|
Re: Understanding cryptogen PATH
Any clue in bootstrap/build logs ? -Satheesh
On Friday, April 30, 2021, 05:04:26 PM GMT+5:30, <mahwish.anwar@...> wrote:
I am using Fabric v 2.0.1. go env GOPATH=/home/usr/go //where usr is my username cat ~/.bashrc export GOPATH=$HOME/go export PATH=$GOPATH/bin:$PATH export PATH=$HOME/hyperledger/bin Directory structure: home/usr/go I installed fabric code in /home/usr/go/src/github.com/hyperledger/fabric I used wget bootstrap.sh to install fabric binaries in /home/hyperledger I am not able to find cryptogen. What am I missing?
|
|
|
|
Understanding cryptogen PATH
Mahwish Anwar
I am using Fabric v 2.0.1.
go env GOPATH=/home/usr/go //where usr is my username cat ~/.bashrc export GOPATH=$HOME/go export PATH=$GOPATH/bin:$PATH export PATH=$HOME/hyperledger/bin Directory structure: home/usr/go I installed fabric code in /home/usr/go/src/github.com/hyperledger/fabric I used wget bootstrap.sh to install fabric binaries in /home/hyperledger I am not able to find cryptogen. What am I missing?
|
|
|
|
Re: Fabric CA server with customized CSR details.
Pechimuthu T
Hi, Again I tried with the following Started Fabric CA Server using following command in POD fabric-ca-server start -b ${USERNAME}:${PASSWORD} --tls.enabled --csr.hosts ${CSR_HOSTS} It has created following files. ca-cert.pem fabric-ca-server-config.yaml fabric-ca-server.db IssuerPublicKey IssuerRevocationPublicKey ./msp and tls-cert.pem later I have deleted ca-cert.pem , msp folder, and tls-ca-cert.pem, Modified fabric-ca-server-config.yaml file CSR. Then Within POD, again I ran fabric-ca-server start It has generated all the files except tls-cert.pem ca-cert.pem fabric-ca-server-config.yaml fabric-ca-server.db IssuerPublicKey IssuerRevocationPublicKey ./msp When we start the pod, fabric-ca-server start command generate all the files including tls-cert.pem But after modifying fabric-ca-server-config.yaml file the " fabric-ca-server start" command is not generating tls-cert.pem. anything missing in my fabric-ca-server-config.yaml file ? Attached modified fabric-ca-server-config.yaml for your reference. Thanks and Regards, T. Pechimuthu
From: "Pechimuthu T" <tpmuthu@...> To: alaskadd@... Cc: YACOVM@..., fabric@... Sent: Friday, April 30, 2021 11:27:32 AM Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details. Hi, After enabling --tls.enabled true has generated ca-cert.pem reflects the modified CSR section. But without that also I am getting the details in ca-cert.pem. It did not generate tls-ca-cert.pem for the CA server while starting CA server. correct me if I am wrong, if I start the CA server as given bellow it generates only keys, and ca-cert.pem. fabric-ca-server start \ -b ${USERNAME}:${PASSWORD} \ --tls.enabled true \ --csr.hosts ${CSR_HOSTS} \ --csr.cn${CSR_CN} --tls.enabled true option is for enabling secure connectivity from client to CA server. For that we need provide tlscertificate and its key. I think we need to generate tlscertificate for CA from farbic-ca-client. Regards, T. Pechimuthu From: alaskadd@... To: YACOVM@... Cc: "Pechimuthu T" <tpmuthu@...>, fabric@... Sent: Thursday, April 29, 2021 5:25:52 PM Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details. As Yacov said, it is not recommended although it is possible. There are details that explain the deployment steps in this doc: However, going back to the first question you originally asked, when setting --tls.enabled true on your orgCA did it execute as expected reflecting the details of your modified CSR section? You can, but it's not recommended
From: "Pechimuthu T" <tpmuthu@...> To: alaskadd@..., fabric@... Date: 04/29/2021 02:40 PM Subject: [EXTERNAL] Re: [Hyperledger Fabric] Fabric CA server with customized CSR details. Sent by: fabric@... Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu From: alaskadd@... To: alaskadd@... Cc: "Pechimuthu T" <tpmuthu@...>, fabric@... Sent: Tuesday, April 27, 2021 7:23:36 PM Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details. Meant to say it must be 'set' to true. -------------------------------------------------------------------------------- fabric-ca-server start \ -b ${USERNAME}:${PASSWORD} \ --tls.enabled true \ --csr.hosts ${CSR_HOSTS} \ --csr.cn${CSR_CN} -------------------------------------------------------------------------------- On Apr 27, 2021, at 6:51 AM, Chris Gabriel via lists.hyperledger.org<alaskadd=gmail.com@...> wrote: Hello, --tls.enabled is not complete. It must equal "true" so --tls.enabled true if using command line flags Note the 'tls' section of the following doc: https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/ca-config.html Hope this helps, Chris On Apr 27, 2021, at 6:14 AM, Pechimuthu T <tpmuthu@...> wrote: hello, when we start fabric-ca server we get the following files are generated. -------------------------------------------------------------------------------- fabric-ca-server start \ -b ${USERNAME}:${PASSWORD} \ --tls.enabled \ --csr.hosts ${CSR_HOSTS} \ --csr.cn${CSR_CN} -------------------------------------------------------------------------------- IssuerPublicKey IssuerRevocationPublicKey ca-cert.pem fabric-ca-server-config.yaml fabric-ca-server.db ./msp tls-cert.pem I have changed fabric-ca-server-config.yaml file( changes are specific to CSR section ) deleted ca-cert.pem, ./msp folder, and tls-cert.pem after that started fabric-ca-server again as mentioned above. ca-cert.pem has been changed as per my csr config. But tls-cert.pem is not generated at all. Any thing i am missing ? we want the tls-cert.pem also to be regenerated as per my modify CSR config. any one has faced this issue ? Help in this regard is very much appreciated. Thanks and Regards, T. Pechimuthu Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses. Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses. Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.
|
|
|
|
When ordering nodes will not reach consensus
Mahwish Anwar
Hi
Like orderer nodes in raft do consensus on the dataset and validate if all datasets match. Then the leader makes sure the new transaction is committed to all channel ledgers. In what situations will the data be different from 2 or 3 ordering nodes? Example - when orderer dies, the ordering cluster still is able to validate and commit the transaction.
|
|
|
|
Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes
Mahwish Anwar
I see. This aggregator does not have to be then part of the fabric NW?
Anything that becomes part of fabric will have access to view the blockchain.
|
|
|
|
Re: Fabric CA server with customized CSR details.
Pechimuthu T
Hi, After enabling --tls.enabled true has generated ca-cert.pem reflects the modified CSR section. But without that also I am getting the details in ca-cert.pem. It did not generate tls-ca-cert.pem for the CA server while starting CA server. correct me if I am wrong, if I start the CA server as given bellow it generates only keys, and ca-cert.pem. fabric-ca-server start \ -b ${USERNAME}:${PASSWORD} \ --tls.enabled true \ --csr.hosts ${CSR_HOSTS} \ --csr.cn${CSR_CN} --tls.enabled true option is for enabling secure connectivity from client to CA server. For that we need provide tlscertificate and its key. I think we need to generate tlscertificate for CA from farbic-ca-client. Regards, T. Pechimuthu
From: alaskadd@... To: YACOVM@... Cc: "Pechimuthu T" <tpmuthu@...>, fabric@... Sent: Thursday, April 29, 2021 5:25:52 PM Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details. As Yacov said, it is not recommended although it is possible. There are details that explain the deployment steps in this doc:
However, going back to the first question you originally asked, when setting --tls.enabled true on your orgCA did it execute as expected reflecting the details of your modified CSR section? You can, but it's not recommended
From: "Pechimuthu T" <tpmuthu@...> To: alaskadd@..., fabric@... Date: 04/29/2021 02:40 PM Subject: [EXTERNAL] Re: [Hyperledger Fabric] Fabric CA server with customized CSR details. Sent by: fabric@... Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu From: alaskadd@... To: alaskadd@... Cc: "Pechimuthu T" <tpmuthu@...>, fabric@... Sent: Tuesday, April 27, 2021 7:23:36 PM Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details. Meant to say it must be 'set' to true. -------------------------------------------------------------------------------- fabric-ca-server start \ -b ${USERNAME}:${PASSWORD} \ --tls.enabled true \ --csr.hosts ${CSR_HOSTS} \ --csr.cn${CSR_CN} -------------------------------------------------------------------------------- On Apr 27, 2021, at 6:51 AM, Chris Gabriel via lists.hyperledger.org<alaskadd=gmail.com@...> wrote: Hello, --tls.enabled is not complete. It must equal "true" so --tls.enabled true if using command line flags Note the 'tls' section of the following doc: https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/ca-config.html Hope this helps, Chris On Apr 27, 2021, at 6:14 AM, Pechimuthu T <tpmuthu@...> wrote: hello, when we start fabric-ca server we get the following files are generated. -------------------------------------------------------------------------------- fabric-ca-server start \ -b ${USERNAME}:${PASSWORD} \ --tls.enabled \ --csr.hosts ${CSR_HOSTS} \ --csr.cn${CSR_CN} -------------------------------------------------------------------------------- IssuerPublicKey IssuerRevocationPublicKey ca-cert.pem fabric-ca-server-config.yaml fabric-ca-server.db ./msp tls-cert.pem I have changed fabric-ca-server-config.yaml file( changes are specific to CSR section ) deleted ca-cert.pem, ./msp folder, and tls-cert.pem after that started fabric-ca-server again as mentioned above. ca-cert.pem has been changed as per my csr config. But tls-cert.pem is not generated at all. Any thing i am missing ? we want the tls-cert.pem also to be regenerated as per my modify CSR config. any one has faced this issue ? Help in this regard is very much appreciated. Thanks and Regards, T. Pechimuthu Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses. Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses. Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.
|
|
|
|
Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes
Nikos Karamolegkos
Can you give more details about your use case? Is each end device a different organization? Also can you tell me more about the type of EDs you use and how you set up the general architecture of the BC network? For example all these device in the same channel? Are there IoT GWs?
On 30 Apr 2021 03:36, Mark Rakhmilevich <mark.rakhmilevich@...> wrote:
|
|
|
|
Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes
Mark Rakhmilevich
Yes, an aggregator running the client SDK would be needed. In Oracle Blockchain Platform we provide a built in aggregator with REST APIs. If the IOT devices can make REST calls, that’s all that’s needed.
toggle quoted messageShow quoted text
Mark
On Apr 29, 2021, at 2:10 AM, Nikos Karamolegkos <nkaram@...> wrote:
|
|
|
|
Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes
Mark Rakhmilevich
If you are using client SDK for Fabric, use register() and enroll() APIs to register client orgs and issue their enrollment cert.
toggle quoted messageShow quoted text
Mark
On Apr 29, 2021, at 1:41 AM, mahwish.anwar@... wrote:
|
|
|
|
Re: Fabric CA server with customized CSR details.
Chris Gabriel <alaskadd@...>
As Yacov said, it is not recommended although it is possible. There are details that explain the deployment steps in this doc:
toggle quoted messageShow quoted text
However, going back to the first question you originally asked, when setting --tls.enabled true on your orgCA did it execute as expected reflecting the details of your modified CSR section?
|
|
|
|
Re: Fabric CA server with customized CSR details.
Yacov
You can, but it's not recommended
toggle quoted messageShow quoted text
From: "Pechimuthu T" <tpmuthu@...> To: alaskadd@..., fabric@... Date: 04/29/2021 02:40 PM Subject: [EXTERNAL] Re: [Hyperledger Fabric] Fabric CA server with customized CSR details. Sent by: fabric@... Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu
From: alaskadd@...
To: alaskadd@... Cc: "Pechimuthu T" <tpmuthu@...>, fabric@... Sent: Tuesday, April 27, 2021 7:23:36 PM Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details. Meant to say it must be 'set' to true. -------------------------------------------------------------------------------- fabric-ca-server start \ -b ${USERNAME}:${PASSWORD} \ --tls.enabled true \ --csr.hosts ${CSR_HOSTS} \ --csr.cn${CSR_CN} -------------------------------------------------------------------------------- On Apr 27, 2021, at 6:51 AM, Chris Gabriel via lists.hyperledger.org<alaskadd=gmail.com@...> wrote: Hello, --tls.enabled is not complete. It must equal "true" so --tls.enabled true if using command line flags Note the 'tls' section of the following doc: https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/ca-config.html Hope this helps, Chris On Apr 27, 2021, at 6:14 AM, Pechimuthu T <tpmuthu@...> wrote: hello, when we start fabric-ca server we get the following files are generated. -------------------------------------------------------------------------------- fabric-ca-server start \ -b ${USERNAME}:${PASSWORD} \ --tls.enabled \ --csr.hosts ${CSR_HOSTS} \ --csr.cn${CSR_CN} -------------------------------------------------------------------------------- IssuerPublicKey IssuerRevocationPublicKey ca-cert.pem fabric-ca-server-config.yaml fabric-ca-server.db ./msp tls-cert.pem I have changed fabric-ca-server-config.yaml file( changes are specific to CSR section ) deleted ca-cert.pem, ./msp folder, and tls-cert.pem after that started fabric-ca-server again as mentioned above. ca-cert.pem has been changed as per my csr config. But tls-cert.pem is not generated at all. Any thing i am missing ? we want the tls-cert.pem also to be regenerated as per my modify CSR config. any one has faced this issue ? Help in this regard is very much appreciated. Thanks and Regards, T. Pechimuthu Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses. Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.
|
|
|
|
Re: Fabric CA server with customized CSR details.
Pechimuthu T
Hi, For an Organization let say Org1, if we setup a CA server, do We have to setup of TLSCA separately ? Can't we use the same CA which can function as CA and TLSCA as well ? Thanks and Regards, T. Pechimuthu
From: alaskadd@... To: alaskadd@... Cc: "Pechimuthu T" <tpmuthu@...>, fabric@... Sent: Tuesday, April 27, 2021 7:23:36 PM Subject: Re: [Hyperledger Fabric] Fabric CA server with customized CSR details. Meant to say it must be 'set' to true.
Hello, so --tls.enabled true if using command line flags Note the 'tls' section of the following doc: Hope this helps, Chris
Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.
|
|
|
|
Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes
Nikos Karamolegkos
So you propose each IoT end device (ED) to be an organization? The EDs can not support fabric to run the a fabric client application and start a transaction, somehow a proxy (or a IoT) should translate the IoT data and send them to BC. Is this feasible?
|
|
|
|
Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes
Mahwish Anwar
Thanks for your reply.
You mean, like we register users in an org? These users are defined in crypto-config.yaml and cryptogen assigns IDs to all. New users are added via the client API. When devices are added from the API (similar to the way users are now added), are they supposed to be mentioned in any config file? For simulation purposes, how could it be done?
|
|
|
|
Re: [External] : [Hyperledger Fabric] IoT with frequent data and possibly incorrect data sometimes
Mark Rakhmilevich
You can register the IoT devices as client orgs of the trusted node with their own signing certs. Instead of sending an avg, send the actual data and let the chaincode maintain a running average and filter the outliers.
toggle quoted messageShow quoted text
Regards, Mark
On Apr 28, 2021, at 4:21 AM, mahwish.anwar@... wrote:
|
|
|
|
Re: ORDERER_ADMIN env variables
#fabric-orderer
Chris Gabriel <alaskadd@...>
It seems it should work, but it is possibly using the generic orderer.yaml file and not your env variables. So, you may want to double-check that you are working from the correct directory and you are calling the correct docker-compose config if you have multiples.
|
|
|
|
Re: Deprecation of Docker Runtime in Kubernetes - No access to local docker socket
#docker
#hyperledger-fabric
#fabric
Chris Gabriel <alaskadd@...>
From what I have found so far in a limited bit of looking into the effects of the deprecation when it actually happens is that it will cause a breaking change to the Dind container. Although there is an alternative, I find it may be cleaner to continue on the path I was going down to use the launcher and then change the CRI runtime from Docker to Containerd for my implementation.
toggle quoted messageShow quoted text
Additional Info: https://dev.to/inductor/wait-docker-is-deprecated-in-kubernetes-now-what-do-i-do-e4m Disclaimer: I have not tested this yet but will post results in this thread.
|
|
|
|
Difference chaincode (smart contracts) in private collection
Nikos Karamolegkos
I am wondering if in a private Hyperledger Fabric 2.2 network with N organizations in one channel can have different private smart contracts? Specifically, I would like to build a network with N orgs and M peers in each org, where each org will have it's own private data collection while at the same time all M peers of N orgs will be part of the endorsement policy. For example if org1 needs to update it's private part of the ledger all the network peers will be part of the endorsement without knowing the data that will be committed by the org1. Is this feasible?
-- Nikos Karamolegkos R & D engineer at ICS-FORTH Telecommunications and Networks Lab (TNL)
|
|
|
|
Fabric Contributor Meeting - Wed, 04/28/2021
#cal-notice
fabric@lists.hyperledger.org Calendar <noreply@...>
Fabric Contributor Meeting When: Where: Organizer: Description: Join Zoom Meeting
https://zoom.us/j/5184947650?pwd=UE90WHhEaHRqOGEyMkV3cldKa2d2dz09
Meeting ID: 518 494 7650
Passcode: 475869
|
|
|
|
Re: Compromised endorsement peers scenario
David Enyeart
The fundamental assumption of a blockchain is that with enough peers it is extremely unlikely for the majority of them to get hacked. Hello, I have a question in the following scenario. We have 2 organizations with 5 endorsing (&commiting) peers each one and X orderers. If all the peers of the network are hacked and always approve the transaction, is there a way to avoid writing trash to ledger? I have seen that committers peers verify the transaction before updating the ledger but is this enough? (in our scenario endorsers and same with committers). -- Nikos Karamolegkos R & D engineer at ICS-FORTH Telecommunications and Networks Lab (TNL)
|
|
|
"Nikos Karamolegkos" ---04/28/2021 06:55:24 AM---Hello, I have a question in the following scenario. We have 2 organizations