Hyperledger Fabric NodeOUs with CA Server Failed validating bootstrap block. MSP manager failed

Question

setting up the MSP manager failed: administrators must be declared when no admin ou classification is set.

CA Server seems fine. I register and enroll caadmin, orgadmin, ordereradmin. I create the genesis.block with orgadmin. orgadmin has admin in OU. orderer has OU=orderer.

It seems to use the config.yaml, as it gives a WARN on Failed loading ClientOU certificate. (Just a warning and not required, per the docs).

But even though I set the AdminOUIdentifier: # Certificate: "cacerts/cacert.pem" OrganizationalUnitIdentifier: "admin"

and the OrgAdmin has OU=admin in the subject, it errors and says no admin ou is set.

What am I missing?

Answer 1

The OU definition needs to be set like you are doing using config.yaml file. You need to define the OUs for every MSP in your channel, before creating the network. Then you start the network, such that the local MSPs (the MSP configurations of nodes: peers and orderers) also get this config.yaml in their MSP directories respectively.

This way, the NodeOUs will be enabled in the channel and the local MSPs of the nodes will also respect the same configuration.

If the NodeOUs are not set, then while creating the node containers, in the MSP directory that you mount inside the respective nodes, must have an admincerts sub-folder which will contain the certificate issued by the CA of that organization (or at least is a valid certificate in the chain of trust for that organization's MSP).

NOTE: If admincerts have been configured, i.e. the NodeOUs are disabled, then the Hyperledger Fabric network, will recognize only the identity of that organization holding the certificate present in the admincerts directory as the admin of that organization.