HyperLedger Fabric动态添加peer节点

Fabric2.4.0为Org2手动添加新节点

1. 生成新节点证书

每个节点都有相应的证书才能连接网络，需要使用 cryptogen 工具生成新节点的证书。因为是新节点加入现有网络组织，因此，需要使用 cryptogen extend 命令首先对现有网络的证书文件进行扩展。在执行该命令之前需要首先修改 crypto-config.yaml 配置文件，将 org2 组织的节点数增加 1，其它的配置信息不要修改。

点击查看修改后的 crypto-config.yaml 配置文件

OrdererOrgs:
  - Name: Orderer
    Domain: example.com
    EnableNodeOUs: true

    Specs:
      - Hostname: orderer   # 如需多个orderer就在下方增加

PeerOrgs:
  - Name: Org1
    Domain: org1.example.com
    EnableNodeOUs: true

    Template:
      Count: 1
    Users:
      Count: 1

  - Name: Org2
    Domain: org2.example.com
    EnableNodeOUs: true
    Template:
      Count: 2    # 修改为2 原为1
    Users:
      Count: 1

修改完成后即可使用 cryptogen extend 命令生成新节点证书，注意，这里需要使用 --config 选项指定刚才修改的配置文件：

cryptogen extend --config=crypto-config.yaml

生成之后，可以发现 org2 组织下增加了一个 peer2.org2.example.com peer：

tree crypto-config/peerOrganizations/org2.example.com/ -L 2
crypto-config/peerOrganizations/org2.example.com/
├── ca
│   ├── ca.org2.example.com-cert.pem
│   └── priv_sk
├── msp
│   ├── admincerts
│   ├── cacerts
│   ├── config.yaml
│   └── tlscacerts
├── peers
│   ├── peer0.org2.example.com
│   └── peer1.org2.example.com   # 新增peer节点配置
├── tlsca
│   ├── priv_sk
│   └── tlsca.org2.example.com-cert.pem
└── users
    ├── [email protected]
    └── [email protected]

2.设置 配置容器 并启动

证书文件生成之后，需要在 docker-compose-orderer.yaml 中添加新节点 peer1.org2.example.com 的配置信息，包括环境变量、映射的端口号、证书文件目录等信息。

我是把新添加peer节点部署在orderer节点，可分配到其它虚机，记得拷贝生成的节点配置文件

添加hosts文件
# orderer节点
192.168.88.121 orderer.example.com peer1.org2.example.com  # 增加peer1.org2.example.com
192.168.88.122 peer0.org1.example.com couchdb0.org1.example.com  # couchdb0.org1.example.com使用122couchDB，不新建
192.168.88.123 peer0.org2.example.com
# org1节点
192.168.88.121 orderer.example.com peer1.org2.example.com  # 增加peer1.org2.example.com
192.168.88.122 peer0.org1.example.com
192.168.88.123 peer0.org2.example.com
# org2节点
192.168.88.121 orderer.example.com peer1.org2.example.com  # 增加peer1.org2.example.com
192.168.88.122 peer0.org1.example.com
192.168.88.123 peer0.org2.example.com

# orderer节点docker-compose-orderer.yaml
  orderer.example.com:
      extra_hosts:                # 节点地址，如需要多个节点，可自己添加
      - "orderer.example.com:192.168.88.121"
      - "peer1.org2.example.com:192.168.88.121"  # 新增peer节点
      - "peer0.org1.example.com:192.168.88.122"
      - "peer0.org2.example.com:192.168.88.123"
  
  
  peer1.org2.example.com:
    container_name: peer1.org2.example.com
    image: hyperledger/fabric-peer:2.4.2                # 修改镜像版本
    environment:
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - CORE_PEER_ID=peer1.org2.example.com
      - CORE_PEER_ADDRESS=peer1.org2.example.com:7051
      - CORE_PEER_LISTENADDRESS=0.0.0.0:7051
      - CORE_PEER_CHAINCODEADDRESS=peer1.org2.example.com:7052
      - CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
      - CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:7051
      - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:7051
      - CORE_PEER_LOCALMSPID=Org2MSP         # 组织org2增加节点，就归属于org2
      - FABRIC_LOGGING_SPEC=INFO
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_GOSSIP_USELEADERELECTION=true
      - CORE_PEER_GOSSIP_ORGLEADER=false
      - CORE_PEER_PROFILE_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
      - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
      - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
      - CORE_CHAINCODE_EXECUTETIMEOUT=300s
      - CORE_LEDGER_STATE_STATEDATABASE=CouchDB
      - CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0.org1.example.com:5984   # 不在此虚机部署couchDB了，使用122虚机的
      - CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=admin
      - CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=adminpw
    depends_on:
      - couchdb0.org1.example.com

    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: peer node start
    volumes:
      - /var/run/:/host/var/run/
      - ./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/etc/hyperledger/fabric/msp
      - ./crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/etc/hyperledger/fabric/tls
    ports:
      - 7051:7051
      - 7052:7052
      - 7053:7053
    restart: always
    extra_hosts:        # 节点地址
      - "orderer.example.com:192.168.88.121"
      - "peer1.org2.example.com:192.168.88.121"  # 添加新节点地址
      - "couchdb0.org1.example.com:192.168.88.122" # 添加couchDB地址
      - "peer0.org1.example.com:192.168.88.122"
      - "peer0.org2.example.com:192.168.88.123"
      
      
      
  cli:
    container_name: cli
    image: hyperledger/fabric-tools:2.4.2               # 修改镜像版本
    restart: always
    tty: true
    stdin_open: true
    environment:
      - GOPATH=/opt/gopath
      - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
      - FABRIC_LOGGING_SPEC=INFO
      - CORE_PEER_ID=cli
      - CORE_PEER_ADDRESS=peer1.org2.example.com:7051
      - CORE_PEER_LOCALMSPID=Org2MSP
      - CORE_PEER_TLS_ENABLED=true
      - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/server.crt    # 新增加的peer证书
      - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/server.key     # 新增加的peer证书
      - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt    # 新增加的peer证书
      - CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/[email protected]/msp               # 新增加的peer证书路径
    working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
    command: /bin/bash
    volumes:
      - /var/run/:/host/var/run/
      - ./chaincode/go/:/opt/gopath/src/github.com/hyperledger/fabric-cluster/chaincode/go
      - ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
      - ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
    extra_hosts:        # 节点地址
      - "orderer.example.com:192.168.88.121"
      - "peer1.org2.example.com:192.168.88.121"  # 添加新节点地址
      - "peer0.org1.example.com:192.168.88.122"
      - "peer0.org2.example.com:192.168.88.123"

修改其它节点compose文件

# org1
  peer0.org1.example.com:
    extra_hosts:        # 节点地址
      - "orderer.example.com:192.168.88.121"
      - "peer1.org2.example.com:192.168.88.121"  # 添加新节点地址
      - "peer0.org1.example.com:192.168.88.122"
      - "peer0.org2.example.com:192.168.88.123"
      
      
  cli:
    extra_hosts:        # 节点地址
      - "orderer.example.com:192.168.88.121"
      - "peer1.org2.example.com:192.168.88.121"  # 添加新节点地址
      - "peer0.org1.example.com:192.168.88.122"
      - "peer0.org2.example.com:192.168.88.123"

# org2
  peer0.org2.example.com:
    extra_hosts:        # 节点地址
      - "orderer.example.com:192.168.88.121"
      - "peer1.org2.example.com:192.168.88.121"  # 添加新节点地址
      - "peer0.org1.example.com:192.168.88.122"
      - "peer0.org2.example.com:192.168.88.123"
      
      
  cli:
    extra_hosts:        # 节点地址
      - "orderer.example.com:192.168.88.121"
      - "peer1.org2.example.com:192.168.88.121"  # 添加新节点地址
      - "peer0.org1.example.com:192.168.88.122"
      - "peer0.org2.example.com:192.168.88.123"

启动三台虚机docker-compose

# orderer
docker-compose -f docker-compose-orderer.yaml up -d
[+] Running 2/2
 ⠿ Container cli                     Started                               1.2s
 ⠿ Container peer1.org2.example.com  Started                               1.8s
 ⠿ Container orderer.example.com     Started                               0.9s
# org1
docker-compose -f docker-compose-org1.yaml up -d
# org2
docker-compose -f docker-compose-org2.yaml up -d

3.加入通道

# 拷贝org1上的通道文件 mychannel.block以及basic.tar.gz链码
scp 192.168.88.122:/home/go/src/github.com/hyperledger/multinodes/basic.tar.gz .
scp 192.168.88.122:/home/go/src/github.com/hyperledger/multinodes/mychannel.block .
# 拷贝到peer1.org2.example.com容器内部
docker cp basic.tar.gz cli:/opt/gopath/src/github.com/hyperledger/fabric/peer
docker cp mychannel.block cli:/opt/gopath/src/github.com/hyperledger/fabric/peer

# 加入通道
peer channel join -b mychannel.block
2022-06-30 03:24:05.817 UTC 0001 INFO [channelCmd] InitCmdFactory -> Endorser and orderer connections initialized
2022-06-30 03:24:06.207 UTC 0002 INFO [channelCmd] executeJoin -> Successfully submitted proposal to join channel
# 安装智能合约
peer lifecycle chaincode install basic.tar.gz
2022-06-30 03:24:48.394 UTC 0001 INFO [cli.lifecycle.chaincode] submitInstallProposal -> Installed remotely: response:<status:200 payload:"\nFbasic:4d40d91e1db9dd2926a918116e21f7888894c3a51ea4947819cb72df552d066c\022\005basic" > 
2022-06-30 03:24:48.394 UTC 0002 INFO [cli.lifecycle.chaincode] submitInstallProposal -> Chaincode code package identifier: basic:4d40d91e1db9dd2926a918116e21f7888894c3a51ea4947819cb72df552d066c

# 同一个通道内所有节点只需要对同样的链码实例化一次即可，该链码已经在之前的旧有节点初始化一次，所以新节点安装完链码后并不需要再次实例化，直接可以对链码进行调用。
# 直接调用看看
peer chaincode query -C mychannel -n basic -c '{"Args":["GetAllAssets"]}'
[{"AppraisedValue":300,"Color":"blue","ID":"asset1","Owner":"Tomoko","Size":5},{"AppraisedValue":400,"Color":"red","ID":"asset2","Owner":"Brad","Size":5},{"AppraisedValue":500,"Color":"green","ID":"asset3","Owner":"Jin Soo","Size":10},{"AppraisedValue":600,"Color":"yellow","ID":"asset4","Owner":"Max","Size":10},{"AppraisedValue":700,"Color":"black","ID":"asset5","Owner":"Adriana","Size":15},{"AppraisedValue":800,"Color":"white","ID":"asset6","Owner":"Christopher","Size":15}]

# 更改asset6 资产所有者Christopher为si
bash-5.1# peer chaincode invoke -o orderer.example.com:7050 --ordererTLSHostnameOverride orderer.example.com --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C mychannel -n basic --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt --peerAddresses peer1.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt -c '{"function":"TransferAsset","Args":["asset6","si"]}'

2022-06-30 03:28:23.923 UTC 0001 INFO [chaincodeCmd] chaincodeInvokeOrQuery -> Chaincode invoke successful. result: status:200 payload:"Christopher"

# 结果显示 asset6 转给了 si:
bash-5.1# peer chaincode query -C mychannel -n basic -c '{"Args":["ReadAsset","asset6"]}'
{"AppraisedValue":800,"Color":"white","ID":"asset6","Owner":"si","Size":15}

# org1查询
bash-5.1# peer chaincode query -C mychannel -n basic -c '{"Args":["ReadAsset","asset6"]}'
{"AppraisedValue":800,"Color":"white","ID":"asset6","Owner":"si","Size":15}
# org2查询
bash-5.1# peer chaincode query -C mychannel -n basic -c '{"Args":["ReadAsset","asset6"]}'
{"AppraisedValue":800,"Color":"white","ID":"asset6","Owner":"si","Size":15}