root#bq4_node1:/opt/fabric/bin# $FABRIC_ROOT/bin/peer channel create -o orderer.local:7050 -f $FABRIC_CFG_PATH/channel-artifacts/channel.tx -c mychannel -t 30 --tls true --cafile $ordererCa
Error: Error connecting due to rpc error: code = Unavailable desc = grpc: the connection is unavailable
Usage:
peer channel create [flags]
Although, not very clear what exactly you are trying to do, I would guess it's somehow related to the channel creation and joining a new peer to that channel.
First of all please take a look on Hyperledger Fabric documentation and tutorial on Writing Your First Application. There is also "Building Your First Network", also make sure you have followed Prerequisites.
You need to start with creating crypto material for your network entities: peer and ordering service, you can leverage cryptogen tool to receive root CA keys and signed certificates for peers and users. Here is the example of crypto-config.yaml, which will allow to generate orderer organization related crypto material as well as for two peers organizations:
# ---------------------------------------------------------------------------
# "OrdererOrgs" - Definition of organizations managing orderer nodes
# ---------------------------------------------------------------------------
OrdererOrgs:
Specs:
- Hostname: orderer
# ---------------------------------------------------------------------------
# "PeerOrgs" - Definition of organizations managing peer nodes
# ---------------------------------------------------------------------------
PeerOrgs:
- Name: Org1
Domain: org1.example.com
Template:
Count: 2
Users:
Count: 1
# ---------------------------------------------------------------------------
# Org2: See "Org1" for full specification
# ---------------------------------------------------------------------------
- Name: Org2
Domain: org2.example.com
Template:
Count: 2
Users:
Count: 1
You can use cryptogen to generate results:
cryptogen generate --config=crypto-config.yaml --output=.
Next, you can use configtxgen to create configuration transaction which will allow to produce genesis block and create the channel, here an additional example. Command line command:
Generate genesis block for ordering service:
FABRIC_CFG_PATH=. configtxgen -profile TwoOrgsOrdererGenesis -outputBlock genesis.block
Generate config transaction to create new channel:
FABRIC_CFG_PATH=. configtxgen -profile TwoOrgsChannel -channelID mychannel -outputCreateChannelTx=mychannel.tx
Finally you can use peer cli command to create a new channel as you have tried in your question:
peer channel create -o orderer.local:7050 -f mychannel.tx -c mychannel -t 30 --tls true --cafile $ordererCa
Also please make sure that orderer.local is the host name of the available ordering service and also environmental variables for endorsing peers correctly configured and peer is running.
Related
I have set up a network with raft ordering service (5 orderers), 2 orgs and one peer each, the TLS and client authentication are both enabled. I have created the channel and joined it successfully, but I am getting TLS handshake failed error when updating the anchor peer from cli to orderer, and I am not able to create a second channel for the same error. Besides this TLS error why I was able to create the first channel I am very confused, surely incorrect configs causing that.
CLI Commands:
export ORDERER_CA=crypto/ordererOrganizations/example.com/tlsca/ca-chain.pem
export CLIENT_KEY_FILE=crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/tls/client.key
export CLIENT_CERT_FILE=crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/tls/client.pem
*Worked: peer channel create -o orderer0.example.com:7050 -c mychannel -f ./channel-artifacts/channel.tx --tls --cafile $ORDERER_CA --clientauth --keyfile $CLIENT_KEY_FILE --certfile $CLIENT_CERT_FILE
*Worked: peer channel join -b muchannel.block
*FAILED: peer channel update -o orderer0.example.com:7050 -c mychannel -f ./channel-artifacts/anchors_channel.tx --tls --cafile $ORDERER_CA --clientauth --keyfile $CLIENT_KEY_FILE --certfile $CLIENT_CERT_FILE
CLI yaml config:
- CORE_PEER_TLS_ENABLED=true
- CORE_PEER_TLS_CERT_FILE=crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.pem
- CORE_PEER_TLS_KEY_FILE=crypto/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
- CORE_PEER_TLS_ROOTCERT_FILE=crypto/peerOrganizations/org1.example.com/tlsca/ca-chain.pem
- CORE_PEER_TLS_CLIENTAUTHREQUIRED=true
- CORE_PEER_TLS_CLIENTCERT_FILE=crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/tls/client.pem
- CORE_PEER_TLS_CLIENTKEY_FILE=crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/tls/client.key
Orderer yaml config:
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.key
- ORDERER_GENERAL_TLS_CERTIFICATE=crypto/ordererOrganizations/example.com/orderers/orderer0.example.com/tls/server.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[crypto/ordererOrganizations/example.com/tls/ca-chain.pem]
- ORDERER_GENERAL_TLS_CLIENTAUTHREQUIRED=true
- ORDERER_GENERAL_TLS_CLIENTROOTCAS=[crypto/ordererOrganizations/example.com/tlsca/ca-chain.pem,crypto/peerOrganizations/org1.example.com/tlsca/ca-chain.pem,crypto/peerOrganizations/org2.example.com/tlsca/ca-chain.pem]
Try running the command with following environment in your CLI container:
export CORE_PEER_ADDRESS=orderer.example.com:7050
export CORE_PEER_LOCALMSPID=OrdererMSP
export CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin#example.com/msp
export CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
export ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
export CHANNEL_NAME=mychannel
This is because issuing channel update transaction requires updating the channel configuration file, which according to your present policies, must be signed by an Orderer Organization admin.
I've brought up an etcdraft based orderer cluster with 3 nodes and no peer nodes are deployed for now. And now I want to modify the orderer cluster like removing or adding members. Instructions I've found require firstly fetching the current config with the 'peer channel fetch config' command.
My question is how I can do to fetch the current system channel config with 'peer channel fetch config' command before/without any peer up and running, or is there any other way to achieve this.
fabric version: 1.4.4
You need to invoke it against an orderer since you also need to do this for the system channel, and peers don't have the system channel in them.
Use something like:
peer channel fetch config mychannel.block -c mychannel --orderer orderer.example.com:7050 --cafile ca.crt
How can we implement TLS in first-network?i have tried by adding the below section in peers.What is the need to configure peers by Tls?
CORE_PEER_TLS_ENABLED=true
CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt
I am working on multi organisation network setup using first network of fabric samples.one of the organisation say org1 has created a channel by passing tls certs of orderer ,the other organisation org2 has to fetch the channel created by org1 and join the peers into the channel.when i do fetch action using peer channel fetch by passing tls certs of orderer ,i got the error like
peer channel fetch config-o orderer.example.com:7050 -c channelone1 -f --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
connection error: desc = "transport: Error while dialing dial tcp 98.124.199.121:7050: connect: connection refused". Reconnecting...
and in orderer logs ,i got error as :
TLS handshake failed with error tls: client didn't provide a certificate {"server": "Orderer", "remote address": "172.24.0.4:49608"}
Created the channel using:
peer channel create -o orderer.example.com:7050 -c channelone1 -f ./channel-artifacts/channel-one.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
Output is: Received block is 0
By default the first-network will start with TLS enabled.
The four environment variables you refer to are included in the file base/peer-base.yaml the the peer-base file is "included" by use of the extends: and file: base/docker-compose-base.yaml
How do I join members on a channel configured on another computer?
On one computer, I joined the channel through the consortium definition and authentication process.
I do not know how to access channel B of B computer from Peer of computer A. I would be grateful if you could give me specific instructions on how to access the channel from another computer.
Computer A: Once you create the channel, you have the genesis block. You need the genesis block to join the channel.
Computer B: When you have the genesis block, you should execute the following commands:
peer channel join -b mychannel.block
peer channel update -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/Org1MSPanchors.tx --tls --cafile tlsca.example.com-cert.pem
In the channel configuration you should define both Peers
I am trying to setup hyperledger fabric + composer setup with multi organizations locally. The steps I followed to setup hyperledger network is below.
Generate crypto materials and channel
cryptogen generate --config=./crypto-config.yaml configtxgen -profile
OrdererGenesis -outputBlock ./channel-artifacts/genesis.block
configtxgen -profile Channel -CreateChannelTx
./channel-artifacts/channel.tx -channelID ehrchannel
configtxgen -profile Channel -outputAnchorPeersUpdate ./channel-artifacts/Hospital1MSPanchors.tx -channelID ehrchannel -asOrg Hospital1MSP
configtxgen -profile Channel -outputAnchorPeersUpdate ./channel-artifacts/Hospital2MSPanchors.tx -channelID ehrchannel -asOrg Hospital2MSP
Start docker containors for two organisations
Execute Below commands on cli containor
peer channel create -o orderer.ehr.com:7050 -c ehrchannel -f ./channel-artifacts/channel.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/ehr.com/orderers/orderer.ehr.com/msp/tlscacerts/tlsca.ehr.com-cert.pem
Having all peers join the channel with setting appropriate env veriables
- peer channel join -b ehrchannel.block
Updating anchor peers for two organisations by setting env variables
peer channel update -o orderer.ehr.com:7050 -c ehrchannel -f ./channel-artifacts/Hospital1MSPanchors.tx --tls true --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/ehr.com/orderers/orderer.ehr.com/msp/tlscacerts/tlsca.ehr.com-cert.pem
After that I have followed Hyperledger composer document to configure composer.
But on step 17 on the doc, I am getting an error
composer network start -c PeerAdmin#ehr-network-hos1 -a marbles-network.bna -o endorsementPolicyFile=/tmp/composer/endorsement-policy.json -A admin1 -C admin2/admin-pub.pem -A admin2 -C admin2/admin-pub.pem
Starting business network from archive: marbles-network.bna
Business network definition:
Identifier: marbles-network#0.1.14
Description: Marble Trading Network
Processing these Network Admins:
userName: admin1
userName: admin2
✖ Starting business network definition. This may take a minute...
Error: Error trying to instantiate composer runtime. Error: No valid responses from any peers.
Response from attempted peer comms was an error: Error: 2 UNKNOWN: chaincode error (status: 500, message: cannot get package for chaincode (marbles-network:0.18.2))
Response from attempted peer comms was an error: Error: 2 UNKNOWN: chaincode error (status: 500, message: cannot get package for chaincode (marbles-network:0.18.2))
Response from attempted peer comms was an error: Error: 2 UNKNOWN: chaincode error (status: 500, message: cannot get package for chaincode (marbles-network:0.18.2))
Response from attempted peer comms was an error: Error: 2 UNKNOWN: chaincode error (status: 500, message: cannot get package for chaincode (marbles-network:0.18.2))
Command failed
What are the potential issues? Thank you so much in advance.
What versions of Composer and Fabric are you using ? If you are using Composer v0.18.2 you need to have the GA version of Fabric v1.1.
The releases document for Composer details the compatible versions of Composer and Fabric. https://github.com/hyperledger/composer/releases
Also you might have a typo in your command ... -A admin1 -C admin2/admin-pub.pem -A admin2 -C admin2/admin-pub.pem are you specifying the wrong folder for admin1 ?
Check fabric node logs to find clue:
docker logs [orderer/peer/...]