fabric基础设施管理-(一)常用工具及命令

一、基础设施管理

(一)常用工具及命令

1.证书工具

(1)查看当前证书属于哪个用户

openssl x509 -in config/msp/signcerts/cert.pem -noout -subject

(2)打印证书的过期时间

openssl x509 -in signed.crt -noout -dates

(3)打印出证书的内容

openssl x509 -in cert.pem -noout -text

(4)打印出证书的系列号

openssl x509 -in cert.pem -noout -serial

(5)打印出证书的拥有者名字

openssl x509 -in cert.pem -noout -subject

 

(6)以RFC2253规定的格式打印出证书的拥有者名字

 

openssl x509 -in cert.pem -noout -subject -nameopt RFC2253

 

2.证书详解

(1)证书常见格式

文件扩展名

描述

.pem

隐私增强型电子邮件,DER编码证书的Base64存储格式

.cert

通常采用二进制DER形式,但是Base64编码也存在,不含私钥

.crt

通常采用二进制DER形式,但是Base64编码也存在,不含私钥

 

(2)Tlsca证书格式pem

openssl x509 -in tlsca.sm611.newcapec.net-cert.pem -noout -text

Certificate:

    Data:

        Version: 3 (0x2)

        Serial Number:

            14:c9:64:c5:3f:23:14:e0:43:cd:b1:e8:d9:66:11:d3

        Signature Algorithm: ecdsa-with-SHA256

        Issuer: C = US, ST = California, L = San Francisco, O = sm611.newcapec.net, CN = tlsca.sm611.newcapec.net

        Validity

            Not Before: Apr  6 01:49:00 2021 GMT

            Not After : Apr  4 01:49:00 2031 GMT

        Subject: C = US, ST = California, L = San Francisco, O = sm611.newcapec.net, CN = tlsca.sm611.newcapec.net

        Subject Public Key Info:

            Public Key Algorithm: id-ecPublicKey

                Public-Key: (256 bit)

                pub:

                    04:d6:ce:fd:4e:19:ae:a6:bb:71:e1:60:21:54:ec:

                    89:3e:a2:06:40:44:f1:bd:99:48:0d:2d:10:82:64:

                    76:9a:47:76:21:0b:a1:14:1d:58:0a:09:a5:f9:f2:

                    80:b9:55:02:b7:4c:5e:a4:e0:63:a7:c7:e9:5b:03:

                    a1:b4:5d:2d:dd

                ASN1 OID: prime256v1

                NIST CURVE: P-256

        X509v3 extensions:

            X509v3 Key Usage: critical

                Digital Signature, Key Encipherment, Certificate Sign, CRL Sign

            X509v3 Extended Key Usage:

                TLS Web Client Authentication, TLS Web Server Authentication

            X509v3 Basic Constraints: critical

                CA:TRUE

            X509v3 Subject Key Identifier:

                98:E9:C7:FA:15:96:37:7F:CD:E4:6B:A9:4C:95:62:F2:72:95:06:99:C1:0D:54:BB:E1:69:2D:EB:9E:BC:D8:AD

    Signature Algorithm: ecdsa-with-SHA256

         30:46:02:21:00:ac:39:96:f2:0d:e7:87:f1:f1:3a:e9:f8:05:

         cc:23:07:7f:23:e2:76:69:ce:0a:c4:35:70:69:fc:08:32:53:

         ab:02:21:00:a8:08:f9:07:83:8f:ca:5e:64:bf:70:18:00:d7:

         83:32:7f:ad:15:af:61:23:0e:26:58:6e:72:dc:dc:31:84:82

3.Fabric工具

(1)列出节点上的所有通道

Peer channel list

 

执行结果:

/opt/gopath/src/github.com/hyperledger/fabric/peer # peer channel list

2021-03-12 10:16:41.196 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

Channels peers has joined:

mychannel

 

(2)查看到通道的概要信息(区块高度,前后区块哈希)

peer channel getinfo -c mychannel

执行结果:

2021-03-12 10:17:02.732 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

Blockchain info: {"height":4,"currentBlockHash":"9Div//uLrUjcEPOP+f5tBy0oX6scJMiXCFcsjEEWyJM=","previousBlockHash":"oZEoG0BRpOu8WAJhK5gA7nDeC2dhhPLQ+eZwFMfqES4="}

 

备注:

   新增org3组织节点,有权限执行该命令,可以得到信息。

(3)节点上已安装的链码

peer chaincode list --installed

备注:

   新增org3组织节点,无权限执行该命令,不能得到信息。

 

报错如下:

Error: bad response: 500 - access denied for [getinstalledchaincodes]: Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [The identity is not an admin under this MSP [Org3MSP]: The identity does not contain OU [ADMIN], MSP: [Org3MSP]]

翻译: 当前的身份信息不是Org3MSP的管理员

(4)查看当前配置

peer channel fetch config

配置:

  1. 节点

(1) 排序节点 order

  1. 身份

(1) 

peer channel fetch config config_block.pb -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c $CHANNEL --tls --cafile $ORDERER_CA

 

 

4.环境变量查看

(1)Fabric环境变量

Env |grep CORE

 

执行结果:

  1. 节点类

(1) 节点ID

(2) MSPID

(3) 服务侦听地址

(4) 服务对外提供地址

CORE_PEER_ID=peer0.org3.example.com

CORE_PEER_LOCALMSPID=Org3MSP

CORE_PEER_LISTENADDRESS=0.0.0.0:11051

CORE_PEER_ADDRESS=peer0.org3.example.com:11051

 

  1. 安全传输类

(1) 安全传输启用状态

(2) 安全传输证书

(3) 安全传输私钥文件

(4) 安全传输根证书

CORE_PEER_TLS_ENABLED=true

CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt

CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key

CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt

 

 

CORE_PEER_PROFILE_ENABLED=true

 

 

 

  1. 链码类

(1) 链码侦听地址

(2) 链码对外服务地址

CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052

CORE_PEER_CHAINCODEADDRESS=peer0.org3.example.com:11052

 

  1. 链码容器类

(1) 链码容器子网名字

(2) 链码容器接入点

CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=net_test

CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock

 

  1. P2P协议类

(1) 流言协议接入点

(2) 流言协议启动

CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:11051

CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org3.example.com:11051

 

5.网络诊断工具

(1)测试端口是否开发

nc -nvv 192.168.112.20 7050

 

成功:

192.168.112.20 (192.168.112.20:7050) open

失败:

nc: 192.168.60.26 (192.168.60.26:7050): Host is unreachable

sent 0, rcvd 0

 

nc -vz 192.168.116.46:7051

 

(2)节点容器的IP

docker inspect --format='{{.Name}} - {{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -aq)

结果如下:

/Org3cli - 172.22.0.3

/peer0.sm611.newcapec.net - 172.22.0.2

/peer0.org3.example.com - 172.25.0.8

/peer0.org1.example.com - 172.25.0.3

/orderer.example.com - 172.25.0.4

/peer0.org2.example.com - 172.25.0.2

/ca_orderer - 172.25.0.5

/ca_org2 - 172.25.0.7

/ca_org1 - 172.25.0.6

 

(3)列出所有容器网络

docker network ls

如下:

NETWORK ID          NAME                DRIVER              SCOPE

03e2f971f19b        bridge              bridge              local

4ca370671e33        host                host                local

ddcda3fb5bb2        net_dev-test        bridge              local

a69b6c059c61        net_test            bridge              local

20a2a302f7af        none                null                local

 

备注:

Bridge 桥接网络,同一个桥接网络下的容器网络是互通的。

同一个网桥下Fabric节点容器,互联非常顺畅,通过宿主机的IP不能联通。此处存疑,有时间再排查分析。

 

(4)查看容器网络详情

docker inspect net_test

 

如下:

[

    {

        "Name": "net_test",

        "Id": "a69b6c059c61444125f17abbef90564240384ba8dcdb6884a3993b689032a307",

        "Created": "2021-04-02T16:15:24.299874379+08:00",

        "Scope": "local",

        "Driver": "bridge",

        "EnableIPv6": false,

        "IPAM": {

            "Driver": "default",

            "Options": null,

            "Config": [

                {

                    "Subnet": "172.25.0.0/16",

                    "Gateway": "172.25.0.1"

                }

            ]

        },

 

6.Docker工具

(1)Docker数据卷

查看docker数据卷

docker volume ls|grep peer

 

结果:

local               net_peer0.org3.example.com

local               net_peer0.sm611.newcapec.net

 

查看卷具体的存储位置

docker volume inspect net_peer0.sm611.newcapec.net

 

结果:

[

    {

        "CreatedAt": "2021-04-02T09:11:49+08:00",

        "Driver": "local",

        "Labels": null,

        "Mountpoint": "/var/lib/docker/volumes/net_peer0.sm611.newcapec.net/_data",

        "Name": "net_peer0.sm611.newcapec.net",

        "Options": null,

        "Scope": "local"

    }

]

posted @ 2021-09-24 15:55  jiftle  阅读(385)  评论(0编辑  收藏  举报