Fabric 网络动态添加组织
1.环境准备
如果存在fabric网络环境可不执行,若不存在可以安装下列进行准备
- 下载fabric-sample,fabric
https://github.com/hyperledger/fabric-samples.git
https://github.com/hyperledger/fabric-samples.git
- 构建fabric镜像
cd fabric
make all
- 创建fabric网络
cd fabric-sample/first-network
./byfn.sh up
2.org3配置文件准备
- org3configtx.yaml
Organizations:
- &Org3
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org3MSP
# ID to load the MSP definition as
ID: Org3MSP
MSPDir: crypto-config/peerOrganizations/org3.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org3.example.com
Port: 7051
- org3crypto.yaml
PeerOrgs:
# ---------------------------------------------------------------------------
# Org3
# ---------------------------------------------------------------------------
- Name: Org3
Domain: org3.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1
3.生成配置文件
- 生成证书文件
../../bin/cryptogen generate --config=./org3-crypto.yaml
Eggsy:org3-artifacts eggsy$ tree crypto-config/ -L 4
crypto-config/
└── peerOrganizations
└── org3.example.com
├── ca
│ ├── 9854e971baa1c6e918365e3c320850c759b446a98d991804d1d3eec157bf37c8_sk
│ └── ca.org3.example.com-cert.pem
├── msp
│ ├── admincerts
│ ├── cacerts
│ ├── config.yaml
│ └── tlscacerts
├── peers
│ ├── peer0.org3.example.com
│ └── peer1.org3.example.com
├── tlsca
│ ├── 657d29b05f08772be7fc354dc79c34e5b2f4a4c455dda10342f66692a7a83ff7_sk
│ └── tlsca.org3.example.com-cert.pem
└── users
├── Admin@org3.example.com
└── User1@org3.example.com
- 生成组织配置信息
export FABRIC_CFG_PATH=$PWD && ../../bin/configtxgen -printOrg Org3MSP > ../channel-artifacts/org3.json
此文件包含Org3的策略定义,以及以base 64格式呈现的三个重要证书:管理员用户证书(稍后将充当Org3的管理员),CA根证书和TLS根目录证书。
4.修改mychannel最新配置块
- 获取最新的配置块
peer channel fetch config config_block.pb -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
2019-07-17 06:48:28.073 UTC [cli.common] readBlock -> INFO 002 Received block: 4
2019-07-17 06:48:28.075 UTC [cli.common] readBlock -> INFO 003 Received block: 2
# 将config转换成json格式
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
- 将org3配置加入配置块
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json
- 计算配置块增量更新
# 将config.json转换为config.pb
configtxlator proto_encode --input config.json --type common.Config --output config.pb
# 将modified_config.json转换为modified_config.pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
# 计算增量
configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output org3_update.pb
# 转换成json格式
configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json
- 构建envelope message
echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json
configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb
- 签名及更新
However, we need signatures from the requisite Admin users before the config can be written to the ledger. The modification policy (mod_policy) for our channel Application group is set to the default of “MAJORITY”, which means that we need a majority of existing org admins to sign it.
peer channel signconfigtx -f org3_update_in_envelope.pb
peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA
5. 启动org3及加入通道
docker-compose -f docker-compose-org3.yaml up -d
docker exec -it Org3cli bash
peer channel fetch 0 mychannel.block -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
peer channel join -b mychannel.block