environment:
mac
Docker version 20.10.8
Docker Compose version v2.0.0-rc.1
fabric v2.0.0

一沥匈、概述

orderer_addnode.jpeg

如上圖捉撮，我們將orderer節(jié)點(diǎn)從5個擴(kuò)展到6個
步驟:

• 啟動網(wǎng)絡(luò)(raft共識)
• 準(zhǔn)備orderer6證書
• 增加orderer6 tls證書到系統(tǒng)通道
• 獲取最新區(qū)塊作為orderer6的創(chuàng)世區(qū)塊
• 啟動orderer6節(jié)點(diǎn)容器
• 增加orderer6節(jié)點(diǎn)信息到系統(tǒng)通道
• 增加orderer6 tls證書到用戶通道(可選)
• 增加orderer6節(jié)點(diǎn)信息到用戶通道(可選)

區(qū)塊變化如下圖:

involve_new_config_block.png

腳本執(zhí)行過程如下圖:

create_config_update.png

二寞奸、搭建網(wǎng)絡(luò)

1、下載鏡像以及相關(guān)工具包

https://github.com/hyperledger/fabric/blob/v2.2.0/scripts/bootstrap.sh內(nèi)容copy到剛創(chuàng)建的bootstrap.sh文件里面去
執(zhí)行以下命令:

sh bootstrap.sh

下載完后fabric的環(huán)境安裝完畢

2洛姑、修改crypto-config文件

我們需要把一個orderer節(jié)點(diǎn)擴(kuò)展成5個orderer節(jié)點(diǎn)，需要修改的文件路徑為./fabric-samples/test-network/organizations/cryptogen/crypto-config-orderer.yaml
修改的內(nèi)容如下:

OrdererOrgs:
  # ---------------------------------------------------------------------------
  # Orderer
  # ---------------------------------------------------------------------------
  - Name: Orderer
    Domain: example.com
    EnableNodeOUs: true
    # ---------------------------------------------------------------------------
    # "Specs" - See PeerOrgs for complete description
    # ---------------------------------------------------------------------------
    Specs:
      - Hostname: orderer
        SANS:
          - localhost
      - Hostname: orderer2
        SANS:
          - localhost
      - Hostname: orderer3
        SANS:
          - localhost
      - Hostname: orderer4
        SANS:
          - localhost
      - Hostname: orderer5
        SANS:
          - localhost

3、增加orderer節(jié)點(diǎn)的docker啟動節(jié)點(diǎn)

修改文件路徑為./fabric-samples/test-network/docker/docker-compose-test-net.yaml
請參考:https://github.com/jxu86/fabric-sample-test/blob/master/test-network/docker/docker-compose-test-net.yaml

4揩瞪、修改configtx.yaml

修改文件路徑為./fabric-samples/test-network/configtx/configtx.yaml
請參考:https://github.com/jxu86/fabric-sample-test/blob/master/test-network/configtx/configtx.yaml

5、啟動網(wǎng)絡(luò)

cd ./fabric-samples/test-network
sh network.sh up

啟動成功有以下信息:

[+] Running 9/9
 ? Network net_test                  Created                                                                                                                                                                                             0.1s
 ? Container orderer3.example.com    Started                                                                                                                                                                                             2.7s
 ? Container peer0.org2.example.com  Started                                                                                                                                                                                             3.3s
 ? Container orderer.example.com     Started                                                                                                                                                                                             2.8s
 ? Container orderer5.example.com    Started                                                                                                                                                                                             2.9s
 ? Container peer0.org1.example.com  Started                                                                                                                                                                                             3.6s
 ? Container orderer4.example.com    Started                                                                                                                                                                                             3.2s
 ? Container orderer2.example.com    Started                                                                                                                                                                                             2.9s
 ? Container cli                     Started                                                                                                                                                                                             4.3s
CONTAINER ID   IMAGE          COMMAND             CREATED         STATUS                  PORTS                                                 NAMES
839b297480e3   5eb2356665e7   "/bin/bash"         5 seconds ago   Up Less than a second                                                         cli
1da95678635b   760f304a3282   "peer node start"   5 seconds ago   Up 1 second             7051/tcp, 0.0.0.0:9051->9051/tcp, :::9051->9051/tcp   peer0.org2.example.com
0d89ebba2fb5   5fb8e97da88d   "orderer"           5 seconds ago   Up 2 seconds            0.0.0.0:8050->7050/tcp, :::8050->7050/tcp             orderer2.example.com
a86d6691a134   5fb8e97da88d   "orderer"           5 seconds ago   Up 2 seconds            0.0.0.0:9050->7050/tcp, :::9050->7050/tcp             orderer3.example.com
8dc263b51abd   760f304a3282   "peer node start"   5 seconds ago   Up 1 second             0.0.0.0:7051->7051/tcp, :::7051->7051/tcp             peer0.org1.example.com
2a3afac8c33e   5fb8e97da88d   "orderer"           5 seconds ago   Up 2 seconds            0.0.0.0:11050->7050/tcp, :::11050->7050/tcp           orderer5.example.com
0efa0704e13d   5fb8e97da88d   "orderer"           5 seconds ago   Up 1 second             0.0.0.0:10050->7050/tcp, :::10050->7050/tcp           orderer4.example.com
16d01d73e1b3   5fb8e97da88d   "orderer"           5 seconds ago   Up 2 seconds            0.0.0.0:7050->7050/tcp, :::7050->7050/tcp             orderer.example.com

6篓冲、安裝通道

sh network.sh createChannel

三李破、在現(xiàn)有運(yùn)行的網(wǎng)絡(luò)增加orderer節(jié)點(diǎn)

1、生成orderer6證書

修改./fabric-samples/test-network/organizations/cryptogen/crypto-config-orderer.yaml增加orderer6
執(zhí)行以下命令

cryptogen extend --config=./organizations/cryptogen/crypto-config-orderer.yaml --input ./organizations

2壹将、啟動orderer-cli的docker

創(chuàng)建fabric-samples/test-network/docker/docker-compose-orderer-cli.yaml文件嗤攻，內(nèi)容如下:

version: '2'

networks:
  test:

services:

  orderer-cli:
    container_name: orderer-cli
    image: hyperledger/fabric-tools:$IMAGE_TAG
    tty: true
    stdin_open: true
    environment:
      - SYS_CHANNEL=$SYS_CHANNEL
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      #- FABRIC_LOGGING_SPEC=DEBUG
      - FABRIC_LOGGING_SPEC=INFO
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer0.org1.example.com:7051
      - CORE_PEER_LOCALMSPID=OrdererMSP
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
        - /var/run/:/host/var/run/
        - ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
        - ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
    networks:
      - test

啟動orderer-cli容器

docker-compose -f docker/docker-compost-orderer-cli.yaml up -d

3、系統(tǒng)通道增加orderer6 tls信息

創(chuàng)建fabric-samples/test-network/addOrdererNode/add_tls_sysCh.sh文件诽俯，內(nèi)容為

TLS_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/server.crt
docker exec orderer-cli sh -c 'peer channel fetch config config_block.pb -o orderer.example.com:7050 -c system-channel --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem'
docker exec orderer-cli sh -c 'configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json'
docker exec -e TLS_FILE=$TLS_FILE orderer-cli sh -c 'echo "{\"client_tls_cert\":\"$(cat $TLS_FILE | base64)\",\"host\":\"orderer6.example.com\",\"port\":10050,\"server_tls_cert\":\"$(cat $TLS_FILE | base64)\"}" > $PWD/org6consenter.json'
docker exec orderer-cli sh -c 'jq ".channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [$(cat org6consenter.json)]" config.json > modified_config.json'
docker exec orderer-cli sh -c 'configtxlator proto_encode --input config.json --type common.Config --output config.pb'
docker exec orderer-cli sh -c 'configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb'
docker exec orderer-cli sh -c 'configtxlator compute_update --channel_id system-channel --original config.pb --updated modified_config.pb --output config_update.pb'
docker exec orderer-cli sh -c 'configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json'
docker exec orderer-cli sh -c 'echo "{\"payload\":{\"header\":{\"channel_header\":{\"channel_id\":\"system-channel\", \"type\":2}},\"data\":{\"config_update\":"$(cat config_update.json)"}}}" | jq . > config_update_in_envelope.json'
docker exec orderer-cli sh -c 'configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pb'
docker exec orderer-cli sh -c 'peer channel update -f config_update_in_envelope.pb -c system-channel -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem'

docker exec orderer-cli sh -c 'peer channel fetch config latest_config.block -o orderer.example.com:7050 -c system-channel --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem'
docker cp orderer-cli:/opt/gopath/src/github.com/hyperledger/fabric/peer/latest_config.block ./system-genesis-block/latest_config.block

運(yùn)行腳本

sh addOrdererNode/add_tls_sysCh.sh

4屯曹、啟動orderer6的docker節(jié)點(diǎn)

創(chuàng)建fabric-samples/test-network/docker/docker-compose-orderer6.yaml文件，內(nèi)容如下:

networks:
  test:

services:

  orderer6.example.com:
    container_name: orderer6.example.com
    image: hyperledger/fabric-orderer:$IMAGE_TAG
    environment:
      - FABRIC_LOGGING_SPEC=INFO
      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
      - ORDERER_GENERAL_LISTENPORT=12050
      - ORDERER_GENERAL_GENESISMETHOD=file
      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
      # enabled TLS
      - ORDERER_GENERAL_TLS_ENABLED=true
      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
      - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
      - ORDERER_KAFKA_VERBOSE=true
      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
    command: orderer
    volumes:
        - ../system-genesis-block/latest_config.block:/var/hyperledger/orderer/orderer.genesis.block
        - ../organizations/ordererOrganizations/example.com/orderers/orderer6.example.com/msp:/var/hyperledger/orderer/msp
        - ../organizations/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/:/var/hyperledger/orderer/tls
        - ../data/orderer6.example.com:/var/hyperledger/production/orderer
    ports:
      - 12050:7050
    networks:
      - test

啟動節(jié)點(diǎn)命令

docker-compose -f docker/docker-compose-orderer6.yaml up -d

5惊畏、系統(tǒng)通道增加節(jié)信息

創(chuàng)建fabric-samples/test-network/addOrdererNode/add_ep_sysCh.sh文件恶耽，內(nèi)容為

docker exec orderer-cli sh -c 'peer channel fetch config config_block.pb -o orderer.example.com:7050 -c system-channel --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem'
docker exec orderer-cli sh -c 'configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json'
docker exec orderer-cli sh -c 'jq ".channel_group.values.OrdererAddresses.value.addresses += [\"orderer6.example.com:12050\"]" config.json > modified_config.json'
docker exec orderer-cli sh -c 'configtxlator proto_encode --input config.json --type common.Config --output config.pb'
docker exec orderer-cli sh -c 'configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb'
docker exec orderer-cli sh -c 'configtxlator compute_update --channel_id system-channel --original config.pb --updated modified_config.pb --output config_update.pb'
docker exec orderer-cli sh -c 'configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json'
docker exec orderer-cli sh -c 'echo "{\"payload\":{\"header\":{\"channel_header\":{\"channel_id\":\"system-channel\", \"type\":2}},\"data\":{\"config_update\":"$(cat config_update.json)"}}}" | jq . > config_update_in_envelope.json'
docker exec orderer-cli sh -c 'configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output config_update_in_envelope.pb'
docker exec orderer-cli sh -c 'peer channel update -f config_update_in_envelope.pb -c system-channel -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem'

執(zhí)行腳本

sh addOrdererNode/add_ep_sysCh.sh

最后對比orderer6和orderer的區(qū)塊文件是一樣大小，怎么添加orderer6成功了

?  test-network git:(master) ? ll data/orderer6.example.com/chains/system-channel/blockfile_000000
-rw-r-----  1 jc  staff   106K Sep  2 15:34 data/orderer6.example.com/chains/system-channel/blockfile_000000
?  test-network git:(master) ? ll data/orderer.example.com/chains/system-channel/blockfile_000000
-rw-r-----  1 jc  staff   106K Sep  2 15:27 data/orderer.example.com/chains/system-channel/blockfile_000000

6颜启、orderer6添加應(yīng)用通道

添加已有的用戶通道系統(tǒng)通道的步驟是一樣的偷俭，也是要增加orderer6 tls信息和增加節(jié)信息
具體參考:
https://github.com/jxu86/fabric-sample-test/blob/master/test-network/addOrdererNode/add_tls_appCh.sh
https://github.com/jxu86/fabric-sample-test/blob/master/test-network/addOrdererNode/add_ep_appCh.sh

代碼請參考:https://github.com/jxu86/fabric-sample-test

文章github地址

參考:
配置并使用 Raft 排序服務(wù)
Add an Orderer to a Running Raft-based Orderer Cluster