I'm trying to export my Network Admin card from the Playground UI, but the export icon is disabled. In addition, I see the following error in my Chrome console:
Error: The current identity, with the name 'admin' and the identifier 'ddae16d6f23947e9349627051b8ca5933cef53d2918f52295352d7dd24cdabcb', must be activated.
How do I export the Network Admin card from the Playground?
Here's the full Firefox log:
Establishing admin connection ...
main.d12285adf00f2401cf60.bundle.js:1:346887
#JS : ModelManager :addSystemModels() [object Object]
main.d12285adf00f2401cf60.bundle.js:1:848811
#JS : Resolver :resolveRelationship() Failed to resolve relationship [object Object]
main.d12285adf00f2401cf60.bundle.js:1:848759
#JS : IdentityManager :<ResourceManager>() Binding in the tx names and impl
main.d12285adf00f2401cf60.bundle.js:1:848811
#JS : EngineTransactions :createHistorianRecord() created historian record
main.d12285adf00f2401cf60.bundle.js:1:848811
#JS : Resolver :resolveRelationship() Failed to resolve relationship [object Object]
main.d12285adf00f2401cf60.bundle.js:1:848759
#JS : EngineTransactions :createHistorianRecord() created historian record
main.d12285adf00f2401cf60.bundle.js:1:848811
#JS : Resolver :resolveRelationship() Failed to resolve relationship [object Object]
main.d12285adf00f2401cf60.bundle.js:1:848759
#JS : EngineTransactions :createHistorianRecord() created historian record
main.d12285adf00f2401cf60.bundle.js:1:848811
#JS : ConnectionProfileManager:getConnectionManagerByTy Looking up a connection manager for type web
main.d12285adf00f2401cf60.bundle.js:1:848811
Establishing admin connection ...
main.d12285adf00f2401cf60.bundle.js:1:346887
#JS : ConnectionProfileManager:getConnectionManagerByTy Looking up a connection manager for type web
main.d12285adf00f2401cf60.bundle.js:1:848811
#JS : IdentityManager :validateIdentity() Error: The current identity, with the name 'admin' and the identifier 'ddae16d6f23947e9349627051b8ca5933cef53d2918f52295352d7dd24cdabcb', must be activated (ACTIVATION_REQUIRED)
main.d12285adf00f2401cf60.bundle.js:1:848759
#JS : Engine :query() Caught error, rethrowing [object Object]
main.d12285adf00f2401cf60.bundle.js:1:848759
#JS : IdentityManager :validateIdentity() Error: The current identity, with the name 'admin' and the identifier 'ddae16d6f23947e9349627051b8ca5933cef53d2918f52295352d7dd24cdabcb', must be activated (ACTIVATION_REQUIRED)
main.d12285adf00f2401cf60.bundle.js:1:848759
#JS : IdentityManager :<ResourceManager>() Binding in the tx names and impl
main.d12285adf00f2401cf60.bundle.js:1:848811
#JS : EngineTransactions :createHistorianRecord() created historian record
main.d12285adf00f2401cf60.bundle.js:1:848811
#JS : ConnectionProfileManager:getConnectionManagerByTy Looking up a connection manager for type web
main.d12285adf00f2401cf60.bundle.js:1:848811
#JS : ModelManager :addSystemModels() [object Object]
main.d12285adf00f2401cf60.bundle.js:1:848811
connected
main.d12285adf00f2401cf60.bundle.js:1:61666
This is the answer I got on GitHub:
The reason that the export is greyed out is because you are using the
bluemix staged Playground that is in the 'web-connector' mode. In
order to meaningfully export a business network card, you will need to
create a connection to Hyperledger Fabric. The steps you outline above
will not create a business network in Hyperledger Fabric, but within a
web connector.
If you follow the developer tutorial
(https://hyperledger.github.io/composer/tutorials/developer-tutorial)
you will be taken through the process of creating a (local) Fabric,
from which you can connect Playground and export business network
cards.
You can create the admin card via composer-cli.
composer card create
-p connection.json
-u PeerAdmin -c Admin#org1.example.com-cert.pem
-k 114aab0e76bf0c78308f89efc4b8c9423e31568da0c340ca187a9b17aa9a4457_sk
-r PeerAdmin -r ChannelAdmin
Add connection.json file as following:
{
"name": "fabric-network",
"type": "hlfv1",
"mspID": "Org1MSP",
"peers": [
{
"requestURL": "grpc://localhost:7051",
"eventURL": "grpc://localhost:7053"
}
],
"ca": {
"url": "http://localhost:7054",
"name": "ca.org1.example.com"
},
"orderers": [
{
"url" : "grpc://localhost:7050"
}
],
"channel": "composerchannel",
"timeout": 300
}
The certificate file can be found in the signcerts subdirectory (fabric-tools/fabric-scripts/hlfv1/composer/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp) and is named Admin#org1.example.com-cert.pem.
The private key file can be found in the keystore subdirectory. The name of the private key file is a long hexadecimal string, with a suffix of _sk, for example 114aab0e76bf0c78308f89efc4b8c9423e31568da0c340ca187a9b17aa9a4457_sk.
Step by step tutorial is available in Hyperledger Composer
Tutorials # https://hyperledger.github.io/composer/tutorials/deploy-to-fabric-single-org.
Related
I was hoping someone here could help me out. We are currently evaluating JFrog's Artifactory - Container Registry running as a Docker service and for the life of me I cannot get this thing to work properly with our Active Directory instance. I had it working fine in version 6 but with the release of version 7, decided to start new with the new version.
So I have artifactory-jcr:7.3.2 up and running in our swarm. Go into administration -> security -> LDAP and create a new LDAP settings profile with the following fields:
LDAP URL: ldap://mydc.company.net:389/DC=company,DC=net
User DN Pattern: blank
Email Attribute: mail
Search Filter: (sAMAccountName={0})
Search Base: OU=Company Users
Search Sub-Tree: checked
Manager DN: CN=_svcAccount,OU=Service Accounts,OU=Company Users,DC=company,DC=net
Manager Password: Correct Password
The Manager DN is correct and the password has been verified and tested. I can log in with the service account from any machine and successfully query the directory using ADExplorer and issue a query for my account using only my sAMAccountName which returns my user object. So I know the service account's password is correct, permissions for it are correct and it can successfully issue queries.
But when trying to test an account from the LDAP settings profile page, I get a generic error message popup stating "Error connecting to the LDAP server:"
For the log, I am looking at the /var/opt/artifactory/artifactory-service.log file.
Here's the entry immediately following a failed 'test account' attempt:
2020-04-03T17:16:46.714Z [jfrt ] [ERROR] [7faa71d56a50ef2b] [o.a.s.l.AbstractLdapService:67] [http-nio-8081-exec-4] - Error connecting to the LDAP server:
org.springframework.security.authentication.AuthenticationServiceException: User myuseraccount failed to authenticate
at org.artifactory.security.ldap.ArtifactoryBindAuthenticator.authenticate(ArtifactoryBindAuthenticator.java:166)
at org.artifactory.security.ldap.LdapServiceImpl.testLdapConnection(LdapServiceImpl.java:77)
at org.artifactory.security.SecurityServiceImpl.testLdapConnection(SecurityServiceImpl.java:3193)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:343)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:205)
at com.sun.proxy.$Proxy156.testLdapConnection(Unknown Source)
at org.artifactory.ui.rest.service.admin.security.ldap.ldapsettings.TestLdapSettingsService.testLdapConnection(TestLdapSettingsService.java:76)
at org.artifactory.ui.rest.service.admin.security.ldap.ldapsettings.TestLdapSettingsService.execute(TestLdapSettingsService.java:63)
at org.artifactory.rest.common.service.ServiceExecutor.process(ServiceExecutor.java:38)
at org.artifactory.rest.common.resource.BaseResource.runService(BaseResource.java:92)
at org.artifactory.ui.rest.resource.admin.security.ldap.LdapSettingResource.testLdapSetting(LdapSettingResource.java:90)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:76)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:148)
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:191)
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:200)
2020-04-03T17:16:46.732Z [jfrt ] [ERROR] [7faa71d56a50ef2b] [o.a.s.l.AbstractLdapService:68] [http-nio-8081-exec-4] - Error connecting to the LDAP server:
2020-04-03T17:17:57.524Z [jfrt ] [WARN ] [81a5689d90762c9 ] [o.a.s.l.LdapServiceImpl:179 ] [http-nio-8081-exec-8] - Unexpected exception in LDAP query:for user myuseraccount vid LDAP: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]
2020-04-03T17:17:57.547Z [jfrt ] [INFO ] [81a5689d90762c9 ] [o.a.s.l.LdapServiceImpl:129 ] [http-nio-8081-exec-8] - Couldn't find user named "myuseraccount" in ADsettings
From the login ui, I try to use my sam account name only I get a message above the login form stating: "Username or password is incorrect"
Here's the log entry that's generated at the time:
2020-04-03T17:05:12.060Z [jfrt ] [WARN ] [77c816e57e51530 ] [o.a.s.l.LdapServiceImpl:179 ] [http-nio-8081-exec-8] - Unexpected exception in LDAP query:for user admin vid LDAP: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]
I am only using the sam account name for the login, not the user principal name. I am also leaving off the netbios domain name portion of the login. If I try to add in the full SAM Account name to include the domain, "companyname\myuseraccount" I get a Status 500 error page.
Can anyone tell me what I'm doing wrong here?
Thanks for any help!
Shortly after posting this question, I decided to shell into the running jcr container and copy and install the necessary rpm files and to get openldap working. Then used ldapsearch from the container to query our domain controller using the settings I had provided the artifactory UI. And viola! The issue was the bind DN. I thought the the Manager DN form field was supposed to be the full distinguished name of the binding user account used to query the directory but ldapsearch was returning object not found errors.
I changed the binding account to the service account's SAM account name ("_svcAccount") and got a result back. I've since gone back into the artifactory settings and update the Manager DN to be "_svcAccount" and everything is working.
Jfrog should change the description of the Manager DN field. A distinguished name consists of the full LDAP path to the object. Which doesn't work, at least not in my particular situation. Other Java based products we use like SonarQube, use the classic full distinguished name for the bind account. Jfrog Container Registry apparently does not.
-Update -- I ended up having to use the NetBIOS domain as part of the Manager DN account to get it to authenticate. So, instead of "_svcAccount" as the Manager DN, I had to use "mycompany\_svcAccount" as the Manager DN. However, Active Directory users do not use the NetBIOS domain when logging into the Container Registry, just the SAM account name. (i.e. "myAccount" vs. "mycompany\myAccount")
I followed this tutorial to setup myorg/composer-rest-server and everything was working fine till I import card but when I make a GET request to /api/system/ping it returns 500 Error:
{"error":{"statusCode":500,"name":"Error","message":"Error trying login and get user Context. Error: Error trying to enroll user or load channel configuration. Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054]","stack":"Error: Error trying login and get user Context. Error: Error trying to enroll user or load channel configuration. Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054]\n at client.getUserContext.then.then.catch (/home/composer/.npm-global/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:393:34)\n at <anonymous>\n at process._tickDomainCallback (internal/process/next_tick.js:228:7)"}}
So I checked the logs for rest container, it can't seem to find 127.0.0.1:7054. Here is the error log.
Unhandled error for request GET /api/system/ping: Error: Error trying login and get user Context. Error: Error trying to enroll user or load channel configuration. Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054]
at client.getUserContext.then.then.catch (/home/composer/.npm-global/lib/node_modules/composer-rest-server/node_modules/composer-connector-hlfv1/lib/hlfconnection.js:393:34)
at <anonymous>
at process._tickDomainCallback (internal/process/next_tick.js:228:7)
So I checked the logs for the container ca.org1.example.com, and it is listening to port 7054
2018/04/01 09:57:25 [DEBUG] CA initialization successful
2018/04/01 09:57:25 [INFO] Home directory for default CA: /etc/hyperledger/fabric-ca-server
2018/04/01 09:57:25 [DEBUG] 1 CA instance(s) running on server
2018/04/01 09:57:25 [INFO] Listening on http://0.0.0.0:7054
I think i need to change 127.0.0.1 to 0.0.0.0 but not sure how to do it the right way. Could also be a firewall issue?
Here's my .composer/cards/restadmin#myserver/connection.json
{"name":"hlfv1","x-type":"hlfv1","x-commitTimeout":300,"version":"1.0.0","client":{"organization":"Org1","connection":{"timeout":{"peer":{"endorser":"300","eventHub":"300","eventReg":"300"},"orderer":"300"}}},"channels":{"composerchannel":{"orderers":["orderer.example.com"],"peers":{"peer0.org1.example.com":{}}}},"organizations":{"Org1":{"mspid":"Org1MSP","peers":["peer0.org1.example.com"],"certificateAuthorities":["ca.org1.example.com"]}},"orderers":{"orderer.example.com":{"url":"grpc://orderer.example.com:7050"}},"peers":{"peer0.org1.example.com":{"url":"grpc://peer0.org1.example.com:7051","eventUrl":"grpc://peer0.org1.example.com:7053"}},"certificateAuthorities":{"ca.org1.example.com":{"url":"http://ca.org1.example.com:7054","caName":"ca.org1.example.com"}}}
I'm using AWS EC2
OS: Ubuntu 16.04.3 LTS,
Docker: 17.12.0-ce,
Composer: v0.19.0
Fabric: v1.1
Which card have you imported? If it is the restadmin card, I think you may have imported a Card containing an expired One-Time secret. After the rest admin card was used to start the REST server (in the container) the secret was replaced with certificates - so if you export the restadmin card again with a different name composer card export -c restadmin#trade-network -f restadmin-cert.card you will see that it is a larger file because of the certificates. You should be able to import and use this new .card file.
(If you were using a different card e.g. jdoe - did you run the sed command for this card to correct the addresses?)
I am following the steps to register a device in AWS-IoT. I am doing the steps described by AWS to use a self-signed certificate. The step three of the tutorial indicates the following command:
aws iot get-registration-code
But I am getting the following exception:
$ aws iot get-registration-code
An error occurred (AccessDeniedException) when calling the
GetRegistrationCode operation: User: arn:aws:iam::xxxxxxxx:user/dalton
is not authorized to perform: iot:GetRegistrationCode on resource: *
It is not clear how I can assign the right permissions. At IAM Management Console, I assigned the following permissions to my user:
AWSIoTThingsRegistration
AWSIoTLogging
AWSIoTConfigAccess
AWSIoTRuleActions
AWSIoTConfigReadOnlyAccess
AWSQuickSightIoTAnalyticsAccess
AWSIoTOTAUpdate
AWSIoTDataAccess
AWSIoTFullAccess
Still without success.
AWSIoTFullAccess defines this policy :
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:*"
],
"Resource": "*"
}
]
}
So with that you will be able to execute the call according to the IAM IoT policies. When attaching a new policy it only take a few seconds before it goes into effect on the CLI.
You need to :
Double check your IAM policies and ensure that the user that is using the CLI uses indeed uses the aws credentials (key and secret) that matches the IAM user that has the AWSIoTFullAccess.
Double check the AWS account number if you're using multiple accounts.
Run the AWS IAM Policy Simulator and verify the output.
I'm trying to deploy car auction sample .bna file to HLF v0.6 service on Bluemix and getting different errors.
My connection profile for Bluemix:
{
"type": "hlf",
"membershipServicesURL": "grpcs://1c0b2dabbb834804ae3d284fed9059f4-ca.us.blockchain.ibm.com:30002",
"peerURL": "grpcs://1c0b2dabbb834804ae3d284fed9059f4-vp0.us.blockchain.ibm.com:30002",
"eventHubURL": "grpcs://1c0b2dabbb834804ae3d284fed9059f4-vp0.us.blockchain.ibm.com:31002",
"keyValStore": "/Users/me/.composer-credentials",
"deployWaitTime": "3000",
"invokeWaitTime": "1000",
"certificate": "-----BEGIN CERTIFICATE-----\nMIID6TCCA26gAwIBAgIQCiYEWw1faoRpM2xufaiPLTAKBggqhkjOPQQDAjBMMQsw\nCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMSYwJAYDVQQDEx1EaWdp\nQ2VydCBFQ0MgU2VjdXJlIFNlcnZlciBDQTAeFw0xNjA2MDcwMDAwMDBaFw0xOTA2\nMTIxMjAwMDBaMIGJMQswCQYDVQQGEwJVUzERMA8GA1UECBMITmV3IFlvcmsxDzAN\nBgNVBAcTBkFybW9uazE0MDIGA1UEChMrSW50ZXJuYXRpb25hbCBCdXNpbmVzcyBN\nYWNoaW5lcyBDb3Jwb3JhdGlvbjEgMB4GA1UEAwwXKi51cy5ibG9ja2NoYWluLmli\nbS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARTKAZypDOqw34HWujQeL82\nj1e9rN1inpN6ngrq49+OpYIe8ckHnJhsWPpf+zeIQePboDQVUTDtYXh7212BsVoX\no4IB8jCCAe4wHwYDVR0jBBgwFoAUo53mH/naOU/AbuiRy5Wl2jHiCp8wHQYDVR0O\nBBYEFK+1RoBnUnb8nr2hNtkUu3FRrbYuMDkGA1UdEQQyMDCCFyoudXMuYmxvY2tj\naGFpbi5pYm0uY29tghV1cy5ibG9ja2NoYWluLmlibS5jb20wDgYDVR0PAQH/BAQD\nAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBpBgNVHR8EYjBgMC6g\nLKAqhihodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1lY2MtZzEuY3JsMC6g\nLKAqhihodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc3NjYS1lY2MtZzEuY3JsMEwG\nA1UdIARFMEMwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3\nLmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHsGCCsGAQUFBwEBBG8wbTAkBggr\nBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEUGCCsGAQUFBzAChjlo\ndHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRFQ0NTZWN1cmVTZXJ2\nZXJDQS5jcnQwDAYDVR0TAQH/BAIwADAKBggqhkjOPQQDAgNpADBmAjEA7LViaN74\nOwIp/zqfwSRvURg965+m73/edCeNKrsLf6GuE0sLwpX6pQNnDlr6SzGnAjEA+qk0\nsYRnd2gCQeD9fWbCJIw0vJDqeZr1WJ64aVoJ8kyASzY/yoarSm2wqujXJwEf\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDrDCCApSgAwIBAgIQCssoukZe5TkIdnRw883GEjANBgkqhkiG9w0BAQwFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaMEwxCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJjAkBgNVBAMTHURpZ2lDZXJ0IEVDQyBT\nZWN1cmUgU2VydmVyIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE4ghC6nfYJN6g\nLGSkE85AnCNyqQIKDjc/ITa4jVMU9tWRlUvzlgKNcR7E2Munn17voOZ/WpIRllNv\n68DLP679Wz9HJOeaBy6Wvqgvu1cYr3GkvXg6HuhbPGtkESvMNCuMo4IBITCCAR0w\nEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEE\nKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQgYDVR0f\nBDswOTA3oDWgM4YxaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0R2xv\nYmFsUm9vdENBLmNybDA9BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYc\naHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAdBgNVHQ4EFgQUo53mH/naOU/A\nbuiRy5Wl2jHiCp8wHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJ\nKoZIhvcNAQEMBQADggEBAMeKoENL7HTJxavVHzA1Nm6YVntIrAVjrnuaVyRXzG/6\n3qttnMe2uuzO58pzZNvfBDcKAEmzP58mrZGMIOgfiA4q+2Y3yDDo0sIkp0VILeoB\nUEoxlBPfjV/aKrtJPGHzecicZpIalir0ezZYoyxBEHQa0+1IttK7igZFcTMQMHp6\nmCHdJLnsnLWSB62DxsRq+HfmNb4TDydkskO/g+l3VtsIh5RHFPVfKK+jaEyDj2D3\nloB5hWp2Jp2VDCADjT7ueihlZGak2YPqmXTNbk19HOuNssWvFhtOyPNV6og4ETQd\nEa8/B6hPatJ0ES8q/HO3X8IVQwVs1n3aAr0im0/T+Xc=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\nQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT\nMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j\nb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG\n9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB\nCSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97\nnh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt\n43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P\nT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4\ngdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO\nBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR\nTLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw\nDQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr\nhMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg\n06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF\nPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls\nYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk\nCAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=\n-----END CERTIFICATE-----\n",
"certificatePath": "/certs/peer/cert.pem"
}
I'm executing the following command:
composer network deploy -p bluemix -a sample-networks/packages/carauction-network/carauction-network#0.0.7.bna -i admin -s PASSS
I tried this many times and I'm getting one of the following errors:
I. Security handshake:
$ composer network deploy -p bluemix -a sample-networks/packages/carauction-network/carauction-network#0.0.7.bna -i admin -s 97b116b3c4
Deploying business network from archive: carauction-network/carauction-network#0.0.7.bna
Business network definition:
Identifier: carauction-network#0.0.7
Description: Car Auction Business Network
E0528 10:59:18.962200000 123145570217984 handshake.c:128]
Security handshake failed:
{"created":"#1495940358.962177000","description":"Handshake read failed","file":"../src/core/lib/security/transport/handshake.c","file_line":237,"referenced_errors":[{"created":"#1495940358.962172000","description":"FD shutdown","file":"../src/core/lib/iomgr/ev_poll_posix.c","file_line":427}]}
Error
Command failed
II. Unhandled 'error' event:
$ composer network deploy -p bluemix -a sample-networks/packages/carauction-network/carauction-network#0.0.7.bna -i admin -s 97b116b3c4
Deploying business network from archive: carauction-network/carauction-network#0.0.7.bna
Business network definition:
Identifier: carauction-network#0.0.7
Description: Car Auction Business Network
events.js:160
throw er; // Unhandled 'error' event
^
Error: unknown service protos.Events
at ClientDuplexStream._emitStatusIfDone
(/usr/local/lib/node_modules/composer-cli/node_modules/grpc/src/node/src/client.js:189:19)
at ClientDuplexStream._receiveStatus
(/usr/local/lib/node_modules/composer-cli/node_modules/grpc/src/node/src/client.js:169:8)
at /usr/local/lib/node_modules/composer-cli/node_modules/grpc/src/node/src/client.js:634:14
III. Identity or token does not match:
$ composer network deploy -p bluemix -a sample-networks/packages/carauction-network/carauction-network#0.0.7.bna -i admin -s 97b116b3c4
Deploying business network from archive: carauction-network/carauction-network#0.0.7.bna
Business network definition:
Identifier: carauction-network#0.0.7
Description: Car Auction Business Network
Error: Identity or token does not match.
Command failed
I feel "SSL Handshake problem" (I) and "Unhandled 'error' event" (II) are related to the old issue with HFC not handling properly GRPC disconnects Is it correct?. What I can't figure out is what's causing "Identity or token does not match" (III). My current guess is that admin user does not have a wallet created yet (can't see it in my ~/.composer-credentials folder). Is composer deploy supposed to create wallet automatically if it does not yet exists?
Ok, I did some more experiments, and here is what I've learned:
It was a problem in my profile's connection.json. When I copied and modified one from the answer to this question: Fabric composer integration with Bluemix blockchain service it start working.
I was setting long timeouts in connection.json, but CLI command still ends with the following error:
events.js:160
throw er; // Unhandled 'error' event
^
Error: {"created":"#1496109180.720017000","description":"Secure read failed","file":"../src/core/lib/security/transport/secure_endpoint.c","file_line":157,"grpc_status":14,"referenced_errors":[{"created":"#1496109180.720007000","description":"OS Error","errno":54,"file":"../src/core/lib/iomgr/tcp_posix.c","file_line":229,"os_error":"Connection reset by peer","syscall":"recvmsg"}]}
at ClientDuplexStream._emitStatusIfDone (/usr/local/lib/node_modules/composer-cli/node_modules/grpc/src/node/src/client.js:189:19)
at ClientDuplexStream._receiveStatus (/usr/local/lib/node_modules/composer-cli/node_modules/grpc/src/node/src/client.js:169:8)
at /usr/local/lib/node_modules/composer-cli/node_modules/grpc/src/node/src/client.js:634:14
At the same time chaicode gets deployed. Still not sure what is causing it.
Since composer's deployment command is finished with error, the mapping between composer's network ID and deployed chaincode ID isn't added to. Which means, it needs to be added manually, by adding something like this to a respective connection.json:
"networks": {
"carauction-network": "8f637b9886357fb3e24864cfa36f9cdae84e587028a08074d856e9b6635afa76"
}
I am using OpenHab 1.7
I am trying to publish messages throw MQTT,
I want to publish my EnOcean Rocker switch updates but when I change my switch state nothing is published, Here is my item configuration:
Switch MyRocker () {enocean="{id=00:25:7F:9A, eep=F6:02:01, channel=B, parameter=I}", mqtt=">[eclipsemqttbroker:myRockerState:command:ON:1],>[eclipsemqttbroker:myRockerState:command:OFF:0]"}
In the debug mode I got the following messages
13:54:25.404 [DEBUG] [.io.transport.mqtt.MqttService:123 ] - Starting MQTT Service...
13:54:26.471 [INFO ] [.io.transport.mqtt.MqttService:108 ] - MQTT Service initialization completed.
13:54:26.480 [INFO ] [o.i.t.m.i.MqttBrokerConnection:114 ] - Starting MQTT broker connection 'eclipsemqttbroker'
13:54:26.537 [DEBUG] [o.i.t.m.i.MqttBrokerConnection:294 ] - Creating new client for 'tcp://m2m.eclipse.org:1883' using id 'openHabEnOcean' and file store '/tmp/eclipsemqttbroker'
13:34:11.850 [DEBUG] [b.mqtt.internal.MqttItemConfig:71 ] - Loaded MQTT config for item 'MyRocker' : 0 subscribers, 2 publishers
13:34:11.904 [DEBUG] [m.internal.MqttEventBusBinding:61 ] - MQTT: Activating event bus binding.
Any ideas why no message has not been published?
Note : I only use the mqtt transport bundle I did not use the persistance bundle.
Thanks in advance for your help!
This configuration works:
Switch MyRocker () {enocean="{id=00:25:7F:9A, eep=F6:02:01, channel=B, parameter=I}", mqtt=">[eclipsemqttbroker:myRockerState:state:ON:default],>[eclipsemqttbroker:myRockerState:state:OFF:default]"}