Fabric2.0 dynamically added the organization is more concerned about a lot of friends, we thought the last chapter updates from channel configuration point of view, add dynamic organizational practice is achieved by modifying the configuration block,
the next operation based on the first-network has been deployed network of.
1. Add org3 certificate configuration
For fabric networks, to add an organization, first of all start from the certificate, because the certificate is the identity of fabric inside.
Edit certificate configuration org3-crypto.yaml (first-network / org3-artifacts)
PeerOrgs:
# ---------------------------------------------------------------------------
# Org3
# ---------------------------------------------------------------------------
- Name: Org3
Domain: org3.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
Configured nodes 2 Org3 tissue ordinary users User 1
Execute the following command to generate a certificate
cd org3-artifacts/
../../bin/cryptogen generate --config=org3-crypto.yaml --output="../crypto-config"
After completing the execution View ... / crypto-config / peerOrganizations directory can see the new organization certificate directory
2. New org3 definitions to block chain
Before we start the network when the need is to create before starting a founding block and channel configurations, so in order for the block chain know this new organization, configure your organization's need to add to the block configuration in
the configuration file ~ \ first-network \ org3-artifacts \ configtx.yaml
note certificate must correspond to the correct directory org3 certificate directory
Enter the following command at the console to generate first-network directory defined org3
export FABRIC_CFG_PATH=$PWD
bin/configtxgen -printOrg Org3MSP -configPath org3-artifacts > channel-artifacts/org3.json
3. Start org3 relevant node container
Container Configuration ~ / first-network / docker-compose-org3.yaml
Execute the following command to start
docker-compose -f docker-compose-org3.yaml up -d
docker ps -a |grep org3 View the status, start failed, see the log is as follows
Cannot run peer because error when setting up MSP of type bccsp from directory /etc/hyperledger/fabric/msp: could not load a valid signer certificate from directory /etc/hyperledger/fabric/msp/signcerts: stat /etc/hyperledger/fabric/msp/signcerts: no such file or directory
I could not find a certificate from the wrong point of view, it's time to look docker-compose-org3.yaml, directory under org-artifacts, before we are on the first-network / under crypto-config, in order to facilitate the original cli switch environment variable.
I know the wrong change to the correct directory to directory
Delete the wrong container
docker-compose -f docker-compose-org3.yaml rm
Restart
docker-compose -f docker-compose-org3.yaml up -d
Check again the successful launch container status
看到还多启动了一个Org3cli容器,是org3环境变量的cli,可以不起的,不过启动了就启动了
4. 更新通道配置
接下需要将org3添加到通道里面,步骤与上一章差不多。
Org3cli是默认org3配置的cli容器,不用白不用。
进入org3cli docker exec -it Org3cli bash
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CHANNEL_NAME=mychannel
echo $ORDERER_CA && echo $CHANNEL_NAME
4.1 获取配置
将配置切换成org1,因为当前org3不能获取当前通道最新配置
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
输入以下命令获取最新块
peer channel fetch config config_block.pb -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
获取到第8块区块
4.2 修改配置
将pb文件转json
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
将之前org3的配置org3.json添加到config.json
先把之前生成的org3.json放进去Org3cli容器
打开新的控制台,宿主机输入:
docker cp channel-artifacts/org3.json 6b9b3f2a22c4:/opt/gopath/src/github.com/hyperledger/fabric/peer
6b9b3f2a22c4: Org3cli容器id
Org3cli容器:
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json org3.json > modified_config.json
将config.json 跟modified_config.json 转pb编码
configtxlator proto_encode --input config.json --type common.Config --output config.pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
计算两个pb差异
configtxlator compute_update --channel_id mychannel --original config.pb --updated modified_config.pb --output org3_update.pb
将更新的pb解析为json
configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json
现在我们有一个解码后的更新文件org3_update.json,我们需要将其包装在信封消息中。此步骤将使我们返回之前删除的header字段。我们将这个文件命名为org3_update_in_envelope.json:
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json
使用我们正确格式的JSON – org3_update_in_envelope.json我们将configtxlator最后一次使用该工具,并将其转换为Fabric所需的完整protobuf格式。我们将命名我们的最终更新对象org3_update_in_envelope.pb:
configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb
4.3 签名并提交更新配置
添加组织需要目前通道大部分的组织Admin签名,目前Org3cli的环境变量是org1
输入以下命令
peer channel signconfigtx -f org3_update_in_envelope.pb
切换环境为org2执行更新配置,因为update也会为当前组织签名,所以不需要再org2签名
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:9051
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2
更新命令:
peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA
更新成功
5. org3加入通道
切换成org3环境变量
export CORE_PEER_LOCALMSPID=Org3MSP
export CORE_PEER_ADDRESS=peer0.org3.example.com:11051
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp
获取mychannel 0号块创始块
peer channel fetch 0 mychannel.block -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
该命令将创世块返回到名为的文件mychannel.block。现在,我们可以使用此块将org3的节点加入通道。
输入以下命令:
peer channel join -b mychannel.block
通过peer channel list 验证
6. Summary
Dynamic organizations is probably the case, presumably also delete similar organizations insight into the fabric of the configuration principle can be applied to deal with the needs of most of fabric.
