本文演示如何在raft共识启动的fabric网络中动态添加orderer节点,fabric版本v1.4.2。
为方便实验,使用fabric-samples/first-network/脚本演示,且默认您有一定的fabric基础了解。
下载源码
git clone https://github.com/hyperledger/fabric-samples.git
cd fabric-samples/first-network/
git checkout v1.4.2
修改配置
- 修改
crypto-config.yaml文件,增加orderer6配置- Hostname: orderer6,用于生成orderer6节点的msp、tls等(生产环境用fabric-ca生成)
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
- Hostname: orderer2
- Hostname: orderer3
- Hostname: orderer4
- Hostname: orderer5
- Hostname: orderer6
- 修改
docker-compose-cli.yaml文件,增加config文件映射- ./config:/opt/gopath/src/github.com/hyperledger/fabric/peer/config/,方便后面文件修改
cli:
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- SYS_CHANNEL=$SYS_CHANNEL
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
- ./config:/opt/gopath/src/github.com/hyperledger/fabric/peer/config/
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer1.org1.example.com
- peer0.org2.example.com
- peer1.org2.example.com
networks:
- byfn
启动fabric网络
./byfn.sh up -o etcdraft -c mychannel -s couchdb -i 1.4.2
更新配置
- 进入
cli容器,设置全局环境变量
docker exec -it cli bash
### Global env
CHANNEL_NAME=mychannel
CORE_PEER_TLS_ENABLED=true
FABRIC_LOGGING_SPEC=INFO
ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
PEER0_ORG1_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
PEER0_ORG2_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
- 更新系统channel配置
1.设置OrdererMSP
2.获取byfn-sys-channel最新配置块文件config_block.pbexport CORE_PEER_LOCALMSPID=OrdererMSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp/
3.从config_block.pb中提取有效的数据,并转换成可编辑json格式mkdir -p config/system/ peer channel fetch config config/system/config_block.pb -o orderer.example.com:7050 -c byfn-sys-channel --tls --cafile $ORDERER_CA
4.修改config.json里面的orderer配置configtxlator proto_decode --input config/system/config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config/system/config.json
建议使用IDE,比如VsCode或EditPlus等来编辑,复制config/system/config.json为config/system/config_updated.json,搜索.example.com增加orderer6相关配置{ "client_tls_cert": "YOUR ORDERER6 TLS SERVER CERT", "host": "orderer6.example.com", "port": 7050, "server_tls_cert": "YOUR ORDERER6 TLS SERVER CERT" }
其中"OrdererAddresses": { "mod_policy": "/Channel/Orderer/Admins", "value": { "addresses": [ "orderer.example.com:7050", "orderer2.example.com:7050", "orderer3.example.com:7050", "orderer4.example.com:7050", "orderer5.example.com:7050", "orderer6.example.com:7050" ] }, "version": "0" }YOUR ORDERER6 TLS SERVER CERT可通过脚本或者其他base64工具转换得到,然后copy到上述位置
5.把前后的两个json文件重新转换回pb类型文件cat crypto-config/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/server.crt|base64
6.比较前后两个pb文件的差异,得到改动部分configtxlator proto_encode --input config/system/config.json --type common.Config > config/system/config_block_origin.pb configtxlator proto_encode --input config/system/config_updated.json --type common.Config > config/system/config_block_updated.pb
7.把配置变化部分转化为json文件configtxlator compute_update --channel_id byfn-sys-channel --original config/system/config_block_origin.pb --updated config/system/config_block_updated.pb > config/system/config_diff.pb
8.为上述json文件添加头部信息(Header),封装成一个完整的config update请求,注意channel_id设置为configtxlator proto_decode --input config/system/config_diff.pb --type common.ConfigUpdate > config/system/config_diff.jsonbyfn-sys-channel
9.把封装好的json文件转换回pb格式文件echo '{"payload":{"header":{"channel_header":{"channel_id":"byfn-sys-channel", "type":2}},"data":{"config_update":'$(cat config/system/config_diff.json)'}}}' | jq . > config/system/config_diff_envelope.json
10.签名configtxlator proto_encode --input config/system/config_diff_envelope.json --type common.Envelope > config/system/config_diff_envelope.pb
11.提交修改请求到ordererpeer channel signconfigtx -f config/system/config_diff_envelope.pbpeer channel update -f config/system/config_diff_envelope.pb -c byfn-sys-channel -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA - 更新自定义mychannel配置
1.设置OrdererMSP
2.获取mychannel最新配置块文件config_block.pbexport CORE_PEER_LOCALMSPID=OrdererMSP export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp/
3.从config_block.pb中提取有效的数据,并转换成可编辑json格式mkdir -p config/mychannel/ peer channel fetch config config/mychannel/config_block.pb -o orderer.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA
4.修改config.json里面的orderer配置configtxlator proto_decode --input config/mychannel/config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config/mychannel/config.json
与系统channel配置文件修改类似,复制config/mychannel/config.json为config/mychannel/config_updated.json,并修改。tls_cert、host与上述一致。{ "client_tls_cert": "YOUR ORDERER6 TLS SERVER CERT", "host": "orderer6.example.com", "port": 7050, "server_tls_cert": "YOUR ORDERER6 TLS SERVER CERT" }
5.把前后的两个json文件重新转换回pb类型文件"OrdererAddresses": { "mod_policy": "/Channel/Orderer/Admins", "value": { "addresses": [ "orderer.example.com:7050", "orderer2.example.com:7050", "orderer3.example.com:7050", "orderer4.example.com:7050", "orderer5.example.com:7050", "orderer6.example.com:7050" ] }, "version": "0" }
6.比较前后两个pb文件的差异,得到改动部分configtxlator proto_encode --input config/mychannel/config.json --type common.Config > config/mychannel/config_block_origin.pb configtxlator proto_encode --input config/mychannel/config_updated.json --type common.Config > config/mychannel/config_block_updated.pb
7.把配置变化部分转化为json文件configtxlator compute_update --channel_id mychannel --original config/mychannel/config_block_origin.pb --updated config/mychannel/config_block_updated.pb > config/mychannel/config_diff.pb
8.为上述json文件添加头部信息(Header),封装成一个完整的config update请求,注意channel_id设置为mychannelconfigtxlator proto_decode --input config/mychannel/config_diff.pb --type common.ConfigUpdate > config/mychannel/config_diff.json
9.把封装好的json文件转换回pb格式文件echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat config/mychannel/config_diff.json)'}}}' | jq . > config/mychannel/config_diff_envelope.json
10.签名configtxlator proto_encode --input config/mychannel/config_diff_envelope.json --type common.Envelope > config/mychannel/config_diff_envelope.pb
11.提交修改请求到ordererpeer channel signconfigtx -f config/mychannel/config_diff_envelope.pbpeer channel update -f config/mychannel/config_diff_envelope.pb -c mychannel -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA
启动orderer6节点
-
cli容器内获取系统channel最新配置块文件(channel-artifacts/genesis_updated.block)
export CORE_PEER_LOCALMSPID=OrdererMSP
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp/
peer channel fetch config channel-artifacts/genesis_updated.block -o orderer.example.com:7050 -c byfn-sys-channel --tls --cafile $ORDERER_CA
- 在
fabric-samples/first-network目录添加docker-compose-orderer6.yaml文件,内容如下
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
version: '2'
volumes:
orderer6.example.com:
networks:
byfn:
services:
orderer6.example.com:
extends:
file: base/peer-base.yaml
service: orderer-base
container_name: orderer6.example.com
networks:
- byfn
volumes:
- ./channel-artifacts/genesis_updated.block:/var/hyperledger/orderer/orderer.genesis.block
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer6.example.com/msp:/var/hyperledger/orderer/msp
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/:/var/hyperledger/orderer/tls
- orderer6.example.com:/var/hyperledger/production/orderer
ports:
- 12050:7050
- 启动orderer6
IMAGE_TAG=1.4.2 docker-compose -f docker-compose-orderer6.yaml up -d
docker ps -a|grep orderer6
#查看orderer6 log
docker logs -f orderer6.example.com
验证orderer6节点
- 在cli容器里设置peer0环境变量
#peer0 env
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
CORE_PEER_LOCALMSPID=Org1MSP
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- peer invoke 提交到
orderer.example.com:7050节点
#查询a
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
90
#执行 a b 10
peer chaincode invoke -o orderer.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $PEER0_ORG1_CA --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles $PEER0_ORG2_CA -c '{"Args":["invoke","a","b","10"]}'
#查询
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
80
- peer invoke 提交到
orderer6.example.com:7050节点
#查询
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
80
#执行 a b 5
peer chaincode invoke -o orderer6.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $PEER0_ORG1_CA --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles $PEER0_ORG2_CA -c '{"Args":["invoke","a","b","5"]}'
#查询
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
75
PS.官方文档还有最后一步我没有做,更新endpoint配置操作
Adding a new node to a Raft cluster
参考文档:
- https://hyperledger-fabric.readthedocs.io/en/master/build_network.html
- https://hyperledger-fabric.readthedocs.io/en/master/channel_update_tutorial.html
- https://hyperledger-fabric.readthedocs.io/en/master/raft_configuration.html
- https://www.jianshu.com/p/30b0ff60918d
如遇问题或有疑义随时联系,请多多关照
网友评论