fabric网络搭建指南-基础命令

第三部分：基础命令

1. 生成MSP证书

cryptogen generate --config=./crypto-config.yaml

1. 生成排序服务创世区块

configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/genesis.block

1. 生成通道配置创世区块

configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID ${CHANNEL_NAME}

1. 定义组织锚节点

// 组织Org1的锚节点
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org1MSP
// 组织Org2的锚节点
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org2MSP

1. 建立并加入通道

• 建立通道

peer channel create -o orderer.example.com:7050 -c ${CHANNEL_NAME} -f ./channel-artifacts/channel.tx --tls ${CORE_PEER_TLS_ENABLED} --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

• 可能会遇到的错误（以及解决方案）
  错误提示以下：

cli错误提示：
Error: got unexpected status: FORBIDDEN -- Failed to reach implicit threshold of 1 sub-policies, required 1 remaining: permission denied

容器内部提示：
UTC [cauthdsl] deduplicate -> ERRO 014 Principal deserialization failure (the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.org1.example.com")) for identity

错误缘由：因为启动过网络而且更新了证书，在没有删除干净的环境中启动复用的以前的volume，因此致使证书认证失败。

解决方案：

$ docker-compose -f docker-compose-cli.yaml -f docker-compose-couch.yaml down --volumes
Stopping cli                    ... done
Stopping peer1.org2.example.com ... done
Stopping peer0.org2.example.com ... done
Stopping orderer.example.com    ... done
Stopping peer0.org1.example.com ... done
Stopping peer1.org1.example.com ... done
Removing cli                    ... done
Removing peer1.org2.example.com ... done
Removing peer0.org2.example.com ... done
Removing orderer.example.com    ... done
Removing peer0.org1.example.com ... done
Removing peer1.org1.example.com ... done
Removing network net_byfn
Removing volume net_peer0.org2.example.com
Removing volume net_peer1.org2.example.com
Removing volume net_peer1.org1.example.com
Removing volume net_peer0.org1.example.com
Removing volume net_orderer.example.com

• 加入通道

peer channel join -b mychannel.block

• 查询当前peer加入的通道列表

peer channel list

1. 安装和实例化链码

• 安装链码

peer chaincode install -n mycc -v 1.0 -p github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02

• 查看安装的链码列表

docker exec peer0.org1.example.com ls /var/hyperledger/production/chaincodes

• 链码实例化

peer chaincode instantiate -o orderer.example.com:7050 --tls ${CORE_PEER_TLS_ENABLED} --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -P "OR('Org1MSP.member','Org2MSP.member')"

1. 链码查询

peer chaincode query -C $CHANNEL_NAME -nmycc -c '{"Args":["query","a"]}'
peer chaincode query -C $CHANNEL_NAME -nmycc -c '{"Args":["query","b"]}'

1. 链码调用

peer chaincode invoke -oorderer.example.com:7050  --tls ${CORE_PEER_TLS_ENABLED}--cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem  -C ${CHANNEL_NAME} -n mycc -c'{"Args":["invoke","a","b","10"]}'