I am a complete newbie on Hyperledger Fabric and as described in the docs I installed all the prerequisites and set up the Network Artifacts. But after i want to bring Up the Network. I get this error and i don't know what to do:
Error: failed to create deliver client: orderer client failed to connect to orde
rer.example.com:7050: failed to create new connection: x509: certificate signed
by unknown authority (possibly because of "x509: ECDSA verification failure" whi
le trying to verify candidate authority certificate "tlsca.example.com")
Usage:
peer channel create [flags]
Flags:
-c, --channelID string In case of a newChain command, the channel ID to crea
te.
-f, --file string Configuration transaction file generated by a tool su
ch as configtxgen for submitting to orderer
-t, --timeout int Channel creation timeout (default 5)
Global Flags:
--cafile string Path to file containing PEM-encoded
trusted certificate(s) for the ordering endpoint
--certfile string Path to file containing PEM-encoded
X509 public key to use for mutual TLS communication with the orderer endpoint
--clientauth Use mutual TLS when communicating wi
th the orderer endpoint
--keyfile string Path to file containing PEM-encoded
private key to use for mutual TLS communication with the orderer endpoint
--logging-level string Default logging level and overrides,
see core.yaml for full syntax
-o, --orderer string Ordering service endpoint
--ordererTLSHostnameOverride string The hostname override to use when va
lidating the TLS connection to the orderer.
--tls Use TLS when communicating with the
orderer endpoint
-v, --version Display current version of fabric pe
er server
!!!!!!!!!!!!!!! Channel creation failed !!!!!!!!!!!!!!!!
========= ERROR !!! FAILED to execute End-2-End Scenario ===========
ERROR !!!! Test failed
OS: Windows 7
Hyperledger Fabric: 1.1
Latest Docker installation
After multiple attempts to get the network running i created containers which i had to delete with the command docker ps -aq. Also i had to get the network down before that with the command ./byfn.sh -m down. Then i restarted everything by using byfn.sh -m generate -c mychannel and byfn.sh -m up -c mychannel -s couchdb Then everything worked as in the docs described.
Related
I'm trying to query my installed chaincode on hyperledger fabric 2.2 network.
I'm trying test-network . I'm using this command
peer chaincode query -C mychannel -n fabcar -c ‘{“Args”:[“queryAllCars”]}’
but I'm getting this error.
Error: chaincode argument error: invalid character 'â' looking for beginning of value
Usage:
peer chaincode query [flags]
Flags:
-C, --channelID string The channel on which this command should be executed
--connectionProfile string Connection profile that provides the necessary connection information for the network. Note: currently only supported for providing peer connection information
-c, --ctor string Constructor message for the chaincode in JSON format (default "{}")
-h, --help help for query
-x, --hex If true, output the query value byte array in hexadecimal. Incompatible with --raw
-n, --name string Name of the chaincode
--peerAddresses stringArray The addresses of the peers to connect to
-r, --raw If true, output the query value as raw bytes, otherwise format as a printable string
--tlsRootCertFiles stringArray If TLS is enabled, the paths to the TLS root cert files of the peers to connect to. The order and number of certs specified should match the --peerAddresses flag
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
--certfile string Path to file containing PEM-encoded X509 public key to use for mutual TLS communication with the orderer endpoint
--clientauth Use mutual TLS when communicating with the orderer endpoint
--connTimeout duration Timeout for client to connect (default 3s)
--keyfile string Path to file containing PEM-encoded private key to use for mutual TLS communication with the orderer endpoint
-o, --orderer string Ordering service endpoint
--ordererTLSHostnameOverride string The hostname override to use when validating the TLS connection to the orderer.
--tls Use TLS when communicating with the orderer endpoint
--transient string
Transient map of arguments in JSON encoding
As commented out by #alpha peer chaincode query -C mychannel -n fabcar -c '{"Args":["queryAllCars"]}' will work. the difference is to replace ’ with ' while passing the arguments.
Please replace quotes ‘ with ' and “ with " . The problem here is it can't able to detect the quotes.
Error:
error getting broadcast client: orderer client failed to connect to
orderer.example.com:7050: failed to create new connection: context
deadline exceeded
I'm getting this error when trying to start a private collection in Fabric.
Following the docs properly and everything at the basic level seems to work (creating first app, creating first network, and extending first network - have not tried upgrading network parts yet). But as I create the private collections feature, it stops precisely at this step.
This happens when I start the network, go into the peer container using docker exec -it cli bash and instantiate the chaincode on the peer (peer chaincode install -n marblesp -v 1.0 -p github.com/chaincode/marbles02_private/go/) which works.
But when I instantiate it on the channel (peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile $ORDERER_CA -C mychannel -n marblesp -v 1.0 -c '{"Args":["init"]}' -P "OR('Org1MSP.member','Org2MSP.member')" --collections-config $GOPATH/src/github.com/chaincode/marbles02_private/collections_config.json --connTimeout 30s) it produces this error and I dont know how proceed further.
Can someone help me understand what's wrong here or how to get my chaincode instantiated on my channel because I have to get the private collections to work?
Its possible this question is related to some communication between different docker images as my orderer and peer are in different containers. My commands run in the peer container (atleast thats what I think) and its unable to talk to orderer container.
Here are kinematic screenshots:
UPDATE:
This is my command: (peer chaincode instantiate -o orderer.example.com:7050 --tls --cafile $ORDERER_CA -C mychannel -n marblesp -v 1.0 -c '{"Args":["init"]}' -P "OR('Org1MSP.member')" --collections-config $GOPATH/src/github.com/marbles02_private/collections_config.json --connTimeout 30s).
I get this without sudo:
Error: error getting broadcast client: orderer client failed to connect to orderer.example.com:7050: failed to create new connection: context deadline exceeded
and with sudo I get
Error: error getting endorser client for instantiate: endorser client failed to connect to 0.0.0.0:7051: failed to create new connection: context deadline exceeded
and in sudo case, it doesn't even wait 30s, it shows error within ~2 seconds.
We need to run "composer" command outside of docker container's network.
When I specify orderer and peer host name (e.g. peer0.org1.example.com) in /etc/hosts file, "composer" command seems to work.
However, if I specify server's IP address, it does not work. Here is sample.
$ composer network list -p hlfv1 -n info-share-bc -i PeerAdmin -s secret
✖ List business network info-share-bc
Error trying to ping. Error: Error trying to query chaincode. Error: Connect Failed
Command succeeded
This is a command example when I specify host name in /etc/hosts.
$ composer network list -p hlfv1 -n info-share-bc -i PeerAdmin -s secret
✔ List business network info-share-bc
name: info-share-bc
models:
- org.hyperledger.composer.system
- bc.share.info
<snip>
I believe when the server name can not be resolved, we will specify the option called "ssl-target-name-override", hyperledger node.js SDK as described here.
https://jimthematrix.github.io/Remote.html
- ssl-target-name-override {string} Used in test environment only,
when the server certificate's hostname (in the 'CN' field) does not
match the actual host endpoint that the server process runs at,
the application can work around the client TLS verify failure by
setting this property to the value of the server certificate's hostname
Is there any option to specify host name in connection profile (connection.json) ?
Found a work around: hostnameOverride option in connection profile resolved the connection issue.
"eventURL": "grpcs://<target-host>:17053",
"hostnameOverride": "peer0.org1.example.com",
How to find chaincode id after running peer chaincode install and peer chaincode instantiate commands.
While running peer chaincode query I need to pass the chaincode id. Otherwise I am getting this error in peer console:
ChaincodeId: test_cc does not exist on channel: testchainid(err:chaincode not found test_cc)
Usage:
peer chaincode install [flags]
Flags:
-h, --help help for install
Global Flags:
--cafile string Path to file containing PEM-encoded trusted certificate(s) for the ordering endpoint
-C, --chainID string The chain on which this command should be executed (default "testchainid")
-c, --ctor string Constructor message for the chaincode in JSON format (default "{}")
-E, --escc string The name of the endorsement system chaincode to be used for this chaincode
-l, --lang string Language the chaincode is written in (default "golang")
--logging-level string Default logging level and overrides, see core.yaml for full syntax
-n, --name string Name of the chaincode
-o, --orderer string Ordering service endpoint
-p, --path string Path to chaincode
-P, --policy string The endorsement policy associated to this chaincode
--test.coverprofile string Done (default "coverage.cov")
-t, --tid string Name of a custom ID generation algorithm (hashing and decoding) e.g. sha256base64
--tls Use TLS when communicating with the orderer endpoint
-u, --username string Username for chaincode operations when security is enabled
-v, --version string Version of the chaincode specified in install/instantiate/upgrade commands
-V, --vscc string The name of the verification system chaincode to be used for this chaincode
the -n or --name option that you use is the chaincode id.
When I login to the IBM containers on Bluemix, I get the following error:
cf ic login
** Retrieving client certificates from IBM Containers
** Storing client certificates in /Users/triplez/.ice/certs Successfully retrieved client certificates
** Checking local docker configuration OK
** Authenticating with registry at registry.ng.bluemix.net
Could not authenticate with IBM Containers registry at registry.ng.bluemix.net
**** exit status 1
****Error response from daemon: invalid registry endpoint registry.ng.bluemix.net/v0/: unable to ping registry endpoint
registry.ng.bluemix.net/v0/
v2 ping attempt failed with error: Get registry.ng.bluemix.net/v2/: dial tcp: lookup
registry.ng.bluemix.net on 103.11.48.126:53: read udp
103.11.48.126:53: i/o timeout
v1 ping attempt failed with error: Get registry.ng.bluemix.net/v1/_ping: dial tcp: lookup registry.ng.bluemix.net on 103.11.48.126:53: read udp
103.11.48.126:53: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add
--insecure-registry registry.ng.bluemix.net to the daemon's
arguments. In the case of HTTPS, if you have access to the registry's
CA certificate, no need for the flag; simply place the CA certificate
at /etc/docker/certs.d/registry.ng.bluemix.net/ca.crt
I've already uninstalled docker and reinstalled, giving me the same error. I've also deleted ~/.cf/config.json and ~/.ice/ice-cfg.ini and ~/.ice/certs/ and tried logging in again. I still receive the same error.
I've also tested this with ice cli with the same error.
EDITED
Tried this command:
ice login -a 'https://api.ng.bluemix.net' --registry 'registry.ng.bluemix.net' --host 'https://containers-api.ng.bluemix.net/v3/containers'
Got the same error:
Authentication with container cloud service at
containers-api.ng.bluemix.net/v3/containers completed
successfully
You can issue commands now to the container service
Proceeding to authenticate with the container cloud registry at
registry.ng.bluemix.net/v3
Error response from daemon: invalid registry endpoint
registry.ng.bluemix.net/v3/v0/:
unable to ping registry endpoint registry.ng.bluemix.net/v3/v0/
v2 ping attempt failed with error: Get registry.ng.bluemix.net/v3/v2/:
dial tcp: lookup registry.ng.bluemix.net on 192.168.0.1:53: read ump
192.168.0.1:53: i/o timeout
v1 ping attempt failed with error: Get registry.ng.bluemix.net/v3/v1/_ping: dial tcp: lookup registry.ng.bluemix.net on 192.168.0.1:53: read udp 192.168.0.1:53: i/o timeout. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry registry.ng.bluemix.net to the daemon's arguments. In the case of
HTTPS, if you have access to the registry's CA certificate, no need
for the flag; simply place the CA certificate at
/etc/docker/certs.d/registry.ng.bluemix.net/ca.crt
docker is not available on your system or is not properly configured
Could not authenticate with cloud registry at registry.ng.bluemix.net/v3
You can still use IBM Containers but will not be able to run local docker containers, push, or pull images
It looks like the container cloud service host name is not correct.
Please try to run the ice login command as below:
ice login -a 'https://api.ng.bluemix.net' --registry 'registry.ng.bluemix.net' --host 'https://containers-api.ng.bluemix.net/v3/containers'
Based on your comment "boot2docker has been deprecated" I assume you are using Docker 1.8.
This version of Docker is not supported by IBM Containers on Bluemix yet.
Please see documentation in link below saying Docker 1.6 or 1.7 is required:
https://www.ng.bluemix.net/docs/containers/container_cli_ov.html
I know IBM Containers team is working to add support for Docker 1.8 as well. Please keep an eye on documentation for updates in the future.