Skip to content

Latest commit

 

History

History
224 lines (201 loc) · 6.76 KB

File metadata and controls

224 lines (201 loc) · 6.76 KB

Dana Peer0

ssh to the nodes

vagrant ssh dana-peer-0

Create directory for msp & tls certificate

sudo mkdir -p /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/tls
sudo mkdir -p /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/msp

sudo chmod 755 /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/tls
sudo chmod 755 /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/msp

create directory for peers

sudo mkdir -p /var/hyperledger/production/snapshots

get the msp certificate

sudo fabric-ca-client enroll -d -u https://peer0@enrollment.dana.id:peer0-password@10.250.252.10:7055 --tls.certfiles ${HOME}/organizations/PeerOrganizations/dana/msp/tlsintermediatecerts/intermediate-cert.pem --csr.names C=id,O=dana,ST=jakarta --mspdir /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/msp

check the msp certificate

sudo tree /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/msp
/etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/msp
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── cacerts
│   └── 10-250-252-10-7055.pem
├── intermediatecerts
│   └── 10-250-252-10-7055.pem
├── keystore
│   └── 6b548acbd5250371758f6c11f27926dcd95ae569519138d0e017d95014b28ed1_sk
├── signcerts
│   └── cert.pem
└── user

get the TLS certificate

sudo fabric-ca-client enroll -d -u https://peer0@tls.dana.id:peer0-password@10.250.252.10:7054 --tls.certfiles ${HOME}/organizations/PeerOrganizations/dana/msp/tlsintermediatecerts/intermediate-cert.pem --enrollment.profile tls --csr.cn peer --csr.hosts 'localhost,127.0.0.1,10.250.252.20' --csr.names C=id,O=dana,ST=jakarta --mspdir /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/tls

check the TLS certificate

sudo tree /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/tls
/etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/tls
├── IssuerPublicKey
├── IssuerRevocationPublicKey
├── cacerts
├── keystore
│   └── d78af767eaeee1a9610afb3abe09517acf7b4005a0fe84f666dc838bab340772_sk
├── signcerts
│   └── cert.pem
├── tlscacerts
│   └── tls-10-250-252-10-7054.pem
├── tlsintermediatecerts
│   └── tls-10-250-252-10-7054.pem
└── user

rename the TLS secret key for better usage by peer nodes

sudo mv /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/tls/keystore/d78af767eaeee1a9610afb3abe09517acf7b4005a0fe84f666dc838bab340772_sk /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/tls/keystore/key.pem

create config.yaml in msp directory, this is used to identify each roles from certificate OU, read more here https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/use_CA.html#nodeous

cat <<EOF | sudo tee /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/msp/config.yaml
NodeOUs:
 Enable: true
 ClientOUIdentifier:
   Certificate: intermediatecerts/10-250-252-10-7055.pem
   OrganizationalUnitIdentifier: client
 PeerOUIdentifier:
   Certificate: intermediatecerts/10-250-252-10-7055.pem
   OrganizationalUnitIdentifier: peer
 AdminOUIdentifier:
   Certificate: intermediatecerts/10-250-252-10-7055.pem
   OrganizationalUnitIdentifier: admin
 OrdererOUIdentifier:
   Certificate: intermediatecerts/10-250-252-10-7055.pem
   OrganizationalUnitIdentifier: orderer
EOF

create core configuration

cat <<'EOF' | sudo tee /etc/hyperledger/peer/core.yaml
# https://github.com/hyperledger/fabric/blob/main/sampleconfig/core.yaml
peer:
  id: peer0.dana
  networkId: production
  address: 10.250.252.20:7051
  listenAddress: 0.0.0.0:7051
  chaincodeAddress: 10.250.252.20:7052
  chaincodeListenAddress: 0.0.0.0:7052
  mspConfigPath: /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/msp
  localMspId: dana
  fileSystemPath: /var/hyperledger/production

  gossip:
    endpoint: 10.250.252.20:7051
    externalEndpoint: 10.250.252.20:7051
    bootstrap: 10.250.252.21:7051
    useLeaderElection: false
    orgLeader: true
    state:
        enabled: true
    pvtData:
      pushAckTimeout: 3s
      implicitCollectionDisseminationPolicy:
          requiredPeerCount: 0
          maxPeerCount: 1

  handlers:
    authFilters:
      - name: DefaultAuth
      - name: ExpirationCheck   
    decorators:
      - name: DefaultDecorator
    endorsers:
      escc:
        name: DefaultEndorsement
        library:
    validators:
      vscc:
        name: DefaultValidation
        library:

  tls:
    enabled: true
    clientAuthRequired: false
    cert:
      file: /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/tls/signcerts/cert.pem
    key:
      file: /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/tls/keystore/key.pem
    rootcert:
      file: /etc/hyperledger/peer/organizations/PeerOrganizations/dana/peers/peer0/tls/tlsintermediatecerts/tls-10-250-252-10-7054.pem

  BCCSP:
    Default: SW
    SW:
      Hash: SHA2
      Security: 256

  gateway:
    enabled: true
    endorsementTimeout: 30s
    dialTimeout: 2m

  discovery:
    enabled: true
    authCacheEnabled: true
    authCacheMaxSize: 1000
    authCachePurgeRetentionRatio: 0.75
    orgMembersAllowedAccess: false

ledger:
  state:
    stateDatabase: goleveldb
    totalQueryLimit: 100000
  snapshots:
    rootDir: /var/hyperledger/production/snapshots

operations:
  listenAddress: 127.0.0.1:9443
  tls:
    enabled: false

metrics:
  provider: prometheus

vm:
  endpoint: unix:///var/run/docker.sock

chaincode:
  externalBuilders: []
  builder: $(DOCKER_NS)/fabric-ccenv:$(TWO_DIGIT_VERSION)
  pull: false
  golang:
      runtime: $(DOCKER_NS)/fabric-baseos:$(TWO_DIGIT_VERSION)
      dynamicLink: false
  java:
      runtime: $(DOCKER_NS)/fabric-javaenv:$(TWO_DIGIT_VERSION)
  node:
      runtime: $(DOCKER_NS)/fabric-nodeenv:$(TWO_DIGIT_VERSION)
  system:
    _lifecycle: enable
    cscc: enable
    lscc: enable
    qscc: enable
EOF

create peer systemd unit file

cat <<EOF | sudo tee /etc/systemd/system/fabric-peer.service
# Service definition for Hyperledger fabric peer server
[Unit]
Description=hyperledger fabric-peer server - fabric peer for hyperledger fabric
Documentation=https://hyperledger-fabric.readthedocs.io/
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
Restart=on-failure
Environment=FABRIC_CFG_PATH=/etc/hyperledger/peer
ExecStart=/usr/local/bin/peer node start
[Install]
WantedBy=multi-user.target
EOF

start fabric peer

sudo systemctl enable fabric-peer.service
sudo systemctl start fabric-peer.service
sudo systemctl status fabric-peer.service