aidtechnology / lf-k8s-hlf-webinar Goto Github PK

View Code? Open in Web Editor NEW

127.0 127.0 69.0 40 KB

Material for Webinar "A Hitchhiker's guide to deploying Hyperledger Fabric on Kubernetes"

License: GNU General Public License v3.0

lf-k8s-hlf-webinar's People

Contributors

Stargazers

Watchers

Forkers

mdaguete minhlh kalyserge kleniu anandbanik roydeboys rohitrepo1 altoplano guangyingyuan x4e-salvi knagware9 emailmukeshn srinivasank tenfleques juarezjuniorgithub dipakyadav piyushkumar96 karthikworld vgeorgio jeanpierremilan coolsvap plucena cristi- jannikhuels marek5050 inuua swat-wanna lxb325710 brycebudd alanhs ninformations jhedden asurirk jvalentik ygnr pkulkarni01 reconbug smitachaudhari gesaleh akoita irespaldiza binnyrs ajenie7868 dpk28 artdatai enpilab momyre hybridindie appbootup hrkenshin serial-coder raaj27 reemasomish mosfet1kg shubham184 sanusatyadarshi sudeepjc jchen8tw-research sunnysingh97g acrowise martinnzioka leo8a rajshrimohanks trinayanbhatt ywsfay vgrme arundobby1989 quseit archanaarige

lf-k8s-hlf-webinar's Issues

error trying to connect to local peer: userChaincodeStreamGetter -> ERRO 003 context deadline exceeded

Hi, I am deploying a Fabric network on Kubernetes (in Docker Desktop) using the official stable helm charts with a few changes in env variables to support Fabric v1.4.

I have created a ticket on the official Hyperledger Jira, where you can see more details of the issue that is still without a solution (or at least that I can replicate). Unluckily that ticket has been closed due to the fact this project is not officially endorsed and recognised by Fabric maintainers.

Here the link:
https://jira.hyperledger.org/browse/FAB-15256

Environment

macOS Mojave 10.14.4
Docker Desktop 2.0.0.3 - Engine 18.09.2
Kubernetes v1.10.11 using docker-for-desktop context (kubectl config current-context)
Using official stable helm charts configuration with a few changes in order to be able to deploy Fabric v1.4

All the steps including registration/enrollment of users through the CA using the org admin; create/fetch/join channel go perfectly through, but the instantiation of the chaincode fails with the error reported in the summary.

Steps

Create a new Kubernetes namespace
Deploy CA with official stable helm charts, hlf-ca, (using a PostgreSQL DB underneath)
Generate cryptos for Org1MSP admin, peer and orderer (solo)
Deploy Peer (with couchdb) and Orderer with official stable helm charts, hlf-peer and hlf-ord
Execute create/fetch/join channel commands from the peer
Deploy CLI using fabric-tools
Run install chaincode from CLI using peer credentials
Run instantiate chaincode from CLI using peer credentials -> error

Error

Log of the chaincode container attached to the peer:

2019-04-23 10:30:16.848 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 052 2019-04-23 10:30:16.847 UTC [shim] setupChaincodeLogging -> INFO 001 Chaincode (build level: 1.4.1) starting up ...
2019-04-23 10:30:16.848 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 053 2019-04-23 10:30:16.847 UTC [shim] userChaincodeStreamGetter -> DEBU 002 Peer address: org1peer1-hlf-peer:7052
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 054 Error starting Sample chaincode: error trying to connect to local peer: context deadline exceeded2019-04-23 10:30:19.848 UTC [shim] userChaincodeStreamGetter -> ERRO 003 context deadline exceeded
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 055 error trying to connect to local peer
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 056 github.com/hyperledger/fabric/core/chaincode/shim.userChaincodeStreamGetter
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 057 /opt/gopath/src/github.com/hyperledger/fabric/core/chaincode/shim/chaincode.go:112
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 058 github.com/hyperledger/fabric/core/chaincode/shim.Start
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 059 /opt/gopath/src/github.com/hyperledger/fabric/core/chaincode/shim/chaincode.go:151
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05a main.main
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05b /chaincode/input/src/chaincode/mychaincode/main.go:399
2019-04-23 10:30:19.850 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05c runtime.main
2019-04-23 10:30:19.850 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05d /opt/go/src/runtime/proc.go:201
2019-04-23 10:30:19.850 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05e runtime.goexit
2019-04-23 10:30:19.850 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05f /opt/go/src/runtime/asm_amd64.s:1333
2019-04-23 10:30:20.132 UTC [dockercontroller] func2 -> INFO 060 Container nid1-org1peer1-mychaincode-1.0 has closed its IO channel
2019-04-23 10:30:20.277 UTC [endorser] callChaincode -> INFO 061 [mychannel][f425dbb8] Exit chaincode: name:"lscc" (54274ms)
2019-04-23 10:30:20.277 UTC [endorser] SimulateProposal -> ERRO 062 [mychannel][f425dbb8] failed to invoke chaincode name:"lscc" , error: container exited with 0
github.com/hyperledger/fabric/core/chaincode.(*RuntimeLauncher).Launch.func1
{{/opt/gopath/src/github.com/hyperledger/fabric/core/chaincode/runtime_launcher.go:63}}runtime.goexit{{ /opt/go/src/runtime/asm_amd64.s:1333}}chaincode registration failed

Log on the fabric-tool CLI:

2019-04-23 10:29:26.070 UTC [msp.identity] Sign -> DEBU 0ac Sign: digest: 9E15E09E02EBED2F9D9DEB1F8F556B46F16D6C3D2D796560A2E9DA6EF746E90E
Error: could not assemble transaction, err proposal response was not successful, error code 500, msg chaincode registration failed: container exited with 0
command terminated with exit code 1

The orderer is reachable from the peer (tested using telnet).

I can see the deployed chaincode image has been built.
nid1-org1peer1-mychaincode-1.0-0495160cf7dc458bb21980ff56b0a3383b4426e923a4180af5b7f746f1bcbc39 latest 32c4b74215ce 29 seconds ago 162MB

Note: I am only using Org1MSP.

Other (possibly) useful logs

Peer channel list:

kubectl exec --namespace $namespace $peer_pod – bash -c "CORE_PEER_MSPCONFIGPATH=/var/hyperledger/admin_msp peer channel list"
2019-04-23 11:18:21.117 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Channels peers has joined:
mychannel|

Peer channel info:

kubectl exec --namespace $namespace $peer_pod – bash -c "CORE_PEER_MSPCONFIGPATH=/var/hyperledger/admin_msp peer channel getinfo -c $channel_name"
2019-04-23 11:14:08.734 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Blockchain info:

{"height":1,"currentBlockHash":"quqIAAOOkC/BuMeibGNujlq822y08nJ4/HvDtQ0nZq0="}

PS: If it can be any relevant to this issue the peer keeps logging this delivery block error:

2019-04-23 11:18:21.124 UTC [comm.grpc.server] 1 -> INFO 0b2 unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=10.1.0.1:56708 grpc.code=OK grpc.call_duration=5.0801ms
2019-04-23 11:18:24.085 UTC [ConnProducer] DisableEndpoint -> WARN 0b3 Only 1 endpoint remained, will not black-list it
2019-04-23 11:18:24.094 UTC [blocksProvider] DeliverBlocks -> ERRO 0b4 [mychannel] Got error &{FORBIDDEN}
2019-04-23 11:18:34.096 UTC [ConnProducer] DisableEndpoint -> WARN 0b5 Only 1 endpoint remained, will not black-list it
2019-04-23 11:18:34.112 UTC [blocksProvider] DeliverBlocks -> ERRO 0b6 [mychannel] Got error &{FORBIDDEN}
2019-04-23 11:18:44.079 UTC [ConnProducer] DisableEndpoint -> WARN 0b7 Only 1 endpoint remained, will not black-list it
2019-04-23 11:18:44.088 UTC [blocksProvider] DeliverBlocks -> ERRO 0b8 [mychannel] Got error &{FORBIDDEN}
2019-04-23 11:18:44.088 UTC [blocksProvider] DeliverBlocks -> ERRO 0b9 [mychannel] Wrong statuses threshold passed, stopping block provider

hlf-ca installation

Command: helm install stable/hlf-ca --name org1-ca -f ./helm_values/ca_values.yaml --namespace blockchain
error: Error: validation failed: unable to recognize "": no matches for kind "StatefulSet" in version "apps/v1beta2"

kubeadm,kubelet version is latest version -1.16.3-00

Is it possible to run this project in minikube | local machine.

I am learning hyperledger fabric and know basics of k8s. I want to explore setting up hlf in k8s. This project is interesting. Can someone please explain, how to run this same project using minikube in local machine with minimum changes.

Which version of the Hyperledger Fabrics are supported?

Sorry, I have some troubles to read the if-k8s-hlf-webinar. I am confused to which version of the charts(hlf-ord,hlf-peer...) you are using. I got that the image of fabric-network is 1.2.0(1.2.1) by the files of value.yaml. So i choose the following charts:
hlf-ord is 1.2.2v; hlf-peer is 1.2.0v
Action:

use the fabric-tool creates the crypto material
follow the values.yaml to fill some params
launch the fabric-network(1.2 version) successful

Error:
can not create channel
Error Info：create the channel command
Error: got unexpoected status: BAD_REQUEST -- error authorizing update: error validationg DeltaSet: policy for [Group] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining command terminated with exit code 1

orderer some errors:
Evaluation Failed: Only 0 policies were satisfy policy /Channel/Application/ChannelCreationPolicy ...

I sure the crypto material is OK, because the orderer is running without error and the peer does so.
So i will be appreciated that you spend some time solving the troubles. TY(Thank you)

Failed to connect to postgres database

I have followed the tutorial to the point where one enrolls the ca-administrator with :
kubectl exec -n blockchain $CA_POD -- bash -c 'fabric-ca-client enroll -d -u http://$CA_ADMIN:$CA_PASSWORD@$SERVICE_DNS:7054'.

However, I get the error:

2019/04/17 20:35:35 [DEBUG] Received response
statusCode=500 (500 Internal Server Error)
Error: Response from server: Error Code: 0 - enroll handler failed to initialize DB: Failed to create user registry for PostgreSQL: Failed to connect to Postgres database. Postgres requires connecting to a specific database, the following databases were tried: [fabric_ca postgres template1]. Please create one of these database before continuing

This is all run in a minikube environement on an Ubuntu 18.04.2 machine. Does anyone know how to fix this?

hlf-ca not deployed correctly in a custom Cluster

Thank you for posting this, I am following the README and when I try:

helm install stable/hlf-ca -n ca --namespace blockchain -f ./helm_values/ca_values.yaml

It fails with a CrashLoopBackOff
I have edited the file to use my own hostname previous to running the above.

Current state/repro steps:

Deployment of the Fabric CA works and the logs are as follow:

Normal   Scheduled              19m                default-scheduler             Successfully assigned ca-hlf-ca-5947578bcb-4qsbt to notarised-worker-01
  Normal   SuccessfulMountVolume  19m                kubelet, notarised-worker-01  MountVolume.SetUp succeeded for volume "ca-config"
  Normal   SuccessfulMountVolume  19m                kubelet, notarised-worker-01  MountVolume.SetUp succeeded for volume "default-token-mdsk9"
  Normal   SuccessfulMountVolume  18m                kubelet, notarised-worker-01  MountVolume.SetUp succeeded for volume "pvc-571204cd-2a05-11e9-ab9d-96000019be3e"
  Normal   Created                14m (x5 over 18m)  kubelet, notarised-worker-01  Created container
  Normal   Started                14m (x5 over 18m)  kubelet, notarised-worker-01  Started container
  Normal   Pulled                 9m (x7 over 18m)   kubelet, notarised-worker-01  Container image "jwilder/dockerize" already present on machine
  Warning  BackOff                4m (x47 over 17m)  kubelet, notarised-worker-01  Back-off restarting failed container

But when I check the logs for the PostgreSql POD are as follows:

  Normal   Scheduled              21m               default-scheduler             Successfully assigned ca-postgresql-0 to notarised-worker-01
  Normal   SuccessfulMountVolume  21m               kubelet, notarised-worker-01  MountVolume.SetUp succeeded for volume "custom-init-scripts"
  Normal   SuccessfulMountVolume  21m               kubelet, notarised-worker-01  MountVolume.SetUp succeeded for volume "default-token-mdsk9"
  Warning  FailedMount            1m (x9 over 19m)  kubelet, notarised-worker-01  Unable to mount volumes for pod "ca-postgresql-0_blockchain(5722a670-2a05-11e9-ab9d-96000019be3e)": timeout expired waiting for volumes to attach/mount for pod "blockchain"/"ca-postgresql-0". list of unattached/unmounted volumes=[data]

I am using a PVC using OpenEBS

apiVersion: v1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: openebs-storage
spec:
  storageClassName: openebs-standalone
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi

OpenEBS StorageClassName

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: openebs-standalone
  annotations:
    cas.openebs.io/config: |
      - name: ReplicaCount
        value: "1"
provisioner: openebs.io/provisioner-iscsi

Desired state:

Desired state HLF-CA to be deployed successfully

CA Ingress doesn't resolve

Heya,

Kind of stuck at the CA Ingress part - my cURL request times out when the domain is pointed to the CA Ingress IP.

I've created the ingress controller:

$ kubectl get pods -n ingress-controller
NAME                                             READY   STATUS    RESTARTS   AGE
nginx-ingress-controller-6f6f69f94f-mnjzh        1/1     Running   1          1d
nginx-ingress-default-backend-544cfb69fc-xrpsl   1/1     Running   1          1d

I've also created the Ingress for the CA:

$ kubectl get ingresses -n blockchain
NAME        HOSTS                            ADDRESS         PORTS     AGE
ca-hlf-ca   orbix-fabric-ca-3.orbixpay.com   18.197.179.59   80, 443   1d

$ kubectl describe ingress ca-hlf-ca -n blockchain
Name:             ca-hlf-ca
Namespace:        blockchain
Address:          18.197.179.59
Default backend:  default-http-backend:80 (<none>)
TLS:
  ca--tls terminates orbix-fabric-ca-3.orbixpay.com
Rules:
  Host                            Path  Backends
  ----                            ----  --------
  orbix-fabric-ca-3.orbixpay.com  
                                  /   ca-hlf-ca:http (<none>)
Annotations:
  certmanager.k8s.io/cluster-issuer:  letsencrypt-production
  kubernetes.io/ingress.class:        nginx
Events:                               <none>

It does have the corresponding backend service:

$ kubectl get services -n blockchain
NAME                     TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
ca-hlf-ca                ClusterIP   172.20.234.201   <none>        7054/TCP   1d
ca-postgresql            ClusterIP   172.20.136.80    <none>        5432/TCP   1d
ca-postgresql-headless   ClusterIP   None             <none>        5432/TCP   1d

The service has the proper selector:

$ kubectl describe service ca-hlf-ca -n blockchain
Name:              ca-hlf-ca
Namespace:         blockchain
Labels:            app=hlf-ca
                   chart=hlf-ca-1.1.4
                   heritage=Tiller
                   release=ca
Annotations:       <none>
Selector:          app=hlf-ca,release=ca
Type:              ClusterIP
IP:                172.20.234.201
Port:              http  7054/TCP
TargetPort:        7054/TCP
Endpoints:         10.0.0.193:7054
Session Affinity:  None
Events:            <none>

The pod has the proper labels for the selector:

$ kubectl describe pod ca-hlf-ca-798c98c84f-brflq -n blockchain
Name:               ca-hlf-ca-798c98c84f-brflq
Namespace:          blockchain
Priority:           0
PriorityClassName:  <none>
Node:               ip-10-0-0-230.eu-central-1.compute.internal/10.0.0.230
Start Time:         Tue, 05 Feb 2019 16:52:10 +0200
Labels:             app=hlf-ca
                    chart=hlf-ca-1.1.4
                    heritage=Tiller
                    pod-template-hash=3547547409
                    release=ca
Annotations:        <none>
Status:             Running
IP:                 10.0.0.193

And the service endpoints are correct:

$ kubectl get endpoints -n blockchain
NAME                     ENDPOINTS         AGE
ca-hlf-ca                10.0.0.193:7054   1d
ca-postgresql            10.0.0.196:5432   1d
ca-postgresql-headless   10.0.0.196:5432   1d

I've pointed the domain orbix-fabric-ca-3.orbixpay.com to 18.197.179.59 which is the CA Ingress IP address. When I try to cURL the domain though, it times out:

$ echo ${CA_INGRESS}
orbix-fabric-ca-3.orbixpay.com

$ dig orbix-fabric-ca-3.orbixpay.com +short
18.197.179.59

# This step in the instructions times out
$ curl https://$CA_INGRESS/cainfo
curl: (7) Failed to connect to orbix-fabric-ca-3.orbixpay.com port 443: Connection timed out

Any help is appreciated, thanks :)

Error: proto: can't skip unknown wire type 6 for common.Envelope

Hello, I'm having some issues getting the channel set up. Everything seems to have gone pretty smoothly until I get to the Channel creation.

I run the :

kubectl exec -n blockchain $PEER_POD -- peer channel create -o ord1-hlf-ord.blockchain.svc.cluster.local:7050 -c mychannel -f /hl_config/channel/mychannel.tx

command and it tells me /hl_config/channel/mychannel.tx could not be found. I created it and attempted to run the command again and received the following error:

2019-11-06 17:03:53.564 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: proto: can't skip unknown wire type 6 for common.Envelope
command terminated with exit code 1

any suggestions on how to continue? Thanks in advance.

cert-manager error

Hi Guys,

I am trying to do HLF on kubernetes. I am getting an error in a cert-manager pod which is up and running but when I saw logs of cert-manager pods, It shows something like in attached screenshots.
Kindly look into this issues.

'I1011 11:43:50.747198 1 start.go:79] starting cert-manager v0.5.0 (revision 7924346bd84e41053cc508956b0a1b567c932416)
I1011 11:43:50.747492 1 server.go:84] Listening on http://0.0.0.0:9402
I1011 11:43:50.748407 1 controller.go:126] Using the following nameservers for DNS01 checks: [10.96.0.10:53]
I1011 11:43:50.750399 1 leaderelection.go:175] attempting to acquire leader lease cert-manager/cert-manager-controller...
I1011 11:45:20.198784 1 leaderelection.go:184] successfully acquired lease cert-manager/cert-manager-controller
I1011 11:45:20.199025 1 controller.go:68] Starting certificates controller
I1011 11:45:20.199061 1 controller.go:68] Starting issuers controller
I1011 11:45:20.199112 1 controller.go:68] Starting clusterissuers controller
I1011 11:45:20.199912 1 controller.go:68] Starting ingress-shim controller
I1011 11:49:47.075301 1 controller.go:140] clusterissuers controller: syncing item 'letsencrypt-staging'
I1011 11:49:47.075800 1 logger.go:88] Calling GetAccount
I1011 11:49:52.076363 1 helpers.go:147] Setting lastTransitionTime for ClusterIssuer "letsencrypt-staging" condition "Ready" to 2018-10-11 11:49:52.076342594 +0000 UTC m=+361.344961050
I1011 11:49:52.076599 1 sync.go:71] Error initializing issuer: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
E1011 11:49:52.213777 1 controller.go:149] clusterissuers controller: Re-queuing item "letsencrypt-staging" due to error processing: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
I1011 11:49:52.224125 1 controller.go:140] clusterissuers controller: syncing item 'letsencrypt-staging'
I1011 11:49:52.224650 1 logger.go:88] Calling GetAccount
I1011 11:49:57.225165 1 sync.go:71] Error initializing issuer: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout`

Thanks & Regards,
Mamta

Automating deployment with Ansible

I have been trying to follow along lately the activities that have happened in this repository and it's sub repositories but without much involvement unfortunately.

Lately I've had the chance to work with Ansible for automating deployments and I thought that also Hyperledger could be automatically deployed with ansible with the steps provided in this repo.

Initially I have started an Ansible Role which you may find it in this repo: https://github.com/gentios/ansible-hyperledger-fabric

I haven't tested anything yet, but will do so in the following days, I am starting this thread only for discussion and possibly testing and contribution.

Hlf-ca not deploying correctly in AKS

Hi guys, thanks again for posting this. I am following the README file and have the following issue after running:
helm install stable/hlf-ca -n ca --namespace blockchain -f ./helm_values/ca_values.yaml
I have edited the file to use my own hostname previous to running the above.

Current state/repro steps:

Deployment works, but the ca is not coming up. Running
kubectl logs -n blockchain $CA_POD
results in the following error:

2018/12/15 09:05:03 [DEBUG] CA Home Directory: /var/hyperledger/fabric-ca
2018/12/15 09:05:03 [DEBUG] Checking configuration file version '1.3.0' against server version: '1.2.0-stable'
2018/12/15 09:05:03 [DEBUG] Closing server DBs
Error: Configuration file version '1.3.0' is higher than server version '1.2.0-stable'

Upon seeing this I have tried to connect to the pod (interactive shell), but this is also not possible as the Pod is in the following error state:

pod has unbound PersistentVolumeClaims 
Unable to mount volumes for pod "ca-hlf-ca-798c98c84f-258tl_blockchain(45e33956-0047-11e9-bfa6-8666818dfc0c)": timeout expired waiting for volumes to attach or mount for pod "blockchain"/"ca-hlf-ca-798c98c84f-258tl". list of unmounted volumes=[data]. list of unattached volumes=[data ca-config default-token-b9n8t] 
Back-off restarting failed container

Desired state:

Pod is coming up as required and is in running state

Would appreciate some feedback on this. If it helps I have had a similar issue which was related to the storageClassName property being set to "standard", whereas in Azure Kubernetes Service (AKS) the default storageClassName is "default". However I wasnt able to find this in the ca deployment, I am too inexperienced in K8s :)

How to install chaincode?

Thanks for this Webinar its been really helpful & informative.

Just wondering if you could share steps on how to install chaincode on peers?

aidtechnology / lf-k8s-hlf-webinar Goto Github PK

lf-k8s-hlf-webinar's People

Contributors

Stargazers

Watchers

Forkers

lf-k8s-hlf-webinar's Issues

Environment

Steps

Error

Current state/repro steps:

Desired state:

Current state/repro steps:

Desired state:

Recommend Projects

Recommend Topics

Recommend Org