiums[xxxx].Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Orderer.Organizations[0]' has invalid keys: Role
    panic: Error unmarshaling config into struct: 6 error(s) decoding:

    * 'Application' has invalid keys: EndorsementPolicy
    * 'Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Application' has invalid keys: EndorsementPolicy
    * 'Profiles[xxxxOrdererGenesis].Application.Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Consortiums[xxxx].Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Orderer.Organizations[0]' has invalid keys: Role [recovered]
    	panic: Error unmarshaling config into struct: 6 error(s) decoding:

    * 'Application' has invalid keys: EndorsementPolicy
    * 'Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Application' has invalid keys: EndorsementPolicy
    * 'Profiles[xxxxOrdererGenesis].Application.Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Consortiums[xxxx].Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Orderer.Organizations[0]' has invalid keys: Role

    goroutine 1 [running]:
    github.com/hyperledger/fabric/vendor/github.com/op/go-logging.(*Logger).Panic(0xc4201cdc20, 0xc4202d1a20, 0x1, 0x1)
    	/home/xwu/gocode/src/github.com/hyperledger/fabric/vendor/github.com/op/go-logging/logger.go:188 +0xc7
    main.main.func1()
    	/home/xwu/gocode/src/github.com/hyperledger/fabric/common/tools/configtxgen/main.go:242 +0x125
    panic(0xc92ec0, 0xc4202d1a10)
    	/usr/local/go/src/runtime/panic.go:491 +0x283
    github.com/hyperledger/fabric/vendor/github.com/op/go-logging.(*Logger).Panic(0xc4201cda70, 0xc4202cd180, 0x2, 0x2)
    	/home/xwu/gocode/src/github.com/hyperledger/fabric/vendor/github.com/op/go-logging/logger.go:188 +0xc7
    github.com/hyperledger/fabric/common/tools/configtxgen/localconfig.Load(0x7ffd18f586b5, 0x12, 0x0)
    	/home/xwu/gocode/src/github.com/hyperledger/fabric/common/tools/configtxgen/localconfig/config.go:249 +0x6c0
    main.main()
    	/home/xwu/gocode/src/github.com/hyperledger/fabric/common/tools/configtxgen/main.go:250 +0x527
    + set +x

    #################################################################
    #######Generating anchor peer update for Org1MSP   ##########
    #################################################################
    + /home/blockchain/cli-peer0.org1/tools/cryptotool/linux-amd64/bin/configtxgen.old -profile xxxxOrdererGenesis -outputAnchorPeersUpdate ./channel-artifacts/anchorxxxxchannel_tx.pb -channelID xxxxchannel -asOrg xxxx
    2019-12-04 09:43:45.913 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
    2019-12-04 09:43:45.918 CST [common/tools/configtxgen/localconfig] Load -> CRIT 002 Error unmarshaling config into struct:  6 error(s) decoding:

    * 'Application' has invalid keys: EndorsementPolicy
    * 'Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Application' has invalid keys: EndorsementPolicy
    * 'Profiles[xxxxOrdererGenesis].Application.Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Consortiums[xxxx].Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Orderer.Organizations[0]' has invalid keys: Role
    2019-12-04 09:43:45.918 CST [common/tools/configtxgen] func1 -> CRIT 003 Error unmarshaling config into struct: 6 error(s) decoding:

    * 'Application' has invalid keys: EndorsementPolicy
    * 'Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Application' has invalid keys: EndorsementPolicy
    * 'Profiles[xxxxOrdererGenesis].Application.Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Consortiums[xxxx].Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Orderer.Organizations[0]' has invalid keys: Role
    panic: Error unmarshaling config into struct: 6 error(s) decoding:

    * 'Application' has invalid keys: EndorsementPolicy
    * 'Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Application' has invalid keys: EndorsementPolicy
    * 'Profiles[xxxxOrdererGenesis].Application.Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Consortiums[xxxx].Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Orderer.Organizations[0]' has invalid keys: Role [recovered]
    	panic: Error unmarshaling config into struct: 6 error(s) decoding:

    * 'Application' has invalid keys: EndorsementPolicy
    * 'Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Application' has invalid keys: EndorsementPolicy
    * 'Profiles[xxxxOrdererGenesis].Application.Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Consortiums[xxxx].Organizations[0]' has invalid keys: Role
    * 'Profiles[xxxxOrdererGenesis].Orderer.Organizations[0]' has invalid keys: Role

    goroutine 1 [running]:
    github.com/hyperledger/fabric/vendor/github.com/op/go-logging.(*Logger).Panic(0xc420226c60, 0xc420322390, 0x1, 0x1)
    	/home/xwu/gocode/src/github.com/hyperledger/fabric/vendor/github.com/op/go-logging/logger.go:188 +0xc7
    main.main.func1()
    	/home/xwu/gocode/src/github.com/hyperledger/fabric/common/tools/configtxgen/main.go:242 +0x125
    panic(0xc92ec0, 0xc420322380)
    	/usr/local/go/src/runtime/panic.go:491 +0x283
    github.com/hyperledger/fabric/vendor/github.com/op/go-logging.(*Logger).Panic(0xc420226ab0, 0xc420305dc0, 0x2, 0x2)
    	/home/xwu/gocode/src/github.com/hyperledger/fabric/vendor/github.com/op/go-logging/logger.go:188 +0xc7
    github.com/hyperledger/fabric/common/tools/configtxgen/localconfig.Load(0x7ffedb4256a8, 0x12, 0x0)
    	/home/xwu/gocode/src/github.com/hyperledger/fabric/common/tools/configtxgen/localconfig/config.go:249 +0x6c0
    main.main()
    	/home/xwu/gocode/src/github.com/hyperledger/fabric/common/tools/configtxgen/main.go:250 +0x527
    + set +x

  2. 使用某厂版本的 configtxgen 工具及 configtx.yaml 生成 artifacts,结果如下:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    [root@localhost /home/blockchain/cli-peer0.org1/tools]# ./generate_artifacts.sh 2 xxxxchannel
    xxxxchannel
    mkdir: cannot create directory ‘channel-artifacts’: File exists

    #################################################################
    ### Generating channel configuration transaction 'channel.tx' ###
    #################################################################
    + /home/blockchain/cli-peer0.org1/tools/cryptotool/linux-amd64/bin/configtxgen -profile xxxxOrdererGenesis -outputCreateChannelTx ./channel-artifacts/xxxxchannel_tx.pb -channelID xxxxchannel
    2019-12-04 09:19:55.816 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
    2019-12-04 09:19:55.824 CST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
    2019-12-04 09:19:55.824 CST [common/tools/configtxgen] main -> CRIT 003 Error on outputChannelCreateTx: config update generation failure: could not parse application to application group: setting up the MSP manager failed: expected at least one CA certificate
    + set +x

    #################################################################
    #######Generating anchor peer update for Org1MSP   ##########
    #################################################################
    + /home/blockchain/cli-peer0.org1/tools/cryptotool/linux-amd64/bin/configtxgen -profile xxxxOrdererGenesis -outputAnchorPeersUpdate ./channel-artifacts/anchorxxxxchannel_tx.pb -channelID xxxxchannel -asOrg xxxx
    2019-12-04 09:19:55.836 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
    2019-12-04 09:19:55.844 CST [common/tools/configtxgen] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
    2019-12-04 09:19:55.844 CST [common/tools/configtxgen] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update
    + set +x

解决方案

  1. 注释 configtx.yaml 中红框部分

hsl_blockchain-20191204094905.png
hsl_blockchain-20191204094931.png

  1. 使用 fabric-samples configtxgen 工具生成
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    [root@localhost /home/blockchain/cli-peer0.org1/tools]# ./generate_artifacts.sh 2 xxxxchannel
    xxxxchannel
    mkdir: cannot create directory ‘channel-artifacts’: File exists

    #################################################################
    ### Generating channel configuration transaction 'channel.tx' ###
    #################################################################
    + /home/blockchain/cli-peer0.org1/tools/cryptotool/linux-amd64/bin/configtxgen.old -profile xxxxOrdererGenesis -outputCreateChannelTx ./channel-artifacts/xxxxchannel_tx.pb -channelID xxxxchannel
    2019-12-04 09:22:47.365 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
    2019-12-04 09:22:47.373 CST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
    2019-12-04 09:22:47.399 CST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 003 Writing new channel tx
    + set +x

    #################################################################
    #######Generating anchor peer update for Org1MSP   ##########
    #################################################################
    + /home/blockchain/cli-peer0.org1/tools/cryptotool/linux-amd64/bin/configtxgen.old -profile xxxxOrdererGenesis -outputAnchorPeersUpdate ./channel-artifacts/anchorxxxxchannel_tx.pb -channelID xxxxchannel -asOrg xxxx
    2019-12-04 09:22:47.415 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
    2019-12-04 09:22:47.422 CST [common/tools/configtxgen] doOutputAnchorPeersUpdate -> INFO 002 Generating anchor peer update
    2019-12-04 09:22:47.423 CST [common/tools/configtxgen] doOutputAnchorPeersUpdate -> INFO 003 Writing anchor peer update
    + set +x

peer channel create

主要步骤

  1. 使用某厂版本的 peer , 提示没有 peer channel create 命令

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    [root@localhost /home/blockchain/cli-peer0.org1/tools]# ./worktoolsxxxxfft.sh 1
    *******************创建 channel****************************
    使用peer可执行程序 -> /home/blockchain/cli-peer0.org1/tools/cryptotool/linux-amd64/bin/peer.hsl
    CORE_PEER_TLS_ROOTCERT_FILE=/home/blockchain/cli-peer0.org1/tools/crypto-config/peerOrganizations/xxxxtest.fabric.test/peers/peer0.xxxxtest.fabric.test/tls/ca.crt
    CORE_PEER_LOCALMSPID=xxxx
    CORE_PEER_TLS_ENABLED=true
    CORE_PEER_MSPCONFIGPATH=/home/blockchain/cli-peer0.org1/tools/crypto-config/peerOrganizations/xxxxtest.fabric.test/users/Admin@xxxxtest.fabric.test/msp
    CORE_PEER_ADDRESS=peer0.xxxxtest.fabric.test:7051
    peer:
     Version: 1.1.1
     Patch: HSL-1.5.0
     Go version: go1.9.2
     OS/Arch: linux/amd64
     Experimental features: true
     Chaincode:
      Base Image Version: 0.4.6
      Base Docker Namespace: hyperledger
      Base Docker Label: org.hyperledger.fabric
      Docker Namespace: hyperledger

    2019-12-04 11:35:06.791 CST [main] main -> INFO 001 Exiting.....
    + /home/blockchain/cli-peer0.org1/tools/cryptotool/linux-amd64/bin/peer.hsl channel create -o orderer0.xxxxtest.fabric.test:7050 -c xxxxchannel -f ./channel-artifacts/xxxxchannel_tx.pb
    Error: unknown shorthand flag: 'c' in -c
    Usage:
      peer channel [command]

    Available Commands:
      fetch   Fetch a block
      getinfo get blockchain information of a specified channel.
      joinJoins the peer to a channel.
      listList of channels peer has joined.
      members List channel members.

    Flags:
      --cafile string   Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
      --certfile string Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
      --clientauth  Use mutual TLS when communicating with the orderer endpoint
      --keyfile string  Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
      -o, --orderer string  Ordering service endpoint
      --ordererTLSHostnameOverride string   The hostname override to use when validating the TLS connection to the orderer.
      --tls Use TLS when communicating with the orderer endpoint

    Global Flags:
      --logging-level string   Default logging level and overrides, see core.yaml for full syntax
      -v, --versionDisplay current version of fabric peer server

    Use "peer channel [command] --help" for more information about a command.

    + local verifyresult=1
    + set +x

  2. 使用 fabric-samples peer 报错如下

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    [root@localhost /home/blockchain/cli-peer0.org1/tools]# ./worktoolsxxxxfft.sh 1
    *******************创建 channel****************************
    使用peer可执行程序 -> /home/blockchain/cli-peer0.org1/tools/cryptotool/linux-amd64/bin/peer
    CORE_PEER_TLS_ROOTCERT_FILE=/home/blockchain/cli-peer0.org1/tools/crypto-config/peerOrganizations/xxxxtest.fabric.test/peers/peer0.xxxxtest.fabric.test/tls/ca.crt
    CORE_PEER_LOCALMSPID=xxxx
    CORE_PEER_TLS_ENABLED=true
    CORE_PEER_MSPCONFIGPATH=/home/blockchain/cli-peer0.org1/tools/crypto-config/peerOrganizations/xxxxtest.fabric.test/users/Admin@xxxxtest.fabric.test/msp
    CORE_PEER_ADDRESS=peer0.xxxxtest.fabric.test:7051
    peer:
     Version: 1.1.1
     Go version: go1.9.2
     OS/Arch: linux/amd64
     Experimental features: false
     Chaincode:
      Base Image Version: 0.4.6
      Base Docker Namespace: hyperledger
      Base Docker Label: org.hyperledger.fabric
      Docker Namespace: hyperledger

    2019-12-04 12:00:47.652 CST [main] main -> INFO 001 Exiting.....
    + /home/blockchain/cli-peer0.org1/tools/cryptotool/linux-amd64/bin/peer channel create -o orderer0.xxxxtest.fabric.test:7050 -c xxxxchannel -f ./channel-artifacts/xxxxchannel_tx.pb --tls true --cafile /home/blockchain/cli-peer0.org1/tools/crypto-config/ordererOrganizations/xxxxtest.fabric.test/orderers/orderer0.xxxxtest.fabric.test/msp/tlscacerts/tlsca.xxxxtest.fabric.test-cert.pem
    2019-12-04 12:00:47.692 CST [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
    2019-12-04 12:00:47.692 CST [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
    2019-12-04 12:00:47.695 CST [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
    2019-12-04 12:00:47.695 CST [msp] GetLocalMSP -> DEBU 004 Returning existing local MSP
    2019-12-04 12:00:47.695 CST [msp] GetDefaultSigningIdentity -> DEBU 005 Obtaining default signing identity
    2019-12-04 12:00:47.695 CST [msp] GetLocalMSP -> DEBU 006 Returning existing local MSP
    2019-12-04 12:00:47.695 CST [msp] GetDefaultSigningIdentity -> DEBU 007 Obtaining default signing identity
    2019-12-04 12:00:47.695 CST [msp/identity] Sign -> DEBU 008 Sign: plaintext: 0AB3060A046374667512AA062D2D2D2D...6F727469756D120812060A0443544655
    2019-12-04 12:00:47.695 CST [msp/identity] Sign -> DEBU 009 Sign: digest: 3D20D3A1B50641CDE2241B7E131D667C3158497039C027F39DF949FCF03CA35C
    2019-12-04 12:00:47.695 CST [msp] GetLocalMSP -> DEBU 00a Returning existing local MSP
    2019-12-04 12:00:47.695 CST [msp] GetDefaultSigningIdentity -> DEBU 00b Obtaining default signing identity
    2019-12-04 12:00:47.695 CST [msp] GetLocalMSP -> DEBU 00c Returning existing local MSP
    2019-12-04 12:00:47.695 CST [msp] GetDefaultSigningIdentity -> DEBU 00d Obtaining default signing identity
    2019-12-04 12:00:47.695 CST [msp/identity] Sign -> DEBU 00e Sign: plaintext: 0AEF060A1A08021A0608EFDE9CEF0522...D3856AD347D982641EBF603504E4F04E
    2019-12-04 12:00:47.695 CST [msp/identity] Sign -> DEBU 00f Sign: digest: ECFEBB59FDA71489900BDC45BF072EBE380619BB4644ACF399BA2ADBB05772BB
    Error: got unexpected status: FORBIDDEN -- Send config transaction directly is not allowed! please using CSCC workflow instead.
    Usage:
      peer channel create [flags]

    Flags:
      -c, --channelID string   In case of a newChain command, the channel ID to create.
      -f, --file stringConfiguration transaction file generated by a tool such as configtxgen for submitting to orderer
      -t, --timeout intChannel creation timeout (default 5)

    Global Flags:
      --cafile string   Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
      --certfile string Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
      --clientauth  Use mutual TLS when communicating with the orderer endpoint
      --keyfile string  Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
      --logging-level stringDefault logging level and overrides, see core.yaml for full syntax
      -o, --orderer string  Ordering service endpoint
      --ordererTLSHostnameOverride string   The hostname override to use when validating the TLS connection to the orderer.
      --tls Use TLS when communicating with the orderer endpoint
      -v, --version Display current version of fabric peer server

    + local verifyresult=1
    + set +x

对应 orderer 日志

1
2
3
4
5
6
7
8
9
xxxx.orderer0  | 2019-12-04 09:57:35.784 UTC [orderer/common/server] Deliver -> DEBU 183 Starting new Deliver handler
xxxx.orderer0  | 2019-12-04 09:57:35.784 UTC [common/deliver] Handle -> DEBU 184 Starting new deliver loop for 10.10.255.47:50124
xxxx.orderer0  | 2019-12-04 09:57:35.784 UTC [common/deliver] Handle -> DEBU 185 Attempting to read seek info message from 10.10.255.47:50124
xxxx.orderer0  | 2019-12-04 09:57:35.787 UTC [orderer/common/server] Broadcast -> DEBU 186 Starting new Broadcast handler
xxxx.orderer0  | 2019-12-04 09:57:35.787 UTC [orderer/common/broadcast] Handle -> DEBU 187 Starting new broadcast loop for 10.10.255.47:50126
xxxx.orderer0  | 2019-12-04 09:57:35.788 UTC [orderer/common/broadcast] Handle -> WARN 188 [channel: xxxxchannel] received a config update transaction directly 10.10.255.47:50126: %!s(<nil>)
xxxx.orderer0  | 2019-12-04 09:57:35.788 UTC [orderer/common/server] func1 -> DEBU 189 Closing Broadcast stream
xxxx.orderer0  | 2019-12-04 09:57:35.789 UTC [common/deliver] Handle -> WARN 18a Error reading from 10.10.255.47:50124: rpc error: code = Canceled desc = context canceled
xxxx.orderer0  | 2019-12-04 09:57:35.789 UTC [orderer/common/server] func1 -> DEBU 18b Closing Deliver stream

至此 fabric-samples 命令操作对该版本底层失效

解决方案

  1. 注释 configtx.yaml 文件中 Organizations.Role, Application.EndorsementPolicy 键值
  2. 使用 fabric-samples 提供的二进制工具重新生成 genesis.block, channel_tx, anchor_tx
  3. 使用开源版本 orderer images 创建 orderer 容器
  4. 执行 peer channel create 创建 channel 成功

综上分析某厂重构过底层源码,无法直接操作其底层

区块链控台测试

test case:

  1. 新增一个 peer 机构的 peer0 节点,加入 channel 安装 chaincode ==> success
  2. 新增一个 orderer 机构的 orderer0 节点 ==> failure

case 2 说明: 控台功能不支持 orderer 的操作,某厂版本底层不支持开源版本命令行模式动态加盟的操作

坚持原创技术分享,您的支持将鼓励我继续创作!