hyperledger fabric 测试（三） 1.13 加入新的组织

搭建好的环境已经可以正常运行多组织多节点的fabric，在已经正常运行的通道中加入新的组织，步骤如下：

1.如果要手动执行，首先在docker-compose-org3.yaml中增加org3,同时在cli和org3中设置手动执行变量CORE_LOGGING_LEVEL为DEBUG，隐藏原来设置。增加的org3为：

version: '2'

 

volumes:

  peer0.org3.example.com:

  peer1.org3.example.com:

 

networks:

  byfn:

 

services:

 

  peer0.org3.example.com:

    container_name: peer0.org3.example.com

    extends:

      file: base/peer-base.yaml

      service: peer-base

    environment:

      - CORE_PEER_ID=peer0.org3.example.com

      - CORE_PEER_ADDRESS=peer0.org3.example.com:7051

      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:7051

      - CORE_PEER_LOCALMSPID=Org3MSP

    volumes:

        - /var/run/:/host/var/run/

        - ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp

        - ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls

        - peer0.org3.example.com:/var/hyperledger/production

    ports:

      - 11051:7051

      - 11053:7053

    networks:

      - byfn

 

  peer1.org3.example.com:

    container_name: peer1.org3.example.com

    extends:

      file: base/peer-base.yaml

      service: peer-base

    environment:

      - CORE_PEER_ID=peer1.org3.example.com

      - CORE_PEER_ADDRESS=peer1.org3.example.com:7051

      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org3.example.com:7051

      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org3.example.com:7051

      - CORE_PEER_LOCALMSPID=Org3MSP

    volumes:

        - /var/run/:/host/var/run/

        - ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/msp:/etc/hyperledger/fabric/msp

        - ./org3-artifacts/crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls:/etc/hyperledger/fabric/tls

        - peer1.org3.example.com:/var/hyperledger/production

    ports:

      - 12051:7051

      - 12053:7053

    networks:

      - byfn

 

 

  Org3cli:

    container_name: Org3cli

    image: hyperledger/fabric-tools:$IMAGE_TAG

    tty: true

    stdin_open: true

    environment:

      - GOPATH=/opt/gopath

      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock

      #- CORE_LOGGING_LEVEL=INFO

      - CORE_LOGGING_LEVEL=DEBUG

      - CORE_PEER_ID=Org3cli

      - CORE_PEER_ADDRESS=peer0.org3.example.com:7051

      - CORE_PEER_LOCALMSPID=Org3MSP

      - CORE_PEER_TLS_ENABLED=true

      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt

      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key

      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt

      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp

    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer

    command: /bin/bash

    volumes:

        - /var/run/:/host/var/run/

        - ./../chaincode/:/opt/gopath/src/github.com/chaincode

        - ./org3-artifacts/crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/

        - ./crypto-config/peerOrganizations/org1.example.com:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com

        - ./crypto-config/peerOrganizations/org2.example.com:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com

        - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/

    depends_on:

      - peer0.org3.example.com

      - peer1.org3.example.com

    networks:

      - byfn

2.新建文件configtx.yaml和 org3-crypto.yaml，前一个规定了org3的锚节点和msp等信息，后一个规定了基本结构生成org3的密匙证书等。

configtx.yaml文件

---

Organizations:

    - &Org3

        # DefaultOrg defines the organization which is used in the sampleconfig

        # of the fabric.git development environment

        Name: Org3MSP

 

        # ID to load the MSP definition as

        ID: Org3MSP

 

        MSPDir: crypto-config/peerOrganizations/org3.example.com/msp

 

        AnchorPeers:

            # AnchorPeers defines the location of peers which can be used

            # for cross org gossip communication.  Note, this value is only

            # encoded in the genesis block in the Application section context

            - Host: peer0.org3.example.com

              Port: 7051

org3-crypto.yaml文件

PeerOrgs:

  # ---------------------------------------------------------------------------

  # Org3

  # ---------------------------------------------------------------------------

  - Name: Org3

    Domain: org3.example.com

    EnableNodeOUs: true

    Template:

      Count: 2

    Users:

      Count: 1

3.生成密匙和证书等材料命令：../../bin/cryptogen generate --config=./org3-crypto.yaml

 创建json文件，包含策略连接信息命令：export FABRIC_CFG_PATH=$PWD && ../../bin/configtxgen -printOrg Org3MSP > ../channel-artifacts/org3.json

拷贝排序Org的MSP材料到Org3的 crypto-config 目录下：cd ../ && cp -r crypto-config/ordererOrganizations org3-artifacts/crypto-config/

进入cli环境，默认org1为管理员环境：docker exec -it cli bash

安装解析json文件的jq：apt update && apt install -y jq

设置根证书和通道名称的环境变量：export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem  && export CHANNEL_NAME=mychannel

检查环境变量准确性：echo $ORDERER_CA && echo $CHANNEL_NAME

以二进制protobuf格式拉取最新的通道配置文件：peer channel fetch config config_block.pb -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA

去除无关数据，将二进制文件转化为可读可修改的json文件：configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json

4.生成包括org3的json文件：jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json

生成原有的二进制通道配置文件：configtxlator proto_encode --input config.json --type common.Config --output config.pb

生成包含org3的通道配置文件：configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb

计算两个pb文件的差异，得出更新的pb配置文件：configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output org3_update.pb

将pb更新文件转化为json文件：configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json

使用信封消息来包装文件，即添加元数据的删除的数据：echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json

最后转化为完整的pb格式文件：configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb

5.使用org1管理员身份进行签名：peer channel signconfigtx -f org3_update_in_envelope.pb  //默认环境变量为org1，使用的配置策略为and，所以需要两者签名。

更改环境变量到org2：export  CORE_PEER_LOCALMSPID="Org2MSP"

export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt

export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp

export  CORE_PEER_ADDRESS=peer0.org2.example.com:7051

使用org2进行签名并提交：peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA

查看 peer0.org1.example.com 的日志：docker logs -f peer0.org1.example.com

6.生成org3 cli和org3 peer节点容器：docker-compose -f docker-compose-org3.yaml up -d

启动cli 容器，进入默认的org3 peer0节点容器：docker exec -it Org3cli bash

设置名称和通道排序服务根证书的环境变量：export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem && export CHANNEL_NAME=mychannel

检查环境变量的设置：echo  $ORDERER_CA && echo $CHANNEL_NAME

检索0号区块，检查是否将org3成功加入通道：peer channel fetch 0 mychannel.block -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA

指定0号区块为初始区块：peer channel join -b mychannel.block

设置节点2的环境变量：export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt && export CORE_PEER_ADDRESS=peer1.org3.example.com:7051

节点2加入0号区块：peer channel join -b mychannel.block

Org3 peer1安装链码：peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/

Org3 peer0安装链码需要修改环境变量：export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt && export CORE_PEER_ADDRESS=peer0.org3.example.com:7051

Org3 peer0安装链码：peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/

进入org2环境：export CORE_PEER_LOCALMSPID="Org2MSP"

export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt

export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp

export CORE_PEER_ADDRESS=peer0.org2.example.com:7051

Org2安装链码：peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/

Org1环境变量：

export CORE_PEER_LOCALMSPID="Org1MSP"

export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp

export CORE_PEER_ADDRESS=peer0.org1.example.com:7051

Org1安装链码：peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/

将org3加入策略：peer chaincode upgrade -o orderer.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -v 2.0 -c '{"Args":["init","a","90","b","210"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer','Org3MSP.peer')"

7.Org3环境变量：export CORE_PEER_LOCALMSPID="Org3MSP"

export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt

export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp

export CORE_PEER_ADDRESS=peer0.org3.example.com:7051

查询a的值：peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'

从a转移10到b：peer chaincode invoke -o orderer.example.com:7050  --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","10"]}'

查询a的值：peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'

遇到的错误：没有找见org3 msp文件：将/home/ubuntu/go/src/github.com/hyperledger/fabric/scripts/fabric-samples/first-network/crypto-config/peerOrganizations/org3.example.com 文件复制 /crypto/peerorg/下

遇见环境变量步骤错误等原因，将链码版本更新在安装。