Hyperledger Fabric:再添加一个 raft 排序器
Hyperledger Fabric: adding one more raft orderer
- 我想在我的网络中再添加一个 raft 排序器:我获取配置块并将其转换为 json 格式。当我想添加新的订购者时,我不知道
client.crt 和 server.crt. 应该使用哪种格式
{
"client_tls_cert":"client.crt",
"host": "orderer3.com",
"port": 7050,
"server_tls_cert":"server.crt"
}
我想要这样的东西:
"client_tls_cert":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNXRENDQWYrZ0F3SUJBZ0lRYTN2NXYySzBYeUhaMHk1andmS2lyVEFLQmdncWhrak9QUVFEQWpCc01Rc3cKQ1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0JNS1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeQpZVzVqYVhOamJ6RVVNQklHQTFVRUNoTUxaWGhoYlhCc1pTNWpiMjB4R2pBWUJnTlZCQU1URVhSc2MyTmhMbVY0CllXMXdiR1V1WTI5dE1CNFhEVEU1TVRJeE56RTBNRFF3TUZvWERUSTVNVEl4TkRFME1EUXdNRm93V0RFTE1Ba0cKQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2tOaGJHbG1iM0p1YVdFeEZqQVVCZ05WQkFjVERWTmhiaUJHY21GdQpZMmx6WTI4eEhEQWFCZ05WQkFNVEUyOXlaR1Z5WlhJdVpYaGhiWEJzWlM1amIyMHdXVEFUQmdjcWhrak9QUUlCCkJnZ3Foa2pPUFFNQkJ3TkNBQVNjNEhVUklQN0tndFJVWXFGbTA1SGtDdFkySnB2R2RsSzNsUGZXR1hEM3JEaTMKMVY4V1YxRWU3RlZjRWF4ZjVYUFBETlpDM0Exb3ZETGxYb3h0WlNaNm80R1dNSUdUTUE0R0ExVWREd0VCL3dRRQpBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3CkFEQXJCZ05WSFNNRUpEQWlnQ0Npb1RjcTZMSzJNYnhHazZDdVQ5bmYwSDB1RHdSLytEbFRpQzBHaXRNN3dUQW4KQmdOVkhSRUVJREFlZ2hOdmNtUmxjbVZ5TG1WNFlXMXdiR1V1WTI5dGdnZHZjbVJsY21WeU1Bb0dDQ3FHU000OQpCQU1DQTBjQU1FUUNJSGI0QVN3aUZzbGEySm9xRFlvUmlYeVZ0eUppZVFUbVByR01DMDQ5clVaYkFpQlc4dWhHCk9vY0I1S0N6MlU5ZktxSHYwZ1E0NUhLY1VMTS9ETnZEei9TMmFRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
我使用的一种方法是在测试环境中重新创建 genesis.block 并从 json 格式复制它的 server.crt 以及 crypto-config 目录中的相应加密到我的真实环境。但是我想要一个更简单更简单的方法。
- 我也不知道如何为我的订购者创建
client.crt。
你可以看到here我的一个非常非常老的脚本,是我想测试自动添加 Raft 节点时创建的。第三个参数(configFunc)应该是"addOSN"。
我不知道它是否仍然有效,但你可以阅读它并理解其中的想法。
addOSN() {
cert=`base64 /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat config.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "orderer3.example.com", "port": 7050, "server_tls_cert": "'$cert'"}] ' > modified_config.json
}
channelConfig() {
channel=
srcSeq=
configFunc=
cert=`base64 /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
echo "fetching config block"
CORE_PEER_LOCALMSPID="OrdererMSP"
CORE_PEER_TLS_ROOTCERT_FILE=$ORDERER_CA
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp
peer channel fetch $srcSeq configBlock.pb -o orderer0.example.com:7050 -c "${channel}" --tls --cafile $ORDERER_CA
echo "converting config to JSON"
configtxlator proto_decode --input configBlock.pb --type common.Block | jq '.data.data[0].payload.data.config' > config.json
echo "adding orderer3.example.com as a new consenter"
eval $configFunc
echo "computing the config delta"
configtxlator proto_encode --input config.json --type common.Config --output config.pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
configtxlator compute_update --channel_id ${channel} --original config.pb --updated modified_config.pb --output orderer3Addition.pb
configtxlator proto_decode --input orderer3Addition.pb --type common.ConfigUpdate | jq . > orderer3Addition.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'${channel}'", "type":2}},"data":{"config_update":'$(cat orderer3Addition.json)'}}}' | jq . > orderer3AdditionInEnvelope.json
configtxlator proto_encode --input orderer3AdditionInEnvelope.json --type common.Envelope --output orderer3AdditionInEnvelope.pb
peer channel signconfigtx -f orderer3AdditionInEnvelope.pb
peer channel update -f orderer3AdditionInEnvelope.pb -c ${channel} -o orderer0.example.com:7050 --tls --cafile $ORDERER_CA
}
要使用该函数,我的 link 中的脚本运行:
echo "Adding orderer3.example.com to the network"
channelConfig $ORDERER_SYSCHAN_ID 0 addOSN
channelConfig $CHANNEL_NAME 2 addOSN
- 我想在我的网络中再添加一个 raft 排序器:我获取配置块并将其转换为 json 格式。当我想添加新的订购者时,我不知道
client.crt和server.crt. 应该使用哪种格式
{
"client_tls_cert":"client.crt",
"host": "orderer3.com",
"port": 7050,
"server_tls_cert":"server.crt"
}
我想要这样的东西:
"client_tls_cert":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNXRENDQWYrZ0F3SUJBZ0lRYTN2NXYySzBYeUhaMHk1andmS2lyVEFLQmdncWhrak9QUVFEQWpCc01Rc3cKQ1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0JNS1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeQpZVzVqYVhOamJ6RVVNQklHQTFVRUNoTUxaWGhoYlhCc1pTNWpiMjB4R2pBWUJnTlZCQU1URVhSc2MyTmhMbVY0CllXMXdiR1V1WTI5dE1CNFhEVEU1TVRJeE56RTBNRFF3TUZvWERUSTVNVEl4TkRFME1EUXdNRm93V0RFTE1Ba0cKQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2tOaGJHbG1iM0p1YVdFeEZqQVVCZ05WQkFjVERWTmhiaUJHY21GdQpZMmx6WTI4eEhEQWFCZ05WQkFNVEUyOXlaR1Z5WlhJdVpYaGhiWEJzWlM1amIyMHdXVEFUQmdjcWhrak9QUUlCCkJnZ3Foa2pPUFFNQkJ3TkNBQVNjNEhVUklQN0tndFJVWXFGbTA1SGtDdFkySnB2R2RsSzNsUGZXR1hEM3JEaTMKMVY4V1YxRWU3RlZjRWF4ZjVYUFBETlpDM0Exb3ZETGxYb3h0WlNaNm80R1dNSUdUTUE0R0ExVWREd0VCL3dRRQpBd0lGb0RBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSEF3SXdEQVlEVlIwVEFRSC9CQUl3CkFEQXJCZ05WSFNNRUpEQWlnQ0Npb1RjcTZMSzJNYnhHazZDdVQ5bmYwSDB1RHdSLytEbFRpQzBHaXRNN3dUQW4KQmdOVkhSRUVJREFlZ2hOdmNtUmxjbVZ5TG1WNFlXMXdiR1V1WTI5dGdnZHZjbVJsY21WeU1Bb0dDQ3FHU000OQpCQU1DQTBjQU1FUUNJSGI0QVN3aUZzbGEySm9xRFlvUmlYeVZ0eUppZVFUbVByR01DMDQ5clVaYkFpQlc4dWhHCk9vY0I1S0N6MlU5ZktxSHYwZ1E0NUhLY1VMTS9ETnZEei9TMmFRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
我使用的一种方法是在测试环境中重新创建 genesis.block 并从 json 格式复制它的 server.crt 以及 crypto-config 目录中的相应加密到我的真实环境。但是我想要一个更简单更简单的方法。
- 我也不知道如何为我的订购者创建
client.crt。
你可以看到here我的一个非常非常老的脚本,是我想测试自动添加 Raft 节点时创建的。第三个参数(configFunc)应该是"addOSN"。
我不知道它是否仍然有效,但你可以阅读它并理解其中的想法。
addOSN() {
cert=`base64 /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat config.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "orderer3.example.com", "port": 7050, "server_tls_cert": "'$cert'"}] ' > modified_config.json
}
channelConfig() {
channel=
srcSeq=
configFunc=
cert=`base64 /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
echo "fetching config block"
CORE_PEER_LOCALMSPID="OrdererMSP"
CORE_PEER_TLS_ROOTCERT_FILE=$ORDERER_CA
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp
peer channel fetch $srcSeq configBlock.pb -o orderer0.example.com:7050 -c "${channel}" --tls --cafile $ORDERER_CA
echo "converting config to JSON"
configtxlator proto_decode --input configBlock.pb --type common.Block | jq '.data.data[0].payload.data.config' > config.json
echo "adding orderer3.example.com as a new consenter"
eval $configFunc
echo "computing the config delta"
configtxlator proto_encode --input config.json --type common.Config --output config.pb
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
configtxlator compute_update --channel_id ${channel} --original config.pb --updated modified_config.pb --output orderer3Addition.pb
configtxlator proto_decode --input orderer3Addition.pb --type common.ConfigUpdate | jq . > orderer3Addition.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"'${channel}'", "type":2}},"data":{"config_update":'$(cat orderer3Addition.json)'}}}' | jq . > orderer3AdditionInEnvelope.json
configtxlator proto_encode --input orderer3AdditionInEnvelope.json --type common.Envelope --output orderer3AdditionInEnvelope.pb
peer channel signconfigtx -f orderer3AdditionInEnvelope.pb
peer channel update -f orderer3AdditionInEnvelope.pb -c ${channel} -o orderer0.example.com:7050 --tls --cafile $ORDERER_CA
}
要使用该函数,我的 link 中的脚本运行:
echo "Adding orderer3.example.com to the network"
channelConfig $ORDERER_SYSCHAN_ID 0 addOSN
channelConfig $CHANNEL_NAME 2 addOSN