022 Fabric动态添加组织流程
主要流程
为Channel动态新增Org的流程如下:
-
为新的组织生成证书
-
为新的组织生成配置文件
-
生成和提交组织的配置
3.1 peer channel fetch config 获取当前通道信息,生成增量包
3.2 peer channel signconfigtx 为配置交易签名,需要网络中MAJORITY的组织都签名
3.3 peer channel update 提交签名后的配置交易至orderer -
将新的组织添加入channel
4.1 启动新组织集群
4.2 peer channel join 将新的组织下的peer加入channel -
升级chaincode和背书策略
5.1 peer chaincode install 为新的组织的peer安装chaincode
5.2 peer chaincode install 为原来的组织的peer升级chaincode
5.3 peer chaincode upgrade 升级背书策略 -
测试
6.1 peer chaincode query
6.2 peer chaincode invokesignconfigtx 用于收集签名,原有组织对新加组织的增量包进行签名,然后提交到orderer进行
进行更新,只有被通道内组织内认可的新增组织才能加入通道。
signconfigtx 支持fabric以及以上版本支持。
下面开始流程:
1. 重新生成证书文件
新建一个证书配置文件,命名为cryto-config-org3.yaml
PeerOrgs:
- Name: Org3
Domain: org3.example.com
Template:
Count: 2
Users:
Count: 1
2. 获取新增组织证书
./../bin/cryptogen generate --config=./crypto-config-org3.yaml
在configtx.yaml配置文件中新增创建通道的组织信息,新增的组织在Organizations中声明,
这里只增加了一个Org3
Organizations:
- &Org3
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org3MSP
# ID to load the MSP definition as
ID: Org3MSP
MSPDir: crypto-config/peerOrganizations/org3.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org3.example.com
Port: 7051
对于新增通道,通道文件创建依赖于profiles,根据自己需要不同的组织
Profiles:
TwoOrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
NewOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
Capabilities:
<<: *ApplicationCapabilities
OneOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org3
Capabilities:
<<: *ApplicationCapabilities
3. 获取通道更新增量包
根据新增组织获取组织信息,注意Org3Msp必须与你在configtx.yaml中新增组织名称一致
./../bin/configtxgen -printOrg Org3MSP -profile ./configtx.yaml > channel-artifacts/org3.json
进入cli容器,拉去通道二进制文件并且转换为json格式
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel fetch config mychannel.pb -o orderer.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA
configtxlator proto_decode --input mychannel.pb --type common.Block | jq .data.data[0].payload.data.config > mychannel.json
将之前获取的新增组织信息加到通道信息json文件
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' mychannel.json ./channel-artifacts/org3.json > mychannel_config.json
把更新前后的而文件打包成二进制文件
configtxlator proto_encode --input mychannel.json --type common.Config > original_mychannel.pb
configtxlator proto_encode --input mychannel_config.json --type common.Config > modified_mychannel.pb
获取增量包并且补全,转换成二进制文件
configtxlator compute_update --channel_id mychannel --original original_mychannel.pb --updated modified_mychannel.pb > mychannel_update.pb
configtxlator proto_decode --input mychannel_update.pb --type common.ConfigUpdate > mychannel_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat mychannel_update.json)'}}}' | jq . > mychannel_update_envelope.json
configtxlator proto_encode --input mychannel_update_envelope.json --type common.Envelope > mychannel_update_Org_envelope.pb
原有组织对新加组织进行签名已经签名并且已经获取认可
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
peer channel signconfigtx -f org3_update_in_envelope.pb
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
peer channel signconfigtx -f org3_update_in_envelope.pb
获取签名之后通知orderer更新通道信息
peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer.example.com:7050 --tls --cafile $ORDERER_CA
4. 加入通道
切换到org3的节点上然后执行 peer channel join
export CORE_PEER_LOCALMSPID="Org3MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org3.example.com:7051
peer channel joib -b mychannel.block
5. 更新链码
在新增org的节点上安装链码,版本号为2.0
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org3.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/
切换到原有的org分别更新链码,版本号必须对应
切换到环境变量
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go
6. 更新背书策略
在原来的组织策略上增加新组织
peer chaincode upgrade -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA -C mychannel -n mycc -v 2.0 -c '{"Args":["a","90","b","210"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer','Org3MSP.peer')"
7. 测试
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA -C mychannel -n mycc -c '{"Args":["invoke","a","b","10"]}'
通过查询以及转账功能测试链码是否正常工作