diff --git a/first-network/add_orderer_configtx.yaml b/first-network/add_orderer_configtx.yaml new file mode 100644 index 00000000..4e3f7f2e --- /dev/null +++ b/first-network/add_orderer_configtx.yaml @@ -0,0 +1,404 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +################################################################################ +# +# Section: Organizations +# +# - This section defines the different organizational identities which will +# be referenced later in the configuration. +# +################################################################################ +Organizations: + + # SampleOrg defines an MSP using the sampleconfig. It should never be used + # in production but may be used as a template for other definitions + - &OrdererOrg + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: OrdererOrg + + # ID to load the MSP definition as + ID: OrdererMSP + + # MSPDir is the filesystem path which contains the MSP configuration + MSPDir: crypto-config/ordererOrganizations/example.com/msp + + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Writers: + Type: Signature + Rule: "OR('OrdererMSP.member')" + Admins: + Type: Signature + Rule: "OR('OrdererMSP.admin')" + + - &Org1 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org1MSP + + # ID to load the MSP definition as + ID: Org1MSP + + MSPDir: crypto-config/peerOrganizations/org1.example.com/msp + + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org1MSP.admin', 'Org1MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org1MSP.admin')" + + # leave this flag set to true. + AnchorPeers: + # AnchorPeers defines the location of peers which can be used + # for cross org gossip communication. Note, this value is only + # encoded in the genesis block in the Application section context + - Host: peer0.org1.example.com + Port: 7051 + + - &Org2 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org2MSP + + # ID to load the MSP definition as + ID: Org2MSP + + MSPDir: crypto-config/peerOrganizations/org2.example.com/msp + + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')" + Writers: + Type: Signature + Rule: "OR('Org2MSP.admin', 'Org2MSP.client')" + Admins: + Type: Signature + Rule: "OR('Org2MSP.admin')" + + AnchorPeers: + # AnchorPeers defines the location of peers which can be used + # for cross org gossip communication. Note, this value is only + # encoded in the genesis block in the Application section context + - Host: peer0.org2.example.com + Port: 9051 + +################################################################################ +# +# SECTION: Capabilities +# +# - This section defines the capabilities of fabric network. This is a new +# concept as of v1.1.0 and should not be utilized in mixed networks with +# v1.0.x peers and orderers. Capabilities define features which must be +# present in a fabric binary for that binary to safely participate in the +# fabric network. For instance, if a new MSP type is added, newer binaries +# might recognize and validate the signatures from this type, while older +# binaries without this support would be unable to validate those +# transactions. This could lead to different versions of the fabric binaries +# having different world states. Instead, defining a capability for a channel +# informs those binaries without this capability that they must cease +# processing transactions until they have been upgraded. For v1.0.x if any +# capabilities are defined (including a map with all capabilities turned off) +# then the v1.0.x peer will deliberately crash. +# +################################################################################ +Capabilities: + # Channel capabilities apply to both the orderers and the peers and must be + # supported by both. + # Set the value of the capability to true to require it. + Channel: &ChannelCapabilities + # V1.3 for Channel is a catchall flag for behavior which has been + # determined to be desired for all orderers and peers running at the v1.3.x + # level, but which would be incompatible with orderers and peers from + # prior releases. + # Prior to enabling V1.3 channel capabilities, ensure that all + # orderers and peers on a channel are at v1.3.0 or later. + V1_3: true + + # Orderer capabilities apply only to the orderers, and may be safely + # used with prior release peers. + # Set the value of the capability to true to require it. + Orderer: &OrdererCapabilities + # V1.1 for Orderer is a catchall flag for behavior which has been + # determined to be desired for all orderers running at the v1.1.x + # level, but which would be incompatible with orderers from prior releases. + # Prior to enabling V1.1 orderer capabilities, ensure that all + # orderers on a channel are at v1.1.0 or later. + V1_1: true + + # Application capabilities apply only to the peer network, and may be safely + # used with prior release orderers. + # Set the value of the capability to true to require it. + Application: &ApplicationCapabilities + # V1.3 for Application enables the new non-backwards compatible + # features and fixes of fabric v1.3. + V1_3: true + # V1.2 for Application enables the new non-backwards compatible + # features and fixes of fabric v1.2 (note, this need not be set if + # later version capabilities are set) + V1_2: false + # V1.1 for Application enables the new non-backwards compatible + # features and fixes of fabric v1.1 (note, this need not be set if + # later version capabilities are set). + V1_1: false + +################################################################################ +# +# SECTION: Application +# +# - This section defines the values to encode into a config transaction or +# genesis block for application related parameters +# +################################################################################ +Application: &ApplicationDefaults + + # Organizations is the list of orgs which are defined as participants on + # the application side of the network + Organizations: + + # Policies defines the set of policies at this level of the config tree + # For Application policies, their canonical path is + # /Channel/Application/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + + Capabilities: + <<: *ApplicationCapabilities +################################################################################ +# +# SECTION: Orderer +# +# - This section defines the values to encode into a config transaction or +# genesis block for orderer related parameters +# +################################################################################ +Orderer: &OrdererDefaults + + # Orderer Type: The orderer implementation to start + # Available types are "solo" and "kafka" + OrdererType: solo + + Addresses: + - orderer.example.com:7050 + + # Batch Timeout: The amount of time to wait before creating a batch + BatchTimeout: 2s + + # Batch Size: Controls the number of messages batched into a block + BatchSize: + + # Max Message Count: The maximum number of messages to permit in a batch + MaxMessageCount: 10 + + # Absolute Max Bytes: The absolute maximum number of bytes allowed for + # the serialized messages in a batch. + AbsoluteMaxBytes: 99 MB + + # Preferred Max Bytes: The preferred maximum number of bytes allowed for + # the serialized messages in a batch. A message larger than the preferred + # max bytes will result in a batch larger than preferred max bytes. + PreferredMaxBytes: 512 KB + + Kafka: + # Brokers: A list of Kafka brokers to which the orderer connects + # NOTE: Use IP:port notation + Brokers: + - 127.0.0.1:9092 + + # Organizations is the list of orgs which are defined as participants on + # the orderer side of the network + Organizations: + + # Policies defines the set of policies at this level of the config tree + # For Orderer policies, their canonical path is + # /Channel/Orderer/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # BlockValidation specifies what signatures must be included in the block + # from the orderer for the peer to validate it. + BlockValidation: + Type: ImplicitMeta + Rule: "ANY Writers" + +################################################################################ +# +# CHANNEL +# +# This section defines the values to encode into a config transaction or +# genesis block for channel related parameters. +# +################################################################################ +Channel: &ChannelDefaults + # Policies defines the set of policies at this level of the config tree + # For Channel policies, their canonical path is + # /Channel/ + Policies: + # Who may invoke the 'Deliver' API + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + # Who may invoke the 'Broadcast' API + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + # By default, who may modify elements at this config level + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + + # Capabilities describes the channel level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ChannelCapabilities + +################################################################################ +# +# Profile +# +# - Different configuration profiles may be encoded here to be specified +# as parameters to the configtxgen tool +# +################################################################################ +Profiles: + + TwoOrgsOrdererGenesis: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + Organizations: + - *OrdererOrg + Capabilities: + <<: *OrdererCapabilities + Consortiums: + SampleConsortium: + Organizations: + - *Org1 + - *Org2 + TwoOrgsChannel: + Consortium: SampleConsortium + <<: *ChannelDefaults + Application: + <<: *ApplicationDefaults + Organizations: + - *Org1 + - *Org2 + Capabilities: + <<: *ApplicationCapabilities + + SampleDevModeKafka: + <<: *ChannelDefaults + Capabilities: + <<: *ChannelCapabilities + Orderer: + <<: *OrdererDefaults + OrdererType: kafka + Kafka: + Brokers: + - kafka.example.com:9092 + + Organizations: + - *OrdererOrg + Capabilities: + <<: *OrdererCapabilities + Application: + <<: *ApplicationDefaults + Organizations: + - <<: *OrdererOrg + Consortiums: + SampleConsortium: + Organizations: + - *Org1 + - *Org2 + + SampleMultiNodeEtcdRaft: + <<: *ChannelDefaults + Capabilities: + <<: *ChannelCapabilities + Orderer: + <<: *OrdererDefaults + OrdererType: etcdraft + EtcdRaft: + Consenters: + - Host: orderer.example.com + Port: 7050 + ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt + - Host: orderer2.example.com + Port: 7050 + ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt + ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt + - Host: orderer3.example.com + Port: 7050 + ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt + ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt + - Host: orderer4.example.com + Port: 7050 + ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt + ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt + - Host: orderer5.example.com + Port: 7050 + ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt + ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt + - Host: orderer6.example.com + Port: 7050 + ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/server.crt + ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/server.crt + Addresses: + - orderer.example.com:7050 + - orderer2.example.com:7050 + - orderer3.example.com:7050 + - orderer4.example.com:7050 + - orderer5.example.com:7050 + - orderer6.example.com:7050 + + Organizations: + - *OrdererOrg + Capabilities: + <<: *OrdererCapabilities + Application: + <<: *ApplicationDefaults + Organizations: + - <<: *OrdererOrg + Consortiums: + SampleConsortium: + Organizations: + - *Org1 + - *Org2 diff --git a/first-network/add_orderer_genesis.log b/first-network/add_orderer_genesis.log new file mode 100644 index 00000000..44a23115 --- /dev/null +++ b/first-network/add_orderer_genesis.log @@ -0,0 +1,466 @@ +use default log. +2019-07-22 06:19:30.827 UTC [localconfig] completeInitialization -> INFO 001 Kafka.Version unset, setting to 0.10.2.0 +2019-07-22 06:19:30.843 UTC [orderer.common.server] prettyPrintStruct -> INFO 002 Orderer config values: + General.LedgerType = "file" + General.ListenAddress = "0.0.0.0" + General.ListenPort = 7050 + General.isOpenYxlog = false + General.LogPath = "/var/fabric_logs" + General.LogName = "orderer_log" + General.maxlinesPerFile = 0 + General.maxsizePerFile = 0 + General.maxTotalSize = 0 + General.maxdays = 0 + General.daily = false + General.rotate = false + General.isAutoDelete = false + General.yxLogLevel = 0 + General.TLS.Enabled = true + General.TLS.PrivateKey = "/var/hyperledger/orderer/tls/server.key" + General.TLS.Certificate = "/var/hyperledger/orderer/tls/server.crt" + General.TLS.RootCAs = [/var/hyperledger/orderer/tls/ca.crt] + General.TLS.ClientAuthRequired = false + General.TLS.ClientRootCAs = [] + General.Cluster.ListenAddress = "" + General.Cluster.ListenPort = 0 + General.Cluster.ServerCertificate = "" + General.Cluster.ServerPrivateKey = "" + General.Cluster.ClientCertificate = "/var/hyperledger/orderer/tls/server.crt" + General.Cluster.ClientPrivateKey = "/var/hyperledger/orderer/tls/server.key" + General.Cluster.RootCAs = [/var/hyperledger/orderer/tls/ca.crt] + General.Cluster.DialTimeout = 5s + General.Cluster.RPCTimeout = 7s + General.Cluster.ReplicationBufferSize = 20971520 + General.Cluster.ReplicationPullTimeout = 5s + General.Cluster.ReplicationRetryTimeout = 5s + General.Cluster.ReplicationBackgroundRefreshInterval = 5m0s + General.Cluster.ReplicationMaxRetries = 12 + General.Cluster.SendBufferSize = 10 + General.Cluster.CertExpirationWarningThreshold = 168h0m0s + General.Keepalive.ServerMinInterval = 1m0s + General.Keepalive.ServerInterval = 2h0m0s + General.Keepalive.ServerTimeout = 20s + General.GenesisMethod = "file" + General.GenesisProfile = "SampleInsecureSolo" + General.SystemChannel = "test-system-channel-name" + General.GenesisFile = "/var/hyperledger/orderer/orderer.genesis.block" + General.Profile.Enabled = false + General.Profile.Address = "0.0.0.0:6060" + General.LocalMSPDir = "/var/hyperledger/orderer/msp" + General.LocalMSPID = "OrdererMSP" + General.BCCSP.ProviderName = "SW" + General.BCCSP.SwOpts.SecLevel = 256 + General.BCCSP.SwOpts.HashFamily = "SHA2" + General.BCCSP.SwOpts.Ephemeral = false + General.BCCSP.SwOpts.FileKeystore.KeyStorePath = "/var/hyperledger/orderer/msp/keystore" + General.BCCSP.SwOpts.DummyKeystore = + General.BCCSP.SwOpts.InmemKeystore = + General.BCCSP.PluginOpts = + General.Authentication.TimeWindow = 15m0s + FileLedger.Location = "/var/hyperledger/production/orderer" + FileLedger.Prefix = "hyperledger-fabric-ordererledger" + FileLedger.DataDump.Enabled = false + FileLedger.DataDump.DumpDir = "/var/hyperledger/production/orderer/chains" + FileLedger.DataDump.LoadDir = "/var/hyperledger/production/orderer/chains" + FileLedger.DataDump.MaxFileLimit = 4096 + FileLedger.DataDump.DumpCron = [0 */5 * * * ? 0 0 * * * ?] + FileLedger.DataDump.DumpInterval = 5m0s + FileLedger.DataDump.LoadRetryTimes = 5 + RAMLedger.HistorySize = 1000 + Kafka.Retry.ShortInterval = 5s + Kafka.Retry.ShortTotal = 10m0s + Kafka.Retry.LongInterval = 5m0s + Kafka.Retry.LongTotal = 12h0m0s + Kafka.Retry.NetworkTimeouts.DialTimeout = 10s + Kafka.Retry.NetworkTimeouts.ReadTimeout = 10s + Kafka.Retry.NetworkTimeouts.WriteTimeout = 10s + Kafka.Retry.Metadata.RetryMax = 3 + Kafka.Retry.Metadata.RetryBackoff = 250ms + Kafka.Retry.Producer.RetryMax = 3 + Kafka.Retry.Producer.RetryBackoff = 100ms + Kafka.Retry.Consumer.RetryBackoff = 2s + Kafka.Verbose = true + Kafka.Version = 0.10.2.0 + Kafka.TLS.Enabled = false + Kafka.TLS.PrivateKey = "" + Kafka.TLS.Certificate = "" + Kafka.TLS.RootCAs = [] + Kafka.TLS.ClientAuthRequired = false + Kafka.TLS.ClientRootCAs = [] + Kafka.SASLPlain.Enabled = false + Kafka.SASLPlain.User = "" + Kafka.SASLPlain.Password = "" + Kafka.Topic.ReplicationFactor = 1 + Debug.BroadcastTraceDir = "" + Debug.DeliverTraceDir = "" + Consensus = map[WALDir:/var/hyperledger/production/orderer/etcdraft/wal SnapDir:/var/hyperledger/production/orderer/etcdraft/snapshot] + Operations.ListenAddress = "127.0.0.1:8443" + Operations.TLS.Enabled = false + Operations.TLS.PrivateKey = "" + Operations.TLS.Certificate = "" + Operations.TLS.RootCAs = [] + Operations.TLS.ClientAuthRequired = false + Operations.TLS.ClientRootCAs = [] + Metrics.Provider = "disabled" + Metrics.Statsd.Network = "udp" + Metrics.Statsd.Address = "127.0.0.1:8125" + Metrics.Statsd.WriteInterval = 30s + Metrics.Statsd.Prefix = "" +2019-07-22 06:19:30.874 UTC [orderer.common.server] initializeServerConfig -> INFO 003 Starting orderer with TLS enabled +2019-07-22 06:19:30.875 UTC [orderer.common.server] configureClusterListener -> INFO 004 Cluster listener is not configured, defaulting to use the general listener on port 7050 +2019-07-22 06:19:30.875 UTC [fsblkstorage] newBlockfileMgr -> INFO 005 Getting block information from block storage +2019-07-22 06:19:30.941 UTC [orderer.consensus.etcdraft] detectSelfID -> WARN 006 Could not find -----BEGIN CERTIFICATE----- +MIICXDCCAgOgAwIBAgIRAM+4vnDZ8FPXy05UiyumzagwCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MjIwNTQ4MDBaFw0yOTA3MTkwNTQ4MDBaMFkxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMR0wGwYDVQQDExRvcmRlcmVyNi5leGFtcGxlLmNvbTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABHehhL036Sh1TPBOCf8dbpjuzjc2DyJXmF8Bxi4U4sZ4 +WeKf7WuHotuhHZcCzx5Oz34aLE/6mLPbDBgaVfput9WjgZgwgZUwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMCsGA1UdIwQkMCKAIKoDjSYUPEtA8Fkkc34D7FdwIkCY8Gi8zgQ64gY/tbFg +MCkGA1UdEQQiMCCCFG9yZGVyZXI2LmV4YW1wbGUuY29tgghvcmRlcmVyNjAKBggq +hkjOPQQDAgNHADBEAiBEZyNWC3muZvcF4XT+/W4DGAjCq/1eQ8eGcAorvQNptwIg +QPbLb3OhaWc4dpAwn+IkSzzZJx0tuBRxfcznJxX3Tro= +-----END CERTIFICATE----- + among [-----BEGIN CERTIFICATE----- +MIICWDCCAf+gAwIBAgIQfOTFBqDBcfG8iixaAl2uRzAKBggqhkjOPQQDAjBsMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAYBgNVBAMTEXRsc2NhLmV4 +YW1wbGUuY29tMB4XDTE5MDcyMjA1MzQwMFoXDTI5MDcxOTA1MzQwMFowWDELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFu +Y2lzY28xHDAaBgNVBAMTE29yZGVyZXIuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAARtwVCGrNSb9okgQ4Tmq9c5lWR+Ye8YGWWaRovuHH3UCLY0 +w5VgpNNsFivMGChaTXfQHDLq3NFQ+A/ojaulG4Gao4GWMIGTMA4GA1UdDwEB/wQE +AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw +ADArBgNVHSMEJDAigCCqA40mFDxLQPBZJHN+A+xXcCJAmPBovM4EOuIGP7WxYDAn +BgNVHREEIDAeghNvcmRlcmVyLmV4YW1wbGUuY29tggdvcmRlcmVyMAoGCCqGSM49 +BAMCA0cAMEQCIC40SsoRsv6lxxKmaWsdscMT/ZqmGMhQlWTuBTGMy7W9AiAbaYSv +s4RErgwHkw7HXTzcEZVNVhYkdbJnxClbjDymtA== +-----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- +MIICXTCCAgOgAwIBAgIRAKWVN5W0oT8aaR0rorSB2dYwCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MjIwNTM0MDBaFw0yOTA3MTkwNTM0MDBaMFkxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMR0wGwYDVQQDExRvcmRlcmVyMi5leGFtcGxlLmNvbTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABFVlkPqUNWjyf6yre2c8JURY4n3DyFPEFPtPgS9mjMgR +7giN0PkSMTSYmrIedbNHsJ187xZzL8IIs8N35HW8scKjgZgwgZUwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMCsGA1UdIwQkMCKAIKoDjSYUPEtA8Fkkc34D7FdwIkCY8Gi8zgQ64gY/tbFg +MCkGA1UdEQQiMCCCFG9yZGVyZXIyLmV4YW1wbGUuY29tgghvcmRlcmVyMjAKBggq +hkjOPQQDAgNIADBFAiEAzz/kBXYknE0JVvicAjzohLYFw83IrZlk/xCTousGDIAC +IG4Zfax/TEiOQZpMX3MOycj/j8agIm7MKKA9842DCH+r +-----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- +MIICWzCCAgKgAwIBAgIQZeujwj2lcxe9R5+c8Az2UzAKBggqhkjOPQQDAjBsMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAYBgNVBAMTEXRsc2NhLmV4 +YW1wbGUuY29tMB4XDTE5MDcyMjA1MzQwMFoXDTI5MDcxOTA1MzQwMFowWTELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFu +Y2lzY28xHTAbBgNVBAMTFG9yZGVyZXIzLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEldWlreqDNijrjhsUl+KDUHcK4SYc7yAyF2Y0LWFn5rWQ ++bOkK5ld5Tf24jy3xiOi90tcXqlzFtIXmjttEJPEQqOBmDCBlTAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC +MAAwKwYDVR0jBCQwIoAgqgONJhQ8S0DwWSRzfgPsV3AiQJjwaLzOBDriBj+1sWAw +KQYDVR0RBCIwIIIUb3JkZXJlcjMuZXhhbXBsZS5jb22CCG9yZGVyZXIzMAoGCCqG +SM49BAMCA0cAMEQCIBDDst1+QRwqyV2DvY0lhyGlVP3LJdk2TD9tSyPbOfICAiBG +WgPpJTaRz+Y8WxxcwDEW0oXosRblt2gJ/a/01O7+CQ== +-----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- +MIICXDCCAgOgAwIBAgIRAMweMx8+91bpQOl6bGYiJY4wCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MjIwNTM0MDBaFw0yOTA3MTkwNTM0MDBaMFkxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMR0wGwYDVQQDExRvcmRlcmVyNC5leGFtcGxlLmNvbTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABIT1n5tdRdUXMKaP492pjHT1mRIeTunkJFIml/mVJuph +bnsuJ8Hr10qlLTT4tnnTKXPTo5xrUjW+LY/TEyOfMyCjgZgwgZUwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMCsGA1UdIwQkMCKAIKoDjSYUPEtA8Fkkc34D7FdwIkCY8Gi8zgQ64gY/tbFg +MCkGA1UdEQQiMCCCFG9yZGVyZXI0LmV4YW1wbGUuY29tgghvcmRlcmVyNDAKBggq +hkjOPQQDAgNHADBEAiBhLeLYbYT5GicQ+cjWvcBxaXZawhbDiOkuOukr6jIJxQIg +GUH3JTZjZ62cgyJOJt1f9iSppOTomvTE6aYrB2KIf10= +-----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- +MIICXDCCAgOgAwIBAgIRAPAzf/s/NW79cfknWc9E1V0wCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MjIwNTM0MDBaFw0yOTA3MTkwNTM0MDBaMFkxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMR0wGwYDVQQDExRvcmRlcmVyNS5leGFtcGxlLmNvbTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABP396kVr8nGVQ6Y6K0ZbNuenC16Z6as4gHjTE4heCOUy +1D3FOm07t5oucXtetlKvlVl8nq0QkJFWLgSJx8s4z8CjgZgwgZUwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMCsGA1UdIwQkMCKAIKoDjSYUPEtA8Fkkc34D7FdwIkCY8Gi8zgQ64gY/tbFg +MCkGA1UdEQQiMCCCFG9yZGVyZXI1LmV4YW1wbGUuY29tgghvcmRlcmVyNTAKBggq +hkjOPQQDAgNHADBEAiB0JPvoUQGs1Vk/Sb5EwsguB7sYlUiLw901yEbQG4Of4gIg +XfxLcBZGnq3XfOoqIazj1x91VgeHBS+LgwCyu2Nhw28= +-----END CERTIFICATE----- +] +2019-07-22 06:19:30.941 UTC [orderer.common.server] TrackChain -> INFO 007 Adding byfn-sys-channel to the set of chains to track +2019-07-22 06:19:30.942 UTC [orderer.commmon.multichannel] Initialize -> INFO 008 Starting system channel 'byfn-sys-channel' with genesis block hash 73ec77b9135630efc8ab310e825f8e0e03ffb43e94691ebe2c72413ca8367520 and orderer type etcdraft +2019-07-22 06:19:30.942 UTC [orderer.common.server] Start -> INFO 009 Starting orderer: + Version: 1.4.1-snapshot-2fd9f46 + Commit SHA: 2fd9f46 + Go version: go1.11.5 + OS/Arch: linux/amd64 +2019-07-22 06:19:30.942 UTC [orderer.common.server] Start -> INFO 00a Beginning to serve requests +2019-07-22 06:19:40.933 UTC [orderer.common.server] replicateDisabledChains -> INFO 00b Found 1 inactive chains: [byfn-sys-channel] +2019-07-22 06:19:40.933 UTC [orderer.common.cluster] ReplicateChains -> INFO 00c Will now replicate chains [byfn-sys-channel] +2019-07-22 06:19:40.944 UTC [orderer.common.cluster] discoverChannels -> INFO 00d Discovered 1 channels: [byfn-sys-channel] +2019-07-22 06:19:40.944 UTC [orderer.common.cluster] channelsToPull -> INFO 00e Evaluating channels to pull: [byfn-sys-channel] +2019-07-22 06:19:40.945 UTC [orderer.common.cluster] channelsToPull -> INFO 00f Probing whether I should pull channel byfn-sys-channel +2019-07-22 06:19:40.959 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 010 orderer2.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:40.960 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 011 orderer.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:40.960 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 012 orderer3.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:40.963 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 013 orderer4.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:40.965 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 014 orderer5.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:40.965 UTC [orderer.common.cluster.replication] HeightsByEndpoints -> INFO 015 Returning the heights of OSNs mapped by endpoints map[orderer2.example.com:7050:3 orderer.example.com:7050:3 orderer3.example.com:7050:3 orderer4.example.com:7050:3 orderer5.example.com:7050:3] +2019-07-22 06:19:40.983 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 016 orderer2.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:40.983 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 017 orderer3.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:40.986 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 018 orderer5.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:40.987 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 019 orderer.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:40.989 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 01a orderer4.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:40.989 UTC [orderer.common.cluster.replication] connectToSomeEndpoint -> INFO 01b Connected to orderer4.example.com:7050 with last block seq of 2 +2019-07-22 06:19:40.990 UTC [orderer.common.cluster.replication] obtainStream -> INFO 01c Sending request for block [2] to orderer4.example.com:7050 +2019-07-22 06:19:40.992 UTC [orderer.common.cluster.replication] pullBlocks -> INFO 01d Got block [2] of size 40 KB from orderer4.example.com:7050 +2019-07-22 06:19:41.004 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 01e orderer2.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.008 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 01f orderer.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.009 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 020 orderer3.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.010 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 021 orderer4.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.010 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 022 orderer5.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.010 UTC [orderer.common.cluster.replication] connectToSomeEndpoint -> INFO 023 Connected to orderer2.example.com:7050 with last block seq of 2 +2019-07-22 06:19:41.010 UTC [orderer.common.cluster.replication] obtainStream -> INFO 024 Sending request for block [2] to orderer2.example.com:7050 +2019-07-22 06:19:41.012 UTC [orderer.common.cluster.replication] pullBlocks -> INFO 025 Got block [2] of size 40 KB from orderer2.example.com:7050 +2019-07-22 06:19:41.021 UTC [orderer.common.cluster] channelsToPull -> INFO 026 I need to pull channel byfn-sys-channel +2019-07-22 06:19:41.021 UTC [orderer.common.cluster] ReplicateChains -> INFO 027 Found myself in 1 channels out of 1 : {[{byfn-sys-channel 0xc0009c6c40}] []} +2019-07-22 06:19:41.021 UTC [orderer.common.cluster] appendBlock -> INFO 028 Skipping commit of block [0] for channel byfn-sys-channel because height is at 1 +2019-07-22 06:19:41.021 UTC [orderer.common.cluster] PullChannel -> INFO 029 Pulling channel byfn-sys-channel +2019-07-22 06:19:41.033 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 02a orderer4.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.033 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 02b orderer2.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.034 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 02c orderer.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.035 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 02d orderer3.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.035 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 02e orderer5.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.036 UTC [orderer.common.cluster.replication] HeightsByEndpoints -> INFO 02f Returning the heights of OSNs mapped by endpoints map[orderer4.example.com:7050:3 orderer2.example.com:7050:3 orderer.example.com:7050:3 orderer3.example.com:7050:3 orderer5.example.com:7050:3] +2019-07-22 06:19:41.036 UTC [orderer.common.cluster] PullChannel -> INFO 030 Latest block height for channel byfn-sys-channel is 3 +2019-07-22 06:19:41.050 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 031 orderer2.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.051 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 032 orderer.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.052 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 033 orderer4.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.052 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 034 orderer5.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.054 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 035 orderer3.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.054 UTC [orderer.common.cluster.replication] connectToSomeEndpoint -> INFO 036 Connected to orderer5.example.com:7050 with last block seq of 2 +2019-07-22 06:19:41.054 UTC [orderer.common.cluster.replication] obtainStream -> INFO 037 Sending request for block [1] to orderer5.example.com:7050 +2019-07-22 06:19:41.057 UTC [orderer.common.cluster.replication] pullBlocks -> INFO 038 Got block [1] of size 26 KB from orderer5.example.com:7050 +2019-07-22 06:19:41.057 UTC [orderer.common.cluster.replication] pullBlocks -> INFO 039 Got block [2] of size 40 KB from orderer5.example.com:7050 +2019-07-22 06:19:41.062 UTC [orderer.common.cluster] appendBlock -> INFO 03a Committed block [1] for channel byfn-sys-channel +2019-07-22 06:19:41.078 UTC [orderer.common.cluster] appendBlock -> INFO 03b Committed block [2] for channel byfn-sys-channel +2019-07-22 06:19:41.078 UTC [orderer.common.cluster] PullChannel -> INFO 03c Pulling channel byfn-sys-channel +2019-07-22 06:19:41.090 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 03d orderer4.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.091 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 03e orderer5.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.091 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 03f orderer.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.093 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 040 orderer2.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.094 UTC [orderer.common.cluster.replication] fetchLastBlockSeq -> INFO 041 orderer3.example.com:7050 is at block sequence of 2 +2019-07-22 06:19:41.094 UTC [orderer.common.cluster.replication] HeightsByEndpoints -> INFO 042 Returning the heights of OSNs mapped by endpoints map[orderer.example.com:7050:3 orderer2.example.com:7050:3 orderer3.example.com:7050:3 orderer4.example.com:7050:3 orderer5.example.com:7050:3] +2019-07-22 06:19:41.094 UTC [orderer.common.cluster] PullChannel -> INFO 043 Latest block height for channel byfn-sys-channel is 3 +2019-07-22 06:19:41.094 UTC [orderer.common.cluster] pullChannelBlocks -> INFO 044 Latest height found (3) is equal to our height, skipping pulling channel byfn-sys-channel +2019-07-22 06:19:41.094 UTC [orderer.common.server] replicateDisabledChains -> INFO 045 Successfully replicated 1 chains: [byfn-sys-channel] +2019-07-22 06:19:41.095 UTC [orderer.commmon.multichannel] CreateChain -> INFO 046 A chain of type *inactive.Chain for channel byfn-sys-channel already exists. Halting it. +2019-07-22 06:19:41.105 UTC [orderer.consensus.etcdraft] HandleChain -> INFO 047 EvictionSuspicion not set, defaulting to 10m0s +2019-07-22 06:19:41.105 UTC [orderer.consensus.etcdraft] createOrReadWAL -> INFO 048 No WAL data found, creating new WAL at path '/var/hyperledger/production/orderer/etcdraft/wal/byfn-sys-channel' channel=byfn-sys-channel node=6 +2019-07-22 06:19:41.121 UTC [orderer.commmon.multichannel] newChain -> INFO 049 Created and starting new chain byfn-sys-channel +2019-07-22 06:19:41.122 UTC [orderer.consensus.etcdraft] Start -> INFO 04a Starting Raft node channel=byfn-sys-channel node=6 +2019-07-22 06:19:41.122 UTC [orderer.common.cluster] Configure -> INFO 04b Entering, channel: byfn-sys-channel, nodes: [ID: 5, +Endpoint: orderer5.example.com:7050, +ServerTLSCert:-----BEGIN CERTIFICATE----- +MIICXDCCAgOgAwIBAgIRAPAzf/s/NW79cfknWc9E1V0wCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MjIwNTM0MDBaFw0yOTA3MTkwNTM0MDBaMFkxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMR0wGwYDVQQDExRvcmRlcmVyNS5leGFtcGxlLmNvbTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABP396kVr8nGVQ6Y6K0ZbNuenC16Z6as4gHjTE4heCOUy +1D3FOm07t5oucXtetlKvlVl8nq0QkJFWLgSJx8s4z8CjgZgwgZUwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMCsGA1UdIwQkMCKAIKoDjSYUPEtA8Fkkc34D7FdwIkCY8Gi8zgQ64gY/tbFg +MCkGA1UdEQQiMCCCFG9yZGVyZXI1LmV4YW1wbGUuY29tgghvcmRlcmVyNTAKBggq +hkjOPQQDAgNHADBEAiB0JPvoUQGs1Vk/Sb5EwsguB7sYlUiLw901yEbQG4Of4gIg +XfxLcBZGnq3XfOoqIazj1x91VgeHBS+LgwCyu2Nhw28= +-----END CERTIFICATE----- +, ClientTLSCert:-----BEGIN CERTIFICATE----- +MIICXDCCAgOgAwIBAgIRAPAzf/s/NW79cfknWc9E1V0wCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MjIwNTM0MDBaFw0yOTA3MTkwNTM0MDBaMFkxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMR0wGwYDVQQDExRvcmRlcmVyNS5leGFtcGxlLmNvbTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABP396kVr8nGVQ6Y6K0ZbNuenC16Z6as4gHjTE4heCOUy +1D3FOm07t5oucXtetlKvlVl8nq0QkJFWLgSJx8s4z8CjgZgwgZUwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMCsGA1UdIwQkMCKAIKoDjSYUPEtA8Fkkc34D7FdwIkCY8Gi8zgQ64gY/tbFg +MCkGA1UdEQQiMCCCFG9yZGVyZXI1LmV4YW1wbGUuY29tgghvcmRlcmVyNTAKBggq +hkjOPQQDAgNHADBEAiB0JPvoUQGs1Vk/Sb5EwsguB7sYlUiLw901yEbQG4Of4gIg +XfxLcBZGnq3XfOoqIazj1x91VgeHBS+LgwCyu2Nhw28= +-----END CERTIFICATE----- + ID: 1, +Endpoint: orderer.example.com:7050, +ServerTLSCert:-----BEGIN CERTIFICATE----- +MIICWDCCAf+gAwIBAgIQfOTFBqDBcfG8iixaAl2uRzAKBggqhkjOPQQDAjBsMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAYBgNVBAMTEXRsc2NhLmV4 +YW1wbGUuY29tMB4XDTE5MDcyMjA1MzQwMFoXDTI5MDcxOTA1MzQwMFowWDELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFu +Y2lzY28xHDAaBgNVBAMTE29yZGVyZXIuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAARtwVCGrNSb9okgQ4Tmq9c5lWR+Ye8YGWWaRovuHH3UCLY0 +w5VgpNNsFivMGChaTXfQHDLq3NFQ+A/ojaulG4Gao4GWMIGTMA4GA1UdDwEB/wQE +AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw +ADArBgNVHSMEJDAigCCqA40mFDxLQPBZJHN+A+xXcCJAmPBovM4EOuIGP7WxYDAn +BgNVHREEIDAeghNvcmRlcmVyLmV4YW1wbGUuY29tggdvcmRlcmVyMAoGCCqGSM49 +BAMCA0cAMEQCIC40SsoRsv6lxxKmaWsdscMT/ZqmGMhQlWTuBTGMy7W9AiAbaYSv +s4RErgwHkw7HXTzcEZVNVhYkdbJnxClbjDymtA== +-----END CERTIFICATE----- +, ClientTLSCert:-----BEGIN CERTIFICATE----- +MIICWDCCAf+gAwIBAgIQfOTFBqDBcfG8iixaAl2uRzAKBggqhkjOPQQDAjBsMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAYBgNVBAMTEXRsc2NhLmV4 +YW1wbGUuY29tMB4XDTE5MDcyMjA1MzQwMFoXDTI5MDcxOTA1MzQwMFowWDELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFu +Y2lzY28xHDAaBgNVBAMTE29yZGVyZXIuZXhhbXBsZS5jb20wWTATBgcqhkjOPQIB +BggqhkjOPQMBBwNCAARtwVCGrNSb9okgQ4Tmq9c5lWR+Ye8YGWWaRovuHH3UCLY0 +w5VgpNNsFivMGChaTXfQHDLq3NFQ+A/ojaulG4Gao4GWMIGTMA4GA1UdDwEB/wQE +AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIw +ADArBgNVHSMEJDAigCCqA40mFDxLQPBZJHN+A+xXcCJAmPBovM4EOuIGP7WxYDAn +BgNVHREEIDAeghNvcmRlcmVyLmV4YW1wbGUuY29tggdvcmRlcmVyMAoGCCqGSM49 +BAMCA0cAMEQCIC40SsoRsv6lxxKmaWsdscMT/ZqmGMhQlWTuBTGMy7W9AiAbaYSv +s4RErgwHkw7HXTzcEZVNVhYkdbJnxClbjDymtA== +-----END CERTIFICATE----- + ID: 2, +Endpoint: orderer2.example.com:7050, +ServerTLSCert:-----BEGIN CERTIFICATE----- +MIICXTCCAgOgAwIBAgIRAKWVN5W0oT8aaR0rorSB2dYwCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MjIwNTM0MDBaFw0yOTA3MTkwNTM0MDBaMFkxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMR0wGwYDVQQDExRvcmRlcmVyMi5leGFtcGxlLmNvbTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABFVlkPqUNWjyf6yre2c8JURY4n3DyFPEFPtPgS9mjMgR +7giN0PkSMTSYmrIedbNHsJ187xZzL8IIs8N35HW8scKjgZgwgZUwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMCsGA1UdIwQkMCKAIKoDjSYUPEtA8Fkkc34D7FdwIkCY8Gi8zgQ64gY/tbFg +MCkGA1UdEQQiMCCCFG9yZGVyZXIyLmV4YW1wbGUuY29tgghvcmRlcmVyMjAKBggq +hkjOPQQDAgNIADBFAiEAzz/kBXYknE0JVvicAjzohLYFw83IrZlk/xCTousGDIAC +IG4Zfax/TEiOQZpMX3MOycj/j8agIm7MKKA9842DCH+r +-----END CERTIFICATE----- +, ClientTLSCert:-----BEGIN CERTIFICATE----- +MIICXTCCAgOgAwIBAgIRAKWVN5W0oT8aaR0rorSB2dYwCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MjIwNTM0MDBaFw0yOTA3MTkwNTM0MDBaMFkxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMR0wGwYDVQQDExRvcmRlcmVyMi5leGFtcGxlLmNvbTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABFVlkPqUNWjyf6yre2c8JURY4n3DyFPEFPtPgS9mjMgR +7giN0PkSMTSYmrIedbNHsJ187xZzL8IIs8N35HW8scKjgZgwgZUwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMCsGA1UdIwQkMCKAIKoDjSYUPEtA8Fkkc34D7FdwIkCY8Gi8zgQ64gY/tbFg +MCkGA1UdEQQiMCCCFG9yZGVyZXIyLmV4YW1wbGUuY29tgghvcmRlcmVyMjAKBggq +hkjOPQQDAgNIADBFAiEAzz/kBXYknE0JVvicAjzohLYFw83IrZlk/xCTousGDIAC +IG4Zfax/TEiOQZpMX3MOycj/j8agIm7MKKA9842DCH+r +-----END CERTIFICATE----- + ID: 3, +Endpoint: orderer3.example.com:7050, +ServerTLSCert:-----BEGIN CERTIFICATE----- +MIICWzCCAgKgAwIBAgIQZeujwj2lcxe9R5+c8Az2UzAKBggqhkjOPQQDAjBsMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAYBgNVBAMTEXRsc2NhLmV4 +YW1wbGUuY29tMB4XDTE5MDcyMjA1MzQwMFoXDTI5MDcxOTA1MzQwMFowWTELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFu +Y2lzY28xHTAbBgNVBAMTFG9yZGVyZXIzLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEldWlreqDNijrjhsUl+KDUHcK4SYc7yAyF2Y0LWFn5rWQ ++bOkK5ld5Tf24jy3xiOi90tcXqlzFtIXmjttEJPEQqOBmDCBlTAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC +MAAwKwYDVR0jBCQwIoAgqgONJhQ8S0DwWSRzfgPsV3AiQJjwaLzOBDriBj+1sWAw +KQYDVR0RBCIwIIIUb3JkZXJlcjMuZXhhbXBsZS5jb22CCG9yZGVyZXIzMAoGCCqG +SM49BAMCA0cAMEQCIBDDst1+QRwqyV2DvY0lhyGlVP3LJdk2TD9tSyPbOfICAiBG +WgPpJTaRz+Y8WxxcwDEW0oXosRblt2gJ/a/01O7+CQ== +-----END CERTIFICATE----- +, ClientTLSCert:-----BEGIN CERTIFICATE----- +MIICWzCCAgKgAwIBAgIQZeujwj2lcxe9R5+c8Az2UzAKBggqhkjOPQQDAjBsMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xGjAYBgNVBAMTEXRsc2NhLmV4 +YW1wbGUuY29tMB4XDTE5MDcyMjA1MzQwMFoXDTI5MDcxOTA1MzQwMFowWTELMAkG +A1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFu +Y2lzY28xHTAbBgNVBAMTFG9yZGVyZXIzLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0C +AQYIKoZIzj0DAQcDQgAEldWlreqDNijrjhsUl+KDUHcK4SYc7yAyF2Y0LWFn5rWQ ++bOkK5ld5Tf24jy3xiOi90tcXqlzFtIXmjttEJPEQqOBmDCBlTAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC +MAAwKwYDVR0jBCQwIoAgqgONJhQ8S0DwWSRzfgPsV3AiQJjwaLzOBDriBj+1sWAw +KQYDVR0RBCIwIIIUb3JkZXJlcjMuZXhhbXBsZS5jb22CCG9yZGVyZXIzMAoGCCqG +SM49BAMCA0cAMEQCIBDDst1+QRwqyV2DvY0lhyGlVP3LJdk2TD9tSyPbOfICAiBG +WgPpJTaRz+Y8WxxcwDEW0oXosRblt2gJ/a/01O7+CQ== +-----END CERTIFICATE----- + ID: 4, +Endpoint: orderer4.example.com:7050, +ServerTLSCert:-----BEGIN CERTIFICATE----- +MIICXDCCAgOgAwIBAgIRAMweMx8+91bpQOl6bGYiJY4wCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MjIwNTM0MDBaFw0yOTA3MTkwNTM0MDBaMFkxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMR0wGwYDVQQDExRvcmRlcmVyNC5leGFtcGxlLmNvbTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABIT1n5tdRdUXMKaP492pjHT1mRIeTunkJFIml/mVJuph +bnsuJ8Hr10qlLTT4tnnTKXPTo5xrUjW+LY/TEyOfMyCjgZgwgZUwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMCsGA1UdIwQkMCKAIKoDjSYUPEtA8Fkkc34D7FdwIkCY8Gi8zgQ64gY/tbFg +MCkGA1UdEQQiMCCCFG9yZGVyZXI0LmV4YW1wbGUuY29tgghvcmRlcmVyNDAKBggq +hkjOPQQDAgNHADBEAiBhLeLYbYT5GicQ+cjWvcBxaXZawhbDiOkuOukr6jIJxQIg +GUH3JTZjZ62cgyJOJt1f9iSppOTomvTE6aYrB2KIf10= +-----END CERTIFICATE----- +, ClientTLSCert:-----BEGIN CERTIFICATE----- +MIICXDCCAgOgAwIBAgIRAMweMx8+91bpQOl6bGYiJY4wCgYIKoZIzj0EAwIwbDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRowGAYDVQQDExF0bHNjYS5l +eGFtcGxlLmNvbTAeFw0xOTA3MjIwNTM0MDBaFw0yOTA3MTkwNTM0MDBaMFkxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJh +bmNpc2NvMR0wGwYDVQQDExRvcmRlcmVyNC5leGFtcGxlLmNvbTBZMBMGByqGSM49 +AgEGCCqGSM49AwEHA0IABIT1n5tdRdUXMKaP492pjHT1mRIeTunkJFIml/mVJuph +bnsuJ8Hr10qlLTT4tnnTKXPTo5xrUjW+LY/TEyOfMyCjgZgwgZUwDgYDVR0PAQH/ +BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8E +AjAAMCsGA1UdIwQkMCKAIKoDjSYUPEtA8Fkkc34D7FdwIkCY8Gi8zgQ64gY/tbFg +MCkGA1UdEQQiMCCCFG9yZGVyZXI0LmV4YW1wbGUuY29tgghvcmRlcmVyNDAKBggq +hkjOPQQDAgNHADBEAiBhLeLYbYT5GicQ+cjWvcBxaXZawhbDiOkuOukr6jIJxQIg +GUH3JTZjZ62cgyJOJt1f9iSppOTomvTE6aYrB2KIf10= +-----END CERTIFICATE----- +] +2019-07-22 06:19:41.122 UTC [orderer.common.cluster] updateStubInMapping -> INFO 04c Allocating a new stub for node 5 with endpoint of orderer5.example.com:7050 for channel byfn-sys-channel +2019-07-22 06:19:41.122 UTC [orderer.common.cluster] updateStubInMapping -> INFO 04d Deactivating node 5 in channel byfn-sys-channel with endpoint of orderer5.example.com:7050 due to TLS certificate change +2019-07-22 06:19:41.123 UTC [orderer.common.cluster] updateStubInMapping -> INFO 04e Allocating a new stub for node 1 with endpoint of orderer.example.com:7050 for channel byfn-sys-channel +2019-07-22 06:19:41.123 UTC [orderer.common.cluster] updateStubInMapping -> INFO 04f Deactivating node 1 in channel byfn-sys-channel with endpoint of orderer.example.com:7050 due to TLS certificate change +2019-07-22 06:19:41.124 UTC [orderer.common.cluster] updateStubInMapping -> INFO 050 Allocating a new stub for node 2 with endpoint of orderer2.example.com:7050 for channel byfn-sys-channel +2019-07-22 06:19:41.124 UTC [orderer.common.cluster] updateStubInMapping -> INFO 051 Deactivating node 2 in channel byfn-sys-channel with endpoint of orderer2.example.com:7050 due to TLS certificate change +2019-07-22 06:19:41.125 UTC [orderer.common.cluster] updateStubInMapping -> INFO 052 Allocating a new stub for node 3 with endpoint of orderer3.example.com:7050 for channel byfn-sys-channel +2019-07-22 06:19:41.125 UTC [orderer.common.cluster] updateStubInMapping -> INFO 053 Deactivating node 3 in channel byfn-sys-channel with endpoint of orderer3.example.com:7050 due to TLS certificate change +2019-07-22 06:19:41.126 UTC [orderer.common.cluster] updateStubInMapping -> INFO 054 Allocating a new stub for node 4 with endpoint of orderer4.example.com:7050 for channel byfn-sys-channel +2019-07-22 06:19:41.126 UTC [orderer.common.cluster] updateStubInMapping -> INFO 055 Deactivating node 4 in channel byfn-sys-channel with endpoint of orderer4.example.com:7050 due to TLS certificate change +2019-07-22 06:19:41.127 UTC [orderer.common.cluster] applyMembershipConfig -> INFO 056 5 exists in both old and new membership for channel byfn-sys-channel , skipping its deactivation +2019-07-22 06:19:41.127 UTC [orderer.common.cluster] applyMembershipConfig -> INFO 057 1 exists in both old and new membership for channel byfn-sys-channel , skipping its deactivation +2019-07-22 06:19:41.127 UTC [orderer.common.cluster] applyMembershipConfig -> INFO 058 2 exists in both old and new membership for channel byfn-sys-channel , skipping its deactivation +2019-07-22 06:19:41.127 UTC [orderer.common.cluster] applyMembershipConfig -> INFO 059 3 exists in both old and new membership for channel byfn-sys-channel , skipping its deactivation +2019-07-22 06:19:41.127 UTC [orderer.common.cluster] applyMembershipConfig -> INFO 05a 4 exists in both old and new membership for channel byfn-sys-channel , skipping its deactivation +2019-07-22 06:19:41.127 UTC [orderer.common.cluster] Configure -> INFO 05b Exiting +2019-07-22 06:19:41.127 UTC [orderer.consensus.etcdraft] start -> INFO 05c Starting raft node to join an existing channel channel=byfn-sys-channel node=6 +2019-07-22 06:19:41.127 UTC [orderer.consensus.etcdraft] becomeFollower -> INFO 05d 6 became follower at term 0 channel=byfn-sys-channel node=6 +2019-07-22 06:19:41.127 UTC [orderer.consensus.etcdraft] newRaft -> INFO 05e newRaft 6 [peers: [], term: 0, commit: 0, applied: 0, lastindex: 0, lastterm: 0] channel=byfn-sys-channel node=6 +2019-07-22 06:19:41.127 UTC [orderer.consensus.etcdraft] becomeFollower -> INFO 05f 6 became follower at term 1 channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.205 UTC [orderer.consensus.etcdraft] Step -> INFO 060 6 [term: 1] received a MsgHeartbeat message with higher term from 5 [term: 2] channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.206 UTC [orderer.consensus.etcdraft] becomeFollower -> INFO 061 6 became follower at term 2 channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.206 UTC [orderer.consensus.etcdraft] run -> INFO 062 raft.node: 6 elected leader 5 at term 2 channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.219 UTC [orderer.consensus.etcdraft] serveRequest -> INFO 063 Raft leader changed: 0 -> 5 channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.226 UTC [orderer.consensus.etcdraft] apply -> INFO 064 Applied config change to add node 1, current nodes in channel: [1] channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.226 UTC [orderer.consensus.etcdraft] apply -> INFO 065 Applied config change to add node 2, current nodes in channel: [1 2] channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.226 UTC [orderer.consensus.etcdraft] apply -> INFO 066 Applied config change to add node 3, current nodes in channel: [1 2 3] channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.226 UTC [orderer.consensus.etcdraft] apply -> INFO 067 Applied config change to add node 4, current nodes in channel: [1 2 3 4] channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.226 UTC [orderer.consensus.etcdraft] apply -> INFO 068 Applied config change to add node 5, current nodes in channel: [1 2 3 4 5] channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.226 UTC [orderer.consensus.etcdraft] writeBlock -> INFO 069 Got block [2], expect block [3], this node was forced to catch up channel=byfn-sys-channel node=6 +2019-07-22 06:20:23.226 UTC [orderer.consensus.etcdraft] apply -> INFO 06a Applied config change to add node 6, current nodes in channel: [1 2 3 4 5 6] channel=byfn-sys-channel node=6 diff --git a/first-network/clean.sh b/first-network/clean.sh new file mode 100755 index 00000000..fc3c6ddf --- /dev/null +++ b/first-network/clean.sh @@ -0,0 +1,3 @@ +#!/bin/bash +docker rm -f $(docker ps -aq) +docker volume rm $(docker volume ls -q) diff --git a/first-network/crypto-config-orderer6.yaml b/first-network/crypto-config-orderer6.yaml new file mode 100644 index 00000000..544bf4ff --- /dev/null +++ b/first-network/crypto-config-orderer6.yaml @@ -0,0 +1,12 @@ + +OrdererOrgs: + # --------------------------------------------------------------------------- + # Orderer + # --------------------------------------------------------------------------- + - Name: Orderer + Domain: example.com + # --------------------------------------------------------------------------- + # "Specs" - See PeerOrgs below for complete description + # --------------------------------------------------------------------------- + Specs: + - Hostname: orderer6 diff --git a/first-network/docker-compose-cli-gm.yaml b/first-network/docker-compose-cli-gm.yaml new file mode 100644 index 00000000..715663e1 --- /dev/null +++ b/first-network/docker-compose-cli-gm.yaml @@ -0,0 +1,114 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '2' + +volumes: + orderer.example.com: + peer0.org1.example.com: + peer1.org1.example.com: + peer0.org2.example.com: + peer1.org2.example.com: + +networks: + byfn: + +services: + + orderer.example.com: + environment: + - ORDERER_FILELEDGER_DATADUMP_ENABLED=false + - ORDERER_GENERAL_ISOPENYXLOG=false + - ORDERER_GENERAL_BCCSP_DEFAULT=GM + extends: + file: base/docker-compose-base.yaml + service: orderer.example.com + container_name: orderer.example.com + networks: + - byfn + + peer0.org1.example.com: + container_name: peer0.org1.example.com + environment: + - CORE_LEDGER_DATADUMP_ENABLED=false + - CORE_LOGGING_ISOPENYXLOG=false + - CORE_PEER_BCCSP_DEFAULT=GM + extends: + file: base/docker-compose-base.yaml + service: peer0.org1.example.com + networks: + - byfn + + peer1.org1.example.com: + container_name: peer1.org1.example.com + environment: + - CORE_LEDGER_DATADUMP_ENABLED=false + - CORE_LOGGING_ISOPENYXLOG=false + - CORE_PEER_BCCSP_DEFAULT=GM + extends: + file: base/docker-compose-base.yaml + service: peer1.org1.example.com + networks: + - byfn + + peer0.org2.example.com: + container_name: peer0.org2.example.com + environment: + - CORE_LEDGER_DATADUMP_ENABLED=false + - CORE_LOGGING_ISOPENYXLOG=false + - CORE_PEER_BCCSP_DEFAULT=GM + extends: + file: base/docker-compose-base.yaml + service: peer0.org2.example.com + networks: + - byfn + + peer1.org2.example.com: + container_name: peer1.org2.example.com + environment: + - CORE_LEDGER_DATADUMP_ENABLED=false + - CORE_LOGGING_ISOPENYXLOG=false + - CORE_PEER_BCCSP_DEFAULT=GM + extends: + file: base/docker-compose-base.yaml + service: peer1.org2.example.com + networks: + - byfn + + cli: + container_name: cli + image: hyperledger/fabric-tools:$IMAGE_TAG + tty: true + stdin_open: true + environment: + - CORE_PEER_BCCSP_DEFAULT=GM + - GOPATH=/opt/gopath + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + #- FABRIC_LOGGING_SPEC=DEBUG + - FABRIC_LOGGING_SPEC=INFO + - CORE_PEER_ID=cli + - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 + - CORE_PEER_LOCALMSPID=Org1MSP + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt + - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp + working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer + command: /bin/bash + volumes: + - /var/run/:/host/var/run/ + - ./../chaincode/:/opt/gopath/src/github.com/chaincode + - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ + - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ + - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts + depends_on: + - orderer.example.com + - peer0.org1.example.com + - peer1.org1.example.com + - peer0.org2.example.com + - peer1.org2.example.com + networks: + - byfn diff --git a/first-network/docker-compose-cli.yaml b/first-network/docker-compose-cli.yaml index a18bbc25..06729de1 100644 --- a/first-network/docker-compose-cli.yaml +++ b/first-network/docker-compose-cli.yaml @@ -22,6 +22,8 @@ services: file: base/docker-compose-base.yaml service: orderer.example.com container_name: orderer.example.com + volumes: + - ./yaml:/etc/hyperledger/fabric networks: - byfn diff --git a/first-network/orderer6.yaml b/first-network/orderer6.yaml new file mode 100644 index 00000000..5429742a --- /dev/null +++ b/first-network/orderer6.yaml @@ -0,0 +1,30 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '2' + +volumes: + orderer6.example.com: + +networks: + byfn: + +services: + + orderer6.example.com: + extends: + file: base/peer-base.yaml + service: orderer-base + container_name: orderer6.example.com + networks: + - byfn + volumes: + - ./channel-artifacts/last_config.block:/var/hyperledger/orderer/orderer.genesis.block + #- ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block + - ./crypto-config/ordererOrganizations/example.com/orderers/orderer6.example.com/msp:/var/hyperledger/orderer/msp + - ./crypto-config/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/:/var/hyperledger/orderer/tls + - orderer6.example.com:/var/hyperledger/production/orderer + ports: + - 12050:7050 diff --git a/first-network/yaml/configtx.yaml b/first-network/yaml/configtx.yaml new file mode 100644 index 00000000..84957794 --- /dev/null +++ b/first-network/yaml/configtx.yaml @@ -0,0 +1,574 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +################################################################################ +# +# ORGANIZATIONS +# +# This section defines the organizational identities that can be referenced +# in the configuration profiles. +# +################################################################################ +Organizations: + + # SampleOrg defines an MSP using the sampleconfig. It should never be used + # in production but may be used as a template for other definitions. + - &SampleOrg + # Name is the key by which this org will be referenced in channel + # configuration transactions. + # Name can include alphanumeric characters as well as dots and dashes. + Name: SampleOrg + + # ID is the key by which this org's MSP definition will be referenced. + # ID can include alphanumeric characters as well as dots and dashes. + ID: SampleOrg + + # MSPDir is the filesystem path which contains the MSP configuration. + MSPDir: msp + + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: &SampleOrgPolicies + Readers: + Type: Signature + Rule: "OR('SampleOrg.member')" + # If your MSP is configured with the new NodeOUs, you might + # want to use a more specific rule like the following: + # Rule: "OR('SampleOrg.admin', 'SampleOrg.peer', 'SampleOrg.client')" + Writers: + Type: Signature + Rule: "OR('SampleOrg.member')" + # If your MSP is configured with the new NodeOUs, you might + # want to use a more specific rule like the following: + # Rule: "OR('SampleOrg.admin', 'SampleOrg.client')" + Admins: + Type: Signature + Rule: "OR('SampleOrg.admin')" + + # AnchorPeers defines the location of peers which can be used for + # cross-org gossip communication. Note, this value is only encoded in + # the genesis block in the Application section context. + AnchorPeers: + - Host: 127.0.0.1 + Port: 7051 + +################################################################################ +# +# CAPABILITIES +# +# This section defines the capabilities of fabric network. This is a new +# concept as of v1.1.0 and should not be utilized in mixed networks with +# v1.0.x peers and orderers. Capabilities define features which must be +# present in a fabric binary for that binary to safely participate in the +# fabric network. For instance, if a new MSP type is added, newer binaries +# might recognize and validate the signatures from this type, while older +# binaries without this support would be unable to validate those +# transactions. This could lead to different versions of the fabric binaries +# having different world states. Instead, defining a capability for a channel +# informs those binaries without this capability that they must cease +# processing transactions until they have been upgraded. For v1.0.x if any +# capabilities are defined (including a map with all capabilities turned off) +# then the v1.0.x peer will deliberately crash. +# +################################################################################ +Capabilities: + # Channel capabilities apply to both the orderers and the peers and must be + # supported by both. + # Set the value of the capability to true to require it. + Channel: &ChannelCapabilities + # V1.3 for Channel is a catchall flag for behavior which has been + # determined to be desired for all orderers and peers running at the v1.3.x + # level, but which would be incompatible with orderers and peers from + # prior releases. + # Prior to enabling V1.3 channel capabilities, ensure that all + # orderers and peers on a channel are at v1.3.0 or later. + V1_3: true + + # Orderer capabilities apply only to the orderers, and may be safely + # used with prior release peers. + # Set the value of the capability to true to require it. + Orderer: &OrdererCapabilities + # V1.1 for Orderer is a catchall flag for behavior which has been + # determined to be desired for all orderers running at the v1.1.x + # level, but which would be incompatible with orderers from prior releases. + # Prior to enabling V1.1 orderer capabilities, ensure that all + # orderers on a channel are at v1.1.0 or later. + V1_1: true + + # Application capabilities apply only to the peer network, and may be safely + # used with prior release orderers. + # Set the value of the capability to true to require it. + Application: &ApplicationCapabilities + # V1.3 for Application enables the new non-backwards compatible + # features and fixes of fabric v1.3. + V1_3: true + # V1.2 for Application enables the new non-backwards compatible + # features and fixes of fabric v1.2 (note, this need not be set if + # later version capabilities are set) + V1_2: false + # V1.1 for Application enables the new non-backwards compatible + # features and fixes of fabric v1.1 (note, this need not be set if + # later version capabilities are set). + V1_1: false + +################################################################################ +# +# APPLICATION +# +# This section defines the values to encode into a config transaction or +# genesis block for application-related parameters. +# +################################################################################ +Application: &ApplicationDefaults + ACLs: &ACLsDefault + # This section provides defaults for policies for various resources + # in the system. These "resources" could be functions on system chaincodes + # (e.g., "GetBlockByNumber" on the "qscc" system chaincode) or other resources + # (e.g.,who can receive Block events). This section does NOT specify the resource's + # definition or API, but just the ACL policy for it. + # + # User's can override these defaults with their own policy mapping by defining the + # mapping under ACLs in their channel definition + + #---Lifecycle System Chaincode (lscc) function to policy mapping for access control---# + + # ACL policy for lscc's "getid" function + lscc/ChaincodeExists: /Channel/Application/Readers + + # ACL policy for lscc's "getdepspec" function + lscc/GetDeploymentSpec: /Channel/Application/Readers + + # ACL policy for lscc's "getccdata" function + lscc/GetChaincodeData: /Channel/Application/Readers + + # ACL Policy for lscc's "getchaincodes" function + lscc/GetInstantiatedChaincodes: /Channel/Application/Readers + + #---Query System Chaincode (qscc) function to policy mapping for access control---# + + # ACL policy for qscc's "GetChainInfo" function + qscc/GetChainInfo: /Channel/Application/Readers + + # ACL policy for qscc's "GetBlockByNumber" function + qscc/GetBlockByNumber: /Channel/Application/Readers + + # ACL policy for qscc's "GetBlockByHash" function + qscc/GetBlockByHash: /Channel/Application/Readers + + # ACL policy for qscc's "GetTransactionByID" function + qscc/GetTransactionByID: /Channel/Application/Readers + + # ACL policy for qscc's "GetBlockByTxID" function + qscc/GetBlockByTxID: /Channel/Application/Readers + + #---Configuration System Chaincode (cscc) function to policy mapping for access control---# + + # ACL policy for cscc's "GetConfigBlock" function + cscc/GetConfigBlock: /Channel/Application/Readers + + # ACL policy for cscc's "GetConfigTree" function + cscc/GetConfigTree: /Channel/Application/Readers + + # ACL policy for cscc's "SimulateConfigTreeUpdate" function + cscc/SimulateConfigTreeUpdate: /Channel/Application/Readers + + #---Miscellanesous peer function to policy mapping for access control---# + + # ACL policy for invoking chaincodes on peer + peer/Propose: /Channel/Application/Writers + + # ACL policy for chaincode to chaincode invocation + peer/ChaincodeToChaincode: /Channel/Application/Readers + + #---Events resource to policy mapping for access control###---# + + # ACL policy for sending block events + event/Block: /Channel/Application/Readers + + # ACL policy for sending filtered block events + event/FilteredBlock: /Channel/Application/Readers + + # Organizations lists the orgs participating on the application side of the + # network. + Organizations: + + # Policies defines the set of policies at this level of the config tree + # For Application policies, their canonical path is + # /Channel/Application/ + Policies: &ApplicationDefaultPolicies + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + + # Capabilities describes the application level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ApplicationCapabilities + +################################################################################ +# +# ORDERER +# +# This section defines the values to encode into a config transaction or +# genesis block for orderer related parameters. +# +################################################################################ +Orderer: &OrdererDefaults + + # Orderer Type: The orderer implementation to start. + # Available types are "solo" and "kafka". + OrdererType: solo + + # Addresses here is a nonexhaustive list of orderers the peers and clients can + # connect to. Adding/removing nodes from this list has no impact on their + # participation in ordering. + # NOTE: In the solo case, this should be a one-item list. + Addresses: + - 127.0.0.1:7050 + + # Batch Timeout: The amount of time to wait before creating a batch. + BatchTimeout: 2s + + # Batch Size: Controls the number of messages batched into a block. + # The orderer views messages opaquely, but typically, messages may + # be considered to be Fabric transactions. The 'batch' is the group + # of messages in the 'data' field of the block. Blocks will be a few kb + # larger than the batch size, when signatures, hashes, and other metadata + # is applied. + BatchSize: + + # Max Message Count: The maximum number of messages to permit in a + # batch. No block will contain more than this number of messages. + MaxMessageCount: 500 + + # Absolute Max Bytes: The absolute maximum number of bytes allowed for + # the serialized messages in a batch. The maximum block size is this value + # plus the size of the associated metadata (usually a few KB depending + # upon the size of the signing identities). Any transaction larger than + # this value will be rejected by ordering. If the "kafka" OrdererType is + # selected, set 'message.max.bytes' and 'replica.fetch.max.bytes' on + # the Kafka brokers to a value that is larger than this one. + AbsoluteMaxBytes: 10 MB + + # Preferred Max Bytes: The preferred maximum number of bytes allowed + # for the serialized messages in a batch. Roughly, this field may be considered + # the best effort maximum size of a batch. A batch will fill with messages + # until this size is reached (or the max message count, or batch timeout is + # exceeded). If adding a new message to the batch would cause the batch to + # exceed the preferred max bytes, then the current batch is closed and written + # to a block, and a new batch containing the new message is created. If a + # message larger than the preferred max bytes is received, then its batch + # will contain only that message. Because messages may be larger than + # preferred max bytes (up to AbsoluteMaxBytes), some batches may exceed + # the preferred max bytes, but will always contain exactly one transaction. + PreferredMaxBytes: 2 MB + + # Max Channels is the maximum number of channels to allow on the ordering + # network. When set to 0, this implies no maximum number of channels. + MaxChannels: 0 + + Kafka: + # Brokers: A list of Kafka brokers to which the orderer connects. Edit + # this list to identify the brokers of the ordering service. + # NOTE: Use IP:port notation. + Brokers: + - kafka0:9092 + - kafka1:9092 + - kafka2:9092 + + # EtcdRaft defines configuration which must be set when the "etcdraft" + # orderertype is chosen. + EtcdRaft: + # The set of Raft replicas for this network. For the etcd/raft-based + # implementation, we expect every replica to also be an OSN. Therefore, + # a subset of the host:port items enumerated in this list should be + # replicated under the Orderer.Addresses key above. + Consenters: + - Host: raft0.example.com + Port: 7050 + ClientTLSCert: path/to/ClientTLSCert0 + ServerTLSCert: path/to/ServerTLSCert0 + - Host: raft1.example.com + Port: 7050 + ClientTLSCert: path/to/ClientTLSCert1 + ServerTLSCert: path/to/ServerTLSCert1 + - Host: raft2.example.com + Port: 7050 + ClientTLSCert: path/to/ClientTLSCert2 + ServerTLSCert: path/to/ServerTLSCert2 + + # Options to be specified for all the etcd/raft nodes. The values here + # are the defaults for all new channels and can be modified on a + # per-channel basis via configuration updates. + Options: + # TickInterval is the time interval between two Node.Tick invocations. + TickInterval: 500ms + + # ElectionTick is the number of Node.Tick invocations that must pass + # between elections. That is, if a follower does not receive any + # message from the leader of current term before ElectionTick has + # elapsed, it will become candidate and start an election. + # ElectionTick must be greater than HeartbeatTick. + ElectionTick: 10 + + # HeartbeatTick is the number of Node.Tick invocations that must + # pass between heartbeats. That is, a leader sends heartbeat + # messages to maintain its leadership every HeartbeatTick ticks. + HeartbeatTick: 1 + + # MaxInflightBlocks limits the max number of in-flight append messages + # during optimistic replication phase. + MaxInflightBlocks: 5 + + # SnapshotIntervalSize defines number of bytes per which a snapshot is taken + SnapshotIntervalSize: 20 MB + + # Organizations lists the orgs participating on the orderer side of the + # network. + Organizations: + + # Policies defines the set of policies at this level of the config tree + # For Orderer policies, their canonical path is + # /Channel/Orderer/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # BlockValidation specifies what signatures must be included in the block + # from the orderer for the peer to validate it. + BlockValidation: + Type: ImplicitMeta + Rule: "ANY Writers" + + # Capabilities describes the orderer level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *OrdererCapabilities + +################################################################################ +# +# CHANNEL +# +# This section defines the values to encode into a config transaction or +# genesis block for channel related parameters. +# +################################################################################ +Channel: &ChannelDefaults + # Policies defines the set of policies at this level of the config tree + # For Channel policies, their canonical path is + # /Channel/ + Policies: + # Who may invoke the 'Deliver' API + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + # Who may invoke the 'Broadcast' API + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + # By default, who may modify elements at this config level + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + + + # Capabilities describes the channel level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ChannelCapabilities + +################################################################################ +# +# PROFILES +# +# Different configuration profiles may be encoded here to be specified as +# parameters to the configtxgen tool. The profiles which specify consortiums +# are to be used for generating the orderer genesis block. With the correct +# consortium members defined in the orderer genesis block, channel creation +# requests may be generated with only the org member names and a consortium +# name. +# +################################################################################ +Profiles: + + # SampleSingleMSPSolo defines a configuration which uses the Solo orderer, + # and contains a single MSP definition (the MSP sampleconfig). + # The Consortium SampleConsortium has only a single member, SampleOrg. + SampleSingleMSPSolo: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + Organizations: + - *SampleOrg + Consortiums: + SampleConsortium: + Organizations: + - *SampleOrg + + # SampleSingleMSPKafka defines a configuration that differs from the + # SampleSingleMSPSolo one only in that it uses the Kafka-based orderer. + SampleSingleMSPKafka: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + OrdererType: kafka + Organizations: + - *SampleOrg + Consortiums: + SampleConsortium: + Organizations: + - *SampleOrg + + # SampleInsecureSolo defines a configuration which uses the Solo orderer, + # contains no MSP definitions, and allows all transactions and channel + # creation requests for the consortium SampleConsortium. + SampleInsecureSolo: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + Consortiums: + SampleConsortium: + Organizations: + + # SampleInsecureKafka defines a configuration that differs from the + # SampleInsecureSolo one only in that it uses the Kafka-based orderer. + SampleInsecureKafka: + <<: *ChannelDefaults + Orderer: + OrdererType: kafka + <<: *OrdererDefaults + Consortiums: + SampleConsortium: + Organizations: + + # SampleDevModeSolo defines a configuration which uses the Solo orderer, + # contains the sample MSP as both orderer and consortium member, and + # requires only basic membership for admin privileges. It also defines + # an Application on the ordering system channel, which should usually + # be avoided. + SampleDevModeSolo: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Application: + <<: *ApplicationDefaults + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Consortiums: + SampleConsortium: + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + + # SampleDevModeKafka defines a configuration that differs from the + # SampleDevModeSolo one only in that it uses the Kafka-based orderer. + SampleDevModeKafka: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + OrdererType: kafka + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Application: + <<: *ApplicationDefaults + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Consortiums: + SampleConsortium: + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + + # SampleSingleMSPChannel defines a channel with only the sample org as a + # member. It is designed to be used in conjunction with SampleSingleMSPSolo + # and SampleSingleMSPKafka orderer profiles. Note, for channel creation + # profiles, only the 'Application' section and consortium # name are + # considered. + SampleSingleMSPChannel: + Consortium: SampleConsortium + Application: + <<: *ApplicationDefaults + Organizations: + - *SampleOrg + + # SampleDevModeEtcdRaft defines a configuration that differs from the + # SampleDevModeSolo one only in that it uses the etcd/raft-based orderer. + SampleDevModeEtcdRaft: + <<: *ChannelDefaults + Orderer: + <<: *OrdererDefaults + OrdererType: etcdraft + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Application: + <<: *ApplicationDefaults + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" + Consortiums: + SampleConsortium: + Organizations: + - <<: *SampleOrg + Policies: + <<: *SampleOrgPolicies + Admins: + Type: Signature + Rule: "OR('SampleOrg.member')" diff --git a/first-network/yaml/core.yaml b/first-network/yaml/core.yaml new file mode 100644 index 00000000..a3f6ce0d --- /dev/null +++ b/first-network/yaml/core.yaml @@ -0,0 +1,717 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# +# 1.4 做出了更新 不再有单独的logging模块 +# +logging: + # yunxiang fabric log module config + isOpenYxlog: false + logpath: /var/fabric_logs + logname: peer_log + # peer log level,0:emergency, 1:alert, 2:critical, 3:error,4:warning,5:notice,6:info, 7:debug + # default to be 6:info + yxLogLevel: 7 + maxlinesPerFile: 100000000 + maxsizePerFile: 102400000 + maxTotalSize: 1024000000 + isautodelete: false + maxdays: 7 + daily: true + # chaincodeLog + chaincodeLogLevel: 7 + # chaincode 日志宿主机存放路径,容器内部存放路径为logpath + chaincodeLogPath: /var/chaincode_logs/ +############################################################################### +# +# Peer section +# +############################################################################### +peer: + + # The Peer id is used for identifying this Peer instance. + id: jdoe + + # The networkId allows for logical seperation of networks + networkId: dev + + # The Address at local network interface this Peer will listen on. + # By default, it will listen on all network interfaces + listenAddress: 0.0.0.0:7051 + + # The endpoint this peer uses to listen for inbound chaincode connections. + # If this is commented-out, the listen address is selected to be + # the peer's address (see below) with port 7052 + # chaincodeListenAddress: 0.0.0.0:7052 + + # The endpoint the chaincode for this peer uses to connect to the peer. + # If this is not specified, the chaincodeListenAddress address is selected. + # And if chaincodeListenAddress is not specified, address is selected from + # peer listenAddress. + # chaincodeAddress: 0.0.0.0:7052 + + # When used as peer config, this represents the endpoint to other peers + # in the same organization. For peers in other organization, see + # gossip.externalEndpoint for more info. + # When used as CLI config, this means the peer's endpoint to interact with + address: 0.0.0.0:7051 + + # Whether the Peer should programmatically determine its address + # This case is useful for docker containers. + addressAutoDetect: false + + # Setting for runtime.GOMAXPROCS(n). If n < 1, it does not change the + # current setting + gomaxprocs: -1 + + # Keepalive settings for peer server and clients + keepalive: + # MinInterval is the minimum permitted time between client pings. + # If clients send pings more frequently, the peer server will + # disconnect them + minInterval: 60s + # Client keepalive settings for communicating with other peer nodes + client: + # Interval is the time between pings to peer nodes. This must + # greater than or equal to the minInterval specified by peer + # nodes + interval: 60s + # Timeout is the duration the client waits for a response from + # peer nodes before closing the connection + timeout: 20s + # DeliveryClient keepalive settings for communication with ordering + # nodes. + deliveryClient: + # Interval is the time between pings to ordering nodes. This must + # greater than or equal to the minInterval specified by ordering + # nodes. + interval: 60s + # Timeout is the duration the client waits for a response from + # ordering nodes before closing the connection + timeout: 20s + + + # Gossip related configuration + gossip: + # Bootstrap set to initialize gossip with. + # This is a list of other peers that this peer reaches out to at startup. + # Important: The endpoints here have to be endpoints of peers in the same + # organization, because the peer would refuse connecting to these endpoints + # unless they are in the same organization as the peer. + bootstrap: 127.0.0.1:7051 + + # NOTE: orgLeader and useLeaderElection parameters are mutual exclusive. + # Setting both to true would result in the termination of the peer + # since this is undefined state. If the peers are configured with + # useLeaderElection=false, make sure there is at least 1 peer in the + # organization that its orgLeader is set to true. + + # Defines whenever peer will initialize dynamic algorithm for + # "leader" selection, where leader is the peer to establish + # connection with ordering service and use delivery protocol + # to pull ledger blocks from ordering service. It is recommended to + # use leader election for large networks of peers. + useLeaderElection: true + # Statically defines peer to be an organization "leader", + # where this means that current peer will maintain connection + # with ordering service and disseminate block across peers in + # its own organization + orgLeader: false + + # Interval for membershipTracker polling + membershipTrackerInterval: 5s + + # Overrides the endpoint that the peer publishes to peers + # in its organization. For peers in foreign organizations + # see 'externalEndpoint' + endpoint: + # Maximum count of blocks stored in memory + maxBlockCountToStore: 100 + # Max time between consecutive message pushes(unit: millisecond) + maxPropagationBurstLatency: 10ms + # Max number of messages stored until a push is triggered to remote peers + maxPropagationBurstSize: 10 + # Number of times a message is pushed to remote peers + propagateIterations: 1 + # Number of peers selected to push messages to + propagatePeerNum: 3 + # Determines frequency of pull phases(unit: second) + # Must be greater than digestWaitTime + responseWaitTime + pullInterval: 4s + # Number of peers to pull from + pullPeerNum: 3 + # Determines frequency of pulling state info messages from peers(unit: second) + requestStateInfoInterval: 4s + # Determines frequency of pushing state info messages to peers(unit: second) + publishStateInfoInterval: 4s + # Maximum time a stateInfo message is kept until expired + stateInfoRetentionInterval: + # Time from startup certificates are included in Alive messages(unit: second) + publishCertPeriod: 10s + # Should we skip verifying block messages or not (currently not in use) + skipBlockVerification: false + # Dial timeout(unit: second) + dialTimeout: 3s + # Connection timeout(unit: second) + connTimeout: 2s + # Buffer size of received messages + recvBuffSize: 20 + # Buffer size of sending messages + sendBuffSize: 200 + # Time to wait before pull engine processes incoming digests (unit: second) + # Should be slightly smaller than requestWaitTime + digestWaitTime: 1s + # Time to wait before pull engine removes incoming nonce (unit: milliseconds) + # Should be slightly bigger than digestWaitTime + requestWaitTime: 1500ms + # Time to wait before pull engine ends pull (unit: second) + responseWaitTime: 2s + # Alive check interval(unit: second) + aliveTimeInterval: 5s + # Alive expiration timeout(unit: second) + aliveExpirationTimeout: 25s + # Reconnect interval(unit: second) + reconnectInterval: 25s + # This is an endpoint that is published to peers outside of the organization. + # If this isn't set, the peer will not be known to other organizations. + externalEndpoint: + # Leader election service configuration + election: + # Longest time peer waits for stable membership during leader election startup (unit: second) + startupGracePeriod: 15s + # Interval gossip membership samples to check its stability (unit: second) + membershipSampleInterval: 1s + # Time passes since last declaration message before peer decides to perform leader election (unit: second) + leaderAliveThreshold: 10s + # Time between peer sends propose message and declares itself as a leader (sends declaration message) (unit: second) + leaderElectionDuration: 5s + + pvtData: + # pullRetryThreshold determines the maximum duration of time private data corresponding for a given block + # would be attempted to be pulled from peers until the block would be committed without the private data + pullRetryThreshold: 60s + # As private data enters the transient store, it is associated with the peer's ledger's height at that time. + # transientstoreMaxBlockRetention defines the maximum difference between the current ledger's height upon commit, + # and the private data residing inside the transient store that is guaranteed not to be purged. + # Private data is purged from the transient store when blocks with sequences that are multiples + # of transientstoreMaxBlockRetention are committed. + transientstoreMaxBlockRetention: 1000 + # pushAckTimeout is the maximum time to wait for an acknowledgement from each peer + # at private data push at endorsement time. + pushAckTimeout: 3s + # Block to live pulling margin, used as a buffer + # to prevent peer from trying to pull private data + # from peers that is soon to be purged in next N blocks. + # This helps a newly joined peer catch up to current + # blockchain height quicker. + btlPullMargin: 10 + # the process of reconciliation is done in an endless loop, while in each iteration reconciler tries to + # pull from the other peers the most recent missing blocks with a maximum batch size limitation. + # reconcileBatchSize determines the maximum batch size of missing private data that will be reconciled in a + # single iteration. + reconcileBatchSize: 10 + # reconcileSleepInterval determines the time reconciler sleeps from end of an iteration until the beginning + # of the next reconciliation iteration. + reconcileSleepInterval: 1m + # reconciliationEnabled is a flag that indicates whether private data reconciliation is enable or not. + reconciliationEnabled: true + + # Gossip state transfer related configuration + state: + # indicates whenever state transfer is enabled or not + # default value is true, i.e. state transfer is active + # and takes care to sync up missing blocks allowing + # lagging peer to catch up to speed with rest network + enabled: true + # checkInterval interval to check whether peer is lagging behind enough to + # request blocks via state transfer from another peer. + checkInterval: 10s + # responseTimeout amount of time to wait for state transfer response from + # other peers + responseTimeout: 3s + # batchSize the number of blocks to request via state transfer from another peer + batchSize: 10 + # blockBufferSize reflect the maximum distance between lowest and + # highest block sequence number state buffer to avoid holes. + # In order to ensure absence of the holes actual buffer size + # is twice of this distance + blockBufferSize: 100 + # maxRetries maximum number of re-tries to ask + # for single state transfer request + maxRetries: 3 + + # TLS Settings + # Note that peer-chaincode connections through chaincodeListenAddress is + # not mutual TLS auth. See comments on chaincodeListenAddress for more info + tls: + # Require server-side TLS + enabled: false + # Require client certificates / mutual TLS. + # Note that clients that are not configured to use a certificate will + # fail to connect to the peer. + clientAuthRequired: false + # X.509 certificate used for TLS server + cert: + file: tls/server.crt + # Private key used for TLS server (and client if clientAuthEnabled + # is set to true + key: + file: tls/server.key + # Trusted root certificate chain for tls.cert + rootcert: + file: tls/ca.crt + # Set of root certificate authorities used to verify client certificates + clientRootCAs: + files: + - tls/ca.crt + # Private key used for TLS when making client connections. If + # not set, peer.tls.key.file will be used instead + clientKey: + file: + # X.509 certificate used for TLS when making client connections. + # If not set, peer.tls.cert.file will be used instead + clientCert: + file: + + # Authentication contains configuration parameters related to authenticating + # client messages + authentication: + # the acceptable difference between the current server time and the + # client's time as specified in a client request message + timewindow: 15m + + # Path on the file system where peer will store data (eg ledger). This + # location must be access control protected to prevent unintended + # modification that might corrupt the peer operations. + fileSystemPath: /var/hyperledger/production + + # BCCSP (Blockchain crypto provider): Select which crypto implementation or + # library to use + BCCSP: + # if setting is GM, chaincode.golang.dynamiclink must be false. + Default: SW + # Settings for the SW crypto provider (i.e. when DEFAULT: SW) + SW: + # TODO: The default Hash and Security level needs refactoring to be + # fully configurable. Changing these defaults requires coordination + # SHA2 is hardcoded in several places, not only BCCSP + Hash: SHA2 + Security: 256 + # Location of Key Store + FileKeyStore: + # If "", defaults to 'mspConfigPath'/keystore + KeyStore: + # Settings for the PKCS#11 crypto provider (i.e. when DEFAULT: PKCS11) + PKCS11: + # Location of the PKCS11 module library + Library: + # Token Label + Label: + # User PIN + Pin: + Hash: + Security: + FileKeyStore: + KeyStore: + + # Path on the file system where peer will find MSP local configurations + mspConfigPath: msp + + # Identifier of the local MSP + # ----!!!!IMPORTANT!!!-!!!IMPORTANT!!!-!!!IMPORTANT!!!!---- + # Deployers need to change the value of the localMspId string. + # In particular, the name of the local MSP ID of a peer needs + # to match the name of one of the MSPs in each of the channel + # that this peer is a member of. Otherwise this peer's messages + # will not be identified as valid by other nodes. + localMspId: SampleOrg + + # CLI common client config options + client: + # connection timeout + connTimeout: 3s + + # Delivery service related config + deliveryclient: + # It sets the total time the delivery service may spend in reconnection + # attempts until its retry logic gives up and returns an error + reconnectTotalTimeThreshold: 3600s + + # It sets the delivery service <-> ordering service node connection timeout + connTimeout: 3s + + # It sets the delivery service maximal delay between consecutive retries + reConnectBackoffThreshold: 3600s + + # Type for the local MSP - by default it's of type bccsp + localMspType: bccsp + + # Used with Go profiling tools only in none production environment. In + # production, it should be disabled (eg enabled: false) + profile: + enabled: false + listenAddress: 0.0.0.0:6060 + + # The admin service is used for administrative operations such as + # control over logger levels, etc. + # Only peer administrators can use the service. + adminService: + # The interface and port on which the admin server will listen on. + # If this is commented out, or the port number is equal to the port + # of the peer listen address - the admin service is attached to the + # peer's service (defaults to 7051). + #listenAddress: 0.0.0.0:7055 + + # Handlers defines custom handlers that can filter and mutate + # objects passing within the peer, such as: + # Auth filter - reject or forward proposals from clients + # Decorators - append or mutate the chaincode input passed to the chaincode + # Endorsers - Custom signing over proposal response payload and its mutation + # Valid handler definition contains: + # - A name which is a factory method name defined in + # core/handlers/library/library.go for statically compiled handlers + # - library path to shared object binary for pluggable filters + # Auth filters and decorators are chained and executed in the order that + # they are defined. For example: + # authFilters: + # - + # name: FilterOne + # library: /opt/lib/filter.so + # - + # name: FilterTwo + # decorators: + # - + # name: DecoratorOne + # - + # name: DecoratorTwo + # library: /opt/lib/decorator.so + # Endorsers are configured as a map that its keys are the endorsement system chaincodes that are being overridden. + # Below is an example that overrides the default ESCC and uses an endorsement plugin that has the same functionality + # as the default ESCC. + # If the 'library' property is missing, the name is used as the constructor method in the builtin library similar + # to auth filters and decorators. + # endorsers: + # escc: + # name: DefaultESCC + # library: /etc/hyperledger/fabric/plugin/escc.so + handlers: + authFilters: + - + name: DefaultAuth + - + name: ExpirationCheck # This filter checks identity x509 certificate expiration + decorators: + - + name: DefaultDecorator + endorsers: + escc: + name: DefaultEndorsement + library: + validators: + vscc: + name: DefaultValidation + library: + + # library: /etc/hyperledger/fabric/plugin/escc.so + # Number of goroutines that will execute transaction validation in parallel. + # By default, the peer chooses the number of CPUs on the machine. Set this + # variable to override that choice. + # NOTE: overriding this value might negatively influence the performance of + # the peer so please change this value only if you know what you're doing + validatorPoolSize: + + # The discovery service is used by clients to query information about peers, + # such as - which peers have joined a certain channel, what is the latest + # channel config, and most importantly - given a chaincode and a channel, + # what possible sets of peers satisfy the endorsement policy. + discovery: + enabled: true + # Whether the authentication cache is enabled or not. + authCacheEnabled: true + # The maximum size of the cache, after which a purge takes place + authCacheMaxSize: 1000 + # The proportion (0 to 1) of entries that remain in the cache after the cache is purged due to overpopulation + authCachePurgeRetentionRatio: 0.75 + # Whether to allow non-admins to perform non channel scoped queries. + # When this is false, it means that only peer admins can perform non channel scoped queries. + orgMembersAllowedAccess: false +############################################################################### +# +# VM section +# +############################################################################### +vm: + + # Endpoint of the vm management system. For docker can be one of the following in general + # unix:///var/run/docker.sock + # http://localhost:2375 + # https://localhost:2376 + endpoint: unix:///var/run/docker.sock + + # settings for docker vms + docker: + tls: + enabled: false + ca: + file: docker/ca.crt + cert: + file: docker/tls.crt + key: + file: docker/tls.key + + # Enables/disables the standard out/err from chaincode containers for + # debugging purposes + attachStdout: false + + # Parameters on creating docker container. + # Container may be efficiently created using ipam & dns-server for cluster + # NetworkMode - sets the networking mode for the container. Supported + # standard values are: `host`(default),`bridge`,`ipvlan`,`none`. + # Dns - a list of DNS servers for the container to use. + # Note: `Privileged` `Binds` `Links` and `PortBindings` properties of + # Docker Host Config are not supported and will not be used if set. + # LogConfig - sets the logging driver (Type) and related options + # (Config) for Docker. For more info, + # https://docs.docker.com/engine/admin/logging/overview/ + # Note: Set LogConfig using Environment Variables is not supported. + hostConfig: + NetworkMode: host + Dns: + # - 192.168.0.1 + LogConfig: + Type: json-file + Config: + max-size: "50m" + max-file: "5" + Memory: 2147483648 + +############################################################################### +# +# Chaincode section +# +############################################################################### +chaincode: + + # The id is used by the Chaincode stub to register the executing Chaincode + # ID with the Peer and is generally supplied through ENV variables + # the `path` form of ID is provided when installing the chaincode. + # The `name` is used for all other requests and can be any string. + id: + path: + name: + + # Generic builder environment, suitable for most chaincode types + builder: $(DOCKER_NS)/fabric-ccenv:latest + + # Enables/disables force pulling of the base docker images (listed below) + # during user chaincode instantiation. + # Useful when using moving image tags (such as :latest) + pull: false + + golang: + # golang will never need more than baseos + runtime: $(BASE_DOCKER_NS)/fabric-yxbaseos:latest + + # whether or not golang chaincode should be linked dynamically + dynamicLink: true + + car: + # car may need more facilities (JVM, etc) in the future as the catalog + # of platforms are expanded. For now, we can just use baseos + runtime: $(BASE_DOCKER_NS)/fabric-baseos:$(ARCH)-$(BASE_VERSION) + + java: + # This is an image based on java:openjdk-8 with addition compiler + # tools added for java shim layer packaging. + # This image is packed with shim layer libraries that are necessary + # for Java chaincode runtime. + runtime: $(DOCKER_NS)/fabric-javaenv:$(ARCH)-$(PROJECT_VERSION) + + node: + # need node.js engine at runtime, currently available in baseimage + # but not in baseos + runtime: $(BASE_DOCKER_NS)/fabric-baseimage:$(ARCH)-$(BASE_VERSION) + + # Timeout duration for starting up a container and waiting for Register + # to come through. 1sec should be plenty for chaincode unit tests + startuptimeout: 300s + + # Timeout duration for Invoke and Init calls to prevent runaway. + # This timeout is used by all chaincodes in all the channels, including + # system chaincodes. + # Note that during Invoke, if the image is not available (e.g. being + # cleaned up when in development environment), the peer will automatically + # build the image, which might take more time. In production environment, + # the chaincode image is unlikely to be deleted, so the timeout could be + # reduced accordingly. + executetimeout: 30s + + # There are 2 modes: "dev" and "net". + # In dev mode, user runs the chaincode after starting peer from + # command line on local machine. + # In net mode, peer will run chaincode in a docker container. + mode: net + + # keepalive in seconds. In situations where the communiction goes through a + # proxy that does not support keep-alive, this parameter will maintain connection + # between peer and chaincode. + # A value <= 0 turns keepalive off + keepalive: 0 + + # system chaincodes whitelist. To add system chaincode "myscc" to the + # whitelist, add "myscc: enable" to the list below, and register in + # chaincode/importsysccs.go + system: + cscc: enable + lscc: enable + escc: enable + vscc: enable + qscc: enable + + # System chaincode plugins: + # System chaincodes can be loaded as shared objects compiled as Go plugins. + # See examples/plugins/scc for an example. + # Plugins must be white listed in the chaincode.system section above. + systemPlugins: + # example configuration: + # - enabled: true + # name: myscc + # path: /opt/lib/myscc.so + # invokableExternal: true + # invokableCC2CC: true + + # Logging section for the chaincode container + logging: + # Default level for all loggers within the chaincode container + level: info + # Override default level for the 'shim' logger + shim: warning + # Format for the chaincode container logs + format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}' + +############################################################################### +# +# Ledger section - ledger configuration encompases both the blockchain +# and the state +# +############################################################################### +ledger: + + blockchain: + dataDump: + enabled: true + dumpDir: /var/hyperledger/production/ledgersData/chains/chains/ + loadDir: /var/hyperledger/production/ledgersData/chains/chains/ + maxFileLimit: 4096 + dumpCron: + - 0 */5 * * * ? + - 0 0 * * * ? + dumpInterval: 5m #24h + loadRetryTimes: 5 + state: + # stateDatabase - options are "goleveldb", "CouchDB" + # goleveldb - default state database stored in goleveldb. + # CouchDB - store state database in CouchDB + stateDatabase: goleveldb + # Limit on the number of records to return per query + totalQueryLimit: 100000 + couchDBConfig: + # It is recommended to run CouchDB on the same server as the peer, and + # not map the CouchDB container port to a server port in docker-compose. + # Otherwise proper security must be provided on the connection between + # CouchDB client (on the peer) and server. + couchDBAddress: 127.0.0.1:5984 + # This username must have read and write authority on CouchDB + username: + # The password is recommended to pass as an environment variable + # during start up (eg CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD). + # If it is stored here, the file must be access control protected + # to prevent unintended users from discovering the password. + password: + # Number of retries for CouchDB errors + maxRetries: 3 + # Number of retries for CouchDB errors during peer startup + maxRetriesOnStartup: 12 + # CouchDB request timeout (unit: duration, e.g. 20s) + requestTimeout: 35s + # Limit on the number of records per each CouchDB query + # Note that chaincode queries are only bound by totalQueryLimit. + # Internally the chaincode may execute multiple CouchDB queries, + # each of size internalQueryLimit. + internalQueryLimit: 1000 + # Limit on the number of records per CouchDB bulk update batch + maxBatchUpdateSize: 1000 + # Warm indexes after every N blocks. + # This option warms any indexes that have been + # deployed to CouchDB after every N blocks. + # A value of 1 will warm indexes after every block commit, + # to ensure fast selector queries. + # Increasing the value may improve write efficiency of peer and CouchDB, + # but may degrade query response time. + warmIndexesAfterNBlocks: 1 + # Create the _global_changes system database + # This is optional. Creating the global changes database will require + # additional system resources to track changes and maintain the database + createGlobalChangesDB: false + + history: + # enableHistoryDatabase - options are true or false + # Indicates if the history of key updates should be stored. + # All history 'index' will be stored in goleveldb, regardless if using + # CouchDB or alternate database for the state. + enableHistoryDatabase: true + +############################################################################### +# +# Operations section +# +############################################################################### +operations: + # host and port for the operations server + listenAddress: 127.0.0.1:9443 + + # TLS configuration for the operations endpoint + tls: + # TLS enabled + enabled: false + + # path to PEM encoded server certificate for the operations server + cert: + file: + + # path to PEM encoded server key for the operations server + key: + file: + + # most operations service endpoints require client authentication when TLS + # is enabled. clientAuthRequired requires client certificate authentication + # at the TLS layer to access all resources. + clientAuthRequired: false + + # paths to PEM encoded ca certificates to trust for client authentication + clientRootCAs: + files: [] + +############################################################################### +# +# Metrics section +# +############################################################################### +metrics: + # metrics provider is one of statsd, prometheus, or disabled + provider: disabled + + # statsd configuration + statsd: + # network type: tcp or udp + network: udp + + # statsd server address + address: 127.0.0.1:8125 + + # the interval at which locally cached counters and gauges are pushed + # to statsd; timings are pushed immediately + writeInterval: 10s + + # prefix is prepended to all emitted statsd metrics + prefix: diff --git a/first-network/yaml/msp/admincerts/admincert.pem b/first-network/yaml/msp/admincerts/admincert.pem new file mode 100644 index 00000000..415d5617 --- /dev/null +++ b/first-network/yaml/msp/admincerts/admincert.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICNjCCAd2gAwIBAgIRAMnf9/dmV9RvCCVw9pZQUfUwCgYIKoZIzj0EAwIwgYEx +CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4g +RnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQwwCgYDVQQLEwND +T1AxHDAaBgNVBAMTE2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTcxMTEyMTM0MTEx +WhcNMjcxMTEwMTM0MTExWjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv +cm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEMMAoGA1UECxMDQ09QMR8wHQYD +VQQDExZwZWVyMC5vcmcxLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAEZ8S4V71OBJpyMIVZdwYdFXAckItrpvSrCf0HQg40WW9XSoOOO76I+Umf +EkmTlIJXP7/AyRRSRU38oI8Ivtu4M6NNMEswDgYDVR0PAQH/BAQDAgeAMAwGA1Ud +EwEB/wQCMAAwKwYDVR0jBCQwIoAginORIhnPEFZUhXm6eWBkm7K7Zc8R4/z7LW4H +ossDlCswCgYIKoZIzj0EAwIDRwAwRAIgVikIUZzgfuFsGLQHWJUVJCU7pDaETkaz +PzFgsCiLxUACICgzJYlW7nvZxP7b6tbeu3t8mrhMXQs956mD4+BoKuNI +-----END CERTIFICATE----- diff --git a/first-network/yaml/msp/cacerts/cacert.pem b/first-network/yaml/msp/cacerts/cacert.pem new file mode 100644 index 00000000..22dfce98 --- /dev/null +++ b/first-network/yaml/msp/cacerts/cacert.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICYjCCAgigAwIBAgIRAL1fEAnz5zp4moJ8MdSb/lYwCgYIKoZIzj0EAwIwgYEx +CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4g +RnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQwwCgYDVQQLEwND +T1AxHDAaBgNVBAMTE2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTcxMTEyMTM0MTEx +WhcNMjcxMTEwMTM0MTExWjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlm +b3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhh +bXBsZS5jb20xDDAKBgNVBAsTA0NPUDEcMBoGA1UEAxMTY2Eub3JnMS5leGFtcGxl +LmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGrsQ6oJpk6hDWf63HU3OSNd +bou9KNw/VIee1IngPDI4YJU7O+Xa/XLJuwnFv7BpR8Ytl3f+njC8i/RZP2/svO+j +XzBdMA4GA1UdDwEB/wQEAwIBpjAPBgNVHSUECDAGBgRVHSUAMA8GA1UdEwEB/wQF +MAMBAf8wKQYDVR0OBCIEIIpzkSIZzxBWVIV5unlgZJuyu2XPEeP8+y1uB6LLA5Qr +MAoGCCqGSM49BAMCA0gAMEUCIQDUh/+CC2dAICnYtACXspwUaaEbiyZxYIx+XDvW +o8VVcgIgGz5S4iC5+xkxgeaISPfxKTTVy6yzTdYGzCw1vPppjzo= +-----END CERTIFICATE----- diff --git a/first-network/yaml/msp/config.yaml b/first-network/yaml/msp/config.yaml new file mode 100644 index 00000000..690d6c3e --- /dev/null +++ b/first-network/yaml/msp/config.yaml @@ -0,0 +1,18 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +OrganizationalUnitIdentifiers: + - Certificate: "cacerts/cacert.pem" + OrganizationalUnitIdentifier: "COP" + +NodeOUs: + Enable: false + ClientOUIdentifier: + # if Certificate is empty, then the certifier identifier will not be enforced + Certificate: "cacerts/cacert.pem" + OrganizationalUnitIdentifier: "OU_client" + PeerOUIdentifier: + Certificate: "cacerts/cacert.pem" + OrganizationalUnitIdentifier: "OU_peer" diff --git a/first-network/yaml/msp/keystore/key.pem b/first-network/yaml/msp/keystore/key.pem new file mode 100755 index 00000000..797d567a --- /dev/null +++ b/first-network/yaml/msp/keystore/key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgXa3mln4anewXtqrM +hMw6mfZhslkRa/j9P790ToKjlsihRANCAARnxLhXvU4EmnIwhVl3Bh0VcByQi2um +9KsJ/QdCDjRZb1dKg447voj5SZ8SSZOUglc/v8DJFFJFTfygjwi+27gz +-----END PRIVATE KEY----- diff --git a/first-network/yaml/msp/signcerts/peer.pem b/first-network/yaml/msp/signcerts/peer.pem new file mode 100644 index 00000000..415d5617 --- /dev/null +++ b/first-network/yaml/msp/signcerts/peer.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICNjCCAd2gAwIBAgIRAMnf9/dmV9RvCCVw9pZQUfUwCgYIKoZIzj0EAwIwgYEx +CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4g +RnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMQwwCgYDVQQLEwND +T1AxHDAaBgNVBAMTE2NhLm9yZzEuZXhhbXBsZS5jb20wHhcNMTcxMTEyMTM0MTEx +WhcNMjcxMTEwMTM0MTExWjBpMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv +cm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEMMAoGA1UECxMDQ09QMR8wHQYD +VQQDExZwZWVyMC5vcmcxLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0D +AQcDQgAEZ8S4V71OBJpyMIVZdwYdFXAckItrpvSrCf0HQg40WW9XSoOOO76I+Umf +EkmTlIJXP7/AyRRSRU38oI8Ivtu4M6NNMEswDgYDVR0PAQH/BAQDAgeAMAwGA1Ud +EwEB/wQCMAAwKwYDVR0jBCQwIoAginORIhnPEFZUhXm6eWBkm7K7Zc8R4/z7LW4H +ossDlCswCgYIKoZIzj0EAwIDRwAwRAIgVikIUZzgfuFsGLQHWJUVJCU7pDaETkaz +PzFgsCiLxUACICgzJYlW7nvZxP7b6tbeu3t8mrhMXQs956mD4+BoKuNI +-----END CERTIFICATE----- diff --git a/first-network/yaml/msp/tlscacerts/tlsroot.pem b/first-network/yaml/msp/tlscacerts/tlsroot.pem new file mode 100644 index 00000000..10625226 --- /dev/null +++ b/first-network/yaml/msp/tlscacerts/tlsroot.pem @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB8jCCAZigAwIBAgIRANxd4D3sY0656NqOh8Rha0AwCgYIKoZIzj0EAwIwWDEL +MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG +cmFuY2lzY28xDTALBgNVBAoTBE9yZzIxDTALBgNVBAMTBE9yZzIwHhcNMTcwNTA4 +MDkzMDM0WhcNMjcwNTA2MDkzMDM0WjBYMQswCQYDVQQGEwJVUzETMBEGA1UECBMK +Q2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMET3Jn +MjENMAsGA1UEAxMET3JnMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDYy+qzS +J/8CMfhpBFhUhhz+7up4+lwjBWDSS01koszNh8camHTA8vS4ZsN+DZ2DRsSmRZgs +tG2oogLLIdh6Z1CjQzBBMA4GA1UdDwEB/wQEAwIBpjAPBgNVHSUECDAGBgRVHSUA +MA8GA1UdEwEB/wQFMAMBAf8wDQYDVR0OBAYEBAECAwQwCgYIKoZIzj0EAwIDSAAw +RQIgWnMmH0yxAjub3qfzxQioHKQ8+WvUjAXm0ejId9Q+rDICIQDr30UCPj+SXzOb +Cu4psMMBfLujKoiBNdLE1KEpt8lN1g== +-----END CERTIFICATE----- diff --git a/first-network/yaml/msp/tlsintermediatecerts/tlsintermediate.pem b/first-network/yaml/msp/tlsintermediatecerts/tlsintermediate.pem new file mode 100644 index 00000000..0feba1a6 --- /dev/null +++ b/first-network/yaml/msp/tlsintermediatecerts/tlsintermediate.pem @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICETCCAbagAwIBAgIQNpgoASE9fi0ooZVKcnwnZzAKBggqhkjOPQQDAjBYMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy +YW5jaXNjbzENMAsGA1UEChMET3JnMjENMAsGA1UEAxMET3JnMjAeFw0xNzA1MDgw +OTMwMzRaFw0yNzA1MDYwOTMwMzRaMGYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpD +YWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtPcmcy +LWNoaWxkMTEUMBIGA1UEAxMLT3JnMi1jaGlsZDEwWTATBgcqhkjOPQIBBggqhkjO +PQMBBwNCAARTBJ8/o1tpHPwuixYDgRwcrzAru0cWJJhE6KWHAa0vBCG4nl0zjjRS +og+iAuUcY4Z/gJoHol6dKSHk9h5jrqtEo1QwUjAOBgNVHQ8BAf8EBAMCAaYwDwYD +VR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTADAQH/MA0GA1UdDgQGBAQBAgMEMA8G +A1UdIwQIMAaABAECAwQwCgYIKoZIzj0EAwIDSQAwRgIhAIkPzk7ORV/WhfG7QY/6 +/OJg4++ftz2SZc44NIuogMArAiEAqbnpnmmHnzo2Qc6gnliCegpGnJ18RUT/jZlj +1qXHcvg= +-----END CERTIFICATE----- diff --git a/first-network/yaml/orderer.yaml b/first-network/yaml/orderer.yaml new file mode 100644 index 00000000..73f36100 --- /dev/null +++ b/first-network/yaml/orderer.yaml @@ -0,0 +1,398 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +################################################################################ +# +# Orderer Configuration +# +# - This controls the type and configuration of the orderer. +# +################################################################################ +General: + + # Ledger Type: The ledger type to provide to the orderer. + # Two non-production ledger types are provided for test purposes only: + # - ram: An in-memory ledger whose contents are lost on restart. + # - json: A simple file ledger that writes blocks to disk in JSON format. + # Only one production ledger type is provided: + # - file: A production file-based ledger. + LedgerType: file + + # Listen address: The IP on which to bind to listen. + ListenAddress: 127.0.0.1 + + # Listen port: The port on which to bind to listen. + ListenPort: 7050 + + # yunxiang fabric log module config + isOpenYxlog: true + logpath: /var/fabric_logs + logname: orderer_log + # 0:emergency, 1:alert, 2:critical, 3:error, 4:warning, 5:notice, 6:info, 7:debug + # default to be 6:info + yxLogLevel: 4 + maxlinesPerFile: 1000000 + maxsizePerFile: 1024000 + maxTotalSize: 10240000 + isautodelete: false + maxdays: 7 + daily: true + + # TLS: TLS settings for the GRPC server. + TLS: + Enabled: false + # PrivateKey governs the file location of the private key of the TLS certificate. + PrivateKey: tls/server.key + # Certificate governs the file location of the server TLS certificate. + Certificate: tls/server.crt + RootCAs: + - tls/ca.crt + ClientAuthRequired: false + ClientRootCAs: + # Keepalive settings for the GRPC server. + Keepalive: + # ServerMinInterval is the minimum permitted time between client pings. + # If clients send pings more frequently, the server will + # disconnect them. + ServerMinInterval: 60s + # ServerInterval is the time between pings to clients. + ServerInterval: 7200s + # ServerTimeout is the duration the server waits for a response from + # a client before closing the connection. + ServerTimeout: 20s + # Cluster settings for ordering service nodes that communicate with other ordering service nodes + # such as Raft based ordering service. + Cluster: + # SendBufferSize is the maximum number of messages in the egress buffer. + # Consensus messages are dropped if the buffer is full, and transaction + # messages are waiting for space to be freed. + SendBufferSize: 10 + # ClientCertificate governs the file location of the client TLS certificate + # used to establish mutual TLS connections with other ordering service nodes. + ClientCertificate: + # ClientPrivateKey governs the file location of the private key of the client TLS certificate. + ClientPrivateKey: + # The below 4 properties should be either set together, or be unset together. + # If they are set, then the orderer node uses a separate listener for intra-cluster + # communication. If they are unset, then the general orderer listener is used. + # This is useful if you want to use a different TLS server certificates on the + # client-facing and the intra-cluster listeners. + + # ListenPort defines the port on which the cluster listens to connections. + ListenPort: + # ListenAddress defines the IP on which to listen to intra-cluster communication. + ListenAddress: + # ServerCertificate defines the file location of the server TLS certificate used for intra-cluster + # communication. + ServerCertificate: + # ServerPrivateKey defines the file location of the private key of the TLS certificate. + ServerPrivateKey: + # Genesis method: The method by which the genesis block for the orderer + # system channel is specified. Available options are "provisional", "file": + # - provisional: Utilizes a genesis profile, specified by GenesisProfile, + # to dynamically generate a new genesis block. + # - file: Uses the file provided by GenesisFile as the genesis block. + GenesisMethod: provisional + + # Genesis profile: The profile to use to dynamically generate the genesis + # block to use when initializing the orderer system channel and + # GenesisMethod is set to "provisional". See the configtx.yaml file for the + # descriptions of the available profiles. Ignored if GenesisMethod is set to + # "file". + GenesisProfile: SampleInsecureSolo + + # Genesis file: The file containing the genesis block to use when + # initializing the orderer system channel and GenesisMethod is set to + # "file". Ignored if GenesisMethod is set to "provisional". + GenesisFile: genesisblock + + # LocalMSPDir is where to find the private crypto material needed by the + # orderer. It is set relative here as a default for dev environments but + # should be changed to the real location in production. + LocalMSPDir: msp + + # LocalMSPID is the identity to register the local MSP material with the MSP + # manager. IMPORTANT: The local MSP ID of an orderer needs to match the MSP + # ID of one of the organizations defined in the orderer system channel's + # /Channel/Orderer configuration. The sample organization defined in the + # sample configuration provided has an MSP ID of "SampleOrg". + LocalMSPID: SampleOrg + + # Enable an HTTP service for Go "pprof" profiling as documented at: + # https://golang.org/pkg/net/http/pprof + Profile: + Enabled: false + Address: 0.0.0.0:6060 + + # BCCSP configures the blockchain crypto service providers. + BCCSP: + # Default specifies the preferred blockchain crypto service provider + # to use. If the preferred provider is not available, the software + # based provider ("SW") will be used. + # Valid providers are: + # - SW: a software based crypto provider + # - PKCS11: a CA hardware security module crypto provider. + Default: SW + + # SW configures the software based blockchain crypto provider. + SW: + # TODO: The default Hash and Security level needs refactoring to be + # fully configurable. Changing these defaults requires coordination + # SHA2 is hardcoded in several places, not only BCCSP + Hash: SHA2 + Security: 256 + # Location of key store. If this is unset, a location will be + # chosen using: 'LocalMSPDir'/keystore + FileKeyStore: + KeyStore: + + # Authentication contains configuration parameters related to authenticating + # client messages + Authentication: + # the acceptable difference between the current server time and the + # client's time as specified in a client request message + TimeWindow: 15m + +################################################################################ +# +# SECTION: File Ledger +# +# - This section applies to the configuration of the file or json ledgers. +# +################################################################################ +FileLedger: + + # Location: The directory to store the blocks in. + # NOTE: If this is unset, a new temporary location will be chosen every time + # the orderer is restarted, using the prefix specified by Prefix. + Location: /var/hyperledger/production/orderer + + # The prefix to use when generating a ledger directory in temporary space. + # Otherwise, this value is ignored. + Prefix: hyperledger-fabric-ordererledger + DataDump: + Enabled: true + DumpDir: /var/hyperledger/production/orderer/chains + LoadDir: /var/hyperledger/production/orderer/chains + MaxFileLimit: 4096 + DumpCron: + - 0 */5 * * * ? + - 0 0 * * * ? + DumpInterval: 5m #24h + LoadRetryTimes: 5 +################################################################################ +# +# SECTION: RAM Ledger +# +# - This section applies to the configuration of the RAM ledger. +# +################################################################################ +RAMLedger: + + # History Size: The number of blocks that the RAM ledger is set to retain. + # WARNING: Appending a block to the ledger might cause the oldest block in + # the ledger to be dropped in order to limit the number total number blocks + # to HistorySize. For example, if history size is 10, when appending block + # 10, block 0 (the genesis block!) will be dropped to make room for block 10. + HistorySize: 1000 + +################################################################################ +# +# SECTION: Kafka +# +# - This section applies to the configuration of the Kafka-based orderer, and +# its interaction with the Kafka cluster. +# +################################################################################ +Kafka: + + # Retry: What do if a connection to the Kafka cluster cannot be established, + # or if a metadata request to the Kafka cluster needs to be repeated. + Retry: + # When a new channel is created, or when an existing channel is reloaded + # (in case of a just-restarted orderer), the orderer interacts with the + # Kafka cluster in the following ways: + # 1. It creates a Kafka producer (writer) for the Kafka partition that + # corresponds to the channel. + # 2. It uses that producer to post a no-op CONNECT message to that + # partition + # 3. It creates a Kafka consumer (reader) for that partition. + # If any of these steps fail, they will be re-attempted every + # for a total of , and then every + # for a total of until they succeed. + # Note that the orderer will be unable to write to or read from a + # channel until all of the steps above have been completed successfully. + ShortInterval: 5s + ShortTotal: 10m + LongInterval: 5m + LongTotal: 12h + # Affects the socket timeouts when waiting for an initial connection, a + # response, or a transmission. See Config.Net for more info: + # https://godoc.org/github.com/Shopify/sarama#Config + NetworkTimeouts: + DialTimeout: 10s + ReadTimeout: 10s + WriteTimeout: 10s + # Affects the metadata requests when the Kafka cluster is in the middle + # of a leader election.See Config.Metadata for more info: + # https://godoc.org/github.com/Shopify/sarama#Config + Metadata: + RetryBackoff: 250ms + RetryMax: 3 + # What to do if posting a message to the Kafka cluster fails. See + # Config.Producer for more info: + # https://godoc.org/github.com/Shopify/sarama#Config + Producer: + RetryBackoff: 100ms + RetryMax: 3 + # What to do if reading from the Kafka cluster fails. See + # Config.Consumer for more info: + # https://godoc.org/github.com/Shopify/sarama#Config + Consumer: + RetryBackoff: 2s + # Settings to use when creating Kafka topics. Only applies when + # Kafka.Version is v0.10.1.0 or higher + Topic: + # The number of Kafka brokers across which to replicate the topic + ReplicationFactor: 3 + # Verbose: Enable logging for interactions with the Kafka cluster. + Verbose: false + + # TLS: TLS settings for the orderer's connection to the Kafka cluster. + TLS: + + # Enabled: Use TLS when connecting to the Kafka cluster. + Enabled: false + + # PrivateKey: PEM-encoded private key the orderer will use for + # authentication. + PrivateKey: + # As an alternative to specifying the PrivateKey here, uncomment the + # following "File" key and specify the file name from which to load the + # value of PrivateKey. + #File: path/to/PrivateKey + + # Certificate: PEM-encoded signed public key certificate the orderer will + # use for authentication. + Certificate: + # As an alternative to specifying the Certificate here, uncomment the + # following "File" key and specify the file name from which to load the + # value of Certificate. + #File: path/to/Certificate + + # RootCAs: PEM-encoded trusted root certificates used to validate + # certificates from the Kafka cluster. + RootCAs: + # As an alternative to specifying the RootCAs here, uncomment the + # following "File" key and specify the file name from which to load the + # value of RootCAs. + #File: path/to/RootCAs + + # SASLPlain: Settings for using SASL/PLAIN authentication with Kafka brokers + SASLPlain: + # Enabled: Use SASL/PLAIN to authenticate with Kafka brokers + Enabled: false + # User: Required when Enabled is set to true + User: + # Password: Required when Enabled is set to true + Password: + + # Kafka protocol version used to communicate with the Kafka cluster brokers + # (defaults to 0.10.2.0 if not specified) + Version: + +################################################################################ +# +# Debug Configuration +# +# - This controls the debugging options for the orderer +# +################################################################################ +Debug: + + # BroadcastTraceDir when set will cause each request to the Broadcast service + # for this orderer to be written to a file in this directory + BroadcastTraceDir: + + # DeliverTraceDir when set will cause each request to the Deliver service + # for this orderer to be written to a file in this directory + DeliverTraceDir: + +################################################################################ +# +# Operations Configuration +# +# - This configures the operations server endpoint for the orderer +# +################################################################################ +Operations: + # host and port for the operations server + ListenAddress: 127.0.0.1:8443 + + # TLS configuration for the operations endpoint + TLS: + # TLS enabled + Enabled: false + + # Certificate is the location of the PEM encoded TLS certificate + Certificate: + + # PrivateKey points to the location of the PEM-encoded key + PrivateKey: + + # Most operations service endpoints require client authentication when TLS + # is enabled. ClientAuthRequired requires client certificate authentication + # at the TLS layer to access all resources. + ClientAuthRequired: false + + # Paths to PEM encoded ca certificates to trust for client authentication + ClientRootCAs: [] + +################################################################################ +# +# Metrics Configuration +# +# - This configures metrics collection for the orderer +# +################################################################################ +Metrics: + # The metrics provider is one of statsd, prometheus, or disabled + Provider: disabled + + # The statsd configuration + Statsd: + # network type: tcp or udp + Network: udp + + # the statsd server address + Address: 127.0.0.1:8125 + + # The interval at which locally cached counters and gauges are pushed + # to statsd; timings are pushed immediately + WriteInterval: 30s + + # The prefix is prepended to all emitted statsd metrics + Prefix: + +################################################################################ +# +# Consensus Configuration +# +# - This section contains config options for a consensus plugin. It is opaque +# to orderer, and completely up to consensus implementation to make use of. +# +################################################################################ +Consensus: + # The allowed key-value pairs here depend on consensus plugin. For etcd/raft, + # we use following options: + + # WALDir specifies the location at which Write Ahead Logs for etcd/raft are + # stored. Each channel will have its own subdir named after channel ID. + WALDir: /var/hyperledger/production/orderer/etcdraft/wal + + # SnapDir specifies the location at which snapshots for etcd/raft are + # stored. Each channel will have its own subdir named after channel ID. + SnapDir: /var/hyperledger/production/orderer/etcdraft/snapshot diff --git a/rafttest/.env b/rafttest/.env new file mode 100644 index 00000000..a6665fed --- /dev/null +++ b/rafttest/.env @@ -0,0 +1,2 @@ +COMPOSE_PROJECT_NAME=net +IMAGE_TAG=latest diff --git a/rafttest/.gitignore b/rafttest/.gitignore new file mode 100644 index 00000000..4888c4c2 --- /dev/null +++ b/rafttest/.gitignore @@ -0,0 +1,8 @@ +/channel-artifacts/*.tx +/channel-artifacts/*.block +/crypto-config/* +/docker-compose-e2e.yaml +/ledgers +/ledgers-backup +/channel-artifacts/*.json +/org3-artifacts/crypto-config/* \ No newline at end of file diff --git a/rafttest/add_org2.sh b/rafttest/add_org2.sh new file mode 100755 index 00000000..92ffa567 --- /dev/null +++ b/rafttest/add_org2.sh @@ -0,0 +1,85 @@ +#!/bin/bash +export FABRIC_CFG_PATH=$PWD +export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem +export PATH=${PWD}/../bin:${PWD}:$PATH +# 生成org2组织信息 +configtxgen --printOrg Org2MSP >channel-artifacts/org2.json + +# 设置通道为系统通道 +export CHANNEL_NAME=testchainid + +# 获取系统通道配置块并转换成json格式 +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'peer channel fetch config config_block.pb -o orderer0.org1.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json' + +# 将组织org2相关信息org2.json添加到config.json orderer groups位置 +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'jq -s ".[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"Org2MSP":.[1]}}}}}" config.json ./channel-artifacts/org2.json > modified_config.json' + +# 将组织org2的orderer tls添加到config.json orderer consenters位置 +export TLS_FILE=crypto/peerOrganizations/org2.example.com/peers/orderer0.org2.example.com/tls/server.crt + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" -e "TLS_FILE=$TLS_FILE" cli sh -c 'echo "{\"client_tls_cert\":\"$(cat $TLS_FILE | base64 |xargs echo | sed "s/ //g")\",\"host\":\"orderer0.org2.example.com\",\"port\":7050,\"server_tls_cert\":\"$(cat $TLS_FILE | base64 |xargs echo | sed "s/ //g")\"}" > org2consenter.json' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'jq ".channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [$(cat org2consenter.json)]" modified_config.json > modified_config_add.json' + +# 转换成pb格式及计算增量差异 +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator proto_encode --input config.json --type common.Config --output config.pb' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator proto_encode --input modified_config_add.json --type common.Config --output modified_config.pb' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output org2_update.pb' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator proto_decode --input org2_update.pb --type common.ConfigUpdate | jq . > org2_update.json' + +# 构建交易并签名 +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'echo "{\"payload\":{\"header\":{\"channel_header\":{\"channel_id\":\"testchainid\", \"type\":2}},\"data\":{\"config_update\":"$(cat org2_update.json)"}}}" | jq . > org2_update_in_envelope.json' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator proto_encode --input org2_update_in_envelope.json --type common.Envelope --output org2_update_in_envelope.pb' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'peer channel update -f org2_update_in_envelope.pb -c $CHANNEL_NAME -o orderer0.org1.example.com:7050 --tls --cafile $ORDERER_CA' + +# 获取最新配置块给org2的orderer作为启动块 +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'peer channel fetch config last_config_block.pb -o orderer0.org1.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'cp last_config_block.pb ./channel-artifacts/last_config.block' + +# 启动org2 +sleep 5 +docker-compose -f docker-compose-org2.yaml up -d +sleep 10 +# 按照上述步骤添加到应用链mychannel +export CHANNEL_NAME=mychannel + +# 获取系统通道配置块并转换成json格式 +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'peer channel fetch config config_block.pb -o orderer0.org1.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json' + +# 将组织org2相关信息org2.json添加到config.json orderer及Application groups位置 +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'jq -s ".[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"Org2MSP":.[1]}}}}}" config.json ./channel-artifacts/org2.json > modified_config.json' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'jq -s ".[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org2MSP":.[1]}}}}}" config.json ./channel-artifacts/org2.json > modified_config.json' + +# 将组织org2的orderer tls添加到config.json orderer consenters位置 +export TLS_FILE=crypto/peerOrganizations/org2.example.com/peers/orderer0.org2.example.com/tls/server.crt + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" -e "TLS_FILE=$TLS_FILE" cli sh -c 'echo "{\"client_tls_cert\":\"$(cat $TLS_FILE | base64 |xargs echo | sed "s/ //g")\",\"host\":\"orderer0.org2.example.com\",\"port\":7050,\"server_tls_cert\":\"$(cat $TLS_FILE | base64 |xargs echo | sed "s/ //g")\"}" > org2consenter.json' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'jq ".channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [$(cat org2consenter.json)]" modified_config.json > modified_config_add.json' + +# 转换成pb格式及计算增量差异 +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator proto_encode --input config.json --type common.Config --output config.pb' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator proto_encode --input modified_config_add.json --type common.Config --output modified_config.pb' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output org2_update.pb' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator proto_decode --input org2_update.pb --type common.ConfigUpdate | jq . > org2_update.json' + +# 构建交易及更新 +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'echo "{\"payload\":{\"header\":{\"channel_header\":{\"channel_id\":\"mychannel\", \"type\":2}},\"data\":{\"config_update\":"$(cat org2_update.json)"}}}" | jq . > org2_update_in_envelope.json' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'configtxlator proto_encode --input org2_update_in_envelope.json --type common.Envelope --output org2_update_in_envelope.pb' + +docker exec -e "ORDERER_CA=$ORDERER_CA" -e "CHANNEL_NAME=$CHANNEL_NAME" cli sh -c 'peer channel update -f org2_update_in_envelope.pb -c $CHANNEL_NAME -o orderer0.org1.example.com:7050 --tls --cafile $ORDERER_CA' diff --git a/rafttest/base/docker-compose-base.yaml b/rafttest/base/docker-compose-base.yaml new file mode 100644 index 00000000..4c55ff96 --- /dev/null +++ b/rafttest/base/docker-compose-base.yaml @@ -0,0 +1,110 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '2' + +services: + + orderer.example.com: + container_name: orderer.example.com + extends: + file: peer-base.yaml + service: orderer-base + volumes: + - ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block + - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp + - ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls + - orderer.example.com:/var/hyperledger/production/orderer + ports: + - 7050:7050 + + peer0.org1.example.com: + container_name: peer0.org1.example.com + extends: + file: peer-base.yaml + service: peer-base + environment: + - CORE_PEER_ID=peer0.org1.example.com + - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:7051 + - CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.example.com:8051 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051 + - CORE_PEER_LOCALMSPID=Org1MSP + volumes: + - /var/run/:/host/var/run/ + - ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp + - ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls + - peer0.org1.example.com:/var/hyperledger/production + ports: + - 7051:7051 + + peer1.org1.example.com: + container_name: peer1.org1.example.com + extends: + file: peer-base.yaml + service: peer-base + environment: + - CORE_PEER_ID=peer1.org1.example.com + - CORE_PEER_ADDRESS=peer1.org1.example.com:8051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:8051 + - CORE_PEER_CHAINCODEADDRESS=peer1.org1.example.com:8052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:8052 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:8051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051 + - CORE_PEER_LOCALMSPID=Org1MSP + volumes: + - /var/run/:/host/var/run/ + - ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp + - ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls + - peer1.org1.example.com:/var/hyperledger/production + + ports: + - 8051:8051 + + peer0.org2.example.com: + container_name: peer0.org2.example.com + extends: + file: peer-base.yaml + service: peer-base + environment: + - CORE_PEER_ID=peer0.org2.example.com + - CORE_PEER_ADDRESS=peer0.org2.example.com:9051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:9051 + - CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:10051 + - CORE_PEER_LOCALMSPID=Org2MSP + volumes: + - /var/run/:/host/var/run/ + - ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp + - ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls + - peer0.org2.example.com:/var/hyperledger/production + ports: + - 9051:9051 + + peer1.org2.example.com: + container_name: peer1.org2.example.com + extends: + file: peer-base.yaml + service: peer-base + environment: + - CORE_PEER_ID=peer1.org2.example.com + - CORE_PEER_ADDRESS=peer1.org2.example.com:10051 + - CORE_PEER_LISTENADDRESS=0.0.0.0:10051 + - CORE_PEER_CHAINCODEADDRESS=peer1.org2.example.com:10052 + - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:10052 + - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:10051 + - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051 + - CORE_PEER_LOCALMSPID=Org2MSP + volumes: + - /var/run/:/host/var/run/ + - ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/etc/hyperledger/fabric/msp + - ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/etc/hyperledger/fabric/tls + - peer1.org2.example.com:/var/hyperledger/production + ports: + - 10051:10051 diff --git a/rafttest/base/peer-base.yaml b/rafttest/base/peer-base.yaml new file mode 100644 index 00000000..c5240707 --- /dev/null +++ b/rafttest/base/peer-base.yaml @@ -0,0 +1,52 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '2' + +services: + peer-base: + image: hyperledger/fabric-peer:$IMAGE_TAG + environment: + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + # the following setting starts chaincode containers on the same + # bridge network as the peers + # https://docs.docker.com/compose/networking/ + - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn + - FABRIC_LOGGING_SPEC=INFO + #- FABRIC_LOGGING_SPEC=DEBUG + #- CORE_LEDGER_DATADUMP_ENABLED=TRUE + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_GOSSIP_USELEADERELECTION=true + - CORE_PEER_GOSSIP_ORGLEADER=false + - CORE_PEER_PROFILE_ENABLED=true + - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt + working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer + command: peer node start + + orderer-base: + image: hyperledger/fabric-orderer:$IMAGE_TAG + environment: + - FABRIC_LOGGING_SPEC=INFO + - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0 + - ORDERER_GENERAL_GENESISMETHOD=file + - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block + #- ORDERER_GENERAL_LOCALMSPID=OrdererMSP + - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp + # enabled TLS + - ORDERER_GENERAL_TLS_ENABLED=true + - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + #- ORDERER_FILELEDGER_DATADUMP_ENABLED=TRUE + - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1 + - ORDERER_KAFKA_VERBOSE=true + - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt + - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key + - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt] + working_dir: /opt/gopath/src/github.com/hyperledger/fabric + command: orderer + diff --git a/rafttest/channel-artifacts/.gitkeep b/rafttest/channel-artifacts/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/rafttest/clean.sh b/rafttest/clean.sh new file mode 100755 index 00000000..3154a20a --- /dev/null +++ b/rafttest/clean.sh @@ -0,0 +1,5 @@ +#!/bin/bash +docker rm -f $(docker ps -aq) +docker volume rm $(docker volume ls -q) +rm -rf ./channel-artifacts/* +rm -rf crypto-config diff --git a/rafttest/configtx.yaml b/rafttest/configtx.yaml new file mode 100644 index 00000000..d874a155 --- /dev/null +++ b/rafttest/configtx.yaml @@ -0,0 +1,320 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +--- +################################################################################ +# +# Section: Organizations +# +# - This section defines the different organizational identities which will +# be referenced later in the configuration. +# +################################################################################ +Organizations: + - &Org1 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org1MSP + + # ID to load the MSP definition as + ID: Org1MSP + + MSPDir: crypto-config/peerOrganizations/org1.example.com/msp + + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org1MSP.member')" + Writers: + Type: Signature + Rule: "OR('Org1MSP.member')" + Admins: + Type: Signature + Rule: "OR('Org1MSP.member')" + + # leave this flag set to true. + AnchorPeers: + # AnchorPeers defines the location of peers which can be used + # for cross org gossip communication. Note, this value is only + # encoded in the genesis block in the Application section context + - Host: peer0.org1.example.com + Port: 7051 + - &Org2 + # DefaultOrg defines the organization which is used in the sampleconfig + # of the fabric.git development environment + Name: Org2MSP + + # ID to load the MSP definition as + ID: Org2MSP + + MSPDir: crypto-config/peerOrganizations/org2.example.com/msp + + # Policies defines the set of policies at this level of the config tree + # For organization policies, their canonical path is usually + # /Channel/// + Policies: + Readers: + Type: Signature + Rule: "OR('Org2MSP.member')" + Writers: + Type: Signature + Rule: "OR('Org2MSP.member')" + Admins: + Type: Signature + Rule: "OR('Org2MSP.member')" + + # leave this flag set to true. + AnchorPeers: + # AnchorPeers defines the location of peers which can be used + # for cross org gossip communication. Note, this value is only + # encoded in the genesis block in the Application section context + - Host: peer0.org2.example.com + Port: 9051 + +################################################################################ +# +# SECTION: Capabilities + +################################################################################ +# +# SECTION: Capabilities +# +# - This section defines the capabilities of fabric network. This is a new +# concept as of v1.1.0 and should not be utilized in mixed networks with +# v1.0.x peers and orderers. Capabilities define features which must be +# present in a fabric binary for that binary to safely participate in the +# fabric network. For instance, if a new MSP type is added, newer binaries +# might recognize and validate the signatures from this type, while older +# binaries without this support would be unable to validate those +# transactions. This could lead to different versions of the fabric binaries +# having different world states. Instead, defining a capability for a channel +# informs those binaries without this capability that they must cease +# processing transactions until they have been upgraded. For v1.0.x if any +# capabilities are defined (including a map with all capabilities turned off) +# then the v1.0.x peer will deliberately crash. +# +################################################################################ +Capabilities: + # Channel capabilities apply to both the orderers and the peers and must be + # supported by both. + # Set the value of the capability to true to require it. + Channel: &ChannelCapabilities + # V1.3 for Channel is a catchall flag for behavior which has been + # determined to be desired for all orderers and peers running at the v1.3.x + # level, but which would be incompatible with orderers and peers from + # prior releases. + # Prior to enabling V1.3 channel capabilities, ensure that all + # orderers and peers on a channel are at v1.3.0 or later. + V1_3: true + + # Orderer capabilities apply only to the orderers, and may be safely + # used with prior release peers. + # Set the value of the capability to true to require it. + Orderer: &OrdererCapabilities + # V1.1 for Orderer is a catchall flag for behavior which has been + # determined to be desired for all orderers running at the v1.1.x + # level, but which would be incompatible with orderers from prior releases. + # Prior to enabling V1.1 orderer capabilities, ensure that all + # orderers on a channel are at v1.1.0 or later. + V1_1: true + + # Application capabilities apply only to the peer network, and may be safely + # used with prior release orderers. + # Set the value of the capability to true to require it. + Application: &ApplicationCapabilities + # V1.3 for Application enables the new non-backwards compatible + # features and fixes of fabric v1.3. + V1_3: true + # V1.2 for Application enables the new non-backwards compatible + # features and fixes of fabric v1.2 (note, this need not be set if + # later version capabilities are set) + V1_2: false + # V1.1 for Application enables the new non-backwards compatible + # features and fixes of fabric v1.1 (note, this need not be set if + # later version capabilities are set). + V1_1: false + +################################################################################ +# +# SECTION: Application +# +# - This section defines the values to encode into a config transaction or +# genesis block for application related parameters +# +################################################################################ +Application: &ApplicationDefaults + + # Organizations is the list of orgs which are defined as participants on + # the application side of the network + Organizations: + + # Policies defines the set of policies at this level of the config tree + # For Application policies, their canonical path is + # /Channel/Application/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + + Capabilities: + <<: *ApplicationCapabilities +################################################################################ +# +# SECTION: Orderer +# +# - This section defines the values to encode into a config transaction or +# genesis block for orderer related parameters +# +################################################################################ +Orderer: &OrdererDefaults + + # Orderer Type: The orderer implementation to start + # Available types are "solo" and "kafka" + OrdererType: solo + + Addresses: + - orderer.example.com:7050 + + # Batch Timeout: The amount of time to wait before creating a batch + BatchTimeout: 2s + + # Batch Size: Controls the number of messages batched into a block + BatchSize: + + # Max Message Count: The maximum number of messages to permit in a batch + MaxMessageCount: 10 + + # Absolute Max Bytes: The absolute maximum number of bytes allowed for + # the serialized messages in a batch. + AbsoluteMaxBytes: 99 MB + + # Preferred Max Bytes: The preferred maximum number of bytes allowed for + # the serialized messages in a batch. A message larger than the preferred + # max bytes will result in a batch larger than preferred max bytes. + PreferredMaxBytes: 512 KB + + Kafka: + # Brokers: A list of Kafka brokers to which the orderer connects + # NOTE: Use IP:port notation + Brokers: + - 127.0.0.1:9092 + + # Organizations is the list of orgs which are defined as participants on + # the orderer side of the network + Organizations: + + # Policies defines the set of policies at this level of the config tree + # For Orderer policies, their canonical path is + # /Channel/Orderer/ + Policies: + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + # BlockValidation specifies what signatures must be included in the block + # from the orderer for the peer to validate it. + BlockValidation: + Type: ImplicitMeta + Rule: "ANY Writers" + +################################################################################ +# +# CHANNEL +# +# This section defines the values to encode into a config transaction or +# genesis block for channel related parameters. +# +################################################################################ +Channel: &ChannelDefaults + # Policies defines the set of policies at this level of the config tree + # For Channel policies, their canonical path is + # /Channel/ + Policies: + # Who may invoke the 'Deliver' API + Readers: + Type: ImplicitMeta + Rule: "ANY Readers" + # Who may invoke the 'Broadcast' API + Writers: + Type: ImplicitMeta + Rule: "ANY Writers" + # By default, who may modify elements at this config level + Admins: + Type: ImplicitMeta + Rule: "MAJORITY Admins" + + # Capabilities describes the channel level capabilities, see the + # dedicated Capabilities section elsewhere in this file for a full + # description + Capabilities: + <<: *ChannelCapabilities + +################################################################################ +# +# Profile +# +# - Different configuration profiles may be encoded here to be specified +# as parameters to the configtxgen tool +# +################################################################################ +Profiles: + + TwoOrgsChannel: + Consortium: SampleConsortium + <<: *ChannelDefaults + Application: + <<: *ApplicationDefaults + Organizations: + - *Org1 + Capabilities: + <<: *ApplicationCapabilities + + SampleMultiNodeEtcdRaft: + <<: *ChannelDefaults + Capabilities: + <<: *ChannelCapabilities + Orderer: + <<: *OrdererDefaults + OrdererType: etcdraft + EtcdRaft: + Consenters: + - Host: orderer0.org1.example.com + Port: 7050 + ClientTLSCert: crypto-config/peerOrganizations/org1.example.com/peers/orderer0.org1.example.com/tls/server.crt + ServerTLSCert: crypto-config/peerOrganizations/org1.example.com/peers/orderer0.org1.example.com/tls/server.crt + - Host: orderer1.org1.example.com + Port: 7050 + ClientTLSCert: crypto-config/peerOrganizations/org1.example.com/peers/orderer1.org1.example.com/tls/server.crt + ServerTLSCert: crypto-config/peerOrganizations/org1.example.com/peers/orderer1.org1.example.com/tls/server.crt + Addresses: + - orderer0.org1.example.com:7050 + - orderer1.org1.example.com:7050 + + Organizations: + - *Org1 + Capabilities: + <<: *OrdererCapabilities + Application: + <<: *ApplicationDefaults + Organizations: + - <<: *Org1 + Consortiums: + SampleConsortium: + Organizations: + - *Org1 diff --git a/rafttest/crypto-config.yaml b/rafttest/crypto-config.yaml new file mode 100644 index 00000000..ac1fd45b --- /dev/null +++ b/rafttest/crypto-config.yaml @@ -0,0 +1,20 @@ +PeerOrgs: + - Name: Org1 + Domain: org1.example.com + EnableNodeOUs: true + Template: + Count: 2 + Users: + Count: 1 + Specs: + - Hostname: orderer0 + - Hostname: orderer1 + - Name: Org2 + Domain: org2.example.com + EnableNodeOUs: true + Template: + Count: 2 + Users: + Count: 1 + Specs: + - Hostname: orderer0 diff --git a/rafttest/docker-compose-org1.yaml b/rafttest/docker-compose-org1.yaml new file mode 100644 index 00000000..de70ad9c --- /dev/null +++ b/rafttest/docker-compose-org1.yaml @@ -0,0 +1,101 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '2' + +volumes: + orderer0.org1.example.com: + orderer1.org1.example.com: + peer0.org1.example.com: + peer1.org1.example.com: + +networks: + byfn: + +services: + + orderer0.org1.example.com: + environment: + - ORDERER_GENERAL_LOCALMSPID=Org1MSP + extends: + file: base/peer-base.yaml + service: orderer-base + container_name: orderer0.org1.example.com + networks: + - byfn + volumes: + - ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block + - ./crypto-config/peerOrganizations/org1.example.com/peers/orderer0.org1.example.com/msp:/var/hyperledger/orderer/msp + - ./crypto-config/peerOrganizations/org1.example.com/peers/orderer0.org1.example.com/tls/:/var/hyperledger/orderer/tls + - orderer0.org1.example.com:/var/hyperledger/production/orderer + ports: + - 7050:7050 + + orderer1.org1.example.com: + environment: + - ORDERER_GENERAL_LOCALMSPID=Org1MSP + extends: + file: base/peer-base.yaml + service: orderer-base + container_name: orderer1.org1.example.com + networks: + - byfn + volumes: + - ./channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block + - ./crypto-config/peerOrganizations/org1.example.com/peers/orderer1.org1.example.com/msp:/var/hyperledger/orderer/msp + - ./crypto-config/peerOrganizations/org1.example.com/peers/orderer1.org1.example.com/tls/:/var/hyperledger/orderer/tls + - orderer1.org1.example.com:/var/hyperledger/production/orderer + ports: + - 8050:7050 + + peer0.org1.example.com: + container_name: peer0.org1.example.com + extends: + file: base/docker-compose-base.yaml + service: peer0.org1.example.com + networks: + - byfn + + peer1.org1.example.com: + container_name: peer1.org1.example.com + extends: + file: base/docker-compose-base.yaml + service: peer1.org1.example.com + networks: + - byfn + + cli: + container_name: cli + image: hyperledger/fabric-tools:$IMAGE_TAG + tty: true + stdin_open: true + environment: + - GOPATH=/opt/gopath + - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock + #- FABRIC_LOGGING_SPEC=DEBUG + - FABRIC_LOGGING_SPEC=INFO + - CORE_PEER_ID=cli + - CORE_PEER_ADDRESS=peer0.org1.example.com:7051 + - CORE_PEER_LOCALMSPID=Org1MSP + - CORE_PEER_TLS_ENABLED=true + - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt + - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key + - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt + - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp + working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer + command: /bin/bash + volumes: + - /var/run/:/host/var/run/ + - ./../chaincode/:/opt/gopath/src/github.com/chaincode + - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ + - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ + - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts + depends_on: + - peer0.org1.example.com + - peer1.org1.example.com + - orderer0.org1.example.com + - orderer1.org1.example.com + networks: + - byfn diff --git a/rafttest/docker-compose-org2.yaml b/rafttest/docker-compose-org2.yaml new file mode 100644 index 00000000..dfeb8f02 --- /dev/null +++ b/rafttest/docker-compose-org2.yaml @@ -0,0 +1,49 @@ +# Copyright IBM Corp. All Rights Reserved. +# +# SPDX-License-Identifier: Apache-2.0 +# + +version: '2' + +volumes: + orderer0.org2.example.com: + peer0.org2.example.com: + peer1.org2.example.com: + +networks: + byfn: + +services: + + orderer0.org2.example.com: + environment: + - ORDERER_GENERAL_LOCALMSPID=Org2MSP + extends: + file: base/peer-base.yaml + service: orderer-base + container_name: orderer0.org2.example.com + networks: + - byfn + volumes: + - ./channel-artifacts/last_config.block:/var/hyperledger/orderer/orderer.genesis.block + - ./crypto-config/peerOrganizations/org2.example.com/peers/orderer0.org2.example.com/msp:/var/hyperledger/orderer/msp + - ./crypto-config/peerOrganizations/org2.example.com/peers/orderer0.org2.example.com/tls/:/var/hyperledger/orderer/tls + - orderer0.org2.example.com:/var/hyperledger/production/orderer + ports: + - 9050:7050 + + peer0.org2.example.com: + container_name: peer0.org2.example.com + extends: + file: base/docker-compose-base.yaml + service: peer0.org2.example.com + networks: + - byfn + + peer1.org2.example.com: + container_name: peer1.org2.example.com + extends: + file: base/docker-compose-base.yaml + service: peer1.org2.example.com + networks: + - byfn diff --git a/rafttest/modified_config.json b/rafttest/modified_config.json new file mode 100644 index 00000000..892aa723 --- /dev/null +++ b/rafttest/modified_config.json @@ -0,0 +1,27 @@ +jq - commandline JSON processor [version 1.5-1-a5b5cbe] +Usage: jq [options] [file...] + + jq is a tool for processing JSON inputs, applying the + given filter to its JSON text inputs and producing the + filter's results as JSON on standard output. + The simplest filter is ., which is the identity filter, + copying jq's input to its output unmodified (except for + formatting). + For more advanced filters see the jq(1) manpage ("man jq") + and/or https://stedolan.github.io/jq + + Some of the options include: + -c compact instead of pretty-printed output; + -n use `null` as the single input value; + -e set the exit status code based on the output; + -s read (slurp) all inputs into an array; apply filter to it; + -r output raw strings, not JSON texts; + -R read raw strings, not JSON texts; + -C colorize JSON; + -M monochrome (don't colorize JSON); + -S sort keys of objects on output; + --tab use tabs for indentation; + --arg a v set variable $a to value ; + --argjson a v set variable $a to JSON value ; + --slurpfile a f set variable $a to an array of JSON texts read from ; + See the manpage for more options. diff --git a/rafttest/scripts/script.sh b/rafttest/scripts/script.sh new file mode 100755 index 00000000..5ea458db --- /dev/null +++ b/rafttest/scripts/script.sh @@ -0,0 +1,32 @@ +#!/bin/bash +export CHANNEL_NAME=mychannel +export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/orderer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem + +## Create channel +echo "Creating channel..." +peer channel create -o orderer0.org1.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA +sleep 2 +## Join all the peers to the channel +echo "peer0.org1 join the channel..." +peer channel join -b $CHANNEL_NAME.block +## Set the anchor peers for each org in the channel +echo "Updating anchor peers for org1..." +peer channel update -o orderer0.org1.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA +sleep 2 +## Install chaincode on peer0.org1 +echo "Installing chaincode on peer0.org1..." +peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go +# Instantiate chaincode on peer0.org1 +echo "Instantiating chaincode on peer0.org1..." +peer chaincode instantiate -o orderer0.org1.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a", "100", "b","200"]}' -P "OR ('Org1MSP.member')" +# Query chaincode on peer0.org1 +echo "Querying chaincode on peer0.org1..." +sleep 5 +peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}' +# Invoke chaincode on peer0.org1 +echo "Sending invoke transaction on peer0.org1" +peer chaincode invoke -o orderer0.org1.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","10"]}' +# Query chaincode on peer0.org1 +sleep 5 +echo "Querying chaincode on peer0.org1..." +peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}' diff --git a/rafttest/start.sh b/rafttest/start.sh new file mode 100755 index 00000000..085ed09d --- /dev/null +++ b/rafttest/start.sh @@ -0,0 +1,17 @@ +#!/bin/bash +export CHANNEL_NAME=mychannel +export FABRIC_CFG_PATH=$PWD +export PATH=${PWD}/../bin:${PWD}:$PATH + +cryptogen generate --config=./crypto-config.yaml + +configtxgen -profile SampleMultiNodeEtcdRaft -outputBlock ./channel-artifacts/genesis.block + +configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME + +configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP + +sleep 5 +docker-compose -f docker-compose-org1.yaml up -d +sleep 20 +docker exec -it cli sh -c "./scripts/script.sh"