Add an Organization to a Decentralized Fabric Network with No System Channel (Fabric v2.3)


In my previous article we have seen how to bring up a decentralized fabric network with no system channel. With decentralization, there is no separate orderer organization and orderers are contributed by each participating organization. Each organization now does not need to use an orderer from a third party. We also see the simplified process when the system channel is no longer needed any more.


We are building things on top of my previous article. First we have a network of two organizations (org1 and org2). After the network is running, we add org3. The overall process follows this tutorial. In the past when the system channel was here, we needed to modify both system channel and application channel. See these two articles for further explanation (link, link).


Step 1: Prepare crypto material for all the three organizations

We use the same logic as the previous setup. Here we combine the two scripts ( and into one file, Crypto material for org3 are added in this script..

cd super-network

Step 2: Bring up a fabric network with both org1 and org2

docker-compose up -d orderer1-org1 peer1-org1 orderer1-org2 peer1-org2

Step 3: Create application channel mychannel and joins all components to mychannel

From now on we prepare two terminals, with proper environment settings. One for org1 and one for org2.

source term-org1
source term-org2
configtxgen -profile SampleAppChannelEtcdRaft -configPath ${PWD} -outputBlock mychannel.block -channelID mychannel
osnadmin channel join --channelID mychannel --config-block mychannel.block -o localhost:7080 --ca-file $ORDERER_CA --client-cert /tmp/hyperledger/org1/admin/tls-msp/signcerts/cert.pem --client-key /tmp/hyperledger/org1/admin/tls-msp/keystore/key.pem
osnadmin channel join --channelID mychannel --config-block mychannel.block -o localhost:8080 --ca-file $ORDERER_CA --client-cert /tmp/hyperledger/org2/admin/tls-msp/signcerts/cert.pem --client-key /tmp/hyperledger/org2/admin/tls-msp/keystore/key.pem
peer channel join -b mychannel.block
peer channel join -b mychannel.block
A decentralized fabric network with two orgs (org1 and org2)

Step 4: Test with sacc

Again we skip the detail of the lifecycle chaincode, and only observe the result.

Step 5: Fetch and inspect configuration block

Now we are ready to work on the addition of org3 into mychannel. We first fetch the configuration block of mychannel (not system channel!) and make some inspection on it.

peer channel fetch config -c mychannel
configtxlator proto_decode --input mychannel_config.block --type common.Block --output mychannel_config.jsonjq[0] mychannel_config.json > config.json
  • Add org3MSP in Orderer
  • Add orderer1-org3 in Consenter inside Orderer

Step 6: Create MSP for org3

Now we will use org3/configtx.yaml to create the org3.json, the material will be used to modify the configuration file in step 5.

cd org3
configtxgen -configPath ${PWD} -printOrg org3MSP > ./org3.json
org3.json (generated with org3/configtx.yaml)

Step 7: Create configuration file to include org3 information

Here I directly modify the file with an editor. But this can be better done with proper jq commands.

cp config.json modified_config.json
Insert org3MSP in Application
Insert org3MSP in Orderer
Insert orderer1-org3 in consenters
base64 /tmp/hyperledger/org3/orderer1/tls-msp/signcerts/cert.pem -w 0

Step 8: Create configuration update transaction with envelope

This is the standard process through a series of encoding, comparison, decoding, adding envelope, and encoding.

configtxlator proto_encode --input config.json --type common.Config --output config.pbconfigtxlator proto_encode --input modified_config.json --type common.Config --output modified_config.pbconfigtxlator compute_update --channel_id mychannel --original config.pb --updated modified_config.pb --output org3_update.pbconfigtxlator proto_decode --input org3_update.pb --type common.ConfigUpdate --output org3_update.jsonecho '{"payload":{"header":{"channel_header":{"channel_id":"mychannel", "type":2}},"data":{"config_update":'$(cat org3_update.json)'}}}' | jq . > org3_update_in_envelope.jsonconfigtxlator proto_encode --input org3_update_in_envelope.json --type common.Envelope --output org3_update_in_envelope.pb

Step 9: Sign and submit the update transaction by both org1 and org2

As this configuration update requires the majority of organizations, we first let org1 sign the transaction, and let org2 update (implicitly sign and then send) the transaction. Before we first check the blockchain height, which is 6.

Now org1 signs the transaction (terminal for org1)
peer channel signconfigtx -f org3_update_in_envelope.pb
peer channel update -f org3_update_in_envelope.pb -c mychannel -o localhost:8050 --ordererTLSHostnameOverride orderer1-org2 --tls --cafile $ORDERER_CA

Step 10: Bring up orderer and peer for org3 and join mychannel

We now bring up components for org3. Note that they are not part of mychannel yet.

docker-compose up -d orderer1-org3 peer1-org3
source term-org3
osnadmin channel join --channelID mychannel --config-block mychannel.block -o localhost:9080 --ca-file $ORDERER_CA --client-cert /tmp/hyperledger/org3/admin/tls-msp/signcerts/cert.pem --client-key /tmp/hyperledger/org3/admin/tls-msp/keystore/key.pem
docker logs on orderer1-org3
peer channel join -b mychannel.block
docker logs on peer1-org3

Step 11: Install and approve chaincode sacc and make observation

To see if org3 is functioning well, we install and approve the chaincode, like what we did on org1 and org2 in step 4.

query from peer1-org1
query from peer1-org2
query from peer1-org3


Through this demonstration we can see how to add an organization in a decentralized fabric network, in which organizations come with their own orderer(s) and peer(s). Meanwhile, the introduction of no-system-channel setup in Fabric v2.3 simplifies the process as now we do not work on the system channel any more. Everything is done in the application channel directly.

Visit for all my works. Reach me on or follow me @kctheservant in Twitter.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store