如何更新channel的orderer地址

如何更新一个channel的orderer地址

详细文件请参考：fabric文档：Updating a Channel Configuration

假设CHANNEL_NAME=mychannel

Step 1：得到channel的最新配置块(config block)

#!/bin/bash

export CHANNEL=mychannel

export CORE_PEER_LOCALMSPID=Org1MSP
export CORE_PEER_MSPCONFIGPATH=crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp

peer channel fetch config config.pb \
  -o orderer.example.com:7050 \
  -c ${CHANNEL} \
  --tls --cafile crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

生成本地配置块文件config.pb

注意：peer channel fetch config拿到的最新的配置块，而如果使用peer channel fetch 0则是拿到第一个配置块，第一个配置块就是channel的第一个块。从log也能看出其中的差异：

如果是0：
2018-08-02 05:30:49.968 UTC [channelCmd] readBlock -> DEBU 00a Received block: 0

如果是config：
2018-08-02 05:30:52.896 UTC [channelCmd] readBlock -> DEBU 00a Received block: 6
这个数字会根据配置的更新历史发生变化。

Step 2：从config.pb中提取有效的数据，并转换成可编辑json格式

configtxlator proto_decode --input config.pb --type common.Block | jq .data.data[0].payload.data.config > config.json 

Step 3：修改config.json里面的orderer地址
例如修改orderer地址，或者添加orderer地址。

      "OrdererAddresses": {
        "mod_policy": "/Channel/Orderer/Admins",
        "value": {
          "addresses": [
            "orderer.example.com:7050"
          ]
        },
        "version": "0"
      }

修改后保存为新的文件名，例如config_update.json

或者使用jq更新：

jq '.channel_group.values.OrdererAddresses.value.addresses = ["orderer.example.com:7050","orderer2.example.com:7050"]' config.json > config_update.json

Step 4：把前后的两个json文件重新转换回pb类型文件

configtxlator proto_encode --input config.json        --type common.Config --output config.pb
configtxlator proto_encode --input config_update.json --type common.Config --output config_update.pb

注意两个都要改，替换原来从channel里面直接拿到的config.pb文件，否则无法比较。

Step 5：比较前后两个pb文件的差异，即改动部分

configtxlator compute_update \
  --channel_id mychannel \
  --original config.pb \
  --updated config_update.pb \
  --output mychannel_update.pb

Step 6：把配置变化部分转换成json格式

configtxlator proto_decode --input mychannel_update.pb --type common.ConfigUpdate | jq . > mychannel_update.json

Step 7：为上述json文件添加头部信息(Header)
封装成一个完整的config update请求。

echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat mychannel_update.json)'}}}' | jq . > mychannel_update_in_envelope.json

Step 8：把封装好的json文件转换回pb格式文件

configtxlator proto_encode --input mychannel_update_in_envelope.json --type common.Envelope --output mychannel_update_in_envelope.pb

Step 9：获取签名

#!/bin/bash

export CHANNEL=mychannel

export CORE_PEER_LOCALMSPID=Org1MSP
export CORE_PEER_MSPCONFIGPATH=crypto-config/peerOrganizations/org1.example.com/users/[email protected]/msp
peer channel signconfigtx -f ${CHANNEL}config_update_in_envelope.pb \
    -o orderer.example.com:7050 \
    --tls \
    --cafile crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

Step 10：提交修改请求到orderer

#!/bin/bash

export CHANNEL=mychannel

# Notice, there must use orderer MSP，otherwise, you will see following error:
# Error: got unexpected status: BAD_REQUEST -- error authorizing update: error validating DeltaSet: policy for [Value]  /Channel/OrdererAddresses not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
# and from orderer log, you may find:
# orderer.example.com    | 2018-08-02 05:51:23.892 UTC [cauthdsl] func2 -> DEBU 253 0xc420116060 identity 0 does not satisfy principal: the identity is a member of a different MSP (expected OrdererMSP, got Org1MSP)

export CORE_PEER_LOCALMSPID=OrdererMSP
export CORE_PEER_MSPCONFIGPATH=crypto-config/ordererOrganizations/example.com/users/[email protected]/msp

peer channel update -f mychannel_update_in_envelope.pb \
        -o orderer.example.com:7050 \
        -c ${CHANNEL} \
        --tls \
        --cafile crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem