Re: Need help in configuring TLS for chaincode server

Home Messages Hashtags Subgroups

#9053

Re: Need help in configuring TLS for chaincode server

Brett T Logan <brett.t.logan@...> #9053 Unfortunately, the comm layer is one of the most difficult pieces to debug. Can you use `openssl` to take a look at your TLS certificate, make sure everything looks good in there. Quite often users don't mention the correct IP/FQDN in the CN or SANS fields of the certificate, make sure you've mentioned your servers static IP (referenced below) in the SANS section. Brett Logan Software Engineer, IBM Blockchain Phone: 1-984-242-6890 E-mail: brett.t.logan@... toggle quoted messageShow quoted text ----- Original message ----- From: "sathya.kplm@..." <sathya.kplm@...> Sent by: fabric@... To: Matthew Sykes <matthew.sykes@...>, "fabric@..." <fabric@...> Cc: Subject: [EXTERNAL] Re: [Hyperledger Fabric] Need help in configuring TLS for chaincode server Date: Thu, Sep 24, 2020 11:39 PM Yes. Both the fields are set to true. Thanks, Sathyanarayanan S From: Matthew Sykes <matthew.sykes@...> Sent: Friday, September 25, 2020 4:45 AM To: fabric@... <fabric@...> Cc: sathya.kplm@... <sathya.kplm@...> Subject: Re: [Hyperledger Fabric] Need help in configuring TLS for chaincode server Unfortunately, the traceback doesn't really shed any light on the situation as almost all errors invoking chaincode will show the same stack. Did you set 'tls_required' and 'client_auth_required' to true in the 'connection.json' provided to the peer? On Thu, Sep 24, 2020 at 7:05 AM sathya.kplm@... <sathya.kplm@...> wrote: Hi Folks, I have some trouble while peer communicates with the chaincode server with TLS enabled. I am providing a summary of what I did. Created two CAs: chaincodeserverCA, peerClientCA Created a private key called 'server.key' and created a certificate 'server.cert' signed by chaincodeserverCA Created a private key called 'peer.key' and created a certificate 'peer.cert' signed by peerClientCA started the chaincode server with the following TLS settings Key: contents of server.key Cert: contents of server.cert ClientCACerts: peerClientCA's root certificate Installed a package with release build creating a connection.json such that client_key: peer.key client_cert: peer.cert root_cert: chaincodeserverCA's root certificate When invoking the chaincode with above configuration, I am getting the following error from peer CLI: Error: endorsement failure during invoke. response: status:500 message:"error in simulation: failed to execute transaction b7378fa2692d3e1c2d9382a61c6683a58a2ad20751aaf933abd5a3d2457b9c72: could not launch chaincode fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1: connection to fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1 failed: error cannot create connection for fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1: error creating grpc connection to 172.19.0.5:7052: failed to create new connection: context deadline exceeded" The peer logs are like this: 2020-09-24 10:31:47.480 UTC [endorser] callChaincode -> INFO 05c finished chaincode: marbles duration: 10001ms channel=mychannel txID=b7378fa2 2020-09-24 10:31:47.480 UTC [endorser] SimulateProposal -> ERRO 05d failed to invoke chaincode marbles, error: context deadline exceeded github.com/hyperledger/fabric/core/comm.(GRPCClient).NewConnection* /go/src/github.com/hyperledger/fabric/core/comm/client.go:209 github.com/hyperledger/fabric/core/chaincode/extcc.(ExternalChaincodeRuntime).createConnection* /go/src/github.com/hyperledger/fabric/core/chaincode/extcc/extcc_handler.go:40 github.com/hyperledger/fabric/core/chaincode/extcc.(ExternalChaincodeRuntime).Stream* /go/src/github.com/hyperledger/fabric/core/chaincode/extcc/extcc_handler.go:52 github.com/hyperledger/fabric/core/chaincode.(RuntimeLauncher).Launch.func1* /go/src/github.com/hyperledger/fabric/core/chaincode/runtime_launcher.go:90 runtime.goexit /usr/local/go/src/runtime/asm_amd64.s:1357 failed to create new connection error creating grpc connection to 172.19.0.5:7052 error cannot create connection for fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1 connection to fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1 failed could not launch chaincode fabcar:a3a073275963170781ec9b80185758f7e4b65c968bda9430475b9b39dd5cf2f1 github.com/hyperledger/fabric/core/chaincode.(ChaincodeSupport).Launch* /go/src/github.com/hyperledger/fabric/core/chaincode/chaincode_support.go:85 github.com/hyperledger/fabric/core/chaincode.(ChaincodeSupport).Invoke* /go/src/github.com/hyperledger/fabric/core/chaincode/chaincode_support.go:197 github.com/hyperledger/fabric/core/chaincode.(ChaincodeSupport).Execute* /go/src/github.com/hyperledger/fabric/core/chaincode/chaincode_support.go:155 github.com/hyperledger/fabric/core/endorser.(SupportImpl).Execute* /go/src/github.com/hyperledger/fabric/core/endorser/support.go:126 github.com/hyperledger/fabric/core/endorser.(Endorser).callChaincode* /go/src/github.com/hyperledger/fabric/core/endorser/endorser.go:119 github.com/hyperledger/fabric/core/endorser.(Endorser).SimulateProposal* /go/src/github.com/hyperledger/fabric/core/endorser/endorser.go:182 github.com/hyperledger/fabric/core/endorser.(Endorser).ProcessProposalSuccessfullyOrError* /go/src/github.com/hyperledger/fabric/core/endorser/endorser.go:392 github.com/hyperledger/fabric/core/endorser.(Endorser).ProcessProposal* /go/src/github.com/hyperledger/fabric/core/endorser/endorser.go:335 github.com/hyperledger/fabric/core/handlers/auth/filter.(expirationCheckFilter).ProcessProposal* /go/src/github.com/hyperledger/fabric/core/handlers/auth/filter/expiration.go:61 github.com/hyperledger/fabric/core/handlers/auth/filter.(filter).ProcessProposal* /go/src/github.com/hyperledger/fabric/core/handlers/auth/filter/filter.go:32 github.com/hyperledger/fabric/vendor/github.com/hyperledger/fabric-protos-go/peer._Endorser_ProcessProposal_Handler.func1 /go/src/github.com/hyperledger/fabric/vendor/github.com/hyperledger/fabric-protos-go/peer/peer.pb.go:107 github.com/hyperledger/fabric/common/grpclogging.UnaryServerInterceptor.func1 /go/src/github.com/hyperledger/fabric/common/grpclogging/server.go:92 github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware.ChainUnaryServer.func1.1.1 /go/src/github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:25 github.com/hyperledger/fabric/common/grpcmetrics.UnaryServerInterceptor.func1 /go/src/github.com/hyperledger/fabric/common/grpcmetrics/interceptor.go:31 github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware.ChainUnaryServer.func1.1.1 /go/src/github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:25 github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware.ChainUnaryServer.func1 /go/src/github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:34 github.com/hyperledger/fabric/vendor/github.com/hyperledger/fabric-protos-go/peer._Endorser_ProcessProposal_Handler /go/src/github.com/hyperledger/fabric/vendor/github.com/hyperledger/fabric-protos-go/peer/peer.pb.go:109 github.com/hyperledger/fabric/vendor/google.golang.org/grpc.(Server).processUnaryRPC* /go/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/server.go:995 github.com/hyperledger/fabric/vendor/google.golang.org/grpc.(Server).handleStream* /go/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/server.go:1275 github.com/hyperledger/fabric/vendor/google.golang.org/grpc.(Server).serveStreams.func1.1* /go/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/server.go:710 runtime.goexit /usr/local/go/src/runtime/asm_amd64.s:1357 failed to execute transaction b7378fa2692d3e1c2d9382a61c6683a58a2ad20751aaf933abd5a3d2457b9c72 github.com/hyperledger/fabric/core/chaincode.processChaincodeExecutionResult /go/src/github.com/hyperledger/fabric/core/chaincode/chaincode_support.go:161 github.com/hyperledger/fabric/core/chaincode.(ChaincodeSupport).Execute* /go/src/github.com/hyperledger/fabric/core/chaincode/chaincode_support.go:156 github.com/hyperledger/fabric/core/endorser.(SupportImpl).Execute* /go/src/github.com/hyperledger/fabric/core/endorser/support.go:126 github.com/hyperledger/fabric/core/endorser.(Endorser).callChaincode* /go/src/github.com/hyperledger/fabric/core/endorser/endorser.go:119 github.com/hyperledger/fabric/core/endorser.(Endorser).SimulateProposal* /go/src/github.com/hyperledger/fabric/core/endorser/endorser.go:182 github.com/hyperledger/fabric/core/endorser.(Endorser).ProcessProposalSuccessfullyOrError* /go/src/github.com/hyperledger/fabric/core/endorser/endorser.go:392 github.com/hyperledger/fabric/core/endorser.(Endorser).ProcessProposal* /go/src/github.com/hyperledger/fabric/core/endorser/endorser.go:335 github.com/hyperledger/fabric/core/handlers/auth/filter.(expirationCheckFilter).ProcessProposal* /go/src/github.com/hyperledger/fabric/core/handlers/auth/filter/expiration.go:61 github.com/hyperledger/fabric/core/handlers/auth/filter.(filter).ProcessProposal* /go/src/github.com/hyperledger/fabric/core/handlers/auth/filter/filter.go:32 github.com/hyperledger/fabric/vendor/github.com/hyperledger/fabric-protos-go/peer._Endorser_ProcessProposal_Handler.func1 /go/src/github.com/hyperledger/fabric/vendor/github.com/hyperledger/fabric-protos-go/peer/peer.pb.go:107 github.com/hyperledger/fabric/common/grpclogging.UnaryServerInterceptor.func1 /go/src/github.com/hyperledger/fabric/common/grpclogging/server.go:92 github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware.ChainUnaryServer.func1.1.1 /go/src/github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:25 github.com/hyperledger/fabric/common/grpcmetrics.UnaryServerInterceptor.func1 /go/src/github.com/hyperledger/fabric/common/grpcmetrics/interceptor.go:31 github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware.ChainUnaryServer.func1.1.1 /go/src/github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:25 github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware.ChainUnaryServer.func1 /go/src/github.com/hyperledger/fabric/vendor/github.com/grpc-ecosystem/go-grpc-middleware/chain.go:34 github.com/hyperledger/fabric/vendor/github.com/hyperledger/fabric-protos-go/peer._Endorser_ProcessProposal_Handler /go/src/github.com/hyperledger/fabric/vendor/github.com/hyperledger/fabric-protos-go/peer/peer.pb.go:109 github.com/hyperledger/fabric/vendor/google.golang.org/grpc.(Server).processUnaryRPC* /go/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/server.go:995 github.com/hyperledger/fabric/vendor/google.golang.org/grpc.(Server).handleStream* /go/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/server.go:1275 github.com/hyperledger/fabric/vendor/google.golang.org/grpc.(Server).serveStreams.func1.1* /go/src/github.com/hyperledger/fabric/vendor/google.golang.org/grpc/server.go:710 runtime.goexit /usr/local/go/src/runtime/asm_amd64.s:1357 channel=mychannel txID=b7378fa2 2020-09-24 10:31:47.480 UTC [comm.grpc.server] 1 -> INFO 05e unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=192.168.64.1:47884 grpc.code=OK grpc.call_duration=10.003026s The chaincode invoke works perfectly fine if I disable the TLS. Any pointers on this will be really helpful. Please let me know where I am going wrong. Thanks, Sathyanarayanan S -- Matthew Sykes matthew.sykes@...
More All Messages By This Member

View All 4 Messages In Topic

#9053

Join fabric@lists.hyperledger.org to automatically receive all group messages.

Home Hashtags Subgroups Terms