RaspiRepo
Reputation: 33
Hyperledger Fabric adding new orderer organizations to network (HLF2.2 LTS)
I followed the steps mentioned here to add new Orderer Organization into existing network channel (i.e updating config change to orderer channel) update throw error like below,
How to add a new Orderer Organization to existing Hyperledger Fabric network
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'e2e-orderer-syschan': error authorizing update: error validating DeltaSet: policy for [Value] /Channel/OrdererAddresses not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
modified-json blocks by using below setup calls (tried mix/match combination of this below json change steps)
q -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' config.json ${KL_NEW_ORDERER_NAME}.json > modified-config.json
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' modified-config.json ${KL_NEW_ORDERER_NAME}.json > modified-config1.json
jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"'${KL_CONSORTIUM_NAME}'":{"groups": {"Orderermk01MSP":.[1]}}}}}}}' modified-config1.json ${KL_NEW_ORDERER_NAME}.json > modified-config2.json
LENGTH=$(jq '.channel_group.values.OrdererAddresses.value.addresses | length' modified-config2.json)
jq '.channel_group.values.OrdererAddresses.value.addresses['${LENGTH}'] |= "'${KL_NEW_ORDERER_URL}'"' modified-config2.json > modified-config3.json
cert=`base64 /hl-material/mk01-orderer/crypto-config/ordererOrganizations/${KL_DOMAIN}/orderers/orderer.mk01.${KL_DOMAIN}/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat modified-config3.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "raft0.mk01.'${KL_DOMAIN}'", "port": 32050, "server_tls_cert": "'$cert'"}] ' > modified-config4.json
My network setup based on HLF 2.2 LTS with 5 raft nodes under K8s cluster in Orderer Organization A NOTE: I have successful setup with multi channel, multiple peer organization on 2.2 LTS in dynamic way
But now looking for scaling orderer organization into multiple cluster/orgs dynamically. Is any tip or update needed on above steps ? my setup Env:
KL_NEW_ORDERER_NAME=OrgB
KL_CONSORTIUM_NAME=orga-Consortium
KL_DOMAIN=example.com
export ORDERER_URL=orderer.orga.example.com:7050
export CORE_PEER_LOCALMSPID=OrdererMSP
export CORE_PEER_MSPCONFIGPATH=crypto-config/example.com/orderers/orderer.orga.example.com/msp
export ORDERER_CA=crypto-config/ordererOrganizations/example.com/orderers/orderer.orgA.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' config.json ${KL_NEW_ORDERER_NAME}.json > modified-config.json
jq -s '.[0] * {"channel_group":{"groups":{"Orderer":{"groups": {"'${KL_NEW_ORDERER_NAME}'":.[1]}}}}}' modified-config.json ${KL_NEW_ORDERER_NAME}.json > modified-config1.json
jq -s '.[0] * {"channel_group":{"groups":{"Consortiums":{"groups":{"'${KL_CONSORTIUM_NAME}'":{"groups": {"Orderermk01MSP":.[1]}}}}}}}' modified-config1.json ${KL_NEW_ORDERER_NAME}.json > modified-config2.json
LENGTH=$(jq '.channel_group.values.OrdererAddresses.value.addresses | length' modified-config2.json)
jq '.channel_group.values.OrdererAddresses.value.addresses['${LENGTH}'] |= "'${KL_NEW_ORDERER_URL}'"' modified-config2.json > modified-config3.json
cert=`base64 crypto-config/ordererOrganizations/example.com/orderers/orderer.mk01.example.com/tls/server.crt | sed ':a;N;$!ba;s/\n//g'`
cat modified-config3.json | jq '.channel_group.groups.Orderer.values.ConsensusType.value.metadata.consenters += [{"client_tls_cert": "'$cert'", "host": "orderer.orgB.example.com", "port": 7050, "server_tls_cert": "'$cert'"}] ' > modified-config4.json
configtxlator proto_encode --input config.json --type common.Config >original_config.pb
configtxlator proto_encode --input modified-config4.json --type common.Config >modified_config.pb
configtxlator compute_update --channel_id "e2e-orderer-syschan" --original original_config.pb --updated modified_config.pb >config_update.pb
configtxlator proto_decode --input config_update.pb --type common.ConfigUpdate >config_update-diff.json
jq '.channel_id="e2e-orderer-syschan"' config_update-diff.json > config_update.json
echo '{"payload":{"header":{"channel_header":{"channel_id":"e2e-orderer-syschan", "type":2}},"data":{"config_update":'$(cat config_update.json)'}}}' | jq . >config_update_in_envelope.json
configtxlator proto_encode --input config_update_in_envelope.json --type common.Envelope >"${OUTPUT}"
peer channel update -f modified_update_envelope.pb -c e2e-orderer-syschan -o ${ORDERER_URL} --tls true --cafile $ORDERER_CA
any one experience this problem/know reference documents from hlf etc ?
Thanks Mariya
Upvotes: 1
Views: 374
Answers (1)
Hnampk
Reputation: 517
Looks like you forgot to sign the .pb file before the update read more here
There is a document about the rule of this process.
Edit: I've just found this document of Fabric 2.2. It gives more information about the policy.
Upvotes: 1
Related Questions
- Separate orderer for each organization
- How to add a new Orderer Organization to existing Hyperledger Fabric network
- multiple orderer organizations
- How to add a new orderer in a running hyperledger fabric network using raft?
- How to create new organisation and peers in Hyperledger Fabric?
- Add a new organisation into an existing Hyperledger fabric network, based on the 1.1.0-preview (mainly, the fifth organisation)
- How to add more orderer nodes to a running hyperledger fabric network
- Addition of an organization in Hyperledger-fabric blockchain
- HyperLedger Fabric v1.1 adding organizations to existing channels
- Adding new nodes to Orderer Service Network (OSN)