fabric1.2服务组件在跑在k8s集群上，使用过程中出现的问

1.k8s上部署solo版fabric后还需要创建 生成fabric-ca admin的凭证和创建联盟，不然使用自身开发client进行添加用户时报错，（j可参考：https://www.lijiaocn.com/项目/2018/05/04/fabric-ca-example.html）

{
"code": 1001,
"message": "添加用户失败:failed to add identity: Response from server: Error Code: 52 - Failed to add identity: Registration of 'user4' failed in affiliation validation: Failed getting affiliation 'com.example.org1': : scode: 404, code: 63, msg: Failed to get Affiliation: sql: no rows in result set\n"
}

到ca的容器内执行如下：

生成fabric-ca admin的凭证，用-H参数指定client目录：
mkdir -p `pwd`/fabric-ca-files/admin
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054 -H `pwd`/fabric-ca-files/admin
也可以用环境变量FABRIC_CA_CLIENT_HOME指定了client的工作目录，生成的用户凭证将存放在这个目录中。
export FABRIC_CA_CLIENT_HOME=`pwd`/fabric-ca-files/admin
mkdir -p $FABRIC_CA_CLIENT_HOME
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
为了防止混乱，后面的演示操作中，都直接用-H指定目录。
创建联盟
上面的启动方式默认会创建两个组织：
$ fabric-ca-client  -H `pwd`/fabric-ca-files/admin  affiliation list
2018/05/07 02:36:46 [INFO] [::1]:56148 GET /affiliations 200 0 "OK"
affiliation: .
   affiliation: org2
      affiliation: org2.department1
   affiliation: org1
      affiliation: org1.department1
      affiliation: org1.department2
为了查看信息的时候，看到的输出比较简洁，用下面的命令将其删除：
fabric-ca-client -H `pwd`/fabric-ca-files/admin  affiliation remove --force  org1
fabric-ca-client -H `pwd`/fabric-ca-files/admin  affiliation remove --force  org2
执行下面命令创建联盟：
fabric-ca-client  -H `pwd`/fabric-ca-files/admin  affiliation add com 
fabric-ca-client  -H `pwd`/fabric-ca-files/admin  affiliation add com.example
fabric-ca-client  -H `pwd`/fabric-ca-files/admin  affiliation add com.example.org1
fabric-ca-client  -H `pwd`/fabric-ca-files/admin  affiliation add com.example.org2

2.添加用户失败:

failed to initialize configuration: unable to load endpoint config: failed to initialize endpoint config from config backend: network configuration load failed: 
failed to load channel configs: failed to load network TLSConfig: failed to load client TLSConfig : failed to load client key: failed to load pem bytes from path
 ./crypto-config/peerOrganizations/org1/users/Admin@org1/tls/client.key: open ./crypto-config/peerOrganizations/org1/users/Admin@org1/tls/client.key: no such file or directory"

查看config.yaml.tmpl 中证书配置是否正确

3.安装链码报错

{
    "code": 0,
    "message": "安装链码失败:sending deploy transaction proposal failed: Multiple errors occurred: \nTransaction processing for endorser [172.16.5.208:30210]: 
    Endorser Client Status Code: (23) CHAINCODE_NAME_NOT_FOUND. Description: cannot get package for chaincode (token1:0.1)\nTransaction processing for endorser 
    [172.16.5.208:30110]: Chaincode status Code: (500) UNKNOWN. Description: failed to execute transaction 013a87728c4a86af01874b1e1bd57100c99bc4200a02b7bcce6177bf315c919c: 
    error starting container: error starting container: Failed to generate platform-specific docker build: Error returned from build: 1
    \"chaincode/input/src/github.com/chaincodetest/jifen/token.go:7:2: cannot find package \"github.com/hyperledger/fabric/core/chaincode/lib/cid\" 
    in any of:\n\t/opt/go/src/github.com/hyperledger/fabric/core/chaincode/lib/cid (from $GOROOT)\n\t/chaincode/input/src/github.com/hyperledger/fabric/core/chaincode/lib/cid 
    (from $GOPATH)\n\t/opt/gopath/src/github.com/hyperledger/fabric/core/chaincode/lib/cid\n\""
}

chaincode 容器所需的镜像中需要添加lib依赖

4.操作链码错误

{
    "code": 1235,
    "message": "安装链码安装失败了:unable to verify if cc is installed on grpc://172.16.5.208:30210. Got error: lscc.getinstalledchaincodes failed: 
    SendProposal failed: Transaction processing for endorser [172.16.5.208:30210]: gRPC Transport Status Code: (2) Unknown. Description: access denied: 
    channel [] creator org [Org2MSP]"
}

{
    "code": 1236,
    "message": "初始化链码失败:failed to create channel management client from Admin identity: 
    failed to create resmgmt client due to context error: getting private key from cert failed: 
    Failed getting key for SKI [[47 114 196 206 175 166 131 245 153 29 138 162 60 28 213 73 231 154 18 121 149 194 86 182 246 205 13 19 160 141 193 232]]:
    Key with SKI 2f72c4ceafa683f5991d8aa23c1cd549e79a127995c256b6f6cd0d13a08dc1e8 not found in /tmp/msp/keystore"
}


{
    "code": 1236,
    "message": "安装链码安装失败了:failed to create resmgmt client due to context error: 
    getting private key from cert failed: Failed getting key for SKI [[188 138 153 68 203 127 93 72 17 105 164 27 23 83 36 67 23 26 99 141 99 0 146 197 160 192 214 107 195 81 114 95]]: 
    Key with SKI bc8a9944cb7f5d481169a41b17532443171a638d630092c5a0c0d66bc351725f not found in /tmp/msp/keystore"
}

上面基本都是证书问题， 在config.yaml 中org下添加Admin的 证书

organizations:
  org1.example.com:
    mspid: Org1MSP
    cryptoPath: peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp/
    users:
      Admin:
        key:
          pem: |
            -----BEGIN PRIVATE KEY-----
            MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgBmBMkizAGlnf7k43
            rFPRmVYQQGStQUcfD1eTIque6S5cgpqobqVmqVXBlMNQZbZaIZ36QzdL
            -----END PRIVATE KEY----- 
        cert:
          pem: |
            -----BEGIN CERTIFICATE-----
            MIICQzCCAeqgAwIBAgIRAI2ODhwCEBBhgbvVp11M8kowCgYIKoZIzj0EAwIwczEL
            MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
            cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
            Lm9yZzEuZXhhbXBsZS5jb20wHhcNMTkwNDI4MDczNjI2WhcNMjkwNDI1MDczNjI2
            dByn0ENLDDqeqMAiB0C47LQlzg5VHis8EHnRcuG2XZfMWnbKSk
            wonY/T3O7Q==
            -----END CERTIFICATE-----
    peers:
      - peer0.org1.example.com
    certificateAuthorities:
      - ca.org1.example.com 

特别注意:

更新peer或者order的域名地址，相应的在fabric部署前configtx.yaml必须同步更新，否则peer和order内部相互访问时还会用到这里面配置的

基本命令

合约的查询调用：

查看peer加入的channel:
peer  channel  list

获取指定频道得区块链信息:
peer  channel  getinfo -c channel1


peer chaincode list   --installed （可能报权限问题，原因是所在peer容器设置的msp证书地址错误，权限不够，可以改成peer加入channel的时的证书地址    Error: Bad response: 500 - access denied for [getinstalledchaincodes]: Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [This identity is not an admin]）
peer chaincode  list -C channel1  --instantiated  //查看instantiated 必须指定channel name

peer chaincode invoke -o orderer.example.com:7050   -C channel1 -n cc -c '{"Args":["write","key1","key1valueisabc"]}'

peer chaincode invoke -C channel1 -n cc -c '{"Args":["invoke","a","b","20"]}'

peer chaincode query  -C channel1 -n cc -c '{"Args":["query","a"]}'

#必须在client 容器执行，每个peer都要安装#
peer chaincode install -n cc -v 1.0 -p chaincode_example02/
peer chaincode instantiate -o 10.68.176.58:7050 -C mychannel -n cc -v 1.0 -c '{"Args":["init","a","100","b","200"]}'

peer chaincode instantiate -o orderer.ordererorg1:31010 -C channel1 -n cc -v 1.0 -c '{"Args":["init","a","100","b","200"]}'

升级链码：（https://blog.51cto.com/clovemfong/2149953?source=dra）
链码版本号修改为: 2.0
重新安装链码(容器:cli)
$ peer chaincode install -p chaincode_example02/ -n cc -v 2.0
注意版本号必须一致 
在对某链码代码升级前, 推荐先将所有该链码的容器停止, 并从Peer上备份并移除旧 链码部署文件. 之后先在个别Peer节点上部署新链码, 对原有数据进行测试, 成功后再在其它节点上进行升级操作 
升级链码(容器:cli)
$ peer chaincode upgrade -n cc -v 2.0 -c '{"Args":["init","a","800","b","900"]}' -C channel1