1. 环境准备

curl -sSL https://raw.githubusercontent.com/hyperledger/fabric/master/scripts/bootstrap.sh | bash -s 1.1.1 1.1.1 0.4.7

这里有个bug,fabric-samples项目还需要手动切换分支：

cd fabric-samples && git checkout release-1.1

启动fabric网络：

cd first-network && ./byfn.sh up

2. 添加org3

./eyfn.sh up

到此通过脚本添加org3我们就完成了，接下来我们会通过手动添加org3来详细解析整个过程

3. 手动添加org3

首先我们来看一下org3-crypto.yaml

# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
  # ---------------------------------------------------------------------------
  # Org3
  # ---------------------------------------------------------------------------
  - Name: Org3
    Domain: org3.example.com
    EnableNodeOUs: true
    Template:
      Count: 2
    Users:
      Count: 1

接着我们通过cryptogen工具生成所需证书：

cd org3-artifacts &&
../../bin/cryptogen generate --config=./org3-crypto.yaml

现在我们通过configtxgen工具生成json格式的org3配置：

Organizations:
    - &Org3
        # DefaultOrg defines the organization which is used in the sampleconfig
        # of the fabric.git development environment
        Name: Org3MSP

        # ID to load the MSP definition as
        ID: Org3MSP

        MSPDir: crypto-config/peerOrganizations/org3.example.com/msp

        AnchorPeers:
            # AnchorPeers defines the location of peers which can be used
            # for cross org gossip communication.  Note, this value is only
            # encoded in the genesis block in the Application section context
            - Host: peer0.org3.example.com
              Port: 7051

export FABRIC_CFG_PATH=$PWD && ../../bin/configtxgen -printOrg Org3MSP > ../channel-artifacts/org3.json

4. 拷贝orderer证书到crypto-crypto,以便使用其tls证书进行连接:

cd ../ && cp -r crypto-config/ordererOrganizations org3-artifacts/crypto-config/

5. 获取orderer配置

//设置order_ca tls证书路径和通道名称
export ORDERER_CA=/opt/goworkspace/src/blockchain/dymatic-add-org/fabric-samples/first-network/org3-artifacts/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem  && export CHANNEL_NAME=mychannel

//获取orderer配置：
peer channel fetch config config_block.pb -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA

6. 将orderer配置转换为json

configtxlator proto_decode --input config_block.pb --type common.Block | jq .data.data[0].payload.data.config > config.json

7. 添加org3 crypto materials

//获取修改后的orderer配置
jq -s '.[0] * {"channel_group":{"groups":{"Application":{"groups": {"Org3MSP":.[1]}}}}}' config.json ./channel-artifacts/org3.json > modified_config.json

//转换config.json和modified_config.json为proto文件
configtxlator proto_encode --input config.json --type common.Config --output config.pb

configtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pb

//现在使用configtxlator来计算这两个配置protobufs之间的增量
configtxlator compute_update --channel_id $CHANNEL_NAME --original config.pb --updated modified_config.pb --output org3_update.pb

//这个新的proto  -  org3_update.pb  - 包含Org3定义和Org1和Org2组织的高级指针。我们能够放弃Org1和Org2的MSP材料和修改策略信息，因为这些数据已经存在于通道的创世块中。因此，我们只需要两种配置之间的增量。
configtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate | jq . > org3_update.json

//包装信息为envelope类型
echo '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.json

//转换为probuf格式
configtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb

//给需要更新的配置签名,由于修改配置策略组的配置是"majority",所以需要所有组织Admin进行签名
peer channel signconfigtx -f org3_update_in_envelope.pb

//发送配置更新请求
peer channel update -f org3_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA

8. 启动org3的peer节点

docker-compose -f docker-compose-org3.yaml up -d

9. 从orderer节点同步区块

//进入容器工具(此容器包含了基础环境变量以及相应的脚本)
docker exec -it Org3cli bash

//设置order_ca证书路径和channel_name
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem && export CHANNEL_NAME=mychannel

//同步数据
peer channel fetch 0 mychannel.block -o orderer.example.com:7050 -c $CHANNEL_NAME --tls --cafile $ORDERER_CA

10. 将新增节点加入通道

peer channel join -b mychannel.block

11. 升级智能合

//所有节点安装智能合约
peer chaincode install -n mycc -v 2.0 -p github.com/chaincode/chaincode_example02/go/

//发送智能合约升级请求
//注意背书策略新增了Org3MSP.peer
peer chaincode upgrade -o orderer.example.com:7050 --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -v 2.0 -c '{"Args":["init","a","90","b","210"]}' -P "OR ('Org1MSP.peer','Org2MSP.peer','Org3MSP.peer')"

12. 查询智能合约

//注意设置环境变量为org3
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'

13. 执行智能合约

//a向b转了10块钱,a初始是90块，那么剩余80
peer chaincode invoke -o orderer.example.com:7050  --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA -C $CHANNEL_NAME -n mycc -c '{"Args":["invoke","a","b","10"]}'

14. 再次查询智能合约

//查询a的余额应该为80
peer chaincode query -C $CHANNEL_NAME -n mycc -c '{"Args":["query","a"]}'