我一直在研究将Orderer节点证书从 cryptogen 旋转到 Fabric CA 。 我一直在这里关注官方文档- https://hyperledger-fabric.readthedocs.io/en/release-1.4/raft_configuration.html
下面是我到目前为止尝试过的步骤-
configtx.yaml msp 路径。Orderer.json创建新的configtx.yaml 当前,我在尝试更新系统通道“ testchainid”时遇到问题。看到的错误是-
错误:具有意外状态:BAD_REQUEST-将配置更新应用于现有通道'testchainid'的错误:授权更新的错误:验证DeltaSet的错误:元素[Group] / Channel / Application的mod_policy无效:未设置mod_policy
共享对等CLI上执行的步骤:
peer channel fetch config config_block.pb -o orderer.org.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA
configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json
# Find the diff between current config and new config, then output a new json file
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"OrdererMSP":.[1]}}}}}' config.json Orderer.json > modified_config.json
# add fabric ca tls certs
jq 'del(.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters[])' modified_config.json > modified_config_1.json
#new ca cert for orderer to update system channel
cert1=$(base64 /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org.com/orderer/tls-msp/signcerts/cert.pem | sed ':a;N;$!ba;s/\n//g')
#new ca cert for orderer1 to update in system channel
cert2=$(base64 /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org.com/orderer1/tls-msp/signcerts/cert.pem | sed ':a;N;$!ba;s/\n//g')
#new ca cert for orderer2 to update in system channel
cert3=$(base64 /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/org.com/orderer2/tls-msp/signcerts/cert.pem | sed ':a;N;$!ba;s/\n//g')
#update the new certs on to channel
jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert1'", "host": "orderer.org.com", "port": 7050, "server_tls_cert": "'$cert1'"}] | .channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert2'", "host": "orderer1.org.com", "port": 7050, "server_tls_cert": "'$cert2'"}] | .channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert3'", "host": "orderer2.org.com", "port": 7050, "server_tls_cert": "'$cert3'"}] ' modified_config_1.json > modified_config_2.json
# Converts config.json into config.pb
configtxlator proto_encode --input config.json --type common.Config --output config.pb
# Converts modified_config.pb into modified_config.json
configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
# Converts modified_config.pb into modified_config.json
configtxlator proto_encode --input modified_config_1.json --type common.Config --output modified_config_1.pb
# Converts modified_config.pb into modified_config.json
configtxlator proto_encode --input modified_config_2.json --type common.Config --output modified_config_2.pb
# Calculates the delta between modified_config.json config.json then output
configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config_2.pb --output Orderer_ca_update.pb
configtxlator proto_decode --input Orderer_ca_update.pb --type common.ConfigUpdate | jq . > Orderer_ca_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"testchainid", "type":2}},"data":{"config_update":'"$(cat Orderer_ca_update.json)"'}}}' | jq . > Orderer_ca_update_in_envelope.json
configtxlator proto_encode --input Orderer_ca_update_in_envelope.json --type common.Envelope --output Orderer_ca_update_in_envelope.pb
peer channel signconfigtx -f Orderer_ca_update_in_envelope.pb
peer channel update -f Orderer_ca_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.org.com:7050 --tls --cafile $ORDERER_CA
在解决此问题方面的任何帮助将不胜感激。