Date   

Re: Understanding cryptogen PATH

satheesh
 

Any clue in bootstrap/build logs ?

-Satheesh

On Friday, April 30, 2021, 05:04:26 PM GMT+5:30, <mahwish.anwar@...> wrote:


I am using Fabric v 2.0.1.

go env
GOPATH=/home/usr/go          //where usr is my username

cat ~/.bashrc
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$PATH
export PATH=$HOME/hyperledger/bin

Directory structure:
home/usr/go
I installed fabric code in  /home/usr/go/src/github.com/hyperledger/fabric
I used wget bootstrap.sh to install  fabric binaries in /home/hyperledger

I am not able to find cryptogen. What am I missing?


Understanding cryptogen PATH

Mahwish Anwar
 

I am using Fabric v 2.0.1.

go env
GOPATH=/home/usr/go          //where usr is my username

cat ~/.bashrc
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$PATH
export PATH=$HOME/hyperledger/bin

Directory structure:
home/usr/go
I installed fabric code in  /home/usr/go/src/github.com/hyperledger/fabric
I used wget bootstrap.sh to install  fabric binaries in /home/hyperledger

I am not able to find cryptogen. What am I missing?


Re: Fabric CA server with customized CSR details.

Pechimuthu T
 

Hi,

Again I tried with the following

Started Fabric CA Server using following command in POD

fabric-ca-server start -b ${USERNAME}:${PASSWORD} --tls.enabled --csr.hosts ${CSR_HOSTS}

It has created following files.
ca-cert.pem  fabric-ca-server-config.yaml  fabric-ca-server.db  IssuerPublicKey  IssuerRevocationPublicKey  ./msp and tls-cert.pem

later I have deleted ca-cert.pem , msp folder, and tls-ca-cert.pem, 
Modified fabric-ca-server-config.yaml file CSR.

Then Within POD,  again I ran

fabric-ca-server start

It has generated  all the files except  tls-cert.pem

ca-cert.pem  fabric-ca-server-config.yaml  fabric-ca-server.db  IssuerPublicKey  IssuerRevocationPublicKey  ./msp

When we start the pod,  fabric-ca-server start command generate all the files including tls-cert.pem
But after modifying fabric-ca-server-config.yaml file the " fabric-ca-server start"  command is not generating tls-cert.pem.
anything missing in my fabric-ca-server-config.yaml file ?

Attached modified fabric-ca-server-config.yaml for your reference.

Thanks and Regards,
T. Pechimuthu


From: "Pechimuthu T" <tpmuthu@...>
To: alaskadd@...
Cc: YACOVM@..., fabric@...
Sent: Friday, April 30, 2021 11:27:32 AM
Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.

Hi,

After enabling

--tls.enabled true  has generated ca-cert.pem  reflects the modified CSR section.

But without that also I am getting the details in ca-cert.pem.
It did not generate  tls-ca-cert.pem for the CA server while starting CA server.

correct me if I am wrong,  if I start the CA server as given bellow it generates only  keys, and ca-cert.pem.

fabric-ca-server start \
  -b ${USERNAME}:${PASSWORD} \
  --tls.enabled true \
  --csr.hosts ${CSR_HOSTS} \
  --
csr.cn${CSR_CN}

--tls.enabled true option  is for enabling  secure connectivity from client to CA server.  For that we need provide
tlscertificate and its key.    I think we need to generate tlscertificate for CA from farbic-ca-client.


Regards,
T. Pechimuthu



From: alaskadd@...
To: YACOVM@...
Cc: "Pechimuthu T" <tpmuthu@...>, fabric@...
Sent: Thursday, April 29, 2021 5:25:52 PM
Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.

As Yacov said, it is not recommended although it is possible.  There are details that explain the deployment steps in this doc:

However, going back to the first question you originally asked, when setting --tls.enabled true on your orgCA did it execute as expected reflecting the details of your modified CSR section?

On Apr 29, 2021, at 6:45 AM, Yacov Manevich <YACOVM@...> wrote:

You can, but it's not recommended 



From:        "Pechimuthu T" <tpmuthu@...>
To:        alaskadd@..., fabric@...
Date:        04/29/2021 02:40 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.
Sent by:        fabric@...




Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu ‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender 
This message came from outside your organization. 
ZjQcmQRYFpfptBannerEnd
Hi,

For an Organization let say Org1,  if we setup a CA server, do We have to setup of TLSCA separately ?
Can't we use the same CA which can  function  as CA and TLSCA as well ? 

Thanks and Regards,
T. Pechimuthu





From: alaskadd@...
To: 
alaskadd@...
Cc: 
"Pechimuthu T" <tpmuthu@...>, fabric@...
Sent: 
Tuesday, April 27, 2021 7:23:36 PM
Subject: 
Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.


Meant to say it must be 'set' to true.

--------------------------------------------------------------------------------
fabric-ca-server start \
  -b ${USERNAME}:${PASSWORD} \
  --tls.enabled true \
  --csr.hosts ${CSR_HOSTS} \
  --csr.cn${CSR_CN}
--------------------------------------------------------------------------------


On Apr 27, 2021, at 6:51 AM, Chris Gabriel via lists.hyperledger.org<alaskadd=gmail.com@...> wrote:

Hello,

--tls.enabled is not complete.  It must equal "true"

so --tls.enabled true if using command line flags

Note the 'tls' section of the following doc:
https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/ca-config.html

Hope this helps,
Chris

On Apr 27, 2021, at 6:14 AM, Pechimuthu T <tpmuthu@...> wrote:

hello,

when we start fabric-ca server we get the following files are generated.
--------------------------------------------------------------------------------
fabric-ca-server start \
  -b ${USERNAME}:${PASSWORD} \
  --tls.enabled \
  --csr.hosts ${CSR_HOSTS} \
  --csr.cn${CSR_CN}
--------------------------------------------------------------------------------

IssuerPublicKey
IssuerRevocationPublicKey  
ca-cert.pem  
fabric-ca-server-config.yaml  
fabric-ca-server.db  
./msp
tls-cert.pem


I have changed fabric-ca-server-config.yaml file( changes are specific to CSR section )
deleted ca-cert.pem, ./msp folder, and tls-cert.pem
after that started fabric-ca-server again as mentioned above.

ca-cert.pem has been changed as per my csr config.

But tls-cert.pem is not generated at all.  Any thing i am missing ?
we want the tls-cert.pem also to be regenerated as per my modify CSR config.

any one has faced this issue ? Help in this regard is very much appreciated.

Thanks and Regards,
T. Pechimuthu












Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   










Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   






Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   


When ordering nodes will not reach consensus

Mahwish Anwar
 

Hi
Like orderer nodes in raft do consensus on the dataset and validate if all datasets match. Then the leader makes sure the new transaction is committed to all channel ledgers.
In what situations will the data be different from 2 or 3 ordering nodes? 
Example - when orderer dies, the ordering cluster still is able to validate and commit the transaction. 


Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes

Mahwish Anwar
 

I see. This aggregator does not have to be then part of the fabric NW? 
Anything that becomes part of fabric will have access to view the blockchain.


Re: Fabric CA server with customized CSR details.

Pechimuthu T
 

Hi,

After enabling

--tls.enabled true  has generated ca-cert.pem  reflects the modified CSR section.

But without that also I am getting the details in ca-cert.pem.
It did not generate  tls-ca-cert.pem for the CA server while starting CA server.

correct me if I am wrong,  if I start the CA server as given bellow it generates only  keys, and ca-cert.pem.

fabric-ca-server start \
  -b ${USERNAME}:${PASSWORD} \
  --tls.enabled true \
  --csr.hosts ${CSR_HOSTS} \
  --
csr.cn${CSR_CN}

--tls.enabled true option  is for enabling  secure connectivity from client to CA server.  For that we need provide
tlscertificate and its key.    I think we need to generate tlscertificate for CA from farbic-ca-client.


Regards,
T. Pechimuthu



From: alaskadd@...
To: YACOVM@...
Cc: "Pechimuthu T" <tpmuthu@...>, fabric@...
Sent: Thursday, April 29, 2021 5:25:52 PM
Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.

As Yacov said, it is not recommended although it is possible.  There are details that explain the deployment steps in this doc:

However, going back to the first question you originally asked, when setting --tls.enabled true on your orgCA did it execute as expected reflecting the details of your modified CSR section?

On Apr 29, 2021, at 6:45 AM, Yacov Manevich <YACOVM@...> wrote:

You can, but it's not recommended 



From:        "Pechimuthu T" <tpmuthu@...>
To:        alaskadd@..., fabric@...
Date:        04/29/2021 02:40 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.
Sent by:        fabric@...




Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu ‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender 
This message came from outside your organization. 
ZjQcmQRYFpfptBannerEnd
Hi,

For an Organization let say Org1,  if we setup a CA server, do We have to setup of TLSCA separately ?
Can't we use the same CA which can  function  as CA and TLSCA as well ? 

Thanks and Regards,
T. Pechimuthu





From: alaskadd@...
To: 
alaskadd@...
Cc: 
"Pechimuthu T" <tpmuthu@...>, fabric@...
Sent: 
Tuesday, April 27, 2021 7:23:36 PM
Subject: 
Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.


Meant to say it must be 'set' to true.

--------------------------------------------------------------------------------
fabric-ca-server start \
  -b ${USERNAME}:${PASSWORD} \
  --tls.enabled true \
  --csr.hosts ${CSR_HOSTS} \
  --csr.cn${CSR_CN}
--------------------------------------------------------------------------------


On Apr 27, 2021, at 6:51 AM, Chris Gabriel via lists.hyperledger.org<alaskadd=gmail.com@...> wrote:

Hello,

--tls.enabled is not complete.  It must equal "true"

so --tls.enabled true if using command line flags

Note the 'tls' section of the following doc:
https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/ca-config.html

Hope this helps,
Chris

On Apr 27, 2021, at 6:14 AM, Pechimuthu T <tpmuthu@...> wrote:

hello,

when we start fabric-ca server we get the following files are generated.
--------------------------------------------------------------------------------
fabric-ca-server start \
  -b ${USERNAME}:${PASSWORD} \
  --tls.enabled \
  --csr.hosts ${CSR_HOSTS} \
  --csr.cn${CSR_CN}
--------------------------------------------------------------------------------

IssuerPublicKey
IssuerRevocationPublicKey  
ca-cert.pem  
fabric-ca-server-config.yaml  
fabric-ca-server.db  
./msp
tls-cert.pem


I have changed fabric-ca-server-config.yaml file( changes are specific to CSR section )
deleted ca-cert.pem, ./msp folder, and tls-cert.pem
after that started fabric-ca-server again as mentioned above.

ca-cert.pem has been changed as per my csr config.

But tls-cert.pem is not generated at all.  Any thing i am missing ?
we want the tls-cert.pem also to be regenerated as per my modify CSR config.

any one has faced this issue ? Help in this regard is very much appreciated.

Thanks and Regards,
T. Pechimuthu












Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   










Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   






Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   


Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes

Nikos Karamolegkos
 

Can you give more details about your use case? Is each end device a different organization? Also can you tell me more about the type of EDs you use and how you set up the general architecture of the BC network? For example all these device in the same channel? Are there IoT GWs?

On 30 Apr 2021 03:36, Mark Rakhmilevich <mark.rakhmilevich@...> wrote:
If you are using client SDK for Fabric, use register() and enroll() APIs to register client orgs and issue their enrollment cert.

Mark


On Apr 29, 2021, at 1:41 AM, mahwish.anwar@... wrote:

Thanks for your reply.
You mean, like we register users in an org? 
These users are defined in crypto-config.yaml and cryptogen assigns IDs to all. New users are added via the client API.
When devices are added from the API (similar to the way users are now added), are they supposed to be mentioned in any config file?

For simulation purposes, how could it be done?


Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes

Mark Rakhmilevich
 

Yes, an aggregator running the client SDK would be needed.  In Oracle Blockchain Platform we provide a built in aggregator with REST APIs.  If the IOT devices can make REST calls, that’s all that’s needed.

Mark


On Apr 29, 2021, at 2:10 AM, Nikos Karamolegkos <nkaram@...> wrote:

So you propose each IoT end device (ED) to be an organization? The EDs can not support fabric to run the a fabric client application and  start a transaction, somehow a proxy (or a IoT) should translate the IoT data and send them to BC. Is this feasible?


Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes

Mark Rakhmilevich
 

If you are using client SDK for Fabric, use register() and enroll() APIs to register client orgs and issue their enrollment cert.

Mark


On Apr 29, 2021, at 1:41 AM, mahwish.anwar@... wrote:

Thanks for your reply.
You mean, like we register users in an org? 
These users are defined in crypto-config.yaml and cryptogen assigns IDs to all. New users are added via the client API.
When devices are added from the API (similar to the way users are now added), are they supposed to be mentioned in any config file?

For simulation purposes, how could it be done?


Re: Fabric CA server with customized CSR details.

Chris Gabriel <alaskadd@...>
 

As Yacov said, it is not recommended although it is possible.  There are details that explain the deployment steps in this doc:

However, going back to the first question you originally asked, when setting --tls.enabled true on your orgCA did it execute as expected reflecting the details of your modified CSR section?

On Apr 29, 2021, at 6:45 AM, Yacov Manevich <YACOVM@...> wrote:

You can, but it's not recommended 



From:        "Pechimuthu T" <tpmuthu@...>
To:        alaskadd@..., fabric@...
Date:        04/29/2021 02:40 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.
Sent by:        fabric@...




Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu ‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender 
This message came from outside your organization. 
ZjQcmQRYFpfptBannerEnd
Hi,

For an Organization let say Org1,  if we setup a CA server, do We have to setup of TLSCA separately ?
Can't we use the same CA which can  function  as CA and TLSCA as well ? 

Thanks and Regards,
T. Pechimuthu





From: alaskadd@...
To: 
alaskadd@...
Cc: 
"Pechimuthu T" <tpmuthu@...>, fabric@...
Sent: 
Tuesday, April 27, 2021 7:23:36 PM
Subject: 
Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.


Meant to say it must be 'set' to true.

--------------------------------------------------------------------------------
fabric-ca-server start \
  -b ${USERNAME}:${PASSWORD} \
  --tls.enabled true \
  --csr.hosts ${CSR_HOSTS} \
  --csr.cn${CSR_CN}
--------------------------------------------------------------------------------


On Apr 27, 2021, at 6:51 AM, Chris Gabriel via lists.hyperledger.org<alaskadd=gmail.com@...> wrote:

Hello,

--tls.enabled is not complete.  It must equal "true"

so --tls.enabled true if using command line flags

Note the 'tls' section of the following doc:
https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/ca-config.html

Hope this helps,
Chris

On Apr 27, 2021, at 6:14 AM, Pechimuthu T <tpmuthu@...> wrote:

hello,

when we start fabric-ca server we get the following files are generated.
--------------------------------------------------------------------------------
fabric-ca-server start \
  -b ${USERNAME}:${PASSWORD} \
  --tls.enabled \
  --csr.hosts ${CSR_HOSTS} \
  --csr.cn${CSR_CN}
--------------------------------------------------------------------------------

IssuerPublicKey
IssuerRevocationPublicKey  
ca-cert.pem  
fabric-ca-server-config.yaml  
fabric-ca-server.db  
./msp
tls-cert.pem


I have changed fabric-ca-server-config.yaml file( changes are specific to CSR section )
deleted ca-cert.pem, ./msp folder, and tls-cert.pem
after that started fabric-ca-server again as mentioned above.

ca-cert.pem has been changed as per my csr config.

But tls-cert.pem is not generated at all.  Any thing i am missing ?
we want the tls-cert.pem also to be regenerated as per my modify CSR config.

any one has faced this issue ? Help in this regard is very much appreciated.

Thanks and Regards,
T. Pechimuthu












Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   










Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   



Re: Fabric CA server with customized CSR details.

Yacov
 

You can, but it's not recommended



From:        "Pechimuthu T" <tpmuthu@...>
To:        alaskadd@..., fabric@...
Date:        04/29/2021 02:40 PM
Subject:        [EXTERNAL] Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.
Sent by:        fabric@...




Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu ‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍‍ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
Hi,

For an Organization let say Org1,  if we setup a CA server, do We have to setup of TLSCA separately ?
Can't we use the same CA which can  function  as CA and TLSCA as well ?

Thanks and Regards,
T. Pechimuthu





From: alaskadd@...
To:
alaskadd@...
Cc:
"Pechimuthu T" <tpmuthu@...>, fabric@...
Sent:
Tuesday, April 27, 2021 7:23:36 PM
Subject:
Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.


Meant to say it must be 'set' to true.

--------------------------------------------------------------------------------
fabric-ca-server start \
  -b ${USERNAME}:${PASSWORD} \
  --tls.enabled true \
  --csr.hosts ${CSR_HOSTS} \
  --csr.cn${CSR_CN}
--------------------------------------------------------------------------------


On Apr 27, 2021, at 6:51 AM, Chris Gabriel via lists.hyperledger.org<alaskadd=gmail.com@...> wrote:

Hello,

--tls.enabled is not complete.  It must equal "true"

so --tls.enabled true if using command line flags

Note the 'tls' section of the following doc:
https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/ca-config.html

Hope this helps,
Chris

On Apr 27, 2021, at 6:14 AM, Pechimuthu T <tpmuthu@...> wrote:

hello,

when we start fabric-ca server we get the following files are generated.
--------------------------------------------------------------------------------
fabric-ca-server start \
  -b ${USERNAME}:${PASSWORD} \
  --tls.enabled \
  --csr.hosts ${CSR_HOSTS} \
  --csr.cn${CSR_CN}
--------------------------------------------------------------------------------

IssuerPublicKey
IssuerRevocationPublicKey  
ca-cert.pem  
fabric-ca-server-config.yaml  
fabric-ca-server.db  
./msp
tls-cert.pem


I have changed fabric-ca-server-config.yaml file( changes are specific to CSR section )
deleted ca-cert.pem, ./msp folder, and tls-cert.pem
after that started fabric-ca-server again as mentioned above.

ca-cert.pem has been changed as per my csr config.

But tls-cert.pem is not generated at all.  Any thing i am missing ?
we want the tls-cert.pem also to be regenerated as per my modify CSR config.

any one has faced this issue ? Help in this regard is very much appreciated.

Thanks and Regards,
T. Pechimuthu












Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.  










Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.  





Re: Fabric CA server with customized CSR details.

Pechimuthu T
 

Hi,

For an Organization let say Org1,  if we setup a CA server, do We have to setup of TLSCA separately ?
Can't we use the same CA which can  function  as CA and TLSCA as well ?

Thanks and Regards,
T. Pechimuthu




From: alaskadd@...
To: alaskadd@...
Cc: "Pechimuthu T" <tpmuthu@...>, fabric@...
Sent: Tuesday, April 27, 2021 7:23:36 PM
Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details.

Meant to say it must be 'set' to true.

--------------------------------------------------------------------------------
fabric-ca-server start \
   -b ${USERNAME}:${PASSWORD} \
   --tls.enabled true \
   --csr.hosts ${CSR_HOSTS} \
   --csr.cn ${CSR_CN}
--------------------------------------------------------------------------------


On Apr 27, 2021, at 6:51 AM, Chris Gabriel via lists.hyperledger.org <alaskadd=gmail.com@...> wrote:

Hello,

--tls.enabled is not complete.  It must equal "true"

so --tls.enabled true if using command line flags

Note the 'tls' section of the following doc:

Hope this helps,
Chris

On Apr 27, 2021, at 6:14 AM, Pechimuthu T <tpmuthu@...> wrote:

hello,

when we start fabric-ca server we get the following files are generated.
--------------------------------------------------------------------------------
fabric-ca-server start \
   -b ${USERNAME}:${PASSWORD} \
   --tls.enabled \
   --csr.hosts ${CSR_HOSTS} \
   --csr.cn ${CSR_CN}
--------------------------------------------------------------------------------

IssuerPublicKey
IssuerRevocationPublicKey  
ca-cert.pem  
fabric-ca-server-config.yaml  
fabric-ca-server.db  
./msp
tls-cert.pem


I have changed fabric-ca-server-config.yaml file( changes are specific to CSR section )
deleted ca-cert.pem, ./msp folder, and tls-cert.pem
after that started fabric-ca-server again as mentioned above.

ca-cert.pem has been changed as per my csr config.

But tls-cert.pem is not generated at all.  Any thing i am missing ?
we want the tls-cert.pem also to be regenerated as per my modify CSR config.

any one has faced this issue ? Help in this regard is very much appreciated.

Thanks and Regards,
T. Pechimuthu












Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   











Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   


Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes

Nikos Karamolegkos
 

So you propose each IoT end device (ED) to be an organization? The EDs can not support fabric to run the a fabric client application and  start a transaction, somehow a proxy (or a IoT) should translate the IoT data and send them to BC. Is this feasible?


Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes

Mahwish Anwar
 

Thanks for your reply.
You mean, like we register users in an org? 
These users are defined in crypto-config.yaml and cryptogen assigns IDs to all. New users are added via the client API.
When devices are added from the API (similar to the way users are now added), are they supposed to be mentioned in any config file?

For simulation purposes, how could it be done?


Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes

Mark Rakhmilevich
 

You can register the IoT devices as client orgs of the trusted node with their own signing certs. Instead of sending an avg, send the actual data and let the chaincode maintain a running average and filter the outliers.

Regards,
     Mark



On Apr 28, 2021, at 4:21 AM, mahwish.anwar@... wrote:

In an IoT scenario, multiple nodes are sending frequent data. It is not feasible to create a fabric network with all devices.
Instead, a fabric node acts as an aggregator, that takes all values from 100s of devices. Note, some of these values can be wrong. So the aggregator filters outliers. Then the aggregator sends an average - one stream to the server so it can take decisions. The aggregator is a fabric peer so is trusted.

One, if a single stream is sent over to the server, then we lose the information - which IoT device sent which data. Any other way?
Second, there is a single point of failure. What else can be a good option? How else to drop outliers?


Re: ORDERER_ADMIN env variables #fabric-orderer

Chris Gabriel <alaskadd@...>
 

It seems it should work, but it is possibly using the generic orderer.yaml file and not your env variables.  So, you may want to double-check that you are working from the correct directory and you are calling the correct docker-compose config if you have multiples.


On Apr 28, 2021, at 1:32 AM, Kumar Shantanu <km.shantanu@...> wrote:

Sure, here it is,

##############
image: hyperledger/fabric-orderer:2.3
environment:
- FABRIC_LOGGING_SPEC=INFO
- ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
- ORDERER_GENERAL_LISTENPORT=7050
- ORDERER_GENERAL_LOCALMSPID=OrdererMSP
- ORDERER_GENERAL_LOCALMSPDIR=/tmp/orderer/orderers/orderer1.build.dlt/msp
# enabled TLS
- ORDERER_GENERAL_TLS_ENABLED=true
- ORDERER_GENERAL_TLS_PRIVATEKEY=/tmp/orderer/orderers/orderer1.build.dlt/tls/keystore/94d3083485ebea73e4e2154776e3fd149edda3c4d5671dcc9c4981a492180b30_sk
- ORDERER_GENERAL_TLS_CERTIFICATE=/tmp/orderer/orderers/orderer1.build.dlt/tls/signcerts/cert.pem
- ORDERER_GENERAL_TLS_ROOTCAS=[/tmp/orderer/orderers/orderer1.build.dlt/tls/tlscacerts/tls-fabric-ca-build-dlt.pem]
- ORDERER_KAFKA_TOPIC_REPLICATIONFACTOR=1
- ORDERER_KAFKA_VERBOSE=true
- ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/tmp/orderer/orderers/orderer1.build.dlt/tls/signcerts/cert.pem
- ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/tmp/orderer/orderers/orderer1.build.dlt/tls/keystore/94d3083485ebea73e4e2154776e3fd149edda3c4d5671dcc9c4981a492180b30_sk
- ORDERER_GENERAL_CLUSTER_ROOTCAS=[/tmp/orderer/orderers/orderer1.build.dlt/tls/tlscacerts/tls-fabric-ca-build-dlt.pem]
- ORDERER_GENERAL_BOOTSTRAPMETHOD=none
- ORDERER_CHANNELPARTICIPATION_ENABLED=true
- ORDERER_ADMIN_TLS_ENABLED=true
- ORDERER_ADMIN_TLS_CERTIFICATE=/tmp/orderer/orderers/orderer1.build.dlt/tls/signcerts/cert.pem
- ORDERER_ADMIN_TLS_PRIVATEKEY=/tmp/orderer/orderers/orderer1.build.dlt/tls/keystore/94d3083485ebea73e4e2154776e3fd149edda3c4d5671dcc9c4981a492180b30_sk
- ORDERER_ADMIN_TLS_ROOTCAS=[/tmp/orderer/orderers/orderer1.build.dlt/tls/tlscacerts/tls-fabric-ca-build-dlt.pem]
- ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/tmp/orderer/orderers/orderer1.build.dlt/tls/tlscacerts/tls-fabric-ca-build-dlt.pem]
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053

####3

On Tue, Apr 27, 2021 at 11:46 PM Chris G <alaskadd@...> wrote:
Hi Shantanu,

Can you please share all of your orderer env variables?  That may assist in helping.

Thanks

On Apr 27, 2021, at 5:29 PM, Kumar Shantanu <km.shantanu@...> wrote:

Hello Team, 

I am trying to setup ORDERER_ADMIN_XX_XX values through environment variables however it doesn't seem to work,

For example, my docker-compose file says,

- ORDERER_ADMIN_TLS_ENABLED=true
- ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053

however when the orderer node starts it says,

orderer1.build.| Admin.TLS.Enabled = false

orderer1.build.| Admin.TLS.PrivateKey = ""

orderer1.build.| Admin.TLS.Certificate = ""

orderer1.build.| Admin.TLS.RootCAs = []

orderer1.build.| Admin.TLS.ClientAuthRequired = false

orderer1.build.| Admin.TLS.ClientRootCAs = []

orderer1.build.| Admin.TLS.TLSHandshakeTimeShift = 0s


Can someone please suggest a solution here. I am using orderer version 2.3

Thanks
Shantanu



Re: Deprecation of Docker Runtime in Kubernetes - No access to local docker socket #docker #hyperledger-fabric #fabric

Chris Gabriel <alaskadd@...>
 

From what I have found so far in a limited bit of looking into the effects of the deprecation when it actually happens is that it will cause a breaking change to the Dind container.  Although there is an alternative, I find it may be cleaner to continue on the path I was going down to use the launcher and then change the CRI runtime from Docker to Containerd for my implementation.  



Disclaimer: I have not tested this yet but will post results in this thread.

On Apr 28, 2021, at 3:50 AM, Gari Singh <gari.r.singh@...> wrote:

Using DinD in the short term should work ok, but be aware that you will need to run the Dind container with elevated privileges which can be problematic in many environments.  The best course of action is to plan for an upgrade and use a launcher.

On Tue, Apr 27, 2021 at 3:52 PM Chris Gabriel <alaskadd@...> wrote:
Also, I forgot to mention that when running on Kubernetes I set the environment variable for the CORE_VM_ENDPOINT to “http://localhost:2375” and not unix:///var/run/docker.sock 

There is more detail on this if you examine the CORE VM ENDPOINT section of core.yaml



On Apr 27, 2021, at 2:31 PM, Chris Gabriel via lists.hyperledger.org<alaskadd=gmail.com@...> wrote:

Hi Ramesh,

I am still looking into the ramifications of the Deprecation of Docker Runtime in Kubernetes for my network.  I’ll post what I find out.

As far as your second question, you can do either.  I am currently running HLF 2.3 on Kubernetes 1.20.2 with dind and all works fine.  I plan on migrating this to run the external chaincode builders in the near future however.  

Hope this helps,
Chris

On Apr 27, 2021, at 1:39 PM, ramesh.bobbala1990@... wrote:

Hello Everyone, 

 

Any further updates on this issue? I am facing the same issue, currently using HLF 1.4 version on Kubernetes 1.18 version and trying to upgrade kubernetes version to 1.19 version. 

Which is the best way to implement HLF setup on kubernetes latest versions.
1. Upgrading to 2.x versions using external chaincode builders and chaincode as an external service
2. Or  via dind (Docker-in-Docker)

 






Difference chaincode (smart contracts) in private collection

Nikos Karamolegkos
 

I am wondering if in a private Hyperledger Fabric 2.2 network with N organizations in one channel can have different private smart contracts? Specifically, I would like to build a network with N orgs and M peers in each org, where each org will have it's own private data collection while at the same time all M peers of N orgs will be part of the endorsement policy. For example if org1 needs to update it's private part of the ledger all the network peers will be part of the endorsement without knowing the data that will be committed by the org1. Is this feasible?

--
Nikos Karamolegkos
R & D engineer at ICS-FORTH
Telecommunications and Networks Lab (TNL)


Fabric Contributor Meeting - Wed, 04/28/2021 #cal-notice

fabric@lists.hyperledger.org Calendar <noreply@...>
 

Fabric Contributor Meeting

When:
Wednesday, 28 April 2021
9:00am to 10:00am
(GMT-04:00) America/New York

Where:
https://zoom.us/my/hyperledger.community.3?pwd=UE90WHhEaHRqOGEyMkV3cldKa2d2dz09

Organizer:
enyeart@...

Description:
For meeting agendas, recordings, and more details, see https://wiki.hyperledger.org/display/fabric/Contributor+Meetings

Join Zoom Meeting
https://zoom.us/j/5184947650?pwd=UE90WHhEaHRqOGEyMkV3cldKa2d2dz09
 
Meeting ID: 518 494 7650
Passcode: 475869


Re: Compromised endorsement peers scenario

David Enyeart
 

The fundamental assumption of a blockchain is that with enough peers it is extremely unlikely for the majority of them to get hacked.
Translated to Fabric - you need multiple organizations, each with multiple peers, and a strong enough endorsement policy (different organizations endorsing), to survive an attack on any subset.


Dave Enyeart

"Nikos Karamolegkos" ---04/28/2021 06:55:24 AM---Hello, I have a question in the following scenario. We have 2 organizations

From: "Nikos Karamolegkos" <nkaram@...>
To: fabric@...
Date: 04/28/2021 06:55 AM
Subject: [EXTERNAL] [Hyperledger Fabric] Compromised endorsement peers scenario
Sent by: fabric@...





Hello,
I have a question in the following scenario. We have 2 organizations
with 5 endorsing (&commiting) peers each one and X orderers. If all the
peers of the network are hacked and always approve the transaction, is
there a way to avoid writing trash to ledger? I have seen that
committers peers verify the transaction before updating the ledger but
is this enough? (in our scenario endorsers and same with committers).


--
Nikos Karamolegkos
R & D engineer at ICS-FORTH
Telecommunications and Networks Lab (TNL)