aidtechnology / lf-k8s-hlf-webinar Goto Github PK
View Code? Open in Web Editor NEWMaterial for Webinar "A Hitchhiker's guide to deploying Hyperledger Fabric on Kubernetes"
License: GNU General Public License v3.0
Material for Webinar "A Hitchhiker's guide to deploying Hyperledger Fabric on Kubernetes"
License: GNU General Public License v3.0
Hi, I am deploying a Fabric network on Kubernetes (in Docker Desktop) using the official stable helm charts with a few changes in env variables to support Fabric v1.4.
Here the link:
https://jira.hyperledger.org/browse/FAB-15256
macOS Mojave 10.14.4
Docker Desktop 2.0.0.3 - Engine 18.09.2
Kubernetes v1.10.11 using docker-for-desktop
context (kubectl config current-context)
Using official stable helm charts configuration with a few changes in order to be able to deploy Fabric v1.4
All the steps including registration/enrollment of users through the CA using the org admin; create/fetch/join channel go perfectly through, but the instantiation of the chaincode fails with the error reported in the summary.
Log of the chaincode container attached to the peer:
2019-04-23 10:30:16.848 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 052 2019-04-23 10:30:16.847 UTC [shim] setupChaincodeLogging -> INFO 001 Chaincode (build level: 1.4.1) starting up ...
2019-04-23 10:30:16.848 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 053 2019-04-23 10:30:16.847 UTC [shim] userChaincodeStreamGetter -> DEBU 002 Peer address: org1peer1-hlf-peer:7052
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 054 Error starting Sample chaincode: error trying to connect to local peer: context deadline exceeded2019-04-23 10:30:19.848 UTC [shim] userChaincodeStreamGetter -> ERRO 003 context deadline exceeded
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 055 error trying to connect to local peer
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 056 github.com/hyperledger/fabric/core/chaincode/shim.userChaincodeStreamGetter
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 057 /opt/gopath/src/github.com/hyperledger/fabric/core/chaincode/shim/chaincode.go:112
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 058 github.com/hyperledger/fabric/core/chaincode/shim.Start
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 059 /opt/gopath/src/github.com/hyperledger/fabric/core/chaincode/shim/chaincode.go:151
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05a main.main
2019-04-23 10:30:19.849 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05b /chaincode/input/src/chaincode/mychaincode/main.go:399
2019-04-23 10:30:19.850 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05c runtime.main
2019-04-23 10:30:19.850 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05d /opt/go/src/runtime/proc.go:201
2019-04-23 10:30:19.850 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05e runtime.goexit
2019-04-23 10:30:19.850 UTC [peer.chaincode.nid1-org1peer1-mychaincode-1.0] func2 -> INFO 05f /opt/go/src/runtime/asm_amd64.s:1333
2019-04-23 10:30:20.132 UTC [dockercontroller] func2 -> INFO 060 Container nid1-org1peer1-mychaincode-1.0 has closed its IO channel
2019-04-23 10:30:20.277 UTC [endorser] callChaincode -> INFO 061 [mychannel][f425dbb8] Exit chaincode: name:"lscc" (54274ms)
2019-04-23 10:30:20.277 UTC [endorser] SimulateProposal -> ERRO 062 [mychannel][f425dbb8] failed to invoke chaincode name:"lscc" , error: container exited with 0
github.com/hyperledger/fabric/core/chaincode.(*RuntimeLauncher).Launch.func1
{{/opt/gopath/src/github.com/hyperledger/fabric/core/chaincode/runtime_launcher.go:63}}runtime.goexit{{ /opt/go/src/runtime/asm_amd64.s:1333}}chaincode registration failed
Log on the fabric-tool CLI:
2019-04-23 10:29:26.070 UTC [msp.identity] Sign -> DEBU 0ac Sign: digest: 9E15E09E02EBED2F9D9DEB1F8F556B46F16D6C3D2D796560A2E9DA6EF746E90E
Error: could not assemble transaction, err proposal response was not successful, error code 500, msg chaincode registration failed: container exited with 0
command terminated with exit code 1
The orderer is reachable from the peer (tested using telnet).
I can see the deployed chaincode image has been built.
nid1-org1peer1-mychaincode-1.0-0495160cf7dc458bb21980ff56b0a3383b4426e923a4180af5b7f746f1bcbc39 latest 32c4b74215ce 29 seconds ago 162MB
Note: I am only using Org1MSP.
Other (possibly) useful logs
Peer channel list:
kubectl exec --namespace $namespace $peer_pod – bash -c "CORE_PEER_MSPCONFIGPATH=/var/hyperledger/admin_msp peer channel list"
2019-04-23 11:18:21.117 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Channels peers has joined:
mychannel|
Peer channel info:
kubectl exec --namespace $namespace $peer_pod – bash -c "CORE_PEER_MSPCONFIGPATH=/var/hyperledger/admin_msp peer channel getinfo -c $channel_name"
2019-04-23 11:14:08.734 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Blockchain info:
{"height":1,"currentBlockHash":"quqIAAOOkC/BuMeibGNujlq822y08nJ4/HvDtQ0nZq0="}
PS: If it can be any relevant to this issue the peer keeps logging this delivery block error:
2019-04-23 11:18:21.124 UTC [comm.grpc.server] 1 -> INFO 0b2 unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=10.1.0.1:56708 grpc.code=OK grpc.call_duration=5.0801ms
2019-04-23 11:18:24.085 UTC [ConnProducer] DisableEndpoint -> WARN 0b3 Only 1 endpoint remained, will not black-list it
2019-04-23 11:18:24.094 UTC [blocksProvider] DeliverBlocks -> ERRO 0b4 [mychannel] Got error &{FORBIDDEN}
2019-04-23 11:18:34.096 UTC [ConnProducer] DisableEndpoint -> WARN 0b5 Only 1 endpoint remained, will not black-list it
2019-04-23 11:18:34.112 UTC [blocksProvider] DeliverBlocks -> ERRO 0b6 [mychannel] Got error &{FORBIDDEN}
2019-04-23 11:18:44.079 UTC [ConnProducer] DisableEndpoint -> WARN 0b7 Only 1 endpoint remained, will not black-list it
2019-04-23 11:18:44.088 UTC [blocksProvider] DeliverBlocks -> ERRO 0b8 [mychannel] Got error &{FORBIDDEN}
2019-04-23 11:18:44.088 UTC [blocksProvider] DeliverBlocks -> ERRO 0b9 [mychannel] Wrong statuses threshold passed, stopping block provider
Command: helm install stable/hlf-ca --name org1-ca -f ./helm_values/ca_values.yaml --namespace blockchain
error: Error: validation failed: unable to recognize "": no matches for kind "StatefulSet" in version "apps/v1beta2"
kubeadm,kubelet version is latest version -1.16.3-00
I am learning hyperledger fabric and know basics of k8s. I want to explore setting up hlf in k8s. This project is interesting. Can someone please explain, how to run this same project using minikube in local machine with minimum changes.
Sorry, I have some troubles to read the if-k8s-hlf-webinar. I am confused to which version of the charts(hlf-ord,hlf-peer...) you are using. I got that the image of fabric-network is 1.2.0(1.2.1) by the files of value.yaml. So i choose the following charts:
hlf-ord is 1.2.2v; hlf-peer is 1.2.0v
Action:
Error:
can not create channel
Error Info:create the channel command
Error: got unexpoected status: BAD_REQUEST -- error authorizing update: error validationg DeltaSet: policy for [Group] /Channel/Application not satisfied: Failed to reach implicit threshold of 1 sub-policies, required 1 remaining command terminated with exit code 1
orderer some errors:
Evaluation Failed: Only 0 policies were satisfy policy /Channel/Application/ChannelCreationPolicy ...
I sure the crypto material is OK, because the orderer is running without error and the peer does so.
So i will be appreciated that you spend some time solving the troubles. TY(Thank you)
I have followed the tutorial to the point where one enrolls the ca-administrator with :
kubectl exec -n blockchain $CA_POD -- bash -c 'fabric-ca-client enroll -d -u http://$CA_ADMIN:$CA_PASSWORD@$SERVICE_DNS:7054'
.
However, I get the error:
2019/04/17 20:35:35 [DEBUG] Received response
statusCode=500 (500 Internal Server Error)
Error: Response from server: Error Code: 0 - enroll handler failed to initialize DB: Failed to create user registry for PostgreSQL: Failed to connect to Postgres database. Postgres requires connecting to a specific database, the following databases were tried: [fabric_ca postgres template1]. Please create one of these database before continuing
This is all run in a minikube environement on an Ubuntu 18.04.2 machine. Does anyone know how to fix this?
Thank you for posting this, I am following the README and when I try:
helm install stable/hlf-ca -n ca --namespace blockchain -f ./helm_values/ca_values.yaml
It fails with a CrashLoopBackOff
I have edited the file to use my own hostname previous to running the above.
Deployment of the Fabric CA works and the logs are as follow:
Normal Scheduled 19m default-scheduler Successfully assigned ca-hlf-ca-5947578bcb-4qsbt to notarised-worker-01
Normal SuccessfulMountVolume 19m kubelet, notarised-worker-01 MountVolume.SetUp succeeded for volume "ca-config"
Normal SuccessfulMountVolume 19m kubelet, notarised-worker-01 MountVolume.SetUp succeeded for volume "default-token-mdsk9"
Normal SuccessfulMountVolume 18m kubelet, notarised-worker-01 MountVolume.SetUp succeeded for volume "pvc-571204cd-2a05-11e9-ab9d-96000019be3e"
Normal Created 14m (x5 over 18m) kubelet, notarised-worker-01 Created container
Normal Started 14m (x5 over 18m) kubelet, notarised-worker-01 Started container
Normal Pulled 9m (x7 over 18m) kubelet, notarised-worker-01 Container image "jwilder/dockerize" already present on machine
Warning BackOff 4m (x47 over 17m) kubelet, notarised-worker-01 Back-off restarting failed container
But when I check the logs for the PostgreSql POD are as follows:
Normal Scheduled 21m default-scheduler Successfully assigned ca-postgresql-0 to notarised-worker-01
Normal SuccessfulMountVolume 21m kubelet, notarised-worker-01 MountVolume.SetUp succeeded for volume "custom-init-scripts"
Normal SuccessfulMountVolume 21m kubelet, notarised-worker-01 MountVolume.SetUp succeeded for volume "default-token-mdsk9"
Warning FailedMount 1m (x9 over 19m) kubelet, notarised-worker-01 Unable to mount volumes for pod "ca-postgresql-0_blockchain(5722a670-2a05-11e9-ab9d-96000019be3e)": timeout expired waiting for volumes to attach/mount for pod "blockchain"/"ca-postgresql-0". list of unattached/unmounted volumes=[data]
I am using a PVC using OpenEBS
apiVersion: v1
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: openebs-storage
spec:
storageClassName: openebs-standalone
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
OpenEBS StorageClassName
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: openebs-standalone
annotations:
cas.openebs.io/config: |
- name: ReplicaCount
value: "1"
provisioner: openebs.io/provisioner-iscsi
Desired state HLF-CA to be deployed successfully
Heya,
Kind of stuck at the CA Ingress part - my cURL request times out when the domain is pointed to the CA Ingress IP.
I've created the ingress controller:
$ kubectl get pods -n ingress-controller
NAME READY STATUS RESTARTS AGE
nginx-ingress-controller-6f6f69f94f-mnjzh 1/1 Running 1 1d
nginx-ingress-default-backend-544cfb69fc-xrpsl 1/1 Running 1 1d
I've also created the Ingress for the CA:
$ kubectl get ingresses -n blockchain
NAME HOSTS ADDRESS PORTS AGE
ca-hlf-ca orbix-fabric-ca-3.orbixpay.com 18.197.179.59 80, 443 1d
$ kubectl describe ingress ca-hlf-ca -n blockchain
Name: ca-hlf-ca
Namespace: blockchain
Address: 18.197.179.59
Default backend: default-http-backend:80 (<none>)
TLS:
ca--tls terminates orbix-fabric-ca-3.orbixpay.com
Rules:
Host Path Backends
---- ---- --------
orbix-fabric-ca-3.orbixpay.com
/ ca-hlf-ca:http (<none>)
Annotations:
certmanager.k8s.io/cluster-issuer: letsencrypt-production
kubernetes.io/ingress.class: nginx
Events: <none>
It does have the corresponding backend service:
$ kubectl get services -n blockchain
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
ca-hlf-ca ClusterIP 172.20.234.201 <none> 7054/TCP 1d
ca-postgresql ClusterIP 172.20.136.80 <none> 5432/TCP 1d
ca-postgresql-headless ClusterIP None <none> 5432/TCP 1d
The service has the proper selector:
$ kubectl describe service ca-hlf-ca -n blockchain
Name: ca-hlf-ca
Namespace: blockchain
Labels: app=hlf-ca
chart=hlf-ca-1.1.4
heritage=Tiller
release=ca
Annotations: <none>
Selector: app=hlf-ca,release=ca
Type: ClusterIP
IP: 172.20.234.201
Port: http 7054/TCP
TargetPort: 7054/TCP
Endpoints: 10.0.0.193:7054
Session Affinity: None
Events: <none>
The pod has the proper labels for the selector:
$ kubectl describe pod ca-hlf-ca-798c98c84f-brflq -n blockchain
Name: ca-hlf-ca-798c98c84f-brflq
Namespace: blockchain
Priority: 0
PriorityClassName: <none>
Node: ip-10-0-0-230.eu-central-1.compute.internal/10.0.0.230
Start Time: Tue, 05 Feb 2019 16:52:10 +0200
Labels: app=hlf-ca
chart=hlf-ca-1.1.4
heritage=Tiller
pod-template-hash=3547547409
release=ca
Annotations: <none>
Status: Running
IP: 10.0.0.193
And the service endpoints are correct:
$ kubectl get endpoints -n blockchain
NAME ENDPOINTS AGE
ca-hlf-ca 10.0.0.193:7054 1d
ca-postgresql 10.0.0.196:5432 1d
ca-postgresql-headless 10.0.0.196:5432 1d
I've pointed the domain orbix-fabric-ca-3.orbixpay.com to 18.197.179.59 which is the CA Ingress IP address. When I try to cURL the domain though, it times out:
$ echo ${CA_INGRESS}
orbix-fabric-ca-3.orbixpay.com
$ dig orbix-fabric-ca-3.orbixpay.com +short
18.197.179.59
# This step in the instructions times out
$ curl https://$CA_INGRESS/cainfo
curl: (7) Failed to connect to orbix-fabric-ca-3.orbixpay.com port 443: Connection timed out
Any help is appreciated, thanks :)
Hello, I'm having some issues getting the channel set up. Everything seems to have gone pretty smoothly until I get to the Channel creation.
I run the :
kubectl exec -n blockchain $PEER_POD -- peer channel create -o ord1-hlf-ord.blockchain.svc.cluster.local:7050 -c mychannel -f /hl_config/channel/mychannel.tx
command and it tells me /hl_config/channel/mychannel.tx
could not be found. I created it and attempted to run the command again and received the following error:
2019-11-06 17:03:53.564 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: proto: can't skip unknown wire type 6 for common.Envelope
command terminated with exit code 1
any suggestions on how to continue? Thanks in advance.
Hi Guys,
I am trying to do HLF on kubernetes. I am getting an error in a cert-manager pod which is up and running but when I saw logs of cert-manager pods, It shows something like in attached screenshots.
Kindly look into this issues.
'I1011 11:43:50.747198 1 start.go:79] starting cert-manager v0.5.0 (revision 7924346bd84e41053cc508956b0a1b567c932416)
I1011 11:43:50.747492 1 server.go:84] Listening on http://0.0.0.0:9402
I1011 11:43:50.748407 1 controller.go:126] Using the following nameservers for DNS01 checks: [10.96.0.10:53]
I1011 11:43:50.750399 1 leaderelection.go:175] attempting to acquire leader lease cert-manager/cert-manager-controller...
I1011 11:45:20.198784 1 leaderelection.go:184] successfully acquired lease cert-manager/cert-manager-controller
I1011 11:45:20.199025 1 controller.go:68] Starting certificates controller
I1011 11:45:20.199061 1 controller.go:68] Starting issuers controller
I1011 11:45:20.199112 1 controller.go:68] Starting clusterissuers controller
I1011 11:45:20.199912 1 controller.go:68] Starting ingress-shim controller
I1011 11:49:47.075301 1 controller.go:140] clusterissuers controller: syncing item 'letsencrypt-staging'
I1011 11:49:47.075800 1 logger.go:88] Calling GetAccount
I1011 11:49:52.076363 1 helpers.go:147] Setting lastTransitionTime for ClusterIssuer "letsencrypt-staging" condition "Ready" to 2018-10-11 11:49:52.076342594 +0000 UTC m=+361.344961050
I1011 11:49:52.076599 1 sync.go:71] Error initializing issuer: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
E1011 11:49:52.213777 1 controller.go:149] clusterissuers controller: Re-queuing item "letsencrypt-staging" due to error processing: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout
I1011 11:49:52.224125 1 controller.go:140] clusterissuers controller: syncing item 'letsencrypt-staging'
I1011 11:49:52.224650 1 logger.go:88] Calling GetAccount
I1011 11:49:57.225165 1 sync.go:71] Error initializing issuer: Get https://acme-staging-v02.api.letsencrypt.org/directory: dial tcp: i/o timeout`
Thanks & Regards,
Mamta
I have been trying to follow along lately the activities that have happened in this repository and it's sub repositories but without much involvement unfortunately.
Lately I've had the chance to work with Ansible for automating deployments and I thought that also Hyperledger could be automatically deployed with ansible with the steps provided in this repo.
Initially I have started an Ansible Role which you may find it in this repo: https://github.com/gentios/ansible-hyperledger-fabric
I haven't tested anything yet, but will do so in the following days, I am starting this thread only for discussion and possibly testing and contribution.
Hi guys, thanks again for posting this. I am following the README file and have the following issue after running:
helm install stable/hlf-ca -n ca --namespace blockchain -f ./helm_values/ca_values.yaml
I have edited the file to use my own hostname previous to running the above.
Deployment works, but the ca is not coming up. Running
kubectl logs -n blockchain $CA_POD
results in the following error:
2018/12/15 09:05:03 [DEBUG] CA Home Directory: /var/hyperledger/fabric-ca
2018/12/15 09:05:03 [DEBUG] Checking configuration file version '1.3.0' against server version: '1.2.0-stable'
2018/12/15 09:05:03 [DEBUG] Closing server DBs
Error: Configuration file version '1.3.0' is higher than server version '1.2.0-stable'
Upon seeing this I have tried to connect to the pod (interactive shell), but this is also not possible as the Pod is in the following error state:
pod has unbound PersistentVolumeClaims
Unable to mount volumes for pod "ca-hlf-ca-798c98c84f-258tl_blockchain(45e33956-0047-11e9-bfa6-8666818dfc0c)": timeout expired waiting for volumes to attach or mount for pod "blockchain"/"ca-hlf-ca-798c98c84f-258tl". list of unmounted volumes=[data]. list of unattached volumes=[data ca-config default-token-b9n8t]
Back-off restarting failed container
Pod is coming up as required and is in running state
Would appreciate some feedback on this. If it helps I have had a similar issue which was related to the storageClassName property being set to "standard", whereas in Azure Kubernetes Service (AKS) the default storageClassName is "default". However I wasnt able to find this in the ca deployment, I am too inexperienced in K8s :)
Thanks for this Webinar its been really helpful & informative.
Just wondering if you could share steps on how to install chaincode on peers?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.