# 外部证书兼容配置手册 ## 证书准备 * **外部证书** 如果需要使用第三方外部证书,即不是长安链CA(chainmaker-ca)和长安链证书生成工具(chainmaker-cryptogen)生成的X.509标准的数字证书,例如,由BJCA签发的证书,需要准备好第三方外部证书。 * **内部证书** 需要准备由长安链CA或者长安链证书生成工具生成的节点TLS通讯证书。 使用长安链CA参考:[CA证书服务使用手册](../operation/CA证书服务.md) 使用长安链证书生成工具参考:[证书生成工具](../dev/证书生成工具.md) ## 配置方法 主要支持两种配置方式 1. 通过链配置文件写入genesis block。 2. 通过发送配置更新交易,更新到链上。 * 链配置文件方式 该方式需要两步,首先更改链配置文件,其次更新节点或用户的证书配置。 - 在bc.yml链配置文件中添加下面配置 ```yaml trust_members: - member_info: "../BJCA/consensus.sign.crt" org_id: "wx-org1.chainmaker.org" role: "consensus" node_id: "QmcQHCuAXaFkbcsPUj7e37hXXfZ9DdN7bozseo5oX4qiC4" - member_info: "../BJCA/admin.sign.crt" org_id: "wx-org1.chainmaker.org" role: "admin" node_id: "" ``` 1. **member_info** 外部证书文件的路径 2. **org_id** 外部证书在链上的组织ID 3. **role** 外部证书在链上的角色。可填:admin/client/consensus 4. **node_id** 当使用的外部证书为consensus角色的签名证书时,需要将共识配置中的node_id(即该节点TLS证书的node_id)填写到此处。(其它情况可忽略该配置项) 共识配置如下: ```yaml #共识配置 consensus: # 共识类型(0-SOLO,1-TBFT,2-MBFT,3-HOTSTUFF,4-RAFT,10-POW) type: 1 # 共识节点列表,组织必须出现在trust_roots的org_id中,每个组织可配置多个共识节点,节点地址采用libp2p格式 nodes: - org_id: "wx-org1.chainmaker.org" node_id: - "QmcQHCuAXaFkbcsPUj7e37hXXfZ9DdN7bozseo5oX4qiC4" - org_id: "wx-org2.chainmaker.org" node_id: - "QmeyNRs2DwWjcHTpcVHoUSaDAAif4VQZ2wQDQAUNDP33gH" ``` - 节点证书替换为外部证书的方法 打开节点配置文件chainmaker.yml的node部分 ```yaml node: # 节点类型:full type: full org_id: {org_id} priv_key_file: ../config/{org_path}/certs/{node_cert_path}.key cert_file: ../config/{org_path}/certs/{node_cert_path}.crt signer_cache_size: 1000 cert_cache_size: 1000 pkcs11: enabled: false library: # path to the so file of pkcs11 interface label: # label for the slot to be used password: # password to logon the HSM session_cache_size: 10 # size of HSM session cache, default to 10 hash: "SHA256" # hash algorithm used to compute SKI ``` 1. priv_key_file 替换成外部证书的私钥文件路径 2. cert_file 替换成外部证书的证书文件路径 * 发送配置更新交易方式 例如,使用cmc命令行工具操作 - 增加外部信任成员信息 ```sh ./cmc client chainconfig trustmember add \ --sdk-conf-path=./testdata/sdk_config.yml \ --org-id=wx-org1.chainmaker.org \ --admin-crt-file-paths=./testdata/crypto-config/wx-org1.chainmaker.org/user/admin1/admin1.tls.crt,./testdata/crypto-config/wx-org2.chainmaker.org/user/admin1/admin1.tls.crt,./testdata/crypto-config/wx-org3.chainmaker.org/user/admin1/admin1.tls.crt \ --admin-key-file-paths=./testdata/crypto-config/wx-org1.chainmaker.org/user/admin1/admin1.tls.key,./testdata/crypto-config/wx-org2.chainmaker.org/user/admin1/admin1.tls.key,./testdata/crypto-config/wx-org3.chainmaker.org/user/admin1/admin1.tls.key \ --trust-member-org-id=wx-org2.chainmaker.org \ --trust-member-path=./testdata/trust-member-demo/node1-sign.pem \ --trust-member-role=consensus \ --trust-member-node-id=QmYcfSHGiXjHKkHo65YfxWLT6G7B81Zct7F7ep8GWFtuUK ``` **参数说明** 1. trust-member-org-id 外部证书在链上的组织ID 2. trust-member-path 外部证书文件的路径 3. trust-member-role 外部证书在链上的角色 4. trust-member-node-id 当使用的外部证书为consensus角色的签名证书时,需要将共识配置中的node_id配置到该位置。 - 删除外部信任成员信息 ```sh ./cmc client chainconfig trustmember remove \ --sdk-conf-path=./testdata/sdk_config.yml \ --org-id=wx-org1.chainmaker.org \ --admin-crt-file-paths=./testdata/crypto-config/wx-org1.chainmaker.org/user/admin1/admin1.tls.crt,./testdata/crypto-config/wx-org2.chainmaker.org/user/admin1/admin1.tls.crt,./testdata/crypto-config/wx-org3.chainmaker.org/user/admin1/admin1.tls.crt \ --admin-key-file-paths=./testdata/crypto-config/wx-org1.chainmaker.org/user/admin1/admin1.tls.key,./testdata/crypto-config/wx-org2.chainmaker.org/user/admin1/admin1.tls.key,./testdata/crypto-config/wx-org3.chainmaker.org/user/admin1/admin1.tls.key \ --trust-member-path=./testdata/trust-member-demo/node1-sign.pem \ ``` **参数说明** 1. trust-member-path 外部证书文件的路径 ## 示例 本示例基于链环境搭建的[通过命令行工具启动链](../tutorial/通过命令行工具启动链.md)部分,来配置node1的签名证书为第三方外部证书。 * 配置准备 首先进入chainmaker-go目录 将外部证书目录trust-member放到node1节点证书目录下 ```sh $ cd build/config/node1/certs $ tree ``` ```sh ├── ca │   ├── wx-org1.chainmaker.org │   │   └── ca.crt │   ├── wx-org2.chainmaker.org │   │   └── ca.crt │   ├── wx-org3.chainmaker.org │   │   └── ca.crt │   └── wx-org4.chainmaker.org │   └── ca.crt ├── node │   ├── common1 │   │   ├── common1.nodeid │   │   ├── common1.sign.crt │   │   ├── common1.sign.key │   │   ├── common1.tls.crt │   │   └── common1.tls.key │   └── consensus1 │   ├── consensus1.nodeid │   ├── consensus1.sign.crt │   ├── consensus1.sign.key │   ├── consensus1.tls.crt │   └── consensus1.tls.key ├── trust-member │   ├── trust-member.node1-sign.key │   └── trust-member.node1-sign.pem └── user ├── admin1 │   ├── admin1.sign.crt │   ├── admin1.sign.key │   ├── admin1.tls.crt │   └── admin1.tls.key └── client1 ├── client1.addr ├── client1.sign.crt ├── client1.sign.key ├── client1.tls.crt └── client1.tls.key ``` 然后其它节点需要将第三方证书放入证书目录。 ```sh $ cd build/config $ tree ``` ```sh ├── node1 │   ├── certs │   │   ├── ca │   │   │   ├── wx-org1.chainmaker.org │   │   │   │   └── ca.crt │   │   │   ├── wx-org2.chainmaker.org │   │   │   │   └── ca.crt │   │   │   ├── wx-org3.chainmaker.org │   │   │   │   └── ca.crt │   │   │   └── wx-org4.chainmaker.org │   │   │   └── ca.crt │   │   ├── node │   │   │   ├── common1 │   │   │   │   ├── common1.nodeid │   │   │   │   ├── common1.sign.crt │   │   │   │   ├── common1.sign.key │   │   │   │   ├── common1.tls.crt │   │   │   │   └── common1.tls.key │   │   │   └── consensus1 │   │   │   ├── consensus1.nodeid │   │   │   ├── consensus1.sign.crt │   │   │   ├── consensus1.sign.key │   │   │   ├── consensus1.tls.crt │   │   │   └── consensus1.tls.key │   │   ├── trust-member │   │   │   ├── trust-member.node1-sign.key │   │   │   └── trust-member.node1-sign.pem │   │   └── user │   │   ├── admin1 │   │   │   ├── admin1.sign.crt │   │   │   ├── admin1.sign.key │   │   │   ├── admin1.tls.crt │   │   │   └── admin1.tls.key │   │   └── client1 │   │   ├── client1.addr │   │   ├── client1.sign.crt │   │   ├── client1.sign.key │   │   ├── client1.tls.crt │   │   └── client1.tls.key │   ├── chainconfig │   │   └── bc1.yml │   ├── chainmaker.yml │   └── log.yml ├── node2 │   ├── certs │   │   ├── ca │   │   │   ├── wx-org1.chainmaker.org │   │   │   │   └── ca.crt │   │   │   ├── wx-org2.chainmaker.org │   │   │   │   └── ca.crt │   │   │   ├── wx-org3.chainmaker.org │   │   │   │   └── ca.crt │   │   │   └── wx-org4.chainmaker.org │   │   │   └── ca.crt │   │   ├── node │   │   │   ├── common1 │   │   │   │   ├── common1.nodeid │   │   │   │   ├── common1.sign.crt │   │   │   │   ├── common1.sign.key │   │   │   │   ├── common1.tls.crt │   │   │   │   └── common1.tls.key │   │   │   └── consensus1 │   │   │   ├── consensus1.nodeid │   │   │   ├── consensus1.sign.crt │   │   │   ├── consensus1.sign.key │   │   │   ├── consensus1.tls.crt │   │   │   └── consensus1.tls.key │   │   ├── trust-member │   │   │   └── trust-member.node1-sign.pem │   │   └── user │   │   ├── admin1 │   │   │   ├── admin1.sign.crt │   │   │   ├── admin1.sign.key │   │   │   ├── admin1.tls.crt │   │   │   └── admin1.tls.key │   │   └── client1 │   │   ├── client1.addr │   │   ├── client1.sign.crt │   │   ├── client1.sign.key │   │   ├── client1.tls.crt │   │   └── client1.tls.key │   ├── chainconfig │   │   └── bc1.yml │   ├── chainmaker.yml │   └── log.yml ├── node3 │   ├── certs │   │   ├── ca │   │   │   ├── wx-org1.chainmaker.org │   │   │   │   └── ca.crt │   │   │   ├── wx-org2.chainmaker.org │   │   │   │   └── ca.crt │   │   │   ├── wx-org3.chainmaker.org │   │   │   │   └── ca.crt │   │   │   └── wx-org4.chainmaker.org │   │   │   └── ca.crt │   │   ├── node │   │   │   ├── common1 │   │   │   │   ├── common1.nodeid │   │   │   │   ├── common1.sign.crt │   │   │   │   ├── common1.sign.key │   │   │   │   ├── common1.tls.crt │   │   │   │   └── common1.tls.key │   │   │   └── consensus1 │   │   │   ├── consensus1.nodeid │   │   │   ├── consensus1.sign.crt │   │   │   ├── consensus1.sign.key │   │   │   ├── consensus1.tls.crt │   │   │   └── consensus1.tls.key │   │   ├── trust-member │   │   │   └── trust-member.node1-sign.pem │   │   └── user │   │   ├── admin1 │   │   │   ├── admin1.sign.crt │   │   │   ├── admin1.sign.key │   │   │   ├── admin1.tls.crt │   │   │   └── admin1.tls.key │   │   └── client1 │   │   ├── client1.addr │   │   ├── client1.sign.crt │   │   ├── client1.sign.key │   │   ├── client1.tls.crt │   │   └── client1.tls.key │   ├── chainconfig │   │   └── bc1.yml │   ├── chainmaker.yml │   └── log.yml └── node4 ├── certs │   ├── ca │   │   ├── wx-org1.chainmaker.org │   │   │   └── ca.crt │   │   ├── wx-org2.chainmaker.org │   │   │   └── ca.crt │   │   ├── wx-org3.chainmaker.org │   │   │   └── ca.crt │   │   └── wx-org4.chainmaker.org │   │   └── ca.crt │   ├── node │   │   ├── common1 │   │   │   ├── common1.nodeid │   │   │   ├── common1.sign.crt │   │   │   ├── common1.sign.key │   │   │   ├── common1.tls.crt │   │   │   └── common1.tls.key │   │   └── consensus1 │   │   ├── consensus1.nodeid │   │   ├── consensus1.sign.crt │   │   ├── consensus1.sign.key │   │   ├── consensus1.tls.crt │   │   └── consensus1.tls.key │   ├── trust-member │   │   └── trust-member.node1-sign.pem │   └── user │   ├── admin1 │   │   ├── admin1.sign.crt │   │   ├── admin1.sign.key │   │   ├── admin1.tls.crt │   │   └── admin1.tls.key │   └── client1 │   ├── client1.addr │   ├── client1.sign.crt │   ├── client1.sign.key │   ├── client1.tls.crt │   └── client1.tls.key ├── chainconfig │   └── bc1.yml ├── chainmaker.yml └── log.yml ``` node1链配置bc1.yml ```yaml chain_id: chain1 # 链标识 version: v2.0.0 # 链版本 sequence: 1 # 配置版本 auth_type: "identity" # 认证类型 crypto: hash: SHA256 # 合约支持类型的配置 contract: enable_sql_support: false # 合约是否支持sql,此处若为true,则chainmaker.yml中则需配置storage.statedb_config.provider=sql,否则无法启动 # 交易、区块相关配置 block: tx_timestamp_verify: true # 是否需要开启交易时间戳校验 tx_timeout: 600 # 交易时间戳的过期时间(秒) block_tx_capacity: 100 # 区块中最大交易数 block_size: 10 # 区块最大限制,单位MB block_interval: 2000 # 出块间隔,单位:ms # core模块 core: tx_scheduler_timeout: 10 # [0, 60] 交易调度器从交易池拿到交易后, 进行调度的时间 tx_scheduler_validate_timeout: 10 # [0, 60] 交易调度器从区块中拿到交易后, 进行验证的超时时间 # snapshot module snapshot: enable_evidence: false # enable the evidence support # scheduler module scheduler: enable_evidence: false # enable the evidence support #共识配置 consensus: # 共识类型(0-SOLO,1-TBFT,2-MBFT,3-HOTSTUFF,4-RAFT,5-DPOS,10-POW) type: 1 # 共识节点列表,组织必须出现在trust_roots的org_id中,每个组织可配置多个共识节点,节点地址采用libp2p格式 # 其中node_id为chainmaker.yml中 node.cert_file证书对应的nodeid nodes: - org_id: "wx-org1.chainmaker.org" node_id: - "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" - org_id: "wx-org2.chainmaker.org" node_id: - "QmTrbCNfbMcQHJhPrrbjfnAmh29HEGhYc2MoKNR5xPrdkS" - org_id: "wx-org3.chainmaker.org" node_id: - "QmRALrNH4ZXwxCGLH5mEvcoqdLF6C7umfFNNpyo9hRaVWW" - org_id: "wx-org4.chainmaker.org" node_id: - "QmUp3jyBxcDERaf5vcnJsTpqSNTkRLu9bMRQzjjynzRjZZ" ext_config: # 扩展字段,记录难度、奖励等其他类共识算法配置 - key: aa value: chain01_ext11 dpos_config: # DPoS #ERC20合约配置 - key: erc20.total value: "{erc20_total}" - key: erc20.owner value: "{org1_peeraddr}" - key: erc20.decimals value: "18" - key: erc20.account:DPOS_STAKE value: "{erc20_total}" #Stake合约配置 - key: stake.minSelfDelegation value: "2500000" - key: stake.epochValidatorNum value: "{epochValidatorNum}" - key: stake.epochBlockNum value: "10" - key: stake.completionUnbondingEpochNum value: "1" - key: stake.candidate:{org1_peeraddr} value: "2500000" - key: stake.candidate:{org2_peeraddr} value: "2500000" - key: stake.candidate:{org3_peeraddr} value: "2500000" - key: stake.candidate:{org4_peeraddr} value: "2500000" - key: stake.nodeID:{org1_peeraddr} value: "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" - key: stake.nodeID:{org2_peeraddr} value: "QmTrbCNfbMcQHJhPrrbjfnAmh29HEGhYc2MoKNR5xPrdkS" - key: stake.nodeID:{org3_peeraddr} value: "QmRALrNH4ZXwxCGLH5mEvcoqdLF6C7umfFNNpyo9hRaVWW" - key: stake.nodeID:{org4_peeraddr} value: "QmUp3jyBxcDERaf5vcnJsTpqSNTkRLu9bMRQzjjynzRjZZ" # 信任组织和根证书 trust_roots: - org_id: "wx-org1.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org1.chainmaker.org/ca.crt" - org_id: "wx-org2.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org2.chainmaker.org/ca.crt" - org_id: "wx-org3.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org3.chainmaker.org/ca.crt" - org_id: "wx-org4.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org4.chainmaker.org/ca.crt" # 证书库 trust_members: - member_info: "../config/wx-org1.chainmaker.org/certs/trust-member/trust-member.node1-sign.pem" org_id: "wx-org1.chainmaker.org" role: "consensus" node_id: "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" # 权限配置(只能整体添加、修改、删除) resource_policies: - resource_name: CHAIN_CONFIG-NODE_ID_UPDATE policy: rule: SELF # 规则(ANY,MAJORITY...,全部大写,自动转大写) org_list: # 组织名称(组织名称,区分大小写) role_list: # 角色名称(role,自动转大写) - admin - resource_name: CHAIN_CONFIG-TRUST_ROOT_ADD policy: rule: MAJORITY org_list: role_list: - admin - resource_name: CHAIN_CONFIG-CERTS_FREEZE policy: rule: ANY org_list: role_list: - admin ``` node2的链配置bc1.yml (仅显示trust_member部分,其它部分不变) ```yaml trust_members: - member_info: "../config/wx-org2.chainmaker.org/certs/trust-member/trust-member.node1-sign.pem" org_id: "wx-org1.chainmaker.org" role: "consensus" node_id: "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" ``` node3的链配置bc1.yml (仅显示trust_member部分,其它部分不变) ```yaml trust_members: - member_info: "../config/wx-org3.chainmaker.org/certs/trust-member/trust-member.node1-sign.pem" org_id: "wx-org1.chainmaker.org" role: "consensus" node_id: "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" ``` node4的链配置bc1.yml (仅显示trust_member部分,其它部分不变) ```yaml trust_members: - member_info: "../config/wx-org4.chainmaker.org/certs/trust-member/trust-member.node1-sign.pem" org_id: "wx-org1.chainmaker.org" role: "consensus" node_id: "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" ``` node1的节点配置文件chainmaker.yml ```yaml log: config_file: ../config/wx-org1.chainmaker.org/log.yml # config file of logger configuration. blockchain: - chainId: chain1 genesis: ../config/wx-org1.chainmaker.org/chainconfig/bc1.yml node: # 节点类型:full type: full org_id: wx-org1.chainmaker.org # priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.key # cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.crt priv_key_file: ../config/wx-org1.chainmaker.org/certs/trust-member/trust-member.node1-sign.key cert_file: ../config/wx-org1.chainmaker.org/certs/trust-member/trust-member.node1-sign.pem signer_cache_size: 1000 cert_cache_size: 1000 pkcs11: enabled: false library: # path to the so file of pkcs11 interface label: # label for the slot to be used password: # password to logon the HSM session_cache_size: 10 # size of HSM session cache, default to 10 hash: "SHA256" # hash algorithm used to compute SKI net: provider: LibP2P listen_addr: /ip4/0.0.0.0/tcp/11301 seeds: - "/ip4/127.0.0.1/tcp/11301/p2p/QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" - "/ip4/127.0.0.1/tcp/11302/p2p/QmTrbCNfbMcQHJhPrrbjfnAmh29HEGhYc2MoKNR5xPrdkS" - "/ip4/127.0.0.1/tcp/11303/p2p/QmRALrNH4ZXwxCGLH5mEvcoqdLF6C7umfFNNpyo9hRaVWW" - "/ip4/127.0.0.1/tcp/11304/p2p/QmUp3jyBxcDERaf5vcnJsTpqSNTkRLu9bMRQzjjynzRjZZ" tls: enabled: true priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.key cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.crt txpool: max_txpool_size: 50000 # 普通交易池上限 max_config_txpool_size: 10 # config交易池的上限 full_notify_again_time: 30 # 交易池溢出后,再次通知的时间间隔(秒) # pool_type: "batch" # single/batch:single实时进入交易池,batch批量进入交易池 # batch_max_size: 30000 # 批次最大大小 # batch_create_timeout: 200 # 创建批次超时时间,单位毫秒 rpc: provider: grpc port: 12301 # 检查链配置TrustRoots证书变化时间间隔,单位:s,最小值为10s check_chain_conf_trust_roots_change_interval: 60 ratelimit: # 每秒补充令牌数,取值:-1-不受限;0-默认值(10000) token_per_second: -1 # 令牌桶大小,取值:-1-不受限;0-默认值(10000) token_bucket_size: -1 subscriber: # 历史消息订阅流控,实时消息订阅不会进行流控 ratelimit: # 每秒补充令牌数,取值:-1-不受限;0-默认值(1000) token_per_second: 100 # 令牌桶大小,取值:-1-不受限;0-默认值(1000) token_bucket_size: 100 tls: # TLS模式: # disable - 不启用TLS # oneway - 单向认证 # twoway - 双向认证 #mode: disable #mode: oneway mode: twoway priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.key cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.crt monitor: enabled: true port: 14321 pprof: enabled: false port: 24321 storage: store_path: ../data/wx-org1.chainmaker.org/ledgerData1 # 最小的不允许归档的区块高度 unarchive_block_height: 300000 blockdb_config: provider: leveldb leveldb_config: store_path: ../data/wx-org1.chainmaker.org/blocks statedb_config: provider: leveldb # leveldb/sql 二选一 leveldb_config: # leveldb config store_path: ../data/wx-org1.chainmaker.org/state # sqldb_config: # sql config,只有provider为sql的时候才需要配置和启用这个配置 # sqldb_type: mysql #具体的sql db类型,目前支持mysql,sqlite # dsn: root:password@tcp(127.0.0.1:3306)/ #mysql的连接信息,包括用户名、密码、ip、port等,示例:root:admin@tcp(127.0.0.1:3306)/ historydb_config: provider: leveldb leveldb_config: store_path: ../data/wx-org1.chainmaker.org/history resultdb_config: provider: leveldb leveldb_config: store_path: ../data/wx-org1.chainmaker.org/result disable_contract_eventdb: true #是否禁止合约事件存储功能,默认为true,如果设置为false,需要配置mysql contract_eventdb_config: provider: sql #如果开启contract event db 功能,需要指定provider为sql sqldb_config: sqldb_type: mysql #contract event db 只支持mysql dsn: root:password@tcp(127.0.0.1:3306)/ #mysql的连接信息,包括用户名、密码、ip、port等,示例:root:admin@tcp(127.0.0.1:3306)/ core: evidence: false scheduler: rwset_log: false #whether log the txRWSet map in the debug mode ``` * 链启动 ```sh $ cd scripts $ ./build_release.sh $ ./cluster_quick_start.sh normal ``` 查看进程是否存在 ```sh $ ps -ef|grep chainmaker | grep -v grep lxf 20816 1 8 15:34 pts/0 00:00:01 ./chainmaker start -c ../config/wx-org1.chainmaker.org/chainmaker.yml lxf 20835 1 8 15:34 pts/0 00:00:00 ./chainmaker start -c ../config/wx-org2.chainmaker.org/chainmaker.yml lxf 20855 1 9 15:34 pts/0 00:00:00 ./chainmaker start -c ../config/wx-org3.chainmaker.org/chainmaker.yml lxf 20874 1 10 15:34 pts/0 00:00:00 ./chainmaker start -c ../config/wx-org4.chainmaker.org/chainmaker.yml ``` 查看端口是否监听 ```sh $ netstat -lptn | grep 1230 tcp6 0 0 :::12301 :::* LISTEN 20816/./chainmaker tcp6 0 0 :::12302 :::* LISTEN 20835/./chainmaker tcp6 0 0 :::12303 :::* LISTEN 20855/./chainmaker tcp6 0 0 :::12304 :::* LISTEN 20874/./chainmaker ```