Fabric 网络动态添加组织

1.环境准备

如果存在fabric网络环境可不执行，若不存在可以安装下列进行准备

• 下载fabric-sample，fabric

https://github.com/hyperledger/fabric-samples.git
https://github.com/hyperledger/fabric-samples.git

• 构建fabric镜像

cd fabric
make all

• 创建fabric网络

cd fabric-sample/first-network
./byfn.sh up

2.org3配置文件准备

• org3configtx.yaml

Organizations:
- &Org3
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org3MSP

# ID to load the MSP definition as
ID: Org3MSP

MSPDir: crypto-config/peerOrganizations/org3.example.com/msp

AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication.  Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org3.example.com
Port: 7051

• org3crypto.yaml

PeerOrgs:
# ---------------------------------------------------------------------------
# Org3
# ---------------------------------------------------------------------------
- Name: Org3
Domain: org3.example.com
EnableNodeOUs: true
Template:
Count: 2
Users:
Count: 1

3.生成配置文件

• 生成证书文件

../../bin/cryptogen generate --config=./org3-crypto.yaml

Eggsy:org3-artifacts eggsy$ tree crypto-config/ -L 4
crypto-config/
└── peerOrganizations
└── org3.example.com
├── ca
│   ├── 9854e971baa1c6e918365e3c320850c759b446a98d991804d1d3eec157bf37c8_sk
│   └── ca.org3.example.com-cert.pem
├── msp
│   ├── admincerts
│   ├── cacerts
│   ├── config.yaml
│   └── tlscacerts
├── peers
│   ├── peer0.org3.example.com
│   └── peer1.org3.example.com
├── tlsca
│   ├── 657d29b05f08772be7fc354dc79c34e5b2f4a4c455dda10342f66692a7a83ff7_sk
│   └── tlsca.org3.example.com-cert.pem
└── users
├── Admin@org3.example.com
└── User1@org3.example.com

• 生成组织配置信息

export FABRIC_CFG_PATH=$PWD && ../../bin/configtxgen -printOrg Org3MSP > ../channel-artifacts/org3.json

此文件包含Org3的策略定义，以及以base 64格式呈现的三个重要证书：管理员用户证书（稍后将充当Org3的管理员），CA根证书和TLS根目录证书。

4.修改mychannel最新配置块

• 获取最新的配置块

peer channel fetch config config_block.pb -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA

2019-07-17 06:48:28.073 UTC [cli.common] readBlock -> INFO 002 Received block: 4
2019-07-17 06:48:28.075 UTC [cli.common] readBlock -> INFO 003 Received block: 2

# 将config转换成json格式
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json

• 将org3配置加入配置块

jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json

• 计算配置块增量更新

# 将config.json转换为config.pb
configtxlator proto_encode --input config.json --type common.Config --output config.pb
# 将modified_config.json转换为modified_config.pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
# 计算增量
configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output org3_update.pb
# 转换成json格式
configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json

• 构建envelope message

echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json
configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb

• 签名及更新

However, we need signatures from the requisite Admin users before the config can be written to the ledger. The modification policy (mod_policy) for our channel Application group is set to the default of “MAJORITY”, which means that we need a majority of existing org admins to sign it.

peer channel signconfigtx -f org3_update_in_envelope.pb
peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA

5. 启动org3及加入通道

docker-compose -f docker-compose-org3.yaml up -d
docker exec -it Org3cli bash
peer channel fetch 0 mychannel.block -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
peer channel join -b mychannel.block