Date   

Multi-network node deployments #fabric

Nancy Min
 

Hi All,

We're interested in different methods to facilitate multi-network node deployments. One option we've thought of is to communicate with nodes hosted on different networks by using port forwarding on both ends in order for swarm connections to occur. Are there better ways to do this?

Thanks,
Nancy


Documentation Workgroup: Agenda for Friday, 18 October

Anthony O'Dowd <a_o-dowd@...>
 

Hello All,

We hold our regular documentation workgroup call this week, both Eastern and Western hemispheres.

After celebrating our 100th meeting last week, we have decided to move to the Hyperledger Fabric Wiki for better continuity of discussion, search and integration with other Fabric activities! Many thanks to Brian and Chris for their suggestions and support!

You can see the new Wikipage here: https://wiki.hyperledger.org/display/fabric/Documentation+Working+Group

This week's agenda is here : https://wiki.hyperledger.org/display/fabric/2019+10+18+DWG+Agenda

Feel free to add agenda items to the wiki or mailing list, and we will include at the meeting. Feel free to come along, listen and discuss - you're always welcome!

Best regards,

Anthony, Pam, Joe, Nik

P.S I will include meeting details below for continuity for the next few weeks.

Meeting Details
-------------
Please use the following link to attend the meeting:  https://zoom.us/j/6223336701

Zoom should work in the browser.  I will open the call 5 minutes early so that folks can test it out. I'll also monitor the RocketChat at https://chat.hyperledger.org/channel/fabric-release so that if anyone has issues, ping me there!

More Zoom connection options at the bottom of this note.

The meeting times are as follows:


Meeting 101A: Friday 18 Oct
                   1130 India Standard Time
                   1400 China Standard Time
                   1500 Japan Standard Time
                   1700 Australia Eastern Time
                   1400 Singapore Time
                   1000 Gulf Standard Time
                   1000 Moscow Standard Time
                   0700 Greenwich Mean Time
                   0800 Central European Time    

Meeting 101B: Friday 18 Oct
              1000 Central Daylight Time
                   1100 Eastern Daylight Time
                   0800 Pacific Daylight Time
                   1200 Brasil Standard Time
                   1600 Greenwich Mean Time
                   1700 Central European Time
                   1800 Moscow Standard Time



Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: TLS - NodeJS SDK GateWay.Connect Load Certificate Error

Nicholas Leonardi
 

Hey thanks for replying. The peer section I provided is in my connection profile, the connection.json. Is that what you mean?
If not what do you mean by pem format? Because I've also tried the base64 format of the certificate but got the error that it was
too long.
Also in the examples I've seen they've set the path of the certificate like in this one:

https://github.com/hyperledger/fabric-samples/blob/v1.4.2/first-network/connection-org1.json

    "peers": {
        "peer0.example.com": {
            "url": "grpcs://192.168.0.8:7051",
            "tlsCACerts": "crypto-config/peers/peer0.example/tls/server.cert"
        }
    },


Em quarta-feira, 16 de outubro de 2019 21:38:19 BRT, Nikhil E Gupta <negupta@...> escreveu:



Most of the connection profiles I have seen include the tls cert directly in the connection profile in pem format.


On Oct 16, 2019, at 7:14 PM, Nicholas Leonardi via Lists.Hyperledger.Org <nlzanutim=yahoo.com@...> wrote:


Hey guys,

I've been trying to invoke chaincode using the Gateway class of the fabric-network node module.
The documentation is too vague and I've tried all sorts of things. Of course my peer is rejecting
with TLS handshake fail because I can't seem to load the peers TLS certificate.

Here's my config 

const connectionProfile = safeLoad(fs.readFileSync(__dirname + '/../../connection.json', 'utf8'));

        const caInfo = connectionProfile.peers['peer0.example.com'];
        const peerTLS = caInfo.tlsCACerts;

        const connectionOptions: GatewayOptions = {
            discovery: { enabled: true, asLocalhost: true },
            identity: identity.user_id+'@user.com',
            clientTlsIdentity: peerTLS,
            wallet,
        };

        // Create a new gateway for connecting to our peer node.
        const gateway: Gateway = new Gateway();
        await gateway.connect(connectionProfile, connectionOptions);
        // Get the network (channel) our contract is deployed to.
        const network: Network = await gateway.getNetwork('n2medchannel');

and here's my json config for the peer 

    "peers": {
        "peer0.example.com": {
            "url": "grpcs://192.168.0.8:7051",
            "tlsCACerts": "crypto-config/peers/peer0.example/tls/server.cert"
        }
    },

In the tlsCACerts I've also tried the  crypto-config/peerOrganizations/msp/tlscacerts/tls-rca-com-7054.pem and here's
the output error
 
PEER TLSSSS ../../../crypto-config/peerOrganizations/msp/tlscacerts/tls-rca-n2med-com-7054.pem
TypeError: Cannot read property 'certificate' of null.

It seems the 
        const caInfo = connectionProfile.peers['peer0.example.com'];
        const peerTLS = caInfo.tlsCACerts;
is getting only the path and not loading the certificate.

Thanks in advance



TLS - NodeJS SDK GateWay.Connect Load Certificate Error

Nicholas Leonardi
 

Hey guys,

I've been trying to invoke chaincode using the Gateway class of the fabric-network node module.
The documentation is too vague and I've tried all sorts of things. Of course my peer is rejecting
with TLS handshake fail because I can't seem to load the peers TLS certificate.

Here's my config 

const connectionProfile = safeLoad(fs.readFileSync(__dirname + '/../../connection.json', 'utf8'));

        const caInfo = connectionProfile.peers['peer0.example.com'];
        const peerTLS = caInfo.tlsCACerts;

        const connectionOptions: GatewayOptions = {
            discovery: { enabled: true, asLocalhost: true },
            identity: identity.user_id+'@user.com',
            clientTlsIdentity: peerTLS,
            wallet,
        };

        // Create a new gateway for connecting to our peer node.
        const gateway: Gateway = new Gateway();
        await gateway.connect(connectionProfile, connectionOptions);
        // Get the network (channel) our contract is deployed to.
        const network: Network = await gateway.getNetwork('n2medchannel');

and here's my json config for the peer 

    "peers": {
        "peer0.example.com": {
            "url": "grpcs://192.168.0.8:7051",
            "tlsCACerts": "crypto-config/peers/peer0.example/tls/server.cert"
        }
    },

In the tlsCACerts I've also tried the crypto-config/peerOrganizations/msp/tlscacerts/tls-rca-com-7054.pem and here's
the output error
 
PEER TLSSSS ../../../crypto-config/peerOrganizations/msp/tlscacerts/tls-rca-n2med-com-7054.pem
TypeError: Cannot read property 'certificate' of null.

It seems the 
        const caInfo = connectionProfile.peers['peer0.example.com'];
        const peerTLS = caInfo.tlsCACerts;
is getting only the path and not loading the certificate.

Thanks in advance


Next Hyperledger Fabric Application Developer Community call - Thursday Oct 17th @ 3pm UTC (4pm UK, 11am ET, 8am PT)

Paul O'Mahoney <mahoney@...>
 

dear Fabric Application Developer,


the next  Fabric Application Developer community call is scheduled for this  Thursday Oct 17th @ 3pm UTC (4pm UK, 11am ET, 8am PT) It lasts approx 30-60 mins FYI. Note: it is now begins one hour earlier.

The agenda will be posted here -> https://wiki.hyperledger.org/display/fabric/Meeting+Agendas%3A+Fabric+Application+Developer+Community+Call

This community call is held bi-weekly via Zoom webconference and is aimed at :

- helping the worldwide Hyperledger Fabric Application Developer community grow in their development journey (eg. developing applications, smart contracts, chaincode, developing clients, using the SDK etc - eg. whether its NodeJS, Java, Go etc etc) 
- caters for the developer perspective and the developer community.
- helping app developers understand / hear more about exciting new things in Fabric, eg. features upcoming or work in progress - ie things that appeal to the developer
- to foster more interest, best practices etc in developing applications (eg developing solutions, use cases) with Hyperledger Fabric. 
- opportunity to ask questions of the Fabric team eg. you may have feedback/questions on your experiences developing solutions with Fabric
- to share stuff you've done with the community, eg sample code / sample use cases that others may be interested in

If you wish to share content on a call, just let me know via email direct or DM me on Rocketchat (ID: mahoney1) and I'll put an item on the agenda. Provide the following:
- the topic (state whether its presentation, or demo etc)
- the full name of the presenter, and 
- approx length of your pitch in minutes


The Zoom webconference ID is https://zoom.us/my/hyperledger.community   

More information can be found on the community page -> https://wiki.hyperledger.org/display/fabric/Fabric+Application+Developer+Community+Calls

You can get calendar invites (eg iCal) here

many thanks for your time - feel free to forward this email if you think it is of interest to a colleague.

Paul O'Mahony
Community Lead - Hyperledger Fabric Developer Community
RocketChat:  mahoney1

mahoney@...


Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: Chaincode Container Not Getting Created #fabric #fabric-chaincode

soumya nayak <soumyarjnnayak@...>
 

Thanks Nicholas for the reply. 

One thing i noticed is when i am installing the private chaincode . i checked in both the peer org machines the IDs of the installed chaincode is same but still the container was only created in the machine from where the instantiate command was run.

Regards,
Soumya


Re: Chaincode Container Not Getting Created #fabric #fabric-chaincode

Nicholas Leonardi
 

Hey, there's an easier and more trusted way for production.
First you run the command 

peer chaincode package -n ccName -p /opt/chaincodePath -v 1 chaincode.pak -l node

Then you get that chaincode.pak and run the command for the second org

peer chaincode install /etc/hyperledger/configtx/medcc.pak

This is how it should be in production because then all orgs will have exactly the same chaincode, version, name and fingerprint without any problems. 



Em terça-feira, 15 de outubro de 2019 08:04:45 BRT, soumya nayak <soumyarjnnayak@...> escreveu:


Resolved the issue . The chaincode folder structure should be exactly same in both the peers to get the same hash fingerprintID which will create chaincode containers for both the org peers


Re: Can not bootstrap Orderers

indirajith
 

Hi Juan, One correction. The config.yaml should be present in all MSPs including, peers, orderers, users and organisations. 


On Mon, 14 Oct 2019 at 13:16, <juan@...> wrote:
Hi!
any clue on this issue? I'm facing the same problem, same version of peer and orderer.

Regards,
Juan


Re: Chaincode Container Not Getting Created #fabric #fabric-chaincode

soumya nayak <soumyarjnnayak@...>
 

Resolved the issue . The chaincode folder structure should be exactly same in both the peers to get the same hash fingerprintID which will create chaincode containers for both the org peers


Chaincode Container Not Getting Created #fabric #fabric-chaincode

soumya nayak <soumyarjnnayak@...>
 

Hi All,

Fabric - v1.4.3 (RAFT Orderer Set Up)

I have two Orgs network. OrgA and OrgB.
Installed the chaincode on both the anchor peers of OrgA and OrgB. Instantiated the chaincode from the anchor peer of OrgA. Successfully chaincode container is created in OrgA. Successful invocation of transaction is also happening.
But the chaincode container is not created for OrgB. List of instantiated chaincode is showing when the command is run from tools container of OrgB anchor peer. When i am invoking for any transaction from OrgB anchor Peer below is the issue :-

Error: endorsement failure during query. response: status:500 message:"failed to execute transaction e77af488e03537a465c30e56c6c13330f4c7f8aae8eae1a92656607c91c8df83: [channel legaldescriptionchannel] failed to get chaincode container info for ldbc:1.0: could not get chaincode code: chaincode fingerprint mismatch: data mismatch"

Regards,
Ranjan


Re: Can not bootstrap Orderers

indirajith
 

Hi Juan, 

I have done several steps and encountered some ther issues as well, so I am sorry I am not exactly sure what step rectified this particular issue. But, can you make sure you have a file 'config.yaml' with the Organisational Units defined in it in orderer's msp directory? Try this to check whether it works. For example, I have the following:

/hyperledger/org2/ord1/msp$ cat config.yaml
NodeOUs:
   Enable: true
   ClientOUIdentifier:
      Certificate: cacerts/rca-org2-local-7055.pem
      OrganizationalUnitIdentifier: client
   PeerOUIdentifier:
      Certificate: cacerts/rca-org2-local-7055.pem
      OrganizationalUnitIdentifier: peer
   AdminOUIdentifier:
      Certificate: cacerts/rca-org2-local-7055.pem
      OrganizationalUnitIdentifier: admin
   OrdererOUIdentifier:
      Certificate: cacerts/rca-org2-local-7055.pem
      OrganizationalUnitIdentifier: orderer

Best regards,
Indirajith.


On Mon, 14 Oct 2019 at 13:16, <juan@...> wrote:
Hi!
any clue on this issue? I'm facing the same problem, same version of peer and orderer.

Regards,
Juan


Re: Can not bootstrap Orderers

juan@...
 

Hi!
any clue on this issue? I'm facing the same problem, same version of peer and orderer.

Regards,
Juan


new RFCs proposal

Christopher Ferris
 

At the Maintainers Summit, a few of us thought that aligning with the RFC process being adopted by other Hyperledger projects would be a nice way of reducing the barrier to entry for new contributors etc.

I adapted the Sawtooth RFC process doc for Fabric here https://github.com/christo4ferris/fabric-rfcs-proposal

I would encourage feedback and issues or PRs to improve it.

Chris


Documentation Workgroup: Agenda for Friday, 11 October

Anthony O'Dowd <a_o-dowd@...>
 

Hello All,

We hold our regular documentation workgroup call this week. Check the bottom of this note for the both Eastern and Western hemisphere meeting details.

For this week's meeting, our attention continues to be on Fabric version v2.0. The full agenda is available for you to read here :  https://drive.google.com/open?id=1qpFJoo9DZBnJrqEkrglm1UFFz3lc76VG Some particularly interesting stuff this week, including V2 configuration changes from Pam, and BYFN sample restructuring from Nik.  Here's the recording of last week's Western hemisphere call : https://drive.google.com/open?id=1DlxNGy5apRIAQpdbb8wLOW_p9aOZ4OeK (Thanks to Joe for recording this!)

If you'd like to contribute, please join either call -- there are now lots of people who are keen to help you get up and running, and contributing to the documentation.

Feel free to post comments to the mailing list, so that we can include at the meeting. Or you can just come along, listen and discuss - you're always welcome!

Best regards,

Anthony, Pam, Joe, Nik

Meeting Details
-------------
Please use the following link to attend the meeting:  https://zoom.us/j/6223336701

Zoom should work in the browser.  I will open the call 5 minutes early so that folks can test it out. I'll also monitor the RocketChat at https://chat.hyperledger.org/channel/fabric-release so that if anyone has issues, ping me there!

More Zoom connection options at the bottom of this note.

The meeting times are as follows:


Meeting 100A: Friday 11 Oct
                   1130 India Standard Time
                   1400 China Standard Time
                   1500 Japan Standard Time
                   1700 Australia Eastern Time
                   1400 Singapore Time
                   1000 Gulf Standard Time
                   1000 Moscow Standard Time
                   0700 Greenwich Mean Time
                   0800 Central European Time    

Meeting 100B: Friday 11 Oct
              1000 Central Daylight Time
                   1100 Eastern Daylight Time
                   0800 Pacific Daylight Time
                   1200 Brasil Standard Time
                   1600 Greenwich Mean Time
                   1700 Central European Time
                   1800 Moscow Standard Time

 
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Re: How to configure Fabric CA with MySQL or PostgreSQL? #fabric-ca #ssl #database

Gari Singh <garis@...>
 

From the error, I assume you are trying to connect to MySQL over TLS.
Looks like MySQL auto-generated a server certificate with a Common Name or SAN of "MySQL_Server_8.0.17_Auto_Generated_Server_Certificate".
Likely in your config you are trying to connect to "localhost" which does not match "MySQL_Server_8.0.17_Auto_Generated_Server_Certificate".

So you have a few options:

- follow https://dev.mysql.com/doc/refman/8.0/en/creating-ssl-rsa-files-using-mysql.html and generate certificates using openssl with the proper Common Name or SAN
- create a hosts entry on the host server running the CA and MySQL which maps "MySQL_Server_8.0.17_Auto_Generated_Server_Certificate" to 127.0.0l and replace "localhost" with "MySQL_Server_8.0.17_Auto_Generated_Server_Certificate" in your fabric-ca-server config file.
- don't use TLS and see if things work

I'd go with the first option.

-- G



-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: fabric@...
From: trinayanbhatt1@...
Sent by: fabric@...
Date: 10/10/2019 06:10AM
Subject: [EXTERNAL] [Hyperledger Fabric] How to configure Fabric CA with MySQL or PostgreSQL? #fabric-ca #ssl #database

Hey, I was trying to configure Fabric-CA with mysql and PostgreSQL for using LDAP. I'm not able to initialize the db due to some ssl certificate issue.

And when I start my fabric-ca-server then these logs are produced:
[INFO] Configuration file location: /home/trinayan/Documents/newca/fabric-ca-server-config.yaml
[INFO] Starting server in home directory: /home/trinayan/Documents/newca
[WARNING] Unknown provider type: ; metrics disabled
[INFO] Server Version: 1.4.2
[INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
[WARNING] &{69 The specified CA certificate file /home/trinayan/Documents/newca/ca-cert.pem does not exist}
[INFO] generating key: &{A:ecdsa S:256}
[INFO] encoded CSR
[INFO] signed certificate with serial number 646347233835345802692423971159804543235939577965
[INFO] The CA key and certificate were generated for CA
[INFO] The key was stored by BCCSP provider 'SW'
[INFO] The certificate is at: /home/trinayan/newca/ca-cert.pem
[ERROR] Error occurred initializing database: Failed to connect to MySQL database: x509: certificate is valid for MySQL_Server_8.0.17_Auto_Generated_Server_Certificate, not localhost
[INFO] Home directory for default CA: /home/trinayan/Documents/newca
[INFO] Operation Server Listening on [::]:36189
[INFO] Listening on http://0.0.0.0:7054


Re: Error: 2 UNKNOWN: access denied: channel [] creator org [Org3MSP] #fabric-sdk-node

ramesh.bobbala1990@...
 

I have added in "artifacts/channel/configtx.yaml" file.

Profiles:
 
    ThreeOrgsOrdererGenesis:
        Orderer:
            <<: *OrdererDefaults
            Organizations:
                - *OrdererOrg
        Consortiums:
            SampleConsortium:
                Organizations:
                    - *Org1
                    - *Org2
                    - *Org3
    ThreeOrgsChannel:
        Consortium: SampleConsortium
        Application:
            <<: *ApplicationDefaults
            Organizations:
                - *Org1
                - *Org2
                - *Org3

Apart from this, should I add anywhere else? Please let me know.


How to configure Fabric CA with MySQL or PostgreSQL? #fabric-ca #ssl #database

trinayanbhatt1@...
 

Hey, I was trying to configure Fabric-CA with mysql and PostgreSQL for using LDAP. I'm not able to initialize the db due to some ssl certificate issue.

And when I start my fabric-ca-server then these logs are produced:
[INFO] Configuration file location: /home/trinayan/Documents/newca/fabric-ca-server-config.yaml
[INFO] Starting server in home directory: /home/trinayan/Documents/newca
[WARNING] Unknown provider type: ; metrics disabled
[INFO] Server Version: 1.4.2
[INFO] Server Levels: &{Identity:2 Affiliation:1 Certificate:1 Credential:1 RAInfo:1 Nonce:1}
[WARNING] &{69 The specified CA certificate file /home/trinayan/Documents/newca/ca-cert.pem does not exist}
[INFO] generating key: &{A:ecdsa S:256}
[INFO] encoded CSR
[INFO] signed certificate with serial number 646347233835345802692423971159804543235939577965
[INFO] The CA key and certificate were generated for CA 
[INFO] The key was stored by BCCSP provider 'SW'
[INFO] The certificate is at: /home/trinayan/newca/ca-cert.pem
[ERROR] Error occurred initializing database: Failed to connect to MySQL database: x509: certificate is valid for MySQL_Server_8.0.17_Auto_Generated_Server_Certificate, not localhost
[INFO] Home directory for default CA: /home/trinayan/Documents/newca
[INFO] Operation Server Listening on [::]:36189
[INFO] Listening on http://0.0.0.0:7054


Re: Error: 2 UNKNOWN: access denied: channel [] creator org [Org3MSP] #fabric-sdk-node

Anil Singh <anil.singh@...>
 

You will have to add this newly created org Org3 to consortium first as I guess this Org3 is not part any consortium.

Thanks,
Anil

Thanks,
Anil Singh
+91 8197218180



On Wed, Oct 9, 2019 at 6:09 PM +0530, <ramesh.bobbala1990@...> wrote:

Hi,

I was trying to create a new org with name org3 in balance transfer application 1.4.3 version.

Started the network, I tried to run all the REST API's as per the documentation.

After registering users on all 3 orgs, created a new channel with mychannel. Then I tried to join all the peers to all 3 orgs to mychannel.

I was able to join peers to org1 and org2 to mychannel through REST API, but when send to join peers to org3 to join mychannel it was giving below error.

curl -s -X POST http://localhost:4000/channels/mychannel/peers -H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Njk0MzgzNTIsInVzZXJuYW1lIjoiUmFtZXNoIiwib3JnTmFtZSI6Ik9yZzMiLCJpYXQiOjE1Njk0MDIzNTJ9.iyMdcz7zYgR6bQHuWBQXrgYJ8U_wXsdDEZ8rOTR4Fvs" -H "content-type: application/json" -d '{"peers": ["peer0.org3.example.com","peer1.org3.example.com"]}'

[ERROR] Join-Channel - Failed to join all peers to channel. cause:Failed to join peer to the channel with error :: Error: 2 UNKNOWN: access denied: channel [] creator org [Org3MSP]

If anyone faced/solved this issue, then please give suggestions. 


Thanks,
Ramesh.


Error: 2 UNKNOWN: access denied: channel [] creator org [Org3MSP] #fabric-sdk-node

ramesh.bobbala1990@...
 

Hi,

I was trying to create a new org with name org3 in balance transfer application 1.4.3 version.

Started the network, I tried to run all the REST API's as per the documentation.

After registering users on all 3 orgs, created a new channel with mychannel. Then I tried to join all the peers to all 3 orgs to mychannel.

I was able to join peers to org1 and org2 to mychannel through REST API, but when send to join peers to org3 to join mychannel it was giving below error.

curl -s -X POST http://localhost:4000/channels/mychannel/peers -H "authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1Njk0MzgzNTIsInVzZXJuYW1lIjoiUmFtZXNoIiwib3JnTmFtZSI6Ik9yZzMiLCJpYXQiOjE1Njk0MDIzNTJ9.iyMdcz7zYgR6bQHuWBQXrgYJ8U_wXsdDEZ8rOTR4Fvs" -H "content-type: application/json" -d '{"peers": ["peer0.org3.example.com","peer1.org3.example.com"]}'

[ERROR] Join-Channel - Failed to join all peers to channel. cause:Failed to join peer to the channel with error :: Error: 2 UNKNOWN: access denied: channel [] creator org [Org3MSP]

If anyone faced/solved this issue, then please give suggestions. 


Thanks,
Ramesh.


Re: Raft - Orderer TLS Problem

Yacov
 

that's not what I said.

You need to add the TLS CA certificates of the CAs that issued the TLS certificate of the orderer node (the consenter) too.



From:        Nicholas Zanutim <nlzanutim@...>
To:        Yacov <yacovm@...>
Cc:        fabric@..., Hyperledger-fabric <hyperledger-fabric@...>
Date:        10/09/2019 02:53 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Raft - Orderer TLS Problem




It is. I update the channel configuration with it and add it as a consenter and its address.
I checked it by pulling the latest config and checking the json.


Em quarta-feira, 9 de outubro de 2019 08:50:43 BRT, Yacov <yacovm@...> escreveu:


Seems like the TLS CA certificate of the orderer of org2 is not in the channel configuration.



From:        
"Nicholas Leonardi via Lists.Hyperledger.Org" <nlzanutim=yahoo.com@...>
To:        
Hyperledger-fabric <hyperledger-fabric@...>
Cc:        
fabric@...
Date:        
10/09/2019 02:33 PM
Subject:        
[EXTERNAL] [Hyperledger Fabric] Raft - Orderer TLS Problem
Sent by:        
fabric@...




Hey guys,
I'm having an issue with the orderers communicating with each other via TLS.
Scenario:
2 Orgs - 2 Machines
Org 1 -> 3 Orderers all communicating with each other
Org 2 -> 1 Orderer

I include Orderer Org 2 in the system channel and application channel via channel update. All goes well.
I get orderer latest config from orderer org 1 and start orderer org 2 with it. It recognizes the rest of the network as they try to communicate.
I'm using Fabric-ca root to generate certificates for Org 1 and fabric ca Intermediate to generate org 2's identity for both orderer and peer.


Now the weird part is that the peers communicate with each other, the blocks sync between ALL 4 orderers and both peers if I invoke chaincode on Org 1. Now I can't invoke on org 2 because Orderer org 2 says there are no consenters.


This is the error on orderers.

{192.168.68.133:7050 0  <nil>}. Err :connection error: desc = "transport: authentication handshake failed: x509: certificate signed by unknown authority"


I can't figure it out because I'm using the same configurations to generate the certificates for the peers and orderers and the peers do communicate via TLS without any problem. I've had IP SANs problem in the past but now that's not the issue.


I've been stuck for the past 4 days with this error. Does the orderer require different certificates?
I've also tried using the TLS certificates from the TLSCA and TLSCAINTERMEDIATE folders with no luck.


Thanks in advance


 
orderer:
   
container_name: orderer.example.com
   
image: hyperledger/fabric-orderer
   
environment:
     -
FABRIC_LOGGING_SPEC=grpc=debug:info
     -
ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
     -
ORDERER_GENERAL_GENESISMETHOD=file
     -
ORDERER_OPERATIONS_LISTENADDRESS=0.0.0.0:8443
     -
ORDERER_GENERAL_GENESISFILE=/etc/hyperledger/configtx/channel.block
     -
ORDERER_GENERAL_LOCALMSPID=ExampleOrdererMSP
     -
ORDERER_GENERAL_LOCALMSPDIR=/etc/hyperledger/msp/orderer/msp
     
# Enable TLS
     -
ORDERER_GENERAL_TLS_ENABLED=true
     -
ORDERER_GENERAL_TLS_PRIVATEKEY=/etc/hyperledger/msp/orderer/tls/server.key
     -
ORDERER_GENERAL_TLS_CERTIFICATE=/etc/hyperledger/msp/orderer/tls/server.crt
     -
ORDERER_GENERAL_TLS_ROOTCAS=/etc/hyperledger/msp/orderer/tls/ca.crt
     -
ORDERER_GENERAL_TLS_CLIENTROOTCAS=/etc/hyperledger/msp/orderer/tls/ca.crt
     -
ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/etc/hyperledger/msp/orderer/tls/server.crt
     -
ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/etc/hyperledger/msp/orderer/tls/server.key
     -
ORDERER_GENERAL_CLUSTER_ROOTCAS=[/etc/hyperledger/msp/orderer/tls/ca.crt]
   
working_dir: /opt/orderer
   
command: orderer
   
ports:
     -
7050:7050
   
volumes:
       -
./config/:/etc/hyperledger/configtx
       -
./crypto-config/ordererOrganizations/orderers/orderer.example.com:/etc/hyperledger/msp/orderer
       -
./tls-certificates:/etc/hyperledger/tls-certificates     
   
networks:
     -
n2med







4481 - 4500 of 11422