fabric基础设施管理-(三)单机-动态新增组织节点

(一)单机-动态新增组织节点

1.新增组织节点

./addOrg3.sh up

执行成功后,出现如下节点容器:

 

 

 

2.新增节点验证

(1)验证手段

脚本的执行结果

+ peer channel join -b mychannel.block

+ res=0

+ set +x

2021-04-09 03:23:31.832 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

2021-04-09 03:23:32.289 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel

===================== peer0.org3 joined channel 'mychannel' =====================

 

========= Finished adding Org3 to your test network! =========

节点容器的日志

 

2021-04-09 03:23:32.739 UTC [gossip.gossip] learnAnchorPeers -> INFO 041 Learning about the configured anchor peers of Org1MSP for channel mychannel: [{peer0.org1.example.com 7051}]

2021-04-09 03:23:32.739 UTC [committer.txvalidator] Validate -> INFO 042 [mychannel] Validated block [3] in 7ms

2021-04-09 03:23:32.965 UTC [kvledger] CommitLegacy -> INFO 043 [mychannel] Committed block [3] with 1 transaction(s) in 225ms (state_validation=0ms block_and_pvtdata_commit=133ms state_commit=58ms) commitHash=[37be5332b9300ef2e301f0e0e5385a0a729d3fef5c9ea4a7bd4766bb91998a31]

2021-04-09 03:23:37.739 UTC [gossip.channel] reportMembershipChanges -> INFO 044

[[mychannel] Membership view has changed. peers went online:

  [[peer0.org1.example.com:7051 ] [peer0.org2.example.com:9051 ]] ,

 current view:  [[peer0.org1.example.com:7051 ] [peer0.org2.example.com:9051 ]]]

节点容器内获取信息

# peer channel list

2021-04-09 03:26:09.830 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

Channels peers has joined:

mychannel

# peer channel getinfo -c mychannel

2021-04-09 03:26:30.097 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

Blockchain info: {"height":4,"currentBlockHash":"cVDbIwYWcrKShzagotlaVqmxUczKDJZDgck78Cz55HY=","previousBlockHash":"ZZZhL+hrW/RqCga6xYz/liLV38sSUVP1oOVMAhU4ojs="}

 

 

 

 

(2)节点权限

新增组织节点的默认权限有:

获取通道信息

执行命令:

# peer channel getinfo -c mychannel

2021-04-09 03:09:32.648 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

Blockchain info: {"height":4,"currentBlockHash":"+DEKEFjRYOvwabcpLdyHBLEhoRWhCFqZHdkkBef5JSA=","previousBlockHash":"6cVKJMYnPFQo4R7fV048ODfPfdpYBZiE642FZBASNBU="}

 

没有的权限:

获取已安装链码

执行命令:

# peer chaincode list --installed

Error: bad response: 500 - access denied for [getinstalledchaincodes]: Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [The identity is not an admin under this MSP [Org3MSP]: The identity does not contain OU [ADMIN], MSP: [Org3MSP]]

 

3.过程剖析

对日志的剖析,有助于理解新增节点的过程。

Add Org3 to channel 'mychannel' with '10' seconds and CLI delay of '3' seconds and using database 'leveldb'

 

--> 检查身份证书

--> 检查新增机构的身份证书是否生成

/home/john/tg-git/fabric/2-fabric-samples-2.2-codereview/test-network/addOrg3/../../bin/cryptogen

 

##########################################################

##### Generate certificates using cryptogen tool #########

##########################################################

 

##########################################################

############ Create Org3 Identities ######################

##########################################################

 

生成机构3身份文件

+ cryptogen generate --config=org3-crypto.yaml --output=../organizations

org3.example.com

+ res=0

+ set +x

 

Generate CCP files for Org3

/home/john/tg-git/fabric/2-fabric-samples-2.2-codereview/test-network/addOrg3/../../bin/configtxgen

##########################################################

#######  Generating Org3 organization definition #########

##########################################################

 

打印机构3的信息

+ configtxgen -printOrg Org3MSP

2021-04-02 16:22:16.619 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration

2021-04-02 16:22:16.621 CST [common.tools.configtxgen.localconfig] LoadTopLevel -> INFO 002 Loaded configuration: /home/john/tg-git/fabric/2-fabric-samples-2.2-codereview/test-network/addOrg3/configtx.yaml

+ res=0

+ set +x

 

--> 启动工具容器

  |--> 已启动的工具容器:

Bringing up network

  |-->启动工具容器Org3Cli

Creating volume "net_peer0.org3.example.com" with default driver

WARNING: Found orphan containers (ca_orderer, peer0.org2.example.com, ca_org1, peer0.org1.example.com, orderer.example.com, ca_org2) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.

Creating peer0.org3.example.com ... done

Creating Org3cli                ... done

--> 使用工具容器执行脚本1

 

###############################################################

####### Generate and submit config tx to add Org3 #############

###############################################################

 

========= Creating config transaction to add org3 to network ===========

 

  设置排序节点后|--> 环境变量

CORE_PEER_LOCALMSPID=OrdererMSP

CORE_PEER_ID=Org3cli

CORE_PEER_ADDRESS=peer0.org3.example.com:11051

CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock

CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt

CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp

CORE_PEER_TLS_ENABLED=true

  设置机构[1]节点后|--> 环境变量

CORE_PEER_LOCALMSPID=Org1MSP

CORE_PEER_ID=Org3cli

CORE_PEER_ADDRESS=peer0.org1.example.com:7051

CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock

CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt

CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp

CORE_PEER_TLS_ENABLED=true

Fetching the most recent configuration block for the channel

 

获取链码通道的当前配置信息

+ peer channel fetch config config_block.pb -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c mychannel --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

2021-04-02 08:22:26.072 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

2021-04-02 08:22:26.079 UTC [cli.common] readBlock -> INFO 002 Received block: 2

2021-04-02 08:22:26.079 UTC [channelCmd] fetch -> INFO 003 Retrieving last config block: 2

2021-04-02 08:22:26.081 UTC [cli.common] readBlock -> INFO 004 Received block: 2

+ set +x

Decoding config block to JSON and isolating config to config.json

通道配置文件解码

+ configtxlator proto_decode --input config_block.pb --type common.Block

+ jq '.data.data[0].payload.data.config'

+ set +x

+ jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./organizations/peerOrganizations/org3.example.com/org3.json

+ set +x

+ configtxlator proto_encode --input config.json --type common.Config

+ configtxlator proto_encode --input modified_config.json --type common.Config

+ configtxlator compute_update --channel_id mychannel --original original_config.pb --updated modified_config.pb

+ configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate

+ jq .

++ cat config_update.json

+ echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":{' '"channel_id":' '"mychannel",' '"isolated_data":' '{}}}}}'

在配置更新文件中新增机构3的信息,然后重新生成配置文件

+ configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope

+ set +x

 

========= Config transaction to add org3 to network created =====

 

Signing config transaction,对配置交易签名

 

  设置机构节点[1]后|--> 环境变量

CORE_PEER_LOCALMSPID=Org1MSP

CORE_PEER_ID=Org3cli

CORE_PEER_ADDRESS=peer0.org1.example.com:7051

CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock

CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt

CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp

CORE_PEER_TLS_ENABLED=true

使用机构1的身份,对配置更新文件进行签名背书

+ peer channel signconfigtx -f org3_update_in_envelope.pb

2021-04-02 08:22:26.381 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

+ set +x

 

========= Submitting transaction from a different peer (peer0.org2) which also signs it =========

 

  设置机构节点[2]后|--> 环境变量

CORE_PEER_LOCALMSPID=Org2MSP

CORE_PEER_ID=Org3cli

CORE_PEER_ADDRESS=peer0.org2.example.com:9051

CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock

CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt

CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp

CORE_PEER_TLS_ENABLED=true

使用机构2的身份,对链码通道进行配置更新

+ peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

2021-04-02 08:22:26.447 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

2021-04-02 08:22:26.466 UTC [channelCmd] update -> INFO 002 Successfully submitted channel update

 

========= Config transaction to add org3 to network submitted! ===========

 

+ set +x

--> 使用工具容器执行脚本2

 

###############################################################

############### Have Org3 peers join network ##################

###############################################################

 

========= Getting Org3 on to your test network =========

 

Fetching channel config block from orderer...

  从排序节点获取通道配置区块|--> 环境变量

CORE_PEER_LOCALMSPID=Org3MSP

CORE_PEER_ID=Org3cli

CORE_PEER_ADDRESS=peer0.org3.example.com:11051

CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock

CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt

CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp

CORE_PEER_TLS_ENABLED=true

Cli容器中,使用新增机构3的身份获取,初始配置区块

+ peer channel fetch 0 mychannel.block -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c mychannel --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

+ res=0

+ set +x

2021-04-02 08:22:26.771 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

2021-04-02 08:22:26.774 UTC [cli.common] readBlock -> INFO 002 Received block: 0

  设置机构[3]节点后|--> 环境变量

CORE_PEER_LOCALMSPID=Org3MSP

CORE_PEER_ID=Org3cli

CORE_PEER_ADDRESS=peer0.org3.example.com:11051

CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock

CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt

CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp

CORE_PEER_TLS_ENABLED=true

使用新增机构3的身份,执行join -b mychannel.block把机构3节点接入到链码通道mychannel

+ peer channel join -b mychannel.block

+ res=0

+ set +x

2021-04-02 08:22:26.900 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized

2021-04-02 08:22:27.396 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel

===================== peer0.org3 joined channel 'mychannel' =====================

 

========= Finished adding Org3 to your test network! =========

 

posted @ 2021-09-24 16:00  jiftle  阅读(360)  评论(0编辑  收藏  举报