Add new orderer to channel

fabric-network/bin/.gitignore

@@ -8,3 +8,4 @@ idemixgen
 orderer
 osnadmin
 fabric-ca-server
+ledgerutil

fabric-network/docker-based-syschannel/docker/docker-compose-new-orderer.yaml

@@ -0,0 +1,50 @@
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+version: '2'
+
+volumes:
+  orderer6.example.com:
+
+
+networks:
+  test:
+    name: fabric_test
+
+services:
+
+  orderer6.example.com:
+    container_name: orderer6.example.com
+    image: hyperledger-fabric.jfrog.io/fabric-orderer:amd64-latest
+    environment:
+      - FABRIC_LOGGING_SPEC=DEBUG
+      - ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
+      - ORDERER_GENERAL_LISTENPORT=7056
+      - ORDERER_GENERAL_GENESISMETHOD=file
+      - ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
+      - ORDERER_GENERAL_LOCALMSPID=OrdererMSP
+      - ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
+
+      # enabled TLS
+      - ORDERER_GENERAL_TLS_ENABLED=true
+      - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+      - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
+      - ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:17056
+      - ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
+      - ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
+    working_dir: /opt/gopath/src/github.com/hyperledger/fabric
+    command: orderer
+    volumes:
+        - ../channel-artifacts/latest_config.block:/var/hyperledger/orderer/orderer.genesis.block
+        - ../organizations/ordererOrganizations/example.com/orderers/orderer6.example.com/msp:/var/hyperledger/orderer/msp
+        - ../organizations/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/:/var/hyperledger/orderer/tls
+
+    ports:
+      - 7056:7056
+      - 17056:17056
+    networks:
+      - test

fabric-network/docker-based-syschannel/organizations/cryptogen/crypto-config-orderer-new.yaml

@@ -0,0 +1,22 @@
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# ---------------------------------------------------------------------------
+# "OrdererOrgs" - Definition of organizations managing orderer nodes
+# ---------------------------------------------------------------------------
+OrdererOrgs:
+  # ---------------------------------------------------------------------------
+  # Orderer
+  # ---------------------------------------------------------------------------
+  - Name: Orderer
+    Domain: example.com
+    EnableNodeOUs: true
+    # ---------------------------------------------------------------------------
+    # "Specs" - See PeerOrgs for complete description
+    # ---------------------------------------------------------------------------
+    Specs:
+      - Hostname: orderer6
+        SANS:
+          - localhost

fabric-network/docker-based-syschannel/scripts/addNewOrderer.sh

@@ -0,0 +1,226 @@
+#!/bin/bash
+#
+# Copyright IBM Corp. All Rights Reserved.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+
+# import utils
+. scripts/envVar.sh
+
+COMPOSE_FILES=docker-compose-new-orderer.yaml
+export FABRIC_CFG_PATH=$PWD/../config/
+export CH_NAME='mychannel'
+export PATH=${PWD}/../bin:$PATH
+
+startNewOrderer(){
+  docker-compose -f docker/${COMPOSE_FILES} up -d
+
+  docker ps -a
+  if [ $? -ne 0 ]; then
+    fatalln "Unable to start network"
+  fi
+}
+
+# Create Organziation crypto material using cryptogen or CAs
+function generateOrdererCrypto() {
+    # Create crypto material using cryptogen
+
+    which cryptogen
+    if [ "$?" -ne 0 ]; then
+      fatalln "cryptogen tool not found. exiting"
+    fi
+    infoln "Generating certificates using cryptogen tool"
+
+    infoln "Creating orderer Identities"
+
+    set -x
+    cryptogen extend --config=./organizations/cryptogen/crypto-config-orderer-new.yaml --input="./organizations"
+    res=$?
+    { set +x; } 2>/dev/null
+    if [ $res -ne 0 ]; then
+      fatalln "Failed to generate certificates..."
+    fi
+}
+
+
+# fetchChannelConfig <org> <channel_id> <output_json>
+# Writes the current channel config for a given channel to a JSON file
+# NOTE: this must be run in a CLI container since it requires configtxlator
+
+fetchChannelConfig() {
+  timestamp
+
+  ORG=$1
+  CHANNEL=$2
+  OUTPUT=$3
+
+  setOrderer $ORG
+  export FABRIC_CFG_PATH=$PWD/../config/
+
+
+  infoln "$(timestamp) Fetching the most recent configuration block for the channel ${CHANNEL}"
+
+  set -x
+  peer channel fetch config config_block.pb -o localhost:7050 --ordererTLSHostnameOverride  orderer1.example.com --tls --cafile $ORDERER -c ${CHANNEL}
+  { set +x; } 2>/dev/null
+
+
+  infoln "Decoding config block to JSON and isolating config to ${OUTPUT}"
+  set -x
+  configtxlator proto_decode --input config_block.pb --type common.Block --output ${OUTPUT}
+  { set +x; } 2>/dev/null
+
+  #cleanup temp files
+  rm config_block.pb
+}
+
+
+# createConfigUpdate <channel_id> <original_config.json> <modified_config.json> <output.pb>
+# Takes an original and modified config, and produces the config update tx
+# which transitions between the two
+# NOTE: this must be run in a CLI container since it requires configtxlator
+createConfigUpdateTLS() {
+  infoln "$(timestamp) Creating orderer tls config update"
+
+  CHANNEL=$1
+  INPUT_CONFIGFILE=$2
+  OUTPUT=$3
+
+  TLS_FILE=./organizations/ordererOrganizations/example.com/orderers/orderer6.example.com/tls/server.crt
+
+  set -x
+
+  #cleanup prior temp files
+  rm base_config_block.json org6consenter.json modified_config.json base_config.pb modified_config.pb updated_config.pb updated_config.json config_update_in_envelope.json
+
+  # filter requird data
+  jq .data.data[0].payload.data.config ${INPUT_CONFIGFILE} > base_config_block.json
+
+  # edit orderer address
+  echo "{\"client_tls_cert\":\"$(cat $TLS_FILE | base64)\",\"host\":\"orderer6.example.com\",\"port\":7056,\"server_tls_cert\":\"$(cat $TLS_FILE | base64)\"}" > org6consenter.json
+
+  jq ".channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [$(cat org6consenter.json)]" base_config_block.json > modified_config.json
+
+  configtxlator proto_encode --input base_config_block.json --type common.Config --output base_config.pb
+  configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
+  configtxlator compute_update --channel_id $CHANNEL --original base_config.pb --updated modified_config.pb --output updated_config.pb
+  configtxlator proto_decode --input updated_config.pb --type common.ConfigUpdate --output updated_config.json
+  echo '{"payload":{"header":{"channel_header":{"channel_id":"'${CHANNEL}'", "type":2}},"data":{"config_update":'$(cat updated_config.json)'}}}' | jq . > config_update_in_envelope.json
+  configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output "${OUTPUT}"
+
+  { set +x; } 2>/dev/null
+
+  infoln " $(timestamp) Completed creating config update "
+}
+
+createConfigUpdateEndpoint() {
+  infoln "$(timestamp) Creating orderer endpoint config update"
+
+  CHANNEL=$1
+  INPUT_CONFIGFILE=$2
+  OUTPUT=$3
+
+  set -x
+
+  #cleanup prior temp files
+  rm base_config_block.json modified_config.json base_config.pb modified_config.pb updated_config.pb updated_config.json config_update_in_envelope.json
+
+  # filter requird data
+  jq .data.data[0].payload.data.config ${INPUT_CONFIGFILE} > base_config_block.json
+
+  # edit orderer address
+  jq ".channel_group.groups.Orderer.groups.OrdererOrg.values.Endpoints.value.addresses += [\"orderer6.example.com:7056\"]" base_config_block.json > modified_config.json
+
+  configtxlator proto_encode --input base_config_block.json --type common.Config --output base_config.pb
+  configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb
+  configtxlator compute_update --channel_id $CHANNEL --original base_config.pb --updated modified_config.pb --output updated_config.pb
+  configtxlator proto_decode --input updated_config.pb --type common.ConfigUpdate --output updated_config.json
+  echo '{"payload":{"header":{"channel_header":{"channel_id":"'${CHANNEL}'", "type":2}},"data":{"config_update":'$(cat updated_config.json)'}}}' | jq . > config_update_in_envelope.json
+  configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output "${OUTPUT}"
+
+  { set +x; } 2>/dev/null
+
+  #cleanup prior temp files
+  rm base_config_block.json modified_config.json base_config.pb modified_config.pb updated_config.pb updated_config.json config_update_in_envelope.json
+
+  infoln " $(timestamp) Completed creating config update "
+}
+
+# Submit the config update transaction
+submitConfigUpdateTransaction(){
+
+  infoln "Submitting config update transaction"
+  ORG=$1
+  CHANNEL=$2
+  CONFIGTXFILE=$3
+  setOrderer $ORG
+   set -x
+
+   peer channel update -f $CONFIGTXFILE -c $CHANNEL -o localhost:7050 --tls --cafile $ORDERER
+  { set +x; } 2>/dev/null
+  infoln " $(timestamp) Submit config update process done"
+}
+fetchConfigBlock(){
+
+    infoln "Fetch latest block from channel ${2}"
+    ORG=$1
+    CHANNEL=$2
+    setOrderer $ORG
+    peer channel fetch config channel-artifacts/latest_config.block -o localhost:7050 --ordererTLSHostnameOverride  orderer1.example.com  -c ${CHANNEL} --tls --cafile $ORDERER
+    docker cp cli:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts/latest_config.block ./channel-artifacts/latest_config.block
+
+
+}
+# generate crypto for new orderer
+generateOrdererCrypto
+
+
+# fetch latest config block from sysytem channel
+fetchChannelConfig 1 'system-channel' 'config_block_iteration1.json'
+
+# create config update for system channel
+createConfigUpdateTLS 'system-channel' 'config_block_iteration1.json' 'neworderer_tls_config_update_in_envelope.pb'
+
+# submit update in system channel
+submitConfigUpdateTransaction 1 'system-channel' 'neworderer_tls_config_update_in_envelope.pb'
+# fetch latest config and move the config block to channel artifacts
+
+
+
+# fetch latest config block from sysytem channel
+fetchChannelConfig 1 'system-channel' 'config_block_iteration2.json'
+
+# update endpoint info in  sysytem channel
+createConfigUpdateEndpoint 'system-channel' 'config_block_iteration2.json' 'neworderer_endpoint_config_update_in_envelope.pb'
+
+# submit update in system channel
+submitConfigUpdateTransaction 1 'system-channel' 'neworderer_endpoint_config_update_in_envelope.pb'
+
+
+
+# fetch latest block and move to channel artifacts
+fetchConfigBlock 1 'system-channel'
+
+
+# start new orderer container
+startNewOrderer
+
+
+
+# Application channel updates
+	fetchChannelConfig 1 'mychannel' 'mychannel_config_block_iteration1.json'
+	createConfigUpdateTLS 'mychannel' 'mychannel_config_block_iteration1.json' 'mychannel_neworderer_tls_config_update_in_envelope.pb'
+	submitConfigUpdateTransaction 1 'mychannel' 'mychannel_neworderer_tls_config_update_in_envelope.pb'
+
+
+	fetchChannelConfig 1 'mychannel' 'mychannel_config_block_iteration2.json'
+	createConfigUpdateEndpoint 'mychannel' 'mychannel_config_block_iteration2.json' 'mychannel_neworderer_endpoint_config_update_in_envelope.pb'
+	submitConfigUpdateTransaction 1 'mychannel' 'mychannel_neworderer_endpoint_config_update_in_envelope.pb'
+
+
+#verify latest block
+fetchChannelConfig 1 'mychannel ' 'latest.json'
+
+#verify system block
+fetchChannelConfig 1 'system-channel ' 'latestsys.json'

fabric-network/docker-based-syschannel/scripts/configUpdate.sh

@@ -23,7 +23,8 @@ fetchChannelConfig() {
 
   infoln "Decoding config block to JSON and isolating config to ${OUTPUT}"
   set -x
-  configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config >"${OUTPUT}"
+  configtxlator proto_decode --input config_block.pb --type common.Block --output config_block.json
+  jq .data.data[0].payload.data.config config_block.json > "${OUTPUT}"
   { set +x; } 2>/dev/null
 }
 
@@ -38,12 +39,12 @@ createConfigUpdate() {
   OUTPUT=$4
 
   set -x
-  configtxlator proto_encode --input "${ORIGINAL}" --type common.Config >original_config.pb
-  configtxlator proto_encode --input "${MODIFIED}" --type common.Config >modified_config.pb
-  configtxlator compute_update --channel_id "${CHANNEL}" --original original_config.pb --updated modified_config.pb >config_update.pb
-  configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate >config_update.json
-  echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
-  configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope >"${OUTPUT}"
+  configtxlator proto_encode --input "${ORIGINAL}" --type common.Config --output original_config.pb
+  configtxlator proto_encode --input "${MODIFIED}" --type common.Config --output modified_config.pb
+  configtxlator compute_update --channel_id "${CHANNEL}" --original original_config.pb --updated modified_config.pb --output config_update.pb
+  configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate --output config_update.json
+  echo '{"payload":{"header":{"channel_header":{"channel_id":"'$CHANNEL'", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . > config_update_in_envelope.json
+  configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope --output "${OUTPUT}"
   { set +x; } 2>/dev/null
 }
 

fabric-network/docker-based-syschannel/scripts/envVar.sh

@@ -24,6 +24,10 @@ export PEER1_ORG2_CA=${PWD}/organizations/peerOrganizations/org2.example.com/pee
 export PEER1_ORG3_CA=${PWD}/organizations/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt
 export PEER1_ORG4_CA=${PWD}/organizations/peerOrganizations/org4.example.com/peers/peer1.org4.example.com/tls/ca.crt
 
+
+
+
+
 # Set environment variables for the peer0 org
 setGlobals() {
   local USING_ORG=""
@@ -38,6 +42,7 @@ setGlobals() {
     export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
     export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/peerOrganizations/org1.example.com/users/[email protected]/msp
     export CORE_PEER_ADDRESS=localhost:8051
+
   elif [ $USING_ORG -eq 2 ]; then
     export CORE_PEER_LOCALMSPID="Org2MSP"
     export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG2_CA
@@ -166,28 +171,32 @@ setOrderer(){
     export CORE_PEER_LOCALMSPID="OrdererMSP"
     export CORE_PEER_TLS_ROOTCERT_FILE=$ORDERER_CA
     export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp
+    export ORDERER=$ORDERER_CA
     export CORE_PEER_ADDRESS=orderer1.example.com:7050
   elif [ $USING_ORG -eq 2 ]; then
     export CORE_PEER_LOCALMSPID="OrdererMSP"
     export CORE_PEER_TLS_ROOTCERT_FILE=$ORDERER2_CA
     export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp
     export CORE_PEER_ADDRESS=orderer2.example.com:7051
-
+    export ORDERER=$ORDERER2_CA
   elif [ $USING_ORG -eq 3 ]; then
     export CORE_PEER_LOCALMSPID="OrdererMSP"
     export CORE_PEER_TLS_ROOTCERT_FILE=$ORDERER3_CA
     export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp
     export CORE_PEER_ADDRESS=orderer3.example.com:7052
+    export ORDERER=$ORDERER3_CA
   elif [ $USING_ORG -eq 4 ]; then
     export CORE_PEER_LOCALMSPID="OrdererMSP"
     export CORE_PEER_TLS_ROOTCERT_FILE=$ORDERER4_CA
     export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp
     export CORE_PEER_ADDRESS=orderer4.example.com:7053
+    export ORDERER=$ORDERER4_CA
   elif [ $USING_ORG -eq 5 ]; then
     export CORE_PEER_LOCALMSPID="OrdererMSP"
     export CORE_PEER_TLS_ROOTCERT_FILE=$ORDERER5_CA
     export CORE_PEER_MSPCONFIGPATH=${PWD}/organizations/ordererOrganizations/example.com/users/[email protected]/msp
-    export CORE_PEER_ADDRESS=orderer4.example.com:7054
+    export CORE_PEER_ADDRESS=orderer5.example.com:7054
+    export ORDERER=$ORDERER5_CA
   else
     errorln "ORG Unknown"
   fi