I'm struggling with identity management on a peer node using the newer OU approach to credentials. I'm close to having it working, but there's some concept or something that I'm missing.
Where I'm stuck is with trying to issue a peer channel join command on the peer.
I've tried this 2 ways:
However, running the peer node as an admin can't be the right answer. The documentation is clear:
How can the peer node act as both a peer for "endorsing and committing transactions" and an admin for "handling administrative tasks"? What am I missing here? How do I setup a peer identity that has admin rights to its peer node?
I also want to make sure that the credentials stored on the peer only allow admin commands on that specific peer node and do not provide admin rights to the broader network.
Thanks in advance.
You should only use the Admin's MSP to run peer channel join, but your peer's CORE_PEER_ADDRESS.
export CORE_PEER_MSPCONFIGPATH=$ADMINMSP
export CORE_PEER_ADDRESS=$YOURPEERADDRES
peer channel join -b /path/to/block
The peer is already up using its own peer MSP, so it will not use the Admin's MSP to run on the network. It is just for this operation.
You don't need to register a peer as an admin, but you must have an admin user to take care of these functionalities. It is strongly advised to not use the Org Admin MSP (Channel MSP) for any operation rather than on the channel configuration, so just enroll a new admin user and use it for admin operations. It is not necessary to store admin files on a peer, just have a convenient way to use the Admin MSP when it is needed.
Regarding the confusion, in Fabric you can have an admin act as a peer but not the other way around.