Adding a new RAFT orderer to existing Orderer organization in Hyperledger Fabric

• Prerequisites
• Modifying Configuration File
• Run playbook

Prerequisites

To add a new Orderer node, a fully configured Fabric network must be present already, i.e. a Fabric network which has Orderers, Peers, Channels (with all Peers already in the channels) and the organization to which the peer is being added. The corresponding crypto materials should also be present in their respective Hashicorp Vault.

---

NOTE: Addition of a new Orderer node has been tested on an existing network which is created by Bevel. Networks created using other methods may be suitable but this has not been tested by Bevel team. This works only for RAFT Orderer.

---

Modifying Configuration File

A Sample configuration file for adding new orderer is available here. Please go through this file and all the comments there and edit accordingly.

For generic instructions on the Fabric configuration file, refer this guide.

While modifying the configuration file(network.yaml) for adding new peer, all the existing orderers should have status tag as existing and the new orderers should have status tag as new under network.organizations as

    # Specification for the 1st organization. Each organization maps to a VPC and a separate k8s cluster
    - organization:
      name: supplychain
      country: UK
      state: London
      location: London
      subject: "O=Orderer,L=51.50/-0.13/London,C=GB"
      type: orderer
      external_url_suffix: org1proxy.blockchaincloudpoc.com
      org_status: existing
      ..
      ..
      services:
        orderers:
        # This sample has multiple orderers as an example.
        # You can use a single orderer for most production implementations.
        # For RAFT consensus, have odd number (2n+1) of orderers for consensus agreement to have a majority.
        - orderer:
          name: orderer1
          status: existing
          type: orderer
          consensus: raft
          grpc:
            port: 7050
          ordererAddress: orderer1.org1proxy.blockchaincloudpoc.com:443
        - orderer:
          name: orderer2
          status: existing
          type: orderer
          consensus: raft
          grpc:
            port: 7050
          ordererAddress: orderer2.org1proxy.blockchaincloudpoc.com:443
        - orderer:
          name: orderer3
          status: existing
          type: orderer
          consensus: raft
          grpc:
            port: 7050
          ordererAddress: orderer3.org1proxy.blockchaincloudpoc.com:443
        - orderer:
          name: orderer4
          status: new
          type: orderer
          consensus: raft
          grpc:
            port: 7050
          ordererAddress: orderer4.org1proxy.blockchaincloudpoc.com:443

and under network.orderers the new orderer must be added.

  orderers:
    - orderer:
      type: orderer
      name: orderer1
      org_name: supplychain               #org_name should match one organization definition below in organizations: key            
      uri: orderer1.org1proxy.blockchaincloudpoc.com:443   # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
      certificate: /home/bevel/build/orderer1.crt           # Ensure that the directory exists
    - orderer:
      type: orderer
      name: orderer2
      org_name: supplychain               #org_name should match one organization definition below in organizations: key            
      uri: orderer2.org1proxy.blockchaincloudpoc.com:443   # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
      certificate: /home/bevel/build/orderer2.crt           # Ensure that the directory exists
    - orderer:
      type: orderer
      name: orderer3
      org_name: supplychain               #org_name should match one organization definition below in organizations: key            
      uri: orderer3.org1proxy.blockchaincloudpoc.com:443   # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
      certificate: /home/bevel/build/orderer3.crt           # Ensure that the directory exists
    - orderer:
      type: orderer
      name: orderer4
      org_name: supplychain               #org_name should match one organization definition below in organizations: key            
      uri: orderer4.org1proxy.blockchaincloudpoc.com:443   # Must include port, Can be external or internal URI for orderer which should be reachable by all peers
      certificate: /home/bevel/build/orderer4.crt           # Ensure that the directory exists

The network.yaml file should contain the specific network.organization details.

Ensure the following is considered when adding the new orderer on a different cluster: - The CA server is accessible publicly or at least from the new cluster. - The CA server public certificate is stored in a local path and that path provided in network.yaml. - There is a single Hashicorp Vault and both clusters (as well as ansible controller) can access it. - Admin User certs have been already generated and store in Vault (this is taken care of by deploy-network.yaml playbook if you are using Bevel to setup the network). - The network.env.type is different for different clusters. - The GitOps release directory gitops.release_dir is different for different clusters.

Run playbook

The add-orderer.yaml playbook is used to add a new peer to an existing organization in the existing network. This can be done using the following command

ansible-playbook platforms/hyperledger-fabric/configuration/add-orderer.yaml --extra-vars "@path-to-network.yaml"

---

NOTE: The orderer.status is not required when the network is deployed for the first time but is mandatory for addition of new orderer.