Fabric1.4 六、动态添加组织
1 核心步骤
本文基于hellowrold区块链环境,动态添加机构 org3,以及两个peer 。
动态添加机构比较复杂,需要修改通道配置文件,增量配置信息需要被超过50%的机构签名,并为每个peer更新通道增量配置。
核心分为三步:
- 1.生成新增org的组织机构的证书,
- 2.修改channel的配置块并更新,
- 3.编写docker-compose文件
2 操作流程
2.1.生成证书
新增加crypto-config-org3.yaml
PeerOrgs:
# ---------------------------------------------------------------------------
# Org3
# ---------------------------------------------------------------------------
- Name: Org3
Domain: org3.example.com
EnableNodeOUs: true
Specs:
- Hostname: peer0
- Hostname: peer1
# ---------------------------------------------------------------------------
# "Specs"
# ---------------------------------------------------------------------------
# Uncomment this section to enable the explicit definition of hosts in your
# configuration. Most users will want to use Template, below
#
# Specs is an array of Spec entries. Each Spec entry consists of two fields:
# - Hostname: (Required) The desired hostname, sans the domain.
# - CommonName: (Optional) Specifies the template or explicit override for
# the CN. By default, this is the template:
#
# "{{.Hostname}}.{{.Domain}}"
#
# which obtains its values from the Spec.Hostname and
# Org.Domain, respectively.
# ---------------------------------------------------------------------------
# Specs:
# - Hostname: foo # implicitly "foo.org1.example.com"
# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above
# - Hostname: bar
# - Hostname: baz
# ---------------------------------------------------------------------------
# "Template"
# ---------------------------------------------------------------------------
# Allows for the definition of 1 or more hosts that are created sequentially
# from a template. By default, this looks like "peer%d" from 0 to Count-1.
# You may override the number of nodes (Count), the starting index (Start)
# or the template used to construct the name (Hostname).
#
# Note: Template and Specs are not mutually exclusive. You may define both
# sections and the aggregate nodes will be created for you. Take care with
# name collisions
# ---------------------------------------------------------------------------
Template:
Count: 2
# Start: 5
# Hostname: {{.Prefix}}{{.Index}} # default
# ---------------------------------------------------------------------------
# "Users"
# ---------------------------------------------------------------------------
# Count: The number of user accounts _in addition_ to Admin
# ---------------------------------------------------------------------------
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org3: See "Org1" for full specification
# ---------------------------------------------------------------------------
执行证书生成
./bin/cryptogen generate --config=crypto-config-org3.yaml
在crypto-config/peerOrganizations目录下会多出org3.example.com文件夹。
生成org3 json配置
修改configtx.yaml 文件 添加Org3相关内容
执行
./bin/configtxgen -printOrg Org3MSP > ../channel-artifacts/org3.json
生成org3 的json配置
2. 修改channel的配置块
2.1 制作增量配置文件
在peer0.org1.example.com中操做,修改channel的配置,进入cli_peer0_org1中进行命令行操作。
docker exec -it cli_peer0_org1 bash
#在客户端容器中执行以下命令:
ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
#获取mychannel的配置区块
peer channel fetch config config_block.pb -o orderer.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA
#转为json
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
#将org3加入到此json中
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json
#原channel配置转为pb
configtxlator proto_encode --input config.json --type common.Config --output config.pb
#新channel配置转为pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
#计算新旧两个pb之间的增量
configtxlator compute_update --channel_id mychannel --original config.pb --updated modified_config.pb --output org3_update.pb
#增量PB转为json
configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json
#加入header信息
echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json
#转为pb
configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb
#新增org3需要此channel里面的大多数组织机构签名同意,也就是超过50%
#Org1对增量配置进行签名
peer channel signconfigtx -f org3_update_in_envelope.pb
#cli切换到org2
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:9051
Org2对增量配置进行签名
peer channel signconfigtx -f org3_update_in_envelope.pb
到此,已经有两个机构对增量配置进行了签名,超过了机构的51%
2.2使用增量配置文件更新通道
ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
更新channel配置
peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer.example.com:7050 --tls --cafile $ORDERER_CA
3.编写docker-compose文件并启动
编写docker-compose文件(官方first-network有,可以照着改为自己新增的org4,org5…………)
3.1 peer0.org3.example.com的docker-compose配置
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
networks:
hello:
services:
peer0.org3.example.com:
container_name: peer0.org3.example.com
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ID=peer0.org3.example.com
- CORE_PEER_LISTENADDRESS=0.0.0.0:13051
- CORE_PEER_ADDRESS=peer0.org3.example.com:13051
- CORE_PEER_CHAINCODEADDRESS=peer0.org3.example.com:13052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:13052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:13051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org3.example.com:13151
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=helloworld_hello
#- CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 13051:13051
- 13052:13052
- 13053:13053
# extra_hosts:
# - "orderer.example.com:192.168.235.100"
networks:
- hello
cli_peer0_org3:
container_name: cli_peer0_org3
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli_peer0_org3
- CORE_PEER_ADDRESS=peer0.org3.example.com:13051
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ./chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/helloworld/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer0.org3.example.com
# extra_hosts:
# - "orderer.example.com:192.168.235.100"
# - "peer0.org1.example.com:192.168.235.101"
# - "peer1.org1.example.com:192.168.235.102"
# - "peer0.org2.example.com:192.168.235.103"
# - "peer1.org2.example.com:192.168.235.104"
networks:
- hello
3.2 peer1.org3.example.com的docker-compose配置
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
networks:
hello:
services:
peer1.org3.example.com:
container_name: peer1.org3.example.com
image: hyperledger/fabric-peer
environment:
- CORE_PEER_ID=peer1.org3.example.com
- CORE_PEER_LISTENADDRESS=0.0.0.0:13151
- CORE_PEER_ADDRESS=peer1.org3.example.com:13151
- CORE_PEER_CHAINCODEADDRESS=peer1.org3.example.com:13152
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:13152
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org3.example.com:13151
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org3.example.com:13051
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=helloworld_hello
#- CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 13151:13151
- 13152:13152
- 13153:13153
networks:
- hello
cli_peer1_org3:
container_name: cli_peer1_org3
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_ID=cli_peer1_org3
- CORE_PEER_ADDRESS=peer1.org3.example.com:13151
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
volumes:
- /var/run/:/host/var/run/
- ./chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric/helloworld/chaincode/go
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- peer1.org3.example.com
networks:
- hello
3.3启动、添加通道并安装链码
docker-compose -f docker-compose-org3-peer0.yaml up -d
进入容器
docker exec -it cli_peer0_org3 bash
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
获取第0个区块
peer channel fetch 0 mychannel.block -o orderer.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA
加入到channel里边
peer channel join -b mychannel.block
安装链码
peer chaincode install -n mycc -p github.com/hyperledger/fabric/helloworld/chaincode/go/helloworld/ -v 1.0
测试查询
peer chaincode query -C mychannel -n mycc -c '{"function":"get","Args":["a"]}'
测试invoke
peer chaincode invoke --tls --cafile $ORDERER_CA -C mychannel -n mycc -c '{"function":"set","Args":["a","world"]}'
赞 (0)