参考(内容有错误,已修改):区块链——Hyperledger Fabric2.2多机搭建及区块链浏览器
一、搭建环境
前提: order—10.10.10.65,org1—10.10.10.64,org2—10.10.10.53
1、设置网络
三台服务器都要设置
vim /etc/hosts
2、安装docker和docker-compose
root@order:~# apt-get updateroot@order:~# apt-get -y install apt-transport-https ca-certificates curl software-properties-commonroot@order:~# curl -fsSL https://mirrors.aliyun.com/docker-ce/linux/ubuntu/gpg | sudo apt-key add -root@order:~# add-apt-repository "deb [arch=amd64] https://mirrors.aliyun.com/docker-ce/linux/ubuntu $(lsb_release -cs) stable"root@order:~# apt-get -y updateroot@order:~# apt-get -y install docker-ceroot@order:~# service docker startroot@order:~# systemctl enable dockerroot@order:~# curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-composeroot@order:~# chmod +x /usr/local/bin/docker-composeroot@order:~# docker-compose -vdocker-compose version 1.29.2, build 5becea4c
3、安装golang环境
root@order:~# wget https://golang.google.cn/dl/go1.16.8.linux-amd64.tar.gzroot@order:~# tar zxf go1.16.8.linux-amd64.tar.gzroot@order:~# mv go /usr/local/root@order:~# vim /etc/profileexport GOPATH=~/Goexport PATH=$PATH:/usr/local/go/bin:$GOPATH/binexport GO111MODULE=onexport GOPROXY=https://goproxy.cnroot@order:~# source /etc/profileroot@order:~# go versiongo version go1.16.8 linux/amd64
二、生成Fabric证书(order上执行)
克隆项目fabric和fabric-samples
git clonehttps://gitee.com/hyperledger/fabric.git
git clonehttps://github.com/hyperledger/fabric-samples.git
cp fabric-samples/bin/* /usr/local/bin/
vim /etc/profile
export PATH=/home/bering/project/golandProjects/fabric/scripts/fabric-samples/bin:$PATH
source /etc/profile
1、编写证书文件
root@order:~# mkdir hyperledger/multinodes/root@order:~# cd hyperledger/multinodes/root@order:~/hyperledger/multinodes# cryptogen showtemplate > crypto-config.yamlroot@order:~/hyperledger/multinodes# vim crypto-config.yamlOrdererOrgs:- Name: OrdererDomain: example.comEnableNodeOUs: trueSpecs:- Hostname: ordererPeerOrgs: - Name: org1Domain: org1.example.comEnableNodeOUs: trueTemplate:Count: 1Users:Count: 1- Name: org2Domain: org2.example.comEnableNodeOUs: trueTemplate:Count: 1Users:Count: 1
2、生成证书文件
root@order:~/hyperledger/multinodes# cryptogen generate --config=crypto-config.yamlorg1.example.comorg2.example.com
3、复制证书文件到节点(可以Xftp复制)
root@order:~/hyperledger/multinodes# scp -r ./crypto-config root@10.10.10.64:/home/bering/project/hyperledger/multinodes/root@order:~/hyperledger/multinodes# scp -r ./crypto-config root@10.10.10.53:/home/bering/project/hyperledger/multinodes/
三、生成通道文件(order上执行)
1、编写创世块文件
root@order:~/hyperledger/multinodes# vim configtx.yaml---Organizations:- &OrdererOrgName: OrdererOrgID: OrdererMSPMSPDir: ./crypto-config/ordererOrganizations/example.com/mspPolicies:Readers:Type: SignatureRule: "OR('OrdererMSP.member')"Writers:Type: SignatureRule: "OR('OrdererMSP.member')"Admins:Type: SignatureRule: "OR('OrdererMSP.admin')"OrdererEndpoints:- orderer.example.com:7050- &Org1 Name: Org1MSPID: Org1MSPMSPDir: ./crypto-config/peerOrganizations/org1.example.com/mspPolicies:Readers:Type: SignatureRule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"Writers:Type: SignatureRule: "OR('Org1MSP.admin', 'Org1MSP.client')"Admins:Type: SignatureRule: "OR('Org1MSP.admin')"Endorsement:Type: SignatureRule: "OR('Org1MSP.peer')"AnchorPeers:- Host: peer0.org1.example.comPort: 7051- &Org2Name: Org2MSPID: Org2MSPMSPDir: ./crypto-config/peerOrganizations/org2.example.com/mspPolicies:Readers:Type: SignatureRule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"Writers:Type: SignatureRule: "OR('Org2MSP.admin', 'Org2MSP.client')"Admins:Type: SignatureRule: "OR('Org2MSP.admin')"Endorsement:Type: SignatureRule: "OR('Org2MSP.peer')"AnchorPeers:- Host: peer0.org2.example.comPort: 7051Capabilities:Channel: &ChannelCapabilitiesV2_0: trueOrderer: &OrdererCapabilitiesV2_0: trueApplication: &ApplicationCapabilitiesV2_0: trueApplication: &ApplicationDefaultsOrganizations:Policies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"LifecycleEndorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Endorsement:Type: ImplicitMetaRule: "MAJORITY Endorsement"Capabilities:<<: *ApplicationCapabilitiesOrderer: &OrdererDefaultsOrdererType: solo Addresses:- orderer.example.com:7050EtcdRaft:Consenters:- Host: orderer.example.comPort: 7050ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crtServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crtBatchTimeout: 2sBatchSize:MaxMessageCount: 10AbsoluteMaxBytes: 99 MBPreferredMaxBytes: 512 KBOrganizations:Policies:Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"BlockValidation:Type: ImplicitMetaRule: "ANY Writers"Channel: &ChannelDefaultsPolicies: Readers:Type: ImplicitMetaRule: "ANY Readers"Writers:Type: ImplicitMetaRule: "ANY Writers"Admins:Type: ImplicitMetaRule: "MAJORITY Admins"Capabilities:<<: *ChannelCapabilitiesProfiles:TwoOrgsOrdererGenesis:<<: *ChannelDefaultsOrderer:<<: *OrdererDefaultsOrganizations:- *OrdererOrgCapabilities:<<: *OrdererCapabilitiesConsortiums:SampleConsortium:Organizations:- *Org1- *Org2TwoOrgsChannel:Consortium: SampleConsortium<<: *ChannelDefaultsApplication:<<: *ApplicationDefaultsOrganizations:- *Org1- *Org2Capabilities:<<: *ApplicationCapabilities
2、生成创世块文件和通道文件
1、生成创世区块
root@order:~/hyperledger/multinodes# configtxgen -profile TwoOrgsOrdererGenesis -channelID fabric-channel -outputBlock ./channel-artifacts/genesis.block2021-11-04 10:40:27.919 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration2021-11-04 10:40:27.925 CST [common.tools.configtxgen.localconfig] completeInitialization -> INFO 002 orderer type: solo2021-11-04 10:40:27.925 CST [common.tools.configtxgen.localconfig] Load -> INFO 003 Loaded configuration: configtx.yaml2021-11-04 10:40:27.927 CST [common.tools.configtxgen] doOutputBlock -> INFO 004 Generating genesis block2021-11-04 10:40:27.927 CST [common.tools.configtxgen] doOutputBlock -> INFO 005 Creating system channel genesis block2021-11-04 10:40:27.927 CST [common.tools.configtxgen] doOutputBlock -> INFO 006 Writing genesis block
2、生成通道文件
root@order:~/hyperledger/multinodes# configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID mychannel2021-11-04 10:40:31.528 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration2021-11-04 10:40:31.533 CST [common.tools.configtxgen.localconfig] Load -> INFO 002 Loaded configuration: configtx.yaml2021-11-04 10:40:31.533 CST [common.tools.configtxgen] doOutputChannelCreateTx -> INFO 003 Generating new channel configtx2021-11-04 10:40:31.535 CST [common.tools.configtxgen] doOutputChannelCreateTx -> INFO 004 Writing new channel tx
3、为 Org1 定义锚节点
root@order:~/hyperledger/multinodes# configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID mychannel -asOrg Org1MSP2021-11-04 10:40:35.494 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration2021-11-04 10:40:35.499 CST [common.tools.configtxgen.localconfig] Load -> INFO 002 Loaded configuration: configtx.yaml2021-11-04 10:40:35.499 CST [common.tools.configtxgen] doOutputAnchorPeersUpdate -> INFO 003 Generating anchor peer update2021-11-04 10:40:35.500 CST [common.tools.configtxgen] doOutputAnchorPeersUpdate -> INFO 004 Writing anchor peer update
4、为 Org2 定义锚节点
root@order:~/hyperledger/multinodes# configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID mychannel -asOrg Org2MSP2021-11-04 10:40:38.888 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration2021-11-04 10:40:38.893 CST [common.tools.configtxgen.localconfig] Load -> INFO 002 Loaded configuration: configtx.yaml2021-11-04 10:40:38.893 CST [common.tools.configtxgen] doOutputAnchorPeersUpdate -> INFO 003 Generating anchor peer update2021-11-04 10:40:38.894 CST [common.tools.configtxgen] doOutputAnchorPeersUpdate -> INFO 004 Writing anchor peer update
5、将生成的文件拷贝到另两台主机(可以Xftp复制)
root@order:~/hyperledger/multinodes# scp -r ./channel-artifacts root@10.10.10.64:/home/bering/projec/hyperledger/multinodes/root@order:~/hyperledger/multinodes# scp -r ./channel-artifacts root@10.10.10.53:/home/bering/projec/hyperledger/multinodes/
四、编写docker-compose文件
1、orderer节点
root@order:~/hyperledger/multinodes# vim docker-compose.yamlversion: '2'services:orderer.example.com:container_name: orderer.example.comimage: hyperledger/fabric-orderer:2.2environment:- FABRIC_LOGGING_SPEC=INFO- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0- ORDERER_GENERAL_LISTENPORT=7050- ORDERER_GENERAL_GENESISMETHOD=file- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block- ORDERER_GENERAL_LOCALMSPID=OrdererMSP- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp- ORDERER_GENERAL_TLS_ENABLED=true- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1- ORDERER_KAFKA_VERBOSE=true- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]working_dir: /opt/gopath/src/github.com/hyperledger/fabriccommand: orderervolumes:- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tlsports:- 7050:7050extra_hosts:- "orderer.example.com:10.10.10.65"- "peer0.org1.example.com:10.10.10.64"- "peer0.org2.example.com:10.10.10.53"
2、org1节点
root@org1:~/hyperledger/multinodes# vim docker-compose.yamlversion: '2'services:couchdb0.org1.example.com:container_name: couchdb0.org1.example.comimage: couchdb:3.1environment:- COUCHDB_USER=admin- COUCHDB_PASSWORD=adminpwports:- 5984:5984peer0.org1.example.com:container_name: peer0.org1.example.comimage: hyperledger/fabric-peer:2.2environment:- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock- CORE_PEER_ID=peer0.org1.example.com- CORE_PEER_ADDRESS=peer0.org1.example.com:7051- CORE_PEER_LISTENADDRESS=0.0.0.0:7051- CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051- CORE_PEER_LOCALMSPID=Org1MSP- FABRIC_LOGGING_SPEC=INFO- CORE_PEER_TLS_ENABLED=true- CORE_PEER_GOSSIP_USELEADERELECTION=true- CORE_PEER_GOSSIP_ORGLEADER=false- CORE_PEER_PROFILE_ENABLED=true- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt- CORE_CHAINCODE_EXECUTETIMEOUT=300s- CORE_LEDGER_STATE_STATEDATABASE=CouchDB- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0.org1.example.com:5984- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpwdepends_on:- couchdb0.org1.example.comworking_dir: /opt/gopath/src/github.com/hyperledger/fabric/peercommand: peer node startvolumes:- /var/run/:/host/var/run/- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tlsports:- 7051:7051- 7052:7052- 7053:7053extra_hosts:- "orderer.example.com:10.10.10.65"- "peer0.org1.example.com:10.10.10.64"- "peer0.org2.example.com:10.10.10.53"cli:container_name: cliimage: hyperledger/fabric-tools:2.2tty: truestdin_open: trueenvironment:- GOPATH=/opt/gopath- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock- FABRIC_LOGGING_SPEC=INFO- CORE_PEER_ID=cli- CORE_PEER_ADDRESS=peer0.org1.example.com:7051- CORE_PEER_LOCALMSPID=Org1MSP- CORE_PEER_TLS_ENABLED=true- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/mspworking_dir: /opt/gopath/src/github.com/hyperledger/fabric/peercommand: /bin/bashvolumes:- /var/run/:/host/var/run/- ./chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric-cluster/chaincode/go- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifactsextra_hosts:- "orderer.example.com:10.10.10.65"- "peer0.org1.example.com:10.10.10.64"- "peer0.org2.example.com:10.10.10.53"
3、org2节点
root@org2:~/hyperledger/multinodes# vim docker-compose.yamlversion: '2'services:couchdb0.org2.example.com:container_name: couchdb0.org2.example.comimage: couchdb:3.1environment:- COUCHDB_USER=admin- COUCHDB_PASSWORD=adminpwports:- 5984:5984peer0.org2.example.com:container_name: peer0.org2.example.comimage: hyperledger/fabric-peer:2.2environment:- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock- CORE_PEER_ID=peer0.org2.example.com- CORE_PEER_ADDRESS=peer0.org2.example.com:7051- CORE_PEER_LISTENADDRESS=0.0.0.0:7051- CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:7052- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051- CORE_PEER_LOCALMSPID=Org2MSP- FABRIC_LOGGING_SPEC=INFO- CORE_PEER_TLS_ENABLED=true- CORE_PEER_GOSSIP_USELEADERELECTION=true- CORE_PEER_GOSSIP_ORGLEADER=false- CORE_PEER_PROFILE_ENABLED=true- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt- CORE_CHAINCODE_EXECUTETIMEOUT=300s- CORE_LEDGER_STATE_STATEDATABASE=CouchDB- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0.org2.example.com:5984- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpwdepends_on:- couchdb0.org2.example.comworking_dir: /opt/gopath/src/github.com/hyperledger/fabric/peercommand: peer node startvolumes:- /var/run/:/host/var/run/- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp- ./crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tlsports:- 7051:7051- 7052:7052- 7053:7053extra_hosts:- "orderer.example.com:10.10.10.65"- "peer0.org1.example.com:10.10.10.64"- "peer0.org2.example.com:10.10.10.53"cli:container_name: cliimage: hyperledger/fabric-tools:2.2tty: truestdin_open: trueenvironment:- GOPATH=/opt/gopath- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock- FABRIC_LOGGING_SPEC=INFO- CORE_PEER_ID=cli- CORE_PEER_ADDRESS=peer0.org2.example.com:7051- CORE_PEER_LOCALMSPID=Org2MSP- CORE_PEER_TLS_ENABLED=true- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/mspworking_dir: /opt/gopath/src/github.com/hyperledger/fabric/peercommand: /bin/bashvolumes:- /var/run/:/host/var/run/- ./chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric-cluster/chaincode/go- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifactsextra_hosts:- "orderer.example.com:10.10.10.65"- "peer0.org1.example.com:10.10.10.64"- "peer0.org2.example.com:10.10.10.53"
4、启动
order,org1,org2分别执行
root@order:~/hyperledger/multinodes# docker-compose up -dCreating network "multinodes_default" with the default driverCreating orderer.example.com ... done
root@org1:~/hyperledger/multinodes# docker-compose up -dCreating network "multinodes_default" with the default driverCreating couchdb0.org1.example.com ... doneCreating cli ... doneCreating peer0.org1.example.com... done
root@org2:~/hyperledger/multinodes# docker-compose up -dCreating network "multinodes_default" with the default driverCreating cli ... doneCreating couchdb0.org2.example.com ... doneCreating peer0.org2.example.com... done
五、通道操作
1、创建通道
org1执行
root@org1:~/hyperledger/multinodes# docker exec -it cli bashbash-5.1# peer channel create -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/channel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem2021-11-04 05:35:20.209 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized2021-11-04 05:35:20.243 UTC [cli.common] readBlock -> INFO 002 Received block: 0bash-5.1# lschannel-artifactscrypto mychannel.blockbash-5.1# exit
将通道文件 mychannel.block 拷贝到宿主机及其他节点的容器网址
org1执行
root@org1:~/hyperledger/multinodes# docker cp cli:/opt/gopath/src/github.com/hyperledger/fabric/peer/mychannel.block ./root@org1:~/hyperledger/multinodes# scp mychannel.block root@10.10.10.53:/home/bering/project/hyperledger/multinodes/
org2执行
root@org2:~/hyperledger/multinodes# docker cp mychannel.block cli:/opt/gopath/src/github.com/hyperledger/fabric/peer/
2、加入通道
org1执行
root@org1:~/hyperledger/multinodes# docker exec -it cli bashbash-5.1# peer channel join -b mychannel.block2021-11-04 05:39:36.166 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized2021-11-04 05:39:36.292 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
org2执行
root@org2:~/hyperledger/multinodes# docker exec -it cli bashbash-5.1# peer channel join -b mychannel.block2021-11-04 05:39:29.125 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized2021-11-04 05:39:29.237 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
3、更新锚节点
org1执行
bash-5.1# peer channel update -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem2021-11-04 05:39:59.758 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized2021-11-04 05:39:59.770 UTC [channelCmd] update -> INFO 002 Successfully submitted channel update
org2执行
bash-5.1# peer channel update -o orderer.example.com:7050 -c mychannel -f ./channel-artifacts/Org2MSPanchors.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem2021-11-04 05:40:14.723 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized2021-11-04 05:40:14.740 UTC [channelCmd] update -> INFO 002 Successfully submitted channel update
六、安装调用智能合约
1、复制官方示例智能合约
order执行
创建目录chaincode/go
/home/bering/project/golandProjects/hyperledger/multinodes/ 下创建 chaincode/go
把/home/bering/project/golandProjects/fabric-samples/chaincode 下的sacc目录移动到 chaincode/go下
org1执行
/home/bering/project/hyperledger/multinodes/ 下创建 chaincode/go
复制sacc到go目录下
org2执行
/home/bering/project/hyperledger/multinodes/ 下创建 chaincode/go
复制sacc到go目录下
2、容器内设置go语言依赖包
org1执行
root@org1:~/hyperledger/multinodes# docker exec -it cli bashbash-5.1# cd /opt/gopath/src/github.com/hyperledger/fabric-cluster/chaincode/go/saccbash-5.1# lsgo.modgo.sumsacc.go sacc_test.govendorbash-5.1# go env -w GOPROXY=https://goproxy.cn,directbash-5.1# go env -w GO111MODULE=autobash-5.1# go mod initgo: /opt/gopath/src/github.com/hyperledger/fabric-cluster/chaincode/go/sacc/go.mod already existsbash-5.1# go mod vendorgo: downloading github.com/hyperledger/fabric-chaincode-go v0.0.0-20190823162523-04390e015b85go: downloading github.com/hyperledger/fabric-protos-go v0.0.0-20190821214336-621b908d5022go: downloading github.com/golang/protobuf v1.3.2go: downloading google.golang.org/grpc v1.23.0go: downloading golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7go: downloading google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55go: downloading golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7ago: downloading golang.org/x/text v0.3.2
org2执行
root@org2:~/hyperledger/multinodes# docker exec -it cli bashbash-5.1# cd /opt/gopath/src/github.com/hyperledger/fabric-cluster/chaincode/go/saccbash-5.1# lsgo.modgo.sumsacc.go sacc_test.govendorbash-5.1# go env -w GOPROXY=https://goproxy.cn,directbash-5.1# go env -w GO111MODULE=autobash-5.1# go mod initgo: /opt/gopath/src/github.com/hyperledger/fabric-cluster/chaincode/go/sacc/go.mod already existsbash-5.1# go mod vendorgo: downloading github.com/hyperledger/fabric-chaincode-go v0.0.0-20190823162523-04390e015b85go: downloading github.com/hyperledger/fabric-protos-go v0.0.0-20190821214336-621b908d5022go: downloading github.com/golang/protobuf v1.3.2go: downloading google.golang.org/grpc v1.23.0go: downloading golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7go: downloading google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55go: downloading golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7ago: downloading golang.org/x/text v0.3.2
3、打包链码
仅仅org1执行
bash-5.1# cd /opt/gopath/src/github.com/hyperledger/fabric/peerbash-5.1# peer lifecycle chaincode package sacc.tar.gz \--path github.com/hyperledger/fabric-cluster/chaincode/go/sacc/ \--label sacc_1bash-5.1# lschannel-artifactscrypto mychannel.blocksacc.tar.gz
4、复制链码
org1执行
root@org1:~/hyperledger/multinodes# docker cp cli:/opt/gopath/src/github.com/hyperledger/fabric/peer/sacc.tar.gz ./root@org1:~/hyperledger/multinodes# scp sacc.tar.gz root@10.10.10.53:/home/bering/project/hyperledger/multinodes
org2执行
root@org2:~/hyperledger/multinodes# docker cp /home/bering/project/hyperledger/multinodes/sacc.tar.gz cli:/opt/gopath/src/github.com/hyperledger/fabric/peer
5、安装链码
org1执行
root@org1:~/hyperledger/multinodes# docker exec -it cli bashbash-5.1# peer lifecycle chaincode install sacc.tar.gz2021-11-04 05:44:44.537 UTC [cli.lifecycle.chaincode] submitInstallProposal -> INFO 001 Installed remotely: response:2021-11-04 05:44:44.537 UTC [cli.lifecycle.chaincode] submitInstallProposal -> INFO 002 Chaincode code package identifier: sacc_1:2791ff83074c654ab40b864ba03f6bb2710439d720adc883c26438212de8d259
org2执行
root@org2:~/hyperledger/multinodes# docker exec -it cli bashbash-5.1# peer lifecycle chaincode install sacc.tar.gz2021-11-04 05:44:36.627 UTC [cli.lifecycle.chaincode] submitInstallProposal -> INFO 001 Installed remotely: response:2021-11-04 05:44:36.627 UTC [cli.lifecycle.chaincode] submitInstallProposal -> INFO 002 Chaincode code package identifier: sacc_1:2791ff83074c654ab40b864ba03f6bb2710439d720adc883c26438212de8d259
6、批准链码
org1执行
bash-5.1# peer lifecycle chaincode approveformyorg --channelID mychannel --name sacc --version 1.0 --init-required --package-id sacc_1:2791ff83074c654ab40b864ba03f6bb2710439d720adc883c26438212de8d259 --sequence 1 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem2021-11-04 05:45:51.128 UTC [cli.lifecycle.chaincode] setOrdererClient -> INFO 001 Retrieved channel (mychannel) orderer endpoint: orderer.example.com:70502021-11-04 05:45:53.260 UTC [chaincodeCmd] ClientWait -> INFO 002 txid [c2bebc9d5dbbe4b342facd9ae558dec6cc142f373bbf5a08fbf0953e06c2dce4] committed with status (VALID) at peer0.org1.example.com:7051
org2执行
bash-5.1# peer lifecycle chaincode approveformyorg --channelID mychannel --name sacc --version 1.0 --init-required --package-id sacc_1:2791ff83074c654ab40b864ba03f6bb2710439d720adc883c26438212de8d259 --sequence 1 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem2021-11-04 05:45:46.313 UTC [cli.lifecycle.chaincode] setOrdererClient -> INFO 001 Retrieved channel (mychannel) orderer endpoint: orderer.example.com:70502021-11-04 05:45:48.447 UTC [chaincodeCmd] ClientWait -> INFO 002 txid [456f2a9b88c235812d679e5a8b79fd2476f0843f51dcb273b239102f649a2c76] committed with status (VALID) at peer0.org2.example.com:7051
7、查看链码是否就绪
org1执行
bash-5.1# peer lifecycle chaincode checkcommitreadiness --channelID mychannel --name sacc --version 1.0 --init-required --sequence 1 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --output json{"approvals": {"Org1MSP": true,"Org2MSP": true}}
org2执行
bash-5.1# peer lifecycle chaincode checkcommitreadiness --channelID mychannel --name sacc --version 1.0 --init-required --sequence 1 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --output json{"approvals": {"Org1MSP": true,"Org2MSP": true}}
8、提交链码
仅仅org1执行
bash-5.1# peer lifecycle chaincode commit -o orderer.example.com:7050 --channelID mychannel --name sacc --version 1.0 --sequence 1 --init-required --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt2021-11-04 05:46:43.990 UTC [chaincodeCmd] ClientWait -> INFO 001 txid [ac1b9887ed54dda567f54417216b6ac34255fcdccad14ffa8dd4eeb4b78fe781] committed with status (VALID) at peer0.org1.example.com:70512021-11-04 05:46:44.025 UTC [chaincodeCmd] ClientWait -> INFO 002 txid [ac1b9887ed54dda567f54417216b6ac34255fcdccad14ffa8dd4eeb4b78fe781] committed with status (VALID) at peer0.org2.example.com:7051
9、链码初始化
仅仅org1执行
bash-5.1# peer chaincode invoke -o orderer.example.com:7050 --isInit --ordererTLSHostnameOverride orderer.example.com --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n sacc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["a","bb"]}'2021-11-04 05:46:55.388 UTC [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200
10、查询数据
org1和org2都可执行
bash-5.1# peer chaincode query -C mychannel -n sacc -c '{"Args":["query","a"]}'bb
11、调用链码,新增数据
org1和org2都可执行
bash-5.1# peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n sacc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["set","a","cc"]}'2021-11-04 05:47:25.219 UTC [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 001 Chaincode invoke successful. result: status:200 payload:"cc"bash-5.1# peer chaincode query -C mychannel -n sacc -c '{"Args":["query","a"]}'cc
七、搭建超级账本区块链浏览器
1、下载配置文件
order上执行
root@order:~/hyperledger/multinodes# mkdir explorerroot@order:~/hyperledger/multinodes# cd explorer/root@order:~/hyperledger/multinodes/explorer# wget https://raw.githubusercontent.com/hyperledger/blockchain-explorer/main/examples/net1/config.jsonroot@order:~/hyperledger/multinodes/explorer# wget https://raw.githubusercontent.com/hyperledger/blockchain-explorer/main/examples/net1/connection-profile/test-network.json -P connection-profileroot@order:~/hyperledger/multinodes/explorer# wget https://raw.githubusercontent.com/hyperledger/blockchain-explorer/main/docker-compose.yamlroot@order:~/hyperledger/multinodes/explorer# cd ..root@order:~/hyperledger/multinodes# cd crypto-configroot@order:~/hyperledger/multinodes/crypto-config#lsordererOrganizationspeerOrganizationsroot@order:~/hyperledger/multinodes/crypto-config#cd ..root@order:~/hyperledger/multinodes# cp -r crypto-config explorer/organizationsroot@order:~/hyperledger/multinodes# cd explorer/root@order:~/hyperledger/multinodes/explorer# ls organizations/ordererOrganizationspeerOrganizations
2、修改配置文件
order上执行
root@order:~/hyperledger/multinodes/explorer# cd connection-profile/root@order:~/hyperledger/multinodes/explorer/connection-profile# mv test-network.json org1-network.jsonroot@order:~/hyperledger/multinodes/explorer/connection-profile# vim org1-network.jsonroot@order:~/hyperledger/multinodes/explorer/connection-profile# sed -i "s/test-network/org1-network/g" org1-network.jsonroot@order:~/hyperledger/multinodes/explorer/connection-profile# vim org1-network.json{"name": "org1-network","version": "1.0.0","client": {"tlsEnable": true,"adminCredential": {"id": "exploreradmin","password": "exploreradminpw"},"enableAuthentication": true,"organization": "Org1MSP","connection": {"timeout": {"peer": {"endorser": "1200"},"orderer": "1200"}}},"channels": {"mychannel": {"peers": {"peer0.org1.example.com": {}}}},"organizations": {"Org1MSP": {"mspid": "Org1MSP","adminPrivateKey": {"path": "/tmp/crypto/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/keystore/priv_sk"},"peers": ["peer0.org1.example.com"],"signedCert": {"path": "/tmp/crypto/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/signcerts/User1@org1.example.com-cert.pem"}}},"peers": {"peer0.org1.example.com": {"tlsCACerts": {"path": "/tmp/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt"},"url": "grpcs://peer0.org1.example.com:7051"}}}
root@order:~/hyperledger/multinodes/explorer/connection-profile# cp org1-network.json org2-network.jsonroot@order:~/hyperledger/multinodes/explorer/connection-profile# sed -i "s/org1/org2/g" org2-network.jsonroot@order:~/hyperledger/multinodes/explorer/connection-profile# sed -i "s/Org1/Org2/g" org2-network.jsonroot@order:~/hyperledger/multinodes/explorer/connection-profile# sed -i "s/7051/7051/g" org2-network.jsonroot@order:~/hyperledger/multinodes/explorer/connection-profile# vim org2-network.json{"name": "org2-network","version": "1.0.0","client": {"tlsEnable": true,"adminCredential": {"id": "exploreradmin","password": "exploreradminpw"},"enableAuthentication": true,"organization": "Org2MSP","connection": {"timeout": {"peer": {"endorser": "1200"},"orderer": "1200"}}},"channels": {"mychannel": {"peers": {"peer0.org2.example.com": {}}}},"organizations": {"Org2MSP": {"mspid": "Org2MSP","adminPrivateKey": {"path": "/tmp/crypto/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/keystore/priv_sk"},"peers": ["peer0.org2.example.com"],"signedCert": {"path": "/tmp/crypto/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/signcerts/User1@org2.example.com-cert.pem"}}},"peers": {"peer0.org2.example.com": {"tlsCACerts": {"path": "/tmp/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt"},"url": "grpcs://peer0.org2.example.com:7051"}}}
root@order:~/hyperledger/multinodes/explorer/connection-profile# cd ..root@order:~/hyperledger/multinodes/explorer# vim config.json{"network-configs": {"org1-network": {"name": "org1-network","profile": "./connection-profile/org1-network.json"},"org2-network": {"name": "org2-network","profile": "./connection-profile/org2-network.json"}},"license": "Apache-2.0"}
3、修改docker-compose文件
order上执行
root@order:~/hyperledger/multinodes/explorer# vim docker-compose.yaml# SPDX-License-Identifier: Apache-2.0version: '2.1'volumes:pgdata:walletstore:networks:mynetwork.com:external:name: twonodes_testservices:explorerdb.mynetwork.com:image: hyperledger/explorer-db:latestcontainer_name: explorerdb.mynetwork.comhostname: explorerdb.mynetwork.comenvironment:- DATABASE_DATABASE=fabricexplorer- DATABASE_USERNAME=hppoc- DATABASE_PASSWORD=passwordhealthcheck:test: "pg_isready -h localhost -p 5432 -q -U postgres"interval: 30stimeout: 10sretries: 5volumes:- pgdata:/var/lib/postgresql/datanetworks:- mynetwork.comexplorer.mynetwork.com:image: hyperledger/explorer:latestcontainer_name: explorer.mynetwork.comhostname: explorer.mynetwork.comenvironment:- DATABASE_HOST=explorerdb.mynetwork.com- DATABASE_DATABASE=fabricexplorer- DATABASE_USERNAME=hppoc- DATABASE_PASSWD=password- LOG_LEVEL_APP=debug- LOG_LEVEL_DB=debug- LOG_LEVEL_CONSOLE=debug- LOG_CONSOLE_STDOUT=true- DISCOVERY_AS_LOCALHOST=falsevolumes:- ./config.json:/opt/explorer/app/platform/fabric/config.json- ./connection-profile:/opt/explorer/app/platform/fabric/connection-profile- ./organizations:/tmp/crypto- walletstore:/opt/explorer/walletports:- 8080:8080depends_on:explorerdb.mynetwork.com:condition: service_healthynetworks:- mynetwork.comextra_hosts:- "orderer.example.com:10.10.10.65"- "peer0.org1.example.com:10.10.10.64"- "peer0.org2.example.com:10.10.10.53"
4、启动区块链浏览器
root@order:~/hyperledger/multinodes/explorer# docker-compose up -dCreating network "explorer_default" with the default driverCreating volume "explorer_pgdata" with default driverCreating volume "explorer_walletstore" with default driverCreating explorerdb.mynetwork.com ... doneCreating explorer.mynetwork.com ... doneroot@order:~/hyperledger/multinodes/explorer# docker ps -aCONTAINER ID IMAGE COMMANDCREATEDSTATUSPORTS NAMESd21e179e2060 hyperledger/explorer:latest "docker-entrypoint.s…" 6 seconds agoUp 5 seconds0.0.0.0:8080->8080/tcp, :::8080->8080/tcp explorer.mynetwork.com831395f70c85 hyperledger/explorer-db:latest"docker-entrypoint.s…" 37 seconds ago Up 36 seconds (healthy) 5432/tcpexplorerdb.mynetwork.com69ab158d8d67 dev-peer0.org1.example.com-sacc_1-2791ff83074c654ab40b864ba03f6bb2710439d720adc883c26438212de8d259-8784c8728adbd8a126fe5163d5cae63d43ee9085043dddaa179d6f74edaf2d12 "chaincode -peer.add…" 18 minutes ago Up 18 minutes dev-peer0.org1.example.com-sacc_1-2791ff83074c654ab40b864ba03f6bb2710439d720adc883c26438212de8d25984e8e0d3fe09 hyperledger/fabric-peer:2.3 "peer node start"48 minutes ago Up 18 minutes 0.0.0.0:7051-7053->7051-7053/tcp, :::7051-7053->7051-7053/tcp peer0.org1.example.com57cfe35e69a6 hyperledger/fabric-tools:2.2"/bin/bash"49 minutes ago Up 18 minutes cli421b25e99adf couchdb:3.1 "tini -- /docker-ent…" 49 minutes ago Up 18 minutes 4369/tcp, 9100/tcp, 0.0.0.0:5984->5984/tcp, :::5984->5984/tcp couchdb0.org1.example.com
问题1:
2021-07-08T08:08:14.461Z – error: [DiscoveryService]: send[mychannel] – Channel:mychannel received discovery error:access denied
explorer.mynetwork.com | [2021-07-08T08:08:14.461] [ERROR] FabricClient – Error: DiscoveryService: mychannel error: access denied
explorer.mynetwork.com | at DiscoveryService.send (/opt/explorer/node_modules/fabric-common/lib/DiscoveryService.js:363:11)
explorer.mynetwork.com | at processTicksAndRejections (internal/process/task_queues.js:97:5)
explorer.mynetwork.com | at async NetworkImpl._initializeInternalChannel (/opt/explorer/node_modules/fabric-network/lib/network.js:279:13)
explorer.mynetwork.com | at async NetworkImpl._initialize (/opt/explorer/node_modules/fabric-network/lib/network.js:231:9)
explorer.mynetwork.com | at async Gateway.getNetwork (/opt/explorer/node_modules/fabric-network/lib/gateway.js:330:9)
解决1:
参考:HyperledgerExplorer错误记录:FabricClient – Error: DiscoveryService: mychannel error: access denied_[error] fabricclient – error: discoveryservice: my-CSDN博客文章浏览阅读2.7k次,点赞4次,收藏6次。问题:重新启动HyperledgerExplorer报错昨日部署好了fabric和HyperledgerExplorer,启动了一次,一切正常。今日再次启动,却发现怎么也启动不起来,docker-compose logs显示错误:2021-07-08T08:08:14.461Z – error: [DiscoveryService]: send[mychannel] – Channel:mychannel received discovery error:access deniedexplorer.m_[error] fabricclient – error: discoveryservice: mychannel error: access denihttps://blog.csdn.net/lyz19961221/article/details/118576529
接入被拒绝了,明显是鉴权问题
排查
既然是explorer报的鉴权问题,那fabric这边应该会有日志打印,docker logs peer0.org1.example.com查看org1.peer0的日志(因为explorer这边鉴权用的就是org1的身份信息),果然其中有错,蓝色的一片INFO日志中赫然几条黄色的WARN在列:
2021-07-08 07:34:53.173 UTC [policies] SignatureSetToValidIdentities -> WARN 048 invalid identity: certificate subject=CN=org1admin,OU=admin,O=Hyperledger,ST=North Carolina,C=US serialnumber=406667895762504197446585402379494299487974961868 error="the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"ca.org1.example.com\")"2021-07-08 07:34:53.185 UTC [policies] SignatureSetToValidIdentities -> WARN 049 invalid identity: certificate subject=CN=org1admin,OU=admin,O=Hyperledger,ST=North Carolina,C=US serialnumber=406667895762504197446585402379494299487974961868 error="the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"ca.org1.example.com\")"2021-07-08 07:34:53.185 UTC [discovery] processQuery -> WARN 04a got query for channel mychannel from 172.21.0.10:54952 but it isn't eligible: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied2021-07-08 07:34:53.185 UTC [discovery] processQuery -> WARN 04b got query for channel mychannel from 172.21.0.10:54952 but it isn't eligible: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Writers' sub-policies to be satisfied
通过日志信息可以知晓,确实是证书验证失败了,无论失败的原因为何,目前的基本猜想还是explorer所用证书与fabric本身生成的证书不一致。因为启动过两次第二次启动时没有清除第一次的证书。
马上执行docker volume ls查看,果然是有wallet残留:
local explorer_pgdatalocal explorer_walletstore
清除volume
$ docker-compose down -v
执行命令删除残留的volume:
docker volume rm explorer_pgdatadocker volume rm explorer_walletstore
重新启动一切恢复正常。