HyperledgerFarbic1.4-添加新的組織
一、概述
在fabric中 org不能獨立存在 它附屬於一個聯盟。也就是必須添加一個channel
添加org 就需要修改對應的channel 的配置文件,把要增加的org的配置先增加到channel中,然後通過docekr-compose文件 啓動一個org節點 鏈接到聯盟網絡中
二、 first-network提供eyfn.sh腳本來快速的添加org3到 網絡中
查看eyfn.sh,在腳本的最後 可以看到腳本提供的功能
#Create the network using docker compose
if [ "${MODE}" == "up" ]; then
networkUp # 這個功能會直接將org3 添加到網絡中
elif [ "${MODE}" == "down" ]; then ## Clear the network
networkDown # 這個功能會清理網絡
elif [ "${MODE}" == "generate" ]; then ## Generate Artifacts
generateCerts # 生成org3對應的證書
generateChannelArtifacts # 生成Channel 配置 transaction信息
createConfigTx # 創建org3添加到fabric網絡中需要的配置信息
elif [ "${MODE}" == "restart" ]; then ## Restart the network
networkDown
networkUp
else
printHelp
exit 1
fi
其中關鍵的處理流程在
generateCerts
generateChannelArtifacts
createConfigTx
這三個方法
可以 跟進這三個方法的具體實現來查看腳本
三、 手動將org3 添加到網絡中
進入到 ~/fabric-samples/first-network/org3-artifacts目錄中
3.1 生成證書
cryptogen generate --config=./org3-crypto.yaml
證書生成後會在org3-artifacts目錄中出現
3.2生成org3的json字符串
這一步是需要configtx.yml來描述org3的配置信息的 這個配置文件就在FABRIC_CFG_PATH指定的目錄下放着。命令會在這個目錄下找到配置文件。
export FABRIC_CFG_PATH=$PWD && configtxgen -printOrg Org3MSP > ../channel-artifacts/org3.json
生成後的json文件在目錄
~/fabric-samples/first-network/channel-artifacts下
3.3 拷貝orderer
證書到org3目錄下
cd ../ && cp -r crypto-config/ordererOrganizations org3-artifacts/crypto-config/
這些證書 後面要掛載到org3的容器中的
執行完成後 ,在org3-artifacts/crypto-config/目錄下就包含了orderer和org3的證書信息了
3.4 進入容器獲取到mychannel上的配置信息
因爲要獲取 指定channel的配置信息,
所以要 指定ORDERER_CA 證書位置 和 CHANNEL_NAME 通道名稱
docker exec -it cli bash
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CHANNEL_NAME=mychannel
獲取mychannel的配置區塊
# 在目錄/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts下執行
peer channel fetch config mychannle_config_block.pb -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
將mychannle_config_block.pb 轉爲 json數據查看
# 在目錄/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts下執行
configtxlator proto_decode --input mychannle_config_block.pb --type common.Block | jq .data.data[0].payload.data.config > mychannel_config.json
執行完成後 可以看到輸出的json配置文件信息
查看該json文件 可以看到 當前mychannel中 包含有org1 和org2的信息
3.5 將org3加入到mychannel_config.json
# 在目錄/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts下執行
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' ./mychannel_config.json ./org3.json > mychannel_modified_config.json
執行完成後 目錄下增加文件
查看文件 mychannel_modified_config.json
org3 的配置信息已經添加進去了
3.6 將原配置mychannel_config.json和修改後的mychannel_modified_config.json轉爲pb 計算增量
將原始的mychannel_config.json 轉爲 mychannel_config.pb
# 在/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts 下執行
configtxlator proto_encode --input mychannel_config.json --type common.Config --output mychannel_config.pb
將修改後的mychannel_modified_config.json轉爲 mychannel_modified_config.pb
# 在/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts 下執行
configtxlator proto_encode --input mychannel_modified_config.json --type common.Config --output mychannel_modified_config.pb
執行完成後就可以看到生成的pb文件
計算pb之間的增量
# 在/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts 下執行
configtxlator compute_update --channel_id $CHANNEL_NAME --original mychannel_config.pb --updated mychannel_modified_config.pb --output org3_update.pb
執行完成後 生成增量計算結果pb
3.7 增量信息包裝成信封envelope
先將org3_update.pb轉爲json
# 在/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts 下執行
configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json
加入header信息
# 在/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts 下執行
echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json
轉爲pb
# 在/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts 下執行
configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb
執行完成後 成功生成org3_update_in_envelope.pb文件
3.7 網絡中其他的組織簽名
一個新的組織要想要加入到當前的網絡中,必須經過超過50%以上的組織簽名纔行。
所以 org3想要加入網絡 必須是 org1和org2 都簽名纔行
執行evn命令 查看當前用戶身份
env
輸出
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/[email protected]/msp
當前是org1 admin用戶 所以先用org1進行簽名
# 在/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts 下執行
peer channel signconfigtx -f org3_update_in_envelope.pb
org1 簽名完成後 切換到org2進行簽名
# 切換到org2
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:9051
其中的export CORE_PEER_ADDRESS=peer0.org2.example.com:9051 要看自己的docker容器中org2具體的address
# 在/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts 下執行
peer channel signconfigtx -f org3_update_in_envelope.pb
3.7 上傳新的配置信息
網絡內的任意組織機構 可以將簽名後的新配置信息信封 上傳到orderer節點
上傳新配置
# 在/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts 下執行
peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA
輸出結果 提示成功
到這一步 就已經將配置修改完成。可以退出容器了
3.8 編寫org3啓動的docker-compose文件
該文件就在first-network目錄下
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
volumes:
peer0.org3.example.com:
peer1.org3.example.com:
networks:
byfn:
services:
peer0.org3.example.com:
container_name: peer0.org3.example.com
extends:
file: base/peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org3.example.com
- CORE_PEER_ADDRESS=peer0.org3.example.com:11051
- CORE_PEER_LISTENADDRESS=0.0.0.0:11051
- CORE_PEER_CHAINCODEADDRESS=peer0.org3.example.com:11052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org3.example.com:12051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:11051
- CORE_PEER_LOCALMSPID=Org3MSP
volumes:
- /var/run/:/host/var/run/
- ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls
- peer0.org3.example.com:/var/hyperledger/production
ports:
- 11051:11051
networks:
- byfn
peer1.org3.example.com:
container_name: peer1.org3.example.com
extends:
file: base/peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org3.example.com
- CORE_PEER_ADDRESS=peer1.org3.example.com:12051
- CORE_PEER_LISTENADDRESS=0.0.0.0:12051
- CORE_PEER_CHAINCODEADDRESS=peer1.org3.example.com:12052
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:12052
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org3.example.com:11051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org3.example.com:12051
- CORE_PEER_LOCALMSPID=Org3MSP
volumes:
- /var/run/:/host/var/run/
- ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls:/etc/hyperledger/fabric/tls
- peer1.org3.example.com:/var/hyperledger/production
ports:
- 12051:12051
networks:
- byfn
Org3cli:
container_name: Org3cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=INFO
#- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=Org3cli
- CORE_PEER_ADDRESS=peer0.org3.example.com:11051
- CORE_PEER_LOCALMSPID=Org3MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/[email protected]/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./org3-artifacts/crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./crypto-config/peerOrganizations/org1.example.com:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com
- ./crypto-config/peerOrganizations/org2.example.com:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
depends_on:
- peer0.org3.example.com
- peer1.org3.example.com
networks:
- byfn
3.9 使用org3的docker-compose文件啓動容器
# 在目錄~/fabric-samples/first-network下使用啓動命令
docker-compose -f docker-compose-org3.yaml up -d
出現三個容器啓動完成的提示
此時的docker ps列表中也有了三個容器的信息
3.10 org3 同步區塊信息
進入到org3的cli容器中
docker exec -it Org3cli bash
配置orderer-ca證書位置 和定義當前channalName
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem && export CHANNEL_NAME=mychannel
獲取創世區塊 同步區塊信息
peer channel fetch 0 mychannel.block -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
查看當前的peer 加入的 channel list
peer channel list
輸出:
INFO 001 Endorser and orderer connections initialized
Channels peers has joined:
當前的peer加入到mychannel中
peer channel join -b mychannel.block
再次是有channel list 命令查看
輸出
Channels peers has joined:
mychannel
說明當前的peer已經成功的加入到了mychannel中
通過env命令輸出的
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
CORE_PEER_ADDRESS=peer0.org3.example.com:11051
可以得知 現在peer0已經加入進去了
切換到peer1將peer1加入到網絡中
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt
export CORE_PEER_ADDRESS=peer1.org3.example.com:12051
加入到mychannel
peer channel join -b mychannel.block
查看現在區塊信息
peer channel getinfo -c $CHANNEL_NAME
輸出
Blockchain info: {"height":6,"currentBlockHash":"sJfCtkl4/8J6iyWk6o86CDWz/8cgxc3j+Y5wL26Zsl4=","previousBlockHash":"5ZHwPYl/y5cz2vj6bzCXp6XN5pc3zyUSJPSNljcrXmE="}
說明區塊信息已經同步完成