Dynamic addition and deletion of hyperledger fabric organization

Time:2022-5-23

preface

In the practice of fabric customized alliance chain network engineering, we virtualized the alliance chain network requirements of a studio, analyzed the architecture of the whole network according to this requirement, and completed a simple fabric network model. Based on it, this paper willmychannelAdd a new hard organization on the channel and delete the soft organization later. Please refer to the preparations for the necessary preparations and DNS configuration of this experiment.

Background introduction

Experimental preparation

The network architecture in this section is based on the network engineering practice of fabric customized alliance chain, which will be included in the project1_3Org2Peer1Orderer1TLSCopy as2_FabricNetworkUpdateIt is suggested that the cases in this warehouse should be directly entered into the Fabrik warehouse2_FabricNetworkUpdateCopy the directory to the local operation). By default, all commands in this article are2_FabricNetworkUpdateExecute under the root directory. Start the basic network with the following command:

  1. Setting environment variablessource envpeer1soft
  2. Start CA network./0_Restart.sh
  3. Registered user./1_RegisterUser.sh
  4. Construction certificate./2_EnrollUser.sh
  5. Configure channel./3_Configtxgen.sh
  6. Install test chain code./4_TestChaincode.sh

The initial docker network of this experiment is:
Dynamic addition and deletion of hyperledger fabric organization

The initial block height of this experiment is 6:
Dynamic addition and deletion of hyperledger fabric organization

Paper work

In this experiment, a new organization hard is dynamically added to the hyperledger fabric network, which contains an organization node peer1. The network structure is (the experimental code has been uploaded to: https://github.com/wefantasy/FabricLearn of2_FabricNetworkUpdate(lower)1

term Run port explain
council.ifantasy.net 7050 The CA service of Council organization provides tls-ca service for alliance chain network
orderer.ifantasy.net 7150 The CA service of orderer organization provides sorting service for alliance chain network
orderer1.orderer.ifantasy.net 7151 Order1 member node of orderer organization
soft.ifantasy.net 7250 CA service of soft organization, including members: peer1 and admin1
peer1.soft.ifantasy.net 7251 Peer1 member node of soft organization
web.ifantasy.net 7350 CA service of Web Organization, including members: peer1, admin1
peer1.web.ifantasy.net 7351 Peer1 member node of Web Organization
hard.ifantasy.net 7450 The CA service of hard organization includes members: peer1 and admin1
peer1.hard.ifantasy.net 7451 Peer1 member node of hard organization

Add new organization

This section will demonstrate adding a new organization – hard (Hardware Group) to the basic network1

Generate hard organization certificate

In the test, we can simply passcryptogenTo create all certificates of hard organization. The specific method will not be repeated. This paper will still use the form of fabric CA to create all certificates of hard organization.

  1. staycompose/docker-compose.yamlAdd the CA service of hard in:

    hard.ifantasy.net:
     container_name: hard.ifantasy.net
     extends:
         file: docker-base.yaml
         service: ca-base
     command: sh -c 'fabric-ca-server start -d -b ca-admin:ca-adminpw --port 7050'
     environment:
         - FABRIC_CA_SERVER_CSR_CN=hard.ifantasy.net
         - FABRIC_CA_SERVER_CSR_HOSTS=hard.ifantasy.net
     volumes:
         - ${LOCAL_CA_PATH}/hard.ifantasy.net/ca:${DOCKER_CA_PATH}/ca
     ports:
         - 7450:7050
  2. Start the CA service of hard

    docker-compose -f $LOCAL_ROOT_PATH/compose/docker-compose.yaml up -d hard.ifantasy.net
  3. Registered organization account number of hard:

    echo "Working on tls"
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH//ca/crypto/ca-cert.pem
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH//ca/admin
    fabric-ca-client enroll -d -u https://ca-admin:[email protected]:7050
    fabric-ca-client register -d --id.name peer1hard --id.secret peer1hard --id.type orderer -u https://:7050
    
    echo "Working on hard"
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/ca/crypto/ca-cert.pem
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/hard.ifantasy.net/ca/admin
    fabric-ca-client enroll -d -u https://ca-admin:[email protected]:7450
    fabric-ca-client register -d --id.name peer1 --id.secret peer1 --id.type peer -u https://hard.ifantasy.net:7450
    fabric-ca-client register -d --id.name admin1 --id.secret admin1 --id.type admin -u https://hard.ifantasy.net:7450
  4. Configure the organization certificate of hard:

    echo "Preparation============================="
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/assets
    cp $LOCAL_CA_PATH/hard.ifantasy.net/ca/crypto/ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pem
    cp $LOCAL_CA_PATH//ca/crypto/ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/assets/tls-ca-cert.pem
    echo "Preparation============================="
    echo "Enroll Admin"
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://admin1:[email protected]:7450
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/admincerts
    cp $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/admincerts/cert.pem
    
    echo "Enroll Peer1"
    export FABRIC_CA_CLIENT_HOME=$LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pem
    export FABRIC_CA_CLIENT_MSPDIR=msp
    fabric-ca-client enroll -d -u https://peer1:[email protected]:7450
    # for TLS
    export FABRIC_CA_CLIENT_MSPDIR=tls-msp
    export FABRIC_CA_CLIENT_TLS_CERTFILES=$LOCAL_CA_PATH/hard.ifantasy.net/assets/tls-ca-cert.pem
    fabric-ca-client enroll -d -u https://peer1hard:[email protected]:7050 --enrollment.profile tls --csr.hosts peer1.hard.ifantasy.net
    cp $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/tls-msp/keystore/*_sk $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/tls-msp/keystore/key.pem
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/msp/admincerts
    cp $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/registers/peer1/msp/admincerts/cert.pem
    
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/admincerts
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/cacerts
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/tlscacerts
    mkdir -p $LOCAL_CA_PATH/hard.ifantasy.net/msp/users
    cp $LOCAL_CA_PATH/hard.ifantasy.net/assets/ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/msp/cacerts/
    cp $LOCAL_CA_PATH/hard.ifantasy.net/assets/tls-ca-cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/msp/tlscacerts/
    cp $LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp/signcerts/cert.pem $LOCAL_CA_PATH/hard.ifantasy.net/msp/admincerts/cert.pem
    cp $LOCAL_ROOT_PATH/config/config-msp.yaml $LOCAL_CA_PATH/hard.ifantasy.net/msp/config.yaml
    echo "End hard============================="
  5. staycompose/docker-compose.yamlAdd peer service of hard in:

    peer1.hard.ifantasy.net:
     container_name: peer1.hard.ifantasy.net
     extends:
         file: docker-base.yaml
         service: peer-base
     environment:
         - CORE_PEER_ID=peer1.hard.ifantasy.net
         - CORE_PEER_ADDRESS=peer1.hard.ifantasy.net:7051
         - CORE_PEER_LOCALMSPID=hardMSP
         - CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.hard.ifantasy.net:7051
     volumes:
         - ${LOCAL_CA_PATH}/hard.ifantasy.net/registers/peer1:${DOCKER_CA_PATH}/peer
     ports:
         - 7451:7051
  6. Start the peer1 node of hard:

    docker-compose -f $LOCAL_ROOT_PATH/compose/docker-compose.yaml up -d peer1.hard.ifantasy.net

    At this time, all containers are as follows:

    (base) [email protected]:2_FabricNetworkUpdate# peer channel getinfo -c mychannel
    CONTAINER ID   IMAGE                                                                                                                                                                   COMMAND                  CREATED              STATUS              PORTS                              NAMES
    df4642a0bf08   hyperledger/fabric-peer:2.4                                                                                                                                             "peer node start"        About a minute ago   Up About a minute   0.0.0.0:7451->7051/tcp             peer1.hard.ifantasy.net
    d78d1b2cbaf3   hyperledger/fabric-ca:1.5                                                                                                                                               "sh -c 'fabric-ca-se…"   3 minutes ago        Up 3 minutes        7054/tcp, 0.0.0.0:7450->7050/tcp   hard.ifantasy.net
    391fa186b804   dev-peer1.soft.ifantasy.net-basic_1-06613e463ef6694805dd896ca79634a2de36fdf019fa7976467e6e632104d718-179d27e486b248e3bc94f5930c2c5260638efbd88263aed0ba6f76d9751bfddf   "chaincode -peer.add…"   4 minutes ago        Up 4 minutes                                           dev-peer1.soft.ifantasy.net-basic_1-06613e463ef6694805dd896ca79634a2de36fdf019fa7976467e6e632104d718
    36af7b3c199a   dev-peer1.web.ifantasy.net-basic_1-06613e463ef6694805dd896ca79634a2de36fdf019fa7976467e6e632104d718-00e8af11004dcf6072478c9cb2633162b9675406392cbe9064feb13b007ea39e    "chaincode -peer.add…"   4 minutes ago        Up 4 minutes                                           dev-peer1.web.ifantasy.net-basic_1-06613e463ef6694805dd896ca79634a2de36fdf019fa7976467e6e632104d718
    98427d7781e7   hyperledger/fabric-peer:2.4                                                                                                                                             "peer node start"        5 minutes ago        Up 5 minutes        0.0.0.0:7351->7051/tcp             peer1.web.ifantasy.net
    117d9e5f6bd2   hyperledger/fabric-orderer:2.4                                                                                                                                          "orderer"                5 minutes ago        Up 5 minutes        7050/tcp, 0.0.0.0:7151->7777/tcp   orderer1.orderer.ifantasy.net
    0f41245b6b73   hyperledger/fabric-peer:2.4                                                                                                                                             "peer node start"        5 minutes ago        Up 5 minutes        0.0.0.0:7251->7051/tcp             peer1.soft.ifantasy.net
    c22772b88471   hyperledger/fabric-ca:1.5                                                                                                                                               "sh -c 'fabric-ca-se…"   5 minutes ago        Up 5 minutes        7054/tcp, 0.0.0.0:7150->7050/tcp   orderer.ifantasy.net
    69af68afd2ed   hyperledger/fabric-ca:1.5                                                                                                                                               "sh -c 'fabric-ca-se…"   5 minutes ago        Up 5 minutes        7054/tcp, 0.0.0.0:7350->7050/tcp   web.ifantasy.net
    6398c8406524   hyperledger/fabric-ca:1.5                                                                                                                                               "sh -c 'fabric-ca-se…"   5 minutes ago        Up 5 minutes        7054/tcp, 0.0.0.0:7250->7050/tcp   soft.ifantasy.net
    d0d2ddc99a82   hyperledger/fabric-ca:1.5                                                                                                                                               "sh -c 'fabric-ca-se…"   5 minutes ago        Up 5 minutes        0.0.0.0:7050->7050/tcp, 7054/tcp   
  7. Create a hard peer1 environment variable fileenvpeer1hard

    export LOCAL_ROOT_PATH=$PWD
    export LOCAL_CA_PATH=$LOCAL_ROOT_PATH/orgs
    export DOCKER_CA_PATH=/tmp
    export COMPOSE_PROJECT_NAME=fabriclearn
    export DOCKER_NETWORKS=network
    export FABRIC_BASE_VERSION=2.4
    export FABRIC_CA_VERSION=1.5
    echo "init terminal hard"
    export FABRIC_CFG_PATH=$LOCAL_ROOT_PATH/config
    export CORE_PEER_TLS_ENABLED=true
    export CORE_PEER_LOCALMSPID="hardMSP"
    export CORE_PEER_ADDRESS=peer1.hard.ifantasy.net:7451
    export CORE_PEER_TLS_ROOTCERT_FILE=$LOCAL_CA_PATH/hard.ifantasy.net/assets/tls-ca-cert.pem
    export CORE_PEER_MSPCONFIGPATH=$LOCAL_CA_PATH/hard.ifantasy.net/registers/admin1/msp
    export ORDERER_CA=$LOCAL_CA_PATH/orderer.ifantasy.net/registers/orderer1/tls-msp/tlscacerts/tls--7050.pem

    Get the latest configuration of the channel

    In fabric, the content of channel configuration is versioned, which can ensure the parallelism and prevent the replay attack of channel configuration update. In the above process, we have generated all the required certificates of the hard organization, but because the hard organization is not a channel yetmychannelSo we need to pass another member already inmychannelThe administrator of the organization to obtain the channel configuration (such as soft or web). If you get the latest channel configuration through the soft organization administrator:

    source envpeer1soft
    peer channel fetch config update/config_block.pb -o orderer1.orderer.ifantasy.net:7151 -c mychannel --tls --cafile $ORDERER_CA

    The above command sets the channel configuration block in binaryprotobufForm saved inconfig_block.pbIn, the name and extension of the output file can be specified arbitrarily, and then you can see the following log on the command line:

    2022-04-04 15:22:48.759 CST 0001 INFO [channelCmd] InitCmdFactory -> Endorser and orderer connections initialized
    2022-04-04 15:22:48.761 CST 0002 INFO [cli.common] readBlock -> Received block: 5
    2022-04-04 15:22:48.761 CST 0003 INFO [channelCmd] fetch -> Retrieving last config block: 0
    2022-04-04 15:22:48.762 CST 0004 INFO [cli.common] readBlock -> Received block: 0

    Because we’re creatingmychannelSince then, no channel update operation has been carried out, so it is the latestmychannelThe configuration block of is the initial block 0. In the next section after an update, we will find that the obtained configuration block is no longer 0.

    Transform configuration format and simplify

    It can be used nowconfigtxlatorConfigure this channel as a decoding toolJSONFormat (so that it can be read and modified friendly), and then usejqThe tool cuts its header, metadata, creator’s signature and other contents irrelevant to the addition of the organization:

    configtxlator proto_decode --input update/config_block.pb --type common.Block | jq .data.data[0].payload.data.config > update/config.json

    Add channel hard configuration

    Next we need to passconfigtxgenGenerate the definition of hard organization,configtxgenThe output of depends on the configuration fileconfigtx.yamlThe path of the file is determined by the environment variableFABRIC_CFG_PATHappoint. stayconfig/configtx.yamlAdd the organization definition of hard:
    Dynamic addition and deletion of hyperledger fabric organization

Then use the command to generate a hard Organization definition file:

configtxgen -printOrg hardMSP > $LOCAL_CA_PATH/hard.ifantasy.net/hard.json

The above command creates ahard.jsonFile and write it to$LOCAL_CA_PATH/hard.ifantasy.net/Folder, which will be attached tomychannelAdd hard to the channel in the channel configuration. This file contains the policy definition of hard organization and three important certificates in Base64 format:

  • Organization root certificate, which is used to establish the root trust of the organization
  • TLS root certificate is used to identify the block propagation and service discovery of hard organization in the gossip protocol
  • Administrator user certificate

Next, use the JQ tool to append againhardConfiguration definition forhard.jsonTo the application group field of the channel and output the results to a filemodified_config.json

jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"hardMSP":.[1]}}}}}' update/config.json $LOCAL_CA_PATH/hard.ifantasy.net/hard.json > update/modified_config.json

Now we have obtained two important JSON files:config.jsonandmodified_config.json。 Channel initial configurationconfig.jsonIncluding soft and web organizations, andmodified_config.jsonThe file contains all three organizations. After that, you need to re encode the two JSON files and calculate the difference.

First, putconfig.jsonThe file is inverted back to protobuf format and output toconfig.pb

configtxlator proto_encode --input update/config.json --type common.Config --output update/config.pb

Second, willmodified_config.jsonCode intomodified_config.pb

configtxlator proto_encode --input update/modified_config.json --type common.Config --output update/modified_config.pb

Then, useconfigtxlatorTo calculate the difference between the two protobuf configurations and write the output protobuf contents tohard_update.pb :

configtxlator compute_update --channel_id mychannel --original update/config.pb --updated update/modified_config.pb --output update/hard_update.pb

Again, we decode the file into editable JSON format and name ithard_update.json

configtxlator proto_decode --input update/hard_update.pb --type common.ConfigUpdate | jq . > update/hard_update.json

After that, we need to wrap the decoded update file with an envelope messagehard_update.json, this step is to restore the header information cut before, and name this file ashard_update_in_envelope.json

echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat update/hard_update.json)'}}}' | jq . > update/hard_update_in_envelope.json

Finally, useconfigtxlatorThe tool will be formattedhard_update_in_envelope.jsonProtobuf format file required for conversion to fabrichard_update_in_envelope.pb

configtxlator proto_encode --input update/hard_update_in_envelope.json --type common.Envelope --output update/hard_update_in_envelope.pb

Sign and submit configuration updates

We configure in the channel Genesis blockconfigtx.yamlThe modification policy setting of the channel application group in is priority, so we need most of the organization administrators that already exist in the channel to sign the update. And nowmychannelThere are only two organizations in the, soft and web, so it needs the signatures of both organizations to successfully modify. Otherwise, the sorting service will reject the transaction because it does not meet the policy. The process of signing and submitting configuration updates is as follows:

  1. The soft administrator signs this channel update:

    source envpeer1soft
    peer channel signconfigtx -f update/hard_update_in_envelope.pb
  2. The web administrator signs and submits the channel update (due to the submit update command)peer channel updateThe signature of the submitter is automatically attached, so the channel update can be submitted directly):

    source envpeer1web
    peer channel update -f update/hard_update_in_envelope.pb -c mychannel -o orderer1.orderer.ifantasy.net:7151 --tls --cafile $ORDERER_CA

    A successful channel update call will create a new block – block 7, and synchronize it to all peer nodes on this channel. At this time, the block height of channel mychannel increases by 1:

    (base) [email protected]:2_FabricNetworkUpdate# peer channel getinfo -c mychannel
    2022-04-04 16:26:08.000 CST 0001 INFO [channelCmd] InitCmdFactory -> Endorser and orderer connections initialized
    Blockchain info: {"height":7,"currentBlockHash":"xDbfklqBLaaQ2x8L1omHKedmiQWibbDto6X9ED700pg=","previousBlockHash":"7ZN2T3iTtuWet26UQU4br9ZgrEu6927+/AOjhGELgKw="}

    Add hard tissue to the channel

    After the above steps,mychannelThe channel configuration has been updated and includes the hard organization. Now you only need to let the peer node of hard actively join and synchronize the latest data of the block. Peer pullmychannelChuangshi block:

    source envpeer1hard
    peer channel fetch 0 mychannel.block -o orderer1.orderer.ifantasy.net:7151 -c mychannel --tls --cafile $ORDERER_CA

    Attention, here0Indicates the height of the block we want to pull – that is, the creation block. If we simply execute itpeer channel fetch configThe command will pull the latest block with the definition of hard organization – block 7, but no ledger can be recorded from a downstream block, so it must be0

If successful, the command returns the creation block to themychannel.blockThen you can use peer to connect to the channel through this block:

peer channel join -b mychannel.block

After the above commands are executed, check that the current block height is 7:

(base) [email protected]:2_FabricNetworkUpdate# source envpeer1web
(base) [email protected]:2_FabricNetworkUpdate# peer channel getinfo -c mychannel
2022-04-04 20:28:54.457 CST 0001 INFO [channelCmd] InitCmdFactory -> Endorser and orderer connections initialized
Blockchain info: {"height":7,"currentBlockHash":"UErIVVGNUXWW0g0EPE3t0PQnwVdc/GyXAjsotCpqgjQ=","previousBlockHash":"+ZrOH83va6XWuRttUKhRaeNAeV1CyNjkRiQlZbb/0lg="}

Delete old organization

This section will demonstrate deleting an old organization – soft (Software Group) from the network in the previous section2

Get the latest configuration of the channel

Get the latest channel configuration through the Web Organization administrator:

source envpeer1web
peer channel fetch config update/config_block.pb -o orderer1.orderer.ifantasy.net:7151 -c mychannel --tls --cafile $ORDERER_CA

The above command saves the channel configuration block in binary protobuf formconfig_block.pbIn, the name and extension of the output file can be specified arbitrarily, and then you can see the following log on the command line:

(base) [email protected]:2_FabricNetworkUpdate# peer channel fetch config update/config_block.pb -o orderer1.orderer.ifantasy.net:7151 -c mychannel --tls --cafile $ORDERER_CA
2022-04-04 16:59:42.952 CST 0001 INFO [channelCmd] InitCmdFactory -> Endorser and orderer connections initialized
2022-04-04 16:59:42.954 CST 0002 INFO [cli.common] readBlock -> Received block: 6
2022-04-04 16:59:42.954 CST 0003 INFO [channelCmd] fetch -> Retrieving last config block: 6
2022-04-04 16:59:42.961 CST 0004 INFO [cli.common] readBlock -> Received block: 6

Transform configuration format and simplify

useconfigtxlatorThe tool decodes the channel configuration into JSON format (for friendly reading and modification), and then uses the JQ tool to cut its header, metadata, creator signature and other contents irrelevant to the deletion organization:

configtxlator proto_decode --input update/config_block.pb --type common.Block | jq .data.data[0].payload.data.config > update/config.json

Delete channel soft configuration

  1. Use JQ tool to append the delete command of soft and write itmodified_config.json

    jq 'del(.channel_group.groups.Application.groups.softMSP)'  update/config.json > update/modified_config.json

    Among them, the original channel configurationconfig.jsonIncluding all three organizations, andmodified_config.jsonThe file only contains two organizations, web and hard. After that, you need to re encode the two JSON files and calculate the difference.

  2. takeconfig.jsonThe file is inverted back to protobuf format and output toconfig.pb

    configtxlator proto_encode --input update/config.json --type common.Config --output update/config.pb
  3. takemodified_config.jsonCode intomodified_config.pb

    configtxlator proto_encode --input update/modified_config.json --type common.Config --output update/modified_config.pb
  4. useconfigtxlatorTo calculate the difference between the two protobuf configurations and write the output protobuf contents tosoft_update.pb

    configtxlator compute_update --channel_id mychannel --original update/config.pb --updated update/modified_config.pb --output update/soft_update.pb
  5. Decode the file into editable JSON format and name itsoft_update.json

    configtxlator proto_decode --input update/soft_update.pb --type common.ConfigUpdate | jq . > update/soft_update.json
  6. Wrap the decoded update file with an envelope messagesoft_update.jsonbysoft_update_in_envelope.json

    echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat update/soft_update.json)'}}}' | jq . > update/soft_update_in_envelope.json
  7. useconfigtxlatorTool willsoft_update_in_envelope.jsonConvert to protobuf formatsoft_update_in_envelope.pb

    configtxlator proto_encode --input update/soft_update_in_envelope.json --type common.Envelope --output update/soft_update_in_envelope.pb

    Sign and submit configuration updates

  8. Web signature channel update:

    source envpeer1web
    peer channel signconfigtx -f update/soft_update_in_envelope.pb
  9. Hard signs and submits channel updates:

    source envpeer1hard
    peer channel update -f update/soft_update_in_envelope.pb -c mychannel -o orderer1.orderer.ifantasy.net:7151 --tls --cafile $ORDERER_CA

    We configure in the channel Genesis blockconfigtx.yamlThe modification policy setting in the channel application group in isMAJORITYTherefore, we need most organization administrators who already exist in the channel to sign the update. At present, there are three organizations in mychannel, so only two organization signatures are needed to successfully modify, that is, weKicking soft out of the channel does not require its own consent

    Verify deletion results

  10. After submitting the channel update, you can see the following information in the orderr1 container log:

    2022-04-04 11:33:30.141 UTC 007c WARN [policies] SignatureSetToValidIdentities -> invalid identity error="MSP softMSP is not defined on channel" identity="(mspid=softMSP subject=CN=peer1,OU=peer,O=Hyperledger,ST=North Carolina,C=US issuer=CN=soft.ifantasy.net,OU=Fabric,O=Hyperledger,ST=North Carolina,C=US serialnumber=713584922830159624441374963904174405230312956160)"
  11. The peer node of the soft organization has been unable to pull the channel configuration:

    (base) [email protected]:2_FabricNetworkUpdate# peer channel fetch config update/config_block.pb -o orderer1.orderer.ifantasy.net:7151 -c mychannel --tls --cafile $ORDERER_CA
    2022-04-04 19:43:54.133 CST 0001 INFO [channelCmd] InitCmdFactory -> Endorser and orderer connections initialized
    2022-04-04 19:43:54.134 CST 0002 INFO [cli.common] readBlock -> Expect block, but got status: &{FORBIDDEN}
    Error: can't read the block: &{FORBIDDEN}

    After the above commands are executed, check that the current block height is 8:

    (base) [email protected]:2_FabricNetworkUpdate# source envpeer1web
    (base) [email protected]:2_FabricNetworkUpdate# peer channel getinfo -c mychannel
    2022-04-04 20:42:47.530 CST 0001 INFO [channelCmd] InitCmdFactory -> Endorser and orderer connections initialized
    Blockchain info: {"height":8,"currentBlockHash":"FdrpWDsifgih6QzpB4tZ6LPWcYUy9DSDI6jngXiGnC0=","previousBlockHash":"UErIVVGNUXWW0g0EPE3t0PQnwVdc/GyXAjsotCpqgjQ="}

reference resources

<!– 1: author Article title Place of publication [date published or updated] – >


  1. Hyperledger. Add organization to the channel hyperledger-fabric. readthedocs. io. [2022-02-25] ↩
  2. The little snail climbed the stairs fabric1. 4. Dynamically delete the organization (delete the peer node) Jane’s book [2021-01-22] ↩