Date
1 - 8 of 8
unable to fetch config block of system channel from the orderer pod #orderer #fabric-orderer #fabric-kubernetes #fabric-questions #grpc
Vijaya Bhaskar
The system is working now. documenting just in case if any1 in future facing the same errors which I faced.
1)while doing a system channel update if you face the below error, check your admin cert in the map (which should be the admin sign cert from the org admin directory)
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'syschannel': initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [usisp],The identity does not contain OU [ADMIN], MSP: [usisp]]
2)on adding a consortium, if the error is indicating that the channel does not have capabilities (while deploying chaincode), check the configtx.yaml of the new org in the new consortium. It should include the below part and linked in the consortium definition
1)while doing a system channel update if you face the below error, check your admin cert in the map (which should be the admin sign cert from the org admin directory)
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'syschannel': initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [usisp],The identity does not contain OU [ADMIN], MSP: [usisp]]
2)on adding a consortium, if the error is indicating that the channel does not have capabilities (while deploying chaincode), check the configtx.yaml of the new org in the new consortium. It should include the below part and linked in the consortium definition
Capabilities:
Global: &ChannelCapabilities
V2_0: true
Orderer: &OrdererCapabilities
V2_0: true
Application: &ApplicationCapabilities
V2_0: true
Vijaya Bhaskar
Thanks Satheesh, it worked. I had to specify the relative path for the tls cert, I was specifying the absolute path.
now I am trying to edit system channel and getting the following error. any idea about this?
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'syschannel': initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [usisp],The identity does not contain OU [ADMIN], MSP: [usisp]]
the steps I followed to edit the configuration is as follows
1) from new configtx.yaml I printed it to json format
configtxgen -printOrg usisp > ./usisp.json
2)convert sys channel config from pb to json and trim it
3)append new consortium definition
4)convert original and new config to protobuf format
configtxlator proto_encode --input ./sys_config.json --type common.Config --output ./sys_config.pb
configtxlator proto_encode --input ./modified_config.json --type common.Config --output ./modified_config.pb
5)create protobuf with difference between the two
6)add header and tags
configtxlator proto_decode --input ./usisp_update.pb --type common.ConfigUpdate | jq . > ./usisp_update.json
echo ‘{“payload”:{“header”:{“channel_header”:{“channel_id”:”syschannel”, “type”:2}},”data”:{“config_update”:’$(cat ./usisp_update.json)’}}}’ | jq . > ./usisp_update_in_envelope.json
7)convert it back to pb format
configtxlator proto_encode --input ./usisp_update_in_envelope.json --type common.Envelope --output ./usisp_update_in_envelope.pb
8) and submit the update
peer channel update -f ./usisp_update_in_envelope.pb -c syschannel -o orderer0-service:7050 --tls --cafile /etc/hyperledger/fabric/tls/server.crt
2022-06-26 10:49:33.889 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'syschannel': initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [usisp],The identity does not contain OU [ADMIN], MSP: [usisp]]
I am attaching configtx for new org and cert generation script.
thanks
now I am trying to edit system channel and getting the following error. any idea about this?
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'syschannel': initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [usisp],The identity does not contain OU [ADMIN], MSP: [usisp]]
the steps I followed to edit the configuration is as follows
1) from new configtx.yaml I printed it to json format
configtxgen -printOrg usisp > ./usisp.json
2)convert sys channel config from pb to json and trim it
configtxlator proto_decode --input syschannel.pb --type common.Block | jq .data.data[0].payload.data.config > sys_config.json
3)append new consortium definition
jq -s ‘.[0] * {“channel_group”:{“groups”:{“Consortiums”:{“groups”: {“CEFI”: {“groups”: {“usisp”:.[1]}, “mod_policy”: “/Channel/Orderer/Admins”, “policies”: {}, “values”: {“ChannelCreationPolicy”: {“mod_policy”: “/Channel/Orderer/Admins”,”value”: {“type”: 3,”value”: {“rule”: “ANY”,”sub_policy”: “Admins”}},”version”: “0”}},”version”: “0”}}}}}}’ ./sys_config.json ./usisp.json > modified_config.json
4)convert original and new config to protobuf format
configtxlator proto_encode --input ./sys_config.json --type common.Config --output ./sys_config.pb
configtxlator proto_encode --input ./modified_config.json --type common.Config --output ./modified_config.pb
5)create protobuf with difference between the two
configtxlator compute_update --channel_id syschannel --original ./sys_config.pb --updated ./modified_config.pb --output ./usisp_update.pb
6)add header and tags
configtxlator proto_decode --input ./usisp_update.pb --type common.ConfigUpdate | jq . > ./usisp_update.json
echo ‘{“payload”:{“header”:{“channel_header”:{“channel_id”:”syschannel”, “type”:2}},”data”:{“config_update”:’$(cat ./usisp_update.json)’}}}’ | jq . > ./usisp_update_in_envelope.json
7)convert it back to pb format
configtxlator proto_encode --input ./usisp_update_in_envelope.json --type common.Envelope --output ./usisp_update_in_envelope.pb
8) and submit the update
peer channel update -f ./usisp_update_in_envelope.pb -c syschannel -o orderer0-service:7050 --tls --cafile /etc/hyperledger/fabric/tls/server.crt
2022-06-26 10:49:33.889 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'syschannel': initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [usisp],The identity does not contain OU [ADMIN], MSP: [usisp]]
I am attaching configtx for new org and cert generation script.
thanks
orderer host need to be fully qualified with domain name. And if orderer is running on a different host, you need to provide that instead of locallhost
along with port number where orderer is listening. Include tls parameter along with orderer ca file location as well.
Regards,
-Satheesh
On Sunday, June 26, 2022 at 10:56:21 AM GMT+5:30, Vijaya Bhaskar <vijaya@...> wrote:
thanks for the reply Satheesh.
I tried the suggestion. the orderer name is just orderer0 so instead of orderer.example.com, I have used just orderer0. (this is correct right?). the error still persists
I tried the suggestion. the orderer name is just orderer0 so instead of orderer.example.com, I have used just orderer0. (this is correct right?). the error still persists
you need to pass orderer details as well:
for e.g., -o localhost:7050 --ordererTLSHostnameOverride orderer.example.com
On Saturday, June 25, 2022, 09:29:38 PM GMT+5:30, Vijaya Bhaskar <vijaya@...> wrote:
Hey guys,
Error: error getting deliver client for channel: failed to create deliver client for peer: deliver client failed to connect to 0.0.0.0:7051: failed to create new connection: connection error: desc = "transport: error while dialing: dial tcp 0.0.0.0:7051: connect: connection refused"
overview of the problem
i need to add a new consortium to a an existing HLF setup.For that i need to fetch config block of the system channel and edit it to add the new consortium info.
I am trying to fetch the system channel config block directly from the orderer pod itself using
"peer channel fetch config sys_config.pb -c syschannel"
I also did try with specifying tls and certs
"peer channel fetch config config_block.pb -c syschannel --tls --cafile ./tls-cert.pem"
(i have copied the tls file of ca to test directory and trying from there)
I am running into connection refused errors shown below
/var/hyperledger/orderer # peer channel fetch config config_block.pb -c syschannel --tls --cafile ./tls-cert.pem
Error: error getting deliver client for channel: failed to create deliver client for peer: deliver client failed to connect to 0.0.0.0:7051: failed to create new connection: connection error: desc = "transport: error while dialing: dial tcp 0.0.0.0:7051: connect: connection refused"
attached is the orderer.yaml file.
Any help will be appreciated
Thanks
Vijaya Bhaskar <vijaya@...>
Hey guys,
Error: error getting deliver client for channel: failed to create deliver client for peer: deliver client failed to connect to 0.0.0.0:7051: failed to create new connection: connection error: desc = "transport: error while dialing: dial tcp 0.0.0.0:7051: connect: connection refused"
overview of the problem
i need to add a new consortium to a an existing HLF setup.For that i need to fetch config block of the system channel and edit it to add the new consortium info.
I am trying to fetch the system channel config block directly from the orderer pod itself using
"peer channel fetch config sys_config.pb -c syschannel"
I also did try with specifying tls and certs
"peer channel fetch config config_block.pb -c syschannel --tls --cafile ./tls-cert.pem"
(i have copied the tls file of ca to test directory and trying from there)
I am running into connection refused errors shown below
/var/hyperledger/orderer # peer channel fetch config config_block.pb -c syschannel --tls --cafile ./tls-cert.pem
Error: error getting deliver client for channel: failed to create deliver client for peer: deliver client failed to connect to 0.0.0.0:7051: failed to create new connection: connection error: desc = "transport: error while dialing: dial tcp 0.0.0.0:7051: connect: connection refused"
attached is the orderer.yaml file.
Any help will be appreciated
Thanks
Vijaya Bhaskar
I would like to mention that this setup is spread between 2 clusters, I am exposing services between clusters to interconnect using skupper.
the current running blockchain is on azure central India cluster and the new cluster where a new consortium of one org to be setup in US-east.
I also tried fetching the system config block from the new cluster with appropriate env variables and certs(shown below).
the current running blockchain is on azure central India cluster and the new cluster where a new consortium of one org to be setup in US-east.
I also tried fetching the system config block from the new cluster with appropriate env variables and certs(shown below).
export FABRIC_LOGGING_SPEC=INFO
export CORE_PEER_ID=orderercli
export CORE_PEER_TLS_ENABLED=true
export ORDERER_CA=/files/crypto-
export CORE_PEER_TLS_CERT_FILE=/
export CORE_PEER_TLS_KEY_FILE=/files/
export CORE_PEER_LOCALMSPID=orderer
export CORE_PEER_TLS_ROOTCERT_FILE=/
export CORE_PEER_MSPCONFIGPATH=/
export CORE_PEER_ADDRESS=orderer0-
and the error I am facing from the new cluster is as below
Error: failed to create deliver client for orderer: orderer client failed to connect to orderer0-service:7050: failed to create new connection: context deadline exceeded
and the error I am facing from the new cluster is as below
Error: failed to create deliver client for orderer: orderer client failed to connect to orderer0-service:7050: failed to create new connection: context deadline exceeded
Vijaya Bhaskar
Hey guys,
Error: error getting deliver client for channel: failed to create deliver client for peer: deliver client failed to connect to 0.0.0.0:7051: failed to create new connection: connection error: desc = "transport: error while dialing: dial tcp 0.0.0.0:7051: connect: connection refused"
overview of the problem
i need to add a new consortium to a an existing HLF setup.For that i need to fetch config block of the system channel and edit it to add the new consortium info.
I am trying to fetch the system channel config block directly from the orderer pod itself using
"peer channel fetch config sys_config.pb -c syschannel"
I also did try with specifying tls and certs
"peer channel fetch config config_block.pb -c syschannel --tls --cafile ./tls-cert.pem"
(i have copied the tls file of ca to test directory and trying from there)
I am running into connection refused errors shown below
/var/hyperledger/orderer # peer channel fetch config config_block.pb -c syschannel --tls --cafile ./tls-cert.pem
Error: error getting deliver client for channel: failed to create deliver client for peer: deliver client failed to connect to 0.0.0.0:7051: failed to create new connection: connection error: desc = "transport: error while dialing: dial tcp 0.0.0.0:7051: connect: connection refused"
attached is the orderer.yaml file.
Any help will be appreciated
Thanks