I can transact with the network, and create new assets and participants but if I true to issue an identity based on the participant I get.
Error: fabric-ca request register failed with errors
[[{"code":0,"message":"Registration of '4770' failed in affiliation
validation: : scode: 401, local code: 44, local msg: Caller does not
have authority to act on affiliation 'org1', remote code: 20, remote msg: Authorization failure"}]]
Where do I begin to debug this issue. I am using the IBM Enterprise Blockchain system for doing deployment.
composer identity issue defaults to the org1 affiliation if no affiliation is supplied on the command. To specify your own affiliation you need to add the option -o affiliation=xyz (where xyz is a valid affiliation defined in your fabric ca server). For example
composer identity issue -c admin#network -u newuser -a org.example.mynetwork.Person#P1 -o affiliation=myaffiliation
Note that being able to provide an affiliation in playground is not possible.
Related
Migrating from one service to IBM Cloud for Redis.
I cannot find the correct configuration to connect using TLS. Everything I find on this is related to Heroku. and it ignores verifying the TLS/SSL connection.
I cannot find how to configure our Sidekiq/Redis to connect.
I do have a certificate from the IBM Cloud dashboard and I suspect I have to pass that along somehow.
Configure the Sidekiq.yml like this
:redis:
:url: "rediss://:< PWD >#< DB Name >:< PORT >/0"
:namespace: "app"
:ssl_params:
ca_file: 'path/to/cert'
I keep getting back the error Redis::CommandError - WRONGPASS invalid username-password pair or user is disabled.: however using these same credentials in the migration script I am able to connect to the DB, so the credentials are ok, I think it is not including the certificate correctly and I cannot find the correct way to do this
The sidekiq.yml configuration looks good to me, just make sure this has correct complete path
ca_file: 'path/to/cert'
and change the redis url to
:url: "rediss://< PWD >#< DB Name >:< PORT >/0"
further info you can read from here for TLS secured connection.
I'm not familiar with sidekiq.yml. But I've configured redlin with redis using a python script you can find here: https://github.com/IBM-Cloud/vpc-transit/blob/master/py/test_transit.py. Maybe the configuration is similar.
The relevant code is:
def vpe_redis_test(fip, resource):
"""execute a command in fip to verify postgresql is accessible"""
redis = resource["key"]
credentials = redis["credentials"]
cert_data = credentials["connection.rediss.certificate.certificate_base64"]
cli_arguments = credentials["connection.cli.arguments.0.1"]
command = f"""
#!/bin/bash
set -ex
if [ -x ./redli ]; then
echo redli already installed
else
curl -LO https://github.com/IBM-Cloud/redli/releases/download/v0.5.2/redli_0.5.2_linux_amd64.tar.gz
tar zxvf redli_*_linux_amd64.tar.gz
fi
./redli \
--long \
-u {cli_arguments} \
--certb64={cert_data} << TEST > redis.out
set foo working
i read this post on official documentation
https://hyperledger-fabric.readthedocs.io/en/latest/certs_management.html#certificate-renewal
I have some certified expired. I configure my Fabric CA adding env var FABRIC_CA_SERVER_CA_REENROLLIGNORECERTEXPIRY=true
and changing also fabric-ca-server-config.yaml with reenrollIgnoreCertExpiry: true
After restart the docker i use the command
fabric-ca-client reenroll --csr.keyrequest.reusekey -u https://localhost:11054 --mspdir /usr/src/hyperledger/fabric-samples/my-network/crypto-config/peerOrganizations/network.eu/msp --caname ca-test but
have this response
Post "https://localhost:11054/reenroll": x509: certificate has expired or is not yet valid: current time 2022-11-30T12:15:04Z is after 2022-11-24T14:09:00Z
Can you help me?
After this configuration i think that the previous command create new certficate without control expired date.
Can anyone tell me why i am getting this error while trying to run this command and assign a custom role "Secret Reader" to a guest account Object Id :
az role assignment create --role "Secret Reader" --assignee-object-id "12526c57-c91b-405b-9068-2b582b23e83a" --scope "/subscriptions/Not-putting this-here/resourceGroups/pallabdev/providers/Microsoft.KeyVault/vaults/testhalvault"
The error i get is :
request failed: Error occurred in request., InvalidSchema: No connection adapters were found for 'C:/Program Files/Git/subscriptions/Not-Putting-This-Here/resourceGroups/pallabdev/providers/Microsoft.KeyVault/vaults/testhalvault/providers/Microsoft.Authorization/roleDefinitions?$filter=roleName%20eq%20%27Secret%20Reader%27&api-version=2018-01-01-preview'
From the error message, I suppose you ran the command in Git Bash of Windows, I can also reproduce this on my side, it was caused by the Auto-translation of Resource IDs in Git Bash, similar issue here.
To solve this issue, just set environment variable MSYS_NO_PATHCONV=1 or set it temporarily when you running the command.
$ MSYS_NO_PATHCONV=1 az role assignment create --role "Secret Reader" --assignee-object-id "12526c57-c91b-405b-9068-2b582b23e83a" --scope "/subscriptions/Not-putting this-here/resourceGroups/pallabdev/providers/Microsoft.KeyVault/vaults/testhalvault"
I had the same problem and I simply ran the command using the Windows powershell instead of Gitbash and it worked like a charm.
I am trying out Composer rest server multiuser mode -
This is my setup:
I have 3 NetworkAdmin users alice,bob and charles
Through these admins i have issued identities to jdoe,dave (for alice
and bob) each with their ACLs as participants .
So alice is an admin with participant/identity - jdoe
bob is an admin with a participant/identity - dave
charles is an admin .
The setup is similar to Using two business cards in the same composer rest server configuration
-> I start the rest server for alice with multiuser mode enabled and add identity jdoe to its wallet . Now when i try to do a rest operation it says :
"message": "Error trying login and get user Context. Error: Error trying to enroll user or load channel configuration. Error: Enrollment failed with errors [[{\"code\":20,\"message\":\"Authorization failure\"}]]"
-> Same for bob - if i try to add dave it gives the same error .
-> Also if i try to add identities dave and jdoe to charles` wallet it gives same error
However the multiuser mode works in the following scenario
1) Through alice who is an admin i create a participant 'restadmin' who is also a NetworkAdmin
composer participant add -c alice#trade-network -d '{"$class":"org.hyperledger.composer.system.NetworkAdmin", "participantId":"restadmin"}'
composer identity issue -c alice#trade-network -f cards/restadmin.card -u restadmin -a "resource:org.hyperledger.composer.system.NetworkAdmin#restadmin"
composer card import -f cards/restadmin.card
composer network ping -c restadmin#trade-network
2) Now i create another participant Jam through alice
composer participant add -c alice#trade-network -d '{"$class":"org.example.trading.Trader","tradeId":"trader4", "RepfirstName":"Jam","ReplastName":"J"}'
composer identity issue -c alice#trade-network -f cards/jam.card -u jam -a "resource:org.cdc.MortalityCard.State#state4-ny"
composer card import -f cards/jam.card
composer card export -f cards/jam_exp.card -c jam#trade-network ; rm cards/jam.card
3)Now it works , This is hilarious i have no idea why it didnt work i nthe previous scenario ., now it works only if the identity is set as Jam as default . it doesnt work with jdoe or dave
No idea why . suggestion ?
the difference is in scenario 2, you've exported the cards with credentials (cert/key) - in scenario 1 they're trying to enrol again (because you've only got the secret in the card, no credentials set).
When the Identity is issued by the Fabric Certificate of Authority (CA) server a one-time secret is created (ie part of the Card that is created). When the card is used (eg connect or ping the business network using the card) for the first time, the secret is exchanged for Certificates/Keys (credentials) and then the one-time secret is invalidated. for scenario 1, you need to export it (eg via the Command line with composer card export -c jdoe# -f jdoe-plus-cert.card ) and then import that new .card file in the REST API wallet (eg /Import endpoint) and then it would also work for you in the REST API.
I am trying to use the composer-rest-server package after completing the Fabric Composer quick start, but I failed.
Please give me a hint.
The composer-rest-server package was successfully installed.
npm install -g composer-rest-server
Composer-rest-server started.
composer-rest-server
I was asked to enter simple information about the business network.
After that, I failed to load the connector module 'composer-connector-hlf'.
? Enter your Fabric Connection Profile Name: defaultProfile 
? Enter your Business Network Identifier : digitalproperty-network
? Enter your Fabric username : WebAppAdmin
? Enter your secret: DJY27pEnl16d
? Specify if you want namespaces in the generated REST API: always use namespace
s
? Specify if you want the generated REST API to be secured: Yes
To restart the REST server using the same options, issue the following command:
composer-rest-server -p defaultProfile -n digitalproperty-network -i WebAppAdmin -s DJY27pEnl16d -N always -S true
Discovering types from business network definition ...
Connection fails: Error: Failed to load connector module "composer-connector-hlf" for connection profile "defaultProfile"
It will be retried for the next request.
Error: Failed to load connector module "composer-connector-hlf" for connection profile "defaultProfile"
at connectionProfileStore.load.then.e (/home/user1/.nvm/versions/node/v6.9.5/lib/node_modules/composer-rest-server/node_modules/composer-common/lib/connectionprofilemanager.js:148:27)
How can I solve the problem?
Your .composer-connection-profiles is not set to defaultprofile.
Check your root folder and there .composer-connection-profiles folder must be present.
Inside that folder the composer profiles will be there (if your defaultprofile is made, then there will be a folder named defaultprofile), check the connection.json inside the defaultprofile folder.
If there is any other folder with different name, use that as your profile. Or you can specifically define the folder defaultprofile and write connection.json with connection details.
Which version of npm are you using? I faced similar issue on ubuntu 16.4. When I retinstall evberything with lower version of npm it worked perfectly.
npm version when things worked:
npm --version
3.10.10
when I was getting problem as you have mentioned it was 5.x
Does your grpc module has grpc_node.node files?
It's in the composer-cli module.
In my environment
/usr/local/lib/node_modules/composer-cli/node_modules/grpc/src/node/extension_binary/grpc_node.node
if you use sudo, you may need to add --unsafe-perm option.
Like: sudo npm install -g --unsafe-perm composer-cli