I am trying to execute a chaincode I have written with couchdb and java. I use the first-network example for creating the network and instantiate the code. The network is created and the chaincode got installed without any problem. Then I enter the container and execute the transactions. At first it worked fine but suddenly it started giving me this error and now I can’t find a solution. I don't know if it is related with couchdb connection or not.
Error: error getting endorser client for invoke: endorser client failed to
connect to peer0.org2.example.com:7051: failed to create new connection:
connection error: desc = "transport: error while dialing: dial tcp
172.24.0.9:7051: connect: connection refused"
The comand i use to invocke the chaincode is the next one.
peer chaincode invoke -o orderer.example.com:7050 --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem -C $CHANNEL_NAME -n mycc --peerAddresses peer0.org1.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt --peerAddresses peer0.org2.example.com:7051 --tlsRootCertFiles /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt -c '{"Args":["createCustomer","c1","tom"]}'
UPDATE:
Many have asked if the chaincode was installed on peers, I can confirm it is.
#Egoes , it means your port is not open for the peers, check the snippet ports section, your peer docker file should look like this.
peer0.org1.example.com:
container_name: peer0.org1.example.com
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- CORE_PEER_ID=peer0.org1.example.com
- FABRIC_LOGGING_SPEC=info
- CORE_CHAINCODE_LOGGING_LEVEL=info
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/msp/peer/
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
# # the following setting starts chaincode containers on the same
# # bridge network as the peers
# # https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_basic
- CORE_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=couchdb:5984
# The CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME and CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD
# provide the credentials for ledger to connect to CouchDB. The username and password must
# match the username and password set for the associated CouchDB.
- CORE_LEDGER_STATE_COUCHDBCONFIG_USERNAME=
- CORE_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=
working_dir: /opt/gopath/src/github.com/hyperledger/fabric
command: peer node start
# command: peer node start --peer-chaincodedev=true
ports:
- 7051:7051
- 7053:7053
Related
Built a network, added orderers to the channel here referenced as: channelname
The following folders are mounted on the container
# docker-compose.yaml
volumes:
- "~/container-volumes/$docker_peer0/production:/var/hyperledger/production"
- "~/organizations/peerOrganizations/$company/peers/$docker_peer0/msp:/etc/hyperledger/fabric/msp"
- "~/organizations/peerOrganizations/$company/peers/$docker_peer0/tls:/etc/hyperledger/fabric/tls"
Trying to join a peer to a channel, but gives bad proposal response 500: access denied.
Build the channel configuration block with the following command:
./configtxgen -profile SampleAppChannelEtcdRaft -outputBlock genesis_block.pb -channelID channelname
Next joined the orderers to the channel using the following command with an identity enrolled with role admin
./osnadmin channel join --channel-id channelname --config-block ~/Downloads/bin/genesis_block.pb -o localhost:9440 --ca-file $OSN_TLS_CA_ROOT_CERT --client-cert $ADMIN_TLS_SIGN_CERT --client-key $ADMIN_TLS_PRIVATE_KEY
Next I copy the generated genesis_block.pb to a mounted folder on the container so it is reachable for the following command which we use to join the peer to the channel:
docker exec -it peer0 peer channel join -b /var/hyperledger/production/genesis_block.pb -o vm01:9440 --clientauth --cafile /etc/hyperledger/fabric/msp/tls/tls-ca-cert.pem --certfile /etc/hyperledger/fabric/msp/user/peer-admin/tls/cert.pem --keyfile /etc/hyperledger/fabric/msp/user/peer-admin/tls/key.pem
This results in the following error
[channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: proposal failed (err: bad proposal response 500: access denied for [JoinChain][channelname]: [Failed verifying that proposal's creator satisfies local MSP principal during channelless check policy with policy [Admins]: [The identity is not an admin under this MSP [org1msp]: The identity does not contain OU [ADMIN], MSP: [org1msp]]])
The admin used for this command is peer-admin that was enrolled with the TLS-CA and the organizational CA. Also the config.yaml for OU's is present in peer-admin msp.
I also tried to set the CORE_PEER_MSPCONFIGPATH to the msp dir of peer-admin (peer0/msp/user/peer-admin/msp), but this results on a hard exit of the container on startup. fabric-chaincode-500-access-errors
I can't seem to figure out where it goes wrong, has it something to do with the --cafile, --certfile or --keyfile that you have to set within the peer channel join command or something else?
Edit:
This is the config file.
$docker_peer1_service_name:
image: hyperledger/fabric-peer:2.3
container_name: $docker_peer1_container_name
environment:
- FABRIC_CFG_PATH=/etc/hyperledger/fabric
- CORE_PEER_ID=$docker_peer1
- CORE_PEER_NETWORKID=test
- CORE_PEER_LISTENADDRESS=0.0.0.0:7081
- CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7082
- CORE_PEER_CHAINCODEADDRESS=localhost:7082
- CORE_PEER_ADDRESS=localhost:7081
- CORE_PEER_MSPCONFIGPATH=msp
- CORE_PEER_LOCALMSPID=$company
- CORE_PEER_FILESYSTEMPATH=/var/hyperledger/production
- CORE_PEER_GOSSIP_BOOTSTRAP=127.0.0.1:7091
- CORE_PEER_GOSSIP_ENDPOINT=localhost:7081
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=localhost:7081
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/cert.pem
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/key.pem
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/tls-ca-cert.pem
- CORE_PEER_TLS_CLIENTROOTCAS_FILES=tls/tls-ca-cert.pem
- CORE_PEER_TLS_CLIENTCERT_FILE=/etc/hyperledger/fabric/tls/cert.pem
- CORE_PEER_TLS_CLIENTKEY_FILE=/etc/hyperledger/fabric/tls/key.pem
- CORE_PEER_LEDGER_STATE_STATEDATABASE=CouchDB
- CORE_PEER_LEDGER_STATE_COUCHDBCONFIG_COUCHDBADDRESS=peer1-couchdb:5985
- CORE_PEER_LEDGER_STATE_COUCHDBCONFIG_USERNAME=$docker_peer1_couchdb_username
- CORE_PEER_LEDGER_STATE_COUCHDBCONFIG_PASSWORD=$docker_peer1_couchdb_pass
- CORE_PEER_LEDGER_SNAPSHOTS=var/hyperledger/production/snapshots
#- CORE_PEER_OPERATIONS_LISTENADDRESS=127.0.0.1:9443
#- CORE_PEER_OPERATIONS_TLS_ENABLED=true
#- CORE_PEER_OPERATIONS_TLS_CERT_FILE=
#- CORE_PEER_OPERATIONS_TLS_KEY_FILE=
#- CORE_PEER_OPERATIONS_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_METRICS_PROVIDER=disabled
#- CORE_PEER_METRICS_STATSD_ADDRESS=127.0.0.1:8125
#- FABRIC_CA_SERVER_OPERATIONS_LISTENADDRESS=127.0.0.1:9444
ports:
- "7081:7081"
- "7082:7082"
- "7091:7091"
volumes:
- "~/container-volumes/$docker_peer1/production:/var/hyperledger/production"
- "~/organizations/peerOrganizations/$company/peers/$docker_peer1/msp:/etc/hyperledger/fabric/msp"
- "~/organizations/peerOrganizations/$company/peers/$docker_peer1/tls:/etc/hyperledger/fabric/tls"
I believe you will need to set the MSPID to use when you are running the peer channel join ... command.
Try setting CORE_PEER_LOCALMSPID to org1msp
I have been adding several organisations to my hyperledger fabric network. I am using fabric 1.4.1 with the following CLI configurations:
container_name: cli-org1
image: hyperledger/fabric-tools:1.4.1
tty: true
environment:
- GOPATH=/opt/gopath
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
- FABRIC_LOGGING_SPEC=debug
- CORE_PEER_ID=peer0.org1.example.com
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_LOCALMSPID=Org1MSP
- CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/org1.example.com/users/Admin#org1.example.com/msp
- CORE_PEER_ADDRESS=peer0.org1.example.com:7051
# Certs
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
# Chaincode
- CORE_CHAINCODE_KEEPALIVE=10
# Orderer
- ORDERER_CA=/etc/hyperledger/msp/orderer/tlscacerts/tlsca.example.com-cert.pem
working_dir: /opt/gopath/src/
command: /bin/bash
volumes:
- /var/run/:/host/var/run/
- ./../chaincode/:/opt/gopath/src/chaincode/
- ./crypto-config/peerOrganizations:/etc/hyperledger
- ./crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/etc/hyperledger/msp/orderer
networks:
- basic
All the Orgs peers, orderes and couchDBs had been up, but when I want to install the chain code inside cli-org1 with:
peer chaincode install \
--lang node \
--name Contract \
--version 0.1.0 \
--path chaincode \
--tls --cafile ${ORDERER_CA}
I get the following error:
ERRO 001 Fatal error when initializing core config : Could not find config file. Please make sure that FABRIC_CFG_PATH is set to a path which contains core.yaml
I think the core.yaml is by default inside the docker container, can you tell me if there is an error in the configuration?
Regards.
You need to use below environment variable in your peer configuration.
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_basic
How can we implement TLS in first-network?i have tried by adding the below section in peers.What is the need to configure peers by Tls?
CORE_PEER_TLS_ENABLED=true
CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
I am working on multi organisation network setup using first network of fabric samples.one of the organisation say org1 has created a channel by passing tls certs of orderer ,the other organisation org2 has to fetch the channel created by org1 and join the peers into the channel.when i do fetch action using peer channel fetch by passing tls certs of orderer ,i got the error like
peer channel fetch config-o orderer.example.com:7050 -c channelone1 -f --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
connection error: desc = "transport: Error while dialing dial tcp 98.124.199.121:7050: connect: connection refused". Reconnecting...
and in orderer logs ,i got error as :
TLS handshake failed with error tls: client didn't provide a certificate {"server": "Orderer", "remote address": "172.24.0.4:49608"}
Created the channel using:
peer channel create -o orderer.example.com:7050 -c channelone1 -f ./channel-artifacts/channel-one.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
Output is: Received block is 0
By default the first-network will start with TLS enabled.
The four environment variables you refer to are included in the file base/peer-base.yaml the the peer-base file is "included" by use of the extends: and file: base/docker-compose-base.yaml
I'm running through the samples to create my own blockchain dev environment - https://ibm-blockchain.github.io/develop/installing/development-tools.html
However, then the startfabric script fails because I get a sigsev when running the command - docker exec peer0.org1.example.com peer channel create -o orderer.example.com:7050 -c composerchannel -f /etc/hyperledger/configtx/composer-channel.tx
There is a fabric bug reported late 2017 that discusses something similar around certificates being out of date.
I think the channel is created but I don't have a genesis file returned/created on my peer (is that what's supposed to happen when I create/join a channel). So, is there a way to join the channel with this bug or what else do i have to do please?
2018-02-28 14:07:11.067 UTC [msp] GetDefaultSigningIdentity -> DEBU 018 Obtaining default signing identity
fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0x63 pc=0x7fcd514a1259]
many thanks
john.
I had the same issue and this is how I fixed. Add GODEBUG=netdns=go to the environment variables of peer, orderer, and cli inside the docker compose yaml files. A more detailed explanation can be got from this site. This is how the environemental variable should look like.
peer-base:
image: hyperledger/fabric-peer
environment:
- GODEBUG=netdns=go
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
#- CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
I’m learning to build a network with Hyperlegder Fabric because I have developed a network with Hyperledger Composer and the next step is to build the production network. I have started to build the first-network sample and works. I have added Org3 with 2 peers to sample and it works.
And now I want to add more peers, for example peer2.org1.example.com so I have edited files in order to create the peer2 and it is created, but when the script.sh tries to join to channel, it launches an error:
Error: Error getting endorser client channel: PER:404 - Error trying to connect to local peer
Caused by: x509: certificate is valid for peer1.org1.example.com, peer1, not peer2.org1.example.com
So, What have I done incorrectly? Thank you
When you adding a new peer to the network you need to make sure to properly setup all related crypto material underlined for that new peer. First of all make sure to add information about new peer into crypto-config.yaml file and to use cryptogen tool to generate keys and certificates for new peer. Next you need to setup configuration before starting the peer to point to the relevant crypto material for example configuration for peer0 of org2:
peer0.org2.example.com:
container_name: peer0.org2.example.com
extends:
file: peer-base.yaml
service: peer-base
environment:
- CORE_PEER_ID=peer0.org2.example.com
- CORE_PEER_ADDRESS=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:7051
- CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:7051
where it's inherited from base/peer-base.yaml file:
services:
peer-base:
image: hyperledger/fabric-peer
environment:
- CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
# the following setting starts chaincode containers on the same
# bridge network as the peers
# https://docs.docker.com/compose/networking/
- CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=${COMPOSE_PROJECT_NAME}_byfn
#- CORE_LOGGING_LEVEL=ERROR
- CORE_LOGGING_LEVEL=DEBUG
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_GOSSIP_USELEADERELECTION=true
- CORE_PEER_GOSSIP_ORGLEADER=false
- CORE_PEER_PROFILE_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
- CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer
command: peer node start
- CORE_PEER_LOCALMSPID=Org2MSP
volumes:
- /var/run/:/host/var/run/
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp:/etc/hyperledger/fabric/msp
- ../crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls:/etc/hyperledger/fabric/tls
ports:
- 9051:7051
- 9053:7053
to wrap it up, you need to make sure to config proper MSP ID and path to tls certificates. In your case your new peer simply tries to reuse crypto material of another peer.
You can achieve this by generating the crypto material (using cryptogen extends) for the new peer, spawning the new peer and made that peer to join the existing channel on the network to sync-up.
You can find the complete guide at
Extending Hyperledger Fabric Network: Adding a new peer