이 실험은 학습 7에서 이전 FabricCA 단일 머신 다중 노드 (패브릭 학습 7) Fabric2.4.x 블록체인 다중 머신 배포(리오버) _FD—모어모어의 블로그-CSDN 블로그를 대상 구성 으로 계속 사용합니다. 각 조직 아래에 3개의 orderer 노드, 2개의 조직 및 2개의 피어 노드를 사용하여 네트워크를 형성합니다.
그래서 컨테이너 구성에서 tlsCA와 주문자 CA(여기서는 조직 0으로 설정)와 일반 조직의 CA 2개(피어 노드가 내부에 있음)를 설정하여 총 4개의 CA를 설정합니다.
1. CA 컨테이너 시작 구성 작성 docker-compose-ca.yaml
참고: CA 서버 데이터베이스는 기본적으로 sqlite, mysql 및 postgresql의 세 가지 유형을 지원합니다. 여기서는 내 호스트에서 mysql로 설정했습니다. 물론 시작하기 전에 먼저 자신의 mysql에 데이터베이스를 생성해야 합니다.
1.1 로컬에서 데이터베이스 생성
1.2 컨테이너 시작 파일을 작성합니다.
version: '2.0'
networks:
fabric-ca:
name: fabric-ca
services:
ca-tls:
container_name: ca-tls
image: hyperledger/fabric-ca
command: sh -c 'fabric-ca-server start -d -b tls-ca-admin:tls-ca-adminpw --port 7053'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=ca-tls
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_DB_TYPE=mysql
- FABRIC_CA_SERVER_DB_DATASOURCE=root:123456@tcp(10.65.119.182:3306)/fabric_ca_tls?parseTime=true
volumes:
- /tmp/hyperledger/tls-ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7053:7053
rca-org0:
container_name: rca-org0
image: hyperledger/fabric-ca
command: sh -c 'fabric-ca-server start -d -b rca-org0-admin:rca-org0-adminpw --port 7054'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=rca-org0
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_DB_TYPE=mysql
- FABRIC_CA_SERVER_DB_DATASOURCE=root:123456@tcp(10.65.119.182:3306)/fabric_rca_org0?parseTime=true
volumes:
- /tmp/hyperledger/org0/ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7054:7054
rca-org1:
container_name: rca-org1
image: hyperledger/fabric-ca
command: sh -c 'fabric-ca-server start -d -b rca-org1-admin:rca-org1-adminpw'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=rca-org1
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_DB_TYPE=mysql
- FABRIC_CA_SERVER_DB_DATASOURCE=root:123456@tcp(10.65.119.182:3306)/fabric_rca_org1?parseTime=true
volumes:
- /tmp/hyperledger/org1/ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7055:7055
rca-org2:
container_name: rca-org2
image: hyperledger/fabric-ca
command: sh -c 'fabric-ca-server start -d -b rca-org2-admin:rca-org2-adminpw --port 7056'
environment:
- FABRIC_CA_SERVER_HOME=/tmp/hyperledger/fabric-ca/crypto
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_CSR_CN=rca-org2
- FABRIC_CA_SERVER_CSR_HOSTS=0.0.0.0
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_DB_TYPE=mysql
- FABRIC_CA_SERVER_DB_DATASOURCE=root:123456@tcp(10.65.119.182:3306)/fabric_rca_org2?parseTime=true
volumes:
- /tmp/hyperledger/org2/ca:/tmp/hyperledger/fabric-ca
networks:
- fabric-ca
ports:
- 7056:7056
1.3 컨테이너 열기
docker-compose -f docker-compose-ca.yaml up -d
또는 컨테이너를 닫으려면 다음을 사용할 수 있습니다.
docker-compose -f docker-compose-ca.yaml down
1.4 발생할 문제
위의 단계를 수행한 후 컨테이너 시작이 성공했음을 알 수 있지만 눈 깜짝할 사이에 이러한 컨테이너가 모두 중단됩니다.
왜 이런 일이 발생합니까?
이 문제를 해결하기 위해 Docker Portainer를 열어 이러한 컨테이너 오류의 로그를 확인했습니다.
첫 번째 질문: 호스트는 이 MySQL 서버에 연결할 수 없습니다. MySQL에 연결할 때 나타납니다.
해결 방법: 로컬 계정은 데이터베이스에 연결할 수 있지만 원격으로 데이터베이스에 연결할 수 없기 때문에 mysql의 권한을 수정해야 합니다.
1) 데이터베이스에 연결하기 위한 mysql -u root -p
2) mysql을 사용하십시오.
3) 사용자 설정 호스트 업데이트 = '%' 여기서 사용자 = '루트';
4) 플러시 특권;
컨테이너를 다시 열면 다음을 찾을 수 있습니다.
데이터베이스가 연결된 것은 맞지만 2차 오류가 터진 것이다.
问题二:데이터베이스 초기화 오류 발생: MySQL 테이블 생성 실패: 인증서 테이블 생성 오류: 오류 1067: '만료'의 기본값이 잘못되었습니다.
해결책: mysql의 엄격 모드를 끄십시오! --sql-모드=""
1) 나만의 mysql my.ini 구성 파일 찾기
2) my.ini 구성 입력:
여기서는 다음과 같이 설정됩니다.
sql_mode=NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
STRICT_TRANS_TABLES를 제거합니다.
3) 그런 다음 mysql 서비스를 다시 시작합니다.
그런 다음 컨테이너를 다시 엽니다.
1.5 완료 후 보기
1. 먼저 도커 로그를 확인하겠습니다.
4개의 CA가 이제 완벽하게 열린 것을 확인할 수 있으며 동시에 로그를 클릭합니다.
보고된 오류가 없습니다! 저건 완벽 해!
2. 그런 다음 데이터베이스를 확인할 수 있습니다.
위와 같이 지정된 초기화 관리자 정보도 저장되어 있는 것을 볼 수 있습니다.
3. 작업 디렉토리 구조 확인
tree /tmp/hyperledger
/tmp/hyperledger
├── org0
├── org1
├── org2
└── tls-ca
다음 작업을 진행할 수 있습니다.
2. CA 회원가입 및 인증서 발급
2.1 준비
1. fabric-ca-client의 bin에 있는 이진 파일을 이 디렉터리에 넣어야 합니다.
sudo cp /xxxxxxxx/bin/fabric-ca-client /tmp/hyperledger/
2. 그런 다음 /tmp/hyperledger 디렉토리로 이동합니다.
cd /tmp/hyperledger
tree ./
다음과 같은 디렉토리 구조를 찾을 수 있습니다.
/tmp/hyperledger
├── fabric-ca-client
├── org0
├── org1
├── org2
└── tls-ca
2.2 TLS CA 관리자 등록, 노드 ID 등록
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/tls-ca/admin
cp /tmp/hyperledger/tls-ca/crypto/ca-cert.pem /tmp/hyperledger/tls-ca/crypto/tls-ca-cert.pem
./fabric-ca-client enroll -d -u https://tls-ca-admin:[email protected]:7053
결과는 다음과 같습니다. tls-ca 관리자에 해당하는 인증서를 볼 수 있습니다.
2.3 tlsCA에 노드 등록
1. org1의 두 피어 노드를 tlsCA에 등록합니다(등록하려면 먼저 등록해야 함).
./fabric-ca-client register -d --id.name peer0.org1.example.com --id.secret peer1PW --id.type peer -u https://0.0.0.0:7053
./fabric-ca-client register -d --id.name peer1.org1.example.com --id.secret peer2PW --id.type peer -u https://0.0.0.0:7053
결과는 다음과 같습니다.
그런 다음 fabric-ca-tls 데이터베이스를 열어 다음을 볼 수 있습니다.
peer0.org1.example.com 및 peer1.org1.example.com이 성공적으로 등록되었으며 유형이 peer인 것으로 확인되었습니다.
2. 등록 기관 2의 두 피어 노드:
./fabric-ca-client register -d --id.name peer0.org2.example.com --id.secret peer1PW --id.type peer -u https://0.0.0.0:7053
./fabric-ca-client register -d --id.name peer1.org2.example.com --id.secret peer2PW --id.type peer -u https://0.0.0.0:7053
3. 등록기관 0의 주문자 노드 3개
./fabric-ca-client register -d --id.name orderer0.example.com --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7053
./fabric-ca-client register -d --id.name orderer1.example.com --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7053
./fabric-ca-client register -d --id.name orderer2.example.com --id.secret ordererPW --id.type orderer -u https://0.0.0.0:7053
결과는 다음과 같습니다.
2.4 orderer 노드와 org0의 관리자 등록
1. orderer1 노드 및 org0 관리자 등록
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/ca/admin
./fabric-ca-client enroll -d -u https://rca-org0-admin:[email protected]:7054
./fabric-ca-client register -d --id.name orderer0.example.com --id.secret ordererpw --id.type orderer -u https://0.0.0.0:7054
./fabric-ca-client register -d --id.name admin-org0 --id.secret org0adminpw --id.type admin --id.attrs "hf.Registrar.Roles=*,hf.Registrar.DelegateRoles=*,hf.AffiliationMgr=true,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert" -u https://0.0.0.0:7054
결과는 다음과 같습니다.
2. orderer2 노드 등록
./fabric-ca-client register -d --id.name orderer1.example.com --id.secret ordererpw --id.type orderer -u https://0.0.0.0:7054
3. orderer3 노드 등록
./fabric-ca-client register -d --id.name orderer2.example.com --id.secret ordererpw --id.type orderer -u https://0.0.0.0:7054
결과는 다음과 같습니다.
2.5 org1의 피어 노드 등록 및 org1의 관리자 등록
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/ca/admin
./fabric-ca-client enroll -d -u https://rca-org1-admin:[email protected]:7055
./fabric-ca-client register -d --id.name peer0.org1.example.com --id.secret peer1PW --id.type peer -u https://0.0.0.0:7055
./fabric-ca-client register -d --id.name peer1.org1.example.com --id.secret peer2PW --id.type peer -u https://0.0.0.0:7055
./fabric-ca-client register -d --id.name admin-org1 --id.secret org1AdminPW --id.type admin --id.attrs "hf.Registrar.Roles=*,hf.Registrar.DelegateRoles=*,hf.AffiliationMgr=true,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert" -u https://0.0.0.0:7055
./fabric-ca-client register -d --id.name user-org1 --id.secret org1UserPW --id.type user -u https://0.0.0.0:7055
결과는 다음과 같습니다.
2.6 org2의 피어 노드와 org2의 관리자 등록
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/ca/admin
./fabric-ca-client enroll -d -u https://rca-org2-admin:[email protected]:7056
./fabric-ca-client register -d --id.name peer0.org2.example.com --id.secret peer1PW --id.type peer -u https://0.0.0.0:7056
./fabric-ca-client register -d --id.name peer1.org2.example.com --id.secret peer2PW --id.type peer -u https://0.0.0.0:7056
./fabric-ca-client register -d --id.name admin-org2 --id.secret org2AdminPW --id.type admin --id.attrs "hf.Registrar.Roles=*,hf.Registrar.DelegateRoles=*,hf.AffiliationMgr=true,hf.Registrar.Attributes=*,hf.Revoker=true,hf.GenCRL=true,admin=true:ecert" -u https://0.0.0.0:7056
./fabric-ca-client register -d --id.name user-org2 --id.secret org2UserPW --id.type user -u https://0.0.0.0:7056
결과는 다음과 같습니다.
2.7 피어 노드의 인증서를 org1에 등록
1. org1의 peer0의 ECert 인증서 등록
그 안에 있는 peer1은 첫 번째 peer2, 즉 peer0.org1.example.com을 의미합니다.
mkdir -p org1/peer1/assets/ca/ && cp org1/ca/crypto/ca-cert.pem org1/peer1/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/peer1
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
./fabric-ca-client enroll -d -u https://peer0.org1.example.com:[email protected]:7055
개인 키 이름 변경: (향후 편의를 위해 백엔드 코드 변경 저장)
# 更改私钥文件名称
mv org1/peer1/msp/keystore/c7d42da1c3c9c988afc1a10e3ce954c76d0e76a3bda51fced0b21ba2c07cda6a_sk org1/peer1/msp/keystore/priv_sk
mkdir -p org1/peer1/msp/admincerts/
2. org1의 peer0의 TLS 인증서 등록
참고: 여기서 포트 번호는 tls 컨테이너에서 설정한 포트 번호를 사용해야 하며, tls 인증서는 프로세스에서 전달되어야 합니다.
mkdir -p org1/peer1/assets/tls-ca/ && cp tls-ca/crypto/tls-ca-cert.pem org1/peer1/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/peer1
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer1/assets/tls-ca/tls-ca-cert.pem
./fabric-ca-client enroll -d -u https://peer0.org1.example.com:[email protected]:7053 --enrollment.profile tls --csr.hosts peer0.org1.example.com
# 将 keystore 路径下的文件改名为 key.pem
mv org1/peer1/tls-msp/keystore/37babaf3fa116fdb0e0840b0084a7e5a1a762c0e62ac0662c68c9ac90935ba22_sk org1/peer1/tls-msp/keystore/key.pem
3. Org1 Peer2 ECert 인증서 등록
mkdir -p org1/peer2/assets/ca/ && cp org1/ca/crypto/ca-cert.pem org1/peer2/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/peer2
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer2/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
./fabric-ca-client enroll -d -u https://peer1.org1.example.com:[email protected]:7055
# 修改私钥文件名称
mv org1/peer2/msp/keystore/719d48ca8b4ca174bebbc57ca470575cf6ccfd67d3879ad599890c5a75f84e16_sk org1/peer2/msp/keystore/priv_sk
mkdir -p org1/peer2/msp/admincerts/
4. Org1 Peer1 TLS 인증서 등록
mkdir -p org1/peer2/assets/tls-ca/ && cp tls-ca/crypto/tls-ca-cert.pem org1/peer2/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/peer2
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer2/assets/tls-ca/tls-ca-cert.pem
./fabric-ca-client enroll -d -u https://peer1.org1.example.com:[email protected]:7053 --enrollment.profile tls --csr.hosts peer1.org1.example.com
# 将 keystore 路径下的文件改名为 key.pem
mv org1/peer2/tls-msp/keystore/b8ddcf900e66be9e1c5e4fd8989da9c684f772f2a144cef6af7e2eaf84bcad78_sk org1/peer2/tls-msp/keystore/key.pem
5、Org1의 관리자 등록
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org1/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org1/peer1/assets/ca/org1-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
./fabric-ca-client enroll -d -u https://admin-org1:[email protected]:7055
mv /tmp/hyperledger/org1/admin/msp/keystore/05680a630bee4237da33db6b7446647890772773b7d51ab12ada1039f46dec96_sk /tmp/hyperledger/org1/admin/msp/keystore/priv_sk
cp /tmp/hyperledger/org1/admin/msp/signcerts/cert.pem /tmp/hyperledger/org1/peer1/msp/admincerts/org1-admin-cert.pem
cp /tmp/hyperledger/org1/admin/msp/signcerts/cert.pem /tmp/hyperledger/org1/peer2/msp/admincerts/org1-admin-cert.pem
2.8 피어 노드의 인증서를 org2에 등록
1. Org2 Peer1 ECert 인증서 등록
mkdir -p org2/peer1/assets/ca/ && cp org2/ca/crypto/ca-cert.pem org2/peer1/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/peer1
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
./fabric-ca-client enroll -d -u https://peer0.org2.example.com:[email protected]:7056
# 修改私钥文件名称
mv org2/peer1/msp/keystore/99810fa9833aa697f35e0bdedbabdb66fb00e7ae9a9c065d4e5f6f95e3173b3f_sk org2/peer1/msp/keystore/priv_sk
2. Org2 Peer1 TLS 인증서 등록
mkdir org2/peer1/assets/tls-ca/ && cp tls-ca/crypto/tls-ca-cert.pem org2/peer1/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/peer1
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer1/assets/tls-ca/tls-ca-cert.pem
./fabric-ca-client enroll -d -u https://peer0.org2.example.com:[email protected]:7053 --enrollment.profile tls --csr.hosts peer0.org2.example.com
# 修改私钥文件名称
mv org2/peer1/tls-msp/keystore/5dc8a6a72dd4fecb940f2ddd11d8316639438f751a0bf88a22edcdbc7c3b8b24_sk org2/peer1/tls-msp/keystore/key.pem
3. Org2 Peer2 ECert 인증서 등록
mkdir -p org2/peer2/assets/ca/ && cp org2/ca/crypto/ca-cert.pem org2/peer2/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/peer2
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer2/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
./fabric-ca-client enroll -d -u https://peer1.org2.example.com:[email protected]:7056
# 修改私钥文件名称
mv org2/peer2/msp/keystore/1ecea1bcb5e65fa5f7e1e55b3ecdfa65c02833de0a83f3bbfbedb0ea2bf94fb2_sk org2/peer2/msp/keystore/priv_sk
4. Org2 Peer2 TLS 인증서 등록
mkdir -p org2/peer2/assets/tls-ca/ && cp tls-ca/crypto/tls-ca-cert.pem org2/peer2/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/peer2
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer2/assets/tls-ca/tls-ca-cert.pem
./fabric-ca-client enroll -d -u https://peer1.org2.example.com:[email protected]:7053 --enrollment.profile tls --csr.hosts peer1.org2.example.com
# 修改私钥文件名称
mv org2/peer2/tls-msp/keystore/ab08fb99a61ab4b72bdbc08ea1be72483665f8bb6d7ed25dcf9efce7190fc1d4_sk org2/peer2/tls-msp/keystore/key.pem
5、Org2의 관리자 등록
mkdir -p org2/peer1/msp/admincerts
mkdir -p org2/peer2/msp/admincerts
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org2/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org2/peer1/assets/ca/org2-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
./fabric-ca-client enroll -d -u https://admin-org2:[email protected]:7056
cp org2/admin/msp/signcerts/cert.pem org2/peer1/msp/admincerts/org2-admin-cert.pem
cp org2/admin/msp/signcerts/cert.pem org2/peer2/msp/admincerts/org2-admin-cert.pem
mv org2/admin/msp/keystore/1534e670f0e43226fd0c3ba8204305c2283c10376e9deee72f81245ada9db05d_sk org2/admin/msp/keystore/priv_sk
2.9 org0에 주문자 노드의 인증서 등록
1. Orderer1 ECert 인증서 등록
mkdir -p org0/orderer1/assets/ca/ && cp org0/ca/crypto/ca-cert.pem org0/orderer1/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderer1
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer1/assets/ca/org0-ca-cert.pem
./fabric-ca-client enroll -d -u https://orderer0.example.com:[email protected]:7054
mv org0/orderer1/msp/keystore/568c077c8f0a3bc4e35a9294f87063e64ae9974190a6abe5ccd9f6872f33e1ab_sk org0/orderer1/msp/keystore/priv_sk
2. Orderer1 TLS 인증서 등록
mkdir -p org0/orderer1/assets/tls-ca/ && cp tls-ca/crypto/tls-ca-cert.pem org0/orderer1/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderer1
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer1/assets/tls-ca/tls-ca-cert.pem
./fabric-ca-client enroll -d -u https://orderer0.example.com:[email protected]:7053 --enrollment.profile tls --csr.hosts 'orderer0.example.com,orderer0,192.168.235.130'
mv org0/orderer1/tls-msp/keystore/84f00c20de8393a0e5f817f0d6418c676ae38cc626a15ed69f8ba2a5050fc6bb_sk org0/orderer1/tls-msp/keystore/key.pem
3. Orderer2 ECert 인증서 등록
mkdir -p org0/orderer2/assets/ca/ && cp org0/ca/crypto/ca-cert.pem org0/orderer2/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderer2
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer2/assets/ca/org0-ca-cert.pem
./fabric-ca-client enroll -d -u https://orderer1.example.com:[email protected]:7054
mv org0/orderer2/msp/keystore/934954c7fa4431d1be86d92e3c2033646fbd4c6478ecfde799300990396af07a_sk org0/orderer2/msp/keystore/priv_sk
4. Orderer2 TLS 인증서 등록
mkdir -p org0/orderer2/assets/tls-ca/ && cp tls-ca/crypto/tls-ca-cert.pem org0/orderer2/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderer2
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer2/assets/tls-ca/tls-ca-cert.pem
./fabric-ca-client enroll -d -u https://orderer1.example.com:[email protected]:7053 --enrollment.profile tls --csr.hosts 'orderer1.example.com,orderer1,192.168.235.130'
mv org0/orderer2/tls-msp/keystore/468adfca64821fb18467e4c69c744a129cc983c8b216c135972185ed61b6fbee_sk org0/orderer2/tls-msp/keystore/key.pem
5. Orderer3 ECert 인증서 등록
mkdir -p org0/orderer3/assets/ca/ && cp org0/ca/crypto/ca-cert.pem org0/orderer3/assets/ca/org0-ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderer3
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer3/assets/ca/org0-ca-cert.pem
./fabric-ca-client enroll -d -u https://orderer2.example.com:[email protected]:7054
mv org0/orderer3/msp/keystore/4b27550ee9eb1b40c05526e4bce2064a95baec5547be7ee694bd3cf48e7322ce_sk org0/orderer3/msp/keystore/priv_sk
6. Orderer3 TLS 인증서 등록
mkdir -p org0/orderer3/assets/tls-ca/ && cp tls-ca/crypto/tls-ca-cert.pem org0/orderer3/assets/tls-ca/tls-ca-cert.pem
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/orderer3
export FABRIC_CA_CLIENT_MSPDIR=tls-msp
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/orderer3/assets/tls-ca/tls-ca-cert.pem
./fabric-ca-client enroll -d -u https://orderer2.example.com:[email protected]:7053 --enrollment.profile tls --csr.hosts 'orderer2.example.com,orderer2,192.168.235.130'
mv org0/orderer3/tls-msp/keystore/17294e44bc5ba90b7d4c09d8fa5bee6acecebf2a8feb752290831f7627284042_sk org0/orderer3/tls-msp/keystore/key.pem
7、Org0의 관리자 등록
export FABRIC_CA_CLIENT_HOME=/tmp/hyperledger/org0/admin
export FABRIC_CA_CLIENT_TLS_CERTFILES=/tmp/hyperledger/org0/ca/crypto/ca-cert.pem
export FABRIC_CA_CLIENT_MSPDIR=msp
./fabric-ca-client enroll -d -u https://admin-org0:[email protected]:7054
mv /tmp/hyperledger/org0/admin/msp/keystore/9febcf800d108cac5f56efa82e99eefbd17907ebc0171e89447038cb01ee51c0_sk /tmp/hyperledger/org0/admin/msp/keystore/priv_sk
mkdir /tmp/hyperledger/org0/orderer1/msp/admincerts && cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /tmp/hyperledger/org0/orderer1/msp/admincerts/orderer-admin-cert.pem
mkdir /tmp/hyperledger/org0/orderer2/msp/admincerts && cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /tmp/hyperledger/org0/orderer2/msp/admincerts/orderer-admin-cert.pem
mkdir /tmp/hyperledger/org0/orderer3/msp/admincerts && cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem /tmp/hyperledger/org0/orderer3/msp/admincerts/orderer-admin-cert.pem
이 시점에서 모든 인증서 파일이 생성됩니다.
3. 로컬 주문자 MSP 구조 구축
위에서 모든 인증서 파일이 생성되었으므로 이제 파일 디렉토리 구조를 공식 bin 폴더의 cryptogen 파일에서 생성된 폴더와 동일하게 만들어야 합니다.
3.1 주문자 1 로컬 MSP
mkdir -p crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp
mkdir -p crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls
# TLS 私钥
cp org0/orderer1/tls-msp/keystore/key.pem crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.key
# TLS 签名证书
cp org0/orderer1/tls-msp/signcerts/cert.pem crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt
# TLS 根证书
cp org0/orderer1/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
cp -r org0/orderer1/msp/ crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/
mv crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/cacerts/0-0-0-0-7054.pem crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/cacerts/ca.example.com-cert.pem
mkdir -p crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts && cp org0/orderer1/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
# 编写 config.yaml 文件
vim crypto-config/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
3.2 주문자 2 로컬 MSP
mkdir -p crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp
mkdir -p crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls
# TLS 私钥
cp org0/orderer2/tls-msp/keystore/key.pem crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.key
# TLS 签名证书
cp org0/orderer2/tls-msp/signcerts/cert.pem crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt
# TLS 根证书
cp org0/orderer2/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/ca.crt
# MSP
cp -r org0/orderer2/msp/ crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/
mv crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/cacerts/0-0-0-0-7054.pem crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/cacerts/ca.example.com-cert.pem
mkdir -p crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts && cp org0/orderer2/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
# 编写 config.yaml 文件
vim crypto-config/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
3.3 주문자 3 로컬 MSP
mkdir -p crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp
mkdir -p crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls
# TLS 私钥
cp org0/orderer3/tls-msp/keystore/key.pem crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.key
# TLS 签名证书
cp org0/orderer3/tls-msp/signcerts/cert.pem crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
# TLS 根证书
cp org0/orderer3/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/ca.crt
# MSP
cp -r org0/orderer3/msp/ crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/
mv crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/cacerts/0-0-0-0-7054.pem crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/cacerts/ca.example.com-cert.pem
mkdir -p crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts && cp org0/orderer3/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
# 编写 config.yaml 文件
vim crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
4、crypto-config/ordererOrganizations/example.com/msp/
mkdir -p crypto-config/ordererOrganizations/example.com/msp/admincerts
mkdir -p crypto-config/ordererOrganizations/example.com/msp/cacerts
mkdir -p crypto-config/ordererOrganizations/example.com/msp/tlscacerts
cp org0/orderer1/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem
cp org0/orderer1/msp/cacerts/0-0-0-0-7054.pem crypto-config/ordererOrganizations/example.com/msp/cacerts/ca.example.com-cert.pem
cp /tmp/hyperledger/org0/admin/msp/signcerts/cert.pem crypto-config/ordererOrganizations/example.com/msp/admincerts/orderer-admin-cert.pem
# 编写 config.yaml 文件
vim crypto-config/ordererOrganizations/example.com/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
4. Org1 피어 로컬 MSP 구조 구축
4.1 Org1 Peer1 로컬 MSP
mkdir -p crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/ && cp -r org1/peer1/msp/ crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com
mkdir -p crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls
cp org1/peer1/tls-msp/signcerts/cert.pem crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
cp org1/peer1/tls-msp/keystore/key.pem crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
cp org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
mv crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts/0-0-0-0-7055.pem crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/cacerts/ca.example.com-cert.pem
# 编写 config.yaml 文件
vim crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
4.2 Org1 Peer2 로컬 MSP
mkdir -p crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/ && cp -r org1/peer2/msp/ crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/
mkdir -p crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls
cp org1/peer2/tls-msp/signcerts/cert.pem crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/server.crt
cp org1/peer2/tls-msp/keystore/key.pem crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/server.key
cp org1/peer2/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt
mv crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/cacerts/0-0-0-0-7055.pem crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/cacerts/ca.example.com-cert.pem
# 编写 config.yaml 文件
vim crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
4.3 crypto-config/peerOrganizations/org1.example.com/msp
mkdir -p crypto-config/peerOrganizations/org1.example.com/msp/admincerts
mkdir -p crypto-config/peerOrganizations/org1.example.com/msp/cacerts
mkdir -p crypto-config/peerOrganizations/org1.example.com/msp/tlscacerts
cp org1/admin/msp/cacerts/0-0-0-0-7055.pem crypto-config/peerOrganizations/org1.example.com/msp/cacerts/ca.org1.example.com-cert.pem
cp org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/peerOrganizations/org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
cp /tmp/hyperledger/org1/admin/msp/signcerts/cert.pem crypto-config/peerOrganizations/org1.example.com/msp/admincerts/org1-admin-cert.pem
# 编写 config.yaml 文件
vim crypto-config/peerOrganizations/org1.example.com/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.org1.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
4.4 crypto-config/peerOrganizations/org1.example.com/users
mkdir -p crypto-config/peerOrganizations/org1.example.com/users/[email protected]
cp -r org1/admin/msp/ crypto-config/peerOrganizations/org1.example.com/users/[email protected]
mkdir -p crypto-config/peerOrganizations/org1.example.com/users/Admin\@org1.example.com/msp/admincerts
cp /tmp/hyperledger/org1/admin/msp/signcerts/cert.pem crypto-config/peerOrganizations/org1.example.com/users/Admin\@org1.example.com/msp/admincerts/org1-admin-cert.pem
mkdir -p crypto-config/peerOrganizations/org1.example.com/users/Admin\@org1.example.com/msp/tlscacerts
cp org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/peerOrganizations/org1.example.com/users/Admin\@org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
mv crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/cacerts/0-0-0-0-7055.pem crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/cacerts/ca.example.com-cert.pem
# 编写 config.yaml 文件
vim crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
5. Org2 피어 로컬 MSP 구조 구축
5.1 Org2 Peer1 로컬 MSP
mkdir -p crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/ && cp -r org2/peer1/msp/ crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com
mkdir -p crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls
cp org2/peer1/tls-msp/signcerts/cert.pem crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt
cp org2/peer1/tls-msp/keystore/key.pem crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key
cp org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
mv crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/cacerts/0-0-0-0-7056.pem crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/cacerts/ca.example.com-cert.pem
# 编写 config.yaml 文件
vim crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
5.2 Org2 Peer2 로컬 MSP
mkdir -p crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/ && cp -r org2/peer2/msp/ crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/
mkdir -p crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls
cp org2/peer2/tls-msp/signcerts/cert.pem crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/server.crt
cp org2/peer2/tls-msp/keystore/key.pem crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/server.key
cp org2/peer2/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt
mv crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/cacerts/0-0-0-0-7056.pem crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/cacerts/ca.example.com-cert.pem
# 编写 config.yaml 文件
vim crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
5.3 crypto-config/peerOrganizations/org2.example.com/msp
mkdir -p crypto-config/peerOrganizations/org2.example.com/msp/admincerts
mkdir -p crypto-config/peerOrganizations/org2.example.com/msp/cacerts
mkdir -p crypto-config/peerOrganizations/org2.example.com/msp/tlscacerts
cp org2/admin/msp/cacerts/0-0-0-0-7056.pem crypto-config/peerOrganizations/org2.example.com/msp/cacerts/ca.org2.example.com-cert.pem
cp org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/peerOrganizations/org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
cp /tmp/hyperledger/org2/admin/msp/signcerts/cert.pem crypto-config/peerOrganizations/org2.example.com/msp/admincerts/org2-admin-cert.pem
# 编写 config.yaml 文件
vim crypto-config/peerOrganizations/org2.example.com/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.org2.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.org2.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.org2.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.org2.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
5.4 crypto-config/peerOrganizations/org2.example.com/users
mkdir -p crypto-config/peerOrganizations/org2.example.com/users/[email protected]
cp -r org2/admin/msp/ crypto-config/peerOrganizations/org2.example.com/users/[email protected]
mkdir -p crypto-config/peerOrganizations/org2.example.com/users/Admin\@org2.example.com/msp/admincerts
cp /tmp/hyperledger/org2/admin/msp/signcerts/cert.pem crypto-config/peerOrganizations/org2.example.com/users/Admin\@org2.example.com/msp/admincerts/org2-admin-cert.pem
mkdir -p crypto-config/peerOrganizations/org2.example.com/users/Admin\@org2.example.com/msp/tlscacerts
cp org2/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7053.pem crypto-config/peerOrganizations/org2.example.com/users/Admin\@org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
mv crypto-config/peerOrganizations/org2.example.com/users/[email protected]/msp/cacerts/0-0-0-0-7056.pem crypto-config/peerOrganizations/org2.example.com/users/[email protected]/msp/cacerts/ca.example.com-cert.pem
# 编写 config.yaml 文件
vim crypto-config/peerOrganizations/org2.example.com/users/[email protected]/msp/config.yaml
NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/ca.example.com-cert.pem
OrganizationalUnitIdentifier: orderer
마지막으로 결과를 확인합니다.
tree crypto-config/
crypto-config/
├── ordererOrganizations
│ └── example.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── orderer-admin-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.example.com-cert.pem
│ │ ├── config.yaml
│ │ └── tlscacerts
│ │ └── tlsca.example.com-cert.pem
│ └── orderers
│ ├── orderer0.example.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── orderer-admin-cert.pem
│ │ │ ├── cacerts
│ │ │ │ └── ca.example.com-cert.pem
│ │ │ ├── config.yaml
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── priv_sk
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ ├── tlscacerts
│ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ └── user
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ ├── orderer1.example.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── orderer-admin-cert.pem
│ │ │ ├── cacerts
│ │ │ │ └── ca.example.com-cert.pem
│ │ │ ├── config.yaml
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── priv_sk
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ ├── tlscacerts
│ │ │ │ └── tlsca.example.com-cert.pem
│ │ │ └── user
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ └── orderer2.example.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── orderer-admin-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.example.com-cert.pem
│ │ ├── config.yaml
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── priv_sk
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ ├── tlscacerts
│ │ │ └── tlsca.example.com-cert.pem
│ │ └── user
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
└── peerOrganizations
├── org1.example.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── org1-admin-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.org1.example.com-cert.pem
│ │ ├── config.yaml
│ │ └── tlscacerts
│ │ └── tlsca.org1.example.com-cert.pem
│ ├── peers
│ │ ├── peer0.org1.example.com
│ │ │ ├── msp
│ │ │ │ ├── admincerts
│ │ │ │ │ └── org1-admin-cert.pem
│ │ │ │ ├── cacerts
│ │ │ │ │ └── ca.example.com-cert.pem
│ │ │ │ ├── config.yaml
│ │ │ │ ├── IssuerPublicKey
│ │ │ │ ├── IssuerRevocationPublicKey
│ │ │ │ ├── keystore
│ │ │ │ │ └── priv_sk
│ │ │ │ ├── signcerts
│ │ │ │ │ └── cert.pem
│ │ │ │ └── user
│ │ │ └── tls
│ │ │ ├── ca.crt
│ │ │ ├── server.crt
│ │ │ └── server.key
│ │ └── peer1.org1.example.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── org1-admin-cert.pem
│ │ │ ├── cacerts
│ │ │ │ └── ca.example.com-cert.pem
│ │ │ ├── config.yaml
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── priv_sk
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ └── user
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ └── users
│ └── [email protected]
│ └── msp
│ ├── admincerts
│ │ └── org1-admin-cert.pem
│ ├── cacerts
│ │ └── ca.example.com-cert.pem
│ ├── config.yaml
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── keystore
│ │ └── priv_sk
│ ├── signcerts
│ │ └── cert.pem
│ ├── tlscacerts
│ │ └── tlsca.org1.example.com-cert.pem
│ └── user
└── org2.example.com
├── msp
│ ├── admincerts
│ │ └── org2-admin-cert.pem
│ ├── cacerts
│ │ └── ca.org2.example.com-cert.pem
│ ├── config.yaml
│ └── tlscacerts
│ └── tlsca.org2.example.com-cert.pem
├── peers
│ ├── peer0.org2.example.com
│ │ ├── msp
│ │ │ ├── admincerts
│ │ │ │ └── org2-admin-cert.pem
│ │ │ ├── cacerts
│ │ │ │ └── ca.example.com-cert.pem
│ │ │ ├── config.yaml
│ │ │ ├── IssuerPublicKey
│ │ │ ├── IssuerRevocationPublicKey
│ │ │ ├── keystore
│ │ │ │ └── priv_sk
│ │ │ ├── signcerts
│ │ │ │ └── cert.pem
│ │ │ └── user
│ │ └── tls
│ │ ├── ca.crt
│ │ ├── server.crt
│ │ └── server.key
│ └── peer1.org2.example.com
│ ├── msp
│ │ ├── admincerts
│ │ │ └── org2-admin-cert.pem
│ │ ├── cacerts
│ │ │ └── ca.example.com-cert.pem
│ │ ├── config.yaml
│ │ ├── IssuerPublicKey
│ │ ├── IssuerRevocationPublicKey
│ │ ├── keystore
│ │ │ └── priv_sk
│ │ ├── signcerts
│ │ │ └── cert.pem
│ │ └── user
│ └── tls
│ ├── ca.crt
│ ├── server.crt
│ └── server.key
└── users
└── [email protected]
└── msp
├── admincerts
│ └── org2-admin-cert.pem
├── cacerts
│ └── ca.example.com-cert.pem
├── config.yaml
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── keystore
│ └── priv_sk
├── signcerts
│ └── cert.pem
├── tlscacerts
│ └── tlsca.org2.example.com-cert.pem
└── user
97 directories, 101 files
MSP 디렉토리 구조가 준비되면 Fabric 네트워크를 구축할 수 있습니다.