Question

我按照此处提到的步骤将新的订购者组织添加到现有网络中频道（即，将配置更改为订购者频道）更新抛出错误，如下所示，

How to add a new Orderer Organization to existing Hyperledger Fabric network

Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'e2e-orderer-syschan': error authorizing update: error validating DeltaSet: policy for [Value]  /Channel/OrdererAddresses not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied

使用以下设置调用来修改json块（在下面的json更改步骤中尝试混合/匹配此组合）

q -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' config.json ${KL_NEW_ORDERER_NAME}.json > modified-config.json 
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' modified-config.json ${KL_NEW_ORDERER_NAME}.json > modified-config1.json 

jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"'${KL_CONSORTIUM_NAME}'":{"groups": {"Orderermk01MSP":.[1]}}}}}}}' modified-config1.json  ${KL_NEW_ORDERER_NAME}.json > modified-config2.json 

LENGTH=$(jq '.channel_group.values.OrdererAddresses.value.addresses | length' modified-config2.json)
jq '.channel_group.values.OrdererAddresses.value.addresses['${LENGTH}'] |= "'${KL_NEW_ORDERER_URL}'"' modified-config2.json > modified-config3.json

cert=`base64 /hl-material/mk01-orderer/crypto-config/ordererOrganizations/${KL_DOMAIN}/orderers/orderer.mk01.${KL_DOMAIN}/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat modified-config3.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "raft0.mk01.'${KL_DOMAIN}'", "port": 32050, "server_tls_cert": "'$cert'"}] ' > modified-config4.json

我的网络设置基于订购者组织A中K8s群集下具有5个筏形节点的HLF 2.2 LTS 注意：我已经以动态方式在2.2 LTS上成功设置了多渠道，多个对等组织

但是现在正在寻找将订购者组织动态扩展到多个集群/组织的方法。上述步骤是否需要任何提示或更新？我的设置环境：

KL_NEW_ORDERER_NAME=OrgB
KL_CONSORTIUM_NAME=orga-Consortium
KL_DOMAIN=example.com
export ORDERER_URL=orderer.orga.example.com:7050
export CORE_PEER_LOCALMSPID=OrdererMSP
export CORE_PEER_MSPCONFIGPATH=crypto-config/example.com/orderers/orderer.orga.example.com/msp
export ORDERER_CA=crypto-config/ordererOrganizations/example.com/orderers/orderer.orgA.example.com/msp/tlscacerts/tlsca.example.com-cert.pem


jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' config.json ${KL_NEW_ORDERER_NAME}.json > modified-config.json 
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' modified-config.json ${KL_NEW_ORDERER_NAME}.json > modified-config1.json 

jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"'${KL_CONSORTIUM_NAME}'":{"groups": {"Orderermk01MSP":.[1]}}}}}}}' modified-config1.json  ${KL_NEW_ORDERER_NAME}.json > modified-config2.json 

LENGTH=$(jq '.channel_group.values.OrdererAddresses.value.addresses | length' modified-config2.json)
jq '.channel_group.values.OrdererAddresses.value.addresses['${LENGTH}'] |= "'${KL_NEW_ORDERER_URL}'"' modified-config2.json > modified-config3.json

cert=`base64 crypto-config/ordererOrganizations/example.com/orderers/orderer.mk01.example.com/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat modified-config3.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "orderer.orgB.example.com", "port": 7050, "server_tls_cert": "'$cert'"}] ' > modified-config4.json

configtxlator proto_encode --input config.json --type common.Config >original_config.pb
configtxlator proto_encode --input modified-config4.json --type common.Config >modified_config.pb
configtxlator compute_update --channel_id "e2e-orderer-syschan" --original original_config.pb --updated modified_config.pb >config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate >config_update-diff.json
jq '.channel_id="e2e-orderer-syschan"' config_update-diff.json > config_update.json

echo '{"payload":{"header":{"channel_header":{"channel_id":"e2e-orderer-syschan", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope >"${OUTPUT}"


peer channel update -f modified_update_envelope.pb -c e2e-orderer-syschan -o ${ORDERER_URL} --tls true --cafile $ORDERER_CA

任何人都遇到过这个问题/是否从hlf等人那里获得了参考文件？

谢谢玛丽亚

Answer 1

看起来您忘记了在更新read more here之前对.pb文件进行签名

关于此过程的规则，有document。

编辑：我刚刚找到了Fabric 2.2的this文档。它提供了有关该政策的更多信息。

Hyperledger Fabric将新的订购者组织添加到网络（HLF2.2 LTS）

1 个答案: