外部证书兼容配置手册
证书准备
外部证书
如果需要使用第三方外部证书,即不是长安链CA(chainmaker-ca)和长安链证书生成工具(chainmaker-cryptogen)生成的X.509标准的数字证书,例如,由BJCA签发的证书,需要准备好第三方外部证书。
内部证书
需要准备由长安链CA或者长安链证书生成工具生成的节点TLS通讯证书。
使用长安链CA参考:CA证书服务使用手册
使用长安链证书生成工具参考:证书生成工具
配置方法
主要支持两种配置方式
通过链配置文件写入genesis block。
通过发送配置更新交易,更新到链上。
链配置文件方式
该方式需要两步,首先更改链配置文件,其次更新节点或用户的证书配置。
在bc.yml链配置文件中添加下面配置
trust_members: - member_info: "../BJCA/consensus.sign.crt" org_id: "wx-org1.chainmaker.org" role: "consensus" node_id: "QmcQHCuAXaFkbcsPUj7e37hXXfZ9DdN7bozseo5oX4qiC4" - member_info: "../BJCA/admin.sign.crt" org_id: "wx-org1.chainmaker.org" role: "admin" node_id: ""
member_info
外部证书文件的路径
org_id
外部证书在链上的组织ID
role
外部证书在链上的角色。可填:admin/client/consensus
node_id
当使用的外部证书为consensus角色的签名证书时,需要将共识配置中的node_id(即该节点TLS证书的node_id)填写到此处。(其它情况可忽略该配置项)
共识配置如下:
#共识配置 consensus: # 共识类型(0-SOLO,1-TBFT,2-MBFT,3-HOTSTUFF,4-RAFT,10-POW) type: 1 # 共识节点列表,组织必须出现在trust_roots的org_id中,每个组织可配置多个共识节点,节点地址采用libp2p格式 nodes: - org_id: "wx-org1.chainmaker.org" node_id: - "QmcQHCuAXaFkbcsPUj7e37hXXfZ9DdN7bozseo5oX4qiC4" - org_id: "wx-org2.chainmaker.org" node_id: - "QmeyNRs2DwWjcHTpcVHoUSaDAAif4VQZ2wQDQAUNDP33gH"
节点证书替换为外部证书的方法
打开节点配置文件chainmaker.yml的node部分
node: # 节点类型:full type: full org_id: {org_id} priv_key_file: ../config/{org_path}/certs/{node_cert_path}.key cert_file: ../config/{org_path}/certs/{node_cert_path}.crt signer_cache_size: 1000 cert_cache_size: 1000 pkcs11: enabled: false library: # path to the so file of pkcs11 interface label: # label for the slot to be used password: # password to logon the HSM session_cache_size: 10 # size of HSM session cache, default to 10 hash: "SHA256" # hash algorithm used to compute SKI
priv_key_file 替换成外部证书的私钥文件路径
cert_file 替换成外部证书的证书文件路径
发送配置更新交易方式
例如,使用cmc命令行工具操作
增加外部信任成员信息
./cmc client chainconfig trustmember add \ --sdk-conf-path=./testdata/sdk_config.yml \ --org-id=wx-org1.chainmaker.org \ --admin-crt-file-paths=./testdata/crypto-config/wx-org1.chainmaker.org/user/admin1/admin1.sign.crt,./testdata/crypto-config/wx-org2.chainmaker.org/user/admin1/admin1.sign.crt,./testdata/crypto-config/wx-org3.chainmaker.org/user/admin1/admin1.sign.crt \ --admin-key-file-paths=./testdata/crypto-config/wx-org1.chainmaker.org/user/admin1/admin1.sign.key,./testdata/crypto-config/wx-org2.chainmaker.org/user/admin1/admin1.sign.key,./testdata/crypto-config/wx-org3.chainmaker.org/user/admin1/admin1.sign.key \ --trust-member-org-id=wx-org2.chainmaker.org \ --trust-member-path=./testdata/trust-member-demo/node1-sign.pem \ --trust-member-role=consensus \ --trust-member-node-id=QmYcfSHGiXjHKkHo65YfxWLT6G7B81Zct7F7ep8GWFtuUK
参数说明
trust-member-org-id 外部证书在链上的组织ID
trust-member-path 外部证书文件的路径
trust-member-role 外部证书在链上的角色
trust-member-node-id 当使用的外部证书为consensus角色的签名证书时,需要将共识配置中的node_id配置到该位置。
删除外部信任成员信息
./cmc client chainconfig trustmember remove \ --sdk-conf-path=./testdata/sdk_config.yml \ --org-id=wx-org1.chainmaker.org \ --admin-crt-file-paths=./testdata/crypto-config/wx-org1.chainmaker.org/user/admin1/admin1.sign.crt,./testdata/crypto-config/wx-org2.chainmaker.org/user/admin1/admin1.sign.crt,./testdata/crypto-config/wx-org3.chainmaker.org/user/admin1/admin1.sign.crt \ --admin-key-file-paths=./testdata/crypto-config/wx-org1.chainmaker.org/user/admin1/admin1.sign.key,./testdata/crypto-config/wx-org2.chainmaker.org/user/admin1/admin1.sign.key,./testdata/crypto-config/wx-org3.chainmaker.org/user/admin1/admin1.sign.key \ --trust-member-path=./testdata/trust-member-demo/node1-sign.pem \
参数说明
trust-member-path 外部证书文件的路径
示例
本示例基于链环境搭建的通过命令行工具启动链部分,来配置node1的签名证书为第三方外部证书。
配置准备
首先进入chainmaker-go目录
将外部证书目录trust-member放到node1节点证书目录下
$ cd build/config/node1/certs $ tree
├── ca │ ├── wx-org1.chainmaker.org │ │ └── ca.crt │ ├── wx-org2.chainmaker.org │ │ └── ca.crt │ ├── wx-org3.chainmaker.org │ │ └── ca.crt │ └── wx-org4.chainmaker.org │ └── ca.crt ├── node │ ├── common1 │ │ ├── common1.nodeid │ │ ├── common1.sign.crt │ │ ├── common1.sign.key │ │ ├── common1.tls.crt │ │ └── common1.tls.key │ └── consensus1 │ ├── consensus1.nodeid │ ├── consensus1.sign.crt │ ├── consensus1.sign.key │ ├── consensus1.tls.crt │ └── consensus1.tls.key ├── trust-member │ ├── trust-member.node1-sign.key │ └── trust-member.node1-sign.pem └── user ├── admin1 │ ├── admin1.sign.crt │ ├── admin1.sign.key │ ├── admin1.tls.crt │ └── admin1.tls.key └── client1 ├── client1.addr ├── client1.sign.crt ├── client1.sign.key ├── client1.tls.crt └── client1.tls.key
然后其它节点需要将第三方证书放入证书目录。
$ cd build/config $ tree
├── node1 │ ├── certs │ │ ├── ca │ │ │ ├── wx-org1.chainmaker.org │ │ │ │ └── ca.crt │ │ │ ├── wx-org2.chainmaker.org │ │ │ │ └── ca.crt │ │ │ ├── wx-org3.chainmaker.org │ │ │ │ └── ca.crt │ │ │ └── wx-org4.chainmaker.org │ │ │ └── ca.crt │ │ ├── node │ │ │ ├── common1 │ │ │ │ ├── common1.nodeid │ │ │ │ ├── common1.sign.crt │ │ │ │ ├── common1.sign.key │ │ │ │ ├── common1.tls.crt │ │ │ │ └── common1.tls.key │ │ │ └── consensus1 │ │ │ ├── consensus1.nodeid │ │ │ ├── consensus1.sign.crt │ │ │ ├── consensus1.sign.key │ │ │ ├── consensus1.tls.crt │ │ │ └── consensus1.tls.key │ │ ├── trust-member │ │ │ ├── trust-member.node1-sign.key │ │ │ └── trust-member.node1-sign.pem │ │ └── user │ │ ├── admin1 │ │ │ ├── admin1.sign.crt │ │ │ ├── admin1.sign.key │ │ │ ├── admin1.tls.crt │ │ │ └── admin1.tls.key │ │ └── client1 │ │ ├── client1.addr │ │ ├── client1.sign.crt │ │ ├── client1.sign.key │ │ ├── client1.tls.crt │ │ └── client1.tls.key │ ├── chainconfig │ │ └── bc1.yml │ ├── chainmaker.yml │ └── log.yml ├── node2 │ ├── certs │ │ ├── ca │ │ │ ├── wx-org1.chainmaker.org │ │ │ │ └── ca.crt │ │ │ ├── wx-org2.chainmaker.org │ │ │ │ └── ca.crt │ │ │ ├── wx-org3.chainmaker.org │ │ │ │ └── ca.crt │ │ │ └── wx-org4.chainmaker.org │ │ │ └── ca.crt │ │ ├── node │ │ │ ├── common1 │ │ │ │ ├── common1.nodeid │ │ │ │ ├── common1.sign.crt │ │ │ │ ├── common1.sign.key │ │ │ │ ├── common1.tls.crt │ │ │ │ └── common1.tls.key │ │ │ └── consensus1 │ │ │ ├── consensus1.nodeid │ │ │ ├── consensus1.sign.crt │ │ │ ├── consensus1.sign.key │ │ │ ├── consensus1.tls.crt │ │ │ └── consensus1.tls.key │ │ ├── trust-member │ │ │ └── trust-member.node1-sign.pem │ │ └── user │ │ ├── admin1 │ │ │ ├── admin1.sign.crt │ │ │ ├── admin1.sign.key │ │ │ ├── admin1.tls.crt │ │ │ └── admin1.tls.key │ │ └── client1 │ │ ├── client1.addr │ │ ├── client1.sign.crt │ │ ├── client1.sign.key │ │ ├── client1.tls.crt │ │ └── client1.tls.key │ ├── chainconfig │ │ └── bc1.yml │ ├── chainmaker.yml │ └── log.yml ├── node3 │ ├── certs │ │ ├── ca │ │ │ ├── wx-org1.chainmaker.org │ │ │ │ └── ca.crt │ │ │ ├── wx-org2.chainmaker.org │ │ │ │ └── ca.crt │ │ │ ├── wx-org3.chainmaker.org │ │ │ │ └── ca.crt │ │ │ └── wx-org4.chainmaker.org │ │ │ └── ca.crt │ │ ├── node │ │ │ ├── common1 │ │ │ │ ├── common1.nodeid │ │ │ │ ├── common1.sign.crt │ │ │ │ ├── common1.sign.key │ │ │ │ ├── common1.tls.crt │ │ │ │ └── common1.tls.key │ │ │ └── consensus1 │ │ │ ├── consensus1.nodeid │ │ │ ├── consensus1.sign.crt │ │ │ ├── consensus1.sign.key │ │ │ ├── consensus1.tls.crt │ │ │ └── consensus1.tls.key │ │ ├── trust-member │ │ │ └── trust-member.node1-sign.pem │ │ └── user │ │ ├── admin1 │ │ │ ├── admin1.sign.crt │ │ │ ├── admin1.sign.key │ │ │ ├── admin1.tls.crt │ │ │ └── admin1.tls.key │ │ └── client1 │ │ ├── client1.addr │ │ ├── client1.sign.crt │ │ ├── client1.sign.key │ │ ├── client1.tls.crt │ │ └── client1.tls.key │ ├── chainconfig │ │ └── bc1.yml │ ├── chainmaker.yml │ └── log.yml └── node4 ├── certs │ ├── ca │ │ ├── wx-org1.chainmaker.org │ │ │ └── ca.crt │ │ ├── wx-org2.chainmaker.org │ │ │ └── ca.crt │ │ ├── wx-org3.chainmaker.org │ │ │ └── ca.crt │ │ └── wx-org4.chainmaker.org │ │ └── ca.crt │ ├── node │ │ ├── common1 │ │ │ ├── common1.nodeid │ │ │ ├── common1.sign.crt │ │ │ ├── common1.sign.key │ │ │ ├── common1.tls.crt │ │ │ └── common1.tls.key │ │ └── consensus1 │ │ ├── consensus1.nodeid │ │ ├── consensus1.sign.crt │ │ ├── consensus1.sign.key │ │ ├── consensus1.tls.crt │ │ └── consensus1.tls.key │ ├── trust-member │ │ └── trust-member.node1-sign.pem │ └── user │ ├── admin1 │ │ ├── admin1.sign.crt │ │ ├── admin1.sign.key │ │ ├── admin1.tls.crt │ │ └── admin1.tls.key │ └── client1 │ ├── client1.addr │ ├── client1.sign.crt │ ├── client1.sign.key │ ├── client1.tls.crt │ └── client1.tls.key ├── chainconfig │ └── bc1.yml ├── chainmaker.yml └── log.yml
node1链配置bc1.yml
chain_id: chain1 # 链标识 version: v2.0.0 # 链版本 sequence: 1 # 配置版本 auth_type: "identity" # 认证类型 crypto: hash: SHA256 # 合约支持类型的配置 contract: enable_sql_support: false # 合约是否支持sql,此处若为true,则chainmaker.yml中则需配置storage.statedb_config.provider=sql,否则无法启动 # 交易、区块相关配置 block: tx_timestamp_verify: true # 是否需要开启交易时间戳校验 tx_timeout: 600 # 交易时间戳的过期时间(秒) block_tx_capacity: 100 # 区块中最大交易数 block_size: 10 # 区块最大限制,单位MB block_interval: 2000 # 出块间隔,单位:ms # core模块 core: tx_scheduler_timeout: 10 # [0, 60] 交易调度器从交易池拿到交易后, 进行调度的时间 tx_scheduler_validate_timeout: 10 # [0, 60] 交易调度器从区块中拿到交易后, 进行验证的超时时间 # snapshot module snapshot: enable_evidence: false # enable the evidence support # scheduler module scheduler: enable_evidence: false # enable the evidence support #共识配置 consensus: # 共识类型(0-SOLO,1-TBFT,2-MBFT,3-HOTSTUFF,4-RAFT,5-DPOS,10-POW) type: 1 # 共识节点列表,组织必须出现在trust_roots的org_id中,每个组织可配置多个共识节点,节点地址采用libp2p格式 # 其中node_id为chainmaker.yml中 node.cert_file证书对应的nodeid nodes: - org_id: "wx-org1.chainmaker.org" node_id: - "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" - org_id: "wx-org2.chainmaker.org" node_id: - "QmTrbCNfbMcQHJhPrrbjfnAmh29HEGhYc2MoKNR5xPrdkS" - org_id: "wx-org3.chainmaker.org" node_id: - "QmRALrNH4ZXwxCGLH5mEvcoqdLF6C7umfFNNpyo9hRaVWW" - org_id: "wx-org4.chainmaker.org" node_id: - "QmUp3jyBxcDERaf5vcnJsTpqSNTkRLu9bMRQzjjynzRjZZ" ext_config: # 扩展字段,记录难度、奖励等其他类共识算法配置 - key: aa value: chain01_ext11 dpos_config: # DPoS #ERC20合约配置 - key: erc20.total value: "{erc20_total}" - key: erc20.owner value: "{org1_peeraddr}" - key: erc20.decimals value: "18" - key: erc20.account:DPOS_STAKE value: "{erc20_total}" #Stake合约配置 - key: stake.minSelfDelegation value: "2500000" - key: stake.epochValidatorNum value: "{epochValidatorNum}" - key: stake.epochBlockNum value: "10" - key: stake.completionUnbondingEpochNum value: "1" - key: stake.candidate:{org1_peeraddr} value: "2500000" - key: stake.candidate:{org2_peeraddr} value: "2500000" - key: stake.candidate:{org3_peeraddr} value: "2500000" - key: stake.candidate:{org4_peeraddr} value: "2500000" - key: stake.nodeID:{org1_peeraddr} value: "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" - key: stake.nodeID:{org2_peeraddr} value: "QmTrbCNfbMcQHJhPrrbjfnAmh29HEGhYc2MoKNR5xPrdkS" - key: stake.nodeID:{org3_peeraddr} value: "QmRALrNH4ZXwxCGLH5mEvcoqdLF6C7umfFNNpyo9hRaVWW" - key: stake.nodeID:{org4_peeraddr} value: "QmUp3jyBxcDERaf5vcnJsTpqSNTkRLu9bMRQzjjynzRjZZ" # 信任组织和根证书 trust_roots: - org_id: "wx-org1.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org1.chainmaker.org/ca.crt" - org_id: "wx-org2.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org2.chainmaker.org/ca.crt" - org_id: "wx-org3.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org3.chainmaker.org/ca.crt" - org_id: "wx-org4.chainmaker.org" root: - "../config/wx-org1.chainmaker.org/certs/ca/wx-org4.chainmaker.org/ca.crt" # 证书库 trust_members: - member_info: "../config/wx-org1.chainmaker.org/certs/trust-member/trust-member.node1-sign.pem" org_id: "wx-org1.chainmaker.org" role: "consensus" node_id: "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" # 权限配置(只能整体添加、修改、删除) resource_policies: - resource_name: CHAIN_CONFIG-NODE_ID_UPDATE policy: rule: SELF # 规则(ANY,MAJORITY...,全部大写,自动转大写) org_list: # 组织名称(组织名称,区分大小写) role_list: # 角色名称(role,自动转大写) - admin - resource_name: CHAIN_CONFIG-TRUST_ROOT_ADD policy: rule: MAJORITY org_list: role_list: - admin - resource_name: CHAIN_CONFIG-CERTS_FREEZE policy: rule: ANY org_list: role_list: - admin
node2的链配置bc1.yml (仅显示trust_member部分,其它部分不变)
trust_members: - member_info: "../config/wx-org2.chainmaker.org/certs/trust-member/trust-member.node1-sign.pem" org_id: "wx-org1.chainmaker.org" role: "consensus" node_id: "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp"
node3的链配置bc1.yml (仅显示trust_member部分,其它部分不变)
trust_members: - member_info: "../config/wx-org3.chainmaker.org/certs/trust-member/trust-member.node1-sign.pem" org_id: "wx-org1.chainmaker.org" role: "consensus" node_id: "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp"
node4的链配置bc1.yml (仅显示trust_member部分,其它部分不变)
trust_members: - member_info: "../config/wx-org4.chainmaker.org/certs/trust-member/trust-member.node1-sign.pem" org_id: "wx-org1.chainmaker.org" role: "consensus" node_id: "QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp"
node1的节点配置文件chainmaker.yml
log: config_file: ../config/wx-org1.chainmaker.org/log.yml # config file of logger configuration. blockchain: - chainId: chain1 genesis: ../config/wx-org1.chainmaker.org/chainconfig/bc1.yml node: # 节点类型:full type: full org_id: wx-org1.chainmaker.org # priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.key # cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.sign.crt priv_key_file: ../config/wx-org1.chainmaker.org/certs/trust-member/trust-member.node1-sign.key cert_file: ../config/wx-org1.chainmaker.org/certs/trust-member/trust-member.node1-sign.pem signer_cache_size: 1000 cert_cache_size: 1000 pkcs11: enabled: false library: # path to the so file of pkcs11 interface label: # label for the slot to be used password: # password to logon the HSM session_cache_size: 10 # size of HSM session cache, default to 10 hash: "SHA256" # hash algorithm used to compute SKI net: provider: LibP2P listen_addr: /ip4/0.0.0.0/tcp/11301 seeds: - "/ip4/127.0.0.1/tcp/11301/p2p/QmTfgpaCgZUGHmgzzJ6AhyU7WnDmNt9xHk9acSkaa5KJdp" - "/ip4/127.0.0.1/tcp/11302/p2p/QmTrbCNfbMcQHJhPrrbjfnAmh29HEGhYc2MoKNR5xPrdkS" - "/ip4/127.0.0.1/tcp/11303/p2p/QmRALrNH4ZXwxCGLH5mEvcoqdLF6C7umfFNNpyo9hRaVWW" - "/ip4/127.0.0.1/tcp/11304/p2p/QmUp3jyBxcDERaf5vcnJsTpqSNTkRLu9bMRQzjjynzRjZZ" tls: enabled: true priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.key cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.crt txpool: max_txpool_size: 50000 # 普通交易池上限 max_config_txpool_size: 10 # config交易池的上限 full_notify_again_time: 30 # 交易池溢出后,再次通知的时间间隔(秒) # pool_type: "batch" # single/batch:single实时进入交易池,batch批量进入交易池 # batch_max_size: 30000 # 批次最大大小 # batch_create_timeout: 200 # 创建批次超时时间,单位毫秒 rpc: provider: grpc port: 12301 # 检查链配置TrustRoots证书变化时间间隔,单位:s,最小值为10s check_chain_conf_trust_roots_change_interval: 60 ratelimit: # 每秒补充令牌数,取值:-1-不受限;0-默认值(10000) token_per_second: -1 # 令牌桶大小,取值:-1-不受限;0-默认值(10000) token_bucket_size: -1 subscriber: # 历史消息订阅流控,实时消息订阅不会进行流控 ratelimit: # 每秒补充令牌数,取值:-1-不受限;0-默认值(1000) token_per_second: 100 # 令牌桶大小,取值:-1-不受限;0-默认值(1000) token_bucket_size: 100 tls: # TLS模式: # disable - 不启用TLS # oneway - 单向认证 # twoway - 双向认证 #mode: disable #mode: oneway mode: twoway priv_key_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.key cert_file: ../config/wx-org1.chainmaker.org/certs/node/consensus1/consensus1.tls.crt monitor: enabled: true port: 14321 pprof: enabled: false port: 24321 storage: store_path: ../data/wx-org1.chainmaker.org/ledgerData1 # 最小的不允许归档的区块高度 unarchive_block_height: 300000 blockdb_config: provider: leveldb leveldb_config: store_path: ../data/wx-org1.chainmaker.org/blocks statedb_config: provider: leveldb # leveldb/sql 二选一 leveldb_config: # leveldb config store_path: ../data/wx-org1.chainmaker.org/state # sqldb_config: # sql config,只有provider为sql的时候才需要配置和启用这个配置 # sqldb_type: mysql #具体的sql db类型,目前支持mysql,sqlite # dsn: root:password@tcp(127.0.0.1:3306)/ #mysql的连接信息,包括用户名、密码、ip、port等,示例:root:admin@tcp(127.0.0.1:3306)/ historydb_config: provider: leveldb leveldb_config: store_path: ../data/wx-org1.chainmaker.org/history resultdb_config: provider: leveldb leveldb_config: store_path: ../data/wx-org1.chainmaker.org/result disable_contract_eventdb: true #是否禁止合约事件存储功能,默认为true,如果设置为false,需要配置mysql contract_eventdb_config: provider: sql #如果开启contract event db 功能,需要指定provider为sql sqldb_config: sqldb_type: mysql #contract event db 只支持mysql dsn: root:password@tcp(127.0.0.1:3306)/ #mysql的连接信息,包括用户名、密码、ip、port等,示例:root:admin@tcp(127.0.0.1:3306)/ core: evidence: false scheduler: rwset_log: false #whether log the txRWSet map in the debug mode
链启动
$ cd scripts $ ./build_release.sh $ ./cluster_quick_start.sh normal
查看进程是否存在
$ ps -ef|grep chainmaker | grep -v grep lxf 20816 1 8 15:34 pts/0 00:00:01 ./chainmaker start -c ../config/wx-org1.chainmaker.org/chainmaker.yml lxf 20835 1 8 15:34 pts/0 00:00:00 ./chainmaker start -c ../config/wx-org2.chainmaker.org/chainmaker.yml lxf 20855 1 9 15:34 pts/0 00:00:00 ./chainmaker start -c ../config/wx-org3.chainmaker.org/chainmaker.yml lxf 20874 1 10 15:34 pts/0 00:00:00 ./chainmaker start -c ../config/wx-org4.chainmaker.org/chainmaker.yml
查看端口是否监听
$ netstat -lptn | grep 1230 tcp6 0 0 :::12301 :::* LISTEN 20816/./chainmaker tcp6 0 0 :::12302 :::* LISTEN 20835/./chainmaker tcp6 0 0 :::12303 :::* LISTEN 20855/./chainmaker tcp6 0 0 :::12304 :::* LISTEN 20874/./chainmaker