在将 Hyperledger composer 部署到多个组织的结构中时,我需要在其中粘贴 org1 和 org2 的 CA 证书
while Deploying the Hyperledger composer into fabric for multiple Organization where i need to paste the CA certificate for org1 and org2
打开 byfn-network.json 并将文本 INSERT_ORG1_CA_CERT 的所有实例替换为 Org1 对等节点的 CA 证书:- 使用以下命令从 .pem 文件中获取证书以便它可以嵌入到上述连接配置文件中。
复制
awk 'NF {sub(/\r/, ""); printf "%s\n",[=10=];}' crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt > /tmp/composer/org1/ca-org1.txt
但是我完全搞不懂我需要复制哪些内容以及粘贴到哪里
基本上,组织需要连接配置文件。此连接配置文件包含网络中连接的所有对等点的详细信息,如下所示:
{
"name": "byfn-network",
"x-type": "hlfv1",
"version": "1.0.0",
"channels": {
"mychannel": {
"orderers": [
"orderer.example.com"
],
"peers": {
"peer0.org1.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org1.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer0.org2.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org2.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
}
}
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"peers": [
"peer0.org1.example.com",
"peer1.org1.example.com"
],
"certificateAuthorities": [
"ca.org1.example.com"
]
},
"Org2": {
"mspid": "Org2MSP",
"peers": [
"peer0.org2.example.com",
"peer1.org2.example.com"
],
"certificateAuthorities": [
"ca.org2.example.com"
]
}
},
"orderers": {
"orderer.example.com": {
"url": "grpcs://localhost:7050",
"grpcOptions": {
"ssl-target-name-override": "orderer.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORDERER_CA_CERT"
}
}
},
"peers": {
"peer0.org1.example.com": {
"url": "grpcs://localhost:7051",
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORG1_CA_CERT"
}
},
"peer1.org1.example.com": {
"url": "grpcs://localhost:8051",
"grpcOptions": {
"ssl-target-name-override": "peer1.org1.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORG1_CA_CERT"
}
},
"peer0.org2.example.com": {
"url": "grpcs://localhost:9051",
"grpcOptions": {
"ssl-target-name-override": "peer0.org2.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORG2_CA_CERT"
}
},
"peer1.org2.example.com": {
"url": "grpcs://localhost:10051",
"grpcOptions": {
"ssl-target-name-override": "peer1.org2.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORG2_CA_CERT"
}
}
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "https://localhost:7054",
"caName": "ca-org1",
"httpOptions": {
"verify": false
}
},
"ca.org2.example.com": {
"url": "https://localhost:8054",
"caName": "ca-org2",
"httpOptions": {
"verify": false
}
}
}
}
如您所见,此文件具有网络中每个对等点的连接端点。如果要在网络中启用 TLS,还需要在此处提供 TLS-CA 证书。此证书进入 json 的 "tlsCACerts" 部分。
因此考虑到您的问题,byfn-network.json 应该是您的连接配置文件。当您 运行 以下命令时:
awk 'NF {sub(/\r/, ""); printf "%s\n",[=11=];}' crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt > /tmp/composer/org1/ca-org1.txt
它将复制 peer0.org1 的 tls-ca 证书并将其粘贴到位于 /tmp/composer/org1/ca-org1.txt 的文本文件中。
您需要复制此文本文件的内容并将其粘贴到 byfn-network.json 文件的 "tlsCACerts" 部分。
同样有一个相当全面的教程。您可以找到参考资料 here.
打开 byfn-network.json 并将文本 INSERT_ORG1_CA_CERT 的所有实例替换为 Org1 对等节点的 CA 证书:- 使用以下命令从 .pem 文件中获取证书以便它可以嵌入到上述连接配置文件中。
复制
awk 'NF {sub(/\r/, ""); printf "%s\n",[=10=];}' crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt > /tmp/composer/org1/ca-org1.txt
但是我完全搞不懂我需要复制哪些内容以及粘贴到哪里
基本上,组织需要连接配置文件。此连接配置文件包含网络中连接的所有对等点的详细信息,如下所示:
{
"name": "byfn-network",
"x-type": "hlfv1",
"version": "1.0.0",
"channels": {
"mychannel": {
"orderers": [
"orderer.example.com"
],
"peers": {
"peer0.org1.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org1.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer0.org2.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org2.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
}
}
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"peers": [
"peer0.org1.example.com",
"peer1.org1.example.com"
],
"certificateAuthorities": [
"ca.org1.example.com"
]
},
"Org2": {
"mspid": "Org2MSP",
"peers": [
"peer0.org2.example.com",
"peer1.org2.example.com"
],
"certificateAuthorities": [
"ca.org2.example.com"
]
}
},
"orderers": {
"orderer.example.com": {
"url": "grpcs://localhost:7050",
"grpcOptions": {
"ssl-target-name-override": "orderer.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORDERER_CA_CERT"
}
}
},
"peers": {
"peer0.org1.example.com": {
"url": "grpcs://localhost:7051",
"grpcOptions": {
"ssl-target-name-override": "peer0.org1.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORG1_CA_CERT"
}
},
"peer1.org1.example.com": {
"url": "grpcs://localhost:8051",
"grpcOptions": {
"ssl-target-name-override": "peer1.org1.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORG1_CA_CERT"
}
},
"peer0.org2.example.com": {
"url": "grpcs://localhost:9051",
"grpcOptions": {
"ssl-target-name-override": "peer0.org2.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORG2_CA_CERT"
}
},
"peer1.org2.example.com": {
"url": "grpcs://localhost:10051",
"grpcOptions": {
"ssl-target-name-override": "peer1.org2.example.com"
},
"tlsCACerts": {
"pem": "INSERT_ORG2_CA_CERT"
}
}
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "https://localhost:7054",
"caName": "ca-org1",
"httpOptions": {
"verify": false
}
},
"ca.org2.example.com": {
"url": "https://localhost:8054",
"caName": "ca-org2",
"httpOptions": {
"verify": false
}
}
}
}
如您所见,此文件具有网络中每个对等点的连接端点。如果要在网络中启用 TLS,还需要在此处提供 TLS-CA 证书。此证书进入 json 的 "tlsCACerts" 部分。
因此考虑到您的问题,byfn-network.json 应该是您的连接配置文件。当您 运行 以下命令时:
awk 'NF {sub(/\r/, ""); printf "%s\n",[=11=];}' crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt > /tmp/composer/org1/ca-org1.txt
它将复制 peer0.org1 的 tls-ca 证书并将其粘贴到位于 /tmp/composer/org1/ca-org1.txt 的文本文件中。
您需要复制此文本文件的内容并将其粘贴到 byfn-network.json 文件的 "tlsCACerts" 部分。
同样有一个相当全面的教程。您可以找到参考资料 here.