2022-06-11 05:12:53.108 UTC [orderer.common.server] initializeServerConfig -> INFO 004 Starting orderer with TLS enabled
2022-06-11 05:12:53.120 UTC [blkstorage] NewProvider -> INFO 005 Creating new file ledger directory at /var/hyperledger/production/orderer/chains
2022-06-11 05:12:53.128 UTC [orderer.common.server] Main -> PANI 006 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Orderer sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.example.com")
panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Orderer sub-group config: setting up the MSP manager failed: the supplied identity is not valid: x509: certificate signed by unknown authority (possibly because of "x509: ECDSA verification failure" while trying to verify candidate authority certificate "ca.example.com")
Related
Running the chainlink node using docker on WSL2 ubuntu 20.04, set all the parameters, tried with both goerli and sepolia wss as well as https clients.
*[ERROR] Failed to redial RPC node; still unreachable: error while dialing websocket: wss://goerli.infura.io/ws/v3/4f1d3ea7b23644dda6a766f1d42471a5: x509: certificate signed by unknown authority client/node_lifecycle.go:369 err=error while
dialing websocket: wss://goerli.infura.io/ws/v3/4f1d3ea7b23644dda6a766f1d42471a5: x509: certificate signed by unknown authority errVerbose=x509: certificate signed by unknown authority
error while dialing websocket: wss://goerli.infura.io/ws/v3/4f1d3ea7b23644dda6a766f1d42471a5
github.com/smartcontractkit/chainlink/core/chains/evm/client.(*node).dial
/chainlink/core/chains/evm/client/node.go:263
github.com/smartcontractkit/chainlink/core/chains/evm/client.(*node).unreachableLoop
/chainlink/core/chains/evm/client/node_lifecycle.go:367
runtime.goexit
/usr/local/go/src/runtime/asm_amd64.s:1594 evmChainID=11155111 logger=1.11.0#150ec84.EVM.Node.Lifecycle.Unreachable node=(primary)primary-0-11155111:wss://goerli.infura.io/ws/v3/4f1d3ea7b23644dda6a766f1d42471a5 nodeName=primary-0-11155111 nodeState=Unreachable nodeTier=primary stacktrace=github.com/smartcontractkit/chainlink/core/chains/evm/client.(node).unreachableLoop
/chainlink/core/chains/evm/client/node_lifecycle.go:369
I'm replicating this tutorial on a machine with centos. and it works well till I've to start the orderer. If I don't add a config.yaml and follow the instructions as they are, when submitting this to the CLI of ORG1:
peer channel create -c mychannel -f /tmp/hyperledger/org1/peer1/assets/channel.tx -o orderer1-org0:7050 --outputBlock /tmp/hyperledger/org1/peer1/assets/mychannel.block --tls --cafile /tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem
I get the error:
2022-04-24 08:24:17.756 UTC [main] InitCmd -> ERRO 03b Cannot run peer
because error when setting up MSP of type bccsp from directory
/tmp/hyperledger/org1/admin/msp: admin 0 is invalid [The identity does
not contain OU [CLIENT], MSP: [org1MSP],The identity does not contain
OU [ADMIN], MSP: [org1MSP]]
If I add a config.yaml file to the MSP folder as this link suggests I should I cannot even initiate the orderer with this error when I try to do docker-compose up
orderer1-org0 | 2022-04-24 08:15:40.373 UTC [orderer.common.server] initializeServerConfig -> INFO 004 Starting orderer with TLS enabled
orderer1-org0 | 2022-04-24 08:15:40.445 UTC [orderer.common.server] Main -> PANI 005 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [org1MSP],The identity does not contain OU [ADMIN], MSP: [org1MSP]] orderer1-org0 | panic:
Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [org1MSP],The identity does not contain OU [ADMIN], MSP: [org1MSP]]
I'm not seeing how to solve this issue.
On version 2.2 it is mentioned when deploying an orderer. It mentions a different but possible related PANI 005:
but the solution is just creating the config.yaml and it's not working
Solution:
The system channel configuration is missing config.yaml
file. If you are creating a new ordering service, the MSPDir
referenced in configtx.yaml file is missing the config.yaml file.
Follow instructions in the Fabric CA documentation to generate this
file and then rerun configtxgen to regenerate the genesis block for
the system channel.
thanks
I'm running Fabric v2.3 test network, and I'm trying to take a snapshot of the ledger.
When I run:
# peer snapshot submitrequest -c mychannel -b 0 --peerAddress peer0.org1.example.com:7051 --tlsRootCertFile /opt/gopath/src/github.com/hyperledger/fabric/peer/o
rganizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
I obtain:
Error: failed to retrieve snapshot client: snapshot client failed to connect to peer0.org1.example.com:7051: failed to create new connection: context deadline exceeded
The cli container can connect to peer1. Inspecting the orderer logs, it seems that a connection to 172.19.0.1 (on variable ports) is not successful: https://gist.github.com/RafaelAPB/962477f9bab5f34076add1a3b9f63588
Part of it:
2021-10-04 00:31:54.519 UTC [common.deliver] Handle -> WARN 066 Error reading from 172.19.0.8:53714: rpc error: code = Canceled desc = context canceled
By inspecting the logs of peer0.org1, it really seems that the problem is the connection with the orderer (in particular the TLS handshake): https://gist.github.com/RafaelAPB/6adf0c6e702387e4e0edd8de0dcf0a76
Part of it:
2021-10-04 00:52:03.595 UTC [comm.grpc.server] 1 -> INFO e6d unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.19.0.1:52374 grpc.code=OK grpc.call_duration=4.028085ms
2021-10-04 00:52:04.293 UTC [core.comm] ServerHandshake -> ERRO e6e Server TLS handshake failed in 33.508µs with error tls: first record does not look like a TLS handshake server=PeerServer remoteaddress=172.19.0.8:58532
2021-10-04 00:52:04.419 UTC [gossip.privdata] StoreBlock -> INFO e6f Received block [505] from buffer channel=mychannel
No configurations were added to the configtx.yaml regarding the snapshotting feature.
Any ideas on how to run the snapshot command successfully?
I bring up 4 peers using byfn.sh.
Everything comes up fine and I can see the orderer, peers, CA nodes, etc. running in docker containers
I then use a custom service layer application that uses the Fabric Node SDK to connect with this network.
I have no issues making the connection using byfn.sh generated TLS CA certificate (/usr/local/src/test_env/hlf_scripts/first-network/crypto-config/peerOrganizations/org1.example.com/tlsca/tlsca.org1.example.com-cert.pem)
Here are the docker log messages for the call Gateway.getNetwork(“mychannel”):
2020-01-14 22:12:20.981 UTC [comm.grpc.server] 1 -> INFO 083 unary call completed grpc.service=discovery.Discovery grpc.method=Discover grpc.peer_address=192.168.80.1:38858 grpc.code=OK grpc.call_duration=515.21µs
2020-01-14 22:12:21.012 UTC [comm.grpc.server] 1 -> INFO 084 unary call completed grpc.service=discovery.Discovery grpc.method=Discover grpc.peer_address=192.168.80.1:38858 grpc.code=OK grpc.call_duration=552.801µs
I then bring up another client application, that uses pretty much the same code, for manipulating the network. The first step here is to ensure that the user’s (admin in this case) identity exists and can be imported into a wallet. The same piece of code is used to generate this identity, and using the same connection profile (connection_org1.json). The identity can be created and imported into the filesystem wallet.
I can connect to the network using the Gateway.connect(…) method and using the connection profile connection_org1.json. However, the moment I invoke Gateway.getNetwork(“mychannel”), my issues start. Here is the error returned by the Fabric SDK:
[nodemon] starting `node ./dist/server.js`
Express server listening on port 3050
Wallet path: /usr/local/src/fabric-network-code/wallet
E0114 17:16:47.872273165 1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
E0114 17:16:48.873788447 1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
E0114 17:16:50.368082218 1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
2020-01-14T22:16:50.869Z - error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://localhost:7051
2020-01-14T22:16:50.870Z - error: [Channel.js]: Error: Failed to connect before the deadline URL:grpcs://localhost:7051
E0114 17:16:50.877630619 1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
E0114 17:16:51.876732084 1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
E0114 17:16:53.263732590 1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
E0114 17:16:53.303070959 1998 ssl_transport_security.cc:1238] Handshake failed with fatal error SSL_ERROR_SSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed.
2020-01-14T22:16:53.875Z - error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://localhost:8051
2020-01-14T22:16:53.875Z - error: [Channel.js]: Error: Failed to connect before the deadline URL:grpcs://localhost:8051
2020-01-14T22:16:53.875Z - error: [Network]: _initializeInternalChannel: Unable to initialize channel. Attempted to contact 2 Peers. Last error was Error: Failed to connect before the deadline URL:grpcs://localhost:8051
Unable to initialize channel. Attempted to contact 2 Peers. Last error was Error: Failed to connect before the deadline URL:grpcs://localhost:8051
[nodemon] app crashed - waiting for file changes before starting...
And here is the log from the docker container log for peer0.org1.example.com
2020-01-14 22:16:47.872 UTC [core.comm] ServerHandshake -> ERRO 085 TLS handshake failed with error EOF server=PeerServer remoteaddress=192.168.80.1:38886
2020-01-14 22:16:48.874 UTC [core.comm] ServerHandshake -> ERRO 086 TLS handshake failed with error EOF server=PeerServer remoteaddress=192.168.80.1:38890
2020-01-14 22:16:50.368 UTC [core.comm] ServerHandshake -> ERRO 087 TLS handshake failed with error EOF server=PeerServer remoteaddress=192.168.80.1:38894
2020-01-14 22:16:53.303 UTC [core.comm] ServerHandshake -> ERRO 088 TLS handshake failed with error EOF server=PeerServer remoteaddress=192.168.80.1:38910
I have tried various permutations and combinations of using different certs but not getting anywhere. Online forums indicate this is an issue of communication between orderer and the peer. However, there are no error messages in the orderer.
I have asked this question in chat.hyperledger.org but no response yet.
So extremely foolish of me. I had a crypto-config directory sitting in my node project folder (I don't know when I may have copied it over....) and that was throwing off the tlscacert variable.
I have removed the offending directory and now it is reading the correct one under .../first-network/crypto-config/.../<tlsca file>.pem
Sometimes (and quite often :-) ) the answer is right there but one is too stupid to see it!!!
I am trying create a channel according to documentation
Hyperledger Fabric v1.0 docs
Have an issue with certificate. On the docker "hyperledger/fabric-tools" node I can find certificate with current name - tlsca.example.com. But the channel cannot be created. I have certificate hand shake issue. Should I check/mount certificate to the peer node ?
root#4b6423da537b:/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com# peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls $CORE_PEER_TLS_ENABLED --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
2017-07-27 16:49:58.949 UTC [msp] GetLocalMSP -> DEBU 001 Returning existing local MSP
2017-07-27 16:49:58.949 UTC [msp] GetDefaultSigningIdentity -> DEBU 002 Obtaining default signing identity
2017-07-27 16:49:58.954 UTC [grpc] Printf -> DEBU 003 Failed to dial orderer.example.com:7050: connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.example.com\")"; please retry.
Error: Error connecting due to rpc error: code = Internal desc = connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority (possibly because of \"x509: ECDSA verification failure\" while trying to verify candidate authority certificate \"tlsca.example.com\")"
Usage:
Thanks.
i meet the same problem. And run this command to close the network.
./network_setup.sh down mychannel
The reason that cause my problem is that the source code exists a error. So i modify this code error and reopen the network. This problem work out.
It would seem that you are in the incorrect working directory. When running the sample manually, you start the cli container and it places you in the /opt/gopath/src/github.com/hyperledger/fabric/peer directory. That is where you should be running the peer command. It would seem from your post that you were running the peer command in the /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com directory in the container, and it is not finding the configuration files that were mounted for the example.