I am trying to Maintain the High Availability (HA) of the Certificate Authority (CA) server (Without using the Container orchestration Technique like K8). To achieve that, I used the YAML anchor and merge syntax. Both containers run and listen to the server port.
The Problem here arises is, Only one server works as expected as previous as a normal, and another replicated using merge and anchor is not working. It throws an error while sending a request to the replicated server using SDK.
I performed enrollAdmin operation using enrollAdmin.js provided by fabcar (sample provided by hyperledger fabric). The error code is as below :
gopal@gopal:~/Dappdev/first/fabric-samples/fabcar/javascript$ node enrollAdmin.js
Wallet path: /home/gopal/Dappdev/first/fabric-samples/fabcar/javascript/wallet
Enroll the admin user, and import the new identity into the wallet
2021-01-12T08:42:03.572Z - error: [FabricCAClientService.js]: Failed to enroll admin, error:%o message=Calling enrollment endpoint failed with error [Error: write EPROTO 139961596319552:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
], stack=Error: Calling enrollment endpoint failed with error [Error: write EPROTO 139961596319552:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
]
at ClientRequest.request.on (/home/gopal/Dappdev/first/fabric-samples/fabcar/javascript/node_modules/fabric-ca-client/lib/FabricCAClient.js:487:12)
at ClientRequest.emit (events.js:198:13)
at TLSSocket.socketErrorListener (_http_client.js:401:9)
at TLSSocket.emit (events.js:198:13)
at errorOrDestroy (internal/streams/destroy.js:107:12)
at onwriteError (_stream_writable.js:436:5)
at onwrite (_stream_writable.js:461:5)
at _destroy (internal/streams/destroy.js:49:7)
at TLSSocket.Socket._destroy (net.js:614:3)
at TLSSocket.destroy (internal/streams/destroy.js:37:8)
Failed to enroll admin user "admin": Error: Calling enrollment endpoint failed with error [Error: write EPROTO 139961596319552:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332:
]
gopal@gopal:~/Dappdev/first/fabric-samples/fabcar/javascript$
Additionally, to explain more, I am adding CA configuration file as below.
version: '2'
networks:
byfn:
services:
ca0: &name-me
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/key.pem
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/key.pem -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_server01
networks:
- byfn
# Replicated CA
ca01:
<<: *name-me # <- this is a merge (<<) with an alias (*name-me)
# keys below merge notation override those that declared under anchor
# so this:
ports:
- "8054:8054"
container_name: ca_server02
environment:
- FABRIC_CA_SERVER_PORT=8054
Further more, to confirm the configuration, I have added a connection profile for this CA.
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "https://localhost:8054",
"caName": "ca-org1",
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----
MIICUDCCAfegAwIBAgIQWmpv94Te6dBKBjMEJrZ/RDAKBggqhkjOPQQDAjBzMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu
b3JnMS5leGFtcGxlLmNvbTAeFw0yMDEyMDQwODI1MDBaFw0zMDEyMDIwODI1MDBa
MHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T
YW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMRwwGgYDVQQD
ExNjYS5vcmcxLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
vhAwa7BeZTdV+Sevx0LEg+dptt1GIaQpukOhiEGmstF7Re8okIQXhQw/WjTVWlv8
GccHPcoUuVe6nBklpHEL/qNtMGswDgYDVR0PAQH/BAQDAgGmMB0GA1UdJQQWMBQG
CCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdDgQiBCBJ
/ICyRsXWQVxtcPI0+8+ZtAYHGXb0z4VBd5yvvmv64zAKBggqhkjOPQQDAgNHADBE
AiBYadQuHePis5gPkEoLR3yVaYzEADap31XcSg9P1L6akAIgMoxWuq58zpQrIY0X
h4zC6aHdSt2u4hJtXLB+8JNzVy8=
-----END CERTIFICATE-----
"
},
"httpOptions": {
"verify": false
}
}
Is there a better way to solve this issue of replicated docker container not working for CA server replication?
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…