Develop Reference

Docker Node MongoDB AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch

I am posting it here as I am run out of options.
I am trying to make a connection from my node app to the mongodb.
I am getting AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch
My local environment works 100%. I dumped my local MongoDB (the app database and admin too) into the docker container.
I created my docker-compose.yml as below:
version: "1.0"
services:
mongodb:
image: mongo:3.4.7
container_name: MongoDB2
restart: unless-stopped
ports:
- '27017:27017'
app:
links:
- mongodb
depends_on:
- mongodb
image: eamello/gsd:myCore
ports:
- '8087:8087'
stdin_open: true
tty: true
volumes:
db:
networks:
node-webapp-network:
driver: bridge
My config.json file, which has the database connection details:
"myCore": {
"database": {
"url": "mongodb://mongodb:27017/myCore",
"options": {
"db": {
"native_parser": true
},
"server": {
"poolSize": 100,
"socketOptions": {
"keepAlive": 1000,
"connectTimeoutMS": 30000
}
},
"replset": {},
"user": "myAdmin",
"pass": "/WnUU5Jqithypb9970AfIQ==",
"auth": {
"authdb": "admin"
},
"queryLevel":{
"common":{
"maxTimeMS": 15000
}
}
}
},
I am 100% sure the user created in my admin database has the same password.
I check and rechecked several times.
I also tried to add my user via javascript file... it looks like the javascript was never executed.
db.createUser(
{
user: "myAdmin",
pwd: "/WnUU5Jqithypb9970AfIQ==",
roles: [
{
role: "userAdmin", db: "myCore"
},
{
role: "readWrite", db: "myCore"
}
]
}
);
As I can manage my MongoDB via Compass, I left this javascript aside.
Does anyone have any clue why I am getting AuthenticationFailed: SCRAM-SHA-1 authentication failed, storedKey mismatch?
I changed some names above as this is a company issue. Thanks.

Digital ocean mongo DB docker compose thorws "MongoServerError: Authentication failed."

Wrapping up a docker tutorial. When it comes to docker containers on my laptop, it works fine no Mongo DB issue.
But ever since I put it on digital ocean(Ubuntu 20.04 LTS x64, 2GB memory, 10GB disk) the issue occured below:
MongoServerError: Authentication failed.
at Connection.onMessage (/app/node_modules/mongodb/lib/cmap/connection.js:207:30)
at MessageStream.<anonymous> (/app/node_modules/mongodb/lib/cmap/connection.js:60:60)
at MessageStream.emit (node:events:513:28)
at processIncomingData (/app/node_modules/mongodb/lib/cmap/message_stream.js:132:20)
at MessageStream._write (/app/node_modules/mongodb/lib/cmap/message_stream.js:33:9)
at writeOrBuffer (node:internal/streams/writable:392:12)
at _write (node:internal/streams/writable:333:10)
at Writable.write (node:internal/streams/writable:337:10)
at Socket.ondata (node:internal/streams/readable:766:22)
at Socket.emit (node:events:513:28) {
ok: 0,
code: 18,
codeName: 'AuthenticationFailed',
connectionGeneration: 0,
[Symbol(errorLabels)]: Set(2) { 'HandshakeError', 'ResetPool' }
codes:
package.json
"dependencies": {
"bcryptjs": "^2.4.3",
"connect-redis": "^6.1.3",
"cors": "^2.8.5",
"express": "^4.18.2",
"express-session": "^1.17.3",
"mongoose": "^6.7.2",
"redis": "^4.5.0"
},
index.js
const {
MONGO_USER,
MONGO_PASSWORD,
MONGO_IP,
MONGO_PORT,
REDIS_URL,
REDIS_PORT,
SESSION_SECRET,
} = require("./config/config");
let redisClient = redis.createClient({
legacyMode: true,
socket: {
host: REDIS_URL,
port: REDIS_PORT,
},
});
redisClient
.connect()
.then(() => console.log("redis connected"))
.catch((e) => console.error("redis error", e));
const postRouter = require("./routes/postRoutes");
const userRouter = require("./routes/userRoutes");
const app = express();
const connectWithRetry = () => {
mongoose
.connect(
`mongodb://${MONGO_USER}:${MONGO_PASSWORD}#${MONGO_IP}:${MONGO_PORT}/?authSource=admin`
)
.then(() => console.log("successfully connected to DB"))
.catch((e) => {
console.error(e);
setTimeout(connectWithRetry, 5000);
});
};
connectWithRetry();
app.enable("trust proxy");
app.use(cors({}));
...
docker-compose.yml
version: "3"
services:
nginx:
image: nginx:stable-alpine
ports:
- "3000:80"
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
depends_on:
- node-app
node-app:
build: .
environment:
- PORT=3000
depends_on:
- mongo
mongo:
image: mongo
environment:
- MONGO_INITDB_ROOT_USERNAME=snap
- MONGO_INITDB_ROOT_PASSWORD=mypassword
volumes:
- mongo-db:/data/db
redis:
image: redis
volumes:
mongo-db:
docker-compose.prod.yml
version: "3"
services:
nginx:
ports:
- "80:80"
node-app:
build:
context: .
args:
NODE_ENV: production
environment:
- NODE_ENV=production
- MONGO_USER=${MONGO_USER}
- MONGO_PASSWORD=${MONGO_PASSWORD}
- SESSION_SECRET=${SESSION_SECRET}
command: node index.js
mongo:
environment:
- MONGO_INITDB_ROOT_USERNAME=${MONGO_INITDB_ROOT_USERNAME}
- MONGO_INITDB_ROOT_PASSWORD=${MONGO_INITDB_ROOT_PASSWORD}
The environment variables stored in .env file which located in the root directory of Ubuntu droplet. I tried hard coding the mongo uri instead of using environment variables but got the same result so pretty sure it may not be a cause.
Here's a log of db users below:
use admin
switched to db admin
admin> db.system.users.find()
[
{
_id: 'admin.snap',
userId: new UUID("4e79e245-894e-4d9a-9d76-802c970d9129"),
user: 'snap',
db: 'admin',
...
},
roles: [ { role: 'root', db: 'admin' } ]
},
{
_id: 'admin.admin',
userId: new UUID("0a8a471e-0e70-4e1c-b9ed-d99ede9ad0bd"),
user: 'admin',
db: 'admin',
...
},
roles: [ { role: 'root', db: 'admin' } ]
},
{
_id: 'test.snap',
userId: new UUID("4282b24f-9b15-4956-865f-ef9b206a499d"),
user: 'snap',
db: 'test',
...
roles: [ { role: 'readWrite', db: 'test' } ]
}
]
Thanks for your help.

HyperLedger 2.3.1 Failed to Connect on Committer

I am trying to execute a smart contract on the Hyperledger fabric test-network (Fabcar javascript smart contract) and I get the follwing error when I try to invoke the chaincode using the invoke.js file present in the fabcar javascript example:
error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Committer- name: orderer0.example.com:7050, url:grpcs://localhost:7050, connected:false, connectAttempted:true
2021-05-05T23:44:02.951Z - error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server orderer0.example.com:7050 url:grpcs://localhost:7050 timeout:3000
2021-05-05T23:44:02.952Z - error: [DiscoveryService]: _buildOrderer[mychannel] - Unable to connect to the discovered orderer orderer0.example.com:7050 due to Error: Failed to connect before the deadline on Committer- name: orderer0.example.com:7050, url:grpcs://localhost:7050, connected:false, connectAttempted:true
2021-05-05T23:44:05.957Z - error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: peer0.org01.example.com:7051, url:grpcs://localhost:7051, connected:false, connectAttempted:true
2021-05-05T23:44:05.957Z - error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server peer0.org01.example.com:7051 url:grpcs://localhost:7051 timeout:3000
2021-05-05T23:44:05.958Z - error: [DiscoveryService]: _buildPeer[mychannel] - Unable to connect to the discovered peer peer0.org01.example.com:7051 due to Error: Failed to connect before the deadline on Endorser- name: peer0.org01.example.com:7051, url:grpcs://localhost:7051, connected:false, connectAttempted:true
One thing to note is that I have changed port forwardings and peer/org names in the default test-network. My connection profile is as follows (removed certificates for clarity):
{
"name": "test-network-org1",
"version": "1.0.0",
"client": {
"organization": "Org1",
"connection": {
"timeout": {
"peer": {
"endorser": "300"
}
}
}
},
"channels": {
"mychannel": {
"orderers": [
"orderer0.example.com"
],
"peers": [
"peer0.org01.example.com"
]
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"peers": [
"peer0.org01.example.com"
],
"certificateAuthorities": [
"ca.org1.example.com"
]
}
},
"peers": {
"peer0.org01.example.com": {
"url": "grpcs://localhost:6041",
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----**********-----END CERTIFICATE-----\n"
},
"grpcOptions": {
"ssl-target-name-override": "peer0.org01.example.com",
"hostnameOverride": "peer0.org01.example.com"
}
}
},
"orderers": {
"orderer0.example.com": {
"url": "grpcs://localhost:6040",
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----**********-----END CERTIFICATE-----\n"
},
"grpcOptions": {
"ssl-target-name-override": "orderer0.example.com"
}
}
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "https://localhost:6054",
"caName": "ca-org1",
"tlsCACerts": {
"pem": ["-----BEGIN CERTIFICATE-----******-----END CERTIFICATE-----\n"]
},
"httpOptions": {
"verify": false
}
}
}
}
One thing that puzzles me (which I believe is the root cause of the error) is the grpcs url for the orderer. In the connection profile I have clearly specified it to be grpcs://localhost:6041, however as can be seen in the error, the error states the url as grpcs://localhost:7050. I have gone over the various files in the test-network and have not been able to figure out why the grpcs url is not read from the connection profile.
This problem is only limited to the query.js and invoke.js files in the fabcar example (I am able to successfully execute enrollAdmin.js and registerUser.js on the network).
Following is the invoke.js file I execute which leads to aforementioned error:
'use strict';
const { Gateway, Wallets } = require('fabric-network');
const fs = require('fs');
const path = require('path');
async function main() {
try {
// load the network configuration
const ccpPath = path.resolve(__dirname, '..', '..', 'test-network', 'organizations', 'peerOrganizations', 'org1.example.com', 'connection-org1.json');
let ccp = JSON.parse(fs.readFileSync(ccpPath, 'utf8'));
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = await Wallets.newFileSystemWallet(walletPath);
console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the user.
const identity = await wallet.get('appUser3');
if (!identity) {
console.log('An identity for the user "appUser3" does not exist in the wallet');
console.log('Run the registerUser.js application before retrying');
return;
}
// Create a new gateway for connecting to our peer node.
const gateway = new Gateway();
await gateway.connect(ccp, { wallet, identity: 'appUser3', discovery: { enabled: true, asLocalhost: true } });
// Get the network (channel) our contract is deployed to.
const network = await gateway.getNetwork('mychannel');
// Get the contract from the network.
const contract = network.getContract('fabcar');
// Submit the specified transaction.
// createCar transaction - requires 5 argument, ex: ('createCar', 'CAR12', 'Honda', 'Accord', 'Black', 'Tom')
// changeCarOwner transaction - requires 2 args , ex: ('changeCarOwner', 'CAR12', 'Dave')
await contract.submitTransaction('createCar', 'CAR312', 'Skoda', 'Kadiq', 'White', 'JOHNSON');
console.log('Transaction has been submitted');
// Disconnect from the gateway.
await gateway.disconnect();
} catch (error) {
console.error(`Failed to submit transaction: ${error}`);
process.exit(1);
}
}
main();
Any help would be appreciated. Thank You

I think the key piece of information is this part of the error message:
Unable to connect to the discovered orderer orderer0.example.com:7050
This is a node that has been located by the client using service discovery, not defined in your connection profile.
What I suspect has happened is that, even though you have changed the port mappings between your local machine and the Docker network, the orderer is still listening on port 7050 within your Docker network.
The discovery.asLocalhost connection option is there to support the scenario where the blockchain network is running within a Docker network on the client's local machine, so it causes any discovered hostnames to be treated as localhost, but it leaves the discovered port numbers unchanged. So, when using the discovery.asLocalhost option, the port numbers that nodes are listening on within the Docker network must be mapped to the same port numbers on the local machine.
If you want to change the port numbers then you need to change them on the actual nodes themselves, not just in your Docker network mappings.

AWS User is not authorized to access this resource with an explicit deny

I am deploying a serverless app on AWS and have some issues while trying to access my serverless application from the frontend. I have an impression that the issue is with the backend and more specifically with the serverless.yml configuration file (See first lines of codes below) or rather with my auth0Authorizer.ts file (see second lines of codes below). When I log into my frontend app, I receive a 403 error message that says User is not authorized to access this resource with an explicit deny. I really doubt if this related any on configuration on AWS.
org: name
app: serverless-todo-app-app
service:
name: serverless-todo-app
package:
individually: true
plugins:
- serverless-webpack
- serverless-iam-roles-per-function
- serverless-reqvalidator-plugin
- serverless-aws-documentation
provider:
name: aws
runtime: nodejs8.10
stage: ${opt:stage, 'dev'}
region: ${opt:region, 'us-west-1'}
tracing: true
environment:
TODOS_TABLE: Todos-v4-${self:provider.stage}
USER_ID_INDEX: UserIdIndex
SIGNED_URL_EXPIRATION: 300
IMAGES_S3_BUCKET: 'severless-todo-app-bucket-v1-${self:provider.stage}'
DYNAMODB_TABLE: TableName
TableName: ${self:provider.environment.TODOS_TABLE}
AUTH_0_SECRET: ***********************************
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:Scan
- dynamodb:PutItem
- dynamodb:GetItem
- codedeploy:*
- xray:PutTelemetryRecords
- xray:PutTraceSegments
Resource:
- '*'
- Effect: Allow
Action:
- s3:GetObject
- xray:PutTelemetryRecords
- xray:PutTraceSegments
Resource: arn:aws:s3:::${self:provider.environment.IMAGES_S3_BUCKET}/*
custom:
documentation:
api:
info:
version: v1.0.0
title: Udagram API
description: Serverless application
models:
- name: TodoRequest
contentType: application/json
schema: ${file(models/create-todo-request.json)}
functions:
Auth:
handler: src/lambda/auth/auth0Authorizer.handler
# TODO: Configure this function
GetTodos:
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:GetItem
Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.TODOS_TABLE}
handler: src/lambda/http/getTodos.handler
events:
- http:
authorizer: Auth
method: get
path: todos
cors: true
# TODO: Configure this function
CreateTodo:
handler: src/lambda/http/createTodo.handler
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:PutItem
- xray:PutTelemetryRecords
- xray:PutTraceSegments
Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.TODOS_TABLE}
events:
- http:
authorizer: Auth
method: post
path: todos
cors: true
reqValidatorName: RequestBodyValidator
documentation:
summary: Create a new todo
description: Create a new todo
requestModels:
'application/json': TodoRequest
# TODO: Configure this function
UpdateTodo:
handler: src/lambda/http/updateTodo.handler
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:UpdateItem
- xray:PutTelemetryRecords
- xray:PutTraceSegments
Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.TODOS_TABLE}
events:
- http:
authorizer: Auth
method: patch
path: todos/{todoId}
cors: true
# TODO: Configure this function
DeleteTodo:
handler: src/lambda/http/deleteTodo.handler
iamRoleStatements:
- Effect: Allow
Action:
- dynamodb:DeleteItem
Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.TODOS_TABLE}
events:
- http:
authorizer: Auth
method: delete
path: todos/{todoId}
cors: true
# TODO: Configure this function
GenerateUploadUrl:
handler: src/lambda/http/generateUploadUrl.handler
iamRoleStatements:
- Effect: Allow
Action:
- s3:PutObject
- s3:GetObject
- xray:PutTelemetryRecords
- xray:PutTraceSegments
Resource: arn:aws:s3:::${self:provider.environment.IMAGES_S3_BUCKET}/*
- Effect: Allow
Action:
- dynamodb:PutItem
- dynamodb:GetItem
- dynamodb:UpdateItem
Resource: arn:aws:dynamodb:${self:provider.region}:*:table/${self:provider.environment.TODOS_TABLE}
events:
- http:
authorizer: Auth
method: post
path: todos/{todoId}/attachment
cors: true
resources:
Resources:
# TODO: Add any necessary AWS resources
AttachmentsBucket:
Type: AWS::S3::Bucket
Properties:
BucketName: ${self:provider.environment.IMAGES_S3_BUCKET}
CorsConfiguration:
CorsRules:
-
AllowedOrigins:
- '*'
AllowedHeaders:
- '*'
AllowedMethods:
- GET
- PUT
- POST
- DELETE
- HEAD
MaxAge: 0
BucketPolicy:
Type: AWS::S3::BucketPolicy
Properties:
PolicyDocument:
Id: MyPolicy
Version: "2012-10-17"
Statement:
- Sid: PublicReadForGetBucketObjects
Effect: Allow
Principal: '*'
Action: 's3:GetObject'
Resource: 'arn:aws:s3:::${self:provider.environment.IMAGES_S3_BUCKET}/*'
Bucket: !Ref AttachmentsBucket
GatewayResponseDefault4XX:
Type: AWS::ApiGateway::GatewayResponse
Properties:
ResponseParameters:
gatewayresponse.header.Access-Control-Allow-Origin: "'*'"
gatewayresponse.header.Access-Control-Allow-Headers: "'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token'"
gatewayresponse.header.Access-Control-Allow-Methods: "'GET,OPTIONS,POST'"
ResponseType: DEFAULT_4XX
RestApiId:
Ref: ApiGatewayRestApi
RequestBodyValidator:
Type: AWS::ApiGateway::RequestValidator
Properties:
Name: 'request-body-validator'
RestApiId:
Ref: ApiGatewayRestApi
ValidateRequestBody: true
ValidateRequestParameters: false
TodosDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
- AttributeName: todoId
AttributeType: S
- AttributeName: userId
AttributeType: S
KeySchema:
- AttributeName: userId
KeyType: HASH
- AttributeName: todoId
KeyType: RANGE
BillingMode: PAY_PER_REQUEST
TableName: ${self:provider.environment.TODOS_TABLE}
GlobalSecondaryIndexes:
- IndexName: ${self:provider.environment.USER_ID_INDEX}
KeySchema:
- AttributeName: userId
KeyType: HASH
Projection:
ProjectionType: ALL
import { CustomAuthorizerEvent, CustomAuthorizerResult, CustomAuthorizerHandler } from 'aws-lambda'
import 'source-map-support/register'
import { verify } from 'jsonwebtoken'
import { JwtToken } from '../../auth/JwtToken'
const auth0Secret = process.env.AUTH_0_SECRET
export const handler: CustomAuthorizerHandler = async (event: CustomAuthorizerEvent): Promise<CustomAuthorizerResult> => {
try {
const decodedToken = verifyToken(event.authorizationToken)
console.log('User was authorized')
return {
principalId: decodedToken.sub,
policyDocument: {
Version: '2012-10-17',
Statement: [
{
Action: 'execute-api:Invoke',
Effect: 'Allow',
Resource: '*'
}
]
}
}
} catch (e) {
console.log('User was not authorized', e.message)
return {
principalId: 'user',
policyDocument: {
Version: '2012-10-17',
Statement: [
{
Action: 'execute-api:Invoke',
Effect: 'Deny',
Resource: '*'
}
]
}
}
}
}
function verifyToken(authHeader: string): JwtToken {
if (!authHeader)
throw new Error('No authentication header')
if (!authHeader.toLowerCase().startsWith('bearer '))
throw new Error('Invalid authentication header')
const split = authHeader.split(' ')
const token = split[1]
return verify(token, auth0Secret) as JwtToken
}

When AWS says explicit Deny that means somewhere in the chain of IAM policies, there was a Deny for that action. In this case the only policy is the session policy that your authorizer Lambda provides. As #hephalump mentioned in the comments and according to your code it happens when there was an error, so check the logs to see what needs to be done.

Create Business Network .bna based on own hyperledger-fabric architecture

I am setting up a hyperledger fabric network containing 4 Organisations with 2 Peers & couchdb instances each, 4 CA-Server and one Orderer. I have modified the BYFN-Tutorial and extended the given yaml files. The network starts perfectly and is able to run the e2e test with the provided Chaincode example. Now I want to setup a .bna file based on my connectionProfile.json:
I create a new AdminPeerCard -> works
Import Card to Composer -> works
Try to generate .bna composer archive create -> works
Install .bna and start network -> works
composer network Ping -> Error
Error: Error trying to ping. Error: 2 UNKNOWN: access denied: channel [mychannel] creator org [Org1MSP]
Command failed
Same Problem when I try to connect via Hyperledger Playground
My Question: is this the recommended way to initialise a blockchain with 4 Organisations?
OS: Ubuntu 16.04 TLS
Composer Version: v0.20.5
HLF: 1.4
Docker: 18.06
Disabled TLS to pretend Handshake errors.
Here is the docker-compose-e2e.yaml file:
version: '2'
volumes:
orderer.example.com:
peer0.org1.example.com:
peer1.org1.example.com:
peer0.org2.example.com:
peer1.org2.example.com:
peer0.org3.example.com:
peer1.org3.example.com:
peer0.org4.example.com:
peer1.org4.example.com:
networks:
byfn:
services:
orderer.example.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com
networks:
- byfn
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.example.com
networks:
- byfn
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org1.example.com
networks:
- byfn
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org2.example.com
networks:
- byfn
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org2.example.com
networks:
- byfn
peer0.org3.example.com:
container_name: peer0.org3.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org3.example.com
networks:
- byfn
peer1.org3.example.com:
container_name: peer1.org3.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org3.example.com
networks:
- byfn
peer0.org4.example.com:
container_name: peer0.org4.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org4.example.com
networks:
- byfn
peer1.org4.example.com:
container_name: peer1.org4.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org4.example.com
networks:
- byfn
And this is my docker-compose-cli.yaml :
version: '2'
volumes:
orderer.example.com:
peer0.org1.example.com:
peer1.org1.example.com:
peer0.org2.example.com:
peer1.org2.example.com:
peer0.org3.example.com:
peer1.org3.example.com:
peer0.org4.example.com:
peer1.org4.example.com:
networks:
byfn:
services:
ca.org1.example.com:
extends:
file: base/docker-compose-base.yaml
service: ca.org1.example.com
container_name: ca.org1.example.com
networks:
- byfn
ca.org2.example.com:
extends:
file: base/docker-compose-base.yaml
service: ca.org2.example.com
container_name: ca.org2.example.com
networks:
- byfn
ca.org3.example.com:
extends:
file: base/docker-compose-base.yaml
service: ca.org3.example.com
container_name: ca.org3.example.com
networks:
- byfn
ca.org4.example.com:
extends:
file: base/docker-compose-base.yaml
service: ca.org4.example.com
container_name: ca.org4.example.com
networks:
- byfn
orderer.example.com:
extends:
file: base/docker-compose-base.yaml
service: orderer.example.com
container_name: orderer.example.com
networks:
- byfn
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org1.example.com
networks:
- byfn
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org1.example.com
networks:
- byfn
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org2.example.com
networks:
- byfn
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org2.example.com
networks:
- byfn
peer0.org3.example.com:
container_name: peer0.org3.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org3.example.com
networks:
- byfn
peer1.org3.example.com:
container_name: peer1.org3.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org3.example.com
networks:
- byfn
peer0.org4.example.com:
container_name: peer0.org4.example.com
extends:
file: base/docker-compose-base.yaml
service: peer0.org4.example.com
networks:
- byfn
peer1.org4.example.com:
container_name: peer1.org4.example.com
extends:
file: base/docker-compose-base.yaml
service: peer1.org4.example.com
networks:
- byfn
cli:
container_name: cli
image: hyperledger/fabric-tools:$IMAGE_TAG
tty: true
stdin_open: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
#- FABRIC_LOGGING_SPEC=DEBUG
- FABRIC_LOGGING_SPEC=INFO
- CORE_PEER_ID=cli
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_TLS_ENABLED=false
# - CORE_PEER_TLS_CERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
# - CORE_PEER_TLS_KEY_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
# - CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
- CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/github.com/chaincode
- ./crypto-config:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/
- ./scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/
- ./channel-artifacts:/opt/gopath/src/github.com/hyperledger/fabric/peer/channel-artifacts
depends_on:
- orderer.example.com
- peer0.org1.example.com
- peer1.org1.example.com
- peer0.org2.example.com
- peer1.org2.example.com
- peer0.org3.example.com
- peer1.org3.example.com
- peer0.org4.example.com
- peer1.org4.example.com
networks:
- byfn
here is my docker-composerbase.yaml:
version: '2'
services:
ca.org1.example.com:
image: hyperledger/fabric-ca:amd64-1.4.0-rc2
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
# - FABRIC_CA_SERVER_TLS_ENABLED=true
# - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
# - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/CA1_PRIVATE_KEY
# - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/*_sk
ports:
- "7054:7054"
#command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/CA1_PRIVATE_KEY -b admin:adminpw -d'
#command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/*_sk -b admin:adminpw -d'
command: sh -c 'fabric-ca-server start -b admin:adminpw'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org1.example.com
networks:
- byfn
ca.org2.example.com:
image: hyperledger/fabric-ca:amd64-1.4.0-rc2
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org2.example.com
# - FABRIC_CA_SERVER_TLS_ENABLED=true
# - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem
# - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/CA2_PRIVATE_KEY
ports:
- "8054:7054"
#command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org2.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/CA2_PRIVATE_KEY -b admin:adminpw -d'
command: sh -c 'fabric-ca-server start -b admin:adminpw'
volumes:
- ./crypto-config/peerOrganizations/org2.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org2.example.com
networks:
- byfn
ca.org3.example.com:
image: hyperledger/fabric-ca:amd64-1.4.0-rc2
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org3.example.com
# - FABRIC_CA_SERVER_TLS_ENABLED=true
# - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem
# - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/CA3_PRIVATE_KEY
ports:
- "9054:7054"
#command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org3.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/CA3_PRIVATE_KEY -b admin:adminpw -d'
command: sh -c 'fabric-ca-server start -b admin:adminpw'
volumes:
- ./crypto-config/peerOrganizations/org3.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org3.example.com
networks:
- byfn
ca.org4.example.com:
image: hyperledger/fabric-ca:amd64-1.4.0-rc2
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org4.example.com
# - FABRIC_CA_SERVER_TLS_ENABLED=true
# - FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org4.example.com-cert.pem
# - FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/CA4_PRIVATE_KEY
ports:
- "10054:7054"
#command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org4.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/CA4_PRIVATE_KEY -b admin:adminpw -d'
command: sh -c 'fabric-ca-server start -b admin:adminpw'
volumes:
- ./crypto-config/peerOrganizations/org4.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.org4.example.com
networks:
- byfn
orderer.example.com:
container_name: orderer.example.com
image: hyperledger/fabric-orderer:$IMAGE_TAG
environment:
- FABRIC_LOGGING_SPEC=debug
- ORDERER_GENERAL_LOGLEVEL=debug
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_GENESISMETHOD=file
- ORDERER_GENERAL_GENESISFILE=/var/hyperledger/orderer/orderer.genesis.block
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=false
# - ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
# - ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
# - ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
# - ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
# - ORDERER_KAFKA_VERBOSE=true
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: orderer
volumes:
- ../channel-artifacts/genesis.block:/var/hyperledger/orderer/orderer.genesis.block
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
- ../crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
- orderer.example.com:/var/hyperledger/production/orderer
ports:
- 7050:7050
peer0.org1.example.com:
container_name: peer0.org1.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls:/etc/hyperledger/fabric/tls
- peer0.org1.example.com:/var/hyperledger/production
ports:
- 7051:7051
- 7053:7053
peer1.org1.example.com:
container_name: peer1.org1.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org1.example.com
- CORE_PEER_ADDRESS=peer1.org1.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
- CORE_PEER_LOCALMSPID=Org1MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls:/etc/hyperledger/fabric/tls
- peer1.org1.example.com:/var/hyperledger/production
ports:
- 8051:7051
- 8053:7053
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org2.example.com:7051
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
- peer0.org2.example.com:/var/hyperledger/production
ports:
- 9051:7051
- 9053:7053
peer1.org2.example.com:
container_name: peer1.org2.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org2.example.com
- CORE_PEER_ADDRESS=peer1.org2.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls:/etc/hyperledger/fabric/tls
- peer1.org2.example.com:/var/hyperledger/production
ports:
- 10051:7051
- 10053:7053
peer0.org3.example.com:
container_name: peer0.org3.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org3.example.com
- CORE_PEER_ADDRESS=peer0.org3.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer1.org3.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org3.example.com:7051
- CORE_PEER_LOCALMSPID=Org3MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls:/etc/hyperledger/fabric/tls
- peer0.org3.example.com:/var/hyperledger/production
ports:
- 11051:7051
- 11053:7053
peer1.org3.example.com:
container_name: peer1.org3.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer1.org3.example.com
- CORE_PEER_ADDRESS=peer1.org3.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org3.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org3.example.com:7051
- CORE_PEER_LOCALMSPID=Org3MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls:/etc/hyperledger/fabric/tls
- peer1.org3.example.com:/var/hyperledger/production
Here is my peer-base.yaml:
version: '2'
services:
peer-base:
image: hyperledger/fabric-peer:$IMAGE_TAG
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
#- FABRIC_LOGGING_SPEC=INFO
- FABRIC_LOGGING_SPEC=DEBUG
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
# - CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
# - CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
# - CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
Here is my connectionProfile.json:
{
"name": "byfn-network",
"x-type": "hlfv1",
"x-commitTimeout": 1200,
"version": "1.0.0",
"client": {
"organization": "Org1",
"connection": {
"timeout": {
"peer": {
"endorser": "1200",
"eventHub": "1200",
"eventReg": "1200"
},
"orderer": "1200"
}
}
},
"channels": {
"mychannel": {
"orderers": [
"orderer.example.com"
],
"peers": {
"peer0.org1.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org1.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer0.org2.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org2.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer0.org3.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org3.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer0.org4.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
},
"peer1.org4.example.com": {
"endorsingPeer": true,
"chaincodeQuery": true,
"eventSource": true
}
}
}
},
"organizations": {
"Org1": {
"mspid": "Org1MSP",
"peers": [
"peer0.org1.example.com",
"peer1.org1.example.com"
],
"certificateAuthorities": [
"ca.org1.example.com"
]
},
"Org2": {
"mspid": "Org2MSP",
"peers": [
"peer0.org2.example.com",
"peer1.org2.example.com"
],
"certificateAuthorities": [
"ca.org2.example.com"
]
},
"Org3": {
"mspid": "Org3MSP",
"peers": [
"peer0.org3.example.com",
"peer1.org3.example.com"
],
"certificateAuthorities": [
"ca.org3.example.com"
]
},
"Org4": {
"mspid": "Org4MSP",
"peers": [
"peer0.org4.example.com",
"peer1.org4.example.com"
],
"certificateAuthorities": [
"ca.org4.example.com"
]
}
},
"orderers": {
"orderer.example.com": {
"url": "grpc://localhost:7050"
}
},
"peers": {
"peer0.org1.example.com": {
"url": "grpc://localhost:7051",
"eventUrl": "grpc://localhost:7053"
},
"peer1.org1.example.com": {
"url": "grpc://localhost:8051",
"eventUrl": "grpc://localhost:8053"
},
"peer0.org2.example.com": {
"url": "grpc://localhost:9051",
"eventUrl": "grpc://localhost:9053"
},
"peer1.org2.example.com": {
"url": "grpc://localhost:10051",
"eventUrl": "grpc://localhost:10053"
},
"peer0.org3.example.com": {
"url": "grpc://localhost:11051",
"eventUrl": "grpc://localhost:11053"
},
"peer1.org3.example.com": {
"url": "grpc://localhost:12051",
"eventUrl": "grpc://localhost:12053"
},
"peer0.org4.example.com": {
"url": "grpc://localhost:13051",
"eventUrl": "grpc://localhost:13053"
},
"peer1.org4.example.com": {
"url": "grpc://localhost:14051",
"eventUrl": "grpc://localhost:14053"
}
},
"certificateAuthorities": {
"ca.org1.example.com": {
"url": "http://localhost:7054",
"caName": "ca.org1.example.com",
"httpOptions": {
"verify": false
}
},
"ca.org2.example.com": {
"url": "http://localhost:8054",
"caName": "ca.org2.example.com",
"httpOptions": {
"verify": false
}
},
"ca.org3.example.com": {
"url": "http://localhost:9054",
"caName": "ca.org3.example.com",
"httpOptions": {
"verify": false
}
},
"ca.org4.example.com": {
"url": "http://localhost:10054",
"caName": "ca.org4.example.com",
"httpOptions": {
"verify": false
}
}
}
}
Expected result:
- create .bna with my network definitions (4 Orgs, 8 Peers)
- start rest-server to interact with blockchain via Web-Interface