022. Fabric動態添加組織流程

022 Fabric動態添加組織流程

主要流程

爲Channel動態新增Org的流程如下：

1. 爲新的組織生成證書

2. 爲新的組織生成配置文件

3. 生成和提交組織的配置
   3.1 peer channel fetch config 獲取當前通道信息,生成增量包
   3.2 peer channel signconfigtx 爲配置交易簽名,需要網絡中MAJORITY的組織都簽名
   3.3 peer channel update 提交簽名後的配置交易至orderer

4. 將新的組織添加入channel
   4.1 啓動新組織集羣
   4.2 peer channel join 將新的組織下的peer加入channel

5. 升級chaincode和背書策略
   5.1 peer chaincode install 爲新的組織的peer安裝chaincode
   5.2 peer chaincode install 爲原來的組織的peer升級chaincode
   5.3 peer chaincode upgrade 升級背書策略

6. 測試
   6.1 peer chaincode query
   6.2 peer chaincode invoke

   signconfigtx 用於收集簽名,原有組織對新加組織的增量包進行簽名,然後提交到orderer進行
   進行更新,只有被通道內組織內認可的新增組織才能加入通道。
   signconfigtx 支持fabric以及以上版本支持。

下面開始流程：

1. 重新生成證書文件

新建一個證書配置文件,命名爲cryto-config-org3.yaml

PeerOrgs:
  - Name: Org3
    Domain: org3.example.com
    Template:
      Count: 2
    Users:
      Count: 1

2. 獲取新增組織證書

./../bin/cryptogen generate --config=./crypto-config-org3.yaml

在configtx.yaml配置文件中新增創建通道的組織信息,新增的組織在Organizations中聲明，
這裏只增加了一個Org3

Organizations:
    - &Org3
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: Org3MSP
        # ID to load the MSP definition as
        ID: Org3MSP
        MSPDir: crypto-config/peerOrganizations/org3.example.com/msp
        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.org3.example.com
              Port: 7051

對於新增通道,通道文件創建依賴於profiles,根據自己需要不同的組織

Profiles:
    TwoOrgsOrdererGenesis:
        Capabilities:
            <<: *ChannelCapabilities
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
            Capabilities:
                <<: *OrdererCapabilities
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
                    - *Org2
    TwoOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
            Capabilities:
                <<: *ApplicationCapabilities
    NewOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
                - *Org3
            Capabilities:
                <<: *ApplicationCapabilities
    OneOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org3
            Capabilities:
                <<: *ApplicationCapabilities

3. 獲取通道更新增量包

根據新增組織獲取組織信息，注意Org3Msp必須與你在configtx.yaml中新增組織名稱一致

./../bin/configtxgen -printOrg Org3MSP -profile ./configtx.yaml > channel-artifacts/org3.json 

進入cli容器,拉去通道二進制文件並且轉換爲json格式

export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel fetch config mychannel.pb -o orderer.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA
configtxlator proto_decode --input mychannel.pb --type common.Block | jq .data.data[0].payload.data.config > mychannel.json

將之前獲取的新增組織信息加到通道信息json文件

jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' mychannel.json ./channel-artifacts/org3.json > mychannel_config.json

把更新前後的而文件打包成二進制文件

configtxlator proto_encode --input mychannel.json --type common.Config > original_mychannel.pb
configtxlator proto_encode --input mychannel_config.json --type common.Config > modified_mychannel.pb

獲取增量包並且補全,轉換成二進制文件

configtxlator compute_update --channel_id mychannel --original original_mychannel.pb --updated modified_mychannel.pb > mychannel_update.pb
configtxlator proto_decode --input mychannel_update.pb  --type common.ConfigUpdate > mychannel_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat mychannel_update.json)'}}}' | jq . > mychannel_update_envelope.json
configtxlator proto_encode --input mychannel_update_envelope.json --type common.Envelope > mychannel_update_Org_envelope.pb

原有組織對新加組織進行簽名已經簽名並且已經獲取認可

export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
peer channel signconfigtx -f org3_update_in_envelope.pb
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
peer channel signconfigtx -f org3_update_in_envelope.pb

獲取簽名之後通知orderer更新通道信息

peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer.example.com:7050 --tls --cafile $ORDERER_CA

4. 加入通道

切換到org3的節點上然後執行 peer channel join

export CORE_PEER_LOCALMSPID="Org3MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org3.example.com:7051
peer channel joib -b mychannel.block

5. 更新鏈碼

在新增org的節點上安裝鏈碼,版本號爲2.0

export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org3.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/

切換到原有的org分別更新鏈碼,版本號必須對應

切換到環境變量
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go


export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go

6. 更新背書策略

在原來的組織策略上增加新組織

peer chaincode upgrade -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA -C mychannel -n mycc -v 2.0 -c '{"Args":["a","90","b","210"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer','Org3MSP.peer')"

7. 測試

peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
peer chaincode invoke -o orderer.example.com:7050  --tls true --cafile $ORDERER_CA -C mychannel -n mycc -c '{"Args":["invoke","a","b","10"]}'

通過查詢以及轉賬功能測試鏈碼是否正常工作