fablo icon indicating copy to clipboard operation
fablo copied to clipboard
verified publisher icon hyperledger-labs

TLS Not Supported when using CCAAS

Open dpereowei opened this issue 6 months ago • 0 comments

The scope of this problem is to debug and fix the issue with TLS when using CCAAS Fabric Version: "2.5.12"/"3.0.0" Consensus: Raft/BFT (CCAAS is not supported with solo consensus)

The install and package work; I have created helper functions to generate TLS certs for the CCAAS in base-functions-v2/3.sh and mounted them in the container as well.

The problem occurs during Invocation. I have tried invoking via CLI and Rest, and I get the same output.

CLI Invoke fablo chaincode invoke [peer0.org1.example.com.com](http://peer0.org1.example.com/) my-channel1 chaincode1 '{"Args":["KVContract:put", "name", "Willy Wonka"]}'

Output: Executing Fablo Docker command: chaincode Chaincode invoke: CLI: [cli.org1.example.com](http://cli.org1.example.com/) PEERS: peer0.org1.example.com:7041 CHANNEL: my-channel1 CHAINCODE: chaincode1 COMMAND: {"Args":["KVContract:put", "name", "Willy Wonka"]} TRANSIENT: PEER_CERTS: crypto/peers/peer0.org1.example.com/tls/ca.crt CA_CERT: crypto-orderer/tlsca.orderer.example.com-cert.pem 2025-06-20 02:02:56.702 UTC 0001 INFO [chaincodeCmd] InitCmdFactory -> Retrieved channel (my-channel1) orderer endpoint: orderer0.group1.orderer.example.com:7030 Error: endorsement failure during invoke. response: status:500 message:"error in simulation: failed to execute transaction 5f171c9cb2b903d5e18177e5fabb5f3e07bb771f895a49e87bf0c68f623e5eff: could not launch chaincode chaincode1_0.0.1:71270026fa3d01ec377c5a324cf204dce3ff3168b8b5f1d12583a1da717888c5: connection to chaincode1_0.0.1:71270026fa3d01ec377c5a324cf204dce3ff3168b8b5f1d12583a1da717888c5 failed: error cannot create connection for chaincode1_0.0.1:71270026fa3d01ec377c5a324cf204dce3ff3168b8b5f1d12583a1da717888c5: error creating grpc connection to chaincode1_peer0.org1.example.com:7052: failed to create new connection: context deadline exceeded"

Rest Invoke ➜ testing: Invoke localhost:8801/invoke/my-channel1/chaincode1 KVContract:put using provided token: a733a7c0-4d78-11f0-b52a-0780bbc07a22-gordon

Output: {"message":"No valid responses from any peers. Errors: peer=peer0.org1.example.com:7041, status=500, message=error in simulation: failed to execute transaction ad381f2eabea13be0b5d26014039d6db0551430f138a7fe48209a796f186d961: could not launch chaincode chaincode1_0.0.1:4f5782ca4457e993dcb70bcc0babda1364842a5210a7a2bd3d1bed4bbeead29b: connection to chaincode1_0.0.1:4f5782ca4457e993dcb70bcc0babda1364842a5210a7a2bd3d1bed4bbeead29b failed: error cannot create connection for chaincode1_0.0.1:4f5782ca4457e993dcb70bcc0babda1364842a5210a7a2bd3d1bed4bbeead29b: error creating grpc connection to chaincode1_peer0.org1.example.com:7052: failed to create new connection: context deadline exceeded"} :x: failed (rest): Invoke localhost:8801/invoke/my-channel1/chaincode1 KVContract:put | expected: {"response":{"success":"OK"}}

What I have done to investigate:

  • I have tried to ping the cc container from peer and vice versa - successful

  • I have tried to connect via SSL from the peer container to the cc container and vice versa - successful

  • Both containers are up and running

  • I added a step to restart the cc container after cc install, so it restarts with the correct cc_id

  • Mounted the certs in the same directories it would be if it weren't CCAAS

  • and also all the environment variables as well

Relevant files: chaincode-functions-v2.sh base-functions-v2.sh

dpereowei avatar Jun 20 '25 11:06 dpereowei