fabric基础设施管理-(三)单机-动态新增组织节点
(一)单机-动态新增组织节点
1.新增组织节点
./addOrg3.sh up
执行成功后,出现如下节点容器:
2.新增节点验证
(1)验证手段
①脚本的执行结果
+ peer channel join -b mychannel.block
+ res=0
+ set +x
2021-04-09 03:23:31.832 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-04-09 03:23:32.289 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
===================== peer0.org3 joined channel 'mychannel' =====================
========= Finished adding Org3 to your test network! =========
②节点容器的日志
2021-04-09 03:23:32.739 UTC [gossip.gossip] learnAnchorPeers -> INFO 041 Learning about the configured anchor peers of Org1MSP for channel mychannel: [{peer0.org1.example.com 7051}]
2021-04-09 03:23:32.739 UTC [committer.txvalidator] Validate -> INFO 042 [mychannel] Validated block [3] in 7ms
2021-04-09 03:23:32.965 UTC [kvledger] CommitLegacy -> INFO 043 [mychannel] Committed block [3] with 1 transaction(s) in 225ms (state_validation=0ms block_and_pvtdata_commit=133ms state_commit=58ms) commitHash=[37be5332b9300ef2e301f0e0e5385a0a729d3fef5c9ea4a7bd4766bb91998a31]
2021-04-09 03:23:37.739 UTC [gossip.channel] reportMembershipChanges -> INFO 044
[[mychannel] Membership view has changed. peers went online:
[[peer0.org1.example.com:7051 ] [peer0.org2.example.com:9051 ]] ,
current view: [[peer0.org1.example.com:7051 ] [peer0.org2.example.com:9051 ]]]
③节点容器内获取信息
# peer channel list
2021-04-09 03:26:09.830 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Channels peers has joined:
mychannel
# peer channel getinfo -c mychannel
2021-04-09 03:26:30.097 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Blockchain info: {"height":4,"currentBlockHash":"cVDbIwYWcrKShzagotlaVqmxUczKDJZDgck78Cz55HY=","previousBlockHash":"ZZZhL+hrW/RqCga6xYz/liLV38sSUVP1oOVMAhU4ojs="}
(2)节点权限
新增组织节点的默认权限有:
获取通道信息
执行命令:
# peer channel getinfo -c mychannel
2021-04-09 03:09:32.648 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Blockchain info: {"height":4,"currentBlockHash":"+DEKEFjRYOvwabcpLdyHBLEhoRWhCFqZHdkkBef5JSA=","previousBlockHash":"6cVKJMYnPFQo4R7fV048ODfPfdpYBZiE642FZBASNBU="}
没有的权限:
获取已安装链码
执行命令:
# peer chaincode list --installed
Error: bad response: 500 - access denied for [getinstalledchaincodes]: Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [The identity is not an admin under this MSP [Org3MSP]: The identity does not contain OU [ADMIN], MSP: [Org3MSP]]
3.过程剖析
对日志的剖析,有助于理解新增节点的过程。
Add Org3 to channel 'mychannel' with '10' seconds and CLI delay of '3' seconds and using database 'leveldb'
--> 检查身份证书
--> 检查新增机构的身份证书是否生成
/home/john/tg-git/fabric/2-fabric-samples-2.2-codereview/test-network/addOrg3/../../bin/cryptogen
##########################################################
##### Generate certificates using cryptogen tool #########
##########################################################
##########################################################
############ Create Org3 Identities ######################
##########################################################
生成机构3身份文件
+ cryptogen generate --config=org3-crypto.yaml --output=../organizations
org3.example.com
+ res=0
+ set +x
Generate CCP files for Org3
/home/john/tg-git/fabric/2-fabric-samples-2.2-codereview/test-network/addOrg3/../../bin/configtxgen
##########################################################
####### Generating Org3 organization definition #########
##########################################################
打印机构3的信息
+ configtxgen -printOrg Org3MSP
2021-04-02 16:22:16.619 CST [common.tools.configtxgen] main -> INFO 001 Loading configuration
2021-04-02 16:22:16.621 CST [common.tools.configtxgen.localconfig] LoadTopLevel -> INFO 002 Loaded configuration: /home/john/tg-git/fabric/2-fabric-samples-2.2-codereview/test-network/addOrg3/configtx.yaml
+ res=0
+ set +x
--> 启动工具容器
|--> 已启动的工具容器:
Bringing up network
|-->启动工具容器Org3Cli
Creating volume "net_peer0.org3.example.com" with default driver
WARNING: Found orphan containers (ca_orderer, peer0.org2.example.com, ca_org1, peer0.org1.example.com, orderer.example.com, ca_org2) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
Creating peer0.org3.example.com ... done
Creating Org3cli ... done
--> 使用工具容器执行脚本1
###############################################################
####### Generate and submit config tx to add Org3 #############
###############################################################
========= Creating config transaction to add org3 to network ===========
设置排序节点后|--> 环境变量
CORE_PEER_LOCALMSPID=OrdererMSP
CORE_PEER_ID=Org3cli
CORE_PEER_ADDRESS=peer0.org3.example.com:11051
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/ordererOrganizations/example.com/users/Admin@example.com/msp
CORE_PEER_TLS_ENABLED=true
设置机构[1]节点后|--> 环境变量
CORE_PEER_LOCALMSPID=Org1MSP
CORE_PEER_ID=Org3cli
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
CORE_PEER_TLS_ENABLED=true
Fetching the most recent configuration block for the channel
获取链码通道的当前配置信息
+ peer channel fetch config config_block.pb -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c mychannel --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2021-04-02 08:22:26.072 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-04-02 08:22:26.079 UTC [cli.common] readBlock -> INFO 002 Received block: 2
2021-04-02 08:22:26.079 UTC [channelCmd] fetch -> INFO 003 Retrieving last config block: 2
2021-04-02 08:22:26.081 UTC [cli.common] readBlock -> INFO 004 Received block: 2
+ set +x
Decoding config block to JSON and isolating config to config.json
通道配置文件解码
+ configtxlator proto_decode --input config_block.pb --type common.Block
+ jq '.data.data[0].payload.data.config'
+ set +x
+ jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./organizations/peerOrganizations/org3.example.com/org3.json
+ set +x
+ configtxlator proto_encode --input config.json --type common.Config
+ configtxlator proto_encode --input modified_config.json --type common.Config
+ configtxlator compute_update --channel_id mychannel --original original_config.pb --updated modified_config.pb
+ configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate
+ jq .
++ cat config_update.json
+ echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":{' '"channel_id":' '"mychannel",' '"isolated_data":' '{}}}}}'
在配置更新文件中新增机构3的信息,然后重新生成配置文件
+ configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope
+ set +x
========= Config transaction to add org3 to network created =====
Signing config transaction,对配置交易签名
设置机构节点[1]后|--> 环境变量
CORE_PEER_LOCALMSPID=Org1MSP
CORE_PEER_ID=Org3cli
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
CORE_PEER_TLS_ENABLED=true
使用机构1的身份,对配置更新文件进行签名背书
+ peer channel signconfigtx -f org3_update_in_envelope.pb
2021-04-02 08:22:26.381 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
+ set +x
========= Submitting transaction from a different peer (peer0.org2) which also signs it =========
设置机构节点[2]后|--> 环境变量
CORE_PEER_LOCALMSPID=Org2MSP
CORE_PEER_ID=Org3cli
CORE_PEER_ADDRESS=peer0.org2.example.com:9051
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
CORE_PEER_TLS_ENABLED=true
使用机构2的身份,对链码通道进行配置更新
+ peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2021-04-02 08:22:26.447 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-04-02 08:22:26.466 UTC [channelCmd] update -> INFO 002 Successfully submitted channel update
========= Config transaction to add org3 to network submitted! ===========
+ set +x
--> 使用工具容器执行脚本2
###############################################################
############### Have Org3 peers join network ##################
###############################################################
========= Getting Org3 on to your test network =========
Fetching channel config block from orderer...
从排序节点获取通道配置区块|--> 环境变量
CORE_PEER_LOCALMSPID=Org3MSP
CORE_PEER_ID=Org3cli
CORE_PEER_ADDRESS=peer0.org3.example.com:11051
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
CORE_PEER_TLS_ENABLED=true
在Cli容器中,使用新增机构3的身份获取,初始配置区块
+ peer channel fetch 0 mychannel.block -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com -c mychannel --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
+ res=0
+ set +x
2021-04-02 08:22:26.771 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-04-02 08:22:26.774 UTC [cli.common] readBlock -> INFO 002 Received block: 0
设置机构[3]节点后|--> 环境变量
CORE_PEER_LOCALMSPID=Org3MSP
CORE_PEER_ID=Org3cli
CORE_PEER_ADDRESS=peer0.org3.example.com:11051
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
CORE_PEER_TLS_ENABLED=true
使用新增机构3的身份,执行join -b mychannel.block把机构3节点接入到链码通道mychannel
+ peer channel join -b mychannel.block
+ res=0
+ set +x
2021-04-02 08:22:26.900 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2021-04-02 08:22:27.396 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
===================== peer0.org3 joined channel 'mychannel' =====================
========= Finished adding Org3 to your test network! =========