Construcción de servicio de fabric-ca

Others 2021-01-23 01:27:34 views: null

Construcción de servicio de fabric-ca

Directorio de artículos

1. Descripción general de Fabric CA

tela-ca

El lado del servidor Fabric consta de un clúster de servidores, que organiza los nodos del servidor CA en una estructura de árbol, que incluye un nodo raíz y varios nodos intermedios. Cada CA es una CA raíz o una CA intermedia. Cada CA intermedia tiene una CA principal, que es la CA raíz u otra CA intermedia.

Puede interactuar con el servidor de CA en el clúster de servidores a través de Client o SDK. El cliente se enruta primero al proxy HA, que realiza el equilibrio de carga y conecta al cliente a un miembro del clúster de un servidor.

Incluyendo un servidor proxy de alta disponibilidad en el front-end, conectado a varios clústeres de CA Server, que almacenan datos juntos en el mismo servidor de datos. La base de datos puede ser MySQL, LDAP, PostgresSQL o SQLite (no se recomienda SQLite en un entorno de clúster).

Todos los servidores de CA en el clúster comparten la misma base de datos para rastrear identidades y certificados. Si LDAP está configurado, la información de identificación se almacena en LDAP en lugar de en la base de datos.

Fabric CA desempeña principalmente un papel en la provisión de certificados de seguridad y cifrado de canal en la red Fabric.

2. Construcción del entorno básico

Construcción del entorno Docker

Configuración de firewall

firewall-cmd --zone=public --add-port=7054/tcp  --permanent
firewall-cmd --reload

Tres, construcción de servicio fabric-ca

1.ca_orderer

vim docker-ca-orderer.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'

networks:
  ca:
services:
  ca_orderer:
    image: hyperledger/fabric-ca
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-orderer
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_PORT=7054
      - FABRIC_CA_SERVER_CSR_CN=ca-orderer
      - FABRIC_CA_SERVER_CSR_HOSTS=ca.orderer.example.com
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ./fabric-ca/ordererOrg:/etc/hyperledger/fabric-ca-server
    container_name: ca_orderer
    networks:
      - ca

Nota : ca.orderer.example.com después de FABRIC_CA_SERVER_CSR_HOSTS debe configurarse en el servidor DNS correspondiente a la dirección IP local

docker-compose -f docker-ca-orderer.yaml up

Estructura de directorios

[root@chain4 fabric-ca]# pwd
/opt/gopath/src/github.com/hyperledger/fabric-ca

[root@chain4 fabric-ca]# tree ordererOrg/
ordererOrg/
├── ca-cert.pem
├── fabric-ca-server-config.yaml
├── fabric-ca-server.db
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── msp
│   ├── cacerts
│   ├── keystore
│   │   ├── 2a908549620d44aee2d800e3b2ffa803cf2748b4825b1ff36f2e140f29c74d16_sk
│   │   ├── 9ac46a1d71b16f2e646bd58d3d97cab3da3501af07668c2c44c3974efd355b33_sk
│   │   ├── IssuerRevocationPrivateKey
│   │   └── IssuerSecretKey
│   ├── signcerts
│   └── user
└── tls-cert.pem

5 directories, 10 files

2.ca_org1

vim docker-ca-org1.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'

networks:
  ca:

services:
  ca_org1:
    image: hyperledger/fabric-ca
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org1
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_PORT=7054
      - FABRIC_CA_SERVER_CSR_CN=ca-org1
      - FABRIC_CA_SERVER_CSR_HOSTS=ca.org1.example.com
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ./fabric-ca/org1:/etc/hyperledger/fabric-ca-server
    container_name: ca_org1
    networks:
      - ca

Nota : ca.org1.example.com después de que FABRIC_CA_SERVER_CSR_HOSTS debe configurarse en el servidor DNS correspondiente a la dirección IP local

docker-compose -f docker-ca-org1.yaml up

3.ca_org2

vim docker-ca-org2.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

networks:
  ca:

services:
  ca_org2:
    image: hyperledger/fabric-ca
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org2
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_PORT=7054
      - FABRIC_CA_SERVER_CSR_CN=ca-org2
      - FABRIC_CA_SERVER_CSR_HOSTS=ca.org2.example.com
    ports:
      - "7054:7054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ./fabric-ca/org2:/etc/hyperledger/fabric-ca-server
    container_name: ca_org2
    networks:
      - ca

Nota : ca.org2.example.com después de que FABRIC_CA_SERVER_CSR_HOSTS debe configurarse en el servidor DNS correspondiente a la dirección IP local

docker-compose -f docker-ca-org2.yaml up

Cuatro, generación de certificados

Primero, debe colocar las carpetas orderOrg, org1, org2 generadas cuando las tres máquinas anteriores se inician en la misma máquina, porque estos son los archivos de verificación necesarios para la emisión del certificado.

Consulte la red de prueba de casos oficial, personalice el script de shell de acuerdo con las necesidades reales

cd $FABRIC/scripts/fabric-samples/test-network/organizations/fabric-ca
cat registerEnroll.sh
cd $FABRIC/scripts/fabric-samples/test-network/addOrg3/fabric-ca
cat registerEnroll.sh

TODO se refiere al script en el directorio addOrg3 para escribir un script de shell que pueda pasar parámetros dinámicamente.

cd /opt/gopath/src/github.com/hyperledger/fabric-ca
vim register.sh

function createOrg1 {
    
    

  echo
   echo "Enroll the CA admin"
  echo
   mkdir -p organizations/peerOrganizations/org1.example.com/

   export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/
#  rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
#  rm -rf $FABRIC_CA_CLIENT_HOME/msp

  set -x
  fabric-ca-client enroll -u https://admin:[email protected]:7054 --caname ca-org1 --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/ca-org1-example-com-7054-ca-org1.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/ca-org1-example-com-7054-ca-org1.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/ca-org1-example-com-7054-ca-org1.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/ca-org1-example-com-7054-ca-org1.pem
    OrganizationalUnitIdentifier: orderer' > ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml

  echo
   echo "Register peer0"
  echo
  set -x
   fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  echo
  echo "Register user"
  echo
  set -x
  fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  echo
  echo "Register the org admin"
  echo
  set -x
  fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

   mkdir -p organizations/peerOrganizations/org1.example.com/peers
  mkdir -p organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com

  echo
  echo "## Generate the peer0 msp"
  echo
  set -x
   fabric-ca-client enroll -u https://peer0:[email protected]:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp --csr.hosts peer0.org1.example.com --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml

  echo
  echo "## Generate the peer0-tls certificates"
  echo
  set -x
  fabric-ca-client enroll -u https://peer0:[email protected]:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x


  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/* ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key

  mkdir -p ${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt

  mkdir -p ${PWD}/organizations/peerOrganizations/org1.example.com/tlsca
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem

  mkdir -p ${PWD}/organizations/peerOrganizations/org1.example.com/ca
  cp ${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts/* ${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem

  mkdir -p organizations/peerOrganizations/org1.example.com/users
  mkdir -p organizations/peerOrganizations/org1.example.com/users/[email protected]

  echo
  echo "## Generate the user msp"
  echo
  set -x
   fabric-ca-client enroll -u https://user1:[email protected]:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/config.yaml

  mkdir -p organizations/peerOrganizations/org1.example.com/users/[email protected]

  echo
  echo "## Generate the org admin msp"
  echo
  set -x
   fabric-ca-client enroll -u https://org1admin:[email protected]:7054 --caname ca-org1 -M ${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp --tls.certfiles ${PWD}/org1/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp/config.yaml

}


function createOrg2 {
    
    

  echo
   echo "Enroll the CA admin"
  echo
   mkdir -p organizations/peerOrganizations/org2.example.com/

   export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/
#  rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
#  rm -rf $FABRIC_CA_CLIENT_HOME/msp

  set -x
  fabric-ca-client enroll -u https://admin:[email protected]:7054 --caname ca-org2 --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/ca-org2-example-com-7054-ca-org2.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/ca-org2-example-com-7054-ca-org2.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/ca-org2-example-com-7054-ca-org2.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/ca-org2-example-com-7054-ca-org2.pem
    OrganizationalUnitIdentifier: orderer' > ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml

  echo
   echo "Register peer0"
  echo
  set -x
   fabric-ca-client register --caname ca-org2 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  echo
  echo "Register user"
  echo
  set -x
  fabric-ca-client register --caname ca-org2 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  echo
  echo "Register the org admin"
  echo
  set -x
  fabric-ca-client register --caname ca-org2 --id.name org2admin --id.secret org2adminpw --id.type admin --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

   mkdir -p organizations/peerOrganizations/org2.example.com/peers
  mkdir -p organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com

  echo
  echo "## Generate the peer0 msp"
  echo
  set -x
   fabric-ca-client enroll -u https://peer0:[email protected]:7054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp --csr.hosts peer0.org2.example.com --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml

  echo
  echo "## Generate the peer0-tls certificates"
  echo
  set -x
  fabric-ca-client enroll -u https://peer0:[email protected]:7054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x


  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/* ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key

  mkdir -p ${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt

  mkdir -p ${PWD}/organizations/peerOrganizations/org2.example.com/tlsca
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem

  mkdir -p ${PWD}/organizations/peerOrganizations/org2.example.com/ca
  cp ${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/cacerts/* ${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem

  mkdir -p organizations/peerOrganizations/org2.example.com/users
  mkdir -p organizations/peerOrganizations/org2.example.com/users/[email protected]

  echo
  echo "## Generate the user msp"
  echo
  set -x
   fabric-ca-client enroll -u https://user1:[email protected]:7054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp/config.yaml

  mkdir -p organizations/peerOrganizations/org2.example.com/users/[email protected]

  echo
  echo "## Generate the org admin msp"
  echo
  set -x
   fabric-ca-client enroll -u https://org2admin:[email protected]:7054 --caname ca-org2 -M ${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp --tls.certfiles ${PWD}/org2/tls-cert.pem
  set +x

  cp ${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org2.example.com/users/[email protected]/msp/config.yaml

}

function createOrderer {
    
    

  echo
  echo "Enroll the CA admin"
  echo
  mkdir -p organizations/ordererOrganizations/example.com

  export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.com
#  rm -rf $FABRIC_CA_CLIENT_HOME/fabric-ca-client-config.yaml
#  rm -rf $FABRIC_CA_CLIENT_HOME/msp

  set -x
  fabric-ca-client enroll -u https://admin:[email protected]:7054 --caname ca-orderer --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  set +x

  echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/ca-orderer-example-com-7054-ca-orderer.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/ca-orderer-example-com-7054-ca-orderer.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/ca-orderer-example-com-7054-ca-orderer.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/ca-orderer-example-com-7054-ca-orderer.pem
    OrganizationalUnitIdentifier: orderer' > ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml


  echo
  echo "Register orderer"
  echo
  set -x
  fabric-ca-client register --caname ca-orderer --id.name orderer0 --id.secret orderer0pw --id.type orderer --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client register --caname ca-orderer --id.name orderer1 --id.secret orderer1pw --id.type orderer --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client register --caname ca-orderer --id.name orderer2 --id.secret orderer2pw --id.type orderer --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem

    set +x

  echo
  echo "Register the orderer admin"
  echo
  set -x
  fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  set +x

  mkdir -p organizations/ordererOrganizations/example.com/orderers
  mkdir -p organizations/ordererOrganizations/example.com/orderers/example.com

  mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer0.example.com
  mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer1.example.com
  mkdir -p organizations/ordererOrganizations/example.com/orderers/orderer2.example.com

  echo
  echo "## Generate the orderer msp"
  echo
  set -x
  fabric-ca-client enroll -u https://orderer0:[email protected]:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/msp --csr.hosts orderer0.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client enroll -u https://orderer1:[email protected]:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/msp --csr.hosts orderer1.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client enroll -u https://orderer2:[email protected]:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp --csr.hosts orderer2.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem

  set +x

  cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/config.yaml
  cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/config.yaml
  cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/config.yaml


  echo
  echo "## Generate the orderer-tls certificates"
  echo
  set -x
  fabric-ca-client enroll -u https://orderer0:[email protected]:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls --enrollment.profile tls --csr.hosts orderer0.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client enroll -u https://orderer1:[email protected]:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls --enrollment.profile tls --csr.hosts orderer1.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  fabric-ca-client enroll -u https://orderer2:[email protected]:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls --enrollment.profile tls --csr.hosts orderer2.example.com --csr.hosts localhost --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  set +x

  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/signcerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/keystore/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.key

  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/ca.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/signcerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/keystore/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.key

  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/ca.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/signcerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/keystore/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key

  mkdir -p ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
 mkdir -p ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
 mkdir -p ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

  mkdir -p ${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts
  cp ${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/tlscacerts/* ${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem

  mkdir -p organizations/ordererOrganizations/example.com/users
  mkdir -p organizations/ordererOrganizations/example.com/users/[email protected]

  echo
  echo "## Generate the admin msp"
  echo
  set -x
  fabric-ca-client enroll -u https://ordererAdmin:[email protected]:7054 --caname ca-orderer -M ${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp --tls.certfiles ${PWD}/ordererOrg/tls-cert.pem
  set +x

  cp ${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml ${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp/config.yaml
}
createOrg1
createOrg2
createOrderer

Nota : Los archivos en el script anterior están todos especificados como rutas relativas y deben ajustarse a la ruta que necesita de acuerdo con la situación real; la carpeta de organizaciones generada debe distribuirse al directorio de trabajo de cada nodo ordenante y nodo par.

Supongo que te gusta

Origin blog.csdn.net/ory001/article/details/108378217
Recomendado
Clasificación
Diario
Más
2024-05-29(1)
2024-05-28(0)
2024-05-27(1)
2024-05-26(1)
2024-05-25(0)
2024-05-24(13)
2024-05-23(34)
2024-05-22(10)
2024-05-21(34)
2024-05-20(5)

Code World

© 2018 codetd.com