本文主要是介绍Fabric向现有组织中添加新节点,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
- 1. 生成新节点证书
- 2. 添加新节点配置信息并启动
- 3. 新节点加入通道
- 4. 安装链码
- 5. 参考资料
向 fabric 网络中添加新节点是常见的业务需求,基本上需要以下几个步骤:
- 生成新节点证书
- 添加新节点配置信息并启动
- 新节点加入通道
- 安装链码
以 fabric-sample 库中 v1.3 版本的 byfn.sh 建立的简单测试网为例进行操作。这个测试网络中包含两个组织,每个组织都有两个节点:
- org1:
- peer0.org1.example.com
- peer1.org1.example.com
- org2:
- peer0.org2.example.com
- peer1.org2.example.com
我们需要在 org2 中添加一个 peer2.org2.example.com 节点。
1. 生成新节点证书
每个节点都有相应的证书才能连接网络,需要使用 cryptogen 工具生成新节点的证书。因为是新节点加入现有网络组织,因此,需要使用 cryptogen extend 命令首先对现有网络的证书文件进行扩展。在执行该命令之前需要首先修改 crypto-config.yaml 配置文件,将 org2 组织的节点数增加 1,其它的配置信息不要修改。
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
## ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:# ---------------------------------------------------------------------------# Orderer# ---------------------------------------------------------------------------- Name: OrdererDomain: example.com# ---------------------------------------------------------------------------# "Specs" - See PeerOrgs below for complete description# ---------------------------------------------------------------------------Specs:- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:# ---------------------------------------------------------------------------# Org1# ---------------------------------------------------------------------------- Name: Org1Domain: org1.example.comEnableNodeOUs: true# ---------------------------------------------------------------------------# "Specs"# ---------------------------------------------------------------------------# Uncomment this section to enable the explicit definition of hosts in your# configuration. Most users will want to use Template, below## Specs is an array of Spec entries. Each Spec entry consists of two fields:# - Hostname: (Required) The desired hostname, sans the domain.# - CommonName: (Optional) Specifies the template or explicit override for# the CN. By default, this is the template:## "{{.Hostname}}.{{.Domain}}"## which obtains its values from the Spec.Hostname and# Org.Domain, respectively.# ---------------------------------------------------------------------------# Specs:# - Hostname: foo # implicitly "foo.org1.example.com"# CommonName: foo27.org5.example.com # overrides Hostname-based FQDN set above# - Hostname: bar# - Hostname: baz# ---------------------------------------------------------------------------# "Template"# ---------------------------------------------------------------------------# Allows for the definition of 1 or more hosts that are created sequentially# from a template. By default, this looks like "peer%d" from 0 to Count-1.# You may override the number of nodes (Count), the starting index (Start)# or the template used to construct the name (Hostname).## Note: Template and Specs are not mutually exclusive. You may define both# sections and the aggregate nodes will be created for you. Take care with# name collisions# ---------------------------------------------------------------------------Template:Count: 2# Start: 5# Hostname: {{.Prefix}}{{.Index}} # default# ---------------------------------------------------------------------------# "Users"# ---------------------------------------------------------------------------# Count: The number of user accounts _in addition_ to Admin# ---------------------------------------------------------------------------Users:Count: 1# ---------------------------------------------------------------------------# Org2: See "Org1" for full specification# ---------------------------------------------------------------------------- Name: Org2Domain: org2.example.comEnableNodeOUs: trueTemplate:Count: 3 # count 表示组织下的peer数量,这里需要把 2 改为 3Users:Count: 1
修改完成后即可使用 cryptogen extend 命令生成新节点证书,注意,这里需要使用 --config 选项指定刚才修改的配置文件:
$ cryptogen extend --config=crypto-config.yaml
生成之后,可以发现 org2 组织下增加了一个 peer2.org2.example.com peer:
$ tree crypto-config/peerOrganizations/org2.example.com/ -L 2
crypto-config/peerOrganizations/org2.example.com/
├── ca
│ ├── 7083e512097fba904427ffabefeae7b6cceb76563f40cee9f3e287d0ede0d38c_sk
│ └── ca.org2.example.com-cert.pem
├── msp
│ ├── admincerts
│ ├── cacerts
│ ├── config.yaml
│ └── tlscacerts
├── peers
│ ├── peer0.org2.example.com
│ ├── peer1.org2.example.com
│ └── peer2.org2.example.com # 新增 peer
├── tlsca
│ ├── e0be59442c004221c94a48d68fb3d72f822d0bc88c31258ced26018c7d4d4de5_sk
│ └── tlsca.org2.example.com-cert.pem
└── users├── Admin@org2.example.com└── User1@org2.example.com13 directories, 5 files
2. 添加新节点配置信息并启动
证书文件生成之后,需要在 base/docker-compose-base.yaml 中添加新节点 peer2.org2.example.com 的配置信息,包括环境变量、映射的端口号、证书文件目录等信息。
点击查看修改后的 base/docker-compose-base.yaml 配置文件# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#version: '2'services:orderer.example.com:container_name: orderer.example.comimage: hyperledger/fabric-orderer:$IMAGE_TAGenvironment:- ORDERER_GENERAL_LOGLEVEL=INFO- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0- ORDERER_GENERAL_GENESISMETHOD=file- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block- ORDERER_GENERAL_LOCALMSPID=OrdererMSP- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp# enabled TLS- ORDERER_GENERAL_TLS_ENABLED=true- ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key- ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt- ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]working_dir: /opt/gopath/src/github.com/hyperledger/fabriccommand: orderervolumes:- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls- orderer.example.com:/var/hyperledger/production/ordererports:- 7050:7050peer0.org1.example.com:container_name: peer0.org1.example.comextends:file: peer-base.yamlservice: peer-baseenvironment:- CORE_PEER_ID=peer0.org1.example.com- CORE_PEER_ADDRESS=peer0.org1.example.com:7051- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.example.com:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051- CORE_PEER_LOCALMSPID=Org1MSPvolumes:- /var/run/:/host/var/run/- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls- peer0.org1.example.com:/var/hyperledger/productionports:- 7051:7051- 7053:7053peer1.org1.example.com:container_name: peer1.org1.example.comextends:file: peer-base.yamlservice: peer-baseenvironment:- CORE_PEER_ID=peer1.org1.example.com- CORE_PEER_ADDRESS=peer1.org1.example.com:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:7051- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051- CORE_PEER_LOCALMSPID=Org1MSPvolumes:- /var/run/:/host/var/run/- ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp- ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls- peer1.org1.example.com:/var/hyperledger/productionports:- 8051:7051- 8053:7053peer0.org2.example.com:container_name: peer0.org2.example.comextends:file: peer-base.yamlservice: peer-baseenvironment:- CORE_PEER_ID=peer0.org2.example.com- CORE_PEER_ADDRESS=peer0.org2.example.com:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:7051- CORE_PEER_LOCALMSPID=Org2MSPvolumes:- /var/run/:/host/var/run/- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls- peer0.org2.example.com:/var/hyperledger/productionports:- 9051:7051- 9053:7053peer1.org2.example.com:container_name: peer1.org2.example.comextends:file: peer-base.yamlservice: peer-baseenvironment:- CORE_PEER_ID=peer1.org2.example.com- CORE_PEER_ADDRESS=peer1.org2.example.com:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:7051- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051- CORE_PEER_LOCALMSPID=Org2MSPvolumes:- /var/run/:/host/var/run/- ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/etc/hyperledger/fabric/msp- ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/etc/hyperledger/fabric/tls- peer1.org2.example.com:/var/hyperledger/productionports:- 10051:7051- 10053:7053# 新增加的节点配置信息peer2.org2.example.com:container_name: peer2.org2.example.comextends:file: peer-base.yamlservice: peer-baseenvironment:- CORE_PEER_ID=peer2.org2.example.com- CORE_PEER_ADDRESS=peer2.org2.example.com:7051- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer2.org2.example.com:7051- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051- CORE_PEER_LOCALMSPID=Org2MSPvolumes:- /var/run/:/host/var/run/- ../crypto-config/peerOrganizations/org2.example.com/peers/peer2.org2.example.com/msp:/etc/hyperledger/fabric/msp- ../crypto-config/peerOrganizations/org2.example.com/peers/peer2.org2.example.com/tls:/etc/hyperledger/fabric/tls- peer2.org2.example.com:/var/hyperledger/productionports:- 11051:7051- 11053:7053
为了方便对各个节点的控制,还会启动一个名为 cli 的容器,用户可以进入该容器通过修改相关环境变量以不同的节点身份运行 peer 等命令。因为新增一个新节点,所以需要对现有的 docker-compose-cli.yaml 配置文件进行 3 处修改,主要新增 peer2.org2.example.com 节点相关信息。
点击查看修改后的 docker-compose-cli.yaml 配置文件# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#version: '2'volumes:orderer.example.com:peer0.org1.example.com:peer1.org1.example.com:peer0.org2.example.com:peer1.org2.example.com:peer2.org2.example.com: # 新增节点卷networks:byfn:services:orderer.example.com:extends:file: base/docker-compose-base.yamlservice: orderer.example.comcontainer_name: orderer.example.comnetworks:- byfnpeer0.org1.example.com:container_name: peer0.org1.example.comextends:file: base/docker-compose-base.yamlservice: peer0.org1.example.comnetworks:- byfnpeer1.org1.example.com:container_name: peer1.org1.example.comextends:file: base/docker-compose-base.yamlservice: peer1.org1.example.comnetworks:- byfnpeer0.org2.example.com:container_name: peer0.org2.example.comextends:file: base/docker-compose-base.yamlservice: peer0.org2.example.comnetworks:- byfnpeer1.org2.example.com:container_name: peer1.org2.example.comextends:file: base/docker-compose-base.yamlservice: peer1.org2.example.comnetworks:- byfn# 新增的节点服务peer2.org2.example.com:container_name: peer2.org2.example.comextends:file: base/docker-compose-base.yamlservice: peer2.org2.example.comnetworks:- byfncli:container_name: cliimage: hyperledger/fabric-tools:$IMAGE_TAGtty: truestdin_open: trueenvironment:- GOPATH=/opt/gopath- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock#- CORE_LOGGING_LEVEL=DEBUG- CORE_LOGGING_LEVEL=INFO- CORE_PEER_ID=cli- CORE_PEER_ADDRESS=peer0.org1.example.com:7051- CORE_PEER_LOCALMSPID=Org1MSP- CORE_PEER_TLS_ENABLED=true- CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt- CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key- CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/mspworking_dir: /opt/gopath/src/github.com/hyperledger/fabric/peercommand: /bin/bashvolumes:- /var/run/:/host/var/run/- ./../chaincode/:/opt/gopath/src/github.com/chaincode- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifactsdepends_on:- orderer.example.com- peer0.org1.example.com- peer1.org1.example.com- peer0.org2.example.com- peer1.org2.example.com- peer2.org2.example.com # 新增 cli 对 peer2.org2.example.com 服务的依赖networks:- byfn
之后使用 docker-compose 启动新节点容器并重新创建 cli 容器:
$ docker-compose -f docker-compose-cli.yaml up -d
Creating peer2.org2.example.com ... done
peer0.org1.example.com is up-to-date
peer1.org1.example.com is up-to-date
orderer.example.com is up-to-date
peer0.org2.example.com is up-to-date
Creating peer2.org2.example.com ...
peer1.org2.example.com is up-to-date
Recreating cli ... done
至此,新节点 peer2.org2.example.com 已经启动。
3. 新节点加入通道
此时该节点并没有加入到任何一个通道中,需要进入 cli 容器执行添加操作。
进入 cli 命令行,之后的所有操作均在容器内部进行:
$ docker exec -it cli bash
设置环境变量,使 cli 切换到 peer2.org2.example.com 下:
$ export CHANNEL_NAME=mychannel
$ CORE_PEER_LOCALMSPID="Org2MSP"
$ CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer2.org2.example.com/tls/ca.crt
$ CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
$ CORE_PEER_ADDRESS=peer2.org2.example.com:7051
从 orderer 上拉取通道的创世区块:
$ peer channel fetch oldest mychannel.block -c mychannel -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2020-12-09 07:17:52.078 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2020-12-09 07:17:52.079 UTC [cli/common] readBlock -> INFO 002 Received block: 0
加入通道:
$ peer channel join -b mychannel.block -o orderer.example.com:7050
2020-12-09 07:18:01.562 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2020-12-09 07:18:01.598 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
4. 安装链码
安装链码:
$ peer chaincode install -n mycc -v 1.0 -p github.com/chaincode/chaincode_example02/go
2020-12-09 09:02:29.834 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc
2020-12-09 09:02:29.834 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc
2020-12-09 09:02:30.034 UTC [chaincodeCmd] install -> INFO 003 Installed remotely response:<status:200 payload:"OK" >
同一个通道内所有节点只需要对同样的链码实例化一次即可,该链码已经在之前的旧有节点初始化一次,所以新节点安装完链码后并不需要再次实例化,直接可以对链码进行调用。
检验链码是否安装成功就需要简单查询链码内容:
$ peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
82
5. 参考资料
- Fabric1.1 新增组织内节点
这篇关于Fabric向现有组织中添加新节点的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
