前言 在基于Debian搭建Hyperledger Fabric 2.4开发环境及运行简单案例中，我们已经完成了Fabric 2.4的环境搭建及fabric-samples/test-network官方案例的运行。毫无疑问test-network是一个优秀的入门项目，让我们仅仅通过几行命令就能搭建起常用的Fabric联盟链网络，但我相信很多人第一次使用./network.sh up成功启动联盟链网络时跟我一样是懵的：网络是怎样启动的？它在背后做了什么？该网络包含哪些节点？包含哪些功能？它有什么用？为了解决这些问题，本文根据test-network中的几个Bash脚本源码，从启动流程、创建通道、部署链码等多个入口函数着手详细分析了脚本执行过程，对未来定制自己的Fabric网络提供参考。本文分析源码主要包含启动默认网络、启动CA网络、创建通道、部署链码四个方面，每节分为官方调用和过程详解：官方调用是使用官方Bash脚本实现对应功能、过程详解是该脚本的实际实现流程，根据过程详解中的代码能够搭建出完全可用的网络。
准备 在开始前，需要准备好Fabric的开发环境，具体环境搭建和软件版本可参考基于Debian搭建Hyperledger Fabric 2.4开发环境及运行简单案例。之后将fabric-samples1下的test-network目录拷贝到本地，由于官方示例中过于封装导致难以单独使用，因此本文对原test-network项目进行修改，修改内容包括但不限于以下几个方面（建议直接将本案例仓库 FabricLearn 下的 0_TestNetworkExplain 目录拷贝到本地运行）：

1. 修改compose-test-net.yaml、compose-ca.yaml、docker/docker-compose-test-net.yaml、docker/docker-compose-ca.yaml文件中镜像版本:
   

   hyperledger/fabric-tools:latest->hyperledger/fabric-tools:2.4 hyperledger/fabric-peer:latest->fabric-peer:2.4 hyperledger/fabric-orderer:latest->fabric-orderer:2.4 hyperledger/fabric-ca:latest->fabric-ca:1.5

   
   
2. 将基于Debian搭建Hyperledger Fabric 2.4开发环境及运行简单案例中的/usr/local/fabric/config目录复制到test-network根目录下。如无特殊说明，环境变量FABRIC_CFG_PATH总是默认指向test-network/config目录。
3. 修改docker-compose-test-net.yaml，将${DOCKER_SOCK}改成/var/run/docker.sock。
4. 修改createChannel.sh、deployCC.sh，将FABRIC_CFG_PATH=$PWD/../config/改成FABRIC_CFG_PATH=$PWD/config/
5. 如无特殊说明，本文所有命令皆运行在test-network根目录下。

启动默认网络 官方调用
在test-network中，包含一个默认最简网络，该网络只包含两个peer节点、一个orderer节点和一个cli节点，其中各节点的证书使用cryptogen工具静态生成。可以直接运行以下命令启动默认最简网络：

./network.sh up

文章图片

过程详解

1. 检查依赖：
2. 检查peer版本
3. 检查./config配置目录是否存在
4. 检查peer版本与docker image版本是否匹配
5. 检查fabric-ca环境是否正常，默认使用cryptogen
   
   文章图片
   
6. 创建组织证书：
   

   cryptogen generate --config=./organizations/cryptogen/crypto-config-org1.yaml --output="organizations" cryptogen generate --config=./organizations/cryptogen/crypto-config-org2.yaml --output="organizations" cryptogen generate --config=./organizations/cryptogen/crypto-config-orderer.yaml --output="organizations"

   
   
7. docker-compose启动所有容器：
   

   docker-compose -f compose/compose-test-net.yaml -f compose/docker/docker-compose-test-net.yaml up -d

   
   
   文章图片
   
   其中compose-test-net.yaml包含基本镜像配置，docker-compose-test-net.yaml包含基础通用变量，二者缺一不可。以上命令完成后即可实现与./network.sh up完全相同的效果，进行下节实验前可使用./network.sh down关闭此网络。
   

启动CA网络 官方调用
在test-network中，可以通过fabric-ca启动网络，该网络使用fabric-ca管理所有节点的身份证书，其中包含三个ca节点、两个peer节点、一个orderer节点和一个cli节点。可以直接运行以下命令启动CA网络（后面所有实验基于此网络）：

./network.sh up -ca

文章图片

过程详解

1. 检查软件、版本依赖：
   
   文章图片
   
2. 启动fabric-ca容器：
   

   docker-compose -f compose/compose-ca.yaml -f compose/docker/docker-compose-ca.yaml up -d

   
   
3. 创建org1证书目录：
   

   # 创建组织证书根目录 mkdir -p organizations/peerOrganizations/org1.example.com/

   
   
4. enroll管理员账户：
   

   # enroll组织默认管理员账户，其配置对应在compose/compose-ca.yaml的command中，enroll过程会获取该账户的全部证书并保存至FABRIC_CA_CLIENT_HOME目录下 export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org1.example.com/ fabric-ca-client enroll -u https://admin:adminpw@localhost:7054 --caname ca-org1 --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"

   
   
5. 创建org1组织的OU配置文件：
   

   # 创建组织msp的OU配置文件 echo 'NodeOUs: Enable: true ClientOUIdentifier: Certificate: cacerts/localhost-7054-ca-org1.pem OrganizationalUnitIdentifier: client PeerOUIdentifier: Certificate: cacerts/localhost-7054-ca-org1.pem OrganizationalUnitIdentifier: peer AdminOUIdentifier: Certificate: cacerts/localhost-7054-ca-org1.pem OrganizationalUnitIdentifier: admin OrdererOUIdentifier: Certificate: cacerts/localhost-7054-ca-org1.pem OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml"

   
   
6. 构造tlscacerts证书目录（用于不同组织通信）：
   

   # 由于该CA同时充当组织CA和tlsca，因此直接将CA启动时生成的组织根证书复制到组织级CA和TLS CA目录中 mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts" cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/ca.crt"

   
   
7. 构造tlsca证书目录（用于组织内客户端通信）：
   

   mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca" cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem"

   
   
8. 构造ca证书目录（用于组织内客户端通信）：
   

   mkdir -p "${PWD}/organizations/peerOrganizations/org1.example.com/ca" cp "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem"

   
   
9. 为org1注册新账户：
   

   fabric-ca-client register --caname ca-org1 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" fabric-ca-client register --caname ca-org1 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" fabric-ca-client register --caname ca-org1 --id.name org1admin --id.secret org1adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem"

   
   
10. 构造peer0的身份证书目录：
    

    # 构造peer0的msp证书目录，证书文件会存在-M指定的文件夹下 fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp" --csr.hosts peer0.org1.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/config.yaml" # 构造peer0的msp-tls证书目录 fabric-ca-client enroll -u https://peer0:peer0pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org1.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" # 构造peer0的tls证书目录并格式化文件名——用于启动peer docker容器 cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt" cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt" cp "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key"

    
    
11. 构造其它用户身份证书目录：
    

    # 构造user1的msp证书目录，因为不用于组织间通信，所以不用配置tls fabric-ca-client enroll -u https://user1:user1pw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/User1@org1.example.com/msp/config.yaml"# 构造org1admin的msp证书目录 fabric-ca-client enroll -u https://org1admin:org1adminpw@localhost:7054 --caname ca-org1 -M "${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org1/ca-cert.pem" cp "${PWD}/organizations/peerOrganizations/org1.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/config.yaml"

    
    
12. 构造org2的组织证书，关键代码如下（各代码含义如上）：
    

    mkdir -p organizations/peerOrganizations/org2.example.com/ export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org2.example.com/fabric-ca-client enroll -u https://admin:adminpw@localhost:8054 --caname ca-org2 --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"echo 'NodeOUs: Enable: true ClientOUIdentifier: Certificate: cacerts/localhost-8054-ca-org2.pem OrganizationalUnitIdentifier: client PeerOUIdentifier: Certificate: cacerts/localhost-8054-ca-org2.pem OrganizationalUnitIdentifier: peer AdminOUIdentifier: Certificate: cacerts/localhost-8054-ca-org2.pem OrganizationalUnitIdentifier: admin OrdererOUIdentifier: Certificate: cacerts/localhost-8054-ca-org2.pem OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml"mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts" cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/msp/tlscacerts/ca.crt" mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca" cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem" mkdir -p "${PWD}/organizations/peerOrganizations/org2.example.com/ca" cp "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" "${PWD}/organizations/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem"fabric-ca-client register --caname ca-org2 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" fabric-ca-client register --caname ca-org2 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" fabric-ca-client register --caname ca-org2 --id.name org2admin --id.secret org2adminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp" --csr.hosts peer0.org2.example.com --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/config.yaml" fabric-ca-client enroll -u https://peer0:peer0pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls" --enrollment.profile tls --csr.hosts peer0.org2.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem"cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/tlscacerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt" cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/signcerts/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.crt" cp "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/keystore/"* "${PWD}/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/server.key"fabric-ca-client enroll -u https://user1:user1pw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/User1@org2.example.com/msp/config.yaml"fabric-ca-client enroll -u https://org2admin:org2adminpw@localhost:8054 --caname ca-org2 -M "${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/org2/ca-cert.pem" cp "${PWD}/organizations/peerOrganizations/org2.example.com/msp/config.yaml" "${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp/config.yaml"

    
    
13. 构造orderer的组织证书，关键代码如下：
    

    mkdir -p organizations/ordererOrganizations/example.com export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/ordererOrganizations/example.comfabric-ca-client enroll -u https://admin:adminpw@localhost:9054 --caname ca-orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"echo 'NodeOUs: Enable: true ClientOUIdentifier: Certificate: cacerts/localhost-9054-ca-orderer.pem OrganizationalUnitIdentifier: client PeerOUIdentifier: Certificate: cacerts/localhost-9054-ca-orderer.pem OrganizationalUnitIdentifier: peer AdminOUIdentifier: Certificate: cacerts/localhost-9054-ca-orderer.pem OrganizationalUnitIdentifier: admin OrdererOUIdentifier: Certificate: cacerts/localhost-9054-ca-orderer.pem OrganizationalUnitIdentifier: orderer' > "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml"mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts" cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/msp/tlscacerts/tlsca.example.com-cert.pem" mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/tlsca" cp "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" "${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem"fabric-ca-client register --caname ca-orderer --id.name orderer --id.secret ordererpw --id.type orderer --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" fabric-ca-client register --caname ca-orderer --id.name ordererAdmin --id.secret ordererAdminpw --id.type admin --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp" --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/config.yaml"fabric-ca-client enroll -u https://orderer:ordererpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls" --enrollment.profile tls --csr.hosts orderer.example.com --csr.hosts localhost --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem"cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt" cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/signcerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt" cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/keystore/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key" mkdir -p "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts" cp "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/tlscacerts/"* "${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem"fabric-ca-client enroll -u https://ordererAdmin:ordererAdminpw@localhost:9054 --caname ca-orderer -M "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp" --tls.certfiles "${PWD}/organizations/fabric-ca/ordererOrg/ca-cert.pem" cp "${PWD}/organizations/ordererOrganizations/example.com/msp/config.yaml" "${PWD}/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp/config.yaml"

    
    
14. 启动所有容器
    

    docker-compose -f compose/compose-test-net.yaml -f compose/docker/docker-compose-test-net.yaml up -d

    
    以上命令成功后便可使用docker ps命令看到运行的镜像：
    

    CONTAINER IDIMAGECOMMANDCREATEDSTATUSPORTSNAMES 75e842d165eahyperledger/fabric-tools:2.4"/bin/bash"10 seconds agoUp 8 secondscli 576b578063c5hyperledger/fabric-peer:2.4"peer node start"16 seconds agoUp 10 seconds0.0.0.0:9051->9051/tcp, 7051/tcp, 0.0.0.0:9445->9445/tcppeer0.org2.example.com 512d7d98c8c4hyperledger/fabric-orderer:2.4"orderer"16 seconds agoUp 14 seconds0.0.0.0:7050->7050/tcp, 0.0.0.0:7053->7053/tcp, 0.0.0.0:9443->9443/tcporderer.example.com 276f463cc6a7hyperledger/fabric-peer:2.4"peer node start"16 seconds agoUp 12 seconds0.0.0.0:7051->7051/tcp, 0.0.0.0:9444->9444/tcppeer0.org1.example.com 8faaaaa7e17ahyperledger/fabric-ca:1.5"sh -c 'fabric-ca-se…"21 seconds agoUp 20 seconds0.0.0.0:9054->9054/tcp, 7054/tcp, 0.0.0.0:19054->19054/tcpca_orderer c253d9b790behyperledger/fabric-ca:1.5"sh -c 'fabric-ca-se…"21 seconds agoUp 20 seconds0.0.0.0:7054->7054/tcp, 0.0.0.0:17054->17054/tcpca_org1 0aa90a2686a8hyperledger/fabric-ca:1.5"sh -c 'fabric-ca-se…"21 seconds agoUp 20 seconds0.0.0.0:8054->8054/tcp, 7054/tcp, 0.0.0.0:18054->18054/tcpca_org2

    
    创建通道官方调用
    本小节基于上一节 启动CA网络，在上节CA网络启动成功后，可以直接运行以下命令创建通道：
    

    ./network.sh createChannel -c mychannel

    
    
    文章图片
    
    

    创建通道的前提是创建该通道的创世区块，在上节步骤中，我们通过无通道、无创世区块的方式启动了整个网络，所在本节创建通道包含创建创世区块的过程。

    过程详解
    
15. 检查依赖，并启动网络（同上）。
16. 设置环境变量，用于操作区块链网络
    

    export CORE_PEER_TLS_ENABLED=true export CHANNEL_NAME=mychannel export ORDERER_CA=${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem export PEER0_ORG1_CA=${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem export PEER0_ORG2_CA=${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem export PEER0_ORG3_CA=${PWD}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key

    
    
17. 创建通道创世区块：
    

    # 创建通道数据目录 mkdir channel-artifacts # 配置创世区块环境变量 export FABRIC_CFG_PATH=${PWD}/configtx configtxgen -profile TwoOrgsApplicationGenesis -outputBlock ./channel-artifacts/${CHANNEL_NAME}.block -channelID ${CHANNEL_NAME}

    
    
18. 创建通道：
    

    # 配置通道环境变量 export FABRIC_CFG_PATH=./config osnadmin channel join --channelID ${CHANNEL_NAME} --config-block ./channel-artifacts/${CHANNEL_NAME}.block -o localhost:7053 --ca-file "$ORDERER_CA" --client-cert "$ORDERER_ADMIN_TLS_SIGN_CERT" --client-key "$ORDERER_ADMIN_TLS_PRIVATE_KEY"

    
    
19. 使peer节点加入通道：
    

    # 将org1的peer加入通道 export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=localhost:7051 peer channel join -b ./channel-artifacts/${CHANNEL_NAME}.block # 将org2的peer加入通道 export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=localhost:9051 peer channel join -b ./channel-artifacts/${CHANNEL_NAME}.block

    
    组织新加入通道后，后面为组织设置锚节点（非必须）。
    
20. 为通道获取通道最新配置块(以下流程为org1环境)：
    

    export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=localhost:7051 peer channel fetch config config_block.pb -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c ${CHANNEL_NAME} --tls --cafile "$ORDERER_CA"

    
    
21. 将配置块解码为JSON并输出为${CORE_PEER_LOCALMSPID}config.json：
    

    configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json jq .data.data[0].payload.data.config config_block.json >"${CORE_PEER_LOCALMSPID}config.json"

    
    
22. 追加锚节点配置：
    

    jq '.channel_group.groups.Application.groups.'${CORE_PEER_LOCALMSPID}'.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "'$HOST'","port": '$PORT'}]},"version": "0"}}' ${CORE_PEER_LOCALMSPID}config.json > ${CORE_PEER_LOCALMSPID}modified_config.json

    
    
23. 根据链上配置${CORE_PEER_LOCALMSPID}config.json和追加配置${CORE_PEER_LOCALMSPID}modified_config.json计算更新的配置，并将其作为一个新交易写入${CORE_PEER_LOCALMSPID}anchors.tx：
    

    configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}config.json --type common.Config --output original_config.pb configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}modified_config.json --type common.Config --output modified_config.pb configtxlator compute_update --channel_id "${CHANNEL_NAME}" --original original_config.pb --updated modified_config.pb --output config_update.pb configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output "${CORE_PEER_LOCALMSPID}anchors.tx"

    
    
24. 更新锚节点：
    

    peer channel update -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL_NAME -f ${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile "$ORDERER_CA"

    
    
25. org2重复以上流程即创建成功：
    

    echo "update org2 anchor===========" export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=localhost:9051 peer channel fetch config config_block.pb -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com -c ${CHANNEL_NAME} --tls --cafile "$ORDERER_CA" sleep 3configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json jq .data.data[0].payload.data.config config_block.json >"${CORE_PEER_LOCALMSPID}config.json"jq '.channel_group.groups.Application.groups.'${CORE_PEER_LOCALMSPID}'.values += {"AnchorPeers":{"mod_policy": "Admins","value":{"anchor_peers": [{"host": "localhost","port": 9051}]},"version": "0"}}' ${CORE_PEER_LOCALMSPID}config.json > ${CORE_PEER_LOCALMSPID}modified_config.jsonconfigtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}config.json --type common.Config --output original_config.pb configtxlator proto_encode --input ${CORE_PEER_LOCALMSPID}modified_config.json --type common.Config --output original_config.pb configtxlator compute_update --channel_id "${CHANNEL_NAME}" --original original_config.pb --updated modified_config.pb --output config_update.pb configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output "${CORE_PEER_LOCALMSPID}anchors.tx"peer channel update -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL_NAME -f ${CORE_PEER_LOCALMSPID}anchors.tx --tls --cafile "$ORDERER_CA" sleep 3

    
    

部署链码 官方调用
本小节基于上一节 创建通道，在上节通道创建成功后，可以直接运行以下命令部署链码：

./network.sh deployCC -ccn mychaincode -ccp ./asset-transfer-basic-go -ccv 1.0 -ccl go

文章图片

过程详解

1. 检查参数是否正常：
   
   文章图片
   
2. 下载asset-transfer-basic-go的包依赖：
   

   pushd asset-transfer-basic-go# 进入asset-transfer-basic-go目录 GO111MODULE=on go mod vendor# 下载go包依赖 popd#返回当前目录

   
   
3. 检查链码是否需要初始化、设置策略、私有数据集:
   
   文章图片
   
4. 设置环境变量：
   

   export FABRIC_CFG_PATH=$PWD/config/ export CORE_PEER_TLS_ENABLED=true export ORDERER_CA=${PWD}/organizations/ordererOrganizations/example.com/tlsca/tlsca.example.com-cert.pem export PEER0_ORG1_CA=${PWD}/organizations/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem export PEER0_ORG2_CA=${PWD}/organizations/peerOrganizations/org2.example.com/tlsca/tlsca.org2.example.com-cert.pem export PEER0_ORG3_CA=${PWD}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem export ORDERER_ADMIN_TLS_SIGN_CERT=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt export ORDERER_ADMIN_TLS_PRIVATE_KEY=${PWD}/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key

   
   
5. 打包链码：
   

   peer lifecycle chaincode package mychaincode.tar.gz --path ./asset-transfer-basic-go --lang golang --label mychaincode_1.0

   
   
6. 安装链码：
   

   # ORG1安装链码 export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=localhost:7051 peer lifecycle chaincode install mychaincode.tar.gz # ORG2安装链码 export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=localhost:9051 peer lifecycle chaincode install mychaincode.tar.gz

   
   安装链码后会返回一个链码 ID 需要记下：
   
   文章图片
   
   
7. 将链码 ID 设为环境变量：
   

   export PACKAGE_ID=mychaincode_1.0:39889cf0623cce2500261b22914a7aa9037a897bc7f6c5b36df7a922f29b05e0

   
   
8. ORG1查询已安装链码并批准链码：
   

   export CORE_PEER_LOCALMSPID="Org1MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp export CORE_PEER_ADDRESS=localhost:7051 # 查询已安装链码 peer lifecycle chaincode queryinstalled # 批准链码 peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" --channelID mychannel --name mychaincode --version 1.0 --package-id ${PACKAGE_ID} --sequence 1

   
   
9. ORG2查询已安装链码并批准链码：
   

   export CORE_PEER_LOCALMSPID="Org2MSP" export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp export CORE_PEER_ADDRESS=localhost:9051 # 查询已安装链码 peer lifecycle chaincode queryinstalled # 批准链码 peer lifecycle chaincode approveformyorg -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" --channelID mychannel --name mychaincode --version 1.0 --package-id ${PACKAGE_ID} --sequence 1

   
   
10. 检查链码是否已准备好被提交：
    

    peer lifecycle chaincode checkcommitreadiness --channelID mychannel --name mychaincode --version 1.0 --sequence 1 --output json

    
    【Hyperledger Fabric的test-network启动过程Bash源码详解】
    文章图片
    
    
11. 提交链码：
    

    peer lifecycle chaincode commit -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA"--channelID mychannel --name mychaincode --version 1.0 --sequence 1 --peerAddresses localhost:7051 --tlsRootCertFiles $PEER0_ORG1_CA --peerAddresses localhost:9051 --tlsRootCertFiles $PEER0_ORG2_CA

    
    
12. 查询提交的链码：
    

    peer lifecycle chaincode querycommitted --channelID mychannel --name mychaincode

    
    
13. 调用链码：
    

    peer chaincode invoke -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile "$ORDERER_CA" -C mychannel -n mychaincode --peerAddresses

    
    总结本文先是说明了fabric-samples过度的封装不利于我们了解掌握其中各个操作的真实过程，然后单独拿出test-network进行修改定制，最后详细分析了test-network中启动默认网络、启动CA网络、创建通道、部署链码的详细过程，并且给出了每个过程的代码，使我们能够根据代码一步步搭建所述网络，进一步理解Fabric架构。
    

相关实验源码已上传：https://github.com/wefantasy/...
参考

1. hyperledger. fabric-samples. Github. ?

推荐阅读

• 

  学生成绩查询分析系统,南昊学生成绩查询系统
• 

  你永远也叫不醒一个在装睡的人
• 

  定量分析产品质量
• 

  冬天下雪打雷的迷信说法有什么预兆？
• 

  男人用这种方式对你 男人想让女人主动分手的表现
• 

  eyefunny是什么牌子
• 

  单因素方差分析f是什么,双因素方差分析是什么
• 

  南京鼓楼医院门诊预约挂号方式有哪些
• 

  萌新阴阳师求式神培养方案？
• 

  无法抵达的MU5735，人在哪？
• 

  分享是最好的成长方式
• 

  部落冲突的十本一般怎么配兵胜率比较高？
• 

  中国最好的mpv汽车 中国品牌能造出好的mpv吗
• 

  奶香型婴儿沐浴露哪家好？推荐奶香型婴儿沐浴露品牌
• 

  夏天荷花盛开,而描写荷花诗词非常多,你最喜欢哪一首？
• 

  谈谈为什么选择护理专业 为什么选择当护士
• 

  没卸防晒睡觉会怎样
• 

  森雅r7发电机皮带绕法 森雅r7发动机皮带图解
• 

  小米手机移动网络不可用怎么办
• 

  台达触摸屏

• Python | 自己封装的 dubbo 接口测试库（dubborequests）
• Hyperledger|Hyperledger Fabric的test-network启动过程Bash源码详解
• 【面试普通人VS高手系列】谈谈你对Seata的理解
• 实例解析网络编程中的另类内存泄漏
• BI系统打包Docker镜像及容器化部署的具体实现
• 厉害！我带的实习生仅用四步就整合好SpringSecurity+JWT实现登录认证！
• 一场由TiCDC异常引发的GC不干活导致的Tikv硬盘使用问题
• 【N32G457】基于RT-Thread和N32G457的墨水屏日历
• 课程设计|SpringBoot+vue前后端分离的社区维修平台
• 课程设计|Springboot+vue前后端分离的考研资讯平台