I am trying to setup blockchain network with two organizations having two peers in each organization. I generated crypto material using fabric-ca-server-client command after setting up separate CAs for org1, org2 and orderer organizations. All peers and orderers are running in different containers in a single VM. Issue is about IP SANS.
# Register peer0 certificates now
fabric-ca-client register --caname ca.org1.example.com --csr.cn peer0.org1.example.com --csr.names 'O=org1,OU=peer,C=IN,ST=Telangana' --id.name peer0 --id.secret peer0pw --id.type peer --id.attrs '"hf.Registrar.Roles=peer"' --tls.certfiles ${FABRIC_CA_CLIENT_HOME}/ca/tls-ca-org1-example-com-cert.pem
# Enroll peer0 certificates now which stores crypto material for peer0 in msp folder
fabric-ca-client enroll -u https://peer0:peer0pw#localhost:7060 --caname ca.org1.example.com --csr.cn peer0.org1.example.com --csr.names 'O=org1,OU=peer,C=IN,ST=Telangana' -M ${FABRIC_CA_CLIENT_HOME}/peers/peer0.org1.example.com/msp --csr.hosts peer0.org1.example.com --tls.certfiles ${FABRIC_CA_CLIENT_HOME}/ca/tls-ca-org1-example-com-cert.pem
I am getting below error while executing docker logs peer0.org1.example.com
2022-03-05 08:49:11.635 UTC [grpc] Warningf -> DEBU 04f grpc: addrConn.createTransport failed to connect to {127.0.0.1:7051 <nil> 0 <nil>}. Err: connection error: desc = "transport: authentication handshake failed: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs". Reconnecting...
2022-03-05 08:49:11.636 UTC [grpc] Infof -> DEBU 052 Subchannel Connectivity change to TRANSIENT_FAILURE
2022-03-05 08:49:11.636 UTC [grpc] UpdateSubConnState -> DEBU 053 pickfirstBalancer: HandleSubConnStateChange: 0xc002ae4e40, {TRANSIENT_FAILURE connection error: desc = "transport: authentication handshake failed: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs"}
2022-03-05 08:49:11.636 UTC [grpc] Infof -> DEBU 054 Channel Connectivity change to TRANSIENT_FAILURE
2022-03-05 08:49:11.635 UTC [core.comm] ServerHandshake -> ERRO 050 Server TLS handshake failed in 945.487µs with error remote error: tls: bad certificate server=PeerServer remoteaddress=127.0.0.1:38460
2022-03-05 08:49:11.637 UTC [grpc] Warningf -> DEBU 055 grpc: Server.Serve failed to complete security handshake from "127.0.0.1:38460": remote error: tls: bad certificate
Related
I had created a hyperledger fabric channel [channel1] with two peer organizations**(Org1,Org2)** and one orderer organization (OrdererOrg), and there are one peer (peer0.org1.com/peer0.org2.com) in each peer organization and three orderer nodes**[Orderer0, Orderer1, Orderer 2]** in the orderer organization. After joining ordering nodes and peers into the channel and setting [peer0.org1.com] and [peer0.org2.com] as anchor peers, the follow errors are printed in peer logs:
peer0.org1.com
2021-04-14 10:53:08.108 CST [core.comm] ServerHandshake -> ERRO 1a2 Server TLS handshake failed in 962.117µs with error remote error: tls: bad certificate server=PeerServer remoteaddress=127.0.0.1:58281
2021-04-14 10:53:09.112 CST [core.comm] ServerHandshake -> ERRO 1a3 Server TLS handshake failed in 2.162124ms with error remote error: tls: bad certificate server=PeerServer remoteaddress=127.0.0.1:58283
2021-04-14 10:53:10.836 CST [core.comm] ServerHandshake -> ERRO 1a4 Server TLS handshake failed in 1.629684ms with error remote error: tls: bad certificate server=PeerServer remote address=127.0.0.1:58285
peer0.org2.com
2021-04-14 10:53:11.107 CST [gossip.gossip] func1 -> WARN 12f Deep probe of localhost:20000 for channel channel1 failed: context deadline exceeded
2021-04-14 10:53:11.108 CST [gossip.discovery] func1 -> WARN 130 Could not connect to Endpoint: localhost:20000, InternalEndpoint: localhost:20000, PKI-ID: <nil>, Metadata: : context deadline exceeded
configtx.yaml
core.yaml of [peer0.org1.com]
core.yaml of [peer0.org2.com]
The tutorials I followed:
Creating a channel
I solved the problem by add an folder named tlscacerts to the organization msp.
Noticed that in the test-network /test-network/organizations/peerOrganizations/org1.example.com/msp/tlscacerts/
enter image description here
copy your tls root ca certificate into it.
I just up the hyperledger docker container. I use TLS enabled orderer and peers. I created the channel using the command in cli bash(for peer0)
peer channel create -o orderer0.Myname.com:7050 -c Mynamechannel -f /opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/Myname.com/orderers/orderer0.Myname.com/msp/tlscacerts/tlsca.Myname.com-cert.pem
It runs successfully. Then I try to join the channel using the command
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.Myname.com/users/Admin#org1.Myname.com/msp
export CORE_PEER_ADDRESS=peer0.org1.Myname.com:7051
export CORE_PEER_LOCALMSPID="Org1Myname"
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.Myname.com/peers/peer0.org1.Myname.com/tls/ca.crt
peer channel join -b Mynamechannel.block
But got the errors some thing like
2019-02-07 05:53:15.047 UTC [msp/identity] Sign -> DEBU 006 Sign: digest: 143E4E155F1757BB9987562A28A4901B61615989BDB7B6ACD804FF60B2A15F0A
2019-02-07 05:53:15.047 UTC [grpc] Printf -> DEBU 007 transport: http2Client.notifyError got notified that the client transport was broken read tcp 192.168.64.19:60288->192.168.64.18:7051: read: connection reset by peer.
2019-02-07 05:53:15.048 UTC [grpc] Printf -> DEBU 008 transport: http2Client.notifyError got notified that the client transport was broken unexpected EOF.
2019-02-07 05:53:15.049 UTC [grpc] Printf -> DEBU 009 transport: http2Client.notifyError got notified that the client transport was broken unexpected EOF.
2019-02-07 05:53:15.050 UTC [grpc] Printf -> DEBU 00a transport: http2Client.notifyError got notified that the client transport was broken read tcp 192.168.64.19:60294->192.168.64.18:7051: read: connection reset by peer.
Error: proposal failed (err: rpc error: code = Unavailable desc = transport: write tcp 192.168.64.19:60288->192.168.64.18:7051: use of closed network connection)
And sometimes get an another error that
019-02-07 07:06:38.322 UTC [msp/identity] Sign -> DEBU 005 Sign: digest: D43291FFCD0DE17F5CC33A7DBBB47D043FE83C91EA8514EDCED6AC1D31C0A061
2019-02-07 07:06:38.322 UTC [grpc] Printf -> DEBU 006 transport: http2Client.notifyError got notified that the client transport was broken write tcp 192.168.80.19:56288->192.168.80.18:7051: write: connection reset by peer.
Error: proposal failed (err: rpc error: code = Unavailable desc = transport: write tcp 192.168.80.19:56288->192.168.80.18:7051: write: connection reset by peer)
Thanks in advance.
Fabric : 1.1.0
Os: Ubuntu 16.04
I am trying to create a channel in the deployed hyperledger fabric.
using command
peer channel create -o orderer0.orgorderer1:7050 -c mychannel -f ./channel-artifacts/channel.tx
but i am getting error
2018-01-18 09:59:05.382 UTC [grpc] Printf -> DEBU 011 transport: http2Client.notifyError got notified that the client transport was broken read tcp 10.244.1.8:47112->10.96.99.75:7050: read: connection reset by peer.
2018-01-18 09:59:05.383 UTC [grpc] Printf -> DEBU 012 transport: http2Client.notifyError got notified that the client transport was broken unexpected EOF.
Error: rpc error: code = Internal desc = transport is closing
2018-01-18 09:59:05.383 UTC [grpc] Printf -> DEBU 013 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: Error while dialing dial tcp: operation was canceled"; Reconnecting to {orderer0.orgorderer1:7050 <nil>}
2018-01-18 09:59:05.383 UTC [grpc] Printf -> DEBU 014 grpc: addrConn.transportMonitor exits due to: grpc: the connection is closing
More info
my hyperledger fabric is deployed on kubernetes. using link
And is was working fine
now i have used custom cryptographic material for the MSP
and redeployed.
And getting the above error
all the pods in the kubernestes are up and running.
I have downloaded and setup the hyperledger fabric network in my CentOs system. I am able to start the first network with default two organization (Org1 and Org2). Also each organization is having two peers(peer0, peer1). Now I am trying add one more Organization with one peer.
I have made changes in below files
first-network/crypto-config.yaml
first-network/configtx.yaml
first-network/docker-compose-cli.yaml
first-network/base/docker-compose-base.yaml
first-network/script/script.sh
now while trying to up the network. Below exception is coming
Having all peers join the channel...
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
CORE_PEER_LOCALMSPID=Org1MSP
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
CORE_PEER_TLS_ENABLED=true
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
CORE_PEER_ID=cli
CORE_LOGGING_LEVEL=DEBUG
CORE_PEER_ADDRESS=peer0.org1.example.com:7051
2017-09-06 06:40:53.134 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2017-09-06 06:40:53.134 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2017-09-06 06:40:53.136 UTC [channelCmd] InitCmdFactory -> INFO 003 Endorser and orderer connections initialized
2017-09-06 06:40:53.136 UTC [msp/identity] Sign -> DEBU 004 Sign: plaintext: 0A89070A5B08011A0B08F5B0BECD0510...742FDE921B171A080A000A000A000A00
2017-09-06 06:40:53.136 UTC [msp/identity] Sign -> DEBU 005 Sign: digest: 152A1C5D481840FB755E98925E0D346271894F15AB69E694C03BEC962E523A50
Error: proposal failed (err: rpc error: code = Unknown desc = Failed to deserialize creator identity, err Expected MSP ID org1MSP, received Org1MSP)
Usage:
peer channel join [flags]
Flags:
-b, --blockpath string Path to file containing genesis block
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--logging-level string Default logging level and overrides, see core.yaml for full syntax
-o, --orderer string Ordering service endpoint
--test.coverprofile string Done (default "coverage.cov")
--tls Use TLS when communicating with the orderer endpoint
-v, --version Display current version of fabric peer server
PEER0 failed to join the channel, Retry after 2 seconds
I am running hyper-ledger fabric on an ubuntu VM on a Mac OSX running Parallels, downloaded docker, got everything setup, but when running the first network example (command ./byfn.sh -m up) I am getting this error
===================== Chaincode is installed on remote peer PEER2 =====================
Instantiating chaincode on org2/peer2...
CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
CORE_PEER_LOCALMSPID=Org2MSP
CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
CORE_PEER_TLS_ENABLED=true
CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp
CORE_PEER_ID=cli
CORE_LOGGING_LEVEL=DEBUG
CORE_PEER_ADDRESS=peer0.org2.example.com:7051
2017-09-07 20:15:16.984 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2017-09-07 20:15:16.984 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2017-09-07 20:15:16.987 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 003 Using default escc
2017-09-07 20:15:16.987 UTC [chaincodeCmd] checkChaincodeCmdParams -> INFO 004 Using default vscc
2017-09-07 20:15:16.988 UTC [msp/identity] Sign -> DEBU 005 Sign: plaintext: 0A91070A6708031A0C08D4D1C6CD0510...324D53500A04657363630A0476736363
2017-09-07 20:15:16.988 UTC [msp/identity] Sign -> DEBU 006 Sign: digest: 17D7F0C37473394040F19251CCA253B1ECA95F7AD65AF27EFA92DE1F10D94A9B
Error: Error endorsing chaincode: rpc error: code = Unknown desc = Error starting container: Get https://registry-1.docker.io/v2/hyperledger/fabric-baseos/manifests/x86_64-0.3.2: dial tcp: lookup registry-1.docker.io on 127.0.1.1:53: read udp 127.0.0.1:54547->127.0.1.1:53: i/o timeout
Usage:
peer chaincode instantiate [flags]
Flags:
-C, --channelID string The channel on which this command should be executed (default "testchainid")
-c, --ctor string Constructor message for the chaincode in JSON format (default "{}")
-E, --escc string The name of the endorsement system chaincode to be used for this chaincode
-l, --lang string Language the chaincode is written in (default "golang")
-n, --name string Name of the chaincode
-P, --policy string The endorsement policy associated to this chaincode
-v, --version string Version of the chaincode specified in install/instantiate/upgrade commands
-V, --vscc string The name of the verification system chaincode to be used for this chaincode
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--logging-level string Default logging level and overrides, see core.yaml for full syntax
-o, --orderer string Ordering service endpoint
--test.coverprofile string Done (default "coverage.cov")
--tls Use TLS when communicating with the orderer endpoint
!!!!!!!!!!!!!!! Chaincode instantiation on PEER2 on channel 'mychannel' failed !!!!!!!!!!!!!!!!
========= ERROR !!! FAILED to execute End-2-End Scenario ===========
Error: Error endorsing chaincode: rpc error: code = Unknown desc = Error starting container: Get https://registry-1.docker.io/v2/hyperledger/fabric-baseos/manifests/x86_64-0.3.2: dial tcp: lookup registry-1.docker.io on 127.0.1.1:53: read udp 127.0.0.1:54547->127.0.1.1:53: i/o timeout
Like it says in the error you have a connectivity problem from your VM, seems connection to external IPs is lagging.