在私链中添加一个机构

清理并启动网络

#清理
cd fabric-samples/first-network
sudo ./eyfn.sh -m down
sudo ./byfn.sh -m down 

#初始化配置
sudo ./byfn.sh -m generate -c nchannel

#启动私链
sudo ./byfn.sh -m up -t 30 -d 10 -c nchannel

#新增一个机构org3，但org3的节点会告诉你无法加入nchannel
#因为org3不在nchannel中
sudo ./eyfn.sh -m up -t 30 -d 10 -c nchannel

生成org3的配置文件

#生成配置文件
cd org3-artifacts
sudo ../../bin/cryptogen generate --config=./org3-crypto.yaml
export FABRIC_CFG_PATH=$PWD
sudo ../../bin/configtxgen -printOrg Org3MSP > ../channel-artifacts/org3.json

#拷贝到指定位置
cd ../ 
sudo cp -r crypto-config/ordererOrganizations org3-artifacts/crypto-config/

获取并修改当前配置文件

sudo docker exec -it cli bash

#虚拟机内

#安装jq
apt update && apt install -y jq

#配置环境变量
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem 
export CHANNEL_NAME=nchannel
echo $ORDERER_CA && echo $CHANNEL_NAME

#获取最新配置文件
peer channel fetch config config_block.pb -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA

#修改配置文件格式为json
#更新配置文件
#新增org3
#修改配置文件格式为pb
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json
configtxlator proto_encode --input config.json --type common.Config --output config.pb 
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb 
configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output org3_update.pb 
configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"nchannel", "type":2}}, "data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json 
configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb

#用org1进行签名
peer channel signconfigtx -f org3_update_in_envelope.pb

#非常规操作
#用org2进行部署（现在channel中只有org1和org2，所以org1签名，org2部署就是全部org都认可org3了）
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051

#但是这个地方一直报错
#我试了10多次，只有1次成功了，还是在开会，之后再没有成功过
peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA

#错误内容
Rejecting broadcast of config message from 172.19.0.7:38982 because of error: error authorizing update: error validating DeltaSet: 
policy for [Value] /Channel/Application/Org3MSP/MSP not satisfied: signature set did not satisfy policy

配置选举方式

#peer0.org3
#peer1.org3
#默认采用了dynamic配置方式，所以默认可以不用进行配置，可以跳过这一步

#static
CORE_PEER_GOSSIP_USELEADERELECTION=false 
CORE_PEER_GOSSIP_ORGLEADER=true

#dynamic
CORE_PEER_GOSSIP_USELEADERELECTION=true
CORE_PEER_GOSSIP_ORGLEADER=false

peer0.org3节点加入channel

#开启Org3cli
sudo docker-compose -f docker-compose-org3.yaml up -d 
sudo docker exec -it Org3cli bash 

#虚拟机内
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
export CHANNEL_NAME=nchannel 
echo $ORDERER_CA && echo $CHANNEL_NAME

#org3获取创世区块
#必须只同步这个区块，才能加入，否则会失败
peer channel fetch 0 nchannel.block -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA

#pee0.org3节点加入channel
peer channel join -b nchannel.block 

peer1.org3节点加入channel

#还是同一个虚拟机Org3cli
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt 
export CORE_PEER_ADDRESS=peer1.org3.example.com:7051 
peer channel join -b nchannel.block

org3安装新版本合约

#还是同一个虚拟机Org3cli
#还是同一个binary
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/ 

org2安装新版本合约

#虚拟机cli
#还是同一个binary
export CORE_PEER_LOCALMSPID="Org2MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin@org2.example.com/msp
export CORE_PEER_ADDRESS=peer0.org2.example.com:7051
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/ 

org1安装新版本合约

#虚拟机cli
#还是同一个binary
export CORE_PEER_LOCALMSPID="Org1MSP" 
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt 
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin@org1.example.com/msp 
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051 
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/

启用新版本合约

#虚拟机Org3cli
#升级合约
peer chaincode upgrade -o orderer.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -v 2.0 -c '{"Args":["init","a","90","b","210"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer','Org3MSP.peer')"

#调用合约
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}' 
peer chaincode invoke -o orderer.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","10"]}' 
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'