Hyperledger Fabric 将新的排序组织添加到网络 (HLF2.2 LTS)
Hyperledger Fabric adding new orderer organizations to network (HLF2.2 LTS)
我按照此处提到的步骤将新的订购者组织添加到现有网络中
通道(即将配置更改更新到订购者通道)更新抛出错误,如下所示,
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'e2e-orderer-syschan': error authorizing update: error validating DeltaSet: policy for [Value] /Channel/OrdererAddresses not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
修改-json 使用以下设置调用阻止(尝试 mix/match 以下组合 json 更改步骤)
q -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' config.json ${KL_NEW_ORDERER_NAME}.json > modified-config.json
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' modified-config.json ${KL_NEW_ORDERER_NAME}.json > modified-config1.json
jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"'${KL_CONSORTIUM_NAME}'":{"groups": {"Orderermk01MSP":.[1]}}}}}}}' modified-config1.json ${KL_NEW_ORDERER_NAME}.json > modified-config2.json
LENGTH=$(jq '.channel_group.values.OrdererAddresses.value.addresses | length' modified-config2.json)
jq '.channel_group.values.OrdererAddresses.value.addresses['${LENGTH}'] |= "'${KL_NEW_ORDERER_URL}'"' modified-config2.json > modified-config3.json
cert=`base64 /hl-material/mk01-orderer/crypto-config/ordererOrganizations/${KL_DOMAIN}/orderers/orderer.mk01.${KL_DOMAIN}/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat modified-config3.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "raft0.mk01.'${KL_DOMAIN}'", "port": 32050, "server_tls_cert": "'$cert'"}] ' > modified-config4.json
我的网络设置基于 HLF 2.2 LTS,在 Orderer Organization A 的 K8s 集群下有 5 个 raft 节点
注意:我在 2.2 LTS 上以动态方式成功设置了多渠道、多对等组织
但现在正在寻找动态地将排序组织扩展为多个 cluster/orgs。上述步骤是否需要任何提示或更新?
我的设置环境:
KL_NEW_ORDERER_NAME=OrgB
KL_CONSORTIUM_NAME=orga-Consortium
KL_DOMAIN=example.com
export ORDERER_URL=orderer.orga.example.com:7050
export CORE_PEER_LOCALMSPID=OrdererMSP
export CORE_PEER_MSPCONFIGPATH=crypto-config/example.com/orderers/orderer.orga.example.com/msp
export ORDERER_CA=crypto-config/ordererOrganizations/example.com/orderers/orderer.orgA.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' config.json ${KL_NEW_ORDERER_NAME}.json > modified-config.json
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' modified-config.json ${KL_NEW_ORDERER_NAME}.json > modified-config1.json
jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"'${KL_CONSORTIUM_NAME}'":{"groups": {"Orderermk01MSP":.[1]}}}}}}}' modified-config1.json ${KL_NEW_ORDERER_NAME}.json > modified-config2.json
LENGTH=$(jq '.channel_group.values.OrdererAddresses.value.addresses | length' modified-config2.json)
jq '.channel_group.values.OrdererAddresses.value.addresses['${LENGTH}'] |= "'${KL_NEW_ORDERER_URL}'"' modified-config2.json > modified-config3.json
cert=`base64 crypto-config/ordererOrganizations/example.com/orderers/orderer.mk01.example.com/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat modified-config3.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "orderer.orgB.example.com", "port": 7050, "server_tls_cert": "'$cert'"}] ' > modified-config4.json
configtxlator proto_encode --input config.json --type common.Config >original_config.pb
configtxlator proto_encode --input modified-config4.json --type common.Config >modified_config.pb
configtxlator compute_update --channel_id "e2e-orderer-syschan" --original original_config.pb --updated modified_config.pb >config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate >config_update-diff.json
jq '.channel_id="e2e-orderer-syschan"' config_update-diff.json > config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"e2e-orderer-syschan", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope >"${OUTPUT}"
peer channel update -f modified_update_envelope.pb -c e2e-orderer-syschan -o ${ORDERER_URL} --tls true --cafile $ORDERER_CA
有人遇到过这个 problem/know 来自 hlf 等的参考文件吗?
谢谢
玛丽亚
看来您忘记在更新前签署 .pb 文件read more here
关于这个过程的规则有一个document
编辑:我刚刚找到 this Fabric 2.2 的文档。它提供了有关政策的更多信息。
我按照此处提到的步骤将新的订购者组织添加到现有网络中 通道(即将配置更改更新到订购者通道)更新抛出错误,如下所示,
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'e2e-orderer-syschan': error authorizing update: error validating DeltaSet: policy for [Value] /Channel/OrdererAddresses not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
修改-json 使用以下设置调用阻止(尝试 mix/match 以下组合 json 更改步骤)
q -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' config.json ${KL_NEW_ORDERER_NAME}.json > modified-config.json
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' modified-config.json ${KL_NEW_ORDERER_NAME}.json > modified-config1.json
jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"'${KL_CONSORTIUM_NAME}'":{"groups": {"Orderermk01MSP":.[1]}}}}}}}' modified-config1.json ${KL_NEW_ORDERER_NAME}.json > modified-config2.json
LENGTH=$(jq '.channel_group.values.OrdererAddresses.value.addresses | length' modified-config2.json)
jq '.channel_group.values.OrdererAddresses.value.addresses['${LENGTH}'] |= "'${KL_NEW_ORDERER_URL}'"' modified-config2.json > modified-config3.json
cert=`base64 /hl-material/mk01-orderer/crypto-config/ordererOrganizations/${KL_DOMAIN}/orderers/orderer.mk01.${KL_DOMAIN}/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat modified-config3.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "raft0.mk01.'${KL_DOMAIN}'", "port": 32050, "server_tls_cert": "'$cert'"}] ' > modified-config4.json
我的网络设置基于 HLF 2.2 LTS,在 Orderer Organization A 的 K8s 集群下有 5 个 raft 节点 注意:我在 2.2 LTS 上以动态方式成功设置了多渠道、多对等组织
但现在正在寻找动态地将排序组织扩展为多个 cluster/orgs。上述步骤是否需要任何提示或更新? 我的设置环境:
KL_NEW_ORDERER_NAME=OrgB
KL_CONSORTIUM_NAME=orga-Consortium
KL_DOMAIN=example.com
export ORDERER_URL=orderer.orga.example.com:7050
export CORE_PEER_LOCALMSPID=OrdererMSP
export CORE_PEER_MSPCONFIGPATH=crypto-config/example.com/orderers/orderer.orga.example.com/msp
export ORDERER_CA=crypto-config/ordererOrganizations/example.com/orderers/orderer.orgA.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' config.json ${KL_NEW_ORDERER_NAME}.json > modified-config.json
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' modified-config.json ${KL_NEW_ORDERER_NAME}.json > modified-config1.json
jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"'${KL_CONSORTIUM_NAME}'":{"groups": {"Orderermk01MSP":.[1]}}}}}}}' modified-config1.json ${KL_NEW_ORDERER_NAME}.json > modified-config2.json
LENGTH=$(jq '.channel_group.values.OrdererAddresses.value.addresses | length' modified-config2.json)
jq '.channel_group.values.OrdererAddresses.value.addresses['${LENGTH}'] |= "'${KL_NEW_ORDERER_URL}'"' modified-config2.json > modified-config3.json
cert=`base64 crypto-config/ordererOrganizations/example.com/orderers/orderer.mk01.example.com/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat modified-config3.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "orderer.orgB.example.com", "port": 7050, "server_tls_cert": "'$cert'"}] ' > modified-config4.json
configtxlator proto_encode --input config.json --type common.Config >original_config.pb
configtxlator proto_encode --input modified-config4.json --type common.Config >modified_config.pb
configtxlator compute_update --channel_id "e2e-orderer-syschan" --original original_config.pb --updated modified_config.pb >config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate >config_update-diff.json
jq '.channel_id="e2e-orderer-syschan"' config_update-diff.json > config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"e2e-orderer-syschan", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope >"${OUTPUT}"
peer channel update -f modified_update_envelope.pb -c e2e-orderer-syschan -o ${ORDERER_URL} --tls true --cafile $ORDERER_CA
有人遇到过这个 problem/know 来自 hlf 等的参考文件吗?
谢谢 玛丽亚
看来您忘记在更新前签署 .pb 文件read more here
关于这个过程的规则有一个document
编辑:我刚刚找到 this Fabric 2.2 的文档。它提供了有关政策的更多信息。