Fabric1.4 Fabric-SDK-go及web应用
Posted 杰西啊杰西
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Fabric1.4 Fabric-SDK-go及web应用相关的知识,希望对你有一定的参考价值。
说在前面
fabric-sdk-go就像是一个中间件,它接入区块链网络,代替cli模式对peer节点上的链码进行调用,但是每个组织都有其专属的sdk,并且对自己组织下的peer节点操作时,要使用自己的sdk,如果使用其他组织的sdk,那么就会报权限错误。
只有peer节点上安装了这个节点,你才能调用,换言之,每个组织下的peer节点安装链码是根据你的应用决定的。同时,每个链码虽然在多个peer上进行了安装,但是只需要一次初始化就可以。如果一个peer对数据上链,那么安装了这个链码的所有peer都可以看到该数据
上一篇:(三)Fabric1.4 编写链码【下】
注释待会写
目录
一、编辑sdk配置文件
1、org1_config.yaml
name: "org1-config"
#
# Copyright SecureKey Technologies Inc. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
#
# The network connection profile provides client applications the information about the target
# blockchain network that are necessary for the applications to interact with it. These are all
# knowledge that must be acquired from out-of-band sources. This file provides such a source.
#
# copied from fabric-sdk-go/test/fixtures/config/config_e2e_pkcs11.yaml
#
# Schema version of the content. Used by the SDK to apply the corresponding parsing rules.
#
version: 1.0.0
#
# The client section used by GO SDK.
#
client:
# Which organization does this application instance belong to? The value must be the name of an org
# defined under "organizations"
organization: Org1
logging:
# Develope can using debug to get more information
# level: info
level: debug
cryptoconfig:
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config
# Some SDKs support pluggable KV stores, the properties under "credentialStore"
# are implementation specific
credentialStore:
# [Optional]. Used by user store. Not needed if all credentials are embedded in configuration
# and enrollments are performed elswhere.
path: "/tmp/examplestore"
# [Optional] BCCSP config for the client. Used by GO SDK.
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
# [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false
systemCertPool: true
# [Optional]. Client key and cert for TLS handshake with peers and orderers
client:
# 使用User1@org1的证书
keyfile: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org1.perinfo.com/users/User1@org1.perinfo.com/tls/client.key
certfile: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org1.perinfo.com/users/User1@org1.perinfo.com/tls/client.cert
################################## General part ##################################
#
# [Optional]. But most apps would have this section so that channel objects can be constructed
# based on the content below. If an app is creating channels, then it likely will not need this
# section.
#
channels:
# name of the channel
perinfo-channel:
# Required. list of orderers designated by the application to use for transactions on this
# channel. This list can be a result of access control ("org1" can only access "ordererA"), or
# operational decisions to share loads from applications among the orderers. The values must
# be "names" of orgs defined under "organizations/peers"
# deprecated: not recommended, to override any orderer configuration items, entity matchers should be used.
# orderers:
# - orderer.example.com
# 不要缺少当前channel的orderer节点
orderers:
- orderer.perinfo.com
# Required. list of peers from participating orgs
peers:
peer0.org1.perinfo.com:
# [Optional]. will this peer be sent transaction proposals for endorsement? The peer must
# have the chaincode installed. The app can also use this property to decide which peers
# to send the chaincode install request. Default: true
endorsingPeer: true
# [Optional]. will this peer be sent query proposals? The peer must have the chaincode
# installed. The app can also use this property to decide which peers to send the
# chaincode install request. Default: true
chaincodeQuery: true
# [Optional]. will this peer be sent query proposals that do not require chaincodes, like
# queryBlock(), queryTransaction(), etc. Default: true
ledgerQuery: true
# [Optional]. will this peer be the target of the SDK's listener registration? All peers can
# produce events but the app typically only needs to connect to one to listen to events.
# Default: true
eventSource: true
# Add other peers in perinfo-channel for byfn
peer0.org2.perinfo.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer0.org3.perinfo.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer0.org4.perinfo.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
# [Optional]. The application can use these options to perform channel operations like retrieving channel
# config etc.
policies:
#[Optional] options for retrieving channel configuration blocks
queryChannelConfig:
#[Optional] min number of success responses (from targets/peers)
minResponses: 1
#[Optional] channel config will be retrieved for these number of random targets
maxTargets: 1
#[Optional] retry options for query config block
retryOpts:
#[Optional] number of retry attempts
attempts: 5
#[Optional] the back off interval for the first retry attempt
initialBackoff: 500ms
#[Optional] the maximum back off interval for any retry attempt
maxBackoff: 5s
#[Optional] he factor by which the initial back off period is exponentially incremented
backoffFactor: 2.0
#
# list of participating organizations in this network
#
organizations:
Org1:
mspid: Org1MSP
# set msp files path
cryptoPath: peerOrganizations/org1.perinfo.com/users/{username}@org1.perinfo.com/msp
# Add peers for org1
peers:
- peer0.org1.perinfo.com
# [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based
# network. Typically certificates provisioning is done in a separate process outside of the
# runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for
# dynamic certificate management (enroll, revoke, re-enroll). The following section is only for
# Fabric-CA servers.
certificateAuthorities:
- ca.org1.perinfo.com
#users:
# Admin:
# cert:
# pem: ${FABRIC_SDK_GO_PROJECT_PATH}/fixtures/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/tlsca/tlsca.org1.example.com-cert.pem
# the profile will contain public information about organizations other than the one it belongs to.
# These are necessary information to make transaction lifecycles work, including MSP IDs and
# peers with a public URL to send transaction proposals. The file will not contain private
# information reserved for members of the organization, such as admin key and certificate,
# fabric-ca registrar enroll ID and secret, etc.
Org2:
mspid: Org2MSP
cryptoPath: peerOrganizations/org2.perinfo.com/users/{username}@org2.perinfo.com/msp
# Add peers for org2
peers:
- peer0.org2.perinfo.com
certificateAuthorities:
- ca.org2.perinfo.com
Org3:
mspid: Org3MSP
cryptoPath: peerOrganizations/org3.perinfo.com/users/{username}@org3.perinfo.com/msp
# Add peers for org3
peers:
- peer0.org3.perinfo.com
certificateAuthorities:
- ca.org3.perinfo.com
Org4:
mspid: Org4MSP
cryptoPath: peerOrganizations/org4.perinfo.com/users/{username}@org4.perinfo.com/msp
# Add peers for org4
peers:
- peer0.org4.perinfo.com
certificateAuthorities:
- ca.org4.perinfo.com
# Orderer Org name
ordererorg:
# Membership Service Provider ID for this organization
mspID: OrdererMSP
cryptoPath: ordererOrganizations/perinfo.com/users/Admin@perinfo.com/msp
orderers:
- orderer.perinfo.com
#
# List of orderers to send transaction and channel create/update requests to. For the time
# being only one orderer is needed. If more than one is defined, which one get used by the
# SDK is implementation specific. Consult each SDK's documentation for its handling of orderers.
#
orderers:
orderer.perinfo.com:
# [Optional] Default: Infer from hostname
url: grpcs://localhost:7050
# these are standard properties defined by the gRPC library
# they will be passed in as-is to gRPC client constructor
grpcOptions:
ssl-target-name-override: orderer.perinfo.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
#will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
# Replace to orderer cert path
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/ordererOrganizations/perinfo.com/orderers/orderer.perinfo.com/msp/tlscacerts/tlsca.perinfo.com-cert.pem
#
# List of peers to send various requests to, including endorsement, query
# and event listener registration.
#
peers:
peer0.org1.perinfo.com:
# this URL is used to send endorsement and query requests
# [Optional] Default: Infer from hostname
# 表明使用grpcs协议,设置IP和端口号,使用域名会无法连接
# url: grpcs://peer0.org1.example.com:7051
url: grpcs://localhost:7051
grpcOptions:
ssl-target-name-override: peer0.org1.perinfo.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
#will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org1.perinfo.com/tlsca/tlsca.org1.perinfo.com-cert.pem
peer0.org2.perinfo.com:
# Replace the port
url: grpcs://localhost:8051
grpcOptions:
ssl-target-name-override: peer0.org2.perinfo.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
#will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org2.perinfo.com/tlsca/tlsca.org2.perinfo.com-cert.pem
peer0.org3.perinfo.com:
# Replace the port
url: grpcs://localhost:9051
grpcOptions:
ssl-target-name-override: peer0.org3.perinfo.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
#will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org3.perinfo.com/tlsca/tlsca.org3.perinfo.com-cert.pem
peer0.org4.perinfo.com:
# Replace the port
url: grpcs://localhost:10051
grpcOptions:
ssl-target-name-override: peer0.org4.perinfo.com
keep-alive-time: 0s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
#will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org4.perinfo.com/tlsca/tlsca.org4.perinfo.com-cert.pem
# Fabric-CA is a special kind of Certificate Authority provided by Hyperledger Fabric which allows
# certificate management to be done via REST APIs. Application may choose to use a standard
# Certificate Authority instead of Fabric-CA, in which case this section would not be specified.
#
certificateAuthorities:
ca.org1.perinfo.com:
url: http://localhost:7054
tlsCACerts:
# Certificate location absolute path
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org1.perinfo.com/ca/ca.org1.perinfo.com-cert.pem
# Client key and cert for SSL handshake with Fabric CA
#client:
# key:
# path: /home/alextan/blockchain/fabric/fabric-samples-1.4/raft-local-test/crypto-config/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.key
# cert:
# path: /home/alextan/blockchain/fabric/fabric-samples-1.4/raft-local-test/crypto-config/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.crt
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
# needed to enroll and invoke new users.
registrar:
enrollId: admin
enrollSecret: perinfo68
# [Optional] The optional name of the CA.
caName: ca.org1.perinfo.com
ca.org2.perinfo.com:
url: http://localhost:8054
tlsCACerts:
# Certificate location absolute path
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org2.perinfo.com/ca/ca.org2.perinfo.com-cert.pem
# Client key and cert for SSL handshake with Fabric CA
#client:
# key:
# path: /home/alextan/blockchain/fabric/fabric-samples-1.4/raft-local-test/crypto-config/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.key
# cert:
# path: /home/alextan/blockchain/fabric/fabric-samples-1.4/raft-local-test/crypto-config/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.crt
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
# needed to enroll and invoke new users.
registrar:
enrollId: admin
enrollSecret: perinfo68
# [Optional] The optional name of the CA.
caName: ca.org2.perinfo.com
ca.org3.perinfo.com:
url: http://localhost:9054
tlsCACerts:
# Certificate location absolute path
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org3.perinfo.com/ca/ca.org3.perinfo.com-cert.pem
# Client key and cert for SSL handshake with Fabric CA
#client:
# key:
# path: /home/alextan/blockchain/fabric/fabric-samples-1.4/raft-local-test/crypto-config/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.key
# cert:
# path: /home/alextan/blockchain/fabric/fabric-samples-1.4/raft-local-test/crypto-config/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.crt
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
# needed to enroll and invoke new users.
registrar:
enrollId: admin
enrollSecret: perinfo68
# [Optional] The optional name of the CA.
caName: ca.org3.perinfo.com
ca.org4.perinfo.com:
url: http://localhost:10054
tlsCACerts:
# Certificate location absolute path
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org4.perinfo.com/ca/ca.org4.perinfo.com-cert.pem
# Client key and cert for SSL handshake with Fabric CA
#client:
# key:
# path: /home/alextan/blockchain/fabric/fabric-samples-1.4/raft-local-test/crypto-config/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.key
# cert:
# path: /home/alextan/blockchain/fabric/fabric-samples-1.4/raft-local-test/crypto-config/peerOrganizations/tls.example.com/users/User1@tls.example.com/tls/client.crt
# Fabric-CA supports dynamic user enrollment via REST APIs. A "root" user, a.k.a registrar, is
# needed to enroll and invoke new users.
registrar:
enrollId: admin
enrollSecret: perinfo68
# [Optional] The optional name of the CA.
caName: ca.org4.perinfo.com
entitymatchers:
peer:
- pattern: (\\w*)peer0.org1.perinfo.com(\\w*)
urlsubstitutionexp: grpcs://localhost:7051
ssltargetoverrideurlsubstitutionexp: peer0.org1.perinfo.com
mappedhost: peer0.org1.perinfo.com
- pattern: (\\w*)peer0.org2.perinfo.com(\\w*)
urlsubstitutionexp: grpcs://localhost:8051
ssltargetoverrideurlsubstitutionexp: peer0.org2.perinfo.com
mappedhost: peer0.org2.perinfo.com
- pattern: (\\w*)peer0.org3.perinfo.com(\\w*)
urlsubstitutionexp: grpcs://localhost:9051
ssltargetoverrideurlsubstitutionexp: peer0.org3.perinfo.com
mappedhost: peer0.org3.perinfo.com
- pattern: (\\w*)peer0.org4.perinfo.com(\\w*)
urlsubstitutionexp: grpcs://localhost:10051
ssltargetoverrideurlsubstitutionexp: peer0.org4.perinfo.com
mappedhost: peer0.org4.perinfo.com
orderer:
- pattern: (\\w*)orderer.perinfo.com(\\w*)
urlsubstitutionexp: localhost:7050
ssltargetoverrideurlsubstitutionexp: orderer.perinfo.com
mappedhost: orderer.perinfo.com
certificateAuthorities:
- pattern: (\\w*)ca.org1.perinfo.com(\\w*)
urlSubstitutionExp: http://localhost:7054
mappedHost: ca.org1.perinfo.com
- pattern: (\\w*)ca.org2.perinfo.com(\\w*)
urlSubstitutionExp: http://localhost:8054
mappedHost: ca.org2.perinfo.com
- pattern: (\\w*)ca.org3.perinfo.com(\\w*)
urlSubstitutionExp: http://localhost:9054
mappedHost: ca.org3.perinfo.com
- pattern: (\\w*)ca.org4.perinfo.com(\\w*)
urlSubstitutionExp: http://localhost:10054
mappedHost: ca.org4.perinfo.com
2、org2_config.yaml
和org1_config.yaml差不多,只需要修改前面非公共部分即可,同理编写org3_config.yaml、org4_config.yaml
name: "org2-config"
#
# Copyright SecureKey Technologies Inc. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
#
# The network connection profile provides client applications the information about the target
# blockchain network that are necessary for the applications to interact with it. These are all
# knowledge that must be acquired from out-of-band sources. This file provides such a source.
#
# copied from fabric-sdk-go/test/fixtures/config/config_e2e_pkcs11.yaml
#
# Schema version of the content. Used by the SDK to apply the corresponding parsing rules.
#
version: 1.0.0
#
# The client section used by GO SDK.
#
client:
# Which organization does this application instance belong to? The value must be the name of an org
# defined under "organizations"
organization: Org2
logging:
# Develope can using debug to get more information
# level: info
level: debug
cryptoconfig:
path: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config
# Some SDKs support pluggable KV stores, the properties under "credentialStore"
# are implementation specific
credentialStore:
# [Optional]. Used by user store. Not needed if all credentials are embedded in configuration
# and enrollments are performed elswhere.
path: "/tmp/examplestore"
# [Optional] BCCSP config for the client. Used by GO SDK.
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
# [Optional]. Use system certificate pool when connecting to peers, orderers (for negotiating TLS) Default: false
systemCertPool: true
# [Optional]. Client key and cert for TLS handshake with peers and orderers
client:
# 使用User1@org2的证书
keyfile: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org2.perinfo.com/users/User1@org2.perinfo.com/tls/client.key
certfile: ${FABRIC_SDK_GO_PROJECT_PATH}/fabric/fixtures/crypto-config/peerOrganizations/org2.perinfo.com/users/User1@org2.perinfo.com/tls/client.cert
################################## General part ##################################
#
# [Optional]. But most apps would have this section so that channel objects can be constructed
# based on the content below. If an app is creating channels, then it likely will not need this
# section.
#
channels:
# name of the channel
perinfo-channel:
# Required. list of orderers designated by the application to use for transactions on this
# channel. This list can be a result of access control ("org1" can only access "ordererA"), or
# operational decisions to share loads from applications among the orderers. The values must
# be "names" of orgs defined under "organizations/peers"
# deprecated: not recommended, to override any orderer configuration items, entity matchers should be used.
# orderers:
# - orderer.example.com
# 不要缺少当前channel的orderer节点
orderers:
- orderer.perinfo.com
# Required. list of peers from participating orgs
peers:
peer0.org1.perinfo.com:
# [Optional]. will this peer be sent transaction proposals for endorsement? The peer must
# have the chaincode installed. The app can also use this property to decide which peers
# to send the chaincode install request. Default: true
endorsingPeer: true
# [Optional]. will this peer be sent query proposals? The peer must have the chaincode
# installed. The app can also use this property to decide which peers to send the
# chaincode install request. Default: true
chaincodeQuery: true
# [Optional]. will this peer be sent query proposals that do not require chaincodes, like
# queryBlock(), queryTransaction(), etc. Default: true
ledgerQuery: true
# [Optional]. will this peer be the target of the SDK's listener registration? All peers can
# produce events but the app typically only needs to connect to one to listen to events.
# Default: true
eventSource: true
# Add other peers in perinfo-channel for byfn
peer0.org2.perinfo.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer0.org3.perinfo.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer0.org4.perinfo.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
# [Optional]. The application can use these options to perform channel operations like retrieving channel
# config etc.
policies:
#[Optional] options for retrieving channel configuration blocks
queryChannelConfig:
#[Optional] min number of success responses (from targets/peers)
minResponses: 1
#[Optional] channel config will be retrieved for these number of random targets
maxTargets: 1
#[Optional] retry options for query config block
retryOpts:
#[Optional] number of retry attempts
attempts: 5
#[Optional] the back off interval for the first retry attempt
initialBackoff: 500ms
#[Optional] the maximum back off interval for any retry attempt
maxBackoff: 5s
#[Optional] he factor by which the initial back off period is exponentially incremented
backoffFactor: 2.0
#
# list of participating organizations in this network
#
organizations:
Org1:
mspid: Org1MSP
# set msp files path
cryptoPath: peerOrganizations/org1.perinfo.com/users/{username}@org1.perinfo.com/msp
# Add peers for org1
peers:
- peer0.org1.perinfo.com
# [Optional]. Certificate Authorities issue certificates for identification purposes in a Fabric based
# network. Typically certificates provisioning is done in a separate process outside of the
# runtime network. Fabric-CA is a special certificate authority that provides a REST APIs for
# dynamic certificate management (enroll, revoke, re-enroll). The following section is only for
# Fabric-CA servers.
certificateAuthorities:
- ca.org1.perinfo.com
#users:
# Admin:
# cert:
# pem: ${FABRIC_SDK_GO_PROJECT_PATH}/fixtures/crypto-config/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/tlsca/tlsca.org1.example.com-cert.pem
# the profile will contain public information about organizations other than the one it belongs to.
# These are necessary information to make transaction lifecycles work, including MSP IDs and
# peers with a public URL to send transaction proposals. The file will not contain private
# information reserved for members of the organization, such as admin key and certificate,
# fabric-ca registrar enroll ID and secret, etc.
Org2:
mspid: Org2MSP
cryptoPath: peerOrganizations/org2.perinfo.com/users/{usernameFabric1.4 编写链码下