I know there are several errors like this one, but I see most of them are with the test-network, using a local environment and my case is different.
I have a blockchain running using k8s it used to be running in V1.4 and we migrated it to V2.3 so the certificates were generated without a SAN but to make them work with the new version we are using the env variable GODEBUG="x509ignoreCN=0" I can connect to it using a console client to do changes in the channel and configuration, and I can connect with a node js client and execute contracts, I want to connect using a Go client for a different app but I'm having trouble with the config.
I'm getting a TRANSIENT_FAILURE error in the Go Client and a tls: bad certificate in the peer but the certificates are the same that work for the other environments, the config.yaml I'm using is based on my configuration from the test-network that's also working.
Something weird though, is that the configPath doesn't seem to work and I need to add the users individualy to make it run.
So this is my config.yaml
---
name: network-company
version: 1.0.0
client:
organization: company
logging:
level: debug
connection:
timeout:
peer:
endorser: "300"
cryptoconfig:
path: /home/company
credentialStore:
path: /home/company/users
cryptoStore:
path: /home/company/users/admin#mycompany.com/msp
BCCSP:
security:
enabled: true
default:
provider: "SW"
hashAlgorithm: "SHA2"
softVerify: true
level: 256
tlsCerts:
systemCertPool: false
client:
cert:
path: /home/company/users/admin#mycompany.com/tls/cert.pem
key:
path: /home/company/users/admin#mycompany.com/tls/key.pem
organizations:
company:
mspid: company
cryptoPath: /home/company/users/admin#mycompany.com/msp
users:
admin:
cert:
path: /home/company/users/admin#mycompany.com/msp/signcerts/cert.pem
key:
path: /home/company/users/admin#mycompany.com/msp/keystore/key.pem
peers:
- peer1.mycompany.com
- peer2.mycompany.com
peers:
peer1.mycompany.com:
url: grpcs://peer1.mycompany.com:443
tlsCACerts:
path: /home/company/users/admin#mycompany.com/tls/ca.pem
grpcOptions:
ssl-target-name-override: peer1.mycompany.com
hostnameOverride: peer1.mycompany.com
keep-alive-time: 10s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
httpOptions:
verify: false
peer2.mycompany.com:
url: grpcs://peer2.mycompany.com:443
tlsCACerts:
path: /home/company/users/admin#mycompany.com/tls/ca.pem
grpcOptions:
ssl-target-name-override: peer2.mycompany.com
hostnameOverride: peer2.mycompany.com
keep-alive-time: 10s
keep-alive-timeout: 20s
keep-alive-permit: false
fail-fast: false
allow-insecure: true
httpOptions:
verify: false
channels:
mychannel:
peers:
peer1.mycompany.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer2.mycompany.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
policies:
queryChannelConfig:
minResponses: 1
maxTargets: 1
retryOpts:
attempts: 5
initialBackoff: 500ms
maxBackoff: 5s
backoffFactor: 2.0
entityMatchers:
peer:
- pattern: peer1.mycompany.com
urlSubstitutionExp: peer1.mycompany.com:443
sslTargetOverrideUrlSubstitutionExp: peer1.mycompany.com
mappedHost: peer1.mycompany.com
- pattern: peer2.mycompany.com
urlSubstitutionExp: peer2.mycompany.com:443
sslTargetOverrideUrlSubstitutionExp: peer2.mycompany.com
mappedHost: peer2.mycompany.com
These are my certificates paths:
/home/company/users/admin#mycompany.com
+ msp
+ admincerts/<empty>
+ signcerts/cert.pem
+ cacerts/ca.pem
+ intermediatecerts/ca.pem
+ tlscacerts/ca.pem
+ tlsintermediatecerts/ca.pem
+ keystore/key.pem
+ tls
+ ca.pem
+ cert.pem
+ key.pem
These are the logs from the client:
[fabsdk/core] 2022/01/04 14:34:09 UTC - sw.getOptsByConfig -> DEBU Initialized SW cryptosuite
[fabsdk/fab] 2022/01/04 14:34:09 UTC - n/a -> DEBU KeyStore opened at [/home/company/users/admin#mycompany.com/msp/keystore]...done
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadEndpointConfiguration -> DEBU Client is: {Organization:company TLSCerts:{Client:{Key:{Path:/home/company/users/admin-tls#mycompany.com/tls/key.pem Pem: bytes:[]} Cert:{Path:/home/company/users/admin-tls#mycompany.com/tls/cert.pem Pem: bytes:[]}}}}
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadEndpointConfiguration -> DEBU channels are: map[mychannel:{Orderers:[] Peers:map[peer1.mycompany.com:{EndorsingPeer:true ChaincodeQuery:true LedgerQuery:true EventSource:true} peer2.mycompany.com:{EndorsingPeer:true ChaincodeQuery:true LedgerQuery:true EventSource:true}] Policies:{QueryChannelConfig:{MinResponses:1 MaxTargets:1 RetryOpts:{Attempts:5 InitialBackoff:500ms MaxBackoff:5s BackoffFactor:2 RetryableCodes:map[]}} Discovery:{MinResponses:0 MaxTargets:0 RetryOpts:{Attempts:0 InitialBackoff:0s MaxBackoff:0s BackoffFactor:0 RetryableCodes:map[]}} Selection:{SortingStrategy: Balancer: BlockHeightLagThreshold:0} EventService:{ResolverStrategy: MinBlockHeightResolverMode: Balancer: BlockHeightLagThreshold:0 PeerMonitor: ReconnectBlockHeightLagThreshold:0 PeerMonitorPeriod:0s}}}]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadEndpointConfiguration -> DEBU organizations are: map[company:{MSPID:company CryptoPath:/home/company/users/admin#mycompany.com/msp Users:map[admin:{Key:{Path:/home/company/users/admin#mycompany.com/msp/keystore/key.pem Pem: bytes:[]} Cert:{Path:/home/company/users/admin#mycompany.com/msp/signcerts/cert.pem Pem: bytes:[]}}] Peers:[peer1.mycompany.com peer2.mycompany.com] CertificateAuthorities:[]}]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadEndpointConfiguration -> DEBU orderers are: map[]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadEndpointConfiguration -> DEBU peers are: map[peer1.mycompany.com:{URL:grpcs://peer1.mycompany.com:443 GRPCOptions:map[allow-insecure:true fail-fast:false hostnameoverride:peer1.mycompany.com keep-alive-permit:false keep-alive-time:10s keep-alive-timeout:20s ssl-target-name-override:peer1.mycompany.com] TLSCACerts:{Path:/home/company/users/admin#mycompany.com/tls/ca.pem Pem: bytes:[]}} peer2.mycompany.com:{URL:grpcs://peer2.mycompany.com:443 GRPCOptions:map[allow-insecure:true fail-fast:false hostnameoverride:peer2.mycompany.com keep-alive-permit:false keep-alive-time:10s keep-alive-timeout:20s ssl-target-name-override:peer2.mycompany.com] TLSCACerts:{Path:/home/company/users/admin#mycompany.com/tls/ca.pem Pem: bytes:[]}}]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).compileMatchers -> DEBU Matchers are: {matchers:map[]}
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).compileMatchers -> DEBU Entity matchers are not configured
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadTLSClientCerts -> DEBU Reading pk from config, unable to retrieve from cert: Could not find matching key for SKI: Failed getting key for SKI [[91 7 147 74 144 157 11 46 234 18 159 199 54 134 208 140 16 147 185 225 158 7 112 91 182 170 49 46 139 190 194 99]]: key with SKI 5b07934a909d0b2eea129fc73686d08c1093b9e19e07705bb6aa312e8bbec263 not found in /home/company/users/admin#mycompany.com/msp/keystore
[fabsdk/fab] 2022/01/04 14:34:09 UTC - fab.(*EndpointConfig).loadPrivateKeyFromConfig -> DEBU pk read from config successfully
[fabsdk/msp] 2022/01/04 14:34:09 UTC - msp.(*IdentityConfig).loadIdentityConfigEntities -> DEBU Client is: {Organization:company Logging:{Level:debug} CryptoConfig:{Path:/home/company} TLSCerts:{Client:{Key:{Path:/home/company/users/admin-tls#mycompany.com/tls/key.pem Pem: bytes:[]} Cert:{Path:/home/company/users/admin-tls#mycompany.com/tls/cert.pem Pem: bytes:[]}} SystemCertPool:false} CredentialStore:{Path:/home/company/users CryptoStore:{Path:/home/company/users/admin#mycompany.com/msp}}}
[fabsdk/msp] 2022/01/04 14:34:09 UTC - msp.(*IdentityConfig).loadIdentityConfigEntities -> DEBU organizations are: map[company:{MSPID:company CryptoPath:/home/company/users/admin#mycompany.com/msp Users:map[admin:{Key:{Path:/home/company/users/admin#mycompany.com/msp/keystore/key.pem Pem: bytes:[]} Cert:{Path:/home/company/users/admin#mycompany.com/msp/signcerts/cert.pem Pem: bytes:[]}}] Peers:[peer1.mycompany.com peer2.mycompany.com] CertificateAuthorities:[]}]
[fabsdk/msp] 2022/01/04 14:34:09 UTC - msp.(*IdentityConfig).loadIdentityConfigEntities -> DEBU certificateAuthorities are: map[]
[fabsdk/msp] 2022/01/04 14:34:09 UTC - msp.(*IdentityConfig).compileMatchers -> DEBU Matchers are: {matchers:map[]}
[fabsdk] 2022/01/04 14:34:09 UTC - fabsdk.initSDK -> DEBU SDK initialized successfully
SDK created
resourceManagerClient created
[fabsdk/fab] 2022/01/04 14:34:09 UTC - chconfig.(*params).SetChConfigRefreshInterval -> DEBU RefreshInterval: 1m30s
[fabsdk/util] 2022/01/04 14:34:09 UTC - lazyref.WithRefreshInterval.func1 -> DEBU Checking refreshIntervalSetter
[fabsdk/fab] 2022/01/04 14:34:09 UTC - peer.(*peerEndorser).ProcessTransactionProposal -> DEBU Processing proposal using endorser: peer2.mycompany.com:443
[fabsdk/fab] 2022/01/04 14:34:09 UTC - comm.(*CachingConnector).DialContext -> DEBU DialContext: peer2.mycompany.com:443
[fabsdk/fab] 2022/01/04 14:34:09 UTC - comm.(*CachingConnector).createConn -> DEBU creating connection [peer2.mycompany.com:443]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - comm.(*CachingConnector).createConn -> DEBU storing connection [peer2.mycompany.com:443]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - comm.(*CachingConnector).removeConn -> DEBU removing connection [peer2.mycompany.com:443]
[fabsdk/fab] 2022/01/04 14:34:09 UTC - txn.SendProposal.func1 -> DEBU Received error response from txn proposal processing: Transaction processing for endorser [peer2.mycompany.com:443]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [peer2.mycompany.com:443]: connection is in TRANSIENT_FAILURE
[fabsdk/common] 2022/01/04 14:34:09 UTC - retry.(*RetryableInvoker).Invoke -> DEBU Failed with err [queryChaincode failed: Transaction processing for endorser [peer2.mycompany.com:443]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [peer2.mycompany.com:443]: connection is in TRANSIENT_FAILURE] on attempt #1. Checking if retry is warranted...
[fabsdk/common] 2022/01/04 14:34:09 UTC - retry.(*RetryableInvoker).Invoke -> DEBU ... retry for err [queryChaincode failed: Transaction processing for endorser [peer2.mycompany.com:443]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [peer2.mycompany.com:443]: connection is in TRANSIENT_FAILURE] is NOT warranted after 1 attempt(s).
2022/01/04 14:34:09 error inicializando el SDK: error creando el cliente del canal: event service creation failed: could not get chConfig cache reference: QueryBlockConfig failed: QueryBlockConfig failed: queryChaincode failed: Transaction processing for endorser [peer2.mycompany.com:443]: Endorser Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection on target [peer2.mycompany.com:443]: connection is in TRANSIENT_FAILURE
These are the logs from the peer:
2022-01-04 15:23:56.740 UTC [core.comm] ServerHandshake -> ERRO 335 Server TLS handshake failed in 7.869808ms with error remote error: tls: bad certificate server=PeerServer remoteaddress=10.250.37.211:33666
2022-01-04 15:23:56.740 UTC [grpc] WarningDepth -> DEBU 336 [core]grpc: Server.Serve failed to complete security handshake from "10.250.37.211:33666": remote error: tls: bad certificate
A couple of weird things: I need to add the users to the organization, some how it's not able to extract the users from the configPath and I get an error user not found.
It's looking for the tls private key in the msp/keystore folder and of course that isn't there
I tried adding the GODEBUG="x509ignoreCN=0" but it doesn't change the result
I generated an extra TLS certificates just for the client adding the SAN to them as "email:admin-tls#mycompany.com" and mapped it to the configuration with the same result.
I have tried adding and removing the entityMatchers with the same result.
I also did a tcp dump on it server answers to the Client hello with Server hello and then fails with a 400 bad request error.
I have used the configurations referenced from here and here but everything looks good to me.
I'm running out of ideas, is my configuration right? why do I need to force the clients and configPath doesn't work? why is it looking for the tls key in the msp keystore? but mostly why do I get a tls bad certificate if the certificates are good and pass an openssl verify against the ca.pem?
Thanks
UPDATE
This is my certificate info using openssl x509 -in certificate.pem -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
56:00:01:ba:18:d9:cf:ed:a7:00:b9:af:b3:00:01:00:01:ba:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = CO, L = Medellin, O = mycompany, CN = CA My Company, emailAddress = admin#mycompany.com
Validity
Not Before: Jan 5 12:36:08 2022 GMT
Not After : Jan 5 12:36:08 2023 GMT
Subject: C = CO, ST = ANTIOQUIA, L = MEDELLIN, O = mycompany, OU = admin, CN = admin-tls#mycompany.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:d0:c8:3b:20:2f:8f:3b:91:72:f8:71:27:30:cf:
b5:6e:38:e3:5f:e6:1b:42:77:fd:00:f2:8c:1b:ae:
6c:2e:7d:50:03:75:d5:03:db:72:d5:33:27:f3:65:
c1:2a:09:72:6a:d5:cc:c5:45:ca:e5:e5:8c:65:4b:
f2:51:dc:dd:ac
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage:
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, Microsoft Encrypted File System, E-mail Protection, TLS Web Client Authentication, Any Extended Key Usage
X509v3 Subject Alternative Name:
DNS:mycompany.com
X509v3 Subject Key Identifier:
9E:C5:4B:E8:67:B1:84:BF:67:E9:BE:A3:DE:B5:EB:E3:3B:4E:D3:D0
X509v3 Authority Key Identifier:
keyid:40:54:B4:93:16:92:20:E3:DB:AA:7A:A3:13:06:EC:65:4F:83:B3:58
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.epm.com.co/CRL/CAEPMClaseI.crl
URI:http://crl2.epm.com.co/CRL/CAEPMClaseI.crl
Authority Information Access:
OCSP - URI:http://ocsp.epm.com.co/OCSP
CA Issuers - URI:http://crl.epm.com.co/CRL/CAEPMClaseI.crt
1.3.6.1.4.1.311.21.7:
0-.%+.....7.....-...K..=...>...k8...,...A..d..
S/MIME Capabilities:
......0...+....0050...*.H..
..*.H..
Signature Algorithm: sha256WithRSAEncryption
6f:d6:85:b1:08:cd:07:78:3d:92:50:85:14:3a:f0:2e:1f:84:
10:7c:1d:15:10:0f:9f:66:e7:1a:41:63:12:83:0c:7c:04:c7:
c8:f4:8b:97:d9:6e:28:78:cb:9b:af:89:6b:1a:f3:06:40:1e:
6f:90:81:8f:f9:03:ff:92:5a:de:8c:7c:35:f9:21:00:fd:85:
c0:73:48:71:c0:82:7a:17:6d:09:ce:b6:03:5a:c5:1f:4f:47:
6d:95:94:a3:e2:cd:19:03:3d:85:a0:7e:5e:cf:a5:55:32:9f:
28:cf:d4:10:c8:42:57:a1:9b:cc:9a:4b:82:75:86:15:92:b9:
ef:d2:b2:1c:5d:a9:fe:ff:d4:f2:83:9d:31:46:50:26:ea:78:
88:9c:72:0a:1e:81:42:88:7b:04:4b:4b:2b:86:3d:ed:f9:4d:
8f:5e:47:1b:0b:8e:a9:8a:ed:ed:8a:09:92:58:6b:14:6e:aa:
50:c1:ae:2f:75:41:5b:e9:28:2b:85:9f:70:0a:d3:27:64:44:
f4:f6:61:99:a0:db:90:05:8c:af:09:fa:36:a5:67:3a:b8:f5:
b3:06:fe:ba:50:aa:1f:2e:43:af:a6:3a:81:01:d1:26:cc:61:
3b:c3:d9:b5:50:d7:27:61:f6:3e:a3:1d:99:0f:f1:37:20:d4:
ea:6d:59:a9:56:09:09:74:90:d4:52:64:69:b5:ad:09:b8:67:
74:ca:52:76:0a:37:0e:29:e0:5b:5a:bc:24:42:a1:14:77:1f:
72:f5:e9:f8:64:17:2e:fc:57:e1:d3:74:3a:1d:a5:fb:f4:c3:
a3:1e:97:f3:ba:d6:33:6a:24:d5:79:d7:9c:07:b4:9d:d0:52:
24:dc:0d:d5:a1:37:42:25:09:3b:96:a5:91:19:6c:7e:58:71:
99:ff:04:14:4d:ea:25:57:23:58:2b:44:84:f9:c3:c4:f6:a6:
ed:81:75:0a:07:e4:ab:bf:74:ec:e6:8c:9e:b8:75:82:47:20:
75:64:94:45:93:2f:ec:8b:8f:2c:19:c8:b0:29:a0:4c:f7:05:
6d:c8:3d:54:78:9e:ac:17:1c:19:5e:3c:1a:ba:93:db:1c:41:
ab:09:e2:d7:e3:11:87:eb:b7:38:e6:cf:85:1e:8a:75:9d:8c:
68:44:5d:d6:60:e7:91:52:ec:08:5b:26:7b:a4:42:d6:49:fc:
3c:74:6c:96:23:99:86:6b:6b:57:89:94:ad:08:98:35:1d:38:
07:09:ae:c3:8c:1f:3c:36:94:a9:da:74:73:ff:5e:c1:0d:f7:
45:a6:85:94:1d:34:46:56:fd:82:3f:8d:c0:d0:a1:20:1b:76:
d3:2e:f8:a7:6c:3f:25:f4
So the issue seemed to be with the TLS certificates from the peers, they where generated before go 1.16 and didn't had the SANs in them, and the error seemed to be getting reflected to the go SDK. #yacovm thank you for your help figuring it out.
Related
I have a Hyperlegder Fabric network set-up which is operating fine as long as I don't use new Fabric-Gateway SDK (https://hyperledger-fabric.readthedocs.io/en/release-2.4/gateway.html).
I upgraded my network from 2.3.1 to 2.4.1 and wanted to try the new SDK, but cannot connect to the Peer. Below I give some details of my configuration.
Peer-base docker service:
peer-base:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_basic
- FABRIC_LOGGING_SPEC=info:gateway,comm,comm.grpc,comm.grpc.server=debug
- CORE_CHAINCODE_LOGGING_LEVEL=info
- CORE_PEER_LISTENADDRESS=0.0.0.0:7051
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/peer/msp
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/peer/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/peer/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/peer/tls/ca.crt
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=***
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=***
- CORE_METRICS_PROVIDER=prometheus
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:7055
- CORE_PEER_GATEWAY_ENABLED=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
volumes:
- ./config:/etc/hyperledger/configtx
- /var/run/:/host/var/run/
networks:
- basic
restart: always
After migrating to 2.4.1, I added CORE_PEER_GATEWAY_ENABLED=true.
The peer docker service, which extends the peer-base:
peer0.org1.tcash.com:
container_name: peer0.org1.tcash.com
extends:
file: docker-compose-org1-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org1.tcash.com
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_ADDRESS=peer0.org1.tcash.com:7051
- CORE_PEER_CHAINCODEADDRESS=peer0.org1.tcash.com:7052
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=test2.tcash.sigmacomp.pl:7051
- CORE_PEER_GOSSIP_ENDPOINT=test2.tcash.sigmacomp.pl:7051
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb0.org1.tcash.com:5984
ports:
- 7051:7051
- 7053:7053
- 7055:7055
volumes:
- ./crypto-config/peerOrganizations/org1.tcash.com/peers/peer0.org1.tcash.com:/etc/hyperledger/peer
- ./persistence/peer0.org1.tcash.com/:/var/hyperledger/production
depends_on:
- couchdb0.org1.tcash.com
extra_hosts:
- orderer0.tcash.com:146.59.17.169
- orderer1.tcash.com:146.59.17.169
- orderer2.tcash.com:146.59.17.169
- orderer3.tcash.com:146.59.17.169
- orderer4.tcash.com:146.59.17.169
- peer2.org1.tcash.com:51.195.202.90
- peer3.org1.tcash.com:51.195.202.90
- peer4.org1.tcash.com:51.68.172.244
- peer5.org1.tcash.com:51.68.172.244
No changes have been made here during migration to 2.4.1.
I can see in the Peer logs, that new gateway service has been started:
2022-01-21 12:34:09.177 UTC 0023 INFO [nodeCmd] serve -> Starting peer with Gateway enabled
2022-01-21 12:34:09.177 UTC 0024 INFO [nodeCmd] serve -> Starting peer with ID=[peer0.org1.tcash.com], network ID=[dev], address=[peer0.org1.tcash.com:7051]
2022-01-21 12:34:09.177 UTC 0025 INFO [nodeCmd] func7 -> Starting profiling server with listenAddress = 0.0.0.0:6060
2022-01-21 12:34:09.177 UTC 0026 INFO [nodeCmd] serve -> Started peer with ID=[peer0.org1.tcash.com], network ID=[dev], address=[peer0.org1.tcash.com:7051]
After deploying the network, I try to run the transaction with the following code (NodeJS):
'use strict';
const fs = require('fs');
const crypto = require('crypto');
const grpc =require('#grpc/grpc-js');
const { connect, signers } = require('#hyperledger/fabric-gateway');
async function main() {
// Main try/catch block
try {
const credentials = fs.readFileSync('walletOffline/user.cert.pem');
const identity = { mspId: 'Org1MSP', credentials };
const privateKeyPem = fs.readFileSync('walletOffline/user.key.pem');
const privateKey = crypto.createPrivateKey(privateKeyPem);
const signer = signers.newPrivateKeySigner(privateKey);
const ccpJSON = fs.readFileSync('connection.json');
const ccp = JSON.parse(ccpJSON);
const peerName = ccp.organizations.org1.peers[0];
const peerAddress = ccp.peers[peerName].url.replace('grpcs://', '');
const tlsCACert = ccp.peers[peerName].tlsCACerts.pem;
const grpcOptions = ccp.peers[peerName].grpcOptions;
const tlsRootCert = Buffer.from(tlsCACert);
const tlsCredentials = grpc.credentials.createSsl(tlsRootCert);
const client = new grpc.Client(peerAddress, tlsCredentials, grpcOptions);
const gateway = connect({identity, signer, client});
const network = gateway.getNetwork('tcashchannel');
const contract = network.getContract('tcash');
const result = await contract.evaluateTransaction('queryAccountState', '100', '');
console.log('result: ' + result);
} catch (error) {
console.log('Error: ' + error);
console.log(error.stack);
}
}
main();
As you can see, I am extracting connection parameters from the JSON connection profile. This connection profile I use with the 'old' HF Node SDK and it's working without issues. However running this code gives me the following error from contract.evaluateTransaction() after 120 seconds timeout:
GatewayError: 14 UNAVAILABLE: failed to create new connection: context deadline exceeded
at newGatewayError (/Users/michaliwanicki/git/tcash/tcash-application/node_modules/#hyperledger/fabric-gateway/dist/gatewayerror.js:40:12)
at Object.callback (/Users/michaliwanicki/git/tcash/tcash-application/node_modules/#hyperledger/fabric-gateway/dist/client.js:81:67)
at Object.onReceiveStatus (/Users/michaliwanicki/git/tcash/tcash-application/node_modules/#grpc/grpc-js/build/src/client.js:180:36)
at Object.onReceiveStatus (/Users/michaliwanicki/git/tcash/tcash-application/node_modules/#grpc/grpc-js/build/src/client-interceptors.js:365:141)
at Object.onReceiveStatus (/Users/michaliwanicki/git/tcash/tcash-application/node_modules/#grpc/grpc-js/build/src/client-interceptors.js:328:181)
at /Users/michaliwanicki/git/tcash/tcash-application/node_modules/#grpc/grpc-js/build/src/call-stream.js:182:78
at processTicksAndRejections (internal/process/task_queues.js:77:11)
I can also see the corresponding entry in the peer logs:
2022-01-21 14:24:14.961 UTC 007e INFO [comm.grpc.server] 1 -> unary call completed grpc.service=gateway.Gateway grpc.method=Evaluate grpc.peer_address=178.183.68.178:54151 error="rpc error: code = Unavailable desc = failed to create new connection: context deadline exceeded" grpc.code=Unavailable grpc.call_duration=2m0.00087636s
There are no errors or warnings in the peer log.
EDIT:
After switching logging level to DEBUG and filtering it out, I came across the following part:
2022-01-27 13:38:19.217 UTC 67af DEBU [core.comm] ServerHandshake -> Server TLS handshake completed in 69.892651ms server=PeerServer remoteaddress=178.183.68.178:58755
2022-01-27 13:38:19.356 UTC 67b0 DEBU [lockbasedtxmgr] newQueryExecutor -> constructing new query executor txid = [407898ef-0004-4f25-be10-b603a2aaf919]
2022-01-27 13:38:19.357 UTC 67b1 DEBU [statecouchdb] GetState -> GetState(). ns=, key=CHANNEL_CONFIG_ENV_BYTES
2022-01-27 13:38:19.358 UTC 67b2 DEBU [lockbasedtxmgr] Done -> Done with transaction simulation / query execution [407898ef-0004-4f25-be10-b603a2aaf919]
2022-01-27 13:38:19.358 UTC [grpc] WarningDepth -> DEBU 02f [core]Adjusting keepalive ping interval to minimum period of 10s
2022-01-27 13:38:19.359 UTC [grpc] InfoDepth -> DEBU 030 [core]parsed scheme: ""
2022-01-27 13:38:19.359 UTC [grpc] InfoDepth -> DEBU 031 [core]scheme "" not registered, fallback to default scheme
2022-01-27 13:38:19.359 UTC [grpc] InfoDepth -> DEBU 032 [core]ccResolverWrapper: sending update to cc: {[{test2.tcash.sigmacomp.pl:8051 <nil> 0 <nil>}] <nil> <nil>}
2022-01-27 13:38:19.360 UTC [grpc] InfoDepth -> DEBU 033 [core]ClientConn switching balancer to "pick_first"
2022-01-27 13:38:19.360 UTC [grpc] InfoDepth -> DEBU 034 [core]Channel switches to new LB policy "pick_first"
2022-01-27 13:38:19.360 UTC [grpc] InfoDepth -> DEBU 035 [core]Subchannel Connectivity change to CONNECTING
2022-01-27 13:38:19.360 UTC [grpc] InfoDepth -> DEBU 036 [core]pickfirstBalancer: UpdateSubConnState: 0xc002ed2b30, {CONNECTING <nil>}
2022-01-27 13:38:19.361 UTC [grpc] InfoDepth -> DEBU 037 [core]Channel Connectivity change to CONNECTING
2022-01-27 13:38:19.360 UTC [grpc] InfoDepth -> DEBU 038 [core]Subchannel picks a new address "test2.tcash.sigmacomp.pl:8051" to connect
2022-01-27 13:38:19.370 UTC [grpc] InfoDepth -> DEBU 039 [core]Subchannel Connectivity change to TRANSIENT_FAILURE
2022-01-27 13:38:19.370 UTC [grpc] InfoDepth -> DEBU 03a [core]pickfirstBalancer: UpdateSubConnState: 0xc002ed2b30, {TRANSIENT_FAILURE connection closed}
2022-01-27 13:38:19.370 UTC [grpc] InfoDepth -> DEBU 03b [core]Channel Connectivity change to TRANSIENT_FAILURE
2022-01-27 13:38:19.370 UTC [grpc] InfoDepth -> DEBU 03c [transport]transport: loopyWriter.run returning. connection error: desc = "transport is closing"
EDIT 2:
I noticed that there are some errors in peer logs belonging to the other peers in the network (not the one which is called by the client application and running the Gateway service). It seems that there is a problem with establishment of TLS between peers when using Gateway SDK:
2022-02-10 14:36:24.934 UTC 24b0 DEBU [gossip.comm] func1 -> Got message: GossipMessage: Channel: , nonce: 0, tag: CHAN_OR_ORG state_info_pull_req: Channel MAC:23b92135be842b052b823a7c87853436fb579040416405d4fdfd0b6db0aa02d9, Envelope: 39 bytes, Signature: 0 bytes
2022-02-10 14:36:24.934 UTC 24b1 DEBU [gossip.gossip] handleMessage -> Entering, 54.37.226.59:7051 5c2af6d536100ada4e7f1829978c7f0163a6589f47f44207aa51a84987fe6a5b sent us GossipMessage: Channel: , nonce: 0, tag: CHAN_OR_ORG state_info_pull_req: Channel MAC:23b92135be842b052b823a7c87853436fb579040416405d4fdfd0b6db0aa02d9, Envelope: 39 bytes, Signature: 0 bytes
2022-02-10 14:36:24.935 UTC 24b2 DEBU [gossip.gossip] handleMessage -> Exiting
2022-02-10 14:36:24.942 UTC 24b3 ERRO [core.comm] ServerHandshake -> Server TLS handshake failed in 15.541µs with error tls: first record does not look like a TLS handshake server=PeerServer remoteaddress=172.24.0.1:36394
2022-02-10 14:36:24.942 UTC [grpc] WarningDepth -> DEBU 04e [core]grpc: Server.Serve failed to complete security handshake from "172.24.0.1:36394": tls: first record does not look like a TLS handshake
I suspect that there is some piece of configuration which is required for this feature to work, which I am missing. I will appreciate if anyone can help me find it.
It looks like the gateway peer is failing to connect to another endorsing peer in the network. Are you seeing any gossip communication between the peers in the logs?
Try reducing the dialTimeout to something less than the endorsementTimeout in the core.yaml and see if it connects to the other peers.
I want to use chaincode-docker-devmode in fabric-samples to test my chaincode, but when I add couchdb in docker-compose-simple.yaml like this:
version: '2'
services:
orderer:
container_name: orderer
image: hyperledger/fabric-orderer
environment:
- FABRIC_LOGGING_SPEC=debug
- ORDERER_GENERAL_LISTENADDRESS=orderer
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=orderer.block
- ORDERER_GENERAL_LOCALMSPID=DEFAULT
- ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp
- GRPC_TRACE=all=true,
- GRPC_VERBOSITY=debug
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ./msp:/etc/hyperledger/msp
- ./orderer.block:/etc/hyperledger/fabric/orderer.block
ports:
- 7050:7050
couchdb:
container_name: couchdb
image: hyperledger/fabric-couchdb
environment:
- COUCHDB_USER=
- COUCHDB_PASSWORD=
ports:
- 5984:5984
peer:
container_name: peer
image: hyperledger/fabric-peer
dns_search: .
environment:
- CORE_PEER_ID=peer
- CORE_PEER_ADDRESS=peer:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer:7051
- CORE_PEER_LOCALMSPID=DEFAULT
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
volumes:
- /var/run/:/host/var/run/
- ./msp:/etc/hyperledger/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start --peer-chaincodedev=true
ports:
- 7051:7051
- 7053:7053
depends_on:
- orderer
- couchdb
cli:
container_name: cli
image: hyperledger/fabric-tools
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer:7051
- CORE_PEER_LOCALMSPID=DEFAULT
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp
working_dir: /opt/gopath/src/chaincodedev
command: /bin/bash -c './script.sh ; sleep 20'
volumes:
- /var/run/:/host/var/run/
- ./msp:/etc/hyperledger/msp
- ./../chaincode:/opt/gopath/src/chaincodedev/chaincode
- ./:/opt/gopath/src/chaincodedev/
depends_on:
- orderer
- peer
chaincode:
container_name: chaincode
image: hyperledger/fabric-ccenv
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_ID=example02
- CORE_PEER_ADDRESS=peer:7051
- CORE_PEER_LOCALMSPID=DEFAULT
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp
working_dir: /opt/gopath/src/chaincode
command: /bin/bash -c 'sleep 6000000'
volumes:
- /var/run/:/host/var/run/
- ./msp:/etc/hyperledger/msp
- ./../chaincode:/opt/gopath/src/chaincode
depends_on:
- orderer
- peer
When I start the containers, using
docker-compose -f docker-compose-simple.yaml up
Container cil will return the error:
Error: error getting endorser client for channel: endorser client failed to connect to peer:7051: failed to create new connection: connection error: desc = "transport: error while dialing: dial tcp 172.29.0.4:7051: connect: connection refused"
some same errors are solve by add command:sleep in script,
command: /bin/bash -c 'sleep 6000000'
but my Container still return same error.
peer container's logs
2020-04-13 09:01:28.850 UTC [inproccontroller] getInstance -> DEBU 0f5 chaincode instance created for qscc-1.4.1
2020-04-13 09:01:28.850 UTC [inproccontroller] func2 -> DEBU 0f6 chaincode-support started for qscc-1.4.1
2020-04-13 09:01:28.850 UTC [inproccontroller] func1 -> DEBU 0f7 chaincode started for qscc-1.4.1
2020-04-13 09:01:28.851 UTC [chaincode] handleMessage -> DEBU 0f8 [] Fabric side handling ChaincodeMessage of type: REGISTER in state created
2020-04-13 09:01:28.851 UTC [chaincode] HandleRegister -> DEBU 0f9 Received REGISTER in state created
2020-04-13 09:01:28.851 UTC [chaincode] Register -> DEBU 0fa registered handler complete for chaincode qscc:1.4.1
2020-04-13 09:01:28.851 UTC [chaincode] HandleRegister -> DEBU 0fb Got REGISTER for chaincodeID = name:"qscc:1.4.1" , sending back REGISTERED
2020-04-13 09:01:28.851 UTC [chaincode] HandleRegister -> DEBU 0fc Changed state to established for name:"qscc:1.4.1"
2020-04-13 09:01:28.851 UTC [chaincode] sendReady -> DEBU 0fd sending READY for chaincode name:"qscc:1.4.1"
2020-04-13 09:01:28.851 UTC [chaincode] sendReady -> DEBU 0fe Changed to state ready for chaincode name:"qscc:1.4.1"
2020-04-13 09:01:28.851 UTC [chaincode] Launch -> DEBU 0ff launch complete
2020-04-13 09:01:28.851 UTC [chaincode] Execute -> DEBU 100 Entry
2020-04-13 09:01:28.851 UTC [qscc] Init -> INFO 101 Init QSCC
2020-04-13 09:01:28.851 UTC [chaincode] handleMessage -> DEBU 102 [91196774] Fabric side handling ChaincodeMessage of type: COMPLETED in state ready
2020-04-13 09:01:28.852 UTC [chaincode] Notify -> DEBU 103 [91196774] notifying Txid:91196774-4c1f-4369-b977-965de44d3d1b, channelID:
2020-04-13 09:01:28.852 UTC [chaincode] Execute -> DEBU 104 Exit
2020-04-13 09:01:28.852 UTC [sccapi] deploySysCC -> INFO 105 system chaincode qscc/(github.com/hyperledger/fabric/core/scc/qscc) deployed
2020-04-13 09:01:28.852 UTC [sccapi] deploySysCC -> INFO 106 system chaincode (+lifecycle,github.com/hyperledger/fabric/core/chaincode/lifecycle) disabled
2020-04-13 09:01:28.852 UTC [nodeCmd] serve -> INFO 107 Deployed system chaincodes
2020-04-13 09:01:28.855 UTC [ccprovider] ListInstalledChaincodes -> DEBU 108 Returning []
2020-04-13 09:01:28.850 UTC [container] unlockContainer -> DEBU 109 container lock deleted(qscc-1.4.1)
2020-04-13 09:01:28.870 UTC [container] lockContainer -> DEBU 10a waiting for container(qscc-1.4.1) lock
2020-04-13 09:01:28.870 UTC [container] lockContainer -> DEBU 10b got container (qscc-1.4.1) lock
2020-04-13 09:01:28.870 UTC [container] unlockContainer -> DEBU 10c container lock deleted(qscc-1.4.1)
2020-04-13 09:01:28.880 UTC [discovery] NewService -> INFO 10d Created with config TLS: false, authCacheMaxSize: 1000, authCachePurgeRatio: 0.750000
2020-04-13 09:01:28.880 UTC [nodeCmd] registerDiscoveryService -> INFO 10e Discovery service activated
2020-04-13 09:01:28.881 UTC [nodeCmd] serve -> INFO 10f Starting peer with ID=[name:"peer" ], network ID=[dev], address=[peer:7051]
2020-04-13 09:01:28.882 UTC [nodeCmd] serve -> INFO 110 Started peer with ID=[name:"peer" ], network ID=[dev], address=[peer:7051]
2020-04-13 09:01:32.819 UTC [msp] GetDefaultSigningIdentity -> DEBU 111 Obtaining default signing identity
2020-04-13 09:01:32.819 UTC [msp.identity] Sign -> DEBU 112 Sign: plaintext: 18012A86070A2D0A09706565723A3730...455254494649434154452D2D2D2D2D0A
2020-04-13 09:01:32.819 UTC [msp.identity] Sign -> DEBU 113 Sign: digest: E3138D4C867225B5BEF15EC07062AABC2AF920CCEF7ED0545D3BB223B79F06FF
2020-04-13 09:01:32.820 UTC [msp] GetDefaultSigningIdentity -> DEBU 114 Obtaining default signing identity
2020-04-13 09:01:32.821 UTC [msp.identity] Sign -> DEBU 115 Sign: plaintext: 0A09706565723A37303531
2020-04-13 09:01:32.821 UTC [msp.identity] Sign -> DEBU 116 Sign: digest: D18B553283AFC791A71A1AB3F379E85F4599DAAE3CE5B43F6A912E5BFD23E73D
2020-04-13 09:01:33.779 UTC [msp] GetDefaultSigningIdentity -> DEBU 117 Obtaining default signing identity
2020-04-13 09:01:33.779 UTC [msp.identity] Sign -> DEBU 118 Sign: plaintext: 18012A86070A2D0A09706565723A3730...455254494649434154452D2D2D2D2D0A
2020-04-13 09:01:33.780 UTC [msp.identity] Sign -> DEBU 119 Sign: digest: EA29BD51F7F58B547912B79712CC7AE73D9CBFA0FF80817409EA7BFB1F95BF5B
2020-04-13 09:01:33.780 UTC [msp] GetDefaultSigningIdentity -> DEBU 11a Obtaining default signing identity
2020-04-13 09:01:33.780 UTC [msp.identity] Sign -> DEBU 11b Sign: plaintext: 0A09706565723A37303531
2020-04-13 09:01:33.781 UTC [msp.identity] Sign -> DEBU 11c Sign: digest: D18B553283AFC791A71A1AB3F379E85F4599DAAE3CE5B43F6A912E5BFD23E73D
2020-04-13 09:01:33.782 UTC [gossip.discovery] periodicalSendAlive -> DEBU 11d Sleeping 5s
It's part of peer container's logs, it's still running and no error in it.
Is any one have any idea?
Thanks.
I created my network with a script like:
docker-compose -f $COMPOSE_FILE up -d $CA
docker-compose -f $COMPOSE_FILE up -d $ORDERER1 $PEER0 $PEER1
docker-compose -f $COMPOSE_FILE up -d $CLI
docker exec cli peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f /etc/hyperledger/config/channel.tx
The channel is created and if I enter the cli, inside the working directory, I can find with ls the new generated file beerchannel.block. In this directory I also have crypto, which contains genesis block and other config files, and crypto-config that contains msp and certificates.
At this point containers logs seems good.
Now I want to join peer0 to the channel with:
docker exec -e $ENV_ADDRESSP0 $CLI peer channel join -b $CHANNEL_NAME.block
As soon as I do this command, I cannot join peer0 to the channel.
The strange thing is that running the script return this message:
2019-11-22 10:04:00.868 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
2019-11-22 10:04:00.922 UTC [channelCmd] executeJoin -> INFO 002 Successfully submitted proposal to join channel
So, everything seems fine.
But when I enter the logs of orderer, I get this message repeated:
2019-11-22 09:59:07.429 UTC [fsblkstorage] newBlockfileMgr -> INFO 009 Getting block information from block storage
2019-11-22 09:59:07.438 UTC [orderer.commmon.multichannel] newChain -> INFO 00a Created and starting new chain beerchannel
2019-11-22 09:59:07.440 UTC [comm.grpc.server] 1 -> INFO 00b streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.29.0.6:41778 grpc.code=OK grpc.call_duration=25.385144ms
2019-11-22 10:04:06.923 UTC [common.deliver] deliverBlocks -> WARN 00c [channel: beerchannel] Client authorization revoked for deliver request from 172.29.0.4:48406: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
2019-11-22 10:04:06.923 UTC [comm.grpc.server] 1 -> INFO 00d streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.29.0.4:48406 grpc.code=OK grpc.call_duration=1.001442ms
2019-11-22 10:04:07.026 UTC [common.deliver] deliverBlocks -> WARN 00e [channel: beerchannel] Client authorization revoked for deliver request from 172.29.0.4:48408: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Readers' sub-policies to be satisfied: permission denied
2019-11-22 10:04:07.026 UTC [comm.grpc.server] 1 -> INFO 00f streaming call completed grpc.service=orderer.AtomicBroadcast grpc.method=Deliver grpc.peer_address=172.29.0.4:48408 grpc.code=OK grpc.call_duration=582.912µs
Since the peer involved is peer0, I also entered in peer0 logs and found this errors:
2019-11-22 10:04:00.870 UTC [endorser] callChaincode -> INFO 029 [][ec4f5097] Entry chaincode: name:"cscc"
2019-11-22 10:04:00.870 UTC [ledgermgmt] CreateLedger -> INFO 02a Creating ledger [beerchannel] with genesis block
2019-11-22 10:04:00.874 UTC [fsblkstorage] newBlockfileMgr -> INFO 02b Getting block information from block storage
2019-11-22 10:04:00.896 UTC [kvledger] CommitWithPvtData -> INFO 02c [beerchannel] Committed block [0] with 1 transaction(s) in 16ms (state_validation=0ms block_and_pvtdata_commit=10ms state_commit=2ms) commitHash=[]
2019-11-22 10:04:00.899 UTC [ledgermgmt] CreateLedger -> INFO 02d Created ledger [beerchannel] with genesis block
2019-11-22 10:04:00.902 UTC [gossip.gossip] JoinChan -> INFO 02e Joining gossip network of channel beerchannel with 1 organizations
2019-11-22 10:04:00.902 UTC [gossip.gossip] learnAnchorPeers -> INFO 02f No configured anchor peers of Org1MSP for channel beerchannel to learn about
2019-11-22 10:04:00.917 UTC [gossip.state] NewGossipStateProvider -> INFO 030 Updating metadata information, current ledger sequence is at = 0, next expected block is = 1
2019-11-22 10:04:00.919 UTC [sccapi] deploySysCC -> INFO 031 system chaincode lscc/beerchannel(github.com/hyperledger/fabric/core/scc/lscc) deployed
2019-11-22 10:04:00.919 UTC [cscc] Init -> INFO 032 Init CSCC
2019-11-22 10:04:00.920 UTC [sccapi] deploySysCC -> INFO 033 system chaincode cscc/beerchannel(github.com/hyperledger/fabric/core/scc/cscc) deployed
2019-11-22 10:04:00.920 UTC [qscc] Init -> INFO 034 Init QSCC
2019-11-22 10:04:00.920 UTC [sccapi] deploySysCC -> INFO 035 system chaincode qscc/beerchannel(github.com/hyperledger/fabric/core/scc/qscc) deployed
2019-11-22 10:04:00.920 UTC [sccapi] deploySysCC -> INFO 036 system chaincode (+lifecycle,github.com/hyperledger/fabric/core/chaincode/lifecycle) disabled
2019-11-22 10:04:00.921 UTC [endorser] callChaincode -> INFO 037 [][ec4f5097] Exit chaincode: name:"cscc" (51ms)
2019-11-22 10:04:00.921 UTC [comm.grpc.server] 1 -> INFO 038 unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.29.0.6:42736 grpc.code=OK grpc.call_duration=51.473337ms
2019-11-22 10:04:06.919 UTC [gossip.election] beLeader -> INFO 039 42a5181dbddcff9d15ae32b05300e849fbcad1cf138e62f3d8b726d7b5db25d3 : Becoming a leader
2019-11-22 10:04:06.919 UTC [gossip.service] func1 -> INFO 03a Elected as a leader, starting delivery service for channel beerchannel
2019-11-22 10:04:06.923 UTC [blocksProvider] DeliverBlocks -> ERRO 03b [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:07.026 UTC [blocksProvider] DeliverBlocks -> ERRO 03c [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:07.239 UTC [blocksProvider] DeliverBlocks -> ERRO 03d [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:07.643 UTC [blocksProvider] DeliverBlocks -> ERRO 03e [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:08.445 UTC [blocksProvider] DeliverBlocks -> ERRO 03f [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:10.051 UTC [blocksProvider] DeliverBlocks -> ERRO 040 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:13.254 UTC [blocksProvider] DeliverBlocks -> ERRO 041 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:19.657 UTC [blocksProvider] DeliverBlocks -> ERRO 042 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:29.662 UTC [blocksProvider] DeliverBlocks -> ERRO 043 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:39.668 UTC [blocksProvider] DeliverBlocks -> ERRO 044 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:49.671 UTC [blocksProvider] DeliverBlocks -> ERRO 045 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:04:49.671 UTC [blocksProvider] DeliverBlocks -> ERRO 046 [beerchannel] Wrong statuses threshold passed, stopping block provider
2019-11-22 10:04:49.671 UTC [gossip.election] stopBeingLeader -> INFO 047 42a5181dbddcff9d15ae32b05300e849fbcad1cf138e62f3d8b726d7b5db25d3 Stopped being a leader
2019-11-22 10:04:49.671 UTC [gossip.service] func1 -> INFO 048 Renounced leadership, stopping delivery service for channel beerchannel
2019-11-22 10:05:56.924 UTC [gossip.election] beLeader -> INFO 049 42a5181dbddcff9d15ae32b05300e849fbcad1cf138e62f3d8b726d7b5db25d3 : Becoming a leader
2019-11-22 10:05:56.924 UTC [gossip.service] func1 -> INFO 04a Elected as a leader, starting delivery service for channel beerchannel
2019-11-22 10:05:56.929 UTC [blocksProvider] DeliverBlocks -> ERRO 04b [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:05:57.032 UTC [blocksProvider] DeliverBlocks -> ERRO 04c [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:05:57.235 UTC [blocksProvider] DeliverBlocks -> ERRO 04d [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:05:57.638 UTC [blocksProvider] DeliverBlocks -> ERRO 04e [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:05:58.441 UTC [blocksProvider] DeliverBlocks -> ERRO 04f [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:00.044 UTC [blocksProvider] DeliverBlocks -> ERRO 050 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:03.247 UTC [blocksProvider] DeliverBlocks -> ERRO 051 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:09.652 UTC [blocksProvider] DeliverBlocks -> ERRO 052 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:19.656 UTC [blocksProvider] DeliverBlocks -> ERRO 053 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:29.659 UTC [blocksProvider] DeliverBlocks -> ERRO 054 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:39.662 UTC [blocksProvider] DeliverBlocks -> ERRO 055 [beerchannel] Got error &{FORBIDDEN}
2019-11-22 10:06:39.662 UTC [blocksProvider] DeliverBlocks -> ERRO 056 [beerchannel] Wrong statuses threshold passed, stopping block provider
2019-11-22 10:06:39.662 UTC [gossip.election] stopBeingLeader -> INFO 057 42a5181dbddcff9d15ae32b05300e849fbcad1cf138e62f3d8b726d7b5db25d3 Stopped being a leader
2019-11-22 10:06:39.662 UTC [gossip.service] func1 -> INFO 058 Renounced leadership, stopping delivery service for channel beerchannel
It seems something related to permissions but I cannot understand what's wrong in here.
The cli contains the beerchannel.block file, successfully generated it and now I just want to add peer0 to the channel.
Adding configtx.yaml
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/c.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &s
Name: sMSP
ID: sMSP
MSPDir: crypto-config/peerOrganizations/s.c.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('sMSP.admin', 'sMSP.peer', 'sMSP.client')"
Writers:
Type: Signature
Rule: "OR('sMSP.admin', 'sMSP.client')"
Admins:
Type: Signature
Rule: "OR('sMSP.admin')"
AnchorPeers:
- Host: peer1.s.c.com
Port: 7051
- Host: peer2.s.c.com
Port: 8051
Capabilities:
Channel: &ChannelCapabilities
V1_4_3: true
V1_3: false
V1_1: false
Orderer: &OrdererCapabilities
V1_4_2: true
V1_1: false
Application: &ApplicationCapabilities
V1_4_2: true
V1_3: false
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer1.c.com:7050
BatchTimeout: 500ms
BatchSize:
MaxMessageCount: 15
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 kb
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Capabilities:
<<: *OrdererCapabilities
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OneOrgOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *s
OneOrgChannel:
<<: *ChannelDefaults
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *s
SampleMultiNodeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer1.c.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer1.c.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer1.c.com/tls/server.crt
- Host: orderer2.c.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer2.c.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer2.c.com/tls/server.crt
- Host: orderer3.c.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer3.c.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/c.com/orderers/orderer3.c.com/tls/server.crt
Addresses:
- orderer1.c.com:7050
- orderer2.c.com:7050
- orderer3.c.com:7050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *s
Check for the Reader policies that you have defined in your configtx.yaml this error is generated because of the policy mismatch. You have defined some specific user type(admin, peer, client) in your Reader policies but this specific user type is not passed into certificates that you have generated for your peer.
Edited:
If you want to make it generic and not specific to the identity type then you can edit the s org policies like this:
- &s
Name: sMSP
ID: sMSP
MSPDir: crypto-config/peerOrganizations/s.c.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('sMSP.member')"
Writers:
Type: Signature
Rule: "OR('sMSP.member')"
Admins:
Type: Signature
Rule: "OR('sMSP.admin')"
Check your crypto-config.yaml under peerOrgs section and add EnableNodeOUs property if missing then regenerate the crypto materials. Config example:
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
I am running a custom Hyperledger Fabric network with TLS enabled in all communications. Everyting looks great inside of an organizations and CLI can connect to its org peers with TLS and CLIENTAUTH enabled. This is the status of the network:
org1
- peer0
anchor: true
tls_enabled: true
tls_clientauth_enabled: true
- peer1
tls_enabled: true
tls_clientauth_enabled: true
- orderer0
tls_enabled: true
tls_clientauth_enabled: false
org2
- peer0
anchor: true
tls_enabled: true
tls_clientauth_enabled: true
- peer1
tls_enabled: true
tls_clientauth_enabled: true
- orderer0
tls_enabled: true
tls_clientauth_enabled: false
org3
- orderer0
tls_enabled: true
tls_clientauth_enabled: false
However, once I start a channel than involves multiple organizations, I get Gossip and TLS hanshake related errors. This is an example (log from peer0.org1):
2019-10-07 10:01:45.615 UTC [gossip.service] func1 -> INFO 046 Elected as a leader, starting delivery service for channel global
2019-10-07 10:01:48.620 UTC [ConnProducer] NewConnection -> ERRO 047 Failed connecting to {orderer0.org2:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:01:51.622 UTC [ConnProducer] NewConnection -> ERRO 048 Failed connecting to {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:01:54.638 UTC [ConnProducer] NewConnection -> ERRO 049 Failed connecting to {orderer0.org3:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:01:54.638 UTC [ConnProducer] NewConnection -> ERRO 04a Could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}]
2019-10-07 10:01:54.638 UTC [deliveryClient] connect -> ERRO 04b Failed obtaining connection: could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}]
2019-10-07 10:01:54.638 UTC [deliveryClient] try -> WARN 04c Got error: could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}] , at 1 attempt. Retrying in 1s
2019-10-07 10:01:58.640 UTC [ConnProducer] NewConnection -> ERRO 04d Failed connecting to {orderer0.org2:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:01:59.833 UTC [core.comm] ServerHandshake -> ERRO 04e TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.24:54590
2019-10-07 10:02:00.828 UTC [core.comm] ServerHandshake -> ERRO 04f TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.24:54604
2019-10-07 10:02:01.642 UTC [ConnProducer] NewConnection -> ERRO 050 Failed connecting to {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:02:02.609 UTC [core.comm] ServerHandshake -> ERRO 051 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.24:54624
2019-10-07 10:02:04.647 UTC [ConnProducer] NewConnection -> ERRO 052 Failed connecting to {orderer0.org3:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:02:04.647 UTC [ConnProducer] NewConnection -> ERRO 053 Could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}]
2019-10-07 10:02:04.647 UTC [deliveryClient] connect -> ERRO 054 Failed obtaining connection: could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}]
2019-10-07 10:02:04.647 UTC [deliveryClient] try -> WARN 055 Got error: could not connect to any of the endpoints: [{orderer0.org2:7050 [org1MSP org2MSP org3MSP]} {orderer0.org1:7050 [org1MSP org2MSP org3MSP]} {orderer0.org3:7050 [org1MSP org2MSP org3MSP]}] , at 2 attempt. Retrying in 2s
2019-10-07 10:02:04.755 UTC [core.comm] ServerHandshake -> ERRO 056 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.19:48822
2019-10-07 10:02:05.755 UTC [core.comm] ServerHandshake -> ERRO 057 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.19:48836
2019-10-07 10:02:07.118 UTC [core.comm] ServerHandshake -> ERRO 058 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=172.17.0.19:48854
2019-10-07 10:02:09.651 UTC [ConnProducer] NewConnection -> ERRO 059 Failed connecting to {orderer0.org2:7050 [org1MSP org2MSP org3MSP]} , error: context deadline exceeded
2019-10-07 10:02:10.595 UTC [gossip.gossip] func1 -> WARN 05a Deep probe of peer0.org2:7051 failed: context deadline exceeded
github.com/hyperledger/fabric/gossip/gossip.(*gossipServiceImpl).learnAnchorPeers.func1
/opt/gopath/src/github.com/hyperledger/fabric/gossip/gossip/gossip_impl.go:251
github.com/hyperledger/fabric/gossip/discovery.(*gossipDiscoveryImpl).Connect.func1
/opt/gopath/src/github.com/hyperledger/fabric/gossip/discovery/discovery_impl.go:153
runtime.goexit
/opt/go/src/runtime/asm_amd64.s:1333
2019-10-07 10:02:10.595 UTC [gossip.discovery] func1 -> WARN 05b Could not connect to Endpoint: peer0.org2:7051, InternalEndpoint: peer0.org2:7051, PKI-ID: <nil>, Metadata: : context deadline exceeded
How can I solve it? I tried to share CA Pems between orgs and set CORE_PEER_TLS_CLIENTROOTCAS_FILES to "/public/org1/ca-chain.pem /public/org2/ca-chain.pem /public/org3/ca-chain.pem", but it does not work. Do I have to add the client cert for each peer/orderer to every one of my nodes? Where? Is this problem not related to TLS? I am really lost.
Thank you.
Have you specified CORE_PEER_TLS_CERT_FILE, CORE_PEER_TLS_KEY_FILE and CORE_PEER_TLS_ROOTCERT_FILE (this one is for the CA) for each peer?
And if you run your CA Server with TLS you have to specify the cert and keyfiles for TLS there as well.
I'm running the following steps:
cryptogen generate --config./crypto-config.yaml
export FABRIC_CFG_PATH=$PWD
mkdir channel-artifacts
configtxgen -profile TwoOrgsOrdererGenesis -channelID byfn-sys-channel -outputBlock ./channel-artifacts/genesis.block
configtxgen -profile TwoOrgsChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID "mychannel"
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID "mychannel" -asOrg Org1MSP
configtxgen -profile TwoOrgsChannel -outputAnchorPeersUpdate ./channel-artifacts/Org2MSPanchors.tx -channelID "mychannel" -asOrg Org2MSP
docker-compose -f docker-compose-cli.yaml up -d
docker exec -it cli bash
ORDERER_CA=/work/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
PEER0_ORG1_CA=/work/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
PEER0_ORG2_CA=/work/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt
CORE_PEER_LOCALMSPID="OrdererMSP"
CORE_PEER_TLS_ROOTCERT_FILE=/work/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
CORE_PEER_MSPCONFIGPATH=/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp
CHANNEL="mychannel"
CC_SRC_PATH="/chaincode/"
peer channel create -o orderer.example.com:7050 -c $CHANNEL -f /work/channel-artifacts/channel.tx --tls $CORE_PEER_TLS_ENABLED --cafile $ORDERER_CA
Creating the channel yields:
peer channel create -o orderer.example.com:7050 -c mychannel -f /work/channel-artifacts/channel.tx --tls true --cafile /work/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2018-12-21 05:58:02.995 UTC [viperutil] getKeysRecursively -> DEBU 001 Found map[string]interface{} value for peer.BCCSP
2018-12-21 05:58:02.996 UTC [viperutil] getKeysRecursively -> DEBU 002 Found map[string]interface{} value for peer.BCCSP.SW
2018-12-21 05:58:02.996 UTC [viperutil] unmarshalJSON -> DEBU 003 Unmarshal JSON: value cannot be unmarshalled: invalid character 'S' looking for beginning of value
2018-12-21 05:58:02.997 UTC [viperutil] getKeysRecursively -> DEBU 004 Found real value for peer.BCCSP.SW.Hash setting to string SHA2
2018-12-21 05:58:02.998 UTC [viperutil] unmarshalJSON -> DEBU 005 Unmarshal JSON: value is not a string: 256
2018-12-21 05:58:02.998 UTC [viperutil] getKeysRecursively -> DEBU 006 Found real value for peer.BCCSP.SW.Security setting to int 256
2018-12-21 05:58:02.998 UTC [viperutil] getKeysRecursively -> DEBU 007 Found map[string]interface{} value for peer.BCCSP.SW.FileKeyStore
2018-12-21 05:58:02.998 UTC [viperutil] unmarshalJSON -> DEBU 008 Unmarshal JSON: value cannot be unmarshalled: unexpected end of JSON input
2018-12-21 05:58:02.999 UTC [viperutil] getKeysRecursively -> DEBU 009 Found real value for peer.BCCSP.SW.FileKeyStore.KeyStore setting to string
2018-12-21 05:58:02.999 UTC [viperutil] getKeysRecursively -> DEBU 00a Found map[string]interface{} value for peer.BCCSP.PKCS11
2018-12-21 05:58:03.000 UTC [viperutil] unmarshalJSON -> DEBU 00b Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.000 UTC [viperutil] getKeysRecursively -> DEBU 00c Found real value for peer.BCCSP.PKCS11.Security setting to <nil> <nil>
2018-12-21 05:58:03.001 UTC [viperutil] getKeysRecursively -> DEBU 00d Found map[string]interface{} value for peer.BCCSP.PKCS11.FileKeyStore
2018-12-21 05:58:03.002 UTC [viperutil] unmarshalJSON -> DEBU 00e Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.003 UTC [viperutil] getKeysRecursively -> DEBU 00f Found real value for peer.BCCSP.PKCS11.FileKeyStore.KeyStore setting to <nil> <nil>
2018-12-21 05:58:03.003 UTC [viperutil] unmarshalJSON -> DEBU 010 Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.004 UTC [viperutil] getKeysRecursively -> DEBU 011 Found real value for peer.BCCSP.PKCS11.Library setting to <nil> <nil>
2018-12-21 05:58:03.005 UTC [viperutil] unmarshalJSON -> DEBU 012 Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.006 UTC [viperutil] getKeysRecursively -> DEBU 013 Found real value for peer.BCCSP.PKCS11.Label setting to <nil> <nil>
2018-12-21 05:58:03.007 UTC [viperutil] unmarshalJSON -> DEBU 014 Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.007 UTC [viperutil] getKeysRecursively -> DEBU 015 Found real value for peer.BCCSP.PKCS11.Pin setting to <nil> <nil>
2018-12-21 05:58:03.008 UTC [viperutil] unmarshalJSON -> DEBU 016 Unmarshal JSON: value is not a string: <nil>
2018-12-21 05:58:03.009 UTC [viperutil] getKeysRecursively -> DEBU 017 Found real value for peer.BCCSP.PKCS11.Hash setting to <nil> <nil>
2018-12-21 05:58:03.010 UTC [viperutil] unmarshalJSON -> DEBU 018 Unmarshal JSON: value cannot be unmarshalled: invalid character 'S' looking for beginning of value
2018-12-21 05:58:03.010 UTC [viperutil] getKeysRecursively -> DEBU 019 Found real value for peer.BCCSP.Default setting to string SW
2018-12-21 05:58:03.011 UTC [viperutil] EnhancedExactUnmarshalKey -> DEBU 01a map[peer.BCCSP:map[SW:map[Hash:SHA2 Security:256 FileKeyStore:map[KeyStore:]] PKCS11:map[Hash:<nil> Security:<nil> FileKeyStore:map[KeyStore:<nil>] Library:<nil> Label:<nil> Pin:<nil>] Default:SW]]
2018-12-21 05:58:03.020 UTC [bccsp_sw] openKeyStore -> DEBU 01b KeyStore opened at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/keystore]...done
2018-12-21 05:58:03.023 UTC [bccsp] initBCCSP -> DEBU 01c Initialize BCCSP [SW]
2018-12-21 05:58:03.024 UTC [msp] getPemMaterialFromDir -> DEBU 01d Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/signcerts
2018-12-21 05:58:03.041 UTC [msp] getPemMaterialFromDir -> DEBU 01e Inspecting file /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/signcerts/Admin#example.com-cert.pem
2018-12-21 05:58:03.049 UTC [msp] getPemMaterialFromDir -> DEBU 01f Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/cacerts
2018-12-21 05:58:03.058 UTC [msp] getPemMaterialFromDir -> DEBU 020 Inspecting file /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/cacerts/ca.example.com-cert.pem
2018-12-21 05:58:03.062 UTC [msp] getPemMaterialFromDir -> DEBU 021 Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/admincerts
2018-12-21 05:58:03.067 UTC [msp] getPemMaterialFromDir -> DEBU 022 Inspecting file /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/admincerts/Admin#example.com-cert.pem
2018-12-21 05:58:03.071 UTC [msp] getPemMaterialFromDir -> DEBU 023 Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/intermediatecerts
2018-12-21 05:58:03.075 UTC [msp] getMspConfig -> DEBU 024 Intermediate certs folder not found at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/intermediatecerts]. Skipping. [stat /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/intermediatecerts: no such file or directory]
2018-12-21 05:58:03.075 UTC [msp] getPemMaterialFromDir -> DEBU 025 Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/tlscacerts
2018-12-21 05:58:03.082 UTC [msp] getPemMaterialFromDir -> DEBU 026 Inspecting file /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2018-12-21 05:58:03.085 UTC [msp] getPemMaterialFromDir -> DEBU 027 Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/tlsintermediatecerts
2018-12-21 05:58:03.086 UTC [msp] getMspConfig -> DEBU 028 TLS intermediate certs folder not found at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/tlsintermediatecerts]. Skipping. [stat /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/tlsintermediatecerts: no such file or directory]
2018-12-21 05:58:03.086 UTC [msp] getPemMaterialFromDir -> DEBU 029 Reading directory /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/crls
2018-12-21 05:58:03.088 UTC [msp] getMspConfig -> DEBU 02a crls folder not found at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/crls]. Skipping. [stat /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/crls: no such file or directory]
2018-12-21 05:58:03.089 UTC [msp] getMspConfig -> DEBU 02b MSP configuration file not found at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/config.yaml]: [stat /work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/config.yaml: no such file or directory]
2018-12-21 05:58:03.092 UTC [msp] newBccspMsp -> DEBU 02c Creating BCCSP-based MSP instance
2018-12-21 05:58:03.093 UTC [msp] New -> DEBU 02d Creating Cache-MSP instance
2018-12-21 05:58:03.093 UTC [msp] loadLocaMSP -> DEBU 02e Created new local MSP
2018-12-21 05:58:03.095 UTC [msp] Setup -> DEBU 02f Setting up MSP instance OrdererMSP
2018-12-21 05:58:03.096 UTC [msp/identity] newIdentity -> DEBU 030 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICMDCCAdagAwIBAgIRAJMJ50AFi4DVbfmy2tZwr8swCgYIKoZIzj0EAwIwaTEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xFDASBgNVBAoTC2V4YW1wbGUuY29tMRcwFQYDVQQDEw5jYS5leGFt
cGxlLmNvbTAeFw0xODEyMjEwNTUxMDBaFw0yODEyMTgwNTUxMDBaMGkxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp
c2NvMRQwEgYDVQQKEwtleGFtcGxlLmNvbTEXMBUGA1UEAxMOY2EuZXhhbXBsZS5j
b20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQz7AEO7XsDC3ovSn4KoU9bMiu1
oZL6rYNG3IwlEiLIRTdF9YjkNadjxev769Nfe6zPBDQ7mxcjAeW96v3HD1Fqo18w
XTAOBgNVHQ8BAf8EBAMCAaYwDwYDVR0lBAgwBgYEVR0lADAPBgNVHRMBAf8EBTAD
AQH/MCkGA1UdDgQiBCAX+J5Ayk0WYWPq+x/0rjbTs+m/RLvoqoGbt5slt3V8rDAK
BggqhkjOPQQDAgNIADBFAiEAqpwE5/Rkik0BKPgtbsiivijQ4pjwfjY5qOVZJeni
9G0CIAIdM34UbsWMnBXE31XGlMczGMqAmvu3keGDcEFOxgEb
-----END CERTIFICATE-----
2018-12-21 05:58:03.098 UTC [msp/identity] newIdentity -> DEBU 031 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICCjCCAbCgAwIBAgIQNvIOivt9quw48gGIQH5xUzAKBggqhkjOPQQDAjBpMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xFzAVBgNVBAMTDmNhLmV4YW1w
bGUuY29tMB4XDTE4MTIyMTA1NTEwMFoXDTI4MTIxODA1NTEwMFowVjELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz
Y28xGjAYBgNVBAMMEUFkbWluQGV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEHRUSNwy5tPgTCW8n75BDjAPImpFjGHP2LWHOJMC4m8ffZ7xbjvpo
oEcUTfp4K4K/TeEcmGeYQeM0scPEnOVtW6NNMEswDgYDVR0PAQH/BAQDAgeAMAwG
A1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgF/ieQMpNFmFj6vsf9K4207Ppv0S76KqB
m7ebJbd1fKwwCgYIKoZIzj0EAwIDSAAwRQIhAMo50UA2es1ZPleNNXgXXA0Dun7c
CiUjOH7ZbvLt5SUrAiBlcwDp/lNcF2O8UfxposYdcignY2yfzbW/eXmnYMkj0Q==
-----END CERTIFICATE-----
2018-12-21 05:58:03.127 UTC [msp/identity] newIdentity -> DEBU 032 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICCjCCAbCgAwIBAgIQNvIOivt9quw48gGIQH5xUzAKBggqhkjOPQQDAjBpMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xFzAVBgNVBAMTDmNhLmV4YW1w
bGUuY29tMB4XDTE4MTIyMTA1NTEwMFoXDTI4MTIxODA1NTEwMFowVjELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz
Y28xGjAYBgNVBAMMEUFkbWluQGV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEHRUSNwy5tPgTCW8n75BDjAPImpFjGHP2LWHOJMC4m8ffZ7xbjvpo
oEcUTfp4K4K/TeEcmGeYQeM0scPEnOVtW6NNMEswDgYDVR0PAQH/BAQDAgeAMAwG
A1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgF/ieQMpNFmFj6vsf9K4207Ppv0S76KqB
m7ebJbd1fKwwCgYIKoZIzj0EAwIDSAAwRQIhAMo50UA2es1ZPleNNXgXXA0Dun7c
CiUjOH7ZbvLt5SUrAiBlcwDp/lNcF2O8UfxposYdcignY2yfzbW/eXmnYMkj0Q==
-----END CERTIFICATE-----
2018-12-21 05:58:03.136 UTC [bccsp_sw] loadPrivateKey -> DEBU 033 Loading private key [f402b6fb650fc38fb9a4ae8b21abe98abbc3bf1786186fbc52a4fcf4e0cadeec] at [/work/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp/keystore/f402b6fb650fc38fb9a4ae8b21abe98abbc3bf1786186fbc52a4fcf4e0cadeec_sk]...
2018-12-21 05:58:03.143 UTC [msp/identity] newIdentity -> DEBU 034 Creating identity instance for cert -----BEGIN CERTIFICATE-----
MIICCjCCAbCgAwIBAgIQNvIOivt9quw48gGIQH5xUzAKBggqhkjOPQQDAjBpMQsw
CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy
YW5jaXNjbzEUMBIGA1UEChMLZXhhbXBsZS5jb20xFzAVBgNVBAMTDmNhLmV4YW1w
bGUuY29tMB4XDTE4MTIyMTA1NTEwMFoXDTI4MTIxODA1NTEwMFowVjELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz
Y28xGjAYBgNVBAMMEUFkbWluQGV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEHRUSNwy5tPgTCW8n75BDjAPImpFjGHP2LWHOJMC4m8ffZ7xbjvpo
oEcUTfp4K4K/TeEcmGeYQeM0scPEnOVtW6NNMEswDgYDVR0PAQH/BAQDAgeAMAwG
A1UdEwEB/wQCMAAwKwYDVR0jBCQwIoAgF/ieQMpNFmFj6vsf9K4207Ppv0S76KqB
m7ebJbd1fKwwCgYIKoZIzj0EAwIDSAAwRQIhAMo50UA2es1ZPleNNXgXXA0Dun7c
CiUjOH7ZbvLt5SUrAiBlcwDp/lNcF2O8UfxposYdcignY2yfzbW/eXmnYMkj0Q==
-----END CERTIFICATE-----
2018-12-21 05:58:03.143 UTC [msp] setupSigningIdentity -> DEBU 035 Signing identity expires at 2028-12-18 05:51:00 +0000 UTC
2018-12-21 05:58:03.143 UTC [msp] Validate -> DEBU 036 MSP OrdererMSP validating identity
2018-12-21 05:58:03.144 UTC [msp] GetDefaultSigningIdentity -> DEBU 037 Obtaining default signing identity
2018-12-21 05:58:03.152 UTC [grpc] DialContext -> DEBU 038 parsed scheme: ""
2018-12-21 05:58:03.155 UTC [grpc] DialContext -> DEBU 039 scheme "" not registered, fallback to default scheme
2018-12-21 05:58:03.156 UTC [grpc] watcher -> DEBU 03a ccResolverWrapper: sending new addresses to cc: [{orderer.example.com:7050 0 <nil>}]
2018-12-21 05:58:03.157 UTC [grpc] switchBalancer -> DEBU 03b ClientConn switching balancer to "pick_first"
2018-12-21 05:58:03.158 UTC [grpc] HandleSubConnStateChange -> DEBU 03c pickfirstBalancer: HandleSubConnStateChange: 0xc4202a1a30, CONNECTING
2018-12-21 05:58:03.179 UTC [grpc] HandleSubConnStateChange -> DEBU 03d pickfirstBalancer: HandleSubConnStateChange: 0xc4202a1a30, READY
2018-12-21 05:58:03.183 UTC [channelCmd] InitCmdFactory -> INFO 03e Endorser and orderer connections initialized
2018-12-21 05:58:03.192 UTC [msp] GetDefaultSigningIdentity -> DEBU 03f Obtaining default signing identity
2018-12-21 05:58:03.193 UTC [msp] GetDefaultSigningIdentity -> DEBU 040 Obtaining default signing identity
2018-12-21 05:58:03.193 UTC [msp/identity] Sign -> DEBU 041 Sign: plaintext: 0A90060A0A4F7264657265724D535012...53616D706C65436F6E736F727469756D
2018-12-21 05:58:03.194 UTC [msp/identity] Sign -> DEBU 042 Sign: digest: 92BB1016BFDAC4274F151AA23E3A16A90E71F4D7BBEC266CDC566B398D1DC25B
2018-12-21 05:58:03.195 UTC [msp] GetDefaultSigningIdentity -> DEBU 043 Obtaining default signing identity
2018-12-21 05:58:03.195 UTC [msp] GetDefaultSigningIdentity -> DEBU 044 Obtaining default signing identity
2018-12-21 05:58:03.196 UTC [msp/identity] Sign -> DEBU 045 Sign: plaintext: 0AC7060A1508021A0608EB81F2E00522...060A56072CF60B8F5697E4ED67FD0157
2018-12-21 05:58:03.198 UTC [msp/identity] Sign -> DEBU 046 Sign: digest: F0D279F148EC9853919A36DED749B885E48E562B9450E6ED02F2D5B8CF42B47A
2018-12-21 05:58:03.211 UTC [grpc] DialContext -> DEBU 047 parsed scheme: ""
2018-12-21 05:58:03.212 UTC [grpc] DialContext -> DEBU 048 scheme "" not registered, fallback to default scheme
2018-12-21 05:58:03.212 UTC [grpc] watcher -> DEBU 049 ccResolverWrapper: sending new addresses to cc: [{orderer.example.com:7050 0 <nil>}]
2018-12-21 05:58:03.212 UTC [grpc] switchBalancer -> DEBU 04a ClientConn switching balancer to "pick_first"
2018-12-21 05:58:03.212 UTC [grpc] HandleSubConnStateChange -> DEBU 04b pickfirstBalancer: HandleSubConnStateChange: 0xc420486a60, CONNECTING
2018-12-21 05:58:03.226 UTC [grpc] HandleSubConnStateChange -> DEBU 04c pickfirstBalancer: HandleSubConnStateChange: 0xc420486a60, READY
Error: got unexpected status: BAD_REQUEST -- error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining
I use the following crypto-config.yaml
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: false
Template:
Count: 1
Users:
Count: 1
- Name: Org2
Domain: org2.example.com
EnableNodeOUs: false
Template:
Count: 1
Users:
Count: 1
and this configtx.yaml:
---
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
AnchorPeers:
- Host: peer0.org1.example.com
Port: 7051
- &Org2
Name: Org2MSP
ID: Org2MSP
MSPDir: crypto-config/peerOrganizations/org2.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.peer', 'Org2MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org2MSP.admin', 'Org2MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org2MSP.admin')"
AnchorPeers:
- Host: peer0.org2.example.com
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer.example.com:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Kafka:
Brokers:
- 127.0.0.1:9092
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
My docker-compose-cli.yaml file:
version: '2'
volumes:
orderer.example.com:
peer0.org1.example.com:
peer1.org1.example.com:
peer0.org2.example.com:
peer1.org2.example.com:
networks:
byfn:
services:
orderer.example.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com
networks:
- byfn
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.example.com
networks:
- byfn
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org1.example.com
networks:
- byfn
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org2.example.com
networks:
- byfn
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org2.example.com
networks:
- byfn
cli:
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_LOGGING_LEVEL=DEBUG
#- CORE_LOGGING_LEVEL=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/work/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/work/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/work/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/work/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- ./channel-artifacts:/work/channel-artifacts
- ./crypto-config:/work/crypto-config
- ./scripts:/work/
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer1.org1.example.com
- peer0.org2.example.com
- peer1.org2.example.com
networks:
- byfn
Someone faced a similiar problem?
Update
Starting first to orderer service and then peer0 gives the following log:
docker-compose -f docker-compose-cli.yaml up peer0.org1.example.com
Starting peer0.org1.example.com ... done
Attaching to peer0.org1.example.com
peer0.org1.example.com | 2018-12-21 07:22:09.355 UTC [nodeCmd] serve -> INFO 001 Starting peer:
peer0.org1.example.com | Version: 1.3.0
peer0.org1.example.com | Commit SHA: ab0a67a
peer0.org1.example.com | Go version: go1.10.4
peer0.org1.example.com | OS/Arch: linux/amd64
peer0.org1.example.com | Experimental features: false
peer0.org1.example.com | Chaincode:
peer0.org1.example.com | Base Image Version: 0.4.13
peer0.org1.example.com | Base Docker Namespace: hyperledger
peer0.org1.example.com | Base Docker Label: org.hyperledger.fabric
peer0.org1.example.com | Docker Namespace: hyperledger
peer0.org1.example.com | 2018-12-21 07:22:09.355 UTC [ledgermgmt] initialize -> INFO 002 Initializing ledger mgmt
peer0.org1.example.com | 2018-12-21 07:22:09.355 UTC [kvledger] NewProvider -> INFO 003 Initializing ledger provider
peer0.org1.example.com | 2018-12-21 07:22:09.466 UTC [kvledger] NewProvider -> INFO 004 ledger provider Initialized
peer0.org1.example.com | 2018-12-21 07:22:09.485 UTC [ledgermgmt] initialize -> INFO 005 ledger mgmt initialized
peer0.org1.example.com | 2018-12-21 07:22:09.485 UTC [peer] func1 -> INFO 006 Auto-detected peer address: 172.26.0.3:7051
peer0.org1.example.com | 2018-12-21 07:22:09.486 UTC [peer] func1 -> INFO 007 Returning peer0.org1.example.com:7051
peer0.org1.example.com | 2018-12-21 07:22:09.486 UTC [peer] func1 -> INFO 008 Auto-detected peer address: 172.26.0.3:7051
peer0.org1.example.com | 2018-12-21 07:22:09.486 UTC [peer] func1 -> INFO 009 Returning peer0.org1.example.com:7051
peer0.org1.example.com | 2018-12-21 07:22:09.487 UTC [nodeCmd] serve -> INFO 00a Starting peer with TLS enabled
peer0.org1.example.com | 2018-12-21 07:22:09.487 UTC [nodeCmd] computeChaincodeEndpoint -> INFO 00b Entering computeChaincodeEndpoint with peerHostname: peer0.org1.example.com
peer0.org1.example.com | 2018-12-21 07:22:09.488 UTC [nodeCmd] computeChaincodeEndpoint -> INFO 00c Exit with ccEndpoint: peer0.org1.example.com:7052
peer0.org1.example.com | 2018-12-21 07:22:09.488 UTC [nodeCmd] createChaincodeServer -> WARN 00d peer.chaincodeListenAddress is not set, using peer0.org1.example.com:7052
peer0.org1.example.com | 2018-12-21 07:22:09.490 UTC [sccapi] registerSysCC -> INFO 00e system chaincode lscc(github.com/hyperledger/fabric/core/scc/lscc) registered
peer0.org1.example.com | 2018-12-21 07:22:09.490 UTC [sccapi] registerSysCC -> INFO 00f system chaincode cscc(github.com/hyperledger/fabric/core/scc/cscc) registered
peer0.org1.example.com | 2018-12-21 07:22:09.490 UTC [sccapi] registerSysCC -> INFO 010 system chaincode qscc(github.com/hyperledger/fabric/core/scc/qscc) registered
peer0.org1.example.com | 2018-12-21 07:22:09.490 UTC [sccapi] registerSysCC -> INFO 011 system chaincode +lifecycle(github.com/hyperledger/fabric/core/chaincode/lifecycle) registered
peer0.org1.example.com | 2018-12-21 07:22:09.492 UTC [gossip/service] func1 -> INFO 012 Initialize gossip with endpoint peer0.org1.example.com:7051 and bootstrap set [peer1.org1.example.com:7051]
peer0.org1.example.com | 2018-12-21 07:22:09.494 UTC [gossip/gossip] NewGossipService -> INFO 013 Creating gossip service with self membership of {peer0.org1.example.com:7051 [] [132 133 191 71 241 248 154 220 155 96 230 124 237 186 150 131 247 243 69 99 70 223 16 116 157 162 26 216 63 117 58 153] peer0.org1.example.com:7051 <nil> <nil>}
peer0.org1.example.com | 2018-12-21 07:22:09.495 UTC [gossip/gossip] start -> INFO 014 Gossip instance peer0.org1.example.com:7051 started
peer0.org1.example.com | 2018-12-21 07:22:09.495 UTC [sccapi] deploySysCC -> INFO 015 system chaincode lscc/(github.com/hyperledger/fabric/core/scc/lscc) deployed
peer0.org1.example.com | fatal error: unexpected signal during runtime execution
peer0.org1.example.com | [signal SIGSEGV: segmentation violation code=0x1 addr=0x63 pc=0x7fd604040259]
peer0.org1.example.com |
peer0.org1.example.com | runtime stack:
peer0.org1.example.com | runtime.throw(0x111434c, 0x2a)
peer0.org1.example.com | /opt/go/src/runtime/panic.go:616 +0x81
peer0.org1.example.com | runtime.sigpanic()
peer0.org1.example.com | /opt/go/src/runtime/signal_unix.go:372 +0x28e
This is kind of a general error which occurs in fabric. I remember getting BAD Request
error on subsequent execution of peer channel create command when the first one took a bit longer and the request got timed out. However, in this case, the error says that the channel create request is not able to satisfy the implicit policy - i.e., doesn't have appropriate permissions to execute the command. Try setting the msp path in the peer to admin folder, using export CORE_PEER_MSPCONFIGPATH=<path to admin msp>, such that peer signs the channel create command with admincerts instead of peer certificates. Here is an useful link explaining the issue in detail - peer channel creation fails in Hyperledger Fabric
Checked each container log files, paths were incorrect - adjusting peer template to 2 fixed it