一、生成新组织的证书和新组织的通道配置json文件

§ 1 生成证书

cd org3-artifacts && ../../bin/cryptogen generate --config=./org3-crypto.yaml

# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#

# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
  # ---------------------------------------------------------------------------
  # Org3
  # ---------------------------------------------------------------------------
  - Name: Org3
    Domain: org3.example.com
    EnableNodeOUs: true
    Template:
      Count: 2
    Users:
      Count: 1

shijianfeng@ubuntu:~/fabric-samples/first-network/org3-artifacts$ ../../bin/cryptogen generate --config=./org3-crypto.yaml
org3.example.com
shijianfeng@ubuntu:~/fabric-samples/first-network/org3-artifacts$ ls -lrt
total 12
-rw-rw-r-- 1 shijianfeng shijianfeng  607 Jan  7 18:44 org3-crypto.yaml
-rw-rw-r-- 1 shijianfeng shijianfeng 1042 Jan  7 18:44 configtx.yaml
drwxr-xr-x 3 shijianfeng shijianfeng 4096 Jan  8 21:53 crypto-config
shijianfeng@ubuntu:~/fabric-samples/first-network/org3-artifacts$ ls -lrt crypto-config/peerOrganizations/org3.example.com/
total 20
drwxr-xr-x 2 shijianfeng shijianfeng 4096 Jan  8 21:53 tlsca
drwxr-xr-x 2 shijianfeng shijianfeng 4096 Jan  8 21:53 ca
drwxr-xr-x 4 shijianfeng shijianfeng 4096 Jan  8 21:53 peers
drwxr-xr-x 4 shijianfeng shijianfeng 4096 Jan  8 21:53 users
drwxr-xr-x 5 shijianfeng shijianfeng 4096 Jan  8 21:53 msp
shijianfeng@ubuntu:~/fabric-samples/first-network/org3-artifacts$ 

 

§ 2 生成org3通道配置的JSON文件

../../bin/configtxgen -printOrg Org3MSP > ../channel-artifacts/org3.json

先看一下通道文件怎么写的

#

---
################################################################################
#
#   Section: Organizations
#
#   - This section defines the different organizational identities which will
#   be referenced later in the configuration.
#
################################################################################
Organizations:
    - &Org3
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: Org3MSP

        # ID to load the MSP definition as
        ID: Org3MSP

        MSPDir: crypto-config/peerOrganizations/org3.example.com/msp

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.org3.example.com
              Port: 7051

shijianfeng@ubuntu:~/fabric-samples/first-network/org3-artifacts$ ../../bin/configtxgen -printOrg Org3MSP > ../channel-artifacts/org3.json
2021-01-08 22:20:05.349 PST [common/tools/configtxgen] main -> INFO 001 Loading configuration
2021-01-08 22:20:05.351 PST [msp] getMspConfig -> INFO 002 Loading NodeOUs
shijianfeng@ubuntu:~/fabric-samples/first-network/org3-artifacts$ vim ../channel-artifacts/org3.json

组织对通道的读写权限

 

 

 

§ 3 将原集群的order组织的身份证书文件复制到org3-artifacts/crypto-config/

cd .. && cp -r crypto-config/ordererOrganizations org3-artifacts/crypto-config/

 

 

 

 

二、使用新的配置，更新通道

更新通道配置 在容器cli中执行scripts/step1org3.sh

§ 1 进入cli容器

docker exec -it cli bash

 

§ 2 安装jq--JSON选择器

echo "nameserver 8.8.8.8" | tee -a /etc/resolv.conf&&apt-get -y update&&apt-get -y install jq

 

 

§ 3 设置orderer环境变量

CORE_PEER_LOCALMSPID="OrdererMSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp

 

 

 

§ 4 获取配置现有通道的交易区块

peer channel fetch config config_block.pb -o orderer.example.com:7050 -c mychannel --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

 

 

 

§ 5 配置现有通道的交易区块转换成JSON并提取交易的内容

configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json

jq只取了交易部分的内容，把封装部分的去掉了

 

 

 

 

§ 6 将现有通道的配置和Org3的配置合并，生成新的Json格式的配置

jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json

 

 

 

§ 7 将现有通道的json配置转成二进制

configtxlator proto_encode --input config.json --type common.Config > original_config.pb

 

 

§ 8 将合并org3后的配置文件转成二进制

configtxlator proto_encode --input modified_config.json --type common.Config > modified_config.pb

 

 

§ 9 计算出合并org3后的配置文件和现有通道的配置文件的差异

configtxlator compute_update --channel_id mychannel --original original_config.pb --updated modified_config.pb > config_update.pb

 

 

§ 10. 合并org3后的配置文件和现有通道的配置文件的差异转成json格式

configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate > config_update.json

 

 

§ 11. 根据新老通道配置的差异构建交易json

echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json

 

 

§ 12. 将新老通道配置的差异的交易json转成二进制

configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope > org3_update_in_envelope.pb

 

 

§ 13. 设置peer0.org1环境变量

CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051

 

 

§ 14. 为org3_update_in_envelope.pb签名

peer channel signconfigtx -f org3_update_in_envelope.pb

 必须有通道内的成员为其签名，才能更新

 

 

§ 15. 设置peer0.org2环境变量

CORE_PEER_LOCALMSPID="Org2MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
CORE_PEER_ADDRESS=peer0.org2.example.com:7051

另外一个节点做提交

 

§ 16. 更新通道（步骤二结束）

peer channel update -f org3_update_in_envelope.pb -c mychannel -o orderer.example.com:7050 --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

退出容器

 

三、新组织的节点加入更新后的通道并安装链码

新组织的节点加入更新后的通道并安装链码

§ 1 启动新组织节点的容器

IMAGE_TAG=latest docker-compose -f docker-compose-org3.yaml up -d

 

 

 

 

§ 2 进入容器Org3cli

docker exec -it Org3cli bash

 

§ 3 获取新通道的配置

peer channel fetch 0 mychannel.block -o orderer.example.com:7050 -c mychannel --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

 

 

 

§ 4 设置peer0.org3环境变量

CORE_PEER_LOCALMSPID="Org3MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
CORE_PEER_ADDRESS=peer0.org3.example.com:7051

 

 

§ 5 peer0.org3加入通道

peer channel join -b mychannel.block

 

 

§ 6 设置peer1.org3环境变量

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt
CORE_PEER_ADDRESS=peer1.org3.example.com:7051

 

 

§ 7. peer1.org3加入通道

peer channel join -b mychannel.block

 

 

§ 8. 设置peer0.org3环境变量

CORE_PEER_LOCALMSPID="Org3MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
CORE_PEER_ADDRESS=peer0.org3.example.com:7051

 

 

§ 9 安装链码(步骤3结束)

peer chaincode install -n mycc -v 2.0 -l golang -p github.com/chaincode/chaincode_example02/go/

注意链码版本必须比原来新，所以设置了为2.0

我这个应该没有安装成功，后面再看看原因

 

 

四、原有组织各节点更新链码版本

原有组织各节点更新链码版本

§ 1 进入cli容器

docker exec -it cli bash

 

§ 2 设置peer0.org1环境

CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051

 

§ 3 peer0.org1安装链码

peer chaincode install -n mycc -v 2.0 -l golang -p github.com/chaincode/chaincode_example02/go/

 

 

§ 4. 设置peer0.org2环境

CORE_PEER_LOCALMSPID="Org2MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
CORE_PEER_ADDRESS=peer0.org2.example.com:7051

 

 

§ 5 peer0.org2安装链码

peer chaincode install -n mycc -v 2.0 -l golang -p github.com/chaincode/chaincode_example02/go/

每个组织必须有一个节点安装链码

 

§ 6. 设置peer0.org1环境

CORE_PEER_LOCALMSPID="Org1MSP"
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp
CORE_PEER_ADDRESS=peer0.org1.example.com:7051

 

 

§ 7 更新链码版本，背书策略 （步骤四结束）

peer chaincode upgrade -o orderer.example.com:7050 --tls false --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n mycc -v 2.0 -c '{"Args":["init","a","90","b","210"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer','Org3MSP.peer')"

这里是实例化链码，只需要一个地方实例化就可以了

退出

 

 

五、加节点后的新版链码测试

容器Org3cli中执行./scripts/testorg3.sh

docker exec Org3cli ./scripts/testorg3.sh mychannel 3 golang 10

shijianfeng@ubuntu:~/fabric-samples/first-network$ docker exec Org3cli ./scripts/testorg3.sh mychannel 3 golang 10

 ____    _____      _      ____    _____ 
/ ___|  |_   _|    / \    |  _ \  |_   _|
\___ \    | |     / _ \   | |_) |   | |  
 ___) |   | |    / ___ \  |  _ <    | |  
|____/    |_|   /_/   \_\ |_| \_\   |_|  

Extend your first network (EYFN) test

Channel name : mychannel
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
CORE_PEER_LOCALMSPID=Org3MSP
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
CORE_PEER_TLS_ENABLED=true
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
CORE_PEER_ID=Org3cli
CORE_LOGGING_LEVEL=INFO
CORE_PEER_ADDRESS=peer0.org3.example.com:7051
===================== Querying on peer0.org3 on channel 'mychannel'... ===================== 
Attempting to Query peer0.org3 ...3 secs
+ peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
+ res=0
+ set +x

2021-01-09 09:54:54.023 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc
2021-01-09 09:54:54.024 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc
Query Result: 90
2021-01-09 09:54:55.119 UTC [main] main -> INFO 003 Exiting.....
===================== Query on peer0.org3 on channel 'mychannel' is successful ===================== 
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
CORE_PEER_LOCALMSPID=Org3MSP
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
CORE_PEER_TLS_ENABLED=true
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
CORE_PEER_ID=Org3cli
CORE_LOGGING_LEVEL=INFO
CORE_PEER_ADDRESS=peer0.org3.example.com:7051
+ peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n mycc -c '{"Args":["invoke","a","b","10"]}'
+ res=0
+ set +x
2021-01-09 09:54:55.160 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc
2021-01-09 09:54:55.160 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc
2021-01-09 09:54:55.165 UTC [chaincodeCmd] chaincodeInvokeOrQuery -> INFO 003 Chaincode invoke successful. result: status:200 
2021-01-09 09:54:55.165 UTC [main] main -> INFO 004 Exiting.....
===================== Invoke transaction on peer0.org3 on channel 'mychannel' is successful ===================== 

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.key
CORE_PEER_LOCALMSPID=Org3MSP
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/server.crt
CORE_PEER_TLS_ENABLED=true
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/users/Admin@org3.example.com/msp
CORE_PEER_ID=Org3cli
CORE_LOGGING_LEVEL=INFO
CORE_PEER_ADDRESS=peer0.org3.example.com:7051
===================== Querying on peer0.org3 on channel 'mychannel'... ===================== 
Attempting to Query peer0.org3 ...3 secs
+ peer chaincode query -C mychannel -n mycc -c '{"Args":["query","a"]}'
+ res=0
+ set +x

2021-01-09 09:54:58.234 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 001 Using default escc
2021-01-09 09:54:58.234 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 002 Using default vscc
Query Result: 80
2021-01-09 09:54:58.238 UTC [main] main -> INFO 003 Exiting.....
===================== Query on peer0.org3 on channel 'mychannel' is successful ===================== 

========= All GOOD, EYFN test execution completed =========== 


 _____   _   _   ____   
| ____| | \ | | |  _ \  
|  _|   |  \| | | | | | 
| |___  | |\  | | |_| | 
|_____| |_| \_| |____/  

shijianfeng@ubuntu:~/fabric-samples/first-network$ 

如果没有执行成功，则等会重试一下