I'm trying to launch a network on hyperledger fabric which is almost identical to the 'first-network' fabric-sample. At the point where I start my fabric the dockers (apart from the cli) exit immediately (see image).
When I inspect the logs I see that the Orderer fails to initialize local MSP because it cannot load a valid signer certificate (see image).
I tried cleaning the docker images and downloading them again same for the binaries.
docker-compose-base.yaml
docker-compose-cli.yaml
Network composes of:
3 Peers, 1 Orderer and the cli
I would be really thankfull If anyone knows how to deal with this.
EDIT: Solved this issue by resetting docker to factory settings. I assume it had something to do with my docker login credentials.
Related
I downloaded Docker Desktop for Mac and I can run docker-compose up but when I try to run a functional test I get the error
java.lang.IllegalStateException: Could not find a valid Docker environment. Please see logs and check configuration
and when I check the logs I see that it is about docker machine I believe.
[main] ERROR o.t.d.DockerClientProviderStrategy - Could not find a valid Docker environment. Please check configuration. Attempted configurations were:
[main] ERROR o.t.d.DockerClientProviderStrategy - UnixSocketClientProviderStrategy: failed with exception InvalidConfigurationException (Could not find unix domain socket). Root cause NoSuchFileException (/var/run/docker.sock)
[main] ERROR o.t.d.DockerClientProviderStrategy - DockerMachineClientProviderStrategy: failed with exception ShellCommandException (Exception when executing docker-machine status ). Root cause InvalidExitValueException (Unexpected exit value: 1, allowed exit values: [0], executed command [docker-machine, status, ], output was 122 bytes:
Docker machine "" does not exist. Use "docker-machine ls" to list machines. Use "docker-machine create" to add a new one.)
[main] ERROR o.t.d.DockerClientProviderStrategy - As no valid configuration was found, execution cannot continue
but I believe Docker Desktop should be enough for MacOS, not confident though. I tried to create a docker machine but I couldn't because it needs a virtualbox but virtualbox doesn't support M1 macs. Don't know what to do here to be honest.
I can see the container up and running in Docker Desktop,the docker-compose up also runs. It seems like IntellijIDEA can't see it? Also when I try to add Docker to IntellijIDEA from Preferences -> Build, Execution, Deployment -> Docker, I also get the error
Cannot connect: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? (Details: [2] No such file or directory)
Can anyone assist me with this?
Edit: I actually checked var/run and there is no such file as docker.sock. Why is this, I am so confused.
I downloaded Docker using Docker Desktop for Apple M1 chips. I can run containers, the integration with VsCode works okay but I can't integrate it with Intellij IDEA Ultimate. It keeps giving this error.
But I can run my containers and create images from the terminal, I can also see the containers and images in Docker Desktop too. What could be the reason behind this? I also tried to check whether var/run/docker.sock is existing and it really isn't, there is no such file as that.
I also tried the same steps on my second computer and the exact same thing happened. Steps to reproduce: 1- Download Intellij IDEA Ultimate, open a repo that uses docker 2- Download Docker Desktop for Mac M1 3- Try to add Docker service to Intellij
I didn't do anything else because I think Docker Desktop is enough to configure everything on Mac. I am trying to run an FT on intellij and I get the error
[main] ERROR o.t.d.DockerClientProviderStrategy - Could not find a valid Docker environment. Please check configuration. Attempted configurations were:
[main] ERROR o.t.d.DockerClientProviderStrategy - UnixSocketClientProviderStrategy: failed with exception InvalidConfigurationException (Could not find unix domain socket). Root cause NoSuchFileException (/var/run/docker.sock)
[main] ERROR o.t.d.DockerClientProviderStrategy - DockerMachineClientProviderStrategy: failed with exception ShellCommandException (Exception when executing docker-machine status ). Root cause InvalidExitValueException (Unexpected exit value: 1, allowed exit values: [0], executed command [docker-machine, status, ], output was 122 bytes:
Docker machine "" does not exist. Use "docker-machine ls" to list machines. Use "docker-machine create" to add a new one.)
[main] ERROR o.t.d.DockerClientProviderStrategy - As no valid configuration was found, execution cannot continue
I've been trying everything for the last 2 days but I can't seem to find a solution.
EDITED 2022-10-31
As per the latest release notes for Docker Desktop (4.13.1), there is no need to create the symlink anymore, citing notes:
Added back the /var/run/docker.sock symlink on Mac by default, to increase compatibility with tooling like tilt and docker-py. Fixes docker/for-mac#6529.
The official fix now is to UPGRADE your Docker Desktop installation.
For the Docker Desktop (4.13.0) version:
By default Docker will not create the /var/run/docker.sock symlink on the host and use the docker-desktop CLI context instead. (see: https://docs.docker.com/desktop/release-notes/)
That will prevent IntelliJ from finding Docker using the default context.
You can see the current contexts in your machine by running docker context ls, which should produce an output like:
NAME TYPE DESCRIPTION DOCKER ENDPOINT KUBERNETES ENDPOINT ORCHESTRATOR
default moby Current DOCKER_HOST based configuration unix:///var/run/docker.sock https://kubernetes.docker.internal:6443 (default) swarm
desktop-linux * moby unix:///Users/<USER>/.docker/run/docker.sock
As a workaround that will allow IntelliJ to connect to Docker you can use the TCP Socket checkbox and put in the Engine API URL the value that appears under DOCKER ENDPOINT in the active context.
The case for this example will be: unix:///Users/<USER>/.docker/run/docker.sock
Then IntelliJ will be able to connect to Docker Desktop.
**Hacky option**
Another way to make IntelliJ (and other components that rely on the default config) to find Docker will be to manually create a symlink to the new DOCKER ENDPOINT by running:
sudo ln -svf /Users/<USER>/.docker/run/docker.sock /var/run/docker.sock
In that way all the components looking for Docker under /var/run/docker.sock will find it.
TL;DR
What is the correct method for creating a channel in HF? I've tried 4 different approaches, each ending in failure.
Troubleshooting of errors is welcome in the comments, but in this post, what I'd like to ask is what is the correct approach/method/setup to create a channel in Hyperledger Fabric?
Edit Note
My original post was asking multiple questions. I've updated this post to focus on the first question and put my second question focusing on troubleshooting a specific approach here.
Approach => Result
Run channel create on host (no local core.yaml) => core config not found
Run channel create in Docker container => no fabric binaries (could not execute)
Run channel create on host (with local core.yaml) => failed to connect to orderer
Run channel create on host (with linked core.yaml) => failed to start container
Background:
I'm building a customized HF network (using the Test Network as a reference). I've setup the CAs, generated the MSPs, started the nodes (1 Peer, 1 Orderer), generated the Orderer genesis block (and then restarted the Orderer node).
I'm using Docker swarm, but so far, I'm only focusing on the first host (which is running the above 4 containers: 2 nodes and respective CAs).
Here's more detail on each approach I've tried:
1. Run channel create from host with no local core.yaml file.
After packaging a channel Tx, I try to create a channel using the following command:
peer channel create -o $host:1050 -c $CHANNEL_NAME --ordererTLSHostnameOverride $ORG -f ./channel-artifacts/${CHANNEL_NAME}.tx --outputBlock ./channel-artifacts/${CHANNEL_NAME}.block --tls --cafile $ORDERER_CA
I get the following error:
020-09-15 16:37:06.186 MST [main] InitCmd -> ERRO 001 Fatal error when initializing core config : Could not find config file. Please make sure that FABRIC_CFG_PATH is set to a path which contains core.yaml
The FABRIC_CFG_PATH is set (by default) to /etc/hyperledger/fabric inside the Peer Docker container (and that path contains an auto-generated core.yaml file), however, I'm guessing that since the channel create command is run on the host, not the docker container, this is why the core config is not found?
(However, according to this post, I shouldn't need a local core.yaml file?)
2. Try running channel create commands from inside Docker container (with existing, auto-generated core.yaml file).
I exec'd into the Peer Docker container and ran my create Channel Tx and Create Channel commands directly from the docker container. However, this fails because the docker container does not have the fabric binaries loaded. (I tried doing a read-only bind mount of my fabric-samples/bin to a directory in the docker container's /bin path, but ran into problems and didn't explore it further.)
3. Create local core.yaml file, set FABRIC_CFG_PATH=$PWD and run channel create commands locally.
Resulting error:
Error: failed to create deliver client for orderer: orderer client failed to connect to oem.scm.cloudns.asia:1050: failed to create new connection: context deadline exceeded
This seems to be because the host:port mapping only has significance inside the docker network, NOT on the host machine. (I can successfully ping the host:port and :port from inside my docker Peer container.)
Update: container log for the orderer shows this error:
2020-09-16 19:14:52.165 UTC [core.comm] ServerHandshake -> ERRO 53e TLS handshake failed with error remote error: tls: bad certificate server=Orderer remoteaddress=10.0.0.3:54110
For a similar problem, Gari Singh said that the TLS server certificate SANS was missing the correct address. I tried adding 10.0.0.3 to my docker-compose file for the CA and restarting, but still got the same error.
4. Same as #3, execept time bind mount the local directory containing core.yaml to the Peer Docker container, and try to start channel from host.
When I tried this approach, I ran into problems because the msp path in the core.yaml file either points to the path on my host, or the corresponding docker container internal msp path.
If I point to the Docker internal msp path, then the Channel start command fails (since the command is run from the host). If I point to the Host msp path, the Peer Docker container fails to start because it can't find the path from inside the container.
Based on everything I've tried, I want to know what is the "correct" approach/method/setup for creating a channel in Hyperledger Fabric?
Did you try executing first of all the starting of the network following the guide you mentioned above?
I think that the error is related to a change on the configuration and execution of the steps for starting up a network. Did you created the genesis-block correctly (line 85 of you docker-compose file? Did you verify the logs? The error seems to be related to a missconfiguration of the FABRIC_CFG_PATH when you create the material for you network.
I think the answer that I may have been looking for is to use the Fabric CLI (Docker Hyperledger/fabric-tools image).
This approach seems to solve all of the issues I was having with approaches #1-4:
The fabric-tools image gives access to fabric binaries
The internal paths referenced in the configtx.yaml and core.yaml files are accessible (since the CLI is mounted as a Docker container), and
the CLI can natively access the host:port of other nodes (since it is part of the same Docker network)
(Note: Now that I am using the CLI, I am getting a different error, although I believe it is related to my configtx Policy, not to the method of creating the channel.)
Since I've seen some setups that do not use the CLI, I assume that this is not the only correct answer. If anyone else has another solution, I am eager to learn more.
I have an ECS Fargate service running the jetbrains/teamcity-agent image. This is connected to my TeamCity Host which is running on an EC2 instance(windows).
When I check whether the agent is capable of running docker commands, it shows the following errors:
Unmet requirements:
docker.server.osType contains linux
docker.server.version exists
Under Agent Parameters -> Configuration Parameters, I can see the docker version and the dockerCompose.version properly. Is there a setting that I am missing?
If you are trying to access a docker socket in fargate, Fargate does not support running docker commands, there is a proposed ticket for this feature.
the issue with "docker.server.osType" not showing up usually means
that the docker command run from the agent cannot connect with the
docker daemon running. This is usually due to a lack of permissions,
as docker by default only allows connections from root and users of
the group docker
Teamcity-Unmet-requirements-docker-server-osType-contains-linux
I was facing similar issues got them fixed by adding "build agent" user in "docker" group and restarted/rebooted the server.
Where build agent user ==> Means the user with which your TeamCity services are running.
Command to add a user to group
#chmod -a -G docker <userasperyourrequirement>
Command to reboot the server:
#init 6
I am following this tutorial Build Your First Network to build my first fabric network. After executing ./byfn.sh -m up, everything looks fine. But When I check environment variables, it mentioned CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
. But this crypto does not exist in /hyperledger/fabric/peer/ path. What's wrong?
I am not sure if you are checking it inside the cli container. Note that a volume mapping between the container named "cli" and your host machine is defined under the file docker-compose-cli.yaml, you can have a look here for the information https://github.com/hyperledger/fabric-samples/blob/release-1.2/first-network/docker-compose-cli.yaml#L83. When you issue a command docker exec -it cli bash to enter the container named cli, you should be able to find the path.
You are right that there is no folder as crypto in the /hyperledger/fabric/peer/ assuming that you were seeking in the peer of org1 container (e.g. docker exec -it peer0.org1.example.com) or other peer containers.
The reason is due to the fact that Environment variables are set in the cli container and its uses fabric-tools image not fabric-peer
image while orchestration. This setup is seen only in first network of fabric samples. While the cli makes install, instantiate, query, etc. commands it changes the Environment variables to act as peer before sending those commands.
So, crypto material will be in the cli container (docker exec -it cli bash). You can see the volume mapping of containers and specifically cli container for which container the crypto material is mapped in dockercompose-cli.yaml, base/docker-compose-base.yaml and base/peer-base.yaml files.
NOTE:
"first network" or "Build Your First Network" is for only testing and learning purposes not for production.
References:
[1] : Building Your First Network (https://hyperledger-fabric.readthedocs.io/en/release-1.2/build_network.html?highlight=fabric-tools)