Adding a new RAFT orderer to existing Orderer organization in Hyperledger Fabric¶
Prerequisites¶
To add a new Orderer node, a fully configured Fabric network must be present already, i.e. a Fabric network which has Orderers, Peers, Channels (with all Peers already in the channels) and the organization to which the peer is being added. The corresponding crypto materials should also be present in their respective Hashicorp Vault.
NOTE: Addition of a new Orderer node has been tested on an existing network which is created by Bevel. Networks created using other methods may be suitable but this has not been tested by Bevel team. This works only for RAFT Orderer.
Modifying Configuration File¶
A Sample configuration file for adding new orderer is available here. Please go through this file and all the comments there and edit accordingly.
For generic instructions on the Fabric configuration file, refer this guide.
While modifying the configuration file(network.yaml
) for adding new peer, all the existing orderers should have status
tag as existing
and the new orderers should have status
tag as new
under network.organizations
as
# Specification for the 1st organization. Each organization maps to a VPC and a separate k8s cluster
- organization:
name: supplychain
country: UK
state: London
location: London
subject: "O=Orderer,L=51.50/-0.13/London,C=GB"
type: orderer
external_url_suffix: org1proxy.blockchaincloudpoc.com
org_status: existing
..
..
services:
orderers:
# This sample has multiple orderers as an example.
# You can use a single orderer for most production implementations.
# For RAFT consensus, have odd number (2n+1) of orderers for consensus agreement to have a majority.
- orderer:
name: orderer1
status: existing
type: orderer
consensus: raft
grpc:
port: 7050
ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer2
status: existing
type: orderer
consensus: raft
grpc:
port: 7050
ordererAddress: orderer2.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer3
status: existing
type: orderer
consensus: raft
grpc:
port: 7050
ordererAddress: orderer3.org1proxy.blockchaincloudpoc.com:443
- orderer:
name: orderer4
status: new
type: orderer
consensus: raft
grpc:
port: 7050
ordererAddress: orderer4.org1proxy.blockchaincloudpoc.com:443
network.orderers
the new orderer must be added.
orderers:
- orderer:
type: orderer
name: orderer1
org_name: supplychain #org_name should match one organization definition below in organizations: key
uri: orderer1.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
certificate: /home/bevel/build/orderer1.crt # Ensure that the directory exists
- orderer:
type: orderer
name: orderer2
org_name: supplychain #org_name should match one organization definition below in organizations: key
uri: orderer2.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
certificate: /home/bevel/build/orderer2.crt # Ensure that the directory exists
- orderer:
type: orderer
name: orderer3
org_name: supplychain #org_name should match one organization definition below in organizations: key
uri: orderer3.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
certificate: /home/bevel/build/orderer3.crt # Ensure that the directory exists
- orderer:
type: orderer
name: orderer4
org_name: supplychain #org_name should match one organization definition below in organizations: key
uri: orderer4.org1proxy.blockchaincloudpoc.com:443 # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
certificate: /home/bevel/build/orderer4.crt # Ensure that the directory exists
The network.yaml
file should contain the specific network.organization
details.
Ensure the following is considered when adding the new orderer on a different cluster:
- The CA server is accessible publicly or at least from the new cluster.
- The CA server public certificate is stored in a local path and that path provided in network.yaml.
- There is a single Hashicorp Vault and both clusters (as well as ansible controller) can access it.
- Admin User certs have been already generated and store in Vault (this is taken care of by deploy-network.yaml playbook if you are using Bevel to setup the network).
- The network.env.type
is different for different clusters.
- The GitOps release directory gitops.release_dir
is different for different clusters.
Run playbook¶
The add-orderer.yaml playbook is used to add a new peer to an existing organization in the existing network. This can be done using the following command
ansible-playbook platforms/hyperledger-fabric/configuration/add-orderer.yaml --extra-vars "@path-to-network.yaml"
NOTE: The orderer.status
is not required when the network is deployed for the first time but is mandatory for addition of new orderer.