我正在使用Hyperledger Fabric 1.0 fabric-node-sdk教程(https://github.com/hyperledger/fabric-sdk-node/test)。 我已经设置了两个组织,每个组织与对等体(org1中的peer0和org2中的peer2)。 我的要求是在每个组织中添加一个对等体(Org1中的peer1和Org2中的peer3)。 我相信需要在\ tls文件夹中创建peer1和peer3文件夹并放置一些“.pem”文件 例: “SRC \ github.com \ hyperledger \织物-SDK节点\测试\夹具\ TLS \同行\方1” “SRC \ github.com \ hyperledger \织物-SDK节点\测试\夹具\ TLS \同行\对等体3” “CA-cert.pem” “cert.pem” “key.pem”
并且还需要创建admincerts,cacerts,keystore,signcerts文件夹以及相应于以下文件夹中相应对等项的“.pem”
“织物-SDK节点\测试\夹具\通道\加密配置\ peerOrganizations \ org1.example.com \同行\ peer1.org1.example.com” “织物-SDK-节点/测试/装置/信道/加密配置/ peerOrganizations / org2.example.com /同位体/ peer3.org2.example.com”
能否帮助我了解生成这些证书文件的步骤,并将这些新的对等体注册到网络。
我已经尝试过CA客户端注册并注册peer to peerOrg1
fabric-ca-client register --id.name peer3 --id.type peer --id.affiliation org1.department1 --id.secret peer3pw
fabric-ca-client enroll -u http://peer3:peer3pw@localhost:7054 -M $FABRIC_CA_HOME/msp
但得到错误:
2017/05/03 09:18:30 http: TLS handshake error from [::1]:55890: tls: oversized record received with length 21536
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53220: tls: first record does not look like a TLS handshake
2017/05/03 09:19:04 http: TLS handshake error from 192.168.132.17:53221: tls: first record does not look like a TLS handshake
2017/05/03 09:20:25 http: TLS handshake error from [::1]:55891: tls: oversized record received with length 21536
我按照以下步骤在org1中添加了新的peer
1)在CA容器中(ca_peerOrg1)
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/admin
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp
我收到错误:
Post failure [Post http://localhost:7054/enroll : malformed HTTP response "\x15\x03\x01\x00\x02\x02\x16"] ; not sending
2)我在执行命令时将主机名替换为容器ID(e2598895c822),仍然得到相同的错误
3)ca_peerOrg1容器日志中的错误:
error : ca_peerOrg1 | 2017/05/03 11:43:02 http: TLS handshake error from [::1]:55913: tls: oversized record received with length 21536
4)我观察到docker组成的yaml文件正在用命令标签盯着ca_peerOrg1容器(sh -c'fabric-ca-server start -ca.certfile /etc/hyperledger/fabric-ca-server-config/org2.example.com -cert.pem --ca.keyfile / etc / hyperledger / fabric-ca-server-config / 464d550fe9bf9e7d8976cdf59d1a5d472598f54c058c3546317c5c5fb0ddfd6e_sk -b admin:adminpw'-d)
我在docker compose文件中添加了一个带有命令标记(sh -c'fabric-ca-server start -b admin:adminpw)的CA服务器详细信息:
fabric-ca-server:image:hyperledger / fabric-ca container_name:fabric-ca-server ports: - “9054:7054” 环境: - FABRIC_CA_HOME = / etc / hyperledger / fabric-ca-server卷: - ./fabric-ca-server:/etc/hyperledger/fabric-ca-server“命令:sh -c'fabric-ca-server start -b admin:adminpw'
5)然后我登录到fabric-ca-server容器并在命令下面执行
fabric-ca-client enroll -u http://admin:adminpw@localhost:7054
fabric-ca-client register --id.name peer1 --id.type peer --id.affiliation org1.department1 --id.secret peer1pw
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client enroll -u http://peer1:peer1pw@localhost:7054 -M $FABRIC_CA_CLIENT_HOME/msp
And this time it was successful. And MSP folder got created (with cacert,keystore,signcerts) in container.
6)因为我尝试在org1中添加Peer,所以我再次登录容器露营者Org1并使用以下命令从fabric-ca-server获得证书
export FABRIC_CA_CLIENT_HOME=$HOME/fabric-ca/clients/peer1
fabric-ca-client getcacert -u http://2f67d7031c3f:7054 -M $FABRIC_CA_CLIENT_HOME/msp
And observed that msp folder got imported to ca_peerOrg1.
7)在hyperledger \ fabric-sdk-node \ test \ fixtures \ tls \ peers \中创建了一个文件夹peer1,并复制了新创建的带有证书的cacert,keystore,signcerts文件夹。并将/cacert/3002372bba75.pem重命名为/cacert/ca-cert.pem admincerts文件夹我已经从peer0文件夹中复制了8)另外5)在“\ hyperledger \ fabric-sdk”中创建了一个文件夹“peer1.org1.example.com” -node \ test \ fixtures \ channel \ crypto-config \ peerOrganizations \ org1.example.com \ peers \“并复制cacert,keystore,signcerts,admincerts文件夹。
9)使用org1中的peer2条目更新了/hyperledger/fabric-sdk-node/test/integration/e2e/config.json
{
"test-network": {
"orderer": {
"url": "grpcs://localhost:7050",
"server-hostname": "orderer0",
"tls_cacerts": "../../fixtures/tls/orderer/ca-cert.pem"
},
"org1": {
"name": "peerOrg1",
"mspid": "Org1MSP",
"ca": "https://localhost:7054",
"peer1": {
"requests": "grpcs://localhost:7051",
"events": "grpcs://localhost:7053",
"server-hostname": "peer0",
"tls_cacerts": "../../fixtures/tls/peers/peer0/ca-cert.pem"
},
"peer2": {
"requests": "grpcs://localhost:9051",
"events": "grpcs://localhost:9053",
"server-hostname": "peer1",
"tls_cacerts": "../../fixtures/tls/peers/peer1/ca-cert.pem"
}
},
"org2": {
"name": "peerOrg2",
"mspid": "Org2MSP",
"ca": "https://localhost:8054",
"peer1": {
"requests": "grpcs://localhost:8051",
"events": "grpcs://localhost:8053",
"server-hostname": "peer2",
"tls_cacerts": "../../fixtures/tls/peers/peer2/ca-cert.pem"
}
}
}
}
10)创建了另一个docker文件“docker-compose_peer1.yaml”,其中只包含peer1的详细信息并启动了docker compose,现在这些容器已启动(ca_peerOrg2,ca_peerOrg1,orderer0,couchdb,peer2,peer0,peer1,fabric-ca-服务器)
11)执行下面的comaands及其失败的Cd /hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/test/integration/e2e节点create-channel.js节点join-channel.js
routines:ssl3_get_server_certificate:certificate verify failed.
events.js:160
throw er; // Unhandled 'error' event
^
Error: Connect Failed
at ClientDuplexStream._emitStatusIfDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:201:19)
at ClientDuplexStream._readsDone (/root/hyperledger1.0.0/gopath/src/github.com/hyperledger/fabric-sdk-node/node_modules/grpc/src/node/src/client.js:
你能帮助我知道我所遵循的步骤是否正确。请帮我添加新的同行。
当您在fabric-ca-client的URL中指定“http”时出现错误“tls:收到长度为21536的超大记录”,但fabric-ca-server在启用TLS的情况下启动,因此正在侦听“https” 。但是,由于在登录容器时在fabric-ca-client上使用http工作但在主机上无法正常工作,我的猜测是在主机上运行另一个fabric-ca-server实例并启用了TLS。
要为新对等体生成加密材料(使用cryptogen extends),您需要编辑crypto-config.yaml文件,然后执行:
cryptogen extend --config=./crypto-config.yaml
你可以在这里找到完整的指南