Fabric 1.4.2 动态添加orderer节点

本文演示如何在raft共识启动的fabric网络中动态添加orderer节点，fabric版本v1.4.2。
为方便实验，使用fabric-samples/first-network/脚本演示，且默认您有一定的fabric基础了解。

下载源码

git clone https://github.com/hyperledger/fabric-samples.git
cd fabric-samples/first-network/
git checkout v1.4.2

修改配置

• 修改crypto-config.yaml文件，增加orderer6配置- Hostname: orderer6，用于生成orderer6节点的msp、tls等（生产环境用fabric-ca生成）

OrdererOrgs:
  # ---------------------------------------------------------------------------
  # Orderer
  # ---------------------------------------------------------------------------
  - Name: Orderer
    Domain: example.com
    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs below for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer
      - Hostname: orderer2
      - Hostname: orderer3
      - Hostname: orderer4
      - Hostname: orderer5
      - Hostname: orderer6

• 修改docker-compose-cli.yaml文件，增加config文件映射- ./config:/opt/gopath/src/github.com/hyperledger/fabric/peer/config/，方便后面文件修改

cli:
    container_name: cli
    image: hyperledger/fabric-tools:$IMAGE_TAG
    tty: true
    stdin_open: true
    environment:
      - SYS_CHANNEL=$SYS_CHANNEL
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      #- FABRIC_LOGGING_SPEC=DEBUG
      - FABRIC_LOGGING_SPEC=INFO
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=Org1MSP
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        - ./../chaincode/:/opt/gopath/src/github.com/chaincode
        - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
        - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
        - ./config:/opt/gopath/src/github.com/hyperledger/fabric/peer/config/
    depends_on:
      - orderer.example.com
      - peer0.org1.example.com
      - peer1.org1.example.com
      - peer0.org2.example.com
      - peer1.org2.example.com
    networks:
      - byfn

启动fabric网络

./byfn.sh up -o etcdraft -c mychannel -s couchdb -i 1.4.2

更新配置

• 进入cli容器，设置全局环境变量

docker exec -it cli bash
### Global env
CHANNEL_NAME=mychannel
CORE_PEER_TLS_ENABLED=true
FABRIC_LOGGING_SPEC=INFO
ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

PEER0_ORG1_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
PEER0_ORG2_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt

• 更新系统channel配置
  1.设置OrdererMSP

  export CORE_PEER_LOCALMSPID=OrdererMSP
  export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp/
  

  2.获取byfn-sys-channel最新配置块文件config_block.pb

  mkdir -p config/system/
  peer channel fetch config config/system/config_block.pb -o orderer.example.com:7050 -c byfn-sys-channel --tls --cafile $ORDERER_CA
  

  3.从config_block.pb中提取有效的数据，并转换成可编辑json格式

  configtxlator proto_decode --input config/system/config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config/system/config.json
  

  4.修改config.json里面的orderer配置
  建议使用IDE，比如VsCode或EditPlus等来编辑，复制config/system/config.json为config/system/config_updated.json，搜索.example.com增加orderer6相关配置

                    {
                      "client_tls_cert": "YOUR ORDERER6 TLS SERVER CERT",
                      "host": "orderer6.example.com",
                      "port": 7050,
                      "server_tls_cert": "YOUR ORDERER6 TLS SERVER CERT"
                    }
  

        "OrdererAddresses": {
          "mod_policy": "/Channel/Orderer/Admins",
          "value": {
            "addresses": [
              "orderer.example.com:7050",
              "orderer2.example.com:7050",
              "orderer3.example.com:7050",
              "orderer4.example.com:7050",
              "orderer5.example.com:7050",
              "orderer6.example.com:7050"
            ]
          },
          "version": "0"
      }
  

  其中YOUR ORDERER6 TLS SERVER CERT可通过脚本或者其他base64工具转换得到，然后copy到上述位置

  cat crypto-config/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/server.crt|base64
  

  5.把前后的两个json文件重新转换回pb类型文件

  configtxlator proto_encode --input config/system/config.json --type common.Config > config/system/config_block_origin.pb
  configtxlator proto_encode --input config/system/config_updated.json --type common.Config > config/system/config_block_updated.pb
  

  6.比较前后两个pb文件的差异，得到改动部分

  configtxlator compute_update --channel_id byfn-sys-channel --original config/system/config_block_origin.pb --updated config/system/config_block_updated.pb > config/system/config_diff.pb
  

  7.把配置变化部分转化为json文件

  configtxlator proto_decode --input config/system/config_diff.pb --type common.ConfigUpdate > config/system/config_diff.json
  

  8.为上述json文件添加头部信息(Header)，封装成一个完整的config update请求，注意channel_id设置为byfn-sys-channel

  echo '{"payload":{"header":{"channel_header":{"channel_id":"byfn-sys-channel", "type":2}},"data":{"config_update":'$(cat config/system/config_diff.json)'}}}' | jq . > config/system/config_diff_envelope.json
  

  9.把封装好的json文件转换回pb格式文件

  configtxlator proto_encode --input config/system/config_diff_envelope.json --type common.Envelope > config/system/config_diff_envelope.pb
  

  10.签名

  peer channel signconfigtx -f config/system/config_diff_envelope.pb
  

  11.提交修改请求到orderer

  peer channel update -f config/system/config_diff_envelope.pb -c byfn-sys-channel -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA
  

• 更新自定义mychannel配置
  1.设置OrdererMSP

  export CORE_PEER_LOCALMSPID=OrdererMSP
  export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp/
  

  2.获取mychannel最新配置块文件config_block.pb

  mkdir -p config/mychannel/
  peer channel fetch config config/mychannel/config_block.pb -o orderer.example.com:7050 -c mychannel --tls --cafile $ORDERER_CA
  

  3.从config_block.pb中提取有效的数据，并转换成可编辑json格式

  configtxlator proto_decode --input config/mychannel/config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config/mychannel/config.json
  

  4.修改config.json里面的orderer配置
  与系统channel配置文件修改类似，复制config/mychannel/config.json为config/mychannel/config_updated.json,并修改。tls_cert、host与上述一致。

                    {
                      "client_tls_cert": "YOUR ORDERER6 TLS SERVER CERT",
                      "host": "orderer6.example.com",
                      "port": 7050,
                      "server_tls_cert": "YOUR ORDERER6 TLS SERVER CERT"
                    }
  

        "OrdererAddresses": {
          "mod_policy": "/Channel/Orderer/Admins",
          "value": {
            "addresses": [
              "orderer.example.com:7050",
              "orderer2.example.com:7050",
              "orderer3.example.com:7050",
              "orderer4.example.com:7050",
              "orderer5.example.com:7050",
              "orderer6.example.com:7050"
            ]
          },
          "version": "0"
      }
  

  5.把前后的两个json文件重新转换回pb类型文件

  configtxlator proto_encode --input config/mychannel/config.json --type common.Config > config/mychannel/config_block_origin.pb
  configtxlator proto_encode --input config/mychannel/config_updated.json --type common.Config > config/mychannel/config_block_updated.pb
  

  6.比较前后两个pb文件的差异，得到改动部分

  configtxlator compute_update --channel_id mychannel --original config/mychannel/config_block_origin.pb --updated config/mychannel/config_block_updated.pb > config/mychannel/config_diff.pb
  

  7.把配置变化部分转化为json文件

  configtxlator proto_decode --input config/mychannel/config_diff.pb --type common.ConfigUpdate > config/mychannel/config_diff.json
  

  8.为上述json文件添加头部信息(Header)，封装成一个完整的config update请求，注意channel_id设置为mychannel

  echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat config/mychannel/config_diff.json)'}}}' | jq . > config/mychannel/config_diff_envelope.json
  

  9.把封装好的json文件转换回pb格式文件

  configtxlator proto_encode --input config/mychannel/config_diff_envelope.json --type common.Envelope > config/mychannel/config_diff_envelope.pb
  

  10.签名

  peer channel signconfigtx -f config/mychannel/config_diff_envelope.pb
  

  11.提交修改请求到orderer

  peer channel update -f config/mychannel/config_diff_envelope.pb -c mychannel -o orderer.example.com:7050 --tls true --cafile $ORDERER_CA
  

启动orderer6节点

• cli容器内获取系统channel最新配置块文件(channel-artifacts/genesis_updated.block)

export CORE_PEER_LOCALMSPID=OrdererMSP
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp/

peer channel fetch config channel-artifacts/genesis_updated.block -o orderer.example.com:7050 -c byfn-sys-channel --tls --cafile $ORDERER_CA

• 在fabric-samples/first-network目录添加docker-compose-orderer6.yaml文件，内容如下

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

version: '2'

volumes:
  orderer6.example.com:

networks:
  byfn:

services:

  orderer6.example.com:
    extends:
      file: base/peer-base.yaml
      service: orderer-base
    container_name: orderer6.example.com
    networks:
    - byfn
    volumes:
        - ./channel-artifacts/genesis_updated.block:/var/hyperledger/orderer/orderer.genesis.block
        - ./crypto-config/ordererOrganizations/example.com/orderers/orderer6.example.com/msp:/var/hyperledger/orderer/msp
        - ./crypto-config/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/:/var/hyperledger/orderer/tls
        - orderer6.example.com:/var/hyperledger/production/orderer
    ports:
    - 12050:7050

• 启动orderer6

IMAGE_TAG=1.4.2 docker-compose -f docker-compose-orderer6.yaml up -d
docker ps -a|grep orderer6
#查看orderer6 log
docker logs -f orderer6.example.com

验证orderer6节点

• 在cli容器里设置peer0环境变量

#peer0 env
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
CORE_PEER_LOCALMSPID=Org1MSP

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt

• peer invoke 提交到orderer.example.com:7050节点

#查询a
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
90
#执行 a b 10
peer chaincode invoke -o orderer.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $PEER0_ORG1_CA --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles $PEER0_ORG2_CA -c '{"Args":["invoke","a","b","10"]}'
#查询
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
80

• peer invoke 提交到orderer6.example.com:7050节点

#查询
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
80
#执行 a b 5
peer chaincode invoke -o orderer6.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles $PEER0_ORG1_CA --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles $PEER0_ORG2_CA -c '{"Args":["invoke","a","b","5"]}'
#查询
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
75

PS.官方文档还有最后一步我没有做，更新endpoint配置操作

Adding a new node to a Raft cluster

参考文档：

• https://hyperledger-fabric.readthedocs.io/en/master/build_network.html
• https://hyperledger-fabric.readthedocs.io/en/master/channel_update_tutorial.html
• https://hyperledger-fabric.readthedocs.io/en/master/raft_configuration.html
• https://www.jianshu.com/p/30b0ff60918d

如遇问题或有疑义随时联系，请多多关照