#fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:" #fabric-ca #fabric-orderer #hyperledger-fabric


Marek Malik <info@...>
 

Hello Guys, 

I'm trying to setup my network to work in Kubernetes cluster, but my Orderer keeps failing. I'm getting the following error: 

Main -> PANI 005 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set

panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set

Could anyone help?


I'm following a similar setup as the test-network from the samples: I have the Fabric-CA generating the certificates & using the NodeOUs (it is enabled in crypto-config.yaml): 

This is the configtx.yaml that I'm using to generate the genesis.block. It is also located in the msp folder when running the Orderer.

NodeOUs:
    Enable: true
    ClientOUIdentifier:
      Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
      OrganizationalUnitIdentifier: client
    PeerOUIdentifier:
      Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
      OrganizationalUnitIdentifier: peer
    AdminOUIdentifier:
      Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
      OrganizationalUnitIdentifier: admin
    OrdererOUIdentifier:
      Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
      OrganizationalUnitIdentifier: orderer
Orderer: &OrdererDefaults

  # Orderer Type: The orderer implementation to start
  OrdererType: etcdraft

  Addresses:
    - orderer0.amvox-dlt.io:7050

  # Batch Timeout: The amount of time to wait before creating a batch
  BatchTimeout: 3s

  # Batch Size: Controls the number of messages batched into a block
  BatchSize:

    # Max Message Count: The maximum number of messages to permit in a batch
    MaxMessageCount: 500

    # Absolute Max Bytes: The absolute maximum number of bytes allowed for
    # the serialized messages in a batch.
    AbsoluteMaxBytes: 99 MB

    # Preferred Max Bytes: The preferred maximum number of bytes allowed for
    # the serialized messages in a batch. A message larger than the preferred
    # max bytes will result in a batch larger than preferred max bytes.
    PreferredMaxBytes: 512 KB

  EtcdRaft:
    Consenters:
      - Host: orderer0.amvox-dlt.io
        Port: 7050
        ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
        ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt


  # Organizations is the list of orgs which are defined as participants on
  # the orderer side of the network
  Organizations:

  # Policies defines the set of policies at this level of the config tree
  # For Orderer policies, their canonical path is
  #   /Channel/Orderer/<PolicyName>
  Policies:
    Readers:
      Type: ImplicitMeta
      Rule: "ANY Readers"
    Writers:
      Type: ImplicitMeta
      Rule: "ANY Writers"
    Admins:
      Type: ImplicitMeta
      Rule: "MAJORITY Admins"
    # BlockValidation specifies what signatures must be included in the block
    # from the orderer for the peer to validate it.
    BlockValidation:
      Type: ImplicitMeta
      Rule: "ANY Writers"

  # Capabilities describes the orderer level capabilities, see the
  # dedicated Capabilities section elsewhere in this file for a full
  # description
  Capabilities:
    <<: *OrdererCapabilities

################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
  # Policies defines the set of policies at this level of the config tree
  # For Channel policies, their canonical path is
  #   /Channel/<PolicyName>
  Policies:
    # Who may invoke the 'Deliver' API
    Readers:
      Type: ImplicitMeta
      Rule: "ANY Readers"
    # Who may invoke the 'Broadcast' API
    Writers:
      Type: ImplicitMeta
      Rule: "ANY Writers"
    # By default, who may modify elements at this config level
    Admins:
      Type: ImplicitMeta
      Rule: "MAJORITY Admins"

  # Capabilities describes the channel level capabilities, see the
  # dedicated Capabilities section elsewhere in this file for a full
  # description
  Capabilities:
    <<: *ChannelCapabilities

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

  amvox-channel:
    Consortium: AmvoxConsortium
    <<: *ChannelDefaults
    Application:
      <<: *ApplicationDefaults
      Organizations:
        - *Amvox
        - *Org2
        - *Org3
      Capabilities:
        <<: *ApplicationCapabilities

  OrdererGenesis:
    <<: *ChannelDefaults
    Orderer:
      <<: *OrdererDefaults
      OrdererType: etcdraft
      EtcdRaft:
        Consenters:
          - Host: orderer0.amvox-dlt.io
            Port: 7050
            ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
            ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
      Addresses:
        - orderer0.amvox-dlt.io:7050

      Organizations:
        - *AmvoxDLT
      Capabilities:
        <<: *OrdererCapabilities

    Application:
      <<: *ApplicationDefaults
      Organizations:
        - <<: *AmvoxDLT

    Consortiums:
      AmvoxConsortium:
        Organizations:
          - *Amvox
          - *Org2
          - *Org3

Anyone has any ideas why ordered can not get started?


Yacov
 

Put admin certificates in the admin folder, or define the admin OU in the config.yaml of the MSP folder



From:        "Marek Malik" <info@...>
To:        fabric@...
Date:        01/08/2021 11:49 PM
Subject:        [EXTERNAL] [Hyperledger Fabric] #fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:"
Sent by:        fabric@...




Hello Guys, 

I'm trying to setup my network to work in Kubernetes cluster, but my Orderer keeps failing. I'm getting the following error: 
Main -> PANI 005 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set
panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set

Could anyone help?


I'm following a similar setup as the test-network from the samples: I have the Fabric-CA generating the certificates & using the NodeOUs (it is enabled in crypto-config.yaml): 

This is the configtx.yaml that I'm using to generate the genesis.block. It is also located in the msp folder when running the Orderer.

NodeOUs:
   Enable: true
   ClientOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: client
   PeerOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: peer
   AdminOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: admin
   OrdererOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: orderer

Orderer: &OrdererDefaults

 # Orderer Type: The orderer implementation to start
 OrdererType: etcdraft

 Addresses:
   - orderer0.amvox-dlt.io:7050

 # Batch Timeout: The amount of time to wait before creating a batch
 BatchTimeout: 3s

 # Batch Size: Controls the number of messages batched into a block
 BatchSize:

   # Max Message Count: The maximum number of messages to permit in a batch
   MaxMessageCount: 500

   # Absolute Max Bytes: The absolute maximum number of bytes allowed for
   # the serialized messages in a batch.
   AbsoluteMaxBytes: 99 MB

   # Preferred Max Bytes: The preferred maximum number of bytes allowed for
   # the serialized messages in a batch. A message larger than the preferred
   # max bytes will result in a batch larger than preferred max bytes.
   PreferredMaxBytes: 512 KB

 EtcdRaft:
   Consenters:
     - Host: orderer0.amvox-dlt.io
       Port: 7050
       ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
       ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt


 # Organizations is the list of orgs which are defined as participants on
 # the orderer side of the network
 Organizations:

 # Policies defines the set of policies at this level of the config tree
 # For Orderer policies, their canonical path is
 #   /Channel/Orderer/<PolicyName>
 Policies:
   Readers:
     Type: ImplicitMeta
     Rule: "ANY Readers"
   Writers:
     Type: ImplicitMeta
     Rule: "ANY Writers"
   Admins:
     Type: ImplicitMeta
     Rule: "MAJORITY Admins"
   # BlockValidation specifies what signatures must be included in the block
   # from the orderer for the peer to validate it.
   BlockValidation:
     Type: ImplicitMeta
     Rule: "ANY Writers"

 # Capabilities describes the orderer level capabilities, see the
 # dedicated Capabilities section elsewhere in this file for a full
 # description
 Capabilities:
   <<: *OrdererCapabilities

################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
 # Policies defines the set of policies at this level of the config tree
 # For Channel policies, their canonical path is
 #   /Channel/<PolicyName>
 Policies:
   # Who may invoke the 'Deliver' API
   Readers:
     Type: ImplicitMeta
     Rule: "ANY Readers"
   # Who may invoke the 'Broadcast' API
   Writers:
     Type: ImplicitMeta
     Rule: "ANY Writers"
   # By default, who may modify elements at this config level
   Admins:
     Type: ImplicitMeta
     Rule: "MAJORITY Admins"

 # Capabilities describes the channel level capabilities, see the
 # dedicated Capabilities section elsewhere in this file for a full
 # description
 Capabilities:
   <<: *ChannelCapabilities

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

 amvox-channel:
   Consortium: AmvoxConsortium
   <<: *ChannelDefaults
   Application:
     <<: *ApplicationDefaults
     Organizations:
       - *Amvox
       - *Org2
       - *Org3
     Capabilities:
       <<: *ApplicationCapabilities

 OrdererGenesis:
   <<: *ChannelDefaults
   Orderer:
     <<: *OrdererDefaults
     OrdererType: etcdraft
     EtcdRaft:
       Consenters:
         - Host: orderer0.amvox-dlt.io
           Port: 7050
           ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
           ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
     Addresses:
       - orderer0.amvox-dlt.io:7050

     Organizations:
       - *AmvoxDLT
     Capabilities:
       <<: *OrdererCapabilities

   Application:
     <<: *ApplicationDefaults
     Organizations:
       - <<: *AmvoxDLT

   Consortiums:
     AmvoxConsortium:
       Organizations:
         - *Amvox
         - *Org2
         - *Org3

Anyone has any ideas why ordered can not get started?






Marek Malik <info@...>
 

Thanks Yacov, but I don’t intend to create the admincerts folder.

“define the admin OU in the config.yaml of the MSP folder”
This is exactly what I’m doing -> This is the config.yaml from the mail:

NodeOUs:
   Enable: true
   ClientOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: client
   PeerOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: peer
   AdminOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: admin
   OrdererOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: orderer



The cert is stored in the cacerts folder in the MSP dir.
Anything else that I’m missing ?

 

 

Best Regards,

Marek Malik

 

Od: Yacov Manevich <YACOVM@...>
Data: piątek, 8 stycznia 2021 22:58
Do: Marek Malik <info@...>
DW: "fabric@..." <fabric@...>
Temat: Re: [Hyperledger Fabric] #fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:"

 

Put admin certificates in the admin folder, or define the admin OU in the config.yaml of the MSP folder



From:        "Marek Malik" <info@...>
To:        fabric@...
Date:        01/08/2021 11:49 PM
Subject:        [EXTERNAL] [Hyperledger Fabric] #fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:"
Sent by:        fabric@...





Hello Guys, 

I'm trying to setup my network to work in Kubernetes cluster, but my Orderer keeps failing. I'm getting the following error: 
Main -> PANI 005 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set
panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set

Could anyone help?


I'm following a similar setup as the test-network from the samples: I have the Fabric-CA generating the certificates & using the NodeOUs (it is enabled in crypto-config.yaml): 

This is the configtx.yaml that I'm using to generate the genesis.block. It is also located in the msp folder when running the Orderer.

NodeOUs:
   Enable: true
   ClientOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: client
   PeerOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: peer
   AdminOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: admin
   OrdererOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: orderer

Orderer: &OrdererDefaults

 # Orderer Type: The orderer implementation to start
 OrdererType: etcdraft

 Addresses:
   - orderer0.amvox-dlt.io:7050

 # Batch Timeout: The amount of time to wait before creating a batch
 BatchTimeout: 3s

 # Batch Size: Controls the number of messages batched into a block
 BatchSize:

   # Max Message Count: The maximum number of messages to permit in a batch
   MaxMessageCount: 500

   # Absolute Max Bytes: The absolute maximum number of bytes allowed for
   # the serialized messages in a batch.
   AbsoluteMaxBytes: 99 MB

   # Preferred Max Bytes: The preferred maximum number of bytes allowed for
   # the serialized messages in a batch. A message larger than the preferred
   # max bytes will result in a batch larger than preferred max bytes.
   PreferredMaxBytes: 512 KB

 EtcdRaft:
   Consenters:
     - Host: orderer0.amvox-dlt.io
       Port: 7050
       ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
       ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt


 # Organizations is the list of orgs which are defined as participants on
 # the orderer side of the network
 Organizations:

 # Policies defines the set of policies at this level of the config tree
 # For Orderer policies, their canonical path is
 #   /Channel/Orderer/<PolicyName>
 Policies:
   Readers:
     Type: ImplicitMeta
     Rule: "ANY Readers"
   Writers:
     Type: ImplicitMeta
     Rule: "ANY Writers"
   Admins:
     Type: ImplicitMeta
     Rule: "MAJORITY Admins"
   # BlockValidation specifies what signatures must be included in the block
   # from the orderer for the peer to validate it.
   BlockValidation:
     Type: ImplicitMeta
     Rule: "ANY Writers"

 # Capabilities describes the orderer level capabilities, see the
 # dedicated Capabilities section elsewhere in this file for a full
 # description
 Capabilities:
   <<: *OrdererCapabilities

################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
 # Policies defines the set of policies at this level of the config tree
 # For Channel policies, their canonical path is
 #   /Channel/<PolicyName>
 Policies:
   # Who may invoke the 'Deliver' API
   Readers:
     Type: ImplicitMeta
     Rule: "ANY Readers"
   # Who may invoke the 'Broadcast' API
   Writers:
     Type: ImplicitMeta
     Rule: "ANY Writers"
   # By default, who may modify elements at this config level
   Admins:
     Type: ImplicitMeta
     Rule: "MAJORITY Admins"

 # Capabilities describes the channel level capabilities, see the
 # dedicated Capabilities section elsewhere in this file for a full
 # description
 Capabilities:
   <<: *ChannelCapabilities

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

 amvox-channel:
   Consortium: AmvoxConsortium
   <<: *ChannelDefaults
   Application:
     <<: *ApplicationDefaults
     Organizations:
       - *Amvox
       - *Org2
       - *Org3
     Capabilities:
       <<: *ApplicationCapabilities

 OrdererGenesis:
   <<: *ChannelDefaults
   Orderer:
     <<: *OrdererDefaults
     OrdererType: etcdraft
     EtcdRaft:
       Consenters:
         - Host: orderer0.amvox-dlt.io
           Port: 7050
           ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
           ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
     Addresses:
       - orderer0.amvox-dlt.io:7050

     Organizations:
       - *AmvoxDLT
     Capabilities:
       <<: *OrdererCapabilities

   Application:
     <<: *ApplicationDefaults
     Organizations:
       - <<: *AmvoxDLT

   Consortiums:
     AmvoxConsortium:
       Organizations:
         - *Amvox
         - *Org2
         - *Org3

Anyone has any ideas why ordered can not get started?

 




Marek Malik <info@...>
 

Anyone could help with this one?

I was thinking I have something wrong with the volume what I’m connecting to the container in k8s, but it looks correct.

 

This is the files structure in the container:

/var/hyperledger
/var/hyperledger/channel-artifacts
/var/hyperledger/channel-artifacts/genesis.block
/var/hyperledger/production
/var/hyperledger/production/orderer
/var/hyperledger/production/orderer/index
/var/hyperledger/production/orderer/index/MANIFEST-000000
/var/hyperledger/production/orderer/index/CURRENT
/var/hyperledger/production/orderer/index/000001.log
/var/hyperledger/production/orderer/index/LOG
/var/hyperledger/production/orderer/index/LOCK
/var/hyperledger/production/orderer/chains
/var/hyperledger/orderer
/var/hyperledger/orderer/msp
/var/hyperledger/orderer/msp/signcerts
/var/hyperledger/orderer/msp/signcerts/cert.pem
/var/hyperledger/orderer/msp/config.yaml
/var/hyperledger/orderer/msp/keystore
/var/hyperledger/orderer/msp/keystore/34830a9ce7333287709c65a71ccbeda86998cfd7f57e68b29360247015ebba02_sk
/var/hyperledger/orderer/msp/IssuerPublicKey
/var/hyperledger/orderer/msp/tlscacerts
/var/hyperledger/orderer/msp/tlscacerts/hlf-ca--amvoxdlt-7054.pem
/var/hyperledger/orderer/msp/user
/var/hyperledger/orderer/msp/IssuerRevocationPublicKey
/var/hyperledger/orderer/msp/cacerts
/var/hyperledger/orderer/msp/cacerts/hlf-ca--amvoxdlt-7054.pem
/var/hyperledger/orderer/tls
/var/hyperledger/orderer/tls/server.crt
/var/hyperledger/orderer/tls/signcerts
/var/hyperledger/orderer/tls/signcerts/cert.pem
/var/hyperledger/orderer/tls/keystore
/var/hyperledger/orderer/tls/keystore/b66d2e77cd826f965ea18d4d14d4d3815fa9fd1635469558f05b10e64a466ed7_sk
/var/hyperledger/orderer/tls/IssuerPublicKey
/var/hyperledger/orderer/tls/server.key
/var/hyperledger/orderer/tls/tlscacerts
/var/hyperledger/orderer/tls/tlscacerts/tls-hlf-ca--amvoxdlt-7054.pem
/var/hyperledger/orderer/tls/user
/var/hyperledger/orderer/tls/IssuerRevocationPublicKey
/var/hyperledger/orderer/tls/cacerts
/var/hyperledger/orderer/orderer0.amvox-dlt.io.finished

 

Here is the config.yaml

NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
    OrganizationalUnitIdentifier: orderer

 

In the attachment you will find the debug logging when starting the orderer.

 

I will be greatfull for any help, I’m not sure where is the problem, and all files seem to be located in the correct folders.

 

Best Regards,

Marek Malik

 

Od: <fabric@...> w imieniu użytkownika Marek Malik <info@...>
Data: piątek, 8 stycznia 2021 23:55
Do: Yacov Manevich <YACOVM@...>
DW: "fabric@..." <fabric@...>
Temat: Re: [Hyperledger Fabric] #fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:"

 

Thanks Yacov, but I don’t intend to create the admincerts folder.

“define the admin OU in the config.yaml of the MSP folder”
This is exactly what I’m doing -> This is the config.yaml from the mail:

NodeOUs:
   Enable: true
   ClientOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: client
   PeerOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: peer
   AdminOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: admin
   OrdererOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: orderer




The cert is stored in the cacerts folder in the MSP dir.
Anything else that I’m missing ?

 

 

Best Regards,

Marek Malik

 

Od: Yacov Manevich <YACOVM@...>
Data: piątek, 8 stycznia 2021 22:58
Do: Marek Malik <info@...>
DW: "fabric@..." <fabric@...>
Temat: Re: [Hyperledger Fabric] #fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:"

 

Put admin certificates in the admin folder, or define the admin OU in the config.yaml of the MSP folder



From:        "Marek Malik" <info@...>
To:        fabric@...
Date:        01/08/2021 11:49 PM
Subject:        [EXTERNAL] [Hyperledger Fabric] #fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:"
Sent by:        fabric@...





Hello Guys, 

I'm trying to setup my network to work in Kubernetes cluster, but my Orderer keeps failing. I'm getting the following error: 
Main -> PANI 005 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set
panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set

Could anyone help?


I'm following a similar setup as the test-network from the samples: I have the Fabric-CA generating the certificates & using the NodeOUs (it is enabled in crypto-config.yaml): 

This is the configtx.yaml that I'm using to generate the genesis.block. It is also located in the msp folder when running the Orderer.

NodeOUs:
   Enable: true
   ClientOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: client
   PeerOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: peer
   AdminOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: admin
   OrdererOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: orderer

Orderer: &OrdererDefaults

 # Orderer Type: The orderer implementation to start
 OrdererType: etcdraft

 Addresses:
   - orderer0.amvox-dlt.io:7050

 # Batch Timeout: The amount of time to wait before creating a batch
 BatchTimeout: 3s

 # Batch Size: Controls the number of messages batched into a block
 BatchSize:

   # Max Message Count: The maximum number of messages to permit in a batch
   MaxMessageCount: 500

   # Absolute Max Bytes: The absolute maximum number of bytes allowed for
   # the serialized messages in a batch.
   AbsoluteMaxBytes: 99 MB

   # Preferred Max Bytes: The preferred maximum number of bytes allowed for
   # the serialized messages in a batch. A message larger than the preferred
   # max bytes will result in a batch larger than preferred max bytes.
   PreferredMaxBytes: 512 KB

 EtcdRaft:
   Consenters:
     - Host: orderer0.amvox-dlt.io
       Port: 7050
       ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
       ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt


 # Organizations is the list of orgs which are defined as participants on
 # the orderer side of the network
 Organizations:

 # Policies defines the set of policies at this level of the config tree
 # For Orderer policies, their canonical path is
 #   /Channel/Orderer/<PolicyName>
 Policies:
   Readers:
     Type: ImplicitMeta
     Rule: "ANY Readers"
   Writers:
     Type: ImplicitMeta
     Rule: "ANY Writers"
   Admins:
     Type: ImplicitMeta
     Rule: "MAJORITY Admins"
   # BlockValidation specifies what signatures must be included in the block
   # from the orderer for the peer to validate it.
   BlockValidation:
     Type: ImplicitMeta
     Rule: "ANY Writers"

 # Capabilities describes the orderer level capabilities, see the
 # dedicated Capabilities section elsewhere in this file for a full
 # description
 Capabilities:
   <<: *OrdererCapabilities

################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
 # Policies defines the set of policies at this level of the config tree
 # For Channel policies, their canonical path is
 #   /Channel/<PolicyName>
 Policies:
   # Who may invoke the 'Deliver' API
   Readers:
     Type: ImplicitMeta
     Rule: "ANY Readers"
   # Who may invoke the 'Broadcast' API
   Writers:
     Type: ImplicitMeta
     Rule: "ANY Writers"
   # By default, who may modify elements at this config level
   Admins:
     Type: ImplicitMeta
     Rule: "MAJORITY Admins"

 # Capabilities describes the channel level capabilities, see the
 # dedicated Capabilities section elsewhere in this file for a full
 # description
 Capabilities:
   <<: *ChannelCapabilities

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

 amvox-channel:
   Consortium: AmvoxConsortium
   <<: *ChannelDefaults
   Application:
     <<: *ApplicationDefaults
     Organizations:
       - *Amvox
       - *Org2
       - *Org3
     Capabilities:
       <<: *ApplicationCapabilities

 OrdererGenesis:
   <<: *ChannelDefaults
   Orderer:
     <<: *OrdererDefaults
     OrdererType: etcdraft
     EtcdRaft:
       Consenters:
         - Host: orderer0.amvox-dlt.io
           Port: 7050
           ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
           ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
     Addresses:
       - orderer0.amvox-dlt.io:7050

     Organizations:
       - *AmvoxDLT
     Capabilities:
       <<: *OrdererCapabilities

   Application:
     <<: *ApplicationDefaults
     Organizations:
       - <<: *AmvoxDLT

   Consortiums:
     AmvoxConsortium:
       Organizations:
         - *Amvox
         - *Org2
         - *Org3

Anyone has any ideas why ordered can not get started?

 





Marek Malik <info@...>
 

Is there any change someone could help here?
I really straggling on finding what is the bottom reason.
The
config.yaml file is read correctly, because if I change the paths or the cert names then I’m getting different errors on the startup.

I’m trying to figure out any differences in the test-network setup and determine if I’m missing anything, or I’m enrolling the orderer identity differently, but I don’t see any differences or I don’t know where to search for.

I starting to look into the orderer codebase, but maybe someone could point into some place as I’m not a go developer.

 

Best Regards,

Marek Malik

 

Od: <fabric@...> w imieniu użytkownika Marek Malik <info@...>
Data: wtorek, 12 stycznia 2021 11:25
Do: Yacov Manevich <YACOVM@...>
DW: "fabric@..." <fabric@...>
Temat: Re: [Hyperledger Fabric] #fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:"

 

Anyone could help with this one?

I was thinking I have something wrong with the volume what I’m connecting to the container in k8s, but it looks correct.

 

This is the files structure in the container:


/var/hyperledger
/var/hyperledger/channel-artifacts
/var/hyperledger/channel-artifacts/genesis.block
/var/hyperledger/production
/var/hyperledger/production/orderer
/var/hyperledger/production/orderer/index
/var/hyperledger/production/orderer/index/MANIFEST-000000
/var/hyperledger/production/orderer/index/CURRENT
/var/hyperledger/production/orderer/index/000001.log
/var/hyperledger/production/orderer/index/LOG
/var/hyperledger/production/orderer/index/LOCK
/var/hyperledger/production/orderer/chains
/var/hyperledger/orderer
/var/hyperledger/orderer/msp
/var/hyperledger/orderer/msp/signcerts
/var/hyperledger/orderer/msp/signcerts/cert.pem
/var/hyperledger/orderer/msp/config.yaml
/var/hyperledger/orderer/msp/keystore
/var/hyperledger/orderer/msp/keystore/34830a9ce7333287709c65a71ccbeda86998cfd7f57e68b29360247015ebba02_sk
/var/hyperledger/orderer/msp/IssuerPublicKey
/var/hyperledger/orderer/msp/tlscacerts
/var/hyperledger/orderer/msp/tlscacerts/hlf-ca--amvoxdlt-7054.pem
/var/hyperledger/orderer/msp/user
/var/hyperledger/orderer/msp/IssuerRevocationPublicKey
/var/hyperledger/orderer/msp/cacerts
/var/hyperledger/orderer/msp/cacerts/hlf-ca--amvoxdlt-7054.pem
/var/hyperledger/orderer/tls
/var/hyperledger/orderer/tls/server.crt
/var/hyperledger/orderer/tls/signcerts
/var/hyperledger/orderer/tls/signcerts/cert.pem
/var/hyperledger/orderer/tls/keystore
/var/hyperledger/orderer/tls/keystore/b66d2e77cd826f965ea18d4d14d4d3815fa9fd1635469558f05b10e64a466ed7_sk
/var/hyperledger/orderer/tls/IssuerPublicKey
/var/hyperledger/orderer/tls/server.key
/var/hyperledger/orderer/tls/tlscacerts
/var/hyperledger/orderer/tls/tlscacerts/tls-hlf-ca--amvoxdlt-7054.pem
/var/hyperledger/orderer/tls/user
/var/hyperledger/orderer/tls/IssuerRevocationPublicKey
/var/hyperledger/orderer/tls/cacerts
/var/hyperledger/orderer/orderer0.amvox-dlt.io.finished

 

Here is the config.yaml


NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
    OrganizationalUnitIdentifier: orderer

 

In the attachment you will find the debug logging when starting the orderer.

 

I will be greatfull for any help, I’m not sure where is the problem, and all files seem to be located in the correct folders.

 

Best Regards,

Marek Malik

 

Od: <fabric@...> w imieniu użytkownika Marek Malik <info@...>
Data: piątek, 8 stycznia 2021 23:55
Do: Yacov Manevich <YACOVM@...>
DW: "fabric@..." <fabric@...>
Temat: Re: [Hyperledger Fabric] #fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:"

 

Thanks Yacov, but I don’t intend to create the admincerts folder.

“define the admin OU in the config.yaml of the MSP folder”
This is exactly what I’m doing -> This is the config.yaml from the mail:

NodeOUs:
   Enable: true
   ClientOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: client
   PeerOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: peer
   AdminOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: admin
   OrdererOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: orderer





The cert is stored in the cacerts folder in the MSP dir.
Anything else that I’m missing ?

 

 

Best Regards,

Marek Malik

 

Od: Yacov Manevich <YACOVM@...>
Data: piątek, 8 stycznia 2021 22:58
Do: Marek Malik <info@...>
DW: "fabric@..." <fabric@...>
Temat: Re: [Hyperledger Fabric] #fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:"

 

Put admin certificates in the admin folder, or define the admin OU in the config.yaml of the MSP folder



From:        "Marek Malik" <info@...>
To:        fabric@...
Date:        01/08/2021 11:49 PM
Subject:        [EXTERNAL] [Hyperledger Fabric] #fabric-ca #fabric-orderer #hyperledger-fabric Unable to start the Orderer, keep getting "initializing channelconfig failed: could not create channel Consortiums sub-group config:"
Sent by:        fabric@...





Hello Guys, 

I'm trying to setup my network to work in Kubernetes cluster, but my Orderer keeps failing. I'm getting the following error: 
Main -> PANI 005 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set
panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set

Could anyone help?


I'm following a similar setup as the test-network from the samples: I have the Fabric-CA generating the certificates & using the NodeOUs (it is enabled in crypto-config.yaml): 

This is the configtx.yaml that I'm using to generate the genesis.block. It is also located in the msp folder when running the Orderer.

NodeOUs:
   Enable: true
   ClientOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: client
   PeerOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: peer
   AdminOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: admin
   OrdererOUIdentifier:
     Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
     OrganizationalUnitIdentifier: orderer

Orderer: &OrdererDefaults

 # Orderer Type: The orderer implementation to start
 OrdererType: etcdraft

 Addresses:
   - orderer0.amvox-dlt.io:7050

 # Batch Timeout: The amount of time to wait before creating a batch
 BatchTimeout: 3s

 # Batch Size: Controls the number of messages batched into a block
 BatchSize:

   # Max Message Count: The maximum number of messages to permit in a batch
   MaxMessageCount: 500

   # Absolute Max Bytes: The absolute maximum number of bytes allowed for
   # the serialized messages in a batch.
   AbsoluteMaxBytes: 99 MB

   # Preferred Max Bytes: The preferred maximum number of bytes allowed for
   # the serialized messages in a batch. A message larger than the preferred
   # max bytes will result in a batch larger than preferred max bytes.
   PreferredMaxBytes: 512 KB

 EtcdRaft:
   Consenters:
     - Host: orderer0.amvox-dlt.io
       Port: 7050
       ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
       ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt


 # Organizations is the list of orgs which are defined as participants on
 # the orderer side of the network
 Organizations:

 # Policies defines the set of policies at this level of the config tree
 # For Orderer policies, their canonical path is
 #   /Channel/Orderer/<PolicyName>
 Policies:
   Readers:
     Type: ImplicitMeta
     Rule: "ANY Readers"
   Writers:
     Type: ImplicitMeta
     Rule: "ANY Writers"
   Admins:
     Type: ImplicitMeta
     Rule: "MAJORITY Admins"
   # BlockValidation specifies what signatures must be included in the block
   # from the orderer for the peer to validate it.
   BlockValidation:
     Type: ImplicitMeta
     Rule: "ANY Writers"

 # Capabilities describes the orderer level capabilities, see the
 # dedicated Capabilities section elsewhere in this file for a full
 # description
 Capabilities:
   <<: *OrdererCapabilities

################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
 # Policies defines the set of policies at this level of the config tree
 # For Channel policies, their canonical path is
 #   /Channel/<PolicyName>
 Policies:
   # Who may invoke the 'Deliver' API
   Readers:
     Type: ImplicitMeta
     Rule: "ANY Readers"
   # Who may invoke the 'Broadcast' API
   Writers:
     Type: ImplicitMeta
     Rule: "ANY Writers"
   # By default, who may modify elements at this config level
   Admins:
     Type: ImplicitMeta
     Rule: "MAJORITY Admins"

 # Capabilities describes the channel level capabilities, see the
 # dedicated Capabilities section elsewhere in this file for a full
 # description
 Capabilities:
   <<: *ChannelCapabilities

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

 amvox-channel:
   Consortium: AmvoxConsortium
   <<: *ChannelDefaults
   Application:
     <<: *ApplicationDefaults
     Organizations:
       - *Amvox
       - *Org2
       - *Org3
     Capabilities:
       <<: *ApplicationCapabilities

 OrdererGenesis:
   <<: *ChannelDefaults
   Orderer:
     <<: *OrdererDefaults
     OrdererType: etcdraft
     EtcdRaft:
       Consenters:
         - Host: orderer0.amvox-dlt.io
           Port: 7050
           ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
           ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
     Addresses:
       - orderer0.amvox-dlt.io:7050

     Organizations:
       - *AmvoxDLT
     Capabilities:
       <<: *OrdererCapabilities

   Application:
     <<: *ApplicationDefaults
     Organizations:
       - <<: *AmvoxDLT

   Consortiums:
     AmvoxConsortium:
       Organizations:
         - *Amvox
         - *Org2
         - *Org3

Anyone has any ideas why ordered can not get started?