I am using Hyperledger Fabric 1.0 fabric-node-sdk tutorial (https ://github.com/hyperledger/fabric-sdk-node/test ).
And I have setup the two organization each 1 with peer(peer0 in org1 and peer2 in org2).
My requirement is to add one more peer in each organization(peer1 in Org1 and peer3 in Org2).
I believe need to create peer1 and peer3 folder inside \tls folder and place some ".pem" files
example:
"src\github.com\hyperledger\fabric-sdk-node\test\fixtures\tls\peers\peer1"
"src\github.com\hyperledger\fabric-sdk-node\test\fixtures\tls\peers\peer3"
"ca-cert.pem"
"cert.pem"
"key.pem"
And also need to create admincerts ,cacerts,keystore,signcerts folders and respective ".pem" with respect to corresponding peers in below folders
"fabric-sdk-node\test\fixtures\channel\crypto-config\peerOrganizations\org1.example.com\peers\peer1.org1.example.com"
"fabric-sdk-node/test/fixtures/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer3.org2.example.com"
Could you please help me to know the steps to generate these certificate files and register these new peers to network.
I have tried to CA client to register and enroll peer to peerOrg1
fabric-ca-client register --id.name peer3 --id.type peer --id.affiliation org1.department1 --id.secret peer3pw
fabric-ca-client enroll -u http://peer3:peer3pw@localhost:7054 -M $FABRIC_CA_HOME/msp
But getting the error :
2017/05/03 09:18:30 http: TLS handshake error from [::1]:55890: tls: oversized record received with length 21536
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53220: tls: first record does not look like a TLS handshake
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53221: tls: first record does not look like a TLS handshake
2017/05/03 09:20:25 http: TLS handshake error from [::1]:55891: tls: oversized record received with length 21536
I followed below steps to add new peer in org1
1) In CA container (ca_peerOrg1)
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp
And I am gtting the error:
Post failure [Post http://localhost:7054/enroll : malformed HTTP response "\x15\x03\x01\x00\x02\x02\x16"] ; not sending
2) I have replace hostname to container id (e2598895c822) while executing the command , Still getting the same error
3) error in ca_peerOrg1 container log:
error : ca_peerOrg1 | 2017/05/03 11:43:02 http: TLS handshake error from [::1]:55913: tls: oversized record received with length 21536
4) I observed docker composed yaml file is staring the ca_peerOrg1 container with command tag (sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/464d550fe9bf9e7d8976cdf59d1a5d472598f54c058c3546317c5c5fb0ddfd6e_sk -b admin:adminpw' -d)
I added one more CA server details in docker compose file with command tag (sh -c 'fabric-ca-server start -b admin:adminpw) as:
fabric-ca-server:
image: hyperledger/fabric-ca
container_name: fabric-ca-server
ports:
- "9054:7054"
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
volumes:
- "./fabric-ca-server:/etc/hyperledger/fabric-ca-server"
command: sh -c 'fabric-ca-server start -b admin:adminpw'
5) Then I have login to the fabric-ca-server container and excuted below commands
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp
And this time it was successful. And MSP folder got created (with cacert,keystore,signcerts) in container.
6) Since I was trying add Peer in org1 , so I login to again container ca_peerOrg1 and got the cerificate from fabric-ca-server using below commands
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client getcacert -u http://2f67d7031c3f:7054 -M $FABRIC_CA_CLIENT_HOME/msp
And observed that msp folder got imported to ca_peerOrg1.
7) created one folder peer1 in hyperledger\fabric-sdk-node\test\fixtures\tls\peers\ and copied the newly created cacert,keystore,signcerts folders with certificates. And renamed /cacert/3002372bba75.pem to /cacert/ca-cert.pem admincerts folder i have copied from peer0 folder 8)Also 5) created one folder "peer1.org1.example.com" in “\hyperledger\fabric-sdk-node\test\fixtures\channel\crypto-config\peerOrganizations\org1.example.com\peers\” and copied cacert,keystore,signcerts,admincerts folder.
9) updated the /hyperledger/fabric-sdk-node/test/integration/e2e/config.json with peer2 entry in org1
{
"test-network": {
"orderer": {
"url": "grpcs://localhost:7050",
"server-hostname": "orderer0",
"tls_cacerts": "../../fixtures/tls/orderer/ca-cert.pem"
},
"org1": {
"name": "peerOrg1",
"mspid": "Org1MSP",
"ca": "https://localhost:7054",
"peer1": {
"requests": "grpcs://localhost:7051",
"events": "grpcs://localhost:7053",
"server-hostname": "peer0",
"tls_cacerts": "../../fixtures/tls/peers/peer0/ca-cert.pem"
},
"peer2": {
"requests": "grpcs://localhost:9051",
"events": "grpcs://localhost:9053",
"server-hostname": "peer1",
"tls_cacerts": "../../fixtures/tls/peers/peer1/ca-cert.pem"
}
},
"org2": {
"name": "peerOrg2",
"mspid": "Org2MSP",
"ca": "https://localhost:8054",
"peer1": {
"requests": "grpcs://localhost:8051",
"events": "grpcs://localhost:8053",
"server-hostname": "peer2",
"tls_cacerts": "../../fixtures/tls/peers/peer2/ca-cert.pem"
}
}
}
}
10)Created one more docker file “docker-compose_peer1.yaml” , which contains only details of peer1 and started docker compose and now these containers are up (ca_peerOrg2,ca_peerOrg1,orderer0,couchdb,peer2,peer0,peer1,fabric-ca-server)
11) executing below comaands and its failing Cd /hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/test/integration/e2e node create-channel.js node join-channel.js
routines:ssl3_get_server_certificate:certificate verify failed.
events.js:160
throw er; // Unhandled 'error' event
^
Error: Connect Failed
at ClientDuplexStream._emitStatusIfDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:201:19)
at ClientDuplexStream._readsDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:
could you plese help me to to know the steps i am following is correct. Please help me to add new peer.
The error "tls: oversized record received with length 21536" occurs when you specify "http" in the URL for the fabric-ca-client, but the fabric-ca-server was started with TLS enabled and therefore is listening on "https". But since it worked using http on the fabric-ca-client when logging into the container but does not work from your host, my guess is that there is another instance of fabric-ca-server running on your host and has TLS enabled.
To generate the crypto material (using cryptogen extends) for the new peer, you need to edit the crypto-config.yaml file and then execute:
You can find the complete guide at
Extending Hyperledger Fabric Network: Adding a new peer