022 Fabric動態添加組織流程
主要流程
爲Channel動態新增Org的流程如下:
-
爲新的組織生成證書
-
爲新的組織生成配置文件
-
生成和提交組織的配置
3.1 peer channel fetch config 獲取當前通道信息,生成增量包
3.2 peer channel signconfigtx 爲配置交易簽名,需要網絡中MAJORITY的組織都簽名
3.3 peer channel update 提交簽名後的配置交易至orderer -
將新的組織添加入channel
4.1 啓動新組織集羣
4.2 peer channel join 將新的組織下的peer加入channel -
升級chaincode和背書策略
5.1 peer chaincode install 爲新的組織的peer安裝chaincode
5.2 peer chaincode install 爲原來的組織的peer升級chaincode
5.3 peer chaincode upgrade 升級背書策略 -
測試
6.1 peer chaincode query
6.2 peer chaincode invokesignconfigtx 用於收集簽名,原有組織對新加組織的增量包進行簽名,然後提交到orderer進行
進行更新,只有被通道內組織內認可的新增組織才能加入通道。
signconfigtx 支持fabric以及以上版本支持。
下面開始流程:
1. 重新生成證書文件
新建一個證書配置文件,命名爲cryto-config-org3.yaml
PeerOrgs:
- Name: Org3
Domain: org3.example.com
Template:
Count: 2
Users:
Count: 1
2. 獲取新增組織證書
./../bin/cryptogen generate --config=./crypto-config-org3.yaml
在configtx.yaml配置文件中新增創建通道的組織信息,新增的組織在Organizations中聲明,
這裏只增加了一個Org3
Organizations:
- &Org3
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org3MSP
# ID to load the MSP definition as
ID: Org3MSP
MSPDir: crypto-config/peerOrganizations/org3.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org3.example.com
Port: 7051
對於新增通道,通道文件創建依賴於profiles,根據自己需要不同的組織
Profiles:
TwoOrgsOrdererGenesis:
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
NewOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
- *Org3
Capabilities:
<<: *ApplicationCapabilities
OneOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org3
Capabilities:
<<: *ApplicationCapabilities
3. 獲取通道更新增量包
根據新增組織獲取組織信息,注意Org3Msp必須與你在configtx.yaml中新增組織名稱一致
./../bin/configtxgen -printOrg Org3MSP -profile ./configtx.yaml > channel-artifacts/org3.json
進入cli容器,拉去通道二進制文件並且轉換爲json格式
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peer channel fetch config mychannel.pb -o orderer.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA
configtxlator proto_decode --input mychannel.pb --type common.Block | jq .data.data[0].payload.data.config > mychannel.json
將之前獲取的新增組織信息加到通道信息json文件
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' mychannel.json ./channel-artifacts/org3.json > mychannel_config.json
把更新前後的而文件打包成二進制文件
configtxlator proto_encode --input mychannel.json --type common.Config > original_mychannel.pb
configtxlator proto_encode --input mychannel_config.json --type common.Config > modified_mychannel.pb
獲取增量包並且補全,轉換成二進制文件
configtxlator compute_update --channel_id mychannel --original original_mychannel.pb --updated modified_mychannel.pb > mychannel_update.pb
configtxlator proto_decode --input mychannel_update.pb --type common.ConfigUpdate > mychannel_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat mychannel_update.json)'}}}' | jq . > mychannel_update_envelope.json
configtxlator proto_encode --input mychannel_update_envelope.json --type common.Envelope > mychannel_update_Org_envelope.pb
原有組織對新加組織進行簽名已經簽名並且已經獲取認可
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
peer channel signconfigtx -f org3_update_in_envelope.pb
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
peer channel signconfigtx -f org3_update_in_envelope.pb
獲取簽名之後通知orderer更新通道信息
peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer.example.com:7050 --tls --cafile $ORDERER_CA
4. 加入通道
切換到org3的節點上然後執行 peer channel join
export CORE_PEER_LOCALMSPID="Org3MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org3.example.com:7051
peer channel joib -b mychannel.block
5. 更新鏈碼
在新增org的節點上安裝鏈碼,版本號爲2.0
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org3.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/
切換到原有的org分別更新鏈碼,版本號必須對應
切換到環境變量
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go
6. 更新背書策略
在原來的組織策略上增加新組織
peer chaincode upgrade -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA -C mychannel -n mycc -v 2.0 -c '{"Args":["a","90","b","210"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer','Org3MSP.peer')"
7. 測試
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA -C mychannel -n mycc -c '{"Args":["invoke","a","b","10"]}'
通過查詢以及轉賬功能測試鏈碼是否正常工作