问题描述
我正在使用Hyperledger Fabric 1.0 fabric-node-sdk教程(https://github.com/hyperledger/fabric-sdk-node/test).
而且我已经设置了两个组织,每个组织都与peer(org1中的peer0和org2中的peer2)各1个.
我的要求是在每个组织中再增加一个对等方(Org1中的peer1和Org2中的peer3).
我相信需要在\ tls文件夹中创建peer1和peer3文件夹并放置一些".pem"文件
例如:
"src \ github.com \ hyperledger \ fabric-sdk-node \ test \ fixtures \ tls \ peers \ peer1"
"src \ github.com \ hyperledger \ fabric-sdk-node \ test \ fixtures \ tls \ peers \ peer3"
"ca-cert.pem"
"cert.pem"
"key.pem"
并且还需要针对以下文件夹中的相应对等方创建admincerts,cacerts,keystore,signcerts文件夹和相应的".pem"
"fabric-sdk-node \ test \ fixtures \ channel \ crypto-config \ peerOrganizations \ org1.example.com \ peers \ peer1.org1.example.com"
"fabric-sdk-node/test/fixtures/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer3.org2.example.com"
请帮助我了解生成这些证书文件并将这些新对等方注册到网络的步骤.
我尝试向CA客户端注册并注册对等方到peerOrg1
fabric-ca-client register --id.name peer3 --id.type peer --id.affiliation org1.department1 --id.secret peer3pw
fabric-ca-client enroll -u http://peer3:peer3pw@localhost:7054 -M $FABRIC_CA_HOME/msp
但是出现错误:
2017/05/03 09:18:30 http: TLS handshake error from [::1]:55890: tls: oversized record received with length 21536
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53220: tls: first record does not look like a TLS handshake
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53221: tls: first record does not look like a TLS handshake
2017/05/03 09:20:25 http: TLS handshake error from [::1]:55891: tls: oversized record received with length 21536
我按照以下步骤在org1中添加新的对等端
1)在CA容器(ca_peerOrg1)
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp
我正在弄错这个错误:
Post failure [Post http://localhost:7054/enroll : malformed HTTP response "\x15\x03\x01\x00\x02\x02\x16"] ; not sending
2)我在执行命令时将主机名替换为容器ID(e2598895c822),仍然收到相同的错误
3)ca_peerOrg1容器日志中的错误:
error : ca_peerOrg1 | 2017/05/03 11:43:02 http: TLS handshake error from [::1]:55913: tls: oversized record received with length 21536
4)我观察到docker组成的yaml文件正在用命令标记(sh -c'fabric-ca-server start --ca.certfile/etc/hyperledger/fabric-ca-server-config/org2)盯着ca_peerOrg1容器. example.com-cert.pem --ca.keyfile/etc/hyperledger/fabric-ca-server-config/464d550fe9bf9e7d8976cdf59d1a5d472598f54c058c3546317c5c5fb0ddfd6e_sk -b admin:adminpw'-d)
我在带有命令标记的docker compose文件中添加了另外一个CA服务器详细信息(sh -c'fabric-ca-server start -b admin:adminpw)为:
fabric-ca-server: 图片:hyperledger/fabric-ca container_name:fabric-ca-server 端口: -"9054:7054"
环境: -FABRIC_CA_HOME =/etc/hyperledger/fabric-ca-server 数量: -"./fabric-ca-server:/etc/hyperledger/fabric-ca-server" 命令:sh -c'fabric-ca-server start -b admin:adminpw'
5)然后我登录到fabric-ca-server容器并按以下命令进行操作
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp
And this time it was successful. And MSP folder got created (with cacert,keystore,signcerts) in container.
6)由于我尝试在org1中添加Peer,因此我再次登录到容器ca_peerOrg1 并使用以下命令从fabric-ca-server获取了证书
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client getcacert -u http://2f67d7031c3f:7054 -M $FABRIC_CA_CLIENT_HOME/msp
And observed that msp folder got imported to ca_peerOrg1.
7)在hyperledger \ fabric-sdk-node \ test \ fixtures \ tls \ peers \中创建了一个文件夹peer1 并使用证书复制了新创建的cacert,keystore,signcerts文件夹.并将/cacert/3002372bba75.pem重命名为/cacert/ca-cert.pem 我已经从peer0文件夹复制了admincerts文件夹8)5)也在"\ hyperledger \ fabric-sdk-node \ test \ fixtures \ channel \ crypto-config \ peerOrganizations \ org1.example.com \ peers \"中创建一个文件夹"peer1.org1.example.com",然后复制了cacert,keystore,signcerts,admincerts文件夹.
9)使用org1中的peer2条目更新了/hyperledger/fabric-sdk-node/test/integration/e2e/config.json
{
"test-network": {
"orderer": {
"url": "grpcs://localhost:7050",
"server-hostname": "orderer0",
"tls_cacerts": "../../fixtures/tls/orderer/ca-cert.pem"
},
"org1": {
"name": "peerOrg1",
"mspid": "Org1MSP",
"ca": "https://localhost:7054",
"peer1": {
"requests": "grpcs://localhost:7051",
"events": "grpcs://localhost:7053",
"server-hostname": "peer0",
"tls_cacerts": "../../fixtures/tls/peers/peer0/ca-cert.pem"
},
"peer2": {
"requests": "grpcs://localhost:9051",
"events": "grpcs://localhost:9053",
"server-hostname": "peer1",
"tls_cacerts": "../../fixtures/tls/peers/peer1/ca-cert.pem"
}
},
"org2": {
"name": "peerOrg2",
"mspid": "Org2MSP",
"ca": "https://localhost:8054",
"peer1": {
"requests": "grpcs://localhost:8051",
"events": "grpcs://localhost:8053",
"server-hostname": "peer2",
"tls_cacerts": "../../fixtures/tls/peers/peer2/ca-cert.pem"
}
}
}
}
10)创建了另一个docker文件"docker-compose_peer1.yaml",其中仅包含peer1的详细信息并启动了docker compose,现在这些容器已经启动(ca_peerOrg2,ca_peerOrg1,orderer0,couchdb,peer2,peer0,peer1,fabric-ca-server)
11)执行以下comaands及其失败CD/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/test/integration/e2e节点create-channel.js节点join-channel.js
routines:ssl3_get_server_certificate:certificate verify failed.
events.js:160
throw er; // Unhandled 'error' event
^
Error: Connect Failed
at ClientDuplexStream._emitStatusIfDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:201:19)
at ClientDuplexStream._readsDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:
您能否请我帮我知道我所遵循的步骤是正确的.请帮助我添加新的同伴.
当在fabric-ca-client的URL中指定"http"时,会发生错误"tls:接收到的长度为21536的超大记录",但是该fabric -ca-server已在启用TLS的情况下启动,因此正在侦听"https".但是,由于登录到容器时它在fabric-ca-client上使用http起作用,但是不能从您的主机上工作,因此我猜想主机上还有另一个Fabric-ca-server实例正在运行,并且启用了TLS./p>
I am using Hyperledger Fabric 1.0 fabric-node-sdk tutorial (https ://github.com/hyperledger/fabric-sdk-node/test ).
And I have setup the two organization each 1 with peer(peer0 in org1 and peer2 in org2).
My requirement is to add one more peer in each organization(peer1 in Org1 and peer3 in Org2).
I believe need to create peer1 and peer3 folder inside \tls folder and place some ".pem" files
example:
"src\github.com\hyperledger\fabric-sdk-node\test\fixtures\tls\peers\peer1"
"src\github.com\hyperledger\fabric-sdk-node\test\fixtures\tls\peers\peer3"
"ca-cert.pem"
"cert.pem"
"key.pem"
And also need to create admincerts ,cacerts,keystore,signcerts folders and respective ".pem" with respect to corresponding peers in below folders
"fabric-sdk-node\test\fixtures\channel\crypto-config\peerOrganizations\org1.example.com\peers\peer1.org1.example.com"
"fabric-sdk-node/test/fixtures/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer3.org2.example.com"
Could you please help me to know the steps to generate these certificate files and register these new peers to network.
I have tried to CA client to register and enroll peer to peerOrg1
fabric-ca-client register --id.name peer3 --id.type peer --id.affiliation org1.department1 --id.secret peer3pw
fabric-ca-client enroll -u http://peer3:peer3pw@localhost:7054 -M $FABRIC_CA_HOME/msp
But getting the error :
2017/05/03 09:18:30 http: TLS handshake error from [::1]:55890: tls: oversized record received with length 21536
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53220: tls: first record does not look like a TLS handshake
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53221: tls: first record does not look like a TLS handshake
2017/05/03 09:20:25 http: TLS handshake error from [::1]:55891: tls: oversized record received with length 21536
I followed below steps to add new peer in org1
1) In CA container (ca_peerOrg1)
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp
And I am gtting the error:
Post failure [Post http://localhost:7054/enroll : malformed HTTP response "\x15\x03\x01\x00\x02\x02\x16"] ; not sending
2) I have replace hostname to container id (e2598895c822) while executing the command , Still getting the same error
3) error in ca_peerOrg1 container log:
error : ca_peerOrg1 | 2017/05/03 11:43:02 http: TLS handshake error from [::1]:55913: tls: oversized record received with length 21536
4) I observed docker composed yaml file is staring the ca_peerOrg1 container with command tag (sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/464d550fe9bf9e7d8976cdf59d1a5d472598f54c058c3546317c5c5fb0ddfd6e_sk -b admin:adminpw' -d)
I added one more CA server details in docker compose file with command tag (sh -c 'fabric-ca-server start -b admin:adminpw) as:
fabric-ca-server: image: hyperledger/fabric-ca container_name: fabric-ca-server ports: - "9054:7054"
environment: - FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server volumes: - "./fabric-ca-server:/etc/hyperledger/fabric-ca-server" command: sh -c 'fabric-ca-server start -b admin:adminpw'
5) Then I have login to the fabric-ca-server container and excuted below commands
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp
And this time it was successful. And MSP folder got created (with cacert,keystore,signcerts) in container.
6) Since I was trying add Peer in org1 , so I login to again container ca_peerOrg1 and got the cerificate from fabric-ca-server using below commands
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client getcacert -u http://2f67d7031c3f:7054 -M $FABRIC_CA_CLIENT_HOME/msp
And observed that msp folder got imported to ca_peerOrg1.
7) created one folder peer1 in hyperledger\fabric-sdk-node\test\fixtures\tls\peers\ and copied the newly created cacert,keystore,signcerts folders with certificates. And renamed /cacert/3002372bba75.pem to /cacert/ca-cert.pem admincerts folder i have copied from peer0 folder8)Also 5) created one folder "peer1.org1.example.com" in "\hyperledger\fabric-sdk-node\test\fixtures\channel\crypto-config\peerOrganizations\org1.example.com\peers\" and copied cacert,keystore,signcerts,admincerts folder.
9) updated the /hyperledger/fabric-sdk-node/test/integration/e2e/config.json with peer2 entry in org1
{
"test-network": {
"orderer": {
"url": "grpcs://localhost:7050",
"server-hostname": "orderer0",
"tls_cacerts": "../../fixtures/tls/orderer/ca-cert.pem"
},
"org1": {
"name": "peerOrg1",
"mspid": "Org1MSP",
"ca": "https://localhost:7054",
"peer1": {
"requests": "grpcs://localhost:7051",
"events": "grpcs://localhost:7053",
"server-hostname": "peer0",
"tls_cacerts": "../../fixtures/tls/peers/peer0/ca-cert.pem"
},
"peer2": {
"requests": "grpcs://localhost:9051",
"events": "grpcs://localhost:9053",
"server-hostname": "peer1",
"tls_cacerts": "../../fixtures/tls/peers/peer1/ca-cert.pem"
}
},
"org2": {
"name": "peerOrg2",
"mspid": "Org2MSP",
"ca": "https://localhost:8054",
"peer1": {
"requests": "grpcs://localhost:8051",
"events": "grpcs://localhost:8053",
"server-hostname": "peer2",
"tls_cacerts": "../../fixtures/tls/peers/peer2/ca-cert.pem"
}
}
}
}
10)Created one more docker file "docker-compose_peer1.yaml" , which contains only details of peer1and started docker compose and now these containers are up (ca_peerOrg2,ca_peerOrg1,orderer0,couchdb,peer2,peer0,peer1,fabric-ca-server)
11) executing below comaands and its failingCd /hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/test/integration/e2enode create-channel.js node join-channel.js
routines:ssl3_get_server_certificate:certificate verify failed.
events.js:160
throw er; // Unhandled 'error' event
^
Error: Connect Failed
at ClientDuplexStream._emitStatusIfDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:201:19)
at ClientDuplexStream._readsDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:
could you plese help me to to know the steps i am following is correct. Please help me to add new peer.
The error "tls: oversized record received with length 21536" occurs when you specify "http" in the URL for the fabric-ca-client, but the fabric-ca-server was started with TLS enabled and therefore is listening on "https".But since it worked using http on the fabric-ca-client when logging into the container but does not work from your host, my guess is that there is another instance of fabric-ca-server running on your host and has TLS enabled.
这篇关于如何在Hyperledger Fabric 1.0中为组织中的新对等方生成证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!