Hyperledger Fabric动态配置Raft节点
最近看官方文档发现新的共识算法etcdRaft允许动态添加或删除排序节点,所以也花了一天时间操作了以下,写篇文章把整个过程记录一下。
初始网络本文设置了4个Orderer节点,1个Peer节点(用于更新配置文件以及测试用),然后动态添加第五个Orderer节点。
本文分成两个部分:
- 第一部分是手动通过Fabric-CA生成每一个节点的证书文件
- 第二部分是更新Fabric网络配置添加新的Orderer节点。
本文基于Fabric v2.0.0-beta版本。版本号只要高于1.4.1就行
1 搭建定制化的Fabric网络
前提条件是成功跑起来Fabric的示例网络,可以看这里->Hyperledger Fabric环境搭建
首先在$GOPATH下(本文路径地址为$GOPATH/src/github.com/hyperledger/fab)建立如下几个文件夹用于之后的操作:
. # 这里是根目录fab
├── ca # 用于生成CA证书的ca配置文件的文件夹
│ ├── org1
│ │ └── fabric-ca-server-config.yaml
│ └── server
│ └── fabric-ca-server-config.yaml
├── channel-artifacts #用于保存创世区块以及通道配置文件
├── configtx.yaml #配置文件:用于生成创世区块以及通道配置文件
├── crypto-config #存储生成的证书文件
├── docker # Fabric网络节点通过Docker启动,用于启动节点的Docker文件
│ ├── base.yaml
│ ├── docker-compose-addOrderer5.yaml
│ ├── docker-compose-ca.yaml
│ ├── docker-compose-orderers.yaml
│ └── docker-compose-peer.yaml
└── store #存储区块等信息以下所有操作默认都在根目录文件夹内!
1.1CA配置文件
直接在这里贴出来:org1/fabric-ca-server-config.yaml:展开查看
org1/fabric-ca-server-config.yaml
version: 1.2.0
# Server's listening port (default: 7054)
port: 7054
# Enables debug logging (default: false)
debug: false
crlsizelimit: 512000
tls:
# Enable TLS (default: false)
enabled: true
certfile:
keyfile:
clientauth:
type: noclientcert
certfiles:
ca:
# Name of this CA
name: Org1CA
keyfile:
certfile:
chainfile:
crl:
expiry: 24h
registry:
maxenrollments: -1
identities:
- name: admin
pass: adminpw
type: client
affiliation: ""
attrs:
hf.Registrar.Roles: "*"
hf.Registrar.DelegateRoles: "*"
hf.Revoker: true
hf.IntermediateCA: true
hf.GenCRL: true
hf.Registrar.Attributes: "*"
hf.AffiliationMgr: true
db:
type: sqlite3
datasource: fabric-ca-server.db
tls:
enabled: false
certfiles:
client:
certfile:
keyfile:
ldap:
enabled: false
url: ldap://<adminDN>:<adminPassword>@<host>:<port>/<base>
tls:
certfiles:
client:
certfile:
keyfile:
attribute:
names: ['uid','member']
converters:
- name:
value:
maps:
groups:
- name:
value:
affiliations:
org1:
- department1
- department2
org2:
- department1
signing:
default:
usage:
- digital signature
expiry: 8760h
profiles:
ca:
usage:
- cert sign
- crl sign
expiry: 43800h
caconstraint:
isca: true
maxpathlen: 0
tls:
usage:
- signing
- key encipherment
- server auth
- client auth
- key agreement
expiry: 8760h
csr:
cn: ca.org1.example.com
names:
- C: US
ST: "North Carolina"
L: "Durham"
O: org1.example.com
OU:
hosts:
- localhost
- org1.example.com
ca:
expiry: 131400h
pathlength: 1
bccsp:
default: SW
sw:
hash: SHA2
security: 256
filekeystore:
keystore: msp/keystore
cacount:
cafiles:
intermediate:
parentserver:
url:
caname:
enrollment:
hosts:
profile:
label:
tls:
certfiles:
client:
certfile:
keyfile: