fabric1.4版本共识由kafka转换raft方法
fabric1.4版本共识由kafka转换raft方法
方案
- 系统进入维护模式,应用交易将被拒绝,只有排序服务管理员可以对通道配置进行更新;
- 系统停止运行,考虑到迁移过程可能出错,对数据进行备份;
- 系统启动,每个通道的共识类型和基础数据进行了修改;
- 系统重启,并开始以 Raft 共识模式运行;每个通道都验证确认已经完成了选举;
- 系统退出维护模式并正常提供服务;
注意
-
检查证书 是否存在这个证书
crypto-config/ordererOrganizations/example.com/msp/admincerts/[email protected]
如果不存在 此文档不适合升级 -
首先获取所有通道配置 检查一共有几个orderer 甄选适合参与raft的共识orderer 多余删除少添加 (建议使用大于等于5个 我这里测试只用了三个)
-
列出所有通道 包含系统通道 这个系统通道是当初创建创世区块的 -channelID byfn-sys-channel指定的
-
保证参与raft的orderer之间可以通信
Step1. 准备
操作时在cli的容器中完成的
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CHANNEL_NAME=mychannel //此处需要根据不同通道而改变
//创建操作目录
mkdir Maintenance_mode_$CHANNEL_NAME && cd Maintenance_mode_$CHANNEL_NAME
Step2. 获取所有通道最新的区块配置改成维护模式
(有几个通道需要执行Step1 Step2几遍) 其中别忘设置通道名称环境变量
注意 : 千万不要忘记系统通道 byfn-sys-channel也需要改配置
1. 获取区块命令
peer channel fetch config config_block.pb -o orderer0.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
2. pb文件转json
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
3. 复制
cp config.json config_mod.json
4. 修改config_mod.json中的模式为维护模式
sed -i 's/NORMAL/MAINTENANCE/g' config_mod.json
5. 组装更新pb
(1). configtxlator proto_encode --input config.json --type common.Config --output config.pb
(2). configtxlator proto_encode --input config_mod.json --type common.Config --output modified_config.pb
(3). configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output config_update.pb
(4). configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate | jq . > config_update.json
(5). echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_envelope.json //注意不同通道修改channel_id
(6). configtxlator proto_encode --input config_update_envelope.json --type common.Envelope --output config_update_in_envelope.pb
6. 对要更新的签名
peer channel signconfigtx -f config_update_in_envelope.pb
7. 环境变量
export CORE_PEER_LOCALMSPID="OrdererMSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/[email protected]/msp/
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
8. 证书说明
此处提交时用orderer的 admin的证书 (因此需要保证部署生成的orderer证书里面包含example.com/msp/admincerts/[email protected] )
peer channel update -f config_update_in_envelope.pb -c $CHANNEL_NAME -o orderer0.example.com:7050 --tls --cafile $ORDERER_CA
Step3. 重启容器
此操作退出cli容器
如果是多机部署的 需要分别cli peer3 peer2 peer1 peer0 orderer2 orderer1 orderer0 kafka3 kafka2 kafka2 kafka0 zookeeper2 zookeeper1 zookeeper0重启
注意重启kafak 需要停顿一下 保证kafka之间完成
docker restart $(docker ps -a | grep "hyperledger/fabric" | awk '{print $1}')
Step4. 修改通道配置
(有几个通道需要执行Step4几遍) 其中别忘设置通道名称环境变量
1.进入cli容器
docker exec -it cli bash
2. 设置环境变量
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CHANNEL_NAME=mychannel
export CORE_PEER_LOCALMSPID="OrdererMSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/[email protected]/msp/
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
3. 创建操作目录
mkdir Modify_mode_raft_${CHANNEL_NAME} && cd Modify_mode_raft_${CHANNEL_NAME}
4. 拉取新块配置
peer channel fetch config config_block.pb -o orderer0.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
5. pb转json
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
6. 复制
cp config.json config_mod.json
7. 需要参与raft orderer节点的base64证书
base64 /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.crt -w0 && echo ""
base64 /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer1.example.com/tls/server.crt -w0 && echo ""
base64 /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt -w0 && echo ""
修改config_mod.json文件 上面获取base64证书对应替换 client_tls_cert和server_tls_cert 这两个是一样的
"ConsensusType": {
"mod_policy": "Admins",
"value": {
"metadata": {
"consenters":[
{
"client_tls_cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNXekNDQWdLZ0F3SUJBZ0lRRnkvSEV4K0l6U05KR3M3bG1wZy95REFLQmdncWhrak9QUVFEQWpCc01Rc3cKQ1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0JNS1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeQpZVzVqYVhOamJ6RVVNQklHQTFVRUNoTUxaWGhoYlhCc1pTNWpiMjB4R2pBWUJnTlZCQU1URVhSc2MyTmhMbVY0CllXMXdiR1V1WTI5dE1CNFhEVEl3TURJeE1qQTBNVGN3TUZvWERUTXdNREl3T1RBME1UY3dNRm93V1RFTE1Ba0cKQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2tOaGJHbG1iM0p1YVdFeEZqQVVCZ05WQkFjVERWTmhiaUJHY21GdQpZMmx6WTI4eEhUQWJCZ05WQkFNVEZHOXlaR1Z5WlhJd0xtVjRZVzF3YkdVdVkyOXRNRmt3RXdZSEtvWkl6ajBDCkFRWUlLb1pJemowREFRY0RRZ0FFZDI4aEJac3NUV3N6SFcxNzFaNXloYTZNWXY0TWttTFFIR2xGMnQ4SllMZ00KYytuUy8zUTJJL1VoTklNaU8rYUpBUHZxQTRGdm4vL1FHNDNtMEdMUnRhT0JtRENCbFRBT0JnTlZIUThCQWY4RQpCQU1DQmFBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDCk1BQXdLd1lEVlIwakJDUXdJb0FncWorR1RMTzlzOXQ4SWNKMWo3ZTRObklSSDlrN2xieUl6TVpGV2pmdmhid3cKS1FZRFZSMFJCQ0l3SUlJVWIzSmtaWEpsY2pBdVpYaGhiWEJzWlM1amIyMkNDRzl5WkdWeVpYSXdNQW9HQ0NxRwpTTTQ5QkFNQ0EwY0FNRVFDSUhQYlFPVTRidTZCNkxDVHFhT2R0bDNsVEh5b3JvcUtXRFpYei9yM2pHRU5BaUJ5ClVNMEk0ZVdMM2duTGVFRnM2V0ROSUw1Q3oxVHgraU43eWhaMXRsR2R6Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K",
"host": "orderer0.example.com",
"port": 7050,
"server_tls_cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNXekNDQWdLZ0F3SUJBZ0lRRnkvSEV4K0l6U05KR3M3bG1wZy95REFLQmdncWhrak9QUVFEQWpCc01Rc3cKQ1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0JNS1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeQpZVzVqYVhOamJ6RVVNQklHQTFVRUNoTUxaWGhoYlhCc1pTNWpiMjB4R2pBWUJnTlZCQU1URVhSc2MyTmhMbVY0CllXMXdiR1V1WTI5dE1CNFhEVEl3TURJeE1qQTBNVGN3TUZvWERUTXdNREl3T1RBME1UY3dNRm93V1RFTE1Ba0cKQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2tOaGJHbG1iM0p1YVdFeEZqQVVCZ05WQkFjVERWTmhiaUJHY21GdQpZMmx6WTI4eEhUQWJCZ05WQkFNVEZHOXlaR1Z5WlhJd0xtVjRZVzF3YkdVdVkyOXRNRmt3RXdZSEtvWkl6ajBDCkFRWUlLb1pJemowREFRY0RRZ0FFZDI4aEJac3NUV3N6SFcxNzFaNXloYTZNWXY0TWttTFFIR2xGMnQ4SllMZ00KYytuUy8zUTJJL1VoTklNaU8rYUpBUHZxQTRGdm4vL1FHNDNtMEdMUnRhT0JtRENCbFRBT0JnTlZIUThCQWY4RQpCQU1DQmFBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDCk1BQXdLd1lEVlIwakJDUXdJb0FncWorR1RMTzlzOXQ4SWNKMWo3ZTRObklSSDlrN2xieUl6TVpGV2pmdmhid3cKS1FZRFZSMFJCQ0l3SUlJVWIzSmtaWEpsY2pBdVpYaGhiWEJzWlM1amIyMkNDRzl5WkdWeVpYSXdNQW9HQ0NxRwpTTTQ5QkFNQ0EwY0FNRVFDSUhQYlFPVTRidTZCNkxDVHFhT2R0bDNsVEh5b3JvcUtXRFpYei9yM2pHRU5BaUJ5ClVNMEk0ZVdMM2duTGVFRnM2V0ROSUw1Q3oxVHgraU43eWhaMXRsR2R6Zz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
},
{
"client_tls_cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNYRENDQWdLZ0F3SUJBZ0lRYkpGZTZhVGt5bDFXb2JuV1Fmd28zakFLQmdncWhrak9QUVFEQWpCc01Rc3cKQ1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0JNS1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeQpZVzVqYVhOamJ6RVVNQklHQTFVRUNoTUxaWGhoYlhCc1pTNWpiMjB4R2pBWUJnTlZCQU1URVhSc2MyTmhMbVY0CllXMXdiR1V1WTI5dE1CNFhEVEl3TURJeE1qQTBNVGN3TUZvWERUTXdNREl3T1RBME1UY3dNRm93V1RFTE1Ba0cKQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2tOaGJHbG1iM0p1YVdFeEZqQVVCZ05WQkFjVERWTmhiaUJHY21GdQpZMmx6WTI4eEhUQWJCZ05WQkFNVEZHOXlaR1Z5WlhJeExtVjRZVzF3YkdVdVkyOXRNRmt3RXdZSEtvWkl6ajBDCkFRWUlLb1pJemowREFRY0RRZ0FFeGlSRXlNdlhYcGNyZzRGSitWMHlOUFZXc2FxbTVUbEVLVnVlUVpTYzYybisKZnF1MmFwN3E3SWFyZDd4Vjd0Z1JPRFFVeDMxck5JK1c0bzZ2T2FEeGVxT0JtRENCbFRBT0JnTlZIUThCQWY4RQpCQU1DQmFBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDCk1BQXdLd1lEVlIwakJDUXdJb0FncWorR1RMTzlzOXQ4SWNKMWo3ZTRObklSSDlrN2xieUl6TVpGV2pmdmhid3cKS1FZRFZSMFJCQ0l3SUlJVWIzSmtaWEpsY2pFdVpYaGhiWEJzWlM1amIyMkNDRzl5WkdWeVpYSXhNQW9HQ0NxRwpTTTQ5QkFNQ0EwZ0FNRVVDSVFDbmtXVnl0UFZOMDFnUnhTZDNQcHdEQUQwS2NFYjJwbjZJTldnZ1RYZmNtQUlnClgrSHlQczFXVWZMUTJIRFI1NzhTSUZweXFVYWhZc2QrTTNKZjlENXZTRmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K",
"host": "orderer1.example.com",
"port": 7150,
"server_tls_cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNYRENDQWdLZ0F3SUJBZ0lRYkpGZTZhVGt5bDFXb2JuV1Fmd28zakFLQmdncWhrak9QUVFEQWpCc01Rc3cKQ1FZRFZRUUdFd0pWVXpFVE1CRUdBMVVFQ0JNS1EyRnNhV1p2Y201cFlURVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeQpZVzVqYVhOamJ6RVVNQklHQTFVRUNoTUxaWGhoYlhCc1pTNWpiMjB4R2pBWUJnTlZCQU1URVhSc2MyTmhMbVY0CllXMXdiR1V1WTI5dE1CNFhEVEl3TURJeE1qQTBNVGN3TUZvWERUTXdNREl3T1RBME1UY3dNRm93V1RFTE1Ba0cKQTFVRUJoTUNWVk14RXpBUkJnTlZCQWdUQ2tOaGJHbG1iM0p1YVdFeEZqQVVCZ05WQkFjVERWTmhiaUJHY21GdQpZMmx6WTI4eEhUQWJCZ05WQkFNVEZHOXlaR1Z5WlhJeExtVjRZVzF3YkdVdVkyOXRNRmt3RXdZSEtvWkl6ajBDCkFRWUlLb1pJemowREFRY0RRZ0FFeGlSRXlNdlhYcGNyZzRGSitWMHlOUFZXc2FxbTVUbEVLVnVlUVpTYzYybisKZnF1MmFwN3E3SWFyZDd4Vjd0Z1JPRFFVeDMxck5JK1c0bzZ2T2FEeGVxT0JtRENCbFRBT0JnTlZIUThCQWY4RQpCQU1DQmFBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDCk1BQXdLd1lEVlIwakJDUXdJb0FncWorR1RMTzlzOXQ4SWNKMWo3ZTRObklSSDlrN2xieUl6TVpGV2pmdmhid3cKS1FZRFZSMFJCQ0l3SUlJVWIzSmtaWEpsY2pFdVpYaGhiWEJzWlM1amIyMkNDRzl5WkdWeVpYSXhNQW9HQ0NxRwpTTTQ5QkFNQ0EwZ0FNRVVDSVFDbmtXVnl0UFZOMDFnUnhTZDNQcHdEQUQwS2NFYjJwbjZJTldnZ1RYZmNtQUlnClgrSHlQczFXVWZMUTJIRFI1NzhTSUZweXFVYWhZc2QrTTNKZjlENXZTRmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
},
{
"client_tls_cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNYVENDQWdPZ0F3SUJBZ0lSQUxCdGNSRlN6QUd2eVB5WE50VmVNVVV3Q2dZSUtvWkl6ajBFQXdJd2JERUwKTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFnVENrTmhiR2xtYjNKdWFXRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMlY0WVcxd2JHVXVZMjl0TVJvd0dBWURWUVFERXhGMGJITmpZUzVsCmVHRnRjR3hsTG1OdmJUQWVGdzB5TURBeU1USXdOREUzTURCYUZ3MHpNREF5TURrd05ERTNNREJhTUZreEN6QUoKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJRXdwRFlXeHBabTl5Ym1saE1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaApibU5wYzJOdk1SMHdHd1lEVlFRREV4UnZjbVJsY21WeU1pNWxlR0Z0Y0d4bExtTnZiVEJaTUJNR0J5cUdTTTQ5CkFnRUdDQ3FHU000OUF3RUhBMElBQkpyVFM0ZlNCQlRmMUtXTnJpcWtEVXkrSEtmREhhR0dUL2s4b0VvRC8xRm0KZ2wvQWExSnlIZGkvbS9vY3NFN3owMDZpMGJJbVFZKy9xeW5pMzJQd0QxV2pnWmd3Z1pVd0RnWURWUjBQQVFILwpCQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFCkFqQUFNQ3NHQTFVZEl3UWtNQ0tBSUtvL2hreXp2YlBiZkNIQ2RZKzN1RFp5RVIvWk81VzhpTXpHUlZvMzc0VzgKTUNrR0ExVWRFUVFpTUNDQ0ZHOXlaR1Z5WlhJeUxtVjRZVzF3YkdVdVkyOXRnZ2h2Y21SbGNtVnlNakFLQmdncQpoa2pPUFFRREFnTklBREJGQWlFQTR0MVFhWmNHdzlyeklDWGR4MGNXTDVaaHF6V3UvckJVckt3VkxadTJPNzhDCklGbWFyZmY3UGJsMXY1Z1ZnYjlIZ2pybzBiUk1zbnZkUmpaNjVNbkNDbkx4Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K",
"host": "orderer2.example.com",
"port": 7250,
"server_tls_cert": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNYVENDQWdPZ0F3SUJBZ0lSQUxCdGNSRlN6QUd2eVB5WE50VmVNVVV3Q2dZSUtvWkl6ajBFQXdJd2JERUwKTUFrR0ExVUVCaE1DVlZNeEV6QVJCZ05WQkFnVENrTmhiR2xtYjNKdWFXRXhGakFVQmdOVkJBY1REVk5oYmlCRwpjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMlY0WVcxd2JHVXVZMjl0TVJvd0dBWURWUVFERXhGMGJITmpZUzVsCmVHRnRjR3hsTG1OdmJUQWVGdzB5TURBeU1USXdOREUzTURCYUZ3MHpNREF5TURrd05ERTNNREJhTUZreEN6QUoKQmdOVkJBWVRBbFZUTVJNd0VRWURWUVFJRXdwRFlXeHBabTl5Ym1saE1SWXdGQVlEVlFRSEV3MVRZVzRnUm5KaApibU5wYzJOdk1SMHdHd1lEVlFRREV4UnZjbVJsY21WeU1pNWxlR0Z0Y0d4bExtTnZiVEJaTUJNR0J5cUdTTTQ5CkFnRUdDQ3FHU000OUF3RUhBMElBQkpyVFM0ZlNCQlRmMUtXTnJpcWtEVXkrSEtmREhhR0dUL2s4b0VvRC8xRm0KZ2wvQWExSnlIZGkvbS9vY3NFN3owMDZpMGJJbVFZKy9xeW5pMzJQd0QxV2pnWmd3Z1pVd0RnWURWUjBQQVFILwpCQVFEQWdXZ01CMEdBMVVkSlFRV01CUUdDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFNQmdOVkhSTUJBZjhFCkFqQUFNQ3NHQTFVZEl3UWtNQ0tBSUtvL2hreXp2YlBiZkNIQ2RZKzN1RFp5RVIvWk81VzhpTXpHUlZvMzc0VzgKTUNrR0ExVWRFUVFpTUNDQ0ZHOXlaR1Z5WlhJeUxtVjRZVzF3YkdVdVkyOXRnZ2h2Y21SbGNtVnlNakFLQmdncQpoa2pPUFFRREFnTklBREJGQWlFQTR0MVFhWmNHdzlyeklDWGR4MGNXTDVaaHF6V3UvckJVckt3VkxadTJPNzhDCklGbWFyZmY3UGJsMXY1Z1ZnYjlIZ2pybzBiUk1zbnZkUmpaNjVNbkNDbkx4Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
}
],
"options": {
"election_tick": 10,
"heartbeat_tick": 1,
"max_inflight_blocks": 5,
"snapshot_interval_size": 20971520,
"tick_interval": "500ms"
}
},
"state": "STATE_MAINTENANCE",
"type": "etcdraft"
},
"version": "1"
},
8. 把修改之后组成信封
(1). configtxlator proto_encode --input config.json --type common.Config --output config.pb
(2). configtxlator proto_encode --input config_mod.json --type common.Config --output modified_config.pb
(3). configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output config_update.pb
(4). configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate | jq . > config_update.json
(5). echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_envelope.json //注意不同通道修改channek_id
(6). configtxlator proto_encode --input config_update_envelope.json --type common.Envelope --output config_update_in_envelope.pb
9. 签名
peer channel signconfigtx -f config_update_in_envelope.pb
10. 提交
export CORE_PEER_LOCALMSPID="OrdererMSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/[email protected]/msp/
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
peer channel update -f config_update_in_envelope.pb -c $CHANNEL_NAME -o orderer0.example.com:7050 --tls --cafile $ORDERER_CA
11. 向所有orderer 容器添加变量
export ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
export ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
export ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
12. 重启系统
注意此处启动的时候 只启动orderer 以为此时已不需要kafka 参与
停止顺序: orderer0 orderer1 orderer2 .. kafak0 kafak 1 .. zookeeper0 ..zookeeper1
启动: orderer0 orderer1 orderer2
## 这是我操作 系统通道byfn-sys-channel和 mychanel返回的结果
2020-02-13 10:21:38.486 UTC [orderer.consensus.etcdraft] send -> INFO 0d5 Successfully sent StepRequest to 3 after failed attempt(s) channel=mychannel node=1
2020-02-13 10:21:38.494 UTC [orderer.consensus.etcdraft] send -> INFO 0d6 Successfully sent StepRequest to 3 after failed attempt(s) channel=byfn-sys-channel node=1
Step5. 更新所有通道配置为正常模式
1. 环境准备 (此操作再cli容器)
export CORE_PEER_LOCALMSPID="OrdererMSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/[email protected]/msp/
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CHANNEL_NAME=mychannel
##创建操作目录
mkdir maintenance_off_$CHANNEL_NAME && cd maintenance_off_$CHANNEL_NAME
2. 获取通道配置改为正常模式
(有几个通道需要执行第一、二步几遍) 其中别忘设置通道名称环境变量
注意 : 千万不要忘记系统通道 byfn-sys-channel也需要改配置(包含共识)
1. 获取区块命令
peer channel fetch config config_block.pb -o orderer0.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
2. pb文件转json
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
3. 复制
cp config.json config_mod.json
4. 修改config_mod.json中的模式为维护模式
sed -i 's/MAINTENANCE/NORMAL/g' config_mod.json
5. 组装更新pb
(1). configtxlator proto_encode --input config.json --type common.Config --output config.pb
(2). configtxlator proto_encode --input config_mod.json --type common.Config --output modified_config.pb
(3). configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output config_update.pb
(4). configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate | jq . > config_update.json
(5). echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_envelope.json //注意不同通道修改channel_id
(6). configtxlator proto_encode --input config_update_envelope.json --type common.Envelope --output config_update_in_envelope.pb
6. 对要更新的签名
peer channel signconfigtx -f config_update_in_envelope.pb
7. 环境变量
export CORE_PEER_LOCALMSPID="OrdererMSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/[email protected]/msp/
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051
8. 此处提交时用orderer的 admin的证书 (因此需要保证部署生成的orderer证书里面包含example.com/msp/admincerts/[email protected] )
peer channel update -f config_update_in_envelope.pb -c $CHANNEL_NAME -o orderer0.example.com:7050 --tls --cafile $ORDERER_CA
3 .重启系统
重启 orderer peer
Step6. 验证是否可以交易
export CHANNEL_NAME=mychannel
peer chaincode invoke -o orderer0.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:9051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["invoke","a","b","10"]}'
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'
最后
这是我今年二月份 在家参照官方文档 其中也有参考网上方案 测试过程,最后整理一下