fabric2.0动态添加组织

1、生成新增组织证书

对于fabric网络来说,要新增一个组织,首先是从证书开始,因为证书就是fabric里面的身份。这里使用fabric-ca生产组织证书。

docker-compose-ca_org3.yaml

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
 
version: '2'
 
services:
 
  ca_org3:
    image: hyperledger/fabric-ca:1.4
    environment:
      - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
      - FABRIC_CA_SERVER_CA_NAME=ca-org3
      - FABRIC_CA_SERVER_TLS_ENABLED=true
      - FABRIC_CA_SERVER_PORT=10054
    ports:
      - "10054:10054"
    command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
    volumes:
      - ./organizations/fabric-ca/org3:/etc/hyperledger/fabric-ca-server
    container_name: ca_org3

 修改配置文件fabric-ca-server-config.yaml,将数据库改成mysql

?
1
2
3
4
5
6
7
8
9
db:
  type: mysql
  datasource: root:password@tcp(10.20.31.113:3306)/ca_org3?parseTime=true
  tls:
      enabled: false
      certfiles:
      client:
        certfile:
        keyfile:

 启动fabric ca 

?
1
docker-compose -f docker-compose-ca_org3.yaml up -d

生成org3证书脚本(registerOrg3.sh )

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
function createOrg3 {
 
  echo
    echo "Enroll the CA admin"
  echo
    mkdir -p organizations/peerOrganizations/org3.example.com/
 
    export FABRIC_CA_CLIENT_HOME=${PWD}/organizations/peerOrganizations/org3.example.com/
  set -x
  fabric-ca-client enroll -u https://admin:adminpw@localhost:10054 --caname ca-org3 --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
 
  echo 'NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/localhost-10054-ca-org3.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/localhost-10054-ca-org3.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/localhost-10054-ca-org3.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/localhost-10054-ca-org3.pem
    OrganizationalUnitIdentifier: orderer' > ${PWD}/organizations/peerOrganizations/org3.example.com/msp/config.yaml
 
  echo
    echo "Register peer0"
  echo
  set -x
    fabric-ca-client register --caname ca-org3 --id.name peer0 --id.secret peer0pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
  echo
    echo "Register peer1"
  echo
  set -x
    fabric-ca-client register --caname ca-org3 --id.name peer1 --id.secret peer1pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
 
  echo
  echo "Register user"
  echo
  set -x
  fabric-ca-client register --caname ca-org3 --id.name user1 --id.secret user1pw --id.type client --id.attrs '"hf.Registrar.Roles=client"' --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
 
  echo
  echo "Register the org admin"
  echo
  set -x
  fabric-ca-client register --caname ca-org3 --id.name org3admin --id.secret org3adminpw --id.type admin --id.attrs '"hf.Registrar.Roles=admin"' --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
 
  mkdir -p organizations/peerOrganizations/org3.example.com/peers
  mkdir -p organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com
  mkdir -p organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com
 
  echo
  echo "## Generate the peer0 msp"
  echo
  set -x
    fabric-ca-client enroll -u https://peer0:peer0pw@localhost:10054 --caname ca-org3 -M ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp --csr.hosts peer0.org3.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
 
  echo
  echo "## Generate the peer1 msp"
  echo
  set -x
    fabric-ca-client enroll -u https://peer1:peer1pw@localhost:10054 --caname ca-org3 -M ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/msp --csr.hosts peer1.org3.example.com --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
 
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/config.yaml
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/msp/config.yaml
 
  echo
  echo "## Generate the peer0-tls certificates"
  echo
  set -x
  fabric-ca-client enroll -u https://peer0:peer0pw@localhost:10054 --caname ca-org3 -M ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls --enrollment.profile tls --csr.hosts peer0.org3.example.com --csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
  echo
  echo "## Generate the peer1-tls certificates"
  echo
  set -x
  fabric-ca-client enroll -u https://peer1:peer1pw@localhost:10054 --caname ca-org3 -M ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls --enrollment.profile tls --csr.hosts peer1.org3.example.com --csr.hosts localhost --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
 
 
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/signcerts/* ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/keystore/* ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/signcerts/* ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/server.crt
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/keystore/* ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/server.key
 
  mkdir ${PWD}/organizations/peerOrganizations/org3.example.com/msp/tlscacerts
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org3.example.com/msp/tlscacerts/ca.crt
 
  mkdir ${PWD}/organizations/peerOrganizations/org3.example.com/tlsca
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/tlscacerts/* ${PWD}/organizations/peerOrganizations/org3.example.com/tlsca/tlsca.org3.example.com-cert.pem
 
  mkdir ${PWD}/organizations/peerOrganizations/org3.example.com/ca
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp/cacerts/* ${PWD}/organizations/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem
 
  mkdir -p organizations/peerOrganizations/org3.example.com/users
  mkdir -p organizations/peerOrganizations/org3.example.com/users/User1@org3.example.com
 
  echo
  echo "## Generate the user msp"
  echo
  set -x
    fabric-ca-client enroll -u https://user1:user1pw@localhost:10054 --caname ca-org3 -M ${PWD}/organizations/peerOrganizations/org3.example.com/users/User1@org3.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
 
  mkdir -p organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com
 
  echo
  echo "## Generate the org admin msp"
  echo
  set -x
    fabric-ca-client enroll -u https://org3admin:org3adminpw@localhost:10054 --caname ca-org3 -M ${PWD}/organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp --tls.certfiles ${PWD}/organizations/fabric-ca/org3/tls-cert.pem
  set +x
 
  cp ${PWD}/organizations/peerOrganizations/org3.example.com/msp/config.yaml ${PWD}/organizations/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp/config.yaml
 
}

 执行脚本生成证书

?
1
2
. registerOrg3.sh
createOrg3

 将证书复制到fabric网络

 2、新增org3定义到区块链

之前我们启动的网络的时候,在启动前需要是创建创始区块与通道配置,因此在为了让区块链知道这个新来的组织,需要把组织的配置添加到区块配置中
配置文件/root/go/src/github.com/hyperledger/fabric/fabric-samples/first-network/org3-artifacts/first-network/org3-artifacts/configtx.yaml
注意证书目录必须对应正确的org3证书目录

 在first-network目录控制台输入以下命令生成org3定义

?
1
2
export FABRIC_CFG_PATH=$PWD
configtxgen  -printOrg Org3MSP -configPath org3-artifacts > channel-artifacts/org3.json

 3、配置并启动org3相关节点容器

docker-compose-org3.yaml

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
 
version: '2'
 
volumes:
  peer0.org3.example.com:
  peer1.org3.example.com:
 
networks:
  byfn:
 
services:
 
  peer0.org3.example.com:
    container_name: peer0.org3.example.com
    extends:
      file: base/peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer0.org3.example.com
      - CORE_PEER_ADDRESS=peer0.org3.example.com:11051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:11051
      - CORE_PEER_CHAINCODEADDRESS=peer0.org3.example.com:11052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:11052
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org3.example.com:12051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:11051
      - CORE_PEER_LOCALMSPID=Org3MSP
    volumes:
        - /var/run/:/host/var/run/
        - ./crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp
        - ./crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls
        #- ./org3-config:/etc/hyperledger/fabric
        - peer0.org3.example.com:/var/hyperledger/production
    ports:
      - 11051:11051
    networks:
      - byfn
    extra_hosts:
      - "orderer.example.com:10.20.31.116"
      - "orderer2.example.com:10.20.31.117"
      - "orderer3.example.com:10.20.31.137"
      - "orderer4.example.com:10.20.31.232"
      - "orderer5.example.com:10.20.31.116"
      - "peer0.org1.example.com:10.20.31.116"
      - "peer1.org1.example.com:10.20.31.117"
      - "peer0.org2.example.com:10.20.31.137"
      - "peer1.org2.example.com:10.20.31.232"
      - "peer0.org3.example.com:10.20.31.137"
      - "peer1.org3.example.com:10.20.31.137"
      - "couchdb0:10.20.31.116"
      - "couchdb1:10.20.31.117"
      - "couchdb2:10.20.31.137"
      - "couchdb3:10.20.31.232"
 
  peer1.org3.example.com:
    container_name: peer1.org3.example.com
    extends:
      file: base/peer-base.yaml
      service: peer-base
    environment:
      - CORE_PEER_ID=peer1.org3.example.com
      - CORE_PEER_ADDRESS=peer1.org3.example.com:12051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:12051
      - CORE_PEER_CHAINCODEADDRESS=peer1.org3.example.com:12052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:12052
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org3.example.com:11051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org3.example.com:12051
      - CORE_PEER_LOCALMSPID=Org3MSP
    volumes:
        - /var/run/:/host/var/run/
        - ./crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/msp:/etc/hyperledger/fabric/msp
        - ./crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls:/etc/hyperledger/fabric/tls
        #- ./org3-config:/etc/hyperledger/fabric
        - peer1.org3.example.com:/var/hyperledger/production
    ports:
      - 12051:12051
    networks:
      - byfn
    extra_hosts:
      - "orderer.example.com:10.20.31.116"
      - "orderer2.example.com:10.20.31.117"
      - "orderer3.example.com:10.20.31.137"
      - "orderer4.example.com:10.20.31.232"
      - "orderer5.example.com:10.20.31.116"
      - "peer0.org1.example.com:10.20.31.116"
      - "peer1.org1.example.com:10.20.31.117"
      - "peer0.org2.example.com:10.20.31.137"
      - "peer1.org2.example.com:10.20.31.232"
      - "peer0.org3.example.com:10.20.31.137"
      - "peer1.org3.example.com:10.20.31.137"

启动org3

?
1
docker-compose -f docker-compose-org3.yaml up -d

4、 更新通道配置

进入cli:docker exec -it cli /bin/bash设置环境变量

?
1
2
3
4
5
6
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CHANNEL_NAME=mychannel
echo $ORDERER_CA && echo $CHANNEL_NAMEexport CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export CORE_PEER_LOCALMSPID="Org1MSP"
export  CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt

输入以下命令获取最新块  

?
1
peer channel fetch config config_block.pb -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA

修改配置将pb文件转json

?
1
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json

将之前org3的配置org3.json添加到config.json
先把之前生成的org3.json放进去Org3cli容器

?
1
docker cp channel-artifacts/org3.json 099ab9c5f39b:/opt/gopath/src/github.com/hyperledger/fabric/peer
?
1
PS:099ab9c5f39b cli容器id  
?
1
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json org3.json > modified_config.json

将config.json 跟modified_config.json 转pb编码

?
1
2
configtxlator proto_encode --input config.json --type common.Config --output config.pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb

 计算两个pb差异

?
1
configtxlator compute_update --channel_id mychannel --original config.pb --updated modified_config.pb --output org3_update.pb

将更新的pb解析为json

?
1
configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json

现在我们有一个解码后的更新文件org3_update.json,我们需要将其包装在信封消息中。此步骤将使我们返回之前删除的header字段。我们将这个文件命名为org3_update_in_envelope.json:

?
1
echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL_NAME'", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json

使用我们正确格式的JSON – org3_update_in_envelope.json我们将configtxlator最后一次使用该工具,并将其转换为Fabric所需的完整protobuf格式。我们将命名我们的最终更新对象org3_update_in_envelope.pb:

?
1
configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb

签名并提交更新配置

?
1
peer channel signconfigtx -f org3_update_in_envelope.pb

切换环境为org2执行更新配置,因为update也会为当前组织签名,所以不需要再org2签名

?
1
2
3
4
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2

更新命令

?
1
peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA

5、org3加入通道

切换成org3环境变量

?
1
2
3
4
export CORE_PEER_LOCALMSPID=Org3MSP
export CORE_PEER_ADDRESS=peer0.org3.example.com:11051
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp

获取mychannel 0号块创始块

?
1
peer channel fetch 0 mychannel.block -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA

该命令将创世块返回到名为的文件mychannel.block。现在,我们可以使用此块将org3的节点加入通道。

?
1
peer channel join -b mychannel.block

通过peer channel list 验证

posted @   人艰不拆_zmc  阅读(1885)  评论(0编辑  收藏  举报
编辑推荐:
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
阅读排行:
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 张高兴的大模型开发实战:(一)使用 Selenium 进行网页爬虫
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构
历史上的今天:
2019-04-03 出现error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
2018-04-03 spring boot+logback+JdbcTemplate打印sql日志
2018-04-03 使用JdbcTemplate报 Incorrect column count: expected 1, actual 5错误解决
点击右上角即可分享
微信分享提示
SQL AI 助手