To start a fabric ca server we use fabric-ca-server start -b admin:adminpw
What command or steps need to be followed to shut it down cleanly.
I have read and checked there is no default commands. Refer - https://jira.hyperledger.org/browse/FAB-1963?page=com.atlassian.jira.plugin.system.issuetabpanels%3Aworklog-tabpanel
This is not currently possible, but see and comment on https://jira.hyperledger.org/browse/FAB-4487 to follow the status of adding this support.
Related
fabric fabric-samples/test-network createChannel failed
[1]: https://i.stack.imgur.com/tJLk3.png
At the point of failure, it can't connect to 7050, which is the port for the orderer node. If you do a docker ps it should at least tell you if that peer is currently running and that it really is available on that port. Are the YAML files exactly as you found them or did you make any amendments? Configuration is sometimes the biggest culprit if you are not careful about managing the changes.
The fabric-samples test network setup for fabric-ca-server (found in fabric-samples/test-network/docker/docker-compose-ca.yaml) initializes the certificate server with
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
The option -b is clear in meaning - as shown in the output from --help and the online copy of that, it's a user/password for bootstrapping the config file. The -d flag, however, is completely undocumented. What does it do?
This is the flag to enable debug mode; see Deploy Guide, Start the TLS CA server:
Optional flags:
-d - If you want to run the server in DEBUG mode which facilitates problem diagnosis, you can include the -d flag on the start command. However, in general it is not recommended to run a server with debug enabled as this will cause the server to perform slower.
-p - If you want the server to run on a port different than what is specified in the configuration .yaml file, you can override the existing port.
The option is defined here as a tag, and parsed here. For unknown reasons, it is set to be hidden from fabric-ca-server --help.
(h/t #david_k)
I do want to know how the authentication can be done for users in the fabric ca and how to validate the users registered. Can it be authenticated by writing CLI commands and thereby invoking the shell scripts or it can be only web application .
I have referred the documents in the official site.
https://hyperledger-fabric-ca.readthedocs.io/en/release-1.4/users-guide.html
you could do this with any of the 2 ways
using the fabric-ca-client binary.Here you would be using the
commands to register and enroll admins,peers,client,orderer,ca and
create their identity.
using the the sdk where there is a node module called
fabric-ca-client. eg:view the enrollAdmin and registerUser in fabcar
example here.
if still confused do comment.
Run the network and type docker ps. Note the name of the CA you wish to use. Once that is done the below two commands will give you what you are looking for.
fabric-ca-client certificates list and fabric-ca-client certificates -id "ENTER_USERNAME"
You may either execute them in the CLI container (image of fabric-tools) or directly on the ca container using
docker exec -t ca.org1.example.com fabric-ca-client certificates list. To get additional commands run docker exec -t ca.org1.example.com fabric-ca-client --help.
You can find additional documentation using this link. Note since these are bash scripts, it doesnt matter which SDK or chaincode language you use.
I am using https://github.com/hyperledger/fabric-samples/tree/release-1.1/fabric-ca for my setup.
Is this way correct to start/stop/restart the fabric nodes:
docker-compose stop
remove setup and run
docker-compose start
Or is there any other correct way to do this?
Thanks for any help!
EDIT: Added the answer
docker stop <container-id>
docker start <container-id>
Here are the changes I made to stop and start the network
Stop the network: docker-compose stop
Before starting it again, remove setup from docker compose and change the container scripts.
For CA scripts: replace everything with fabric-ca-server start
For orderer, just have: orderer
For peer, just have: peer node start
You don't need the fabric-ca-tool container but if you are starting it, make sure you remove all channel and chaincode logic from main method of run script.
Start the network: docker-compose start
There was an Hyperledger Fabric error updating the anchor peer in the Building Your First Network document. This error is as follows.
Error: failed to create deliver client: orderer client failed to connect to orderer.example.com:7050: failed to create new connection: x509: certificate signed by unknown authority
I need your help.
I fixed by bringing the network down (byfn.sh down)
and then up again (byfn.sh up).
Please see this link for more information:
How to fix "FAILED to execute End-2-End Scenario" in Hyperledger Fabric?
x509: certificate signed by unknown authority
This error is due to the certificate format mismatch, It happed to me when I used v1.0 cryptogen tool for certificate generation and ran the network with v1.1 Fabric containers.
So, try to update the cryptogen tool from here -> http://hyperledger-fabric.readthedocs.io/en/release-1.1/samples.html#binaries.
I don't know what version you were using so, I assumed it would be v1.1. So, please specify the Hyperledger Fabric version you were using.
One of the problems could be that you have an old version of the Hyperledger Example and you are pointing to an old version of the Cryptogen tool. So if you download a newer example, when you generate the crypto-config it will generate it with the old version of the cryptogen tool, this could make your orderer container to stop, cause can validate the certificate generated.
This is because the differents versions of the cryptogen tool generate different metadata.
My suggest is to check if the cryptogen version that you are using is the one contained in your downloaded image of your example. If you had run lot of tests, clean all the docker images and containers, that always help.
If nothing of that works, I wrote a tutorial based on the basic-network example and how to run it in multiple hosts, maybe you can take some information from there.
https://medium.com/1950labs/setup-hyperledger-fabric-in-multiple-physical-machines-d8f3710ed9b4
Please, feel free to ask, if you have doubts!
This error is due to channel capabilities are set as true for v.1.4.0 so you should change it to false so that it can run for every version of the fabric.
Try:
docker ps -a
to find container ID of hyperledger orderer and peer images. Then try:
docker rm *container_ID*
to remove them. After you can run ./network.sh up createChannel.
so for this error i tried doing byfn.sh down and byfn.sh up but after that it threw another error, which i solved by first killing all the containers, removing them, cleaning all images and volumes that already exist and restarted the tutorial. to kill and remove processes and images and cleaning my system.
https://medium.com/coinmonks
docker kill $(docker ps -q)
docker rm $(docker ps -qa)
docker system prune -a
docker volumes prune -a
delete fabric-samples directory and start from the beginning and you're ready to go.