Fabric学习笔记(八) - cli动态添加Org

头像
mumubin
    阅读 8 分钟
    3

    Fabric学习笔记(八) - 动态添加org

    前置条件

    升级fabric至v1.1(因为1.1才支持动态添加org)
    git checkout -b release-1.1

docker pull hyperledger/fabric-baseos:x86_64-0.4.6
docker pull hyperledger/fabric-tools:x86_64-1.1.0-rc1
docker pull hyperledger/fabric-baseimage:x86_64-0.4.6
docker pull hyperledger/fabric-orderer:x86_64-1.1.0-rc1
docker pull hyperledger/fabric-ccenv:x86_64-1.1.0-rc1
docker pull hyperledger/fabric-peer:x86_64-1.1.0-rc1
docker pull hyperledger/fabric-couchdb:x86_64-1.1.0-preview

docker tag hyperledger/fabric-baseimage:x86_64-0.4.6 hyperledger/fabric-baseimage
docker tag hyperledger/fabric-baseos:x86_64-0.4.6      hyperledger/fabric-baseos
docker tag hyperledger/fabric-tools:x86_64-1.1.0-rc1        hyperledger/fabric-tools
docker tag hyperledger/fabric-orderer:x86_64-1.1.0-rc1      hyperledger/fabric-orderer
docker tag hyperledger/fabric-ccenv:x86_64-1.1.0-rc1        hyperledger/fabric-ccenv
docker tag hyperledger/fabric-peer:x86_64-1.1.0-rc1        hyperledger/fabric-peer
docker tag hyperledger/fabric-couchdb:x86_64-1.1.0-preview hyperledger/fabric-couchdb
    修改docker-compose配置文件
    cd /opt/gopath/src/github.com/hyperledger/fabric-samples/first-network

vim docker-compose-cli.yaml

cli:
  container_name: cli
  image: hyperledger/fabric-tools:$IMAGE_TAG
  tty: true
  stdin_open: true
  environment:
    - GOPATH=/opt/gopath
    - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
    #- CORE_LOGGING_LEVEL=INFO
    - CORE_LOGGING_LEVEL=DEBUG
    vim docker-compose-org3.yaml

Org3cli:
  container_name: Org3cli
  image: hyperledger/fabric-tools:$IMAGE_TAG
  tty: true
  stdin_open: true
  environment:
    - GOPATH=/opt/gopath
    - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
    #- CORE_LOGGING_LEVEL=INFO
    - CORE_LOGGING_LEVEL=DEBUG
    生成原有密钥
    ./byfn.sh -m generate
    启动原有网络
    ./byfn.sh -m up

    生成org3的密钥信息(另起terminal)

    cd /opt/gopath/src/github.com/hyperledger/fabric-samples/first-network/org3-artifacts
    查看org3-crypto.yaml内容
    PeerOrgs:
  # ---------------------------------------------------------------------------
  # Org3
  # ---------------------------------------------------------------------------
  - Name: Org3
    Domain: org3.example.com
    EnableNodeOUs: true
    Template:
      Count: 2
    Users:
      Count: 1
    生成密钥
    ../../bin/cryptogen generate --config=./org3-crypto.yaml

    PS.如果提示cryptogen找不到,则先执行下面的命令

    curl -sSL https://goo.gl/6wtTN5 | bash -s 1.1.0-rc1
    生成org3的配置文件
    export FABRIC_CFG_PATH=$PWD && ../../bin/configtxgen -printOrg Org3MSP > ../channel-artifacts/org3.json
    将原有网络密钥拷贝至org3-artifacts/crypto-config/里
    cd ../ && cp -r crypto-config/ordererOrganizations org3-artifacts/crypto-config/

    此命令根据之前的密钥文件生成json的,如果没生成会报以下错误

    2018-03-05 14:30:36.084 CST [common/tools/configtxgen] main -> INFO 001 Loading configuration
2018-03-05 14:30:36.086 CST [common/tools/configtxgen] main -> CRIT 002 Error on printOrg: bad org definition for org Org3MSP: 1 - Error loading MSP configuration for org: Org3MSP: could not load a valid ca certificate from directory /opt/gopath/src/github.com/hyperledger/fabric-samples/first-network/org3-artifacts/crypto-config/peerOrganizations/org3.example.com/msp/cacerts: stat /opt/gopath/src/github.com/hyperledger/fabric-samples/first-network/org3-artifacts/crypto-config/peerOrganizations/org3.example.com/msp/cacerts: no such file or directory

    升级原有网络的配置文件

    升级过程需要使用一个配置文件翻译工具configtxlator,将配置文件protobufs翻译为人类可读的json,这个工具提供了一个与sdk无关的REST API.在cli里可以获取到它.另外,这个工具可以计算生成出两个channel配置文件的差别,并生成出配置文件升级交易

    进入cli(另开terminal)
    docker exec -it cli bash
    cli中安装jq
    apt update && apt install -y jq

    如果你跟我一样,docker中无法下,则请回宿主机协作搞定

    //宿主机
wget https://github.com/stedolan/jq/releases/download/jq-1.5/jq-1.5.tar.gz
tar -xvf jq-1.5.tar.gz
docker cp /root/jq-1.5 cli:/opt/gopath/src/github.com/hyperledger/fabric/peer
//回cli
cd jq-1.5/ && ./configure && make && sudo make install
    配置环境变量
    export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem  && export CHANNEL_NAME=mychannel

    P.S. 任何重启cli的行为都请重新配置环境变量

    获取channel的配置文件
    peer channel fetch config config_block.pb -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
    解码配置文件
    configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
    原有网络的配置文件config.json作为我们配置升级的基准,值得仔细研读
    原有的配置文添加org3的配置

    利用jq工具生成含有3个orgs的配置文件modified_config.json

    jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json
    将config.json转换为protobufs
    configtxlator proto_encode --input config.json --type common.Config --output config.pb
    modified_config.json转换为protobufs
    configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
    根据config.pb和modified_config.pb计算出升级的org3_update.pb
    configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output org3_update.pb
    解码org3_update.pb -> json
    configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json
    生成配置升级的json并转换为protobufs
    echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json
    configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb

    操纵网络并添加org3

    现在我们有个升级交易的pb文件,现在需要必要的Admin用户签名才能真正应用升级,因为现有网络的修改策略为MAJORITY,所以必须网络中一半以上的节点同意才能升级.

    org1提交升级配置的交易
    peer channel signconfigtx -f org3_update_in_envelope.pb
    切换至org2
    export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
    peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA
    升级日志查看
    docker logs -f peer0.org1.example.com

    org3加入Channel

    启动org3的docker集群
    docker-compose -f docker-compose-org3.yaml up -d
    进入Org3cli
    docker exec -it Org3cli bash
    添加环境变量
    export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem && export CHANNEL_NAME=mychannel
    获取channel的创世区块,测试org3是否成功加入网络
    peer channel fetch 0 mychannel.block -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
    加入Channel
    peer channel join -b mychannel.block
    peer1加入Channel
    export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt && export CORE_PEER_ADDRESS=peer1.org3.example.com:7051

peer channel join -b mychannel.block

    升级Chaincode

    为了使org3真正有用,需要升级chaincodeh和背书策略

    org3CLi里升级chaincode
    peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/

    只有作为背书节点和数据库账本交互的peer需要安装chaincode.没有chaincode容器的peer同样会执行校验逻辑作为提交节点.

    org2里升级chaincode
    peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/
    org1里升级chaincode
    export CORE_PEER_LOCALMSPID="Org1MSP"

export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp

export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/
    升级背书策略
    peer chaincode upgrade -o orderer.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -v 2.0 -c '{"Args":["init","a","90","b","210"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer','Org3MSP.peer')"
    org3cli执行查询(检验升级是否成功)
    peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
    Query Result: 90
    org3cli执行转账交易
    peer chaincode invoke -o orderer.example.com:7050  --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","10"]}'
    检查结果
    Query Result: 80

    参考文献

    fabric
    mumubin
    375 声望185 粉丝
    « 上一篇
    Fabric学习笔记(七) - fabric-sdk-java End2endIT运行
    下一篇 »
    Mysql on delete cascade 总结

    引用和评论

    推荐阅读
    头像
    rpm打包-简单复制.md

    mumubin1阅读 2.6k

    0 条评论
    得票最新