本主题将在概念层面描述Hyperledger Fabric允许组织在区块链网络中合作。如果您是架构师、管理员或开发人员，可以使用本主题获取Fabric区块链网络主结构和处理组件的扎实理解。此主题将使用可管理的验证的示例来介绍区块链网络中所有主要组件。 在理解了这个例子之后，您可以阅读关于文中其他地方关于这些组件的更详细信息，或尝试构建示例网络。 阅读本主题并理解策略概念后，你将对组织为了在一个已部署的Fabirc网络建立策略所需要做出的决策有一个扎实的理解。你还将了解组织如何使用声明性策略来管理网络演进—这是Fabirc的一个关键特性。简而言之，您将了解Fabric的主要技术组件以及组织需要做出的决策。 区块链网络是给应用提供分类账和智能合约（链码）服务的技术基础设施。首要的是智能合约，用于生成随后分发到每个网络节点的事务，并由这些节点用自己的账本副本永久记录。应用程序的用户可能是使用客户端应用程序的最终用户或区块链网络管理员。 在大多数情况下，多个组织会以联合体形式出现以组成网络，它们的权限由一组策略决定，这些策略是网络最初配置时，由联合体通过的。此外，网络策略可以根据联合体中的组织的决议改变，我们在讨论修改政策时会提及。 开始之前，让我们展示一下我们的目标！这是一张展示样本网络的最终状态的图示。 这可能看起来有点复杂，别担心。在讨论这个话题过程中，我们将一步一步地建立网络，这样您就可以看到组织R1、R2、R3和R4为网络提供基础设施，以帮助形成网络。这个基础设施实现了区块链网络，并受组成网络的组织通过的策略控制——例如，谁可以添加新的组织。您将发现应用程序如何使用分类帐及区块链网络提供的智能合约服务。  R1、R2、R3和R4四个组织共同决定并写入决议以建立和利用一个Fabric网络。R4已被指派为网络发起者–它已被赋权配置网络的初始版本。R4不在网络上执行事务。R1和R2需要在网络中进行私密通信，R2和R3也是。组织R1有一个可以在通道C1内执行事务的客户端应用。组织R2有一个客户端应用可以在通道C1和C2中执行类似操作。 组织R3有一个可以在通道C2上执行此操作的客户端应用。节点P1维护与C1相关的分类帐L1的副本。节点P2维护与C1关联的分类帐L1的副本和与C2相关联的分类帐L2的副本。节点P3维护与C2关联的分类帐L2的副本。网络按照网络配置NC4中指定的策略规则，由组织R1和R4控制。通道C1按照在通道配置CC1中指定的策略规则运行，由组织R1和R2控制。通道C2按照在通道配置CC2中指定的策略规则运行，由组织R2和R3控制。有一个排序服务O4作为N个节点的网络管理点，并使用系统通道。排序服务还支持应用通道C1和C2，用于将事务排序进区块以分发。四个组织的每一个都有首选的证书颁发机构。 让我们从创建网络基础开始： 网络是在订购者启动时形成的。在我们的示例网络中，n，包含单个节点O4的订购服务根据网络配置NC4，赋予组织管理权限R4。在网络级别，证书颁发机构CA4用于分发R4组织的管理员和网络节点的标识。 我们可以看到定义一个N节点的网络的第一件事是排序服务，O4。把排序服务看作是网络的初始化管理要点是有助的。如前边约定，O4最初是由组织R4中的管理员配置和启动，并托管在R4。配置NC4包含描述网络管理功能的起始配置，在初始阶段只有R4具有权限。稍后这将改变，但现在R4是网络的唯一成员。 您还可以看到用于向管理员和网络节点颁发证书的证书颁发机构CA4。CA4在我们的网络中扮演关键角色，因为它分发用于认证隶属于R4的组件的X.509证书。CA颁发的证书也可用于签署交易以指示组织背书事务结果——这是它被接受到分类帐的前置条件。让我们更详细地研究一下CA的这两个方面。 首先，区块链网络的不同组件使用证书彼此证明自己来自同一个组织。这就是为什么通常区块链网络有多个CA的原因，不同的组织经常使用不同的CA。我们的网络将使用4个CA，每个组织一个。事实上，CA这么重要，所以Fabric提供了一个内置的(称为“Fabric CA”)CA以帮你推进，虽然实际情况下组织会使用他们自己的CA。 通过称为会员服务提供商(MSP)的服务将证书映射到成员组织。网络配置NC4使用命名的MSP来识别由关联到组织R4的CA4分配的证书的权限。然后，NC4可以在策略中使用该MSP名字来给R4的成员进行网络资源的授权。这种策略的一个例子是认证R4中可以向网络添加新成员组织的管理员。我们不会在这些图中显示MSP，因为它们会使图变混乱，但是它们非常重要。 其次，我们稍后将看到由CA颁发的证书是如何成为事务生成和验证过程的核心。具体来说，X.509证书用于客户端应用事务提案和智能合约事务响应数字签名事务。随后托管分类帐副本的网络节点在接受事务到分类帐之前验证事务签名是否有效。 让我们回顾一下我们的示例区块链网络的基本结构。有一个网络N的资源，被CA4定义的一组用户访问，其按网络配置NC4中包含的策略描述的拥有对网络N的资源的一组权限。所有这些当我们配置和启动排序服务节点O4时成为现实。 NC4初始设置为仅允许R4用户管理权限网络。在下一阶段，我们将允许组织R1的用户管理网络。让我们看看网络是如何发展的： 组织R4更新网络配置，使组织R1也成为管理员。在此之后，R1和R4对网络配置具有等同权限。 我们看到添加新组织R1作为管理员–R1和R4现在在网络上拥有等同的权限。我们还将看到添加CA1—它可以用来从组织R1中识别用户。在此之后，来自R1和R4的用户都可以管理网络。 Although the orderer node, O4, is running on R4’s infrastructure, R1 has shared administrative rights over it, as long as it can gain network access. It means that R1 or R4 could update the network configuration NC4 to allow the R2 organization a subset of network operations. In this way, even though R4 is running the ordering service, and R1 has full administrative rights over it, R2 has limited rights to create new consortia. 尽管排序节点O4运行在R4的基础结构上，但R1只要具有网络访问权就可以共享对它的管理权。它意味着R1或R4可以更新网络配置NC4以给R2组织网络操作子集。这样，虽然R4运行排序服务，并且R1对其具有完全的管理权限，R2拥有创建新联盟的受限权限。 In its simplest form, the ordering service is a single node in the network, and that’s what you can see in the example. Ordering services are usually multi-node, and can be configured to have different nodes in different organizations. For example, we might run O4 in R4 and connect it to O2, a separate orderer node in organization R1. In this way, we would have a multi-site, multi-organization administration structure. 排序服务的最简单形式是网络中的单个节点，也是在示例中看到的情况。排序服务通常是多节点的，并且可以配置为在不同的组织中具有不同的节点。例如，我们可以在R4中运行O4并将其连接到O2，组织R1中单独运行排序节点。这样，我们就有了多站点、多组织的管理结构。 We’ll discuss the ordering service a little more later in this topic, but for now just think of the ordering service as an administration point which provides different organizations controlled access to the network. 稍后会多讨论排序服务，但现在只需将订购服务视为控制不同组织访问网络的管理节点。 Defining a Consortium Although the network can now be administered by R1 and R4, there is very little that can be done. The first thing we need to do is define a consortium. This word literally means “a group with a shared destiny”, so it’s an appropriate choice for a set of organizations in a blockchain network. Let’s see how a consortium is defined: 尽管网络现在可以由R1和R4管理，但是很少有这是可以做到的。我们需要做的第一件事就是定义一个联合体。这个字面意思是“有共同命运的群体”，所以这是一个适当的区块链网络中一组组织的选择。 让我们看看联合体是如何定义的： A network administrator defines a consortium X1 that contains two members, the organizations R1 and R2. This consortium definition is stored in the network configuration NC4, and will be used at the next stage of network development. CA1 and CA2 are the respective Certificate Authorities for these organizations. 网络管理员定义一个包含两个成员组织R1和R2的联合体X1。此联合体的定义存储在网络配置NC4中，将在网络的下一发展阶段中用到。CA1和CA2是这些组织各自的证书颁发机构 Because of the way NC4 is configured, only R1 or R4 can create new consortia. This diagram shows the addition of a new consortium, X1, which defines R1 and R2 as its constituting organizations. We can also see that CA2 has been added to identify users from R2. Note that a consortium can have any number of organizational members – we have just shown two as it is the simplest configuration. 按照NC4的配置方式，只有R1或R4可以创建新的联合体。此图显示添加了一个新的联合体X1，它定义了R1和R2为其组织机构。我们还可以看到CA2已经被添加用于从R2中识别用户。请注意联合体可以有任意数量的组织成员—我们刚刚展示了极简配置的两个成员。 Why are consortia important? We can see that a consortium defines the set of organizations in the network who share a need to transact with one another – in this case R1 and R2. It really makes sense to group organizations together if they have a common goal, and that’s exactly what’s happening. 为什么联合体很重要？我们可以看到一个联合体定义了网络中相互共享事务需求的组织–在这种情况下是R1和R2。这对于把拥有共同目标的组织进行分组很重要，这也是正在发生的事情。 The network, although started by a single organization, is now controlled by a larger set of organizations. We could have started it this way, with R1, R2 and R4 having shared control, but this build up makes it easier to understand. 网络虽然由单一组织启动，但现在由更大的组织控制。我们可以这样开始，让R1，R2和R4拥有共享的控制权，但是这种构建使得理解起来更容易。 We’re now going to use consortium X1 to create a really important part of a Hyperledger Fabric blockchain – a channel. 我们现在将使用联合体X1来创建Fabric区块链的重要部分—通道。 Creating a channel for a consortium So let’s create this key part of the Fabric blockchain network – a channel. A channel is a primary communications mechanism by which the members of a consortium can communicate with each other. There can be multiple channels in a network, but for now, we’ll start with one. 因此，让我们创建这个结构区块链网络的关键部分——a channel。信道是一种主要的通信机制，通过它，联合体可以相互沟通。在一个网络，但现在，我们将从一开始。 Let’s see how the first channel has been added to the network: A channel C1 has been created for R1 and R2 using the consortium definition X1. The channel is governed by a channel configuration CC1, completely separate to the network configuration. CC1 is managed by R1 and R2 who have equal rights over C1. R4 has no rights in CC1 whatsoever. 让我们看看第一个频道是如何添加到网络的： 已使用联合体定义X1为R1和R2创建了通道C1。通道由通道配置CC1控制，完全独立于网络配置。CC1由对C1具有同等权利的R1和R2管理。R4则对CC1没有任何权利。 The channel C1 provides a private communications mechanism for the consortium X1. We can see channel C1 has been connected to the ordering service O4 but that nothing else is attached to it. In the next stage of network development, we’re going to connect components such as client applications and peer nodes. But at this point, a channel represents the potential for future connectivity. 通道C1为联合体提供了一个私密通信机制X1.我们可以看到通道C1已经连接到排序服务O4，但是除此之外没有附加其他东西。在网络发展的下一个阶段，我们将连接客户端应用和节点等组件。但在此时，通道展示了未来连接的潜力。 Even though channel C1 is a part of the network N, it is quite distinguishable from it. Also notice that organizations R3 and R4 are not in this channel – it is for transaction processing between R1 and R2. In the previous step, we saw how R4 could grant R1 permission to create new consortia. It’s helpful to mention that R4 also allowed R1 to create channels! In this diagram, it could have been organization R1 or R4 who created a channel C1. Again, note that a channel can have any number of organizations connected to it – we’ve shown two as it’s the simplest configuration. 尽管通道C1是网络N的一部分，但它还是很容易识别的。还要注意，组织R3和R4不在这个通道中—它是用于R1和R2之间的事务处理的。在前面的步骤中，我们看到R4如何授予R1创建新联合体的权限。注意到R4也允许R1创建通道是有帮助的。在这个图中，可能是创建通道C1的组织R1或R4。另外，注意可以有任意数量的组织连接到一个通道—我们已经展示了最简单的配置的两个。 Again, notice how channel C1 has a completely separate configuration, CC1, to the network configuration NC4. CC1 contains the policies that govern the rights that R1 and R2 have over the channel C1 – and as we’ve seen, R3 and R4 have no permissions in this channel. R3 and R4 can only interact with C1 if they are added by R1 or R2 to the appropriate policy in the channel configuration CC1. An example is defining who can add a new organization to the channel. Specifically, note that R4 cannot add itself to the channel C1 – it must, and can only, be authorized by R1 or R2. 同样，请注意通道C1如何具有完全独立于网络配置NC4的配置CC1。CC1包含管理R1和R2对通道C1权利的策略，正如我们所见，R3和R4在此通道中没有权限。R3和R4只能与C1交互，如果按照通道配置CC1的相应策略添加到通道中。例如，定义谁可以添加新组织到通道。具体地说，请注意，R4不能将自己添加到通道C1中–它必须且只能由R1或R2授权。 Why are channels so important? Channels are useful because they provide a mechanism for private communications and private data between the members of a consortium. Channels provide privacy from other channels, and from the network. Hyperledger Fabric is powerful in this regard, as it allows organizations to share infrastructure and keep it private at the same time. There’s no contradiction here – different consortia within the network will have a need for different information and processes to be appropriately shared, and channels provide an efficient mechanism to do this. Channels provide an efficient sharing of infrastructure while maintaining data and communications privacy. 为什么通道如此重要？通道有用是因为它们提供了共同体成员之间的私密通道和私密数据机制。通道提供其他通道和网络之外的私密性。Fabric在这方面很强大，它允许组织在共享基础设施的同时保持私密性。这二者不矛盾，网络中不同的共同体需要适当共享不同的信息和流程，通道提供了有效的机制来实现这一点。通道使得基础设施高效共享，同时保持数据和通信私密性。 We can also see that once a channel has been created, it is in a very real sense “free from the network”. It is only organizations that are explicitly specified in a channel configuration that have any control over it, from this time forward into the future. Likewise, any updates to network configuration NC4 from this time onwards will have no direct effect on channel configuration CC1; for example if consortia definition X1 is changed, it will not affect the members of channel C1. Channels are therefore useful because they allow private communications between the organizations constituting the channel. Moreover, the data in a channel is completely isolated from the rest of the network, including other channels. 我们还可以看到，一旦创建了一个通道，它就“独立于网络”。从现在到未来，只有通道配置中明确指定的组织对其具有控制权。同样，网络配置NC4的任何更新在未来时间内都不会直接影响通道配置CC1；例如，如果更改了联合体定义X1，它不会影响通道C1的成员。通道是有用的因为它们允许通道组成组织之间的私密通信。此外，通道中的数据与网络的其他部分完全隔离，包括其他通道。 As an aside, there is also a special system channel defined for use by the ordering service. It behaves in exactly the same way as a regular channel, which are sometimes called application channels for this reason. We don’t normally need to worry about this channel, but we’ll discuss a little bit more about it later in this topic. 除此之外，还有一个专门的由排序服务使用的系统通道。它的运行方式与普通通道完全相同，因此有时称为应用通道。我们不用关心这个通道，但我们会在本主题后面继续讨论它。 Peers and Ledgers Let’s now start to use the channel to connect the blockchain network and the organizational components together. In the next stage of network development, we can see that our network N has just acquired two new components, namely a peer node P1 and a ledger instance, L1. 现在我们开始使用通道连接区块链网络和组织组件。在网络发展的下一阶段，我们可以看出，我们的网络N刚刚获得了两个新组件，即对等组件节点P1和分类帐实例L1。 A peer node P1 has joined the channel C1. P1 physically hosts a copy of the ledger L1. P1 and O4 can communicate with each other using channel C1. Peer nodes are the network components where copies of the blockchain ledger are hosted! At last, we’re starting to see some recognizable blockchain components! P1’s purpose in the network is purely to host a copy of the ledger L1 for others to access. We can think of L1 as being physically hosted on P1, but logically hosted on the channel C1. We’ll see this idea more clearly when we add more peers to the channel. 对等节点P1已加入通道C1。P1物理承载分类帐L1。P1和O4可以通过通道C1相互通信。 节点是托管区块链分类账副本的网络组件。最后，我们开始看到一些可识别的区块链组件。P1在网络中的目的纯粹是托管一份分类账L1的副本供其他人访问。我们可以把L1看作在P1上被物理托管，但逻辑托管在通道C1上。当我们向通道添加更多节点时这一点会更清楚。 A key part of a P1’s configuration is an X.509 identity issued by CA1 which associates P1 with organization R1. Once P1 is started, it can join channel C1 using the orderer O4. When O4 receives this join request, it uses the channel configuration CC1 to determine P1’s permissions on this channel. For example, CC1 determines whether P1 can read and/or write information to the ledger L1. P1配置的一个关键部分是由CA1发布的X.509标识，该标识关联了P1与组织R1。一旦P1启动，它就可以使用排序服务O4加入通道C1。当O4收到这个连接请求时，它使用通道配置CC1以确定P1对此通道的权限。例如，CC1确定P1是否可以读取和/或将信息写入分类账L1。 Notice how peers are joined to channels by the organizations that own them, and though we’ve only added one peer, we’ll see how there can be multiple peer nodes on multiple channels within the network. We’ll see the different roles that peers can take on a little later. 注意节点如何加入组织拥有的通道，虽然我们只添加了一个节点，但网络中多个通道上可以有多个节点。后边我们会看到节点获取不同角色。 Applications and Smart Contract chaincode Now that the channel C1 has a ledger on it, we can start connecting client applications to consume some of the services provided by workhorse of the ledger, the peer! Notice how the network has grown: 既然通道C1上有一个分类账，我们就可以开始连接客户端应用来消费账本提供的服务了。 注意网络的发展： A smart contract S5 has been installed onto P1. Client application A1 in organization R1 can use S5 to access the ledger via peer node P1. A1, P1 and O4 are all joined to channel C1, i.e. they can all make use of the communication facilities provided by that channel. 智能合约S5已安装到P1上。组织R1的客户端应用程序A1可以使用S5通过对等节点P1访问分类账。A1、P1和O4都连接到通道C1，即它们都可以利用该通道提供的通信设施。 In the next stage of network development, we can see that client application A1 can use channel C1 to connect to specific network resources – in this case A1 can connect to both peer node P1 and orderer node O4. Again, see how channels are central to the communication between network and organization components. Just like peers and orderers, a client application will have an identity that associates it with an organization. In our example, client application A1 is associated with organization R1; and although it is outside the Fabric blockchain network, it is connected to it via the channel C1. 在网络发展的下一个阶段，我们可以看到客户机应用程序A1可以使用通道C1连接到特定的网络资源—在本例中A1可以连接到节点P1和排序节点O4。再来一次，看看频道是网络和组织组件之间通信的中心。与同行和订购者一样，客户端应用程序的标识将其与组织关联。在我们的示例中，客户端应用程序A1是与组织R1相关；尽管它在结构之外区块链网络，通过渠道C1与之相连。 It might now appear that A1 can access the ledger L1 directly via P1, but in fact, all access is managed via a special program called a smart contract chaincode, S5. Think of S5 as defining all the common access patterns to the ledger; S5 provides a well-defined set of ways by which the ledger L1 can be queried or updated. In short, client application A1 has to go through smart contract S5 to get to ledger L1! 现在看来，A1可以通过P1直接访问分类账L1，但在事实上，所有访问都是通过一个称为智能合约的特殊程序进行管理的链表，S5。将s5视为定义分类帐；S5提供了一套定义明确的分类帐L1可以使用的方法被查询或更新。简而言之，客户端应用程序A1必须经过智能合同S5到分类帐L1！ Smart contract chaincodes can be created by application developers in each organization to implement a business process shared by the consortium members. Smart contracts are used to help generate transactions which can be subsequently distributed to the every node in the network. We’ll discuss this idea a little later; it’ll be easier to understand when the network is bigger. For now, the important thing to understand is that to get to this point two operations must have been performed on the smart contract; it must have been installed, and then instantiated. 智能合约链代码可以由应用程序开发人员在每个实施联合体成员共享的业务流程的组织。智能合约用于帮助生成可随后分发到网络中的每个节点。我们会讨论一下这个想法以后，当网络更大时，就更容易理解了。现在，重要的是要理解的是，要达到这一点，两个操作必须已在智能合约上执行；它必须已安装，并且然后实例化。 Installing a smart contract After a smart contract S5 has been developed, an administrator in organization R1 must install it onto peer node P1. This is a straightforward operation; after it has occurred, P1 has full knowledge of S5. Specifically, P1 can see the implementation logic of S5 – the program code that it uses to access the ledger L1. We contrast this to the S5 interface which merely describes the inputs and outputs of S5, without regard to its implementation. 智能合约S5开发完成后，组织中的管理员R1必须把它安装到节点P1上。这是一个简单操作；之后，P1完全了解S5。具体来说，P1可以看到S5的实现逻辑—用于访问分类帐L1的代码。与之相比，S5的接口只描述了S5的输入和输出，而不考虑其实现。 When an organization has multiple peers in a channel, it can choose the peers upon which it installs smart contracts; it does not need to install a smart contract on every peer. 当一个组织在一个通道中有多个节点时，它可以选择安装智能合约的节点；不需要在每一个节点上安装智能合约。 Instantiating a smart contract However, just because P1 has installed S5, the other components connected to channel C1 are unaware of it; it must first be instantiated on channel C1. In our example, which only has a single peer node P1, an administrator in organization R1 must instantiate S5 on channel C1 using P1. After instantiation, every component on channel C1 is aware of the existence of S5; and in our example it means that S5 can now be invoked by client application A1! 然而，因为P1安装了S5，但其他连接到通道C1的组件并不知道；必须首先在通道C1上实例化S5。在我们的例子中，只有一个对等节点P1，组织R1中的管理员必须使用P1在通道C1上实例化S5。在实例化之后，每个通道C1上的组件都知晓S5的存在；在我们的示例中，它意味着S5现在可以由客户端应用A1调用了！ Note that although every component on the channel can now access S5, they are not able to see its program logic. This remains private to those nodes who have installed it; in our example that means P1. Conceptually this means that it’s the smart contract interface that is instantiated, in contrast to the smart contract implementation that is installed. To reinforce this idea; installing a smart contract shows how we think of it being physically hosted on a peer, whereas instantiating a smart contract shows how we consider it logically hosted by the channel. 请注意，虽然通道上的每个组件现在都可以访问S5，但它们看不到它的代码逻辑。对于那些安装了S5的节点保持私密，在我们的示例中即P1。从概念上来说，这是与安装智能合约实现相对的智能合约接口实例化。进一步解释，安装智能合约展示了我们如何看待它在节点上被物理托管，而实例化智能合约则是逻辑上由通道托管。 译注： 这个地方有点拗口，可以理解为P1的两个身份，一个是智能合约的物理托管的角色，另一个是作为通道C1的一个节点，二者看到的智能合约的内容是不一样的。前者可以看到实现代码，后者只能看到接口。 Endorsement policy The most important piece of additional information supplied at instantiation is an endorsement policy. It describes which organizations must approve transactions before they will be accepted by other organizations onto their copy of the ledger. In our sample network, transactions can be only be accepted onto ledger L1 if R1 or R2 endorse them. 在实例化时提供的最重要的附加信息是背书策略。它描述了组织必须先批准交易，然后才能被其他组织接受并放在其分类帐副本上。在我们的示例网络中，事务只有在R1或R2背书的情况下，才能被分类账L1接受。 The act of instantiation places the endorsement policy in channel configuration CC1; it enables it to be accessed by any member of the channel. You can read more about endorsement policies in the transaction flow topic. 实例化操作将背书策略置于通道配置CC1中，允许通道的任何成员访问。你可以阅读更多关于事务流主题的内容。 Invoking a smart contract Once a smart contract has been installed on a peer node and instantiated on a channel it can be invoked by a client application. Client applications do this by sending transaction proposals to peers owned by the organizations specified by the smart contract endorsement policy. The transaction proposal serves as input to the smart contract, which uses it to generate an endorsed transaction response, which is returned by the peer node to the client application. 一旦智能合约安装在节点上并在一个通道中实例化，它就可以被客户端应用触发。客户端应用通过将事务提案发送给智能合约背书政策指定的组织所拥有的节点。这个交易提案作为智能合约的输入，用来生成一个已背书的事务响应，该响应由节点返回到客户端应用。 It’s these transactions responses that are packaged together with the transaction proposal to form a fully endorsed transaction, which can be distributed to the entire network. We’ll look at this in more detail later For now, it’s enough to understand how applications invoke smart contracts to generate endorsed transactions. 事务响应与交易提案打包构成完全背书的事务，并分发到整个网络。稍后我们将详细介绍。现在已足以理解应用如何触发智能合约生成已背书的事务记录。 By this stage in network development we can see that organization R1 is fully participating in the network. Its applications – starting with A1 – can access the ledger L1 via smart contract S5, to generate transactions that will be endorsed by R1, and therefore accepted onto the ledger because they conform to the endorsement policy. 在网络开发的这个阶段，我们可以看到组织R1参与了网络的各个方面。它的应用—从A1开始—可以访问通过智能合约S5生成的分类账L1，创建由由R1背书的事务，因其符合背书政策被分类账接受。 Network completed Recall that our objective was to create a channel for consortium X1 – organizations R1 and R2. This next phase of network development sees organization R2 add its infrastructure to the network. Let’s see how the network has evolved: 回想一下，我们的目标是为联合体X1–包括组织R1和R2，创建一个通道。网络开发的下一个阶段是将组织R2及其基础架构添加到网络中。 让我们看看网络是如何发展的： The network has grown through the addition of infrastructure from organization R2. Specifically, R2 has added peer node P2, which hosts a copy of ledger L1, and chaincode S5. P2 has also joined channel C1, as has application A2. A2 and P2 are identified using certificates from CA2. All of this means that both applications A1 and A2 can invoke S5 on C1 either using peer node P1 or P2. *网络随着添加组织R2而增长。具体来说，R2添加了对等节点P2，它托管一份分类帐L1的副本和链码S5。P2和A2也加入了通道C1。A2和P2通过CA2认证。所有这些都意味着应用程序A1和A2都可以使用节点P1或P2在C1上调用S5＊ We can see that organization R2 has added a peer node, P2, on channel C1. P2 also hosts a copy of the ledger L1 and smart contract S5. We can see that R2 has also added client application A2 which can connect to the network via channel C1. To achieve this, an administrator in organization R2 has created peer node P2 and joined it to channel C1, in the same way as an administrator in R1. 我们可以看到组织R2在通道C1上添加了一个节点P2。P2还托管了分类帐L1的一个副本和智能合约S5。我们可以看到R2还增加了客户端应用A2，它可以通过通道C1连接到网络。为此，组织R2的管理员已创建节点P2并将其连接到通道C1，方式与R1中的管理员相同。 We have created our first operational network! At this stage in network development, we have a channel in which organizations R1 and R2 can fully transact with each other. Specifically, this means that applications A1 and A2 can generate transactions using smart contract S5 and ledger L1 on channel C1. 现在我们已经创建了第一个运营网络！网络发展到这个阶段，我们有一个组织R1和R2充分利用并互相交易的通道。具体来说，这意味着应用程序A1和A2可以使用渠道C1上的智能合约S5和分类账L1创建事务。 Generating and accepting transactions In contrast to peer nodes, which always host a copy of the ledger, we see that there are two different kinds of peer nodes; those which host smart contracts and those which do not. In our network, every peer hosts a copy of the smart contract, but in larger networks, there will be many more peer nodes that do not host a copy of the smart contract. A peer can only run a smart contract if it is installed on it, but it can know about the interface of a smart contract by being connected to a channel. 与通常承载分类账副本的节点不同，我们看到有两种不同类型的节点：托管或不托管智能合约的节点。在我们的网络中，每一个节点都托管一个智能合约的副本，但是在更大的网络中，会有很多的节点不托管智能合约的副本。一个节点只能运行安装在其上的智能合约，但是通过连接到通道，节点可以知道智能合约的接口。 You should not think of peer nodes which do not have smart contracts installed as being somehow inferior. It’s more the case that peer nodes with smart contracts have a special power – to help generate transactions. Note that all peer nodes can validate and subsequently accept or reject transactions onto their copy of the ledger L1. However, only peer nodes with a smart contract installed can take part in the process of transaction endorsement which is central to the generation of valid transactions. 作为次要节点，你不需要考虑没有安装智能合约的节点。更重要的是具有智能合约的节点，其拥有特殊能力—帮助生成事务。注意所有节点都可以验证，然后接受或拒绝事务并记录到自己的分类帐L1的副本上。但是，只有安装了智能合约的节点可以参与事务背书过程，这是生成有效交易的核心。 We don’t need to worry about the exact details of how transactions are generated, distributed and accepted in this topic – it is sufficient to understand that we have a blockchain network where organizations R1 and R2 can share information and processes as ledger-captured transactions. We’ll learn a lot more about transactions, ledgers, smart contracts in other topics. 我们不必关心本主题中事务生成、分发和接受的具体细节—本节内容已足够理解我们有一个区块链网络，其中组织R1和R2可以共享以分类帐捕获的事务存在的信息和流程。我们将在其他主题中学习更多关于交易、分类账、智能合约的信息。 Types of peers In Hyperledger Fabric, while all peers are the same, they can assume multiple roles depending on how the network is configured. We now have enough understanding of a typical network topology to describe these roles. 在Hyperledger Fabric中，虽然所有节点都相同，但它们仍可基于网络的配置方式具有多个角色。我们现在已足够了解典型的网络拓扑以描述这些角色。 Committing peer. Every peer node in a channel is a committing peer. It receives blocks of generated transactions, which are subsequently validated before they are committed to the peer node’s copy of the ledger as an append operation. *提交节点。通道中的每个节点都是一个提交节点。它接收包含已生成的事务的区块，在提交给每个节点的分类账副本进行追加之前，这些区块被顺序验证。 Endorsing peer. Every peer with a smart contract can be an endorsing peer if it has a smart contract installed. However, to actually be an endorsing peer, the smart contract on the peer must be used by a client application to generate a digitally signed transaction response. The term endorsing peer is an explicit reference to this fact. 背书节点。每一个有智能合约的节点可以成为背书节点。然而，要真正成为一个背书节点，节点上的智能合约必须由客户端应用使用以生成数字签名事务响应。术语背书节点*指的是这个事情。 An endorsement policy for a smart contract identifies the organizations whose peer should digitally sign a generated transaction before it can be accepted onto a committing peer’s copy of the ledger. 智能合约的背书策略可以在事务被接受到提交节点的分类账副本之前，识别出需要其节点对生成的事务进行数字签名的组织。 These are the two major types of peer; there are two other roles a peer can adopt: 这是两种主要的节点类型，节点还可以适配其他两种其他角色： Leader peer. When an organization has multiple peers in a channel, a leader peer is a node which takes responsibility for distributing transactions from the orderer to the other committing peers in the organization. A peer can choose to participate in static or dynamic leadership selection. *[领导者节点]（https://hyperledger-fabric.readthedocs.io/en/release-1.4//glossary.html#leading-peer）。当一个组织在一个通道中有多个节点，一个领领导者节点负责将事务从排序节点分发到组织中其他提交节点。节点可以选择静态或动态参与领导者选举。 It is helpful, therefore to think of two sets of peers from leadership perspective – those that have static leader selection, and those with dynamic leader selection. For the static set, zero or more peers can be configured as leaders. For the dynamic set, one peer will be elected leader by the set. Moreover, in the dynamic set, if a leader peer fails, then the remaining peers will re-elect a leader. 因此，从领导层的角度考虑，把节点分为两组是有用的。有静态领导者选举的，及动态领导者选举的。对于静态的一组，零个或多个对等点被配置为领导者。对于动态的一组，组内选出一个领导者。此外，在动态集合中，如果一个领导者故障，那么剩下的节点将重新选举一个领导节点。 It means that an organization’s peers can have one or more leaders connected to the ordering service. This can help to improve resilience and scalability in large networks which process high volumes of transactions. 这意味着一个组织的节点可以有一个或多个领导者节点连接到排序服务。这有助于提高处理大量事务的大型网络的弹性和可扩展性。 Anchor peer. If a peer needs to communicate with a peer in another organization, then it can use one of the anchor peers defined in the channel configuration for that organization. An organization can have zero or more anchor peers defined for it, and an anchor peer can help with many different cross-organization communication scenarios. *锚节点。如果节点需要与另一个组织中的节点通信，它可以使用通道配置中为该组织定义的锚节点。一个组织可以为此其定义零个或多个锚节点，它在许多不同的跨组织通信场景中有用。 Note that a peer can be a committing peer, endorsing peer, leader peer and anchor peer all at the same time! Only the anchor peer is optional – for all practical purposes there will always be a leader peer and at least one endorsing peer and at least one committing peer. 注意节点可以同时是提交节点、背书节点、领导节点和锚节点！只有锚节点是可选的—所有实际情况下必须有一个领导者节点和至少一个背书节点和提交节点。 Install not instantiate In a similar way to organization R1, organization R2 must install smart contract S5 onto its peer node, P2. That’s obvious – if applications A1 or A2 wish to use S5 on peer node P2 to generate transactions, it must first be present; installation is the mechanism by which this happens. At this point, peer node P2 has a physical copy of the smart contract and the ledger; like P1, it can both generate and accept transactions onto its copy of ledger L1. 与组织R1类似，组织R2必须安装智能合约S5到其节点P2上。很明显，如果应用A1或A2希望在对等节点P2上使用S5生成事务，它首先必须存在在那。安装是这些情况发生的机制。此时，节点P2具备了智能合约和分类帐的物理副本；与P1一样，它可以生成和接受事务到其分类帐L1的副本上。 However, in contrast to organization R1, organization R2 does not need to instantiate smart contract S5 on channel C1. That’s because S5 has already been instantiated on the channel by organization R1. Instantiation only needs to happen once; any peer which subsequently joins the channel knows that smart contract S5 is available to the channel. This fact reflects the fact that ledger L1 and smart contract really exist in a physical manner on the peer nodes, and a logical manner on the channel; R2 is merely adding another physical instance of L1 and S5 to the network. 但是，与组织R1相比，组织R2不需要在通道C1上实例化智能合约S5。因为S5已经由组织R1在通道上实例化。实例化只需要发生一次，任何随后加入通道的节点都知道智能合约S5在通道上可用。这个事实反映了这样一个事实：分类帐L1和智能合约确实以物理方式存在于节点上，并且逻辑的存在在通道上。R2只是添加另一个物理的实例L1和S5到网络。 In our network, we can see that channel C1 connects two client applications, two peer nodes and an ordering service. Since there is only one channel, there is only one logical ledger with which these components interact. Peer nodes P1 and P2 have identical copies of ledger L1. Copies of smart contract S5 will usually be identically implemented using the same programming language, but if not, they must be semantically equivalent. 在我们的网络中，我们可以看到通道C1连接两个客户端应用，两个节点和一个排序服务。因为只有一个通道，就只有一个逻辑的分类帐供这些组件交互使用。节点P1和P2拥有相同的分类账L1的副本。智能合约S5的副本通常使用相同的编程语言实现，即便不是，它们也必须在语义上等价。 We can see that the careful addition of peers to the network can help support increased throughput, stability, and resilience. For example, more peers in a network will allow more applications to connect to it; and multiple peers in an organization will provide extra resilience in the case of planned or unplanned outages. 我们可以看到，小心地在网络中添加节点有助于提高吞吐量、稳定性和弹性。例如，在网络将允许更多的应用连接到它；组织中的多个节点将在计划内或计划外的停机情况下提供额外的弹性。 It all means that it is possible to configure sophisticated topologies which support a variety of operational goals – there is no theoretical limit to how big a network can get. Moreover, the technical mechanism by which peers within an individual organization efficiently discover and communicate with each other – the gossip protocol – will accommodate a large number of peer nodes in support of such topologies. 这意味着可以配置复杂的拓扑结构以支持各种运营目标，理论上网络大到什么程度没有限制。此外，一个独立组织中的节点间的高效发现和通讯技术机制–Gossip 协议–将容纳支持这种拓扑结构的大量节点。 The careful use of network and channel policies allow even large networks to be well-governed. Organizations are free to add peer nodes to the network so long as they conform to the policies agreed by the network. Network and channel policies create the balance between autonomy and control which characterizes a de-centralized network. 谨慎使用网络和通道策略可以管理好大型网络。组织可以自由地将遵循网络已达成的策略的节点添加到网络中。网络和通道策略创造了自治和控制之间的平衡，这也是去中心化网络的特征。 Simplifying the visual vocabulary We’re now going to simplify the visual vocabulary used to represent our sample blockchain network. As the size of the network grows, the lines initially used to help us understand channels will become cumbersome. Imagine how complicated our diagram would be if we added another peer or client application, or another channel? 我们现在将简化用于表示示例区块链网络的可视词汇表。随着网络规模的增长，最初帮助我们理解通道的连线将显得繁琐。想象一下，如果我们添加另一个节点或客户端应用，或者另一个频道，图像将变得多复杂？ That’s what we’re going to do in a minute, so before we do, let’s simplify the visual vocabulary. Here’s a simplified representation of the network we’ve developed so far: 这就是我们马上要做的，在做之前，让我们先简化视觉词汇。以下是迄今为止我们开发的网络的简化表示： The diagram shows the facts relating to channel C1 in the network N as follows: Client applications A1 and A2 can use channel C1 for communication with peers P1 and P2, and orderer O4. Peer nodes P1 and P2 can use the communication services of channel C1. Ordering service O4 can make use of the communication services of channel C1. Channel configuration CC1 applies to channel C1. 图中显示了与网络N中通道C1相关的如下事实：客户端应用程序A1和A2可以使用通道C1与节点P1和P2以及排序节点O4通信。节点P1和P2可以使用通道C1的通信服务。排序服务O4可以利用通道C1的服务。通道配置CC1适用于通道C1. Note that the network diagram has been simplified by replacing channel lines with connection points, shown as blue circles which include the channel number. No information has been lost. This representation is more scalable because it eliminates crossing lines. This allows us to more clearly represent larger networks. We’ve achieved this simplification by focusing on the connection points between components and a channel, rather than the channel itself. 注意网络图已通过替换通道线为蓝色圆圈所示的连接点简化，其中包括通道编号，没有丢失任何信息。这种表示方式更具可扩展性，因为它消除了交叉线。这使我们能够更清楚地代表更大的网络。我们通过关注组件和通道之间的连接点而不是通道本身来达到简化的目的。 Adding another consortium definition In this next phase of network development, we introduce organization R3. We’re going to give organizations R2 and R3 a separate application channel which allows them to transact with each other. This application channel will be completely separate to that previously defined, so that R2 and R3 transactions can be kept private to them. 在网络开发的下一个阶段，我们将介绍引入组织R3。我们将为组织R2和R3提供一个单独的应用通道，允许他们彼此交易。该应用通道将完全独立于先前定义的通道，因此R2和R3的事务可以对外保密。 Let’s return to the network level and define a new consortium, X2, for R2 and R3: 让我们回到网络级别来为R2和R3定义一个新的组合体X2： A network administrator from organization R1 or R4 has added a new consortium definition, X2, which includes organizations R2 and R3. This will be used to define a new channel for X2. 来自组织R1或R4的网络管理员添加了一个新的联合体定义，X2，包括组织R2和R3。这将用于为X2定义新通道。 Notice that the network now has two consortia defined: X1 for organizations R1 and R2 and X2 for organizations R2 and R3. Consortium X2 has been introduced in order to be able to create a new channel for R2 and R3. 注意，网络现在定义了两个联合体：R1和R2的组合体X1，R2和R3的组合体X2。引入联合体X2以能够为R2和R3创建新通道。 A new channel can only be created by those organizations specifically identified in the network configuration policy, NC4, as having the appropriate rights to do so, i.e. R1 or R4. This is an example of a policy which separates organizations that can manage resources at the network level versus those who can manage resources at the channel level. Seeing these policies at work helps us understand why Hyperledger Fabric has a sophisticated tiered policy structure. 只有网络配置策略NC4中定义的特定组织才能创建新的通道，如R1或R4即具有此权限。这是一个分离组织的策略示例，它把可以在网络级别和通道级别管理资源的组织分离开。在工作中看到这些策略有助于我们了解为什么Hyperledger Fabric具有复杂的分层策略结构。 In practice, consortium definition X2 has been added to the network configuration NC4. We discuss the exact mechanics of this operation elsewhere in the documentation. 实际上，联合体定义X2已添加到网络配置NC4中。我们会在文档其他地方讨论这个操作的确切机制。 Adding a new channel Let’s now use this new consortium definition, X2, to create a new channel, C2. To help reinforce your understanding of the simpler channel notation, we’ve used both visual styles – channel C1 is represented with blue circular end points, whereas channel C2 is represented with red connecting lines: 现在让我们使用新的联合体定义X2来创建一个新的通道C2。为了帮助您更好地理解简化的通道符号，我们使用了两种视觉样式—通道C1用蓝色圆形端点表示，而通道C2用红色连接线表示： A new channel C2 has been created for R2 and R3 using consortium definition X2. The channel has a channel configuration CC2, completely separate to the network configuration NC4, and the channel configuration CC1. Channel C2 is managed by R2 and R3 who have equal rights over C2 as defined by a policy in CC2. R1 and R4 have no rights defined in CC2 whatsoever. 已使用联合体定义X2为R2和R3创建了新的通道C2。通道具有完全独立于网络配置NC4和通道配置CC1的通道配置CC2。按照CC2策略的定义，通道C2由对C2拥有同等权限的R2和R3管理，CC2中R1和R4没有任何权限。 The channel C2 provides a private communications mechanism for the consortium X2. Again, notice how organizations united in a consortium are what form channels. The channel configuration CC2 now contains the policies that govern channel resources, assigning management rights to organizations R2 and R3 over channel C2. It is managed exclusively by R2 and R3; R1 and R4 have no power in channel C2. For example, channel configuration CC2 can subsequently be updated to add organizations to support network growth, but this can only be done by R2 or R3. 通道C2为联合体X2提供了一种私密通信机制。同样，请注意正是联合体中的组织组成了通道。通道配置CC2现在包含通道资源治理策略，通过通道C2授予R2和R3管理权限。R1和R4在通道C2没有权限。例如，随后可以更新通道配置CC2以添加组织来支持网络增长，但这只能由R2或R3完成。 Note how the channel configurations CC1 and CC2 remain completely separate from each other, and completely separate from the network configuration, NC4. Again we’re seeing the de-centralized nature of a Hyperledger Fabric network; once channel C2 has been created, it is managed by organizations R2 and R3 independently to other network elements. Channel policies always remain separate from each other and can only be changed by the organizations authorized to do so in the channel. 通道配置CC1和CC2保持完全分离，并和网络配置NC4完全分离。我们又看到了Fabric网络的去中心性质。一旦C2通道被创建，它由R2和R3独立于其他网络组件管理。通道策略永远保持各自分离，只有在通道中被授权的组织才能改变。 As the network and channels evolve, so will the network and channel configurations. There is a process by which this is accomplished in a controlled manner – involving configuration transactions which capture the change to these configurations. Every configuration change results in a new configuration block transaction being generated, and later in this topic, we’ll see how these blocks are validated and accepted to create updated network and channel configurations respectively. 网络和通道发展的同时，网络和通道配置也在发展。这是通过一个受控方式下实现的过程，涉及捕获这些配置变化的配置事务。每一个配置变化带来一个新的配置区块，本主题下文中将看到这些区块是如何被验证和接受，以相应地创建更新的网络和通道配置。 Network and channel configurations Throughout our sample network, we see the importance of network and channel configurations. These configurations are important because they encapsulate the policies agreed by the network members, which provide a shared reference for controlling access to network resources. Network and channel configurations also contain facts about the network and channel composition, such as the name of consortia and its organizations. 通过我们的示例网络，我们看到了网络和通道配置的重要性。这些配置的重要是因为它们封装了网络成员认同的策略，其共享了对网络资源的访问控制指南。网络和通道配置还包含了有关网络和通道组成的实际情况，例如共同体及其组织的名称。 For example, when the network is first formed using the ordering service node O4, its behaviour is governed by the network configuration NC4. The initial configuration of NC4 only contains policies that permit organization R4 to manage network resources. NC4 is subsequently updated to also allow R1 to manage network resources. Once this change is made, any administrator from organization R1 or R4 that connects to O4 will have network management rights because that is what the policy in the network configuration NC4 permits. Internally, each node in the ordering service records each channel in the network configuration, so that there is a record of each channel created, at the network level. 例如，当使用排序服务节点O4首次组成网络时，其行为由网络配置NC4控制。最初的NC4的配置仅包含允许组织R4管理网络资源的策略，随后NC4被更新以允许R1管理网络资源。更改一旦完成，来自组织R1或R4，并连接到O4的任何管理员都将具有网络管理权限，因为这是网络配置NC4中的策略所允许的。从内部看，在排序服务中的每个节点都记录网络配置中的每个通道，因此在网络级别上，每个通道的创建都有一个记录。 It means that although ordering service node O4 is the actor that created consortia X1 and X2 and channels C1 and C2, the intelligence of the network is contained in the network configuration NC4 that O4 is obeying. As long as O4 behaves as a good actor, and correctly implements the policies defined in NC4 whenever it is dealing with network resources, our network will behave as all organizations have agreed. In many ways NC4 can be considered more important than O4 because, ultimately, it controls network access. 这意味着尽管排序服务节点O4是创建联合体X1和X2以及通道C1和C2的主角，它也需要遵守包含在网络配置NC4中的网络的智能。只要O4动作规范，处理网络资源时正确执行NC4中定义的策略，我们的网络就将如所有组织认同的方式工作。在许多方面，NC4被认为比O4更重要，因为它最终控制着网络访问。 The same principles apply for channel configurations with respect to peers. In our network, P1 and P2 are likewise good actors. When peer nodes P1 and P2 are interacting with client applications A1 or A2 they are each using the policies defined within channel configuration CC1 to control access to the channel C1 resources. 同样的原则也适用于节点和通道配置。在我们的网络，P1和P2也是很好的演员。当节点P1和P2为与客户应用A1或A2交互，它们各自使用在通道配置CC1中定义的策略来控制对通道C1资源的访问。 For example, if A1 wants to access the smart contract chaincode S5 on peer nodes P1 or P2, each peer node uses its copy of CC1 to determine the operations that A1 can perform. For example, A1 may be permitted to read or write data from the ledger L1 according to policies defined in CC1. We’ll see later the same pattern for actors in channel and its channel configuration CC2. Again, we can see that while the peers and applications are critical actors in the network, their behaviour in a channel is dictated more by the channel configuration policy than any other factor. 例如，如果A1想要访问节点P1或P2上的智能合约链码S5，每个节点使用CC1的副本来确定A1是否可以执行。例如，根据CC1中定义的策略，A1被允许读写分类账L1的数据。稍后我们将看到对通道参与者及通道配置CC2的相同模式。我们又看到，虽然节点和应用是网络中的关键参与者，但它们在通道中的行为更多地由通道配置策略决定，而不是任何其他因素。 Finally, it is helpful to understand how network and channel configurations are physically realized. We can see that network and channel configurations are logically singular – there is one for the network, and one for each channel. This is important; every component that accesses the network or the channel must have a shared understanding of the permissions granted to different organizations. 最后，了解网络及通道的配置如何具体实现很有用。我们可以看到，网络和通道配置在逻辑上是一对一的，网络有一个配置，每个通道有一个。这一点很重要；访问网络或通道的每个组件都必须对不同组织授权。 Even though there is logically a single configuration, it is actually replicated and kept consistent by every node that forms the network or channel. For example, in our network peer nodes P1 and P2 both have a copy of channel configuration CC1, and by the time the network is fully complete, peer nodes P2 and P3 will both have a copy of channel configuration CC2. Similarly ordering service node O4 has a copy of the network configuration, but in a multi-node configuration, every ordering service node will have its own copy of the network configuration. 尽管逻辑上只有单一配置，但实际上被构成网络或通道的每个节点复制并保持一致。例如，我们的网络中，节点P1和P2都有一个通道配置副本CC1，当网络完全完成时，节点P2和P3都将有一个通道配置CC2的副本。相似的，排序节点O4具有网络配置的副本，但在多节点配置中，每个排序节点都将拥有自己的网络配置副本。 Both network and channel configurations are kept consistent using the same blockchain technology that is used for user transactions – but for configuration transactions. To change a network or channel configuration, an administrator must submit a configuration transaction to change the network or channel configuration. It must be signed by the organizations identified in the appropriate policy as being responsible for configuration change. This policy is called the mod_policy and we’ll discuss it later. 网络和通道配置使用相同的用于用户交易的区块链技术。但配置事务除外。要更改网络或通道配置，管理员必须提交配置事务才能更改网络或通道配置，必须由特定策略规定的负责配置更改的组织签名才可以。这项策略称为mod_policy，我们将稍后讨论。 Indeed, the ordering service nodes operate a mini-blockchain, connected via the system channel we mentioned earlier. Using the system channel ordering service nodes distribute network configuration transactions. These transactions are used to co-operatively maintain a consistent copy of the network configuration at each ordering service node. In a similar way, peer nodes in an application channel can distribute channel configuration transactions. Likewise, these transactions are used to maintain a consistent copy of the channel configuration at each peer node. 实际上，排序节点运行一个小型区块链，通过我们之前提到过的系统通道。排序节点使用系统通道分发网络配置事务，这些事务用于让每个排序节点合作维护网络配置的一致副本。相似的，在应用程序通道的每个排序服务节点可以分发通道配置事务。同样，这些事务用于维护每个节点上一致的通道配置。 This balance between objects that are logically singular, by being physically distributed is a common pattern in Hyperledger Fabric. Objects like network configurations, that are logically single, turn out to be physically replicated among a set of ordering services nodes for example. We also see it with channel configurations, ledgers, and to some extent smart contracts which are installed in multiple places but whose interfaces exist logically at the channel level. It’s a pattern you see repeated time and again in Hyperledger Fabric, and enables Hyperledger Fabric to be both de-centralized and yet manageable at the same time. 逻辑上单一，物理上分布存在的平衡，是Fabric的常见模式。如网络配置等对象，逻辑上单一，物理上在多个排序节点间复制。通道配置、分类帐也是如此，某种程度上，智能合约也是，多地安装但其接口在通道级别逻辑上存在。这是一种在Fabric中反复出现的模式，使Hyperledger Fabric同时实现去中心化和可管理。 Adding another peer Now that organization R3 is able to fully participate in channel C2, let’s add its infrastructure components to the channel. Rather than do this one component at a time, we’re going to add a peer, its local copy of a ledger, a smart contract and a client application all at once! 既然组织R3能够完全参与通道C2，那么让我们把它的基础设施组件加入通道。相比一次一个组件，我们将把添加一个节点，它的本地分类账副本，一个智能合约和客户端应用程序的动作一次完成！ Let’s see the network with organization R3’s components added: 让我们看看添加了组织R3组件的网络： The diagram shows the facts relating to channels C1 and C2 in the network N as follows: Client applications A1 and A2 can use channel C1 for communication with peers P1 and P2, and ordering service O4; client applications A3 can use channel C2 for communication with peer P3 and ordering service O4. Ordering service O4 can make use of the communication services of channels C1 and C2. Channel configuration CC1 applies to channel C1, CC2 applies to channel C2. 该图显示了网络N中通道C1和C2相关的事实如下：客户端应用A1和A2可以使用通道C1与节点P1和P2以及排序服务O4通信；客户端应用A3可以使用通道C2与节点P3和排序服务O4通信。排序服务O4可以利用通道C1和C2的通讯服务。通道配置CC1应用于通道C1，CC2应用于通道C2。 First of all, notice that because peer node P3 is connected to channel C2, it has a different ledger – L2 – to those peer nodes using channel C1. The ledger L2 is effectively scoped to channel C2. The ledger L1 is completely separate; it is scoped to channel C1. This makes sense – the purpose of the channel C2 is to provide private communications between the members of the consortium X2, and the ledger L2 is the private store for their transactions. 首先请注意，由于节点P3连接到了通道C2，因此对于使用通道C1的节点，有一个不同的分类帐L2。这个分类帐L2被有效地限定在通道C2上。分类帐1是彻底隔离的，它的作用域是通道C1。意义在于—通道C2的目的提供联合体X2的成员间的私密通讯，分类账L2是他们事务的私密存储。 In a similar way, the smart contract S6, installed on peer node P3, and instantiated on channel C2, is used to provide controlled access to ledger L2. Application A3 can now use channel C2 to invoke the services provided by smart contract S6 to generate transactions that can be accepted onto every copy of the ledger L2 in the network. 类似的，智能合约S6，被安装在节点P3上，在通道C2上被实例化，用于提供对分类帐L2的访问控制。应用程序A3现在可以使用通道C2调用智能合约S6提供的服务来生成可被网络上账本L2的每个副本上所接受的事务。 At this point in time, we have a single network that has two completely separate channels defined within it. These channels provide independently managed facilities for organizations to transact with each other. Again, this is de-centralization at work; we have a balance between control and autonomy. This is achieved through policies which are applied to channels which are controlled by, and affect, different organizations. 到现在，我们有一个单一的网络，其中定义了两个完全独立的通道。这些通道提供了独立管理的设施，用于组织间交易。再次，这是工作中的去中心化；我们在控制和自治之间取得平衡。这是通过应用于通道的策略获取，这些通道被不同组织控制，又反过来影响他们。 Joining a peer to multiple channels In this final stage of network development, let’s return our focus to organization R2. We can exploit the fact that R2 is a member of both consortia X1 and X2 by joining it to multiple channels: 在网络开发的最后阶段，让我们将重点放在组织R2。我们可以利用这样一个事实：通过连接到多个通道，R2同时是两个共同体X1和X2的成员： The diagram shows the facts relating to channels C1 and C2 in the network N as follows: Client applications A1 can use channel C1 for communication with peers P1 and P2, and ordering service O4; client application A2 can use channel C1 for communication with peers P1 and P2 and channel C2 for communication with peers P2 and P3 and ordering service O4; client application A3 can use channel C2 for communication with peer P3 and P2 and ordering service O4. Ordering service O4 can make use of the communication services of channels C1 and C2. Channel configuration CC1 applies to channel C1, CC2 applies to channel C2. 该图显示了与网络N中通道C1和C2相关的事实：客户端应用A1可以使用通道C1与节点P1和P2及排序服务O4通信；客户端应用A2可以使用通道C1与节点P1和P2通信，使用通道C2与节点P2和P3及排序服务O4通信。客户端应用A3可以使用通道C2与节点P3和P2及排序服务O4通信。排序服务O4可以利用通道C1和C2的通信服务。通道配置CC1应用于通道C1，CC2应用于通道C2。 We can see that R2 is a special organization in the network, because it is the only organization that is a member of two application channels! It is able to transact with organization R1 on channel C1, while at the same time it can also transact with organization R3 on a different channel, C2. 我们可以看到，R2是网络中的一个特殊组织，因为它唯一一个属于两个应用通道的成员组织。它能够在通道C1上与组织R1交易，同时它还可以在不同的通道C2与组织R3进行交易。 Notice how peer node P2 has smart contract S5 installed for channel C1 and smart contract S6 installed for channel C2. Peer node P2 is a full member of both channels at the same time via different smart contracts for different ledgers. 注意节点P2如何为通道C1安装智能合约S5，为通道C2安装智能合约S6。通过不同账本的不同智能合约，节点P2同时是两个通道的完整成员。 This is a very powerful concept – channels provide both a mechanism for the separation of organizations, and a mechanism for collaboration between organizations. All the while, this infrastructure is provided by, and shared between, a set of independent organizations. 这是一个强大的概念，通道为分离组织以及组织间的协作提供机制。一直以来，这个基础设施都是由一些独立组织提供并在其间共享。 It is also important to note that peer node P2’s behaviour is controlled very differently depending upon the channel in which it is transacting. Specifically, the policies contained in channel configuration CC1 dictate the operations available to P2 when it is transacting in channel C1, whereas it is the policies in channel configuration CC2 that control P2’s behaviour in channel C2. 同样重要的是，节点P2的行为因交易的渠道不同而明显不同。特别的，当P2在通道C1中进行交易时,通道配置CC1中包含的策略指示其操作，通道配置CC2策略控制通道C2中的P2行为。 Again, this is desirable – R2 and R1 agreed the rules for channel C1, whereas R2 and R3 agreed the rules for channel C2. These rules were captured in the respective channel policies – they can and must be used by every component in a channel to enforce correct behaviour, as agreed. 同样，这是可取的——R2和R1同意通道C1的规则，而R2和R3同意信道C2的规则。这些规则是在各自的渠道政策——它们可以并且必须由每个按照约定，在渠道中执行正确行为的组件。 Similarly, we can see that client application A2 is now able to transact on channels C1 and C2. And likewise, it too will be governed by the policies in the appropriate channel configurations. As an aside, note that client application A2 and peer node P2 are using a mixed visual vocabulary – both lines and connections. You can see that they are equivalent; they are visual synonyms. 类似地，我们可以看到客户端应用A2现在能够在通道C1和C2上交易。同样地，它也将由对应的通道配置管理。同时，请注意客户端应用A2和节点P2使用了混合的视觉词汇—连线和连接。您可以看到它们是等效的；它们是视觉上的同义词。 The ordering service The observant reader may notice that the ordering service node appears to be a centralized component; it was used to create the network initially, and connects to every channel in the network. Even though we added R1 and R4 to the network configuration policy NC4 which controls the orderer, the node was running on R4’s infrastructure. In a world of de-centralization, this looks wrong! 眼尖的读者可能注意到排序服务节点似乎是集中式组件；最初被用于创建网络，并连接到网络中的每个通道。尽管我们为控制排序节点的配置策略NC4添加了R1和R4，但该节点运行在R4的基础设施上。在一个去中心化的世界里，这看起来太错误了！ Don’t worry! Our example network showed the simplest ordering service configuration to help you understand the idea of a network administration point. In fact, the ordering service can itself too be completely de-centralized! We mentioned earlier that an ordering service could be comprised of many individual nodes owned by different organizations, so let’s see how that would be done in our sample network. 别担心！我们的示例网络只是展示了最简单的排序服务配置，是为了帮您了解网络管理的关键点。实际上，排序服务本身也可以完全去中心化！我们前面提到，排序服务可以由许多不同组织的独立节点组成，现在让我们看看在我们的示例网络中该怎么做。 Let’s have a look at a more realistic ordering service node configuration: 让我们来看一个更真实的排序服务节点配置： A multi-organization ordering service. The ordering service comprises ordering service nodes O1 and O4. O1 is provided by organization R1 and node O4 is provided by organization R4. The network configuration NC4 defines network resource permissions for actors from both organizations R1 and R4. 多组织排序服务。排序服务包括排序服务节点O1和O4。组织R1提供节点O1，组织R4提供节点O4。网络配置NC4定义了来自组织R1和R4的参与者的网络资源权限。 We can see that this ordering service completely de-centralized – it runs in organization R1 and it runs in organization R4. The network configuration policy, NC4, permits R1 and R4 equal rights over network resources. Client applications and peer nodes from organizations R1 and R4 can manage network resources by connecting to either node O1 or node O4, because both nodes behave the same way, as defined by the policies in network configuration NC4. In practice, actors from a particular organization tend to use infrastructure provided by their home organization, but that’s certainly not always the case. 我们可以看到这个排序服务是完全去中心化的，它既运行在组织R1中，也在组织R4中。网络配置策略NC4赋予R1和R4在网络资源上平等的权利。来自组织R1和R4的客户端应用和节点可以通过连接到节点O1或O4来管理网络资源，因为网络配置NC4中对这两个节点的行为定义相同。实际情况，来自特定组织的参与者倾向于使用由他们自己的组织提供的基础设施，但事实并非总是如此。 De-centralized transaction distribution As well as being the management point for the network, the ordering service also provides another key facility – it is the distribution point for transactions. The ordering service is the component which gathers endorsed transactions from applications and orders them into transaction blocks, which are subsequently distributed to every peer node in the channel. At each of these committing peers, transactions are recorded, whether valid or invalid, and their local copy of the ledger updated appropriately. 作为网络的管理节点，排序服务还提供了另一个关键功能，它还是事务的分发节点。排序服务是从应用收集已背书交易，并排序到交易区块的组件，这些事务块按序分发到通道中的每个节点。在每一个提交节点、事务无论有效有否都被记录，并相应更新其本地的分类帐副本。 Notice how the ordering service node O4 performs a very different role for the channel C1 than it does for the network N. When acting at the channel level, O4’s role is to gather transactions and distribute blocks inside channel C1. It does this according to the policies defined in channel configuration CC1. In contrast, when acting at the network level, O4’s role is to provide a management point for network resources according to the policies defined in network configuration NC4. Notice again how these roles are defined by different policies within the channel and network configurations respectively. This should reinforce to you the importance of declarative policy based configuration in Hyperledger Fabric. Policies both define, and are used to control, the agreed behaviours by each and every member of a consortium. 相比网络N，排序服务节点O4在通道C1上扮演了一个很不同的角色。O4在通道层的角色是收集事务并在通道C1内分发区块。它根据通道配置CC1中定义的策略执行此操作。相比之下，当在网络层工作时，O4的作用是根据网络中定义的策略配置NC4提供网络资源管理点。再次请注意这些角色是如何由不同的通道和网络配置中的策略定义。这向您强调了基于配置的声明式策略在Hyperledger Fabric中的重要性。策略定义，并用于控制由联合体每个并全部成员一致认同的行为。 We can see that the ordering service, like the other components in Hyperledger Fabric, is a fully de-centralized component. Whether acting as a network management point, or as a distributor of blocks in a channel, its nodes can be distributed as required throughout the multiple organizations in a network. 我们可以看到排序服务，就像Hyperledger Fabric中的其他组件一样，是一个完全去中心的组件。不管是作为网络管理点，或作为通道中区块的分发者，其节点可以按需分布在网络中的多个组织中。 Changing policy Throughout our exploration of the sample network, we’ve seen the importance of the policies to control the behaviour of the actors in the system. We’ve only discussed a few of the available policies, but there are many that can be declaratively defined to control every aspect of behaviour. These individual policies are discussed elsewhere in the documentation. 在我们对示例网络的探索中，我们看到了控制系统参与者行为的策略的重要性。我们只讨论了很少一部分可用的策略，还有很多可以声明式地定义去控制行为的各个方面。这些单独的策略在文档的其他地方讨论。 Most importantly of all, Hyperledger Fabric provides a uniquely powerful policy that allows network and channel administrators to manage policy change itself! The underlying philosophy is that policy change is a constant, whether it occurs within or between organizations, or whether it is imposed by external regulators. For example, new organizations may join a channel, or existing organizations may have their permissions increased or decreased. Let’s investigate a little more how change policy is implemented in Hyperledger Fabric. 最重要的，Hyperledger Fabric提供了一个独特的强大策略,允许网络和通道管理员让策略自主管理变更！底层的哲学是，不管是组织内部或组织之间，或被外部监管者强制，策略变化是常态。例如，新的组织可以加入一个通道，或现有的组织可能会增加或减少其权限。让我们多研究一下变更策略是如何在Hyperledger Fabric中实现的。 They key point of understanding is that policy change is managed by a policy within the policy itself. The modification policy, or mod_policy for short, is a first class policy within a network or channel configuration that manages change. Let’s give two brief examples of how we’ve already used mod_policy to manage change in our network! 理解的关键点是策略变化由策略自身的策略管理。modification policy，或缩写的mod_policy，是网络或通道配置中管理变更的一级策略。我们来举两个简单的例子，看看我们如何已经使用mod_policy来管理我们网络中的变更！ The first example was when the network was initially set up. At this time, only organization R4 was allowed to manage the network. In practice, this was achieved by making R4 the only organization defined in the network configuration NC4 with permissions to network resources. Moreover, the mod_policy for NC4 only mentioned organization R4 – only R4 was allowed to change this configuration. 第一个例子是最初建立网络时。此时，只有组织R4被允许管理网络。实际上，这是通过使R4成为网络配置NC4中定义的唯一组织来实现其网络资源权限。此外，NC4的mod_policy只提到了组织R4，只允许R4更改此配置。 We then evolved the network N to also allow organization R1 to administer the network. R4 did this by adding R1 to the policies for channel creation and consortium creation. Because of this change, R1 was able to define the consortia X1 and X2, and create the channels C1 and C2. R1 had equal administrative rights over the channel and consortium policies in the network configuration. 然后，我们扩展了网络N，也允许组织R1管理网络。R4通过将R1添加到通道和联合体创建的策略做到这一点。由于这种变化，R1能够定义联合体X1和X2，创建通道C1和C2。R1拥有对对网络中的通道和联合体策略的等同管理权。 R4 however, could grant even more power over the network configuration to R1! R4 could add R1 to the mod_policy such that R1 would be able to manage change of the network policy too. 但是，R4可以通过网络配置向R1赋予更大的能量！R4可以将R1添加到mod_policy中，以便R1能够管理网络策略变更。 This second power is much more powerful than the first, because now R1 now has full control over the network configuration NC4! This means that R1 can, in principle remove R4’s management rights from the network. In practice, R4 would configure the mod_policy such that R4 would need to also approve the change, or that all organizations in the mod_policy would have to approve the change. There’s lots of flexibility to make the mod_policy as sophisticated as it needs to be to support whatever change process is required. 第二个力量比第一次强大得多，因为现在R1完全控制了网络配置NC4！这意味着R1原则上可以网络中删除R4的管理权限。实际上，R4会配置mod_policy，以便此变更也需要R4批准，或者mod_policy中的所有组织都必须批准这项变更。灵活性之多使mod_policy 足以复杂到支持任何需要的变更过程。 This is mod_policy at work – it has allowed the graceful evolution of a basic configuration into a sophisticated one. All the time this has occurred with the agreement of all organization involved. The mod_policy behaves like every other policy inside a network or channel configuration; it defines a set of organizations that are allowed to change the mod_policy itself. 这是在用的mod_policy,它允许基础配置平滑进化成一个复杂的配置。所有这些都是在所有相关组织同意下发生的。mod_policy与其他网络或通道配置中的策略一样起作用；它定义一组允许改变mod_policy自身的组织。 We’ve only scratched the surface of the power of policies and mod_policy in particular in this subsection. It is discussed at much more length in the policy topic, but for now let’s return to our finished network! 我们本节中只触及了策略和mod_policy的表面。在策略主题中有更详细的讨论，但现在让我们回到我们完成的网络！ Network fully formed Let’s recap what our network looks like using a consistent visual vocabulary. We’ve re-organized it slightly using our more compact visual syntax, because it better accommodates larger topologies: 让我们用一致的视觉词汇回顾一下我们的网络是什么样子的。我们使用更紧凑的视觉语法对它重新组织，以更好地适应更大的拓扑结构： In this diagram we see that the Fabric blockchain network consists of two application channels and one ordering channel. The organizations R1 and R4 are responsible for the ordering channel, R1 and R2 are responsible for the blue application channel while R2 and R3 are responsible for the red application channel. Client applications A1 is an element of organization R1, and CA1 is its certificate authority. Note that peer P2 of organization R2 can use the communication facilities of the blue and the red application channel. Each application channel has its own channel configuration, in this case CC1 and CC2. The channel configuration of the system channel is part of the network configuration, NC4. 在这张图中，我们看到Fabric区块链网络由两个应用程序通道和一个排序通道组成。组织R1和R4负责排序通道，R1和R2负责蓝色应用通道，而R2和R3负责红色应用通道。客户端应用A1是组织R1的一个元素，CA1是其证书颁发机构。注意组织R2的节点P2可以使用蓝色和红色应用通道的通信设施。各应用通道有自己的通道配置，当前情况下即指CC1和CC2。系统通道的通道配置是网络配置NC4的一部分. We’re at the end of our conceptual journey to build a sample Hyperledger Fabric blockchain network. We’ve created a four organization network with two channels and three peer nodes, with two smart contracts and an ordering service. It is supported by four certificate authorities. It provides ledger and smart contract services to three client applications, who can interact with it via the two channels. Take a moment to look through the details of the network in the diagram, and feel free to read back through the topic to reinforce your knowledge, or go to a more detailed topic. 我们建立一个示例Hyperledger Fabric区块链网络的概念之旅就要结束了。我们创建了一个有四个组织的网络，它由两个通道和三个节点，两个智能合约和一个排序服务。由四个证书颁发机构支持。它向三个客户端应用提供分类帐和智能合约服务，这些应用程序可以通过这两个通道与之交互。花点时间看看图中的网络，回看这个主题以加强您的知识，或去看更详细的主题。 Summary of network components Here’s a quick summary of the network components we’ve discussed: Ledger. One per channel. Comprised of the Blockchain and the World state Smart contract (aka chaincode) Peer nodes Ordering service Channel Certificate Authority Network summary In this topic, we’ve seen how different organizations share their infrastructure to provide an integrated Hyperledger Fabric blockchain network. We’ve seen how the collective infrastructure can be organized into channels that provide private communications mechanisms that are independently managed. We’ve seen how actors such as client applications, administrators, peers and orderers are identified as being from different organizations by their use of certificates from their respective certificate authorities. And in turn, we’ve seen the importance of policy to define the agreed permissions that these organizational actors have over network and channel resources. 在本主题中，我们看到了不同的组织如何共享其基础结构以提供一个集成的Hyperledger Fabric区块链网络。我们看到了基础设施可以组织为独立管理并提供私密通讯机制的通道。我们看到如客户端应用，管理员、节点和排序者等来自不同组织的参与者是如何通过使用各自相应的证书颁发机构获取证书被验证。反过来，我们看到了定义这些参与者对网络和通道资源权限的策略的重要性 ———————————————— 版权声明：本文为CSDN博主「yyri」的原创文章，遵循 CC 4.0 BY-SA 版权协议，转载请附上原文出处链接及本声明。 原文链接：https://blog.csdn.net/yyri/article/details/89792315