[terraform][helm-provider][resource] give me context deadline exceeded when tls is enabled - terraform

I'm geeting a helm_release.istio_init: context deadline exceeded when trying to install istio-init to my kubernetes cluster
I'm using helm provider version 0.9.1 with tls enabled...
provider "helm" {
kubernetes {
host = "${var.cluster["endpoint"]}"
client_certificate = "${base64decode(var.cluster["client_certificate"])}"
client_key = "${base64decode(var.cluster["client_key"])}"
cluster_ca_certificate = "${base64decode(var.cluster["cluster_ca_certificate"])}"
}
install_tiller = "false"
tiller_image = "gcr.io/kubernetes-helm/tiller:v2.13.1"
service_account = "${kubernetes_service_account.terraform-tiller.metadata.0.name}"
namespace = "${kubernetes_service_account.terraform-tiller.metadata.0.namespace}"
enable_tls = "true"
insecure = "false"
client_key = "${file("${data.external.generate_certs.result["terraform_key"]}")}"
client_certificate = "${file("${data.external.generate_certs.result["terraform_cert"]}")}"
ca_certificate = "${file("${data.external.generate_certs.result["cert"]}")}"
}
# Installing istio
# Installing istio repository
# defining istio system namespace
resource "kubernetes_namespace" "istio_system" {
metadata {
name = "istio-system"
}
}
data "helm_repository" "istio" {
name = "istio"
url = "https://storage.googleapis.com/istio-release/releases/1.1.3/charts/"
}
# Installing istio-init resource
resource "helm_release" "istio_init" {
depends_on = ["data.external.install_tiller"]
namespace = "istio-system"
repository = "${data.helm_repository.istio.metadata.0.name}"
name = "istio-init"
chart = "istio-init"
}
I tried with insecure flag in true and works, but is not the idea.
My expected result is istio-init was installed but I'm got context deadline exceeded
This is the terraform plan output
terraform plan -out planning/plan.out
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.helm_repository.istio: Refreshing state...
------------------------------------------------------------------------
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ helm_release.istio_init
id: <computed>
chart: "istio-init"
disable_webhooks: "false"
force_update: "false"
metadata.#: <computed>
name: "istio-init"
namespace: "istio-system"
recreate_pods: "false"
repository: "istio"
reuse: "false"
reuse_values: "false"
status: "DEPLOYED"
timeout: "300"
verify: "false"
version: "1.1.3"
wait: "true"
Plan: 1 to add, 0 to change, 0 to destroy.
------------------------------------------------------------------------
This plan was saved to: planning/plan.out
To perform exactly these actions, run the following command to apply:
terraform apply "planning/plan.out"
This the apply command output
$ TF_LOG=DEBUG terraform apply "planning/plan.out"
2019/04/25 10:36:02 [INFO] Terraform version: 0.11.13
2019/04/25 10:36:02 [INFO] Go runtime version: go1.12
2019/04/25 10:36:02 [INFO] CLI args: []string{"/usr/local/Cellar/terraform/0.11.13/bin/terraform", "apply", "planning/plan.out"}
2019/04/25 10:36:02 [DEBUG] Attempting to open CLI config file: /Users/felipe/.terraformrc
2019/04/25 10:36:02 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2019/04/25 10:36:02 [INFO] CLI command args: []string{"apply", "planning/plan.out"}
2019/04/25 10:36:02 [INFO] command: initializing local backend from plan (not set)
2019/04/25 10:36:02 [DEBUG] checking for provider in "."
2019/04/25 10:36:02 [DEBUG] checking for provider in "/usr/local/Cellar/terraform/0.11.13/bin"
2019/04/25 10:36:02 [DEBUG] checking for provider in ".terraform/plugins/darwin_amd64"
2019/04/25 10:36:02 [DEBUG] found provider "terraform-provider-helm_v0.9.1_x4"
2019/04/25 10:36:02 [DEBUG] found provider "terraform-provider-kubernetes_v1.6.2_x4"
2019/04/25 10:36:02 [DEBUG] found valid plugin: "helm", "0.9.1", "/Users/felipe/workspace/terraform-spec/helm/.terraform/plugins/darwin_amd64/terraform-provider-helm_v0.9.1_x4"
2019/04/25 10:36:02 [DEBUG] found valid plugin: "kubernetes", "1.6.2", "/Users/felipe/workspace/terraform-spec/helm/.terraform/plugins/darwin_amd64/terraform-provider-kubernetes_v1.6.2_x4"
2019/04/25 10:36:02 [DEBUG] checking for provisioner in "."
2019/04/25 10:36:02 [DEBUG] checking for provisioner in "/usr/local/Cellar/terraform/0.11.13/bin"
2019/04/25 10:36:02 [DEBUG] checking for provisioner in ".terraform/plugins/darwin_amd64"
2019/04/25 10:36:02 [INFO] command: backend initialized: *local.Local
2019/04/25 10:36:02 [DEBUG] checking for provider in "."
2019/04/25 10:36:02 [DEBUG] checking for provider in "/usr/local/Cellar/terraform/0.11.13/bin"
2019/04/25 10:36:02 [DEBUG] checking for provider in ".terraform/plugins/darwin_amd64"
2019/04/25 10:36:02 [DEBUG] found provider "terraform-provider-helm_v0.9.1_x4"
2019/04/25 10:36:02 [DEBUG] found provider "terraform-provider-kubernetes_v1.6.2_x4"
2019/04/25 10:36:02 [DEBUG] found valid plugin: "helm", "0.9.1", "/Users/felipe/workspace/terraform-spec/helm/.terraform/plugins/darwin_amd64/terraform-provider-helm_v0.9.1_x4"
2019/04/25 10:36:02 [DEBUG] found valid plugin: "kubernetes", "1.6.2", "/Users/felipe/workspace/terraform-spec/helm/.terraform/plugins/darwin_amd64/terraform-provider-kubernetes_v1.6.2_x4"
2019/04/25 10:36:02 [DEBUG] checking for provisioner in "."
2019/04/25 10:36:02 [DEBUG] checking for provisioner in "/usr/local/Cellar/terraform/0.11.13/bin"
2019/04/25 10:36:02 [DEBUG] checking for provisioner in ".terraform/plugins/darwin_amd64"
2019/04/25 10:36:02 [INFO] backend/local: starting Apply operation
2019/04/25 10:36:02 [INFO] terraform: building graph: GraphTypeApply
iresNew:false, Sensitive:false, Type:0x0}, "status":*terraform.ResourceAttrDiff{Old:"", New:"DEPLOYED", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "timeout":*terraform.ResourceAttrDiff{Old:"", New:"300", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "verify":*terraform.ResourceAttrDiff{Old:"", New:"false", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "version":*terraform.ResourceAttrDiff{Old:"", New:"1.1.3", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}, "wait":*terraform.ResourceAttrDiff{Old:"", New:"true", NewComputed:false, NewRemoved:false, NewExtra:interface {}(nil), RequiresNew:false, Sensitive:false, Type:0x0}}, Destroy:false, DestroyDeposed:false, DestroyTainted:false, Meta:map[string]interface {}(nil)}
2019/04/25 10:36:02 [DEBUG] Resource state not found for "helm_release.istio_init": helm_release.istio_init
2019/04/25 10:36:02 [TRACE] Graph after step *terraform.AttachStateTransformer:
helm_release.istio_init - *terraform.NodeApplyableResource
2019/04/25 10:36:02 [DEBUG] ReferenceTransformer: "helm_release.istio_init" references: []
2019/04/25 10:36:02 [DEBUG] ReferenceTransformer: "provider.helm" references: []
2019-04-25T10:36:02.359-0400 [DEBUG] plugin: starting plugin: path=/Users/felipe/workspace/terraform-spec/helm/.terraform/plugins/darwin_amd64/terraform-provider-helm_v0.9.1_x4 args=[/Users/felipe/workspace/terraform-spec/helm/.terraform/plugins/darwin_amd64/terraform-provider-helm_v0.9.1_x4]
2019-04-25T10:36:02.363-0400 [DEBUG] plugin: waiting for RPC address: path=/Users/felipe/workspace/terraform-spec/helm/.terraform/plugins/darwin_amd64/terraform-provider-helm_v0.9.1_x4
2019-04-25T10:36:02.399-0400 [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: plugin address: timestamp=2019-04-25T10:36:02.398-0400 address=/var/folders/rx/lrb60s6929j3ldg6tlwtcf4m0000gn/T/plugin586870690 network=unix
2019-04-25T10:36:02.405-0400 [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/04/25 10:36:02 [DEBUG] TLS settings:
[OMITED]
2019-04-25T10:36:02.813-0400 [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/04/25 10:36:02 [DEBUG] Fetched istio/istio-init to /Users/felipe/.helm/cache/archive/istio-init-1.1.3.tgz
2019-04-25T10:36:03.097-0400 [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/04/25 10:36:03 [DEBUG] Fetched istio/istio-init to /Users/felipe/.helm/cache/archive/istio-init-1.1.3.tgz
2019/04/25 10:36:03 [DEBUG] apply: helm_release.istio_init: executing Apply
helm_release.istio_init: Creating...
chart: "" => "istio-init"
disable_webhooks: "" => "false"
force_update: "" => "false"
metadata.#: "" => "<computed>"
name: "" => "istio-init"
namespace: "" => "istio-system"
recreate_pods: "" => "false"
repository: "" => "istio"
reuse: "" => "false"
reuse_values: "" => "false"
status: "" => "DEPLOYED"
timeout: "" => "300"
verify: "" => "false"
version: "" => "1.1.3"
wait: "" => "true"
2019-04-25T10:36:04.632-0400 [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/04/25 10:36:04 [DEBUG] Created tunnel using local port: '50275'
2019-04-25T10:36:04.632-0400 [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/04/25 10:36:04 [DEBUG] Found TLS settings: configuring helm client with TLS
2019-04-25T10:36:09.634-0400 [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/04/25 10:36:09 [DEBUG] could not get release context deadline exceeded
2019/04/25 10:36:09 [ERROR] root: eval: *terraform.EvalApplyPost, err: 1 error(s) occurred:
* helm_release.istio_init: context deadline exceeded
2019/04/25 10:36:09 [ERROR] root: eval: *terraform.EvalSequence, err: 1 error(s) occurred:
* helm_release.istio_init: context deadline exceeded
2019/04/25 10:36:09 [DEBUG] plugin: waiting for all plugin processes to complete...
Error: Error applying plan:
1 error(s) occurred:
* helm_release.istio_init: 1 error(s) occurred:
* helm_release.istio_init: context deadline exceeded
Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
2019-04-25T10:36:09.645-0400 [DEBUG] plugin.terraform-provider-helm_v0.9.1_x4: 2019/04/25 10:36:09 [ERR] plugin: plugin server: accept unix /var/folders/rx/lrb60s6929j3ldg6tlwtcf4m0000gn/T/plugin586870690: use of closed network connection
2019-04-25T10:36:09.648-0400 [DEBUG] plugin: plugin process exited: path=/Users/felipe/workspace/terraform-spec/helm/.terraform/plugins/darwin_amd64/terraform-provider-helm_v0.9.1_x4


I have had this error before and it usually means that I'm not running tiller.
I see you have set
install_tiller = "false"
which means you need to run it locally.
I run this:
tiller -storage secret

Related

Fabric-CA with SoftHSM: Could not initialize BCCSP PKCS11: Invalid config. It must not be nil

I have followed softHSM2 repo to install and initialize the token but when I start the fabric-ca-server container with PKCS11 env variables I get Could not initialize BCCSP PKCS11: Invalid config. It must not be nil. according to fabric-ca docs just 4 (default, library, pin, label) env variables are required to use SoftHSM but I tried to add all the fields mentioned under pkcs11 but the issue persists, not sure what part of config is nil.
docker-compose-ca.yaml
version: '2'
networks:
org1_network:
external:
name: org1_network
services:
ca_org1:
image: hyperledger/fabric-ca:latest
environment:
- GODEBUG=netdns=go
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.org1.example.com
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_PORT=7054
- FABRIC_CA_SERVER_DEBUG=true
- FABRIC_CA_SERVER_BCCSP_DEFAULT=PKCS11
- FABRIC_CA_SERVER_BCCSP_PKCS11_HASH=SHA2
- FABRIC_CA_SERVER_BCCSP_PKCS11_SECURITY=256
- FABRIC_CA_SERVER_BCCSP_PKCS11_LIBRARY=/etc/hyperledger/fabric/libsofthsm2.so
- FABRIC_CA_SERVER_BCCSP_PKCS11_PIN=98765432
- FABRIC_CA_SERVER_BCCSP_PKCS11_FILEKEYSTORE_KEYSTORE=/etc/hyperledger/fabric-ca-server/msp
- SOFTHSM2_CONF=/etc/hyperledger/fabric/config.file
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b org1:adminpw -d'
volumes:
- ../organizations/fabric-ca/org1:/etc/hyperledger/fabric-ca-server
- ../../softhsm/config.file:/etc/hyperledger/fabric/config.file
- /../../../usr/local/lib/softhsm/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
container_name: ca_org1
networks:
- org1_network
config.file
# SoftHSM v2 configuration file
directories.tokendir = /tmp/
objectstore.backend = file
objectstore.umask = 0077
# ERROR, WARNING, INFO, DEBUG
log.level = DEBUG
# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false
# Enable and disable PKCS#11 mechanisms using slots.mechanisms.
slots.mechanisms = ALL
# If the library should reset the state on fork
library.reset_on_fork = false
fabric-ca-org1-container logs
2021/07/11 21:22:08 [DEBUG] Home directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [INFO] Configuration file location: /etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
2021/07/11 21:22:08 [INFO] Starting server in home directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Set log level:
2021/07/11 21:22:08 [INFO] Server Version: 1.5.1-snapshot-38527387
2021/07/11 21:22:08 [INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
2021/07/11 21:22:08 [DEBUG] Making server filenames absolute
2021/07/11 21:22:08 [DEBUG] Initializing default CA in directory /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Init CA with home /etc/hyperledger/fabric-ca-server and config {Version:1.5.1-snapshot-38527387 Cfg:{Identities:{PasswordAttempts:10 AllowRemove:false} Affiliations:{AllowRemove:false}} CA:{Name:ca.org1.example.com Keyfile: Certfile:ca-cert.pem Chainfile:ca-chain.pem} Signing:0xc00033e210 CSR:{CN:fabric-ca-server Names:[{C:US ST:North Carolina L: O:Hyperledger OU:Fabric SerialNumber:}] Hosts:[dc6f304f9d43 localhost] KeyRequest:0xc0000bf520 CA:0xc0001d5bf0 SerialNumber:} Registry:{MaxEnrollments:-1 Identities:[{ Name:**** Pass:**** Type:client Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1] }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****#<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc0001d5e00 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}
2021/07/11 21:22:08 [DEBUG] CA Home Directory: /etc/hyperledger/fabric-ca-server
2021/07/11 21:22:08 [DEBUG] Checking configuration file version '1.5.1-snapshot-38527387' against server version: '1.5.1-snapshot-38527387'
2021/07/11 21:22:08 [DEBUG] Initializing BCCSP: &{ProviderName:PKCS11 SwOpts:0xc0001d5e60 PluginOpts:<nil> Pkcs11Opts:<nil>}
2021/07/11 21:22:08 [DEBUG] Initializing BCCSP with software options &{SecLevel:256 HashFamily:SHA2 FileKeystore:0xc00035ee10 DummyKeystore:<nil> InmemKeystore:<nil>}
2021/07/11 21:22:08 [DEBUG] Closing server DBs
Error: Failed to get BCCSP with opts: Could not initialize BCCSP PKCS11: Invalid config. It must not be nil.

I would recommend modifying the config file of fabric-ca-server (fabric-ca-server-config.yaml) instead of trying to override entries in it via environment variables which is what you are trying to do. I believe the problem is you can't override entries that aren't actually defined in the config file.

How to change affiliation name on ca-server HLF?

Based on Hyperledger Fabric First Network (v1.4) i changed names to peers, Orgs, CAs etc. There is no problem on the containers or to generate certificates the channel works fine.
# ca's docker-compose.yaml
ca.NewOrg:
image: hyperledger/fabric-ca:$IMAGE_TAG
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-NewOrg
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.NewOrg.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/${byfn_CA1_PRIVATE_KEY}
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.NewOrg.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/${byfn_CA1_PRIVATE_KEY} -b NewOrg:NewOrgpw -d'
volumes:
- ./crypto-config/peerOrganizations/NewOrg.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerNewOrg
The admin is register fined. but i cannot enroll the users. I am using node sdk to enroll them.
const secret = await ca.register({ affiliation: orgname.toLowerCase() +'.department1', enrollmentID: username, role: 'client' }, adminIdentity);
but if i replace orgname.toLowerCase() +'.department1' to org1.department1 is enrolled
However, is needed to use the new organizations names and not org1, org2 etc.
Finally this is a part of
docker logs ca_peerNewOrg
Affiliation: MaxEnrollments:0 Attrs:map[hf.AffiliationMgr:1 hf.GenCRL:1 hf.IntermediateCA:1 hf.Registrar.Attributes:* hf.Registrar.DelegateRoles:* hf.Registrar.Roles:* hf.Revoker:1] }]} Affiliations:map[org1:[department1 department2] org2:[department1]] LDAP:{ Enabled:false URL:ldap://****:****#<host>:<port>/<base> UserFilter:(uid=%s) GroupFilter:(memberUid=%s) Attribute:{[uid member] [{ }] map[groups:[{ }]]} TLS:{false [] { }} } DB:{ Type:sqlite3 Datasource:fabric-ca-server.db TLS:{false [] { }} } CSP:0xc0004f80a0 Client:<nil> Intermediate:{ParentServer:{ URL: CAName: } TLS:{Enabled:false CertFiles:[] Client:{KeyFile: CertFile:}} Enrollment:{ Name: Secret:**** CAName: AttrReqs:[] Profile: Label: CSR:<nil> Type:x509 }} CRL:{Expiry:24h0m0s} Idemix:{IssuerPublicKeyfile: IssuerSecretKeyfile: RevocationPublicKeyfile: RevocationPrivateKeyfile: RHPoolSize:1000 NonceExpiration:15s NonceSweepInterval:15m}}

I can see Affiliations:map[org1:[department1 department2] org2:[department1]], which is the default value set when affiliation is not set in fabric-ca.
# hyperledger/fabric-ca/cmd/fabric-ca-server/config.go
# in 'defaultCfgTemplate' value
affiliations:
org1:
- department1
- department2
org2:
- department1
In other words, looking at your current situation, it seems that you have not added affiliation separately.
# default fabric ca's log
2020/12/17 10:16:56 [DEBUG] DB: Add affiliation org1
2020/12/17 10:16:56 [DEBUG] Affiliation 'org1' added
2020/12/17 10:16:56 [DEBUG] DB: Add affiliation org1.department1
2020/12/17 10:16:56 [DEBUG] Affiliation 'org1.department1' added
2020/12/17 10:16:56 [DEBUG] DB: Add affiliation org1.department2
2020/12/17 10:16:56 [DEBUG] Affiliation 'org1.department2' added
2020/12/17 10:16:56 [DEBUG] Successfully loaded affiliations table
Here are two ways to solve your problem.
1. Fabric-ca environment variable setting
This can be solved by setting the initial settings.
There are two things to consider. in the case of fabric-ca affiliation, it cannot be set with the input parameters of the fabric-ca-server commands in docker-compose, and it is not even possible to set through docker-compose's environment.
why? FABRIC_CA_SERVER_AFFILIATIONS in environment variables
so, We have one way.
Initial setup using configuration file.
1-1) writing fabric-ca-server-config.yaml
fabric-ca-server-config.yaml
The link is fabric-samples v2.0, but fabric-ca has no changes and the configuration form is the same.
# hyperledger/fabric-samples/first-network/fabric-ca-server-config.yaml
...
affiliations:
org1:
- department1
- department2
neworg:
- test_department
...
1-2) updating docker-compose.yaml
I used release-1.4 of hyperledger/fabric-samples to match your version.
# hyperledger/fabric-samples/first-network/docker-compose-ca.yaml
services:
ca0:
image: hyperledger/fabric-ca:1.4
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca-org1
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_TLS_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_TLS_KEYFILE=/etc/hyperledger/fabric-ca-server-config/<your_ca_org1_private_key>
- FABRIC_CA_SERVER_PORT=7054
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start --ca.certfile /etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem --ca.keyfile /etc/hyperledger/fabric-ca-server-config/<your_ca_org1_private_key> -b admin:adminpw -d'
volumes:
# mounting fabric-ca-server-config.yaml file, to ca_peerOrg1 container's $FABRIC_CA_HOME path
- ./fabric-ca-server-config.yaml:/etc/hyperledger/fabric-ca-server/fabric-ca-server-config.yaml
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca_peerOrg1
networks:
- byfn
1-3) Fabric-CA Up
cd $GOPATH/src/github.com/hyperledger/fabric-samples/first-network && docker-compose -f ./docker-compose-ca.yaml up -d
1-4) Checks configuration of Fabric-CA
results
$ docker logs ca_peerOrg1
2020/12/17 10:41:05 [DEBUG] Loading affiliations table
2020/12/17 10:41:05 [DEBUG] DB: Add affiliation org1
2020/12/17 10:41:05 [DEBUG] Affiliation 'org1' added
2020/12/17 10:41:05 [DEBUG] DB: Add affiliation org1.department1
2020/12/17 10:41:05 [DEBUG] Affiliation 'org1.department1' added
2020/12/17 10:41:05 [DEBUG] DB: Add affiliation org1.department2
2020/12/17 10:41:05 [DEBUG] Affiliation 'org1.department2' added
2020/12/17 10:41:05 [DEBUG] DB: Add affiliation neworg
2020/12/17 10:41:05 [DEBUG] Affiliation 'neworg' added
2020/12/17 10:41:05 [DEBUG] DB: Add affiliation neworg.test_department
2020/12/17 10:41:05 [DEBUG] Affiliation 'neworg.test_department' added
2020/12/17 10:41:05 [DEBUG] Successfully loaded affiliations table
1-5) Run your code(registerUser) & success!
// Register the user, enroll the user, and import the new identity into the wallet.
const secret = await ca.register({ affiliation: 'neworg.test_department', enrollmentID: 'user1', role: 'client' }, adminIdentity);
const enrollment = await ca.enroll({ enrollmentID: 'user1', enrollmentSecret: secret });
const userIdentity = X509WalletMixin.createIdentity('Org1MSP', enrollment.certificate, enrollment.key.toBytes());
await wallet.import('user1', userIdentity);
console.log('Successfully registered and enrolled admin user "user1" and imported it into the wallet');
$ node registerUser.js
Wallet path: /Users/myeongkil/Project/src/github.com/hyperledger/fabric-samples/fabcar/javascript/wallet
Successfully registered and enrolled admin user "user1" and imported it into the wallet
2. Add authorized users
The fabric-ca-client has an affiliation command, which can be added.
See the commands and links below.
dynamically-updating-affiliations

unable to generate a token for user in new org using balance transfer use case in hyperledger fabric

I am using hyperleger fabric-sample network. I changed the configuration bit, added a new org into it, I am using balance transfer use case and when I am trying to enrol user I am getting the following error:
Request I sent:
curl -s -X POST http://localhost:4000/users -H "content-type: application/x-www-form-urlencoded" -d 'username=Jim&orgName=Org3'
Error I am getting:
{"success":false,"message":"failed Error: Common connection profile is missing this client's organization and mspid"}```
log of my node app:
[2019-10-19 13:24:57.682] [DEBUG] SampleWebApp - ------>>>>>> new request for /users
[2019-10-19 13:24:57.682] [DEBUG] SampleWebApp - End point : /users
[2019-10-19 13:24:57.682] [DEBUG] SampleWebApp - User name : Jim
[2019-10-19 13:24:57.682] [DEBUG] SampleWebApp - Org name : Org3
[2019-10-19 13:24:57.683] [DEBUG] Helper - getClientForOrg - ****** START Org3 undefined
[2019-10-19 13:24:57.690] [DEBUG] Helper - [NetworkConfig101.js]: constructor, network_config: {"name":"balance-transfer","x-type":"hlfv1","description":"Balance Transfer Network","version":"1.0","channels":{"mychannel":{"orderers":["orderer.example.com"],"peers":{"peer0.org1.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org1.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org1.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer0.org2.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org2.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org2.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer0.org3.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org3.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org3.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer0.org4.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org4.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org4.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer0.org5.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org5.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org5.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer0.org6.example.com":{"endorsingPeer":true,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":true},"peer1.org6.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false},"peer2.org6.example.com":{"endorsingPeer":false,"chaincodeQuery":true,"ledgerQuery":true,"eventSource":false}},"chaincodes":["mycc:v0"]}},"organizations":{"Org1":{"mspid":"Org1MSP","peers":["peer0.org1.example.com","peer1.org1.example.com","peer2.org1.example.com"],"certificateAuthorities":["ca-org1"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/c4179a68cc1f71e51919f7541be599ec0d2924426b4e64159fbf3fcaec419463_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/signcerts/Admin#org1.example.com-cert.pem"}},"Org2":{"mspid":"Org2MSP","peers":["peer0.org2.example.com","peer1.org2.example.com","peer2.org2.example.com"],"certificateAuthorities":["ca-org2"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/keystore/eff846bd66dc8801f1979fa40a4fe238f5b6a5e0eda2ae052d3383606d508485_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/signcerts/Admin#org2.example.com-cert.pem"}},"Org3":{"mspid":"Org3MSP","peers":["peer0.org3.example.com","peer1.org3.example.com","peer2.org3.example.com"],"certificateAuthorities":["ca-org3"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/users/Admin#org3.example.com/msp/keystore/9f40b162c33476c40b521d0e12f840429dbefcfcec097b6aa256b398f0910dea_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/users/Admin#org3.example.com/msp/signcerts/Admin#org3.example.com-cert.pem"}},"Org4":{"mspid":"Org4MSP","peers":["peer0.org4.example.com","peer1.org4.example.com","peer2.org4.example.com"],"certificateAuthorities":["ca-org4"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/users/Admin#org4.example.com/msp/keystore/69b52012f2b133b1564dd22248ca7ca47895a433a6e23828db17ed9abb306e6c_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/users/Admin#org4.example.com/msp/signcerts/Admin#org4.example.com-cert.pem"}},"Org5":{"mspid":"Org5MSP","peers":["peer0.org5.example.com","peer1.org5.example.com","peer2.org5.example.com"],"certificateAuthorities":["ca-org5"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/users/Admin#org5.example.com/msp/keystore/53237c803abb8d84a06bb6554289f0a8e1512de26c9778d84d26c8415c7ba242_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/users/Admin#org5.example.com/msp/signcerts/Admin#org5.example.com-cert.pem"}},"Org6":{"mspid":"Org6MSP","peers":["peer0.org6.example.com","peer1.org6.example.com","peer2.org6.example.com"],"certificateAuthorities":["ca-org6"],"adminPrivateKey":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/users/Admin#org6.example.com/msp/keystore/b46024bc7e730faa0427dff247474aef72f126fa4937a556bdc2d9c89f85e8fa_sk"},"signedCert":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/users/Admin#org6.example.com/msp/signcerts/Admin#org6.example.com-cert.pem"}}},"orderers":{"orderer.example.com":{"url":"grpcs://localhost:7050","grpcOptions":{"ssl-target-name-override":"orderer.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt"}}},"peers":{"peer0.org1.example.com":{"url":"grpcs://localhost:7051","grpcOptions":{"ssl-target-name-override":"peer0.org1.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt"}},"peer1.org1.example.com":{"url":"grpcs://localhost:7056","grpcOptions":{"ssl-target-name-override":"peer1.org1.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer1.org1.example.com/tls/ca.crt"}},"peer2.org1.example.com":{"url":"grpcs://localhost:7062","grpcOptions":{"ssl-target-name-override":"peer2.org1.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/peers/peer2.org1.example.com/tls/ca.crt"}},"peer0.org2.example.com":{"url":"grpcs://localhost:8051","grpcOptions":{"ssl-target-name-override":"peer0.org2.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/tls/ca.crt"}},"peer1.org2.example.com":{"url":"grpcs://localhost:8056","eventUrl":"grpcs://localhost:8058","grpcOptions":{"ssl-target-name-override":"peer1.org2.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer1.org2.example.com/tls/ca.crt"}},"peer2.org2.example.com":{"url":"grpcs://localhost:8062","grpcOptions":{"ssl-target-name-override":"peer2.org2.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/peers/peer2.org2.example.com/tls/ca.crt"}},"peer0.org3.example.com":{"url":"grpcs://localhost:9051","grpcOptions":{"ssl-target-name-override":"peer0.org3.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/peers/peer0.org3.example.com/tls/ca.crt"}},"peer1.org3.example.com":{"url":"grpcs://localhost:9056","grpcOptions":{"ssl-target-name-override":"peer1.org3.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/peers/peer1.org3.example.com/tls/ca.crt"}},"peer2.org3.example.com":{"url":"grpcs://localhost:9062","grpcOptions":{"ssl-target-name-override":"peer2.org3.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/peers/peer2.org3.example.com/tls/ca.crt"}},"peer0.org4.example.com":{"url":"grpcs://localhost:10051","grpcOptions":{"ssl-target-name-override":"peer0.org4.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/peers/peer0.org4.example.com/tls/ca.crt"}},"peer1.org4.example.com":{"url":"grpcs://localhost:10056","grpcOptions":{"ssl-target-name-override":"peer1.org4.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/peers/peer1.org4.example.com/tls/ca.crt"}},"peer2.org4.example.com":{"url":"grpcs://localhost:10062","grpcOptions":{"ssl-target-name-override":"peer2.org4.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/peers/peer2.org4.example.com/tls/ca.crt"}},"peer0.org5.example.com":{"url":"grpcs://localhost:11051","grpcOptions":{"ssl-target-name-override":"peer0.org5.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/peers/peer0.org5.example.com/tls/ca.crt"}},"peer1.org5.example.com":{"url":"grpcs://localhost:11056","grpcOptions":{"ssl-target-name-override":"peer1.org5.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/peers/peer1.org5.example.com/tls/ca.crt"}},"peer2.org5.example.com":{"url":"grpcs://localhost:11062","grpcOptions":{"ssl-target-name-override":"peer2.org5.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/peers/peer2.org5.example.com/tls/ca.crt"}},"peer0.org6.example.com":{"url":"grpcs://localhost:12051","grpcOptions":{"ssl-target-name-override":"peer0.org6.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/peers/peer0.org6.example.com/tls/ca.crt"}},"peer1.org6.example.com":{"url":"grpcs://localhost:12056","grpcOptions":{"ssl-target-name-override":"peer1.org6.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/peers/peer1.org6.example.com/tls/ca.crt"}},"peer2.org6.example.com":{"url":"grpcs://localhost:12062","grpcOptions":{"ssl-target-name-override":"peer2.org6.example.com"},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/peers/peer2.org6.example.com/tls/ca.crt"}}},"certificateAuthorities":{"ca-org1":{"url":"https://localhost:7054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org1"},"ca-org2":{"url":"https://localhost:8054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org2"},"ca-org3":{"url":"https://localhost:9054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org3.example.com/ca/ca.org3.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org3"},"ca-org4":{"url":"https://localhost:10054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org4.example.com/ca/ca.org4.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org4"},"ca-org5":{"url":"https://localhost:11054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org5.example.com/ca/ca.org5.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org5"},"ca-org6":{"url":"https://localhost:12054","httpOptions":{"verify":false},"tlsCACerts":{"path":"artifacts/channel/crypto-config/peerOrganizations/org6.example.com/ca/ca.org6.example.com-cert.pem"},"registrar":[{"enrollId":"admin","enrollSecret":"adminpw"}],"caName":"ca-org6"}}}
[2019-10-19 13:24:57.709] [DEBUG] Helper - [NetworkConfig101.js]: constructor, network_config: {"name":"balance-transfer-org3","x-type":"hlfv1","description":"Balance Transfer Network - client definition for org3","version":"1.0","client":{"organization":"org3","credentialStore":{"path":"./fabric-client-kv-org3","cryptoStore":{"path":"/tmp/fabric-client-kv-org3"},"wallet":"wallet-name"}}}
[2019-10-19 13:24:57.709] [DEBUG] Helper - [NetworkConfig101.js]: mergeSettings - additions start
[2019-10-19 13:24:57.709] [DEBUG] Helper - [NetworkConfig101.js]: getOrganization - name org3
[2019-10-19 13:24:57.709] [DEBUG] Helper - [NetworkConfig101.js]: getOrganization - name org3
[2019-10-19 13:24:57.710] [DEBUG] Helper - [FileKeyValueStore.js]: constructor { options:
{ path: '/home/srihari/hyperledger/fabric-samples/balance-transfer/fabric-client-kv-org3',
wallet: 'wallet-name',
cryptoStore: { path: '/tmp/fabric-client-kv-org3' } } }
[2019-10-19 13:24:57.713] [DEBUG] Helper - [crypto_ecdsa_aes]: Hash algorithm: SHA2, hash output size: 256
[2019-10-19 13:24:57.713] [DEBUG] Helper - [utils.CryptoKeyStore]: CryptoKeyStore, constructor - start
[2019-10-19 13:24:57.714] [DEBUG] Helper - [utils.CryptoKeyStore]: constructor, no super class specified, using config: fabric-client/lib/impl/FileKeyValueStore.js
[2019-10-19 13:24:57.714] [DEBUG] Helper - getClientForOrg - ****** END Org3 undefined
[2019-10-19 13:24:57.714] [DEBUG] Helper - Successfully initialized the credential stores
[2019-10-19 13:24:57.714] [DEBUG] Helper - [FileKeyValueStore.js]: getValue { key: 'Jim' }
[2019-10-19 13:24:57.715] [INFO] Helper - User Jim was not enrolled, so we will need an admin user object to register
[2019-10-19 13:24:57.715] [DEBUG] Helper - [FileKeyValueStore.js]: getValue { key: 'admin' }
[2019-10-19 13:24:57.716] [DEBUG] Helper - [NetworkConfig101.js]: getOrganization - name org3
[2019-10-19 13:24:57.717] [ERROR] Helper - Failed to get registered user: Jim with error: Error: Common connection profile is missing this client's organization and mspid
[2019-10-19 13:24:57.717] [DEBUG] SampleWebApp - -- returned from registering the username Jim for organization Org3
[2019-10-19 13:24:57.717] [DEBUG] SampleWebApp - Failed to register the username Jim for organization Org3 with::failed Error: Common connection profile is missing this client's organization and mspid
I appreciate any help.

I have looked into your repo,
I have found many mistakes
1) you have defined total 6 organizations in the network-config file, but you have created only 3 files in artifacts folder
2) when you create multiple organization connection-profile-path you have to update the same in the mentioned here file it should append orgname dynamically in order to switch b/w orgs

In artifacts/network-config.yaml file, under organizations:, you could try to use org3 instead of Org3.
I still can't figure out why o is in lower case for org3 but O are in upper case for Org1 and Org2.
It just so happens that it works for me!

Prisma: getting "com.prisma.deploy.schema.InvalidProjectId: No service with name 'default' and stage 'default' found" error

I'm getting errors related to name 'default' and stage 'default' when initializing new prisma project
Steps to reproduce:
Follow all the steps from official guide strictly
Get com.prisma.deploy.schema.InvalidProjectId: No service with name 'default' and stage 'default' found error when run prisma deploy
Get this error when performing a simple query from http://localhost:4466/graphql:
Query:
query {
user {
id
name
}
}
Response:
{
"errors": [
{
"message": "Project not found: 'graphql_default'",
"code": 3016,
"requestId": "local:cjzs556h5000f0754vc6k36qd"
}
]
}
Versions:
Connector: MongoDB
Prisma Server: 1.34.6
prisma CLI: prisma/1.34.6 (darwin-x64) node-v10.16.3
OS: OS X Mojave - 10.14.6
Logs from Docker:
$ docker logs hello-world_prisma_1
No log level set, defaulting to INFO.
[INFO] Cluster created with settings {hosts=[mongo:27017], mode=SINGLE, requiredClusterType=UNKNOWN, serverSelectionTimeout='30000 ms', maxWaitQueueSize=500}
[INFO] Exception in monitor thread while connecting to server mongo:27017
Exception opening socket
com.mongodb.MongoSocketOpenException: Exception opening socket
at com.mongodb.internal.connection.AsynchronousSocketChannelStream$OpenCompletionHandler.failed(AsynchronousSocketChannelStream.java:272)
at sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:128)
at sun.nio.ch.Invoker$2.run(Invoker.java:218)
at sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.net.ConnectException: Connection refused
at sun.nio.ch.UnixAsynchronousSocketChannelImpl.checkConnect(Native Method)
at sun.nio.ch.UnixAsynchronousSocketChannelImpl.finishConnect(UnixAsynchronousSocketChannelImpl.java:252)
at sun.nio.ch.UnixAsynchronousSocketChannelImpl.finish(UnixAsynchronousSocketChannelImpl.java:198)
at sun.nio.ch.UnixAsynchronousSocketChannelImpl.onEvent(UnixAsynchronousSocketChannelImpl.java:213)
at sun.nio.ch.EPollPort$EventHandlerTask.run(EPollPort.java:293)
... 1 more
[INFO] Initializing workers...
[INFO] Obtaining exclusive agent lock...
[INFO] Obtaining exclusive agent lock... Successful.
[INFO] Successfully started 1 workers.
[INFO] No server chosen by com.mongodb.async.client.ClientSessionHelper$1#70a6c292 from cluster description ClusterDescription{type=UNKNOWN, connectionMode=SINGLE, serverDescriptions=[ServerDescription{address=mongo:27017, type=UNKNOWN, state=CONNECTING, exception={com.mongodb.MongoSocketOpenException: Exception opening socket}, caused by {java.net.ConnectException: Connection refused}}]}. Waiting for 30000 ms before timing out
[INFO] Opened connection [connectionId{localValue:2, serverValue:1}] to mongo:27017
[INFO] Monitor thread successfully connected to server with description ServerDescription{address=mongo:27017, type=STANDALONE, state=CONNECTED, ok=true, version=ServerVersion{versionList=[3, 6, 13]}, minWireVersion=0, maxWireVersion=6, maxDocumentSize=16777216, logicalSessionTimeoutMinutes=30, roundTripTimeNanos=16638401}
Server running on :4466
[INFO] Opened connection [connectionId{localValue:3, serverValue:2}] to mongo:27017
[INFO] Deployment worker initialization complete.
[Warning] Management authentication is disabled. Enable it in your Prisma config to secure your server.
{"key":"error/handled","requestId":"local:cjzs54qg500020754mbbzqni9","payload":{"exception":"com.prisma.deploy.schema.InvalidProjectId: No service with name 'default' and stage 'default' found","query":"\n query($name: String! $stage: String!) {\n project(name: $name stage: $stage) {\n name\n stage\n }\n }\n ","variables":"{\"name\":\"default\",\"stage\":\"default\"}","code":"4000","stack_trace":"com.prisma.deploy.schema.SchemaBuilderImpl.$anonfun$projectField$3(SchemaBuilder.scala:144)\\n scala.Option.getOrElse(Option.scala:121)\\n com.prisma.deploy.schema.SchemaBuilderImpl.$anonfun$projectField$2(SchemaBuilder.scala:144)\\n scala.util.Success.$anonfun$map$1(Try.scala:251)\\n scala.util.Success.map(Try.scala:209)\\n scala.concurrent.Future.$anonfun$map$1(Future.scala:288)\\n scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:29)\\n scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:29)\\n scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)\\n akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)\\n akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)\\n scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12)\\n scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81)\\n akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)\\n akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40)\\n akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:44)\\n akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)\\n akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)\\n akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)\\n akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)","message":"No service with name 'default' and stage 'default' found"}}
[Debug] Initializing deployment worker for default_default
[Debug] Scheduling deployment for project default_default
[INFO] Opened connection [connectionId{localValue:4, serverValue:3}] to mongo:27017
[Debug] Applied migration for project default_default
Formatted [Warning]:
{
"key": "error/handled",
"requestId": "local:cjzs54qg500020754mbbzqni9",
"payload": {
"exception": "com.prisma.deploy.schema.InvalidProjectId: No service with name 'default' and stage 'default' found",
"query": "\n query($name: String! $stage: String!) {\n project(name: $name stage: $stage) {\n name\n stage\n }\n }\n ",
"variables": "{\"name\":\"default\",\"stage\":\"default\"}",
"code": "4000",
"stack_trace": "com.prisma.deploy.schema.SchemaBuilderImpl.$anonfun$projectField$3(SchemaBuilder.scala:144)\\n scala.Option.getOrElse(Option.scala:121)\\n com.prisma.deploy.schema.SchemaBuilderImpl.$anonfun$projectField$2(SchemaBuilder.scala:144)\\n scala.util.Success.$anonfun$map$1(Try.scala:251)\\n scala.util.Success.map(Try.scala:209)\\n scala.concurrent.Future.$anonfun$map$1(Future.scala:288)\\n scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:29)\\n scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:29)\\n scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)\\n akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)\\n akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)\\n scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12)\\n scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81)\\n akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)\\n akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40)\\n akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:44)\\n akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)\\n akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)\\n akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)\\n akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)",
"message": "No service with name 'default' and stage 'default' found"
}
}
Formatted "query":
query($name: String! $stage: String!) {
project(name: $name stage: $stage) {
name
stage
}
}
Formatted "variables":
{ "name":"default", "stage":"default" }
Formatted stack trace:
com.prisma.deploy.schema.SchemaBuilderImpl.$anonfun$projectField$3(SchemaBuilder.scala:144)
scala.Option.getOrElse(Option.scala:121)
com.prisma.deploy.schema.SchemaBuilderImpl.$anonfun$projectField$2(SchemaBuilder.scala:144)
scala.util.Success.$anonfun$map$1(Try.scala:251)
scala.util.Success.map(Try.scala:209)
scala.concurrent.Future.$anonfun$map$1(Future.scala:288)
scala.concurrent.impl.Promise.liftedTree1$1(Promise.scala:29)
scala.concurrent.impl.Promise.$anonfun$transform$1(Promise.scala:29)
scala.concurrent.impl.CallbackRunnable.run(Promise.scala:60)
akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
akka.dispatch.BatchingExecutor$BlockableBatch.$anonfun$run$1(BatchingExecutor.scala:91)
scala.runtime.java8.JFunction0$mcV$sp.apply(JFunction0$mcV$sp.java:12)
scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:81)
akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:91)
akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:40)
akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(ForkJoinExecutorConfigurator.scala:44)
akka.dispatch.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
akka.dispatch.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
akka.dispatch.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
akka.dispatch.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
P/s: It actually was running flawlessly some days before, but today I can't manage to make it work again!

Terraform Azure Extension Issue

Receiving this error when running Terraform apply on a module that I created to spin up an Azure Windows VM.
Error: Error applying plan:
1 error occurred:
* module.vm-windows.azurerm_virtual_machine_extension.test: 1 error occurred:
* azurerm_virtual_machine_extension.test: Code="VMExtensionProvisioningError" Message="VM has reported a failure when processing extension 'hostname'. Error message: \"Finished executing command\"."
Here is my code for VM creation and extension
resource "azurerm_virtual_machine" "vm" {
count = "${length(var.vm_name_suffix)}"
name = "${var.vm_name_prefix}${element(var.vm_name_suffix, count.index)}"
location = "${var.location}"
resource_group_name = "${var.rg_name}"
network_interface_ids = ["${element(azurerm_network_interface.nic.*.id, count.index)}"]
vm_size = "${var.vm_size}"
delete_os_disk_on_termination = "true"
delete_data_disks_on_termination = "true"
license_type = "Windows_Server"
zones = ["${element(local.azs, count.index)}"]
storage_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "${var.win_os[var.os_name]}"
version = "latest"
}
storage_os_disk {
name = "${var.vm_name_prefix}${element(var.vm_name_suffix, count.index)}-OSDisk"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "${var.os_disk_type}"
}
os_profile {
computer_name = "${var.vm_name_prefix}${element(var.vm_name_suffix, count.index)}"
admin_username = "admin"
admin_password = "${random_string.adminpassword.result}"
}
os_profile_windows_config {
provision_vm_agent = true
}
}
resource "azurerm_virtual_machine_extension" "test" {
name = "hostname"
location = "${var.location}"
resource_group_name = "${var.rg_name}"
virtual_machine_name = "${azurerm_virtual_machine.vm.name}"
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.9"
settings = <<SETTINGS
{
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File C:\\FOLDER\\WinFirewall.ps1\""
}
SETTINGS
depends_on = ["azurerm_virtual_machine.vm"]
}
It looks like it is trying to run the extension before the machine has been created, which is why I added the depends on. Not sure though as the error doesn't tell me much. Any help would be greatly appreciated.
EDIT: Here are the logs from VM
Command Execution Log
[05/31/2019 20:09:24.31] Executing: C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\enable.cmd
[05/31/2019 20:09:24.34] Execution Complete.
######
Execution Output:
C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3>if not exist RuntimeSettings\*.settings exit /b -2
C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3>start cmd /C bin\CustomScriptHandler.exe "enable"
Execution Error:
######
Number of Tries:
1Command C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\enable.cmd of Microsoft.Compute.CustomScriptExtension has exited with Exit code: 0
Plugin (name: Microsoft.Compute.CustomScriptExtension, version: 1.9.3) completed successfully.
Custom Script Handler Log
[2140+00000001] [05/31/2019 19:15:06.60] [INFO] Starting IaaS ScriptHandler Extension v1
[2140+00000001] [05/31/2019 19:15:06.63] [INFO] HandlerEnvironment = Version: 1, HandlerEnvironment: [LogFolder: "C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3", ConfigFolder: "C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\RuntimeSettings", StatusFolder: "C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\Status", HeartbeatFile: "C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\Status\HeartBeat.Json"]
[2140+00000001] [05/31/2019 19:15:06.63] [INFO] Installing Handler
[2140+00000001] [05/31/2019 19:15:06.63] [INFO] Handler successfully installed
[2140+00000001] [05/31/2019 19:15:06.64] [INFO] Removing user-level access rules for 2 directories
[2140+00000001] [05/31/2019 19:15:06.64] [INFO] Removing Users access rules from directory 'C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3'
[2140+00000001] [05/31/2019 19:15:06.67] [INFO] Removing Users access rules from directory 'C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3'
[2140+00000001] [05/31/2019 19:15:06.69] [INFO] Finished removing user-level access rules
[588+00000001] [05/31/2019 19:15:10.19] [INFO] Starting IaaS ScriptHandler Extension v1
[588+00000001] [05/31/2019 19:15:10.21] [INFO] HandlerEnvironment = Version: 1, HandlerEnvironment: [LogFolder: "C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3", ConfigFolder: "C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\RuntimeSettings", StatusFolder: "C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\Status", HeartbeatFile: "C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\Status\HeartBeat.Json"]
[588+00000001] [05/31/2019 19:15:10.21] [INFO] Enabling Handler
[588+00000001] [05/31/2019 19:15:10.22] [INFO] Successfully enabled TLS.
[588+00000001] [05/31/2019 19:15:10.22] [INFO] Handler successfully enabled
[588+00000001] [05/31/2019 19:15:10.24] [INFO] Loading configuration for sequence number 0
[588+00000001] [05/31/2019 19:15:10.27] [INFO] HandlerSettings = ProtectedSettingsCertThumbprint: , ProtectedSettings: {}, PublicSettings: {FileUris: [], CommandToExecute: powershell -ExecutionPolicy Unrestricted -File C:\FOLDER\WinFirewall.ps1"}
[588+00000001] [05/31/2019 19:15:10.27] [INFO] Downloading files specified in configuration...
[588+00000001] [05/31/2019 19:15:10.35] [INFO] No files to download.
[588+00000001] [05/31/2019 19:15:10.36] [INFO] Files downloaded. Asynchronously executing command: 'powershell -ExecutionPolicy Unrestricted -File C:\FOLDER\WinFirewall.ps1"'
[588+00000001] [05/31/2019 19:15:10.38] [INFO] Command execution task started. Awaiting completion...
[588+00000001] [05/31/2019 19:15:13.55] [ERROR] Command execution finished. Command exited with code: -196608
[1944+00000001] [05/31/2019 20:09:24.64] [INFO] Starting IaaS ScriptHandler Extension v1
[1944+00000001] [05/31/2019 20:09:24.65] [INFO] HandlerEnvironment = Version: 1, HandlerEnvironment: [LogFolder: "C:\WindowsAzure\Logs\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3", ConfigFolder: "C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\RuntimeSettings", StatusFolder: "C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\Status", HeartbeatFile: "C:\Packages\Plugins\Microsoft.Compute.CustomScriptExtension\1.9.3\Status\HeartBeat.Json"]
[1944+00000001] [05/31/2019 20:09:24.65] [INFO] Enabling Handler
[1944+00000001] [05/31/2019 20:09:24.67] [INFO] Successfully enabled TLS.
[1944+00000001] [05/31/2019 20:09:24.67] [INFO] Handler successfully enabled
[1944+00000001] [05/31/2019 20:09:24.69] [INFO] Loading configuration for sequence number 0
[1944+00000001] [05/31/2019 20:09:24.70] [INFO] HandlerSettings = ProtectedSettingsCertThumbprint: , ProtectedSettings: {}, PublicSettings: {FileUris: [], CommandToExecute: powershell -ExecutionPolicy Unrestricted -File C:\WS\CloudTemplates\Terraform\Azure\Deployments\_Testing\ANSIBLE_TEST\Module\WinFirewall.ps1"}
[1944+00000001] [05/31/2019 20:09:24.70] [WARN] Current sequence number, 0, is not greater than the sequence number of the most recently executed configuration. Exiting...

why do you think ordering is the problem. when you are using "${azurerm_virtual_machine.vm.name}" you are creating an implicit dependency, so extension runs after the vm is created. also, the error suggests that the extension failed to execute the script (or rather it was executed by returned an error or something like this).
To figure out whats going on - check extension logs on the vm
https://learn.hashicorp.com/terraform/azure/dependencies_az

Resources