At command line i am executing :
fabric-ca-client register --id.name <> --id.type peer --id.affiliation peerorgs.1A --id.attrs <>
I am getting the error below:
"Failed getting affiliation" .
But, the affiliation entry is present in the fabric-ca-server.db. Can some one help me understand why I'm getting this error?
Thanks,
Smitha
Assuming you are using Docker and Docker Compose, then you should be able to do the following:
1) Use a docker-compose.yaml with the following contents (this is a slightly modified version of the one in the repo):
#
# Copyright IBM Corp. All Rights Reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
fabric-ca-server:
image: hyperledger/fabric-ca
container_name: fabric-ca-server
ports:
- "7054:7054"
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_DEBUG=true
volumes:
- "./fabric-ca-server:/etc/hyperledger/fabric-ca-server"
command: sh -c 'fabric-ca-server start -b admin:adminpw'
2) The above mounts a volume where you can place your customized fabric-ca-server-config.yaml file. Simply create a directory named fabric-ca-server in the same directory as the docker-compose.yaml and then copy your fabric-ca-server-config.yaml there.
3) Run docker-compose up and check the logs. You should see that your affiliations have been created
Related
I am trying to integrate softHSM with Hyperledger Fabric. I have followed the below steps:
I have cloned the repo from this link
https://github.com/hyperledger/fabric-ca (main-branch)
Executed the below 3 commands from the above directory. After execution, I got the new binary and the new Fabric-CA image.
make fabric-ca-server GO_TAGS=pkcs11
make fabric-ca-client GO_TAGS=pkcs11
make docker GO_TAGS=pkcs11
I have replaced the old binary(fabric-ca-client and fabric-ca-server)
I am trying to spin up the Fabric-CA in the docker container and passing the environment variables as per the official documentation.
ORG1_RCA:
image: hyperledger/fabric-ca:1.5.1
container_name: ORG1_RCA
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ORG1_RCA
- FABRIC_CA_SERVER_TLS_ENABLED=true
- FABRIC_CA_SERVER_PORT=7054
- FABRIC_CA_SERVER_BCCSP_DEFAULT=PKCS11
- FABRIC_CA_SERVER_BCCSP_PKCS11_LIBRARY=/etc/hyperledger/fabric/libsofthsm2.so
- FABRIC_CA_SERVER_BCCSP_PKCS11_PIN=
- FABRIC_CA_SERVER_BCCSP_PKCS11_LABEL=
ports:
- 7054:7054
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
environment:
- SOFTHSM2_CONF=/etc/hyperledger/fabric/config.file
volumes:
- ./fabric-ca/verizon:/etc/hyperledger/fabric-ca-server
- /home/softhsm/config.file:/etc/hyperledger/fabric/config.file
- /usr/local/lib/softhsm/libsofthsm2.so:/etc/hyperledger/fabric/libsofthsm2.so
networks:
- contract
I am not providing the PIN and label for security purposes.When I am running this container, the private keys are still getting saved into the msp/keystore folder instead of HSM.
I am new to hyperledger fabric and I was trying to test hyperledger fabric sample "fabcar" network with hyperledger fabric.I have done some edit in "org1" to "dfarmadmin".I have edited fabric configtx.yaml,crypto-config.yaml and docker-compose.yml. I'm getting the following error when trying to run ./startFabric.sh into project.
Error response from daemon: Container 5266e6d8297848fb888d15b60aba3d66e5d31b7fc42a37616874c540eedb514e is not running. please see below screenshot for reference and link of files which I have edited "https://github.com/abhisamant7/tuna-Fish/tree/master/dfarm-network"
Please see the below docker logs of three docker container which was exited.
You have done the very basic mistake of naming the domains of both peer and orderer org the same. Check your crypto-config.yaml file and change the domain name here:
OrdererOrgs:
- Name: Orderer
Domain: dfarmadmin.com
PeerOrgs:
- Name: Dfarmadmin
Domain: **CHANGE THIS**
Also change this in your configtx file:
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp
to this:
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/dfarmadmin.com/msp
Your volumes in the compose file are pointing towards the msp's
present in the crypto-config folder,but the crypto-config folder
doesnt have all msps files,some files are missing(like ca-key-file).
Your compose file is pointing towards a file which isnt present.So i
would say delete and recreate the msps and point it correctly in the
compose file
Eg.
services:
ca.dfarmadmin.com:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.dfarmadmin.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.dfarmadmin.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/dfarmadmin.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.dfarmadmin.com
networks:
- dfarm
As you can see your - FABRIC_CA_SERVER_CA_KEYFILE is pointing to a file which is not present.
While doing Hyperledger fabric setup, we create crypto material and mention users for organizations and and correspondingly user crypto material gets generated which is used to invoke chaincode while logging through CLI. Also, when we try to connect network through SDK we also need to enroll and register user to connect to network. So, what is the difference between these two users?
Cryptogen utility used for generating Hyperledger Fabric key material is mainly meant to be used for testing environment only.
It generates the CA certificate before the Fabric CA Server is up. {This won't be the case in production env.}
This certificate is mounted to fabric-ca in docker-compose.yaml file. This is done via volumes keyword as in the below snippet:
ca.example.com:
image: hyperledger/fabric-ca
environment:
- FABRIC_CA_HOME=/etc/hyperledger/fabric-ca-server
- FABRIC_CA_SERVER_CA_NAME=ca.example.com
- FABRIC_CA_SERVER_CA_CERTFILE=/etc/hyperledger/fabric-ca-server-config/ca.org1.example.com-cert.pem
- FABRIC_CA_SERVER_CA_KEYFILE=/etc/hyperledger/fabric-ca-server-config/4239aa0dcd76daeeb8ba0cda701851d14504d31aad1b2ddddbac6a57365e497c_sk
ports:
- "7054:7054"
command: sh -c 'fabric-ca-server start -b admin:adminpw -d'
volumes:
- ./crypto-config/peerOrganizations/org1.example.com/ca/:/etc/hyperledger/fabric-ca-server-config
container_name: ca.example.com
networks:
- basic
The command 'fabric-ca-server start -b admin:adminpw -d' in above script registers a bootstrap identity. This bootstrap identity is used by the application to enroll the 'admin' user. During this enrollment, fabric-ca-server gives the app a ecert, users private key and cacert chain PEM files.
From the above reference, the users certs generated by cryptogen and via application will be issued using the same root CA Cert.
When using CLI to execute commands such install chaincode, instantiate chaincode etc. you will be using the user certs generated by the cryptogen as these are mounted into the corresponding peer. Again refer to the volumes section of peer in docker-compose.yaml for this:
volumes:
- /var/run/:/host/var/run/
- ./crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp:/etc/hyperledger/msp/peer
- ./crypto-config/peerOrganizations/org1.example.com/users:/etc/hyperledger/msp/users
- ./config:/etc/hyperledger/configtx
I am getting an error while creating the channel on orderer (up and running). I have created the crypto artifacts as well as channel artifacts but while creating the channel. I am getting the error given below. I have file created ch1.tx at specified location but still getting the issue:
Error: channel create configuration tx file not found open /etc/hyperledger/fabric/ch1.tx: no such file or directory
My .YAML file looks like:
version: '2'
networks:
rpnw:
services:
peer0:
image: hyperledger/fabric-peer:x86_64-1.0.4
environment:
- CORE_PEER_LOCALMSPID="Org0MSP"
- CORE_PEER_TLS_ENABLED=false
- CORE_PEER_TLS_ROOTCERT_FILE=/usr/local/go/src/github.com/hyperledger/fabric/peer/crypto-config/peerOrganizations/org0/peers/peer0.org0/tls/ca.crt
#- CORE_PEER_MSPCONFIGPATH=/root/bcnetwork/conf/crypto-config/peerOrganizations/org0/users/Admin#org0/msp
- CORE_PEER_ADDRESS=org0-peer0:7051 #peer0 peer_peer-base_1
working_dir: /usr/local/go/src/github.com/hyperledger/fabric/peer
command: peer channel create -o orderer0:7050 -c ch1 -f /etc/hyperledger/fabric/ch1.tx # peer_orderer0_1
networks:
- rpnw
Please help.
I can run the Hyperledger Fabric 1.0 "first network" sample fine.
Now I am trying to add CouchDB persistence to this sample as described at https://hyperledger-fabric.readthedocs.io/en/latest/build_network.html#using-couchdb and https://hyperledger-fabric.readthedocs.io/en/latest/build_network.html#a-note-on-data-persistence
I edit the networkUp() function in fabric-samples/first-network/byfn.sh changing the line from:
CHANNEL_NAME=$CHANNEL_NAME TIMEOUT=$CLI_TIMEOUT docker-compose -f $COMPOSE_FILE up -d 2>&1
to:
CHANNEL_NAME=$CHANNEL_NAME TIMEOUT=$CLI_TIMEOUT docker-compose -f docker-compose-cli.yaml -f docker-compose-couch.yaml up -d 2>&1
I also edit file fabric-samples/first-network/docker-compose-couch.yaml changing block:
services:
couchdb0:
container_name: couchdb0
image: hyperledger/fabric-couchdb
ports:
- "5984:5984"
networks:
- byfn
to:
services:
couchdb0:
container_name: couchdb0
image: hyperledger/fabric-couchdb
ports:
- "5984:5984"
networks:
- byfn
volumes:
- /var/hyperledger/couchdb0:/opt/couchdb/data
When I run it with commands:
yes | sudo ./byfn.sh -m generate
yes | sudo ./byfn.sh -m up
Right after it lists 'Channel "mychannel" is created successfully', I get the error:
UTC [grpc] Printf -> DEBU 003 grpc: addrConn.resetTransport failed to create client transport: connection error: desc = "transport: Error while dialing dial tcp 172.18.0.8:7051: getsockopt: connection refused"; Reconnecting to {peer0.org1.example.com:7051 <nil>}
Any help greatly appreciated.
Thanks in advance!
This issue was not happening on RHEL 7.3, so I updated my CentOS from 7.2 to 7.3 as described at http://www.itzgeek.com/how-tos/linux/centos-how-tos/how-to-update-centos-7-07-17-2-to-centos-7-3.html and my issue was resolved.
Change made:
1) Created folder
mkdir /home/vagrant/db0
2) changed in networkUp() of byfn.sh:
# CHANNEL_NAME=$CHANNEL_NAME TIMEOUT=$CLI_TIMEOUT docker-compose -f $COMPOSE_FILE up -d 2>&1
CHANNEL_NAME=$CHANNEL_NAME TIMEOUT=$CLI_TIMEOUT docker-compose -f docker-compose-cli.yaml -f docker-compose-couch.yaml up -d 2>&1
3) added last two "volumes:" lines in docker-compose-couchdb.yaml:
services:
couchdb0:
container_name: couchdb0
image: hyperledger/fabric-couchdb
ports:
- "5984:5984"
networks:
- byfn
volumes:
- /home/vagrant/db0:/opt/couchdb/data
The docker container starts with the user couchdb. So when when you try to share the volume for the data directory, the docker container tries to create this folder and assign ownership to root. So I think the user variable should be left blank in the dockerfile instead of specifying it as couchdb. My environment is RHEL release 7.3 (Maipo). To fix this I started the container with the following commands and specified the user as root
docker run --rm -itd --name couchdb0 --user root \
--publish 5984:5984 \
--volume /var/hyperledger/couchdb0:/opt/couchdb/data \
hyperledger/fabric-couchdb:x86_64-1.0.0