Hyperledger Fabric on AKS - Add onprem peer

Ahmed Kamal 1 Reputation point
2020-06-08T21:30:15.34+00:00

Hi,

I'm working on a project that should be going production soon. We've started using the HLF templates on AKS. I was able to follow the docs to setup the orderer org, and the peer org and join a channel.

In real life, some of the peers will need to live on-prem. Can anyone provide guidance how the azhlf tool may also be used to join an onprem peer ?

Also, is there a way to use the same yaml templates to deploy HLF on-prem on kubernetes. I'd like all deployments (AKS or onprem) to look similar.

Thanks

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
38,792 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shruti Gupta 16 Reputation points
    2020-06-16T12:02:58.42+00:00

    Azhlf tool internally use Fabric Nodejs SDK to perform the operation. It can be used to perform operation on on-prem node as long as the below pre-conditions are satisfied:

    1. Root certificate and MSPID of on-prem peer node should be same as root certificate and MSPID of peer organization created using AKS-HLF template.
    2. On-prem peer node should be accessible over public endpoint.

    Please follow below steps in the given order to achieve this:

    1. Bring-up a peer organization on AKS-HLF template using "upload root certificate for Fabric CA" option against "certificates" in "Fabric Settings" blade.
    2. Setup azhlf tool for peer organization using Step1, Step2, and Step3
    3. Create enrollment and TLS public-private key pair for on-prem peer node using same root certificate as used in step 1 and prepare MSP folder for on-prem peer node. “admincerts” for MSP can be fetch from wallet in azhlf using the below command: 
      peerOrgName=<peer organization name>  
cat ./azhlfTool/stores/wallets/$peerOrgName/admin.$peerOrgName/admin.$peerOrgName | jq '.enrollment.identity.certificate' | tr -d '"' | sed 's/\\n/\n/g'
    4. Start the on-prem peer node using the MSP folder prepared in above step. Few things you need to make sure while bring up this peer node is:
      (1) MSPID of peer node should be same as peer organization name used in step 1. (2)
      Make sure that on-prem node is accessible on public endpoint.
      1. Edit peer organization connection profile in azhlf tool setup in step 2 to add details of on-prem peer node in "peers" section. Connection profile is present at path “./azhlfTool/stores/connectionprofiles/<peerOrgName>.json”.
      2. Follow the steps mentioned here to add peer organization in the channel and then join all peer nodes in the channel.

    Thanks & Regards,

    Shruti Gupta

    1 person found this answer helpful.
  2. RamyaV-MSFT 96 Reputation points
    2020-06-23T12:01:18.32+00:00

    Hi Ahmed,

    The Hyperledger Fabric on Azure Kubernetes Service template offering is mainly to help customers deploy HLF network on Azure. We currently do not support hybrid scenario through this template offering, hence we do not have the azhlf tool extended for on-prem nodes. You can use the steps provided by Shruti to try out the scenario.

    We have open sourced the code of the template, for any further modifications in the scenario you want to build I would recommend you to go through the code here https://github.com/Azure/Hyperledger-Fabric-on-Azure-Kubernetes-Service and feel free to build over it.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.