8.9 KiB
Usage of cryptogen and configtxgen
As we already put the orderer_genesis.block, channel.tx, Org1MSPanchors.tx, Org2MSPanchors.tx under e2e_cli/channel-artifacts/. and put cryptographic materials to e2e_cli/crypto_config. So this doc will explain how we use cryptogen and configtxgen those two foundamental tools to manually create artifacts and certificates.
Artifacts:
orderer_genesis.block: Genesis block for the ordering servicechannel.tx: Channel transaction file for peers broadcast to the orderer at channel creation time.Org1MSPanchors.tx,Org2MSPanchors.tx: Anchor peers, as the name described, use for specify each Org's anchor peer on this channel.
Certificates:
- All files under crypto-config.
cryptogen
This tool will generate the x509 certificates used to identify and authenticate the various components in the network.
First boot network through docker-compose-2orgs-4peers.yaml
$ (sudo) docker-compose -f docker-compose-2orgs-4peers.yaml up
and execute cryptogen generate command
$ cryptogen generate --config=/etc/hyperledger/fabric/crypto-config.yaml --output ./crypto
cryptogen will read configuration from crypto-config.yaml, so if we want to add(change) Orgs or perrs topology, we should change this file first.
The results will save under directory crypto, and this directory has mounted from host, defined in the
docker-compose-2orgs-4peers.yaml.yaml. for more information refer to Example2
configtxgen
This tool will generate genesis block, channel configuration transaction and update anchor peer. the following is a general steps after changing the configtx.yaml.
The configtxgen tool is in /go/bin/, and when it's executed,
it will read configuration from /etc/hyperledger/fabric/configtx.yaml,
So if we want to regenerate orderer.genesis.block and channel.tx, we should
replace configtx.yaml using our own configtx.yaml first.
Create orderer genesis block
root@cli: configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/orderer.genesis.block
Create channel transaction artifact
root@cli: CHANNEL_NAME=businesschannel
root@cli: configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID ${CHANNEL_NAME}
channel.tx is used for generating new channel businesschannel
Update anchor peer for Organizations on the channel
Chose peer peer0.org1.example.com as org1's anchor peer, and peer0.org2.example.com as org2's anchor peer.
root@cli: configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org1MSP
root@cli: configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org2MSP
more details refer to Example2
Examples
Example1: how to add and re-join a new channel
This example will explain how to add a new channel without change basic topology that desigend in configtx.yaml and crypto-config.yaml.
start a fabric network with docker-compose-1peer.yaml, and into container fabric-cli
- 1 Regenerate
channel.txusing with new channel name
Create channel configuration for the to-be-created testchannel.
$ root@cli: CHANNEL_NAME=testchannel
$ root@cli: configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID ${CHANNEL_NAME}
- 2 regenerate anchor peer configuratoin for Organizations
$ root@cli: configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org1MSP
$ root@cli: configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org2MSP
-
(optional)execute auto-test script
You can skip this step, this will quickly check whether the network works, and also you can verify manually.
$ root@cli: bash ./peer/scripts/test_1peer.sh testchannel
- 3 Create new channel
$ root@cli: peer channel create -o orderer.example.com:7050 -c ${CHANNEL_NAME} -f ./channel-artifacts/channel.tx
check whether genrated new block testchannel.block
root@cli: ls testchannel.block
testchannel.block
-
4 Join new channel
Join peer0.org1.example.com to the new channel
$ root@cli: peer channel join -b ${CHANNEL_NAME}.block -o orderer.example.com:7050
Peer joined the channel!
check whether success
$ root@cli: peer channel list
Channels peers has joined to:
testchannel
- 5 Update anchor peer
$ root@cli: peer channel create -o orderer.example.com:7050 -c ${CHANNEL_NAME} -f ./channel-artifacts/Org1MSPanchors.tx
- 6 Install
peer chaincode install -n mycc -v 1.0 -p github.com/hyperledger/fabric/examples/chaincode/go/chaincode_example02
- 7 Instantiate
root@cli: peer chaincode instantiate -o orderer.example.com:7050 -C ${CHANNEL_NAME} -n mycc -v 1.0 -c '{"Args":["init","a","100","b","200"]}' -P "OR ('Org1MSP.member')"
- 8 Query
root@cli: peer chaincode query -C ${CHANNEL_NAME} -n mycc -c '{"Args":["query","a"]}'
The output should be:
Query Result: 100
UTC [main] main -> INFO 008 Exiting.....
Example2: how to add an organization or peer
This example will explain how to add a new org or peer with changed the basic topology that desigend in configtx.yaml and crypto-config.yaml.
all-in-one
We privide some instance in current directory, in this case we add a new organization Org3 and new peer peer0.org3.example.com.
- 1 Generate necessary config and certs
$ sudo docker-compose -f docker-compose-2orgs-4peers-event.yaml up
$ docker exec -it fabric-cli bash
$ root@cli: ./scripts/add-org.sh
** notice: For docker-compose-file clean, we did not mount these in the container, you need to mount yourself.
- 2 Re-setup network
echo "clean containers...."
docker rm -f `docker ps -aq`
echo "clean images ..."
docker rmi -f `docker images|grep mycc-1.0|awk '{print $3}'`
$ sudo docker-compose -f docker-compose-2orgs-4peers-event.yaml up
-
3 execute auto-test
Throuth this script to test whether the network works.
$ root@cli: bash ./scripts/test-5-peers.sh newchannel
The final output may look like following
===================== Query on PEER4 on channel 'newchannel' is successful =====================
===================== All GOOD, End-2-End execution completed =====================
manually
-
1 Modify config
modify configtx.yaml, crypto-cnfig.yaml and docker-compose files to adapt new change. and replace old file.
-
2 Bootstrap network with
docker-compose-2orgs-4peers-event.yaml
$ docker-compose -f docker-compose-2orgs-4peers-event.yaml up
notes:You may encounter some errors at startup and some peers can't start up, It's innocuous, ignore it, because we will restart later, and now we just use tools in cli container.
- 3 Generate new certificates
$ cryptogen generate --config=/etc/hyperledger/fabric/crypto-config.yaml --output ./crypto
- 4 Create the genesis block
root@cli: configtxgen -profile TwoOrgsOrdererGenesis -outputBlock ./channel-artifacts/orderer_genesis.block
- 5 Create the configuration tx
root@cli: CHANNEL_NAME=newchannel
root@cli: configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID ${CHANNEL_NAME}
channel.tx is used for generating new channel newchannel
- 6 Define the anchor peer for Orgs on the channel
root@cli: configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org1MSP
root@cli: configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org2MSP
root@cli: configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org3MSPanchors.tx -channelID ${CHANNEL_NAME} -asOrg Org3MSP
-
7 Restart network
As we have changed the configtx.yaml and regenerate
orderer_genesis.block, we'd better restart orderering service or all the service. now we clean all the old service and boot a new network.
echo "clean containers...."
docker rm -f `docker ps -aq`
echo "clean images ..."
docker rmi -f `docker images|grep mycc-1.0|awk '{print $3}'`
$ sudo docker-compose -f docker-compose-2orgs.yml up
-
8 Execute auto-test script
Until this step, we complete the network re-setup, and then we will test whether it works.
$ root@cli: bash ./scripts/test-5-peers.sh
If the network works well. the output may looklike:
===================== All GOOD, End-2-End execution completed =====================