《HyperLedger Fabric 实战》—— 十八、升级 Fabric 1.2 —— 7、动态增加组织
1、添加新组织配置文件
在~/fabric/aberic/
文件夹下新建org3-artifacts
目录,创建文件~/fabric/aberic/org3-artifacts/org3-crypto.yaml
,内容如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
# ---------------------------------------------------------------------------
# Org3
# ---------------------------------------------------------------------------
- Name: Org3
Domain: org3.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
执行命令,生成新组织证书文件:
cd org3-artifacts/
../../release/linux-amd64/bin/cryptogen generate --config=./org3-crypto.yaml
创建文件~/fabric/aberic/org3-artifacts/configtx.yaml
,内容如下:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
- &Org3
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org3MSP
# ID to load the MSP definition as
ID: Org3MSP
MSPDir: crypto-config/peerOrganizations/org3.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org3.example.com
Port: 7051
将 org3 的配置以 json 格式输出:
export FABRIC_CFG_PATH=$PWD
../../release/linux-amd64/bin/configtxgen -printOrg Org3MSP -profile ./configtx.yaml > ../channel-artifacts/org3.json
将 orderer 的证书和密钥拷贝至 org3 的 crypto-config 目录下
cp -r ../crypto-config/ordererOrganizations crypto-config/
2、获取当前 channel 配置
docker exec -it cli bash
apt-get -y update && apt-get -y install jq
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel fetch config config_block.pb -o orderer1.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA
3、修改原配置文件,新增 org3 配置
1. 解码原有网络的配置文件 config_block.pb。然后通过 jq 命令行将其中部分取出,输出至 config.json
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
2. 修改 config.json,新增 org3
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json
3. 将 config.json 和 modified_config.json 转为 protobuf 格式
configtxlator proto_encode --input config.json --type common.Config > original_config.pb
configtxlator proto_encode --input modified_config.json --type common.Config > modified_config.pb
4. 根据 config.pb 和 modified_config.pb 计算出 org3_update.pb
configtxlator compute_update --channel_id mychannel --original original_config.pb --updated modified_config.pb > config_update.pb
5. 解码 config_update.pb 为 json,然后用 jq 修改,然后在编码为 protobuf 格式,最终输出 org3_update_in_envelope.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate > config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope > org3_update_in_envelope.pb
4、为 Org3 新配置签名
为配置交易签名,需要 channel 中的大多数 Org 对其进行签名。对于 mychannel 而言,目前只有 org1,org2,因此新增 org3 时需要 org1、org2 都签名。
签名操作于 cli 中完成,需采用 Anchor Peer,即 peer0.orgx.example.com;
分别登录 peer0.org1.example.com 及 peer0.org2.example.com,并执行:
peer channel signconfigtx -f org3_update_in_envelope.pb
在 peer0.org1.example.com 中执行完毕后,需将签名后的 org3_update_in_envelope.pb
拷贝到 peer0.org2.example.com 中再执行上面的命令,如果有更多组织,则以此类推。
5、提交签名后的配置交易至 orderer
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer1.example.com:7050 --tls --cafile $ORDERER_CA
6、配置新组织 Peer 服务
配置新组织集群,docker-peer0.org3.yaml
:
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
services:
ca1:
container_name: ca_Org3
extends:
file: base/docker-compose-base.yaml
service: ca
environment:
- FABRIC_CA_SERVER_CA_NAME=ca-org3
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/b687233103886f51b1cfa1b92eee9e3e78b9fb684c6203d44f4806c55c411a4c_sk
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/b687233103886f51b1cfa1b92eee9e3e78b9fb684c6203d44f4806c55c411a4c_sk -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org3.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
couchdb06:
container_name: couchdb06
extends:
file: base/docker-compose-base.yaml
service: couchdb
peer0.org3.example.com:
container_name: peer0.org3.example.com
extends:
file: base/docker-compose-base.yaml
service: peer.org.example.com
environment:
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb06:5984
- CORE_PEER_ID=peer0.org3.example.com
- CORE_PEER_ADDRESS=peer0.org3.example.com:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org3.example.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:7051
- CORE_PEER_LOCALMSPID=Org3MSP
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ./crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls
cli:
container_name: cli
extends:
file: base/docker-compose-base.yaml
service: cli
environment:
- CORE_PEER_ADDRESS=peer0.org3.example.com:7051
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp
启动 peer0.org3
docker-compose -f docker-peer0.org3.yaml up
7、将新 org 添加入 channel
登录新 org 集群,从 orderer 中获取 channel 创世块配置
docker exec -it cli bash
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel fetch 0 mychannel.block -o orderer1.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA
将新组织 Peer 加入 channel
peer channel join -b mychannel.block
8、升级chaincode和背书策略
要将 Org3 加入合约的背书策略,需要重新实例化合约,而重新实例化合约需要先升级合约,由于 Org3 是新建立的组织,所以我们无需先安装再升级,而可以直接安装 2.0 版本的 chaincode。
peer chaincode install -n mycc -v 2.0 -p github.com/hyperledger/fabric/aberic/chaincode/go/example02/cmd
则 Org1,Org2 也需要安装 2.0 版 chaincode,分别登入 org1,org2,同样执行:
peer chaincode install -n mycc -v 2.0 -p github.com/hyperledger/fabric/aberic/chaincode/go/example02/cmd
9、升级背书策略
在合约的原属背书组织(peer0.org1 | peer0.org2)中,升级合约,并使用新的背书策略:
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer chaincode upgrade -o orderer1.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C mychannel -n mycc -v 2.0 -c '{"Args":["init","a","90","b","210"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer','Org3MSP.peer')"
10、验证升级结果
peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer1.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer chaincode invoke -o orderer1.example.com:7050 --tls --cafile $ORDERER_CA -C mychannel -n mycc -c '{"Args":["invoke","a","b","10"]}'
peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
好了,动态增加组织完成,至些,我们可以新建联盟,或加入现有联盟。