fabric icon indicating copy to clipboard operation
fabric copied to clipboard
verified publisher icon hyperledger

problem creating orderer/channel on docker

Open HPicatto opened this issue 3 years ago • 2 comments

I'm replicating this tutorial on a machine with centos and it works well till I've to start a the orderer, if I don't add a https://hyperledger-fabric-ca.readthedocs.io/en/latest/operations_guide.html#setup-cas If I follow the instructions as it is, when submitting to the this CLI of ORG1

peer channel create -c mychannel -f /tmp/hyperledger/org1/peer1/assets/channel.tx -o orderer1-org0:7050 --outputBlock /tmp/hyperledger/org1/peer1/assets/mychannel.block --tls --cafile /tmp/hyperledger/org1/peer1/tls-msp/tlscacerts/tls-0-0-0-0-7052.pem I get the error:

2022-04-24 08:24:17.756 UTC [main] InitCmd -> ERRO 03b Cannot run peer because error when setting up MSP of type bccsp from directory /tmp/hyperledger/org1/admin/msp: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [org1MSP],The identity does not contain OU [ADMIN], MSP: [org1MSP]]

If I add a config.yaml file to the MSP folder as this https://hyperledger-fabric-ca.readthedocs.io/en/latest/deployguide/use_CA.html#nodeous suggest it should I cannot even initiate the orderer with this error when I try to do docker-compose up

orderer1-org0 | 2022-04-24 08:15:40.373 UTC [orderer.common.server] initializeServerConfig -> INFO 004 Starting orderer with TLS enabled orderer1-org0 | 2022-04-24 08:15:40.445 UTC [orderer.common.server] Main -> PANI 005 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [org1MSP],The identity does not contain OU [ADMIN], MSP: [org1MSP]] orderer1-org0 | panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: admin 0 is invalid [The identity does not contain OU [CLIENT], MSP: [org1MSP],The identity does not contain OU [ADMIN], MSP: [org1MSP]]

I'm not seeing how to solve this issue. on version 2.2 it is mentioned when deploying an orderer mention a different but possible related PANI 005: https://hyperledger-fabric.readthedocs.io/en/release-2.2/deployorderer/ordererdeploy.html but the solution is just creating the config.yaml and it's not working

Solution: The system channel configuration is missing config.yaml file. If you are creating a new ordering service, the MSPDir referenced in configtx.yaml file is missing the config.yaml file. Follow instructions in the Fabric CA documentation to generate this file and then rerun configtxgen to regenerate the genesis block for the system channel.

thanks

HPicatto avatar Apr 24 '22 08:04 HPicatto

The MSP (based on CORE_PEER_MSPCONFIGPATH) that runs the "peer channel create" command needs to be an orderer admin. This requires the certificate to be generated with an OU of "admin" AND a config.yaml in the MSP indicating AdminOUIdentifier is "admin".

Are you generating the admin identity using cryptogen or Fabric CA client?

If you run https://hyperledger-fabric.readthedocs.io/en/release-2.2/test_network.html tutorial you'll be able to see the required setup.

denyeart avatar Apr 30 '22 12:04 denyeart

I've tried creating them using the msp of the orderer's admin, and get the same error. I've no problem with the test network tutorial, but I don't "deploy" the network, just run the command of the sh. In this other tutorial you are deploying it more or less from the scratch.

HPicatto avatar May 06 '22 09:05 HPicatto