创建一个新的channel

官方文档:deployment_guide_overview

Deploying a production network

• Step one: Decide on your network configuration

• Step two: Set up a cluster for your resources

• Step three: Set up your CAs

• Step four: Use the CA to create identities and MSPs

• • Step five: Deploy peers and ordering nodes

    Creating a peerCreating an ordering node

Step one: Decide on your network configuration

• Certificate Authority configuration.
• Use Organizational Units or not?
• Database type. （相同的channel的peer节点必须使用相同的数据库）
• Channels and private data.
• Container orchestration.
• Chaincode deployment method（使用内置的部署方式还是外部的部署方式，如使用k8s部署）
• Using firewalls

Step two: Set up a cluster for your resources

Managing your infrastructure

• Using secret objects to securely store important configuration files in your cluster. （使用秘密对象将重要的配置文件安全地存储在群集中。）

• Cluster considerations and node sizing.

• How you choose to mount your volumes. It is a best practice to mount the volumes relevant to your nodes external to the place where your nodes are deployed. (您如何选择挂载卷。最佳实践是将与您的节点相关的卷挂载到部署节点的外部。)

• How you will monitor your resources.

Step three: Set up your CAs

The first component that must be deployed in a Fabric network is a CA. This is because the certificates associated with a node (not just for the node itself but also the certificates identifying who can administer the node) must be created before the node itself can be deployed.

必须在Fabric网络中部署的第一个组件是CA。这是因为必须先创建与节点关联的证书（不仅是针对节点本身的证书，而且还包括标识谁可以管理该节点的证书），然后才能部署节点本身。

• One CA (or more, if you are using intermediate CAs — more on intermediate CAs below) is used to generate (through a process called “enrollment”) the certificates of the admin of an organization, the MSP of that organization, and any nodes owned by that organization. This CA will also generate the certificates for any additional users.This CA will also generate the certificates for any additional users. Because of its role in “enrolling” identities, this CA is sometimes called the “enrollment CA” or the “ecert CA”.

  一个CA用于生成该组织管理员、该组织的MSP和该组织所拥有的任何节点的证书。该CA还将为任何其他用户生成证书。由于其在“注册”身份中的作用，因此有时将该CA称为“注册CA”或“证书CA”。

• The other CA generates the certificates used to secure communications on Transport Layer Security (TLS).For this reason, this CA is often referred to as a “TLS CA”. These TLS certificates are attached to actions as a way of preventing “man in the middle” attacks.

  另一个CA生成用于保护传输层安全性（TLS）上的通信的证书。因此，该CA通常被称为“ TLS CA”。将这些TLS证书附加到操作中，以防止“中间人”攻击。

Deploy a Production CA

• Planning for a CA
• Checklist for a production CA server
• CA deployment steps

Step four: Use the CA to create identities and MSPs

For each organization, you will need to, at a minimum:

• Register and enroll an admin identity and create an MSP.

  you must create the org admin identity before creating the local MSP of a node, since the certificate of the node admin must be used when creating the local MSP.

• Register and enroll node identities.

Step five: Deploy peers and ordering nodes

Before any node can be deployed, its configuration file must be customized. For the peer, this file is called core.yaml, while the configuration file for ordering nodes is called orderer.yaml.

在任何的节点可以被部署之前，必须先自定义配置文件。

• peer节点的配置文件： core.yaml
• ordering节点的配置文件orderer.yaml

You have three main options for tuning your configuration.

1. Edit the YAML file bundled with the binaries.
2. Use environment variable overrides when deploying.
3. Specify flags on CLI commands.

Creating a peer

Among the parameters in core.yaml, there are:

• Identifiers: these include not just the paths to the relevant local MSP and Transport Layer Security (TLS) certificates, but also the name (known as the “peer ID”) of the peer and the MSP ID of the organization that owns the peer.
• Addresses and paths: because peers are not entities unto themselves but interact with other peers and components, you must specify a series of addresses in the configuration. These include addresses where the peer itself can be found by other components as well as the addresses where, for example, chaincodes can be found (if you are employing external chaincodes). Similarly, you will need to specify the location of your ledger (as well as your state database type) and the path to your external builders (again, if you intend to employ external chaincodes). These include Operations and metrics, which allow you to set up methods for monitoring the health and performance of your peer through the configuration of endpoints.
• Gossip: components in Fabric networks communicate with each other using the “gossip” protocol. Through this protocol, they can be discovered by the discovery service and disseminate blocks and private data to each other. Note that gossip communications are secured using TLS.

Deploying a production peer

• Planning for a production peer
• Checklist for a production peer
• Deploy the peer

Creating an ordering node

Among the parameters in orderer.yaml, there are:

• Identifiers: these include not just the paths to the relevant local MSP and Transport Layer Security (TLS) certificates, but also the MSP ID of the organization that owns the ordering node.
• Addresses and paths: because ordering nodes interact with other components, you must specify a series of addresses in the configuration. These include addresses where the ordering node itself can be found by other components as well as Operations and metrics, which allow you to set up methods for monitoring the health and performance of your ordering node through the configuration of endpoints.

Deploying a production ordering node

• Planning for an ordering service
• Checklist for a production ordering node
• Deploy the ordering service