fabric 新增组织
生成 org3 的组织 generateOrg3
启动 org3 的 fabric-ca
cd /home/fabric/fabric/fabric-samples/test-network/addOrg3
IMAGE_TAG=latest docker-compose -f docker/docker-compose-ca-org3.yaml up -d 2>&1
docker-compose 文件 ```version: ‘2’ services:
ca_org3: image: hyperledger/fabric-ca:$IMAGE_TAG environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server - FABRIC_CA_SERVER_CA_NAME=ca-org3 - FABRIC_CA_SERVER_TLS_ENABLED=true - FABRIC_CA_SERVER_PORT=11054 ports: - “11054:11054” command: sh -c ‘fabric-ca-server start -b admin:adminpw -d’ volumes: - ../fabric-ca/org3:/etc/hyperledger/fabric-ca-server container_name: ca_org3
执行后将在 fabric-ca/org3 下生成若干的证书文件与密钥文件
### register enroll
执行脚本`fabric-ca/registerEnroll.sh
PWD=~/fabric/fabric-samples/test-network/addOrg3
```shell
. ./fabric-ca/registerEnroll.sh
登记 admin 用户
mkdir -p ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/
fabric-ca-client enroll -u https://admin:adminpw@localhost:11054 --caname ca-org3 --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
echo 'NodeOUs:
Enable: true
ClientOUIdentifier:
Certificate: cacerts/localhost-11054-ca-org3.pem
OrganizationalUnitIdentifier: client
PeerOUIdentifier:
Certificate: cacerts/localhost-11054-ca-org3.pem
OrganizationalUnitIdentifier: peer
AdminOUIdentifier:
Certificate: cacerts/localhost-11054-ca-org3.pem
OrganizationalUnitIdentifier: admin
OrdererOUIdentifier:
Certificate: cacerts/localhost-11054-ca-org3.pem
OrganizationalUnitIdentifier: orderer' > ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml
登记 peer0 用户
fabric-ca-client register --caname ca-org3 --id.name peer0 --id.secret peer0pw --id.type peer --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
登记 user 用户
fabric-ca-client register --caname ca-org3 --id.name user1 --id.secret user1pw --id.type client --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
登记 org3 admin
fabric-ca-client register --caname ca-org3 --id.name org3admin --id.secret org3adminpw --id.type admin --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
生成 peer0 msp
mkdir -p ../organizations/peerOrganizations/org3.example.com/peers
mkdir -p ../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp --csr.hosts peer0.org3.example.com --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
生成 peer0-tls 证书
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/config.yaml
fabric-ca-client enroll -u https://peer0:peer0pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls --enrollment.profile tls --csr.hosts peer0.org3.example.com --csr.hosts localhost --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/signcerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/keystore/* ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/tlscacerts
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/tlscacerts/ca.crt
mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/tlsca
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
mkdir ${PWD}/../organizations/peerOrganizations/org3.example.com/ca
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/cacerts/* ${PWD}/../organizations/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem
生成 user msp
mkdir -p ../organizations/peerOrganizations/org3.example.com/users
mkdir -p ../organizations/peerOrganizations/org3.example.com/users/User1@org3.example.com
fabric-ca-client enroll -u https://user1:user1pw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/users/User1@org3.example.com/msp --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
生成 org admin msp
mkdir -p ../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com
fabric-ca-client enroll -u https://org3admin:org3adminpw@localhost:11054 --caname ca-org3 -M ${PWD}/../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp --tls.certfiles ${PWD}/fabric-ca/org3/tls-cert.pem
cp ${PWD}/../organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/../organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/config.yaml
生成 org3 的定义文件
FABRIC_CFG_PATH=$PWD configtxgen -printOrg Org3MSP > ../organizations/peerOrganizations/org3.example.com/org3.json
2020-05-20 00:51:47.900 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration
2020-05-20 00:51:47.901 CST [common.tools.configtxgen.localconfig] LoadTopLevel -> INFO 002 Loaded configuration: /home/fabric/fabric/fabric-samples/test-network/addOrg3/configtx.yaml
读取的是配置文件 $FABRIC_CFG_PATH/configtx.yaml
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
---
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
- &Org3
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org3MSP
# ID to load the MSP definition as
ID: Org3MSP
MSPDir: ../organizations/peerOrganizations/org3.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org3MSP.admin', 'Org3MSP.peer', 'Org3MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org3MSP.admin', 'Org3MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org3MSP.admin')"
Endorsement:
Type: Signature
Rule: "OR('Org3MSP.peer')"
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org3.example.com
Port: 11051
启动 org3 的节点
IMAGE_TAG=latest docker-compose -f docker/docker-compose-org3.yaml -f docker/docker-compose-couch-org3.yaml up -d 2>&1
执行渠道相关的命令
分别在 容器 Org3cli 中执行 ./scripts/org3-scripts/step1org3.sh 与 ./scripts/org3-scripts/step2org3.sh
以上两个脚本执行的命令,整理如下。 均在 Org3cli 中执行
获取最新的渠道配置到 config_block.pb
setOrdererGlobals
setGlobals 1
peer channel fetch config config_block.pb -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c mychannel --tls --cafile $ORDERER_CA
解析并转换 config_block.pb 为 json 文件,并输出到 config.json
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config >"config.json"
此时的 config.json 文件里不包含 Org3MSP 相关的配置。
修改配置文件,生成新组织的配置文件 modified_config.json
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./organizations/peerOrganizations/org3.example.com/org3.json > modified_config.json
其中:
- config.json 为当前 channel 的最新配置文件
- org3.josn 为之前创建 org3 组织的时候生成的配置文件
- modified_config.json 为将 org3.json 增加到 config.json 后生成的修改后的配置文件
输入 config.json 与 modified_config.json,产生一个配置更新的 transaction org3_update_in_envelope.pb
# createConfigUpdate ${CHANNEL_NAME} config.json modified_config.json org3_update_in_envelope.pb
# 分别生成原配置 pb、修改后的配置 pb 以及更新修改 pb
configtxlator proto_encode --input "config.json" --type common.Config > original_config.pb
configtxlator proto_encode --input "modified_config.json" --type common.Config > modified_config.pb
configtxlator compute_update --channel_id "mychannel" --original original_config.pb --updated modified_config.pb >config_update.pb
# 从 config_update.pb 中解码出 config_update.json
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate >config_update.json
# 封装 json 到 config_update_in_envelope.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'mychannel'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
# 从 config_update_in_envelope.json 编码出 org3_update_in_envelope.pb
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope >"org3_update_in_envelope.pb"
sign config transaction
setGlobals 1
peer channel signconfigtx -f "org3_update_in_envelope.pb"
从另一个组织进行更新
setGlobals 2
peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile ${ORDERER_CA}
从 orderer 获取最新配置
peer channel fetch 0 mychannel.block -o orderer.nd.com.cn:7050 --ordererTLSHostnameOverride orderer.nd.com.cn -c mychannel --tls --cafile $ORDERER_CA >&log.txt
将 Org3 的节点加入渠道
setGlobals 3
peer channel join -b mychannel.block >& log.txt
新增组织下的节点
准备证书等文件
从 orderer 获取最新配置
peer channel fetch 0 mychannel.block -o orderer.nd.com.cn:7050 --ordererTLSHostnameOverride orderer.nd.com.cn -c mychannel --tls --cafile $ORDERER_CA >&log.txt
peer 加入 渠道
setGlobals 3
peer channel join -b mychannel.block >& log.txt
