I followed the tutorial
https://docs.aws.amazon.com/ja_jp/managed-blockchain/latest/hyperledger-fabric-dev/managed-blockchain-get-started-tutorial.html
and completed Step 1 to Step 7, and successfully deployed the chaincode to the network.
Here is the query result:
$ peer lifecycle chaincode queryinstalled
Installed chaincodes on peer:
Package ID: abctest_1.0:957504a77be8fdbcaf6fac1707822f1620442d7a93f8c5d96f8b788ddda79022, Label: abctest_1.0
fabric-ca-client tools enroll the admin and got the admin_msp like this:
$ tree
.
├── admin-msp
│ ├── IssuerPublicKey
│ ├── IssuerRevocationPublicKey
│ ├── admincerts
│ │ └── cert.pem
│ ├── cacerts
│ │ └── ca-m-bz5qr6rhcveqxfjyjfrtaioe5e-n-j2ib55zmyree5fieloktt3ttim-managedblockchain-ap-northeast-1-amazonaws-com-30002.pem
│ ├── keystore
│ │ ├── 3e7e4b7f840f8a209b178afefb63e207f336cfd7101c612d8a8acefda8a59504_sk
│ │ ├── c8be8052c5888e713b82317296f0a636a07c6375fcb922cb06833f8ebffa6139_sk
│ │ └── e12f734b4044befcce7fae67c394fff9416123414814c3553dab1036b99361b9_sk
│ ├── signcerts
│ │ └── cert.pem
│ └── user
└── fabric-ca-client-config.yaml
i try to write a client application to connect the network.
import FabricCAServices from "fabric-ca-client";
import * as config from "./config";
import { Gateway, GatewayOptions, Wallets, Wallet } from "fabric-network";
import * as path from "path";
const createWallet = async (): Promise<Wallet> => {
const walletPath = path.resolve(process.cwd(), "wallet");
const wallet = await buildWallet(walletPath);
return wallet;
};
const buildWallet = async (walletPath: string): Promise<Wallet> => {
let wallet: Wallet;
if (walletPath) {
wallet = await Wallets.newFileSystemWallet(walletPath);
} else {
wallet = await Wallets.newInMemoryWallet();
}
return wallet;
};
const buildCAClient = (
ccp: Record<string, any>,
caHostName: string
): FabricCAServices => {
// Create a new CA client for interacting with the CA.
const caInfo = ccp.certificateAuthorities[caHostName]; // lookup CA details from config
const caTLSCACerts = caInfo.tlsCACerts.pem;
const caClient = new FabricCAServices(
caInfo.url,
{ trustedRoots: caTLSCACerts, verify: false },
caInfo.caName
);
return caClient;
};
const enrollAdmin = async (
caClient: FabricCAServices,
wallet: Wallet,
orgMspId: string
): Promise<void> => {
try {
// Check to see if we've already enrolled the admin user.
const identity = await wallet.get(config.adminUserId);
if (identity) {
return;
}
// Enroll the admin user, and import the new identity into the wallet.
const enrollment = await caClient.enroll({
enrollmentID: config.adminUserId,
enrollmentSecret: config.adminUserPasswd,
});
const x509Identity = {
credentials: {
certificate: enrollment.certificate,
privateKey: enrollment.key.toBytes(),
},
mspId: orgMspId,
type: "X.509",
};
await wallet.put(config.adminUserId, x509Identity);
console.log(
"Successfully enrolled admin user and imported it into the wallet"
);
} catch (error) {
console.error(`Failed to enroll admin user : ${error}`);
}
};
const createGateway = async (
connectionProfile: Record<string, any>,
identity: string,
wallet: Wallet
): Promise<Gateway> => {
const gateway = new Gateway();
const options: GatewayOptions = {
wallet,
identity,
discovery: { enabled: false, asLocalhost: true },
};
await gateway.connect(connectionProfile, options);
return gateway;
};
async function main() {
const wallet = await createWallet();
const ccp = config.connectionProfile;
const caClient = buildCAClient(ccp, config.caHostName); // ca.org.SDL.aws.com
await enrollAdmin(caClient, wallet, config.adminUserId);
const gatewayOrg1 = await createGateway(
config.connectionProfile,
config.adminUserId,
wallet
);
}
main();
Also I use this template to generate connect profile.
{
"name": "${NETWORKNAME}-${MEMBERNAME}",
"version": "1.0.0",
"client": {
"organization": "${MEMBERNAME}",
"connection": {
"timeout": {
"peer": {
"endorser": "300"
}
}
}
},
"organizations": {
"${MEMBERNAME}": {
"mspid": "${MEMBERID}",
"peers": ["peer0.org.${MEMBERNAME}.aws.com"],
"certificateAuthorities": ["ca.org.${MEMBERNAME}.aws.com"]
}
},
"peers": {
"peer0.org.${MEMBERNAME}.aws.com": {
"url": "grpcs://${PEERSERVICEENDPOINT}",
"tlsCACerts": {
"pem": "${PEERPEM}"
},
"grpcOptions": {
"ssl-target-name-override": "peer0.org.${MEMBERNAME}.aws.com",
"hostnameOverride": "peer0.org.${MEMBERNAME}.aws.com"
}
}
},
"certificateAuthorities": {
"ca.org.${MEMBERNAME}.aws.com": {
"url": "https://${CASERVICEENDPOINT}",
"caName": "${MEMBERID}",
"tlsCACerts": {
"pem": ["${CAPEM}"]
},
"httpOptions": {
"verify": false
}
}
}
}
the $PEERPEM = admin_msp/signcerts/cert.pem and $CAPEM= admin_msp/signcerts/cert.pem
the finnal connect profile:
{
"name": "LocalCoinNetwork-SDL",
"version": "1.0.0",
"client": {
"organization": "SDL",
"connection": {
"timeout": {
"peer": {
"endorser": "300"
}
}
}
},
"organizations": {
"SDL": {
"mspid": "m-BZ5QR6RHCVEQXFJYJFRTAIOE5E",
"peers": ["peer0.org.SDL.aws.com"],
"certificateAuthorities": ["ca.org.SDL.aws.com"]
}
},
"peers": {
"peer0.org.SDL.aws.com": {
"url": "grpcs://nd-wup4jgvqsvhwharbvdpg6yvr3y.m-bz5qr6rhcveqxfjyjfrtaioe5e.n-j2ib55zmyree5fieloktt3ttim.managedblockchain.ap-northeast-1.amazonaws.com:30003",
"tlsCACerts": {
"pem": "-----BEGIN CERTIFICATE-----\nMIIC8zCCApmgAwIBAgIUE37UHZ+ceYFu28QAwGXteREOfWEwCgYIKoZIzj0EAwIw\ngawxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdT\nZWF0dGxlMSIwIAYDVQQKExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMSIwIAYD\nVQQLExlBbWF6b24gTWFuYWdlZCBCbG9ja2NoYWluMS4wLAYDVQQDEyVTREwgQW1h\nem9uIE1hbmFnZWQgQmxvY2tjaGFpbiBSb290IENBMB4XDTIzMDMyNzE2MzAwMFoX\nDTMzMDMyNDE2MzUwMFowaTELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENh\ncm9saW5hMRQwEgYDVQQKEwtIeXBlcmxlZGdlcjEbMAoGA1UECxMDU0RMMA0GA1UE\nCxMGY2xpZW50MQ4wDAYDVQQDEwVhZG1pbjBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABOR5XwEVuPWPFm1v9sgEtFRs847Vj4ArM7olxLBNh32DUG/ZLYETec2WJwS9\nYIXYXw8ovl+GrGbpn4rFCSDDZyyjgdowgdcwDgYDVR0PAQH/BAQDAgeAMAwGA1Ud\nEwEB/wQCMAAwHQYDVR0OBBYEFFVmufxkUSshWeZKubaR99QdMu6hMB8GA1UdIwQY\nMBaAFIeBsKCQ8SWeJS6JPxVpSm5Zwg5ZMBoGA1UdEQQTMBGCD2lwLTEwLTAtMTY4\nLTI0NzBbBggqAwQFBgcIAQRPeyJhdHRycyI6eyJoZi5BZmZpbGlhdGlvbiI6IlNE\nTCIsImhmLkVucm9sbG1lbnRJRCI6ImFkbWluIiwiaGYuVHlwZSI6ImNsaWVudCJ9\nfTAKBggqhkjOPQQDAgNIADBFAiEAvf+z1GDS9roj1XcH4yMwyJKaYpxeQK/4YTul\nu7CVX2ECIFfQvMj5lBQZUH6/C1B0T1p+5IYtukpcKf9rS4n6k1hE\n-----END CERTIFICATE-----\n"
},
"grpcOptions": {
"ssl-target-name-override": "peer0.org.SDL.aws.com",
"hostnameOverride": "peer0.org.SDL.aws.com"
}
}
},
"certificateAuthorities": {
"ca.org.SDL.aws.com": {
"url": "https://ca.m-bz5qr6rhcveqxfjyjfrtaioe5e.n-j2ib55zmyree5fieloktt3ttim.managedblockchain.ap-northeast-1.amazonaws.com:30002",
"caName": "m-BZ5QR6RHCVEQXFJYJFRTAIOE5E",
"tlsCACerts": {
"pem": [
"-----BEGIN CERTIFICATE-----\nMIIC8zCCApmgAwIBAgIUE37UHZ+ceYFu28QAwGXteREOfWEwCgYIKoZIzj0EAwIw\ngawxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdT\nZWF0dGxlMSIwIAYDVQQKExlBbWF6b24gV2ViIFNlcnZpY2VzLCBJbmMuMSIwIAYD\nVQQLExlBbWF6b24gTWFuYWdlZCBCbG9ja2NoYWluMS4wLAYDVQQDEyVTREwgQW1h\nem9uIE1hbmFnZWQgQmxvY2tjaGFpbiBSb290IENBMB4XDTIzMDMyNzE2MzAwMFoX\nDTMzMDMyNDE2MzUwMFowaTELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENh\ncm9saW5hMRQwEgYDVQQKEwtIeXBlcmxlZGdlcjEbMAoGA1UECxMDU0RMMA0GA1UE\nCxMGY2xpZW50MQ4wDAYDVQQDEwVhZG1pbjBZMBMGByqGSM49AgEGCCqGSM49AwEH\nA0IABOR5XwEVuPWPFm1v9sgEtFRs847Vj4ArM7olxLBNh32DUG/ZLYETec2WJwS9\nYIXYXw8ovl+GrGbpn4rFCSDDZyyjgdowgdcwDgYDVR0PAQH/BAQDAgeAMAwGA1Ud\nEwEB/wQCMAAwHQYDVR0OBBYEFFVmufxkUSshWeZKubaR99QdMu6hMB8GA1UdIwQY\nMBaAFIeBsKCQ8SWeJS6JPxVpSm5Zwg5ZMBoGA1UdEQQTMBGCD2lwLTEwLTAtMTY4\nLTI0NzBbBggqAwQFBgcIAQRPeyJhdHRycyI6eyJoZi5BZmZpbGlhdGlvbiI6IlNE\nTCIsImhmLkVucm9sbG1lbnRJRCI6ImFkbWluIiwiaGYuVHlwZSI6ImNsaWVudCJ9\nfTAKBggqhkjOPQQDAgNIADBFAiEAvf+z1GDS9roj1XcH4yMwyJKaYpxeQK/4YTul\nu7CVX2ECIFfQvMj5lBQZUH6/C1B0T1p+5IYtukpcKf9rS4n6k1hE\n-----END CERTIFICATE-----\n"
]
},
"httpOptions": {
"verify": false
}
}
}
}
The client application runing result:
D 2023-03-27T19:33:27.851Z | subchannel | (2) 10.0.138.232:30003 creating HTTP/2 session
D 2023-03-27T19:33:27.857Z | subchannel | (2) 10.0.138.232:30003 connection closed with error unable to verify the first certificate
D 2023-03-27T19:33:27.857Z | subchannel | (2) 10.0.138.232:30003 connection closed
D 2023-03-27T19:33:27.857Z | subchannel | (2) 10.0.138.232:30003 CONNECTING -> TRANSIENT_FAILURE
D 2023-03-27T19:33:27.858Z | pick_first | CONNECTING -> TRANSIENT_FAILURE
D 2023-03-27T19:33:27.858Z | resolving_load_balancer | dns:nd-wup4jgvqsvhwharbvdpg6yvr3y.m-bz5qr6rhcveqxfjyjfrtaioe5e.n-j2ib55zmyree5fieloktt3ttim.managedblockchain.ap-northeast-1.amazonaws.com:30003 CONNECTING -> TRANSIENT_FAILURE
D 2023-03-27T19:33:27.858Z | connectivity_state | (1) dns:nd-wup4jgvqsvhwharbvdpg6yvr3y.m-bz5qr6rhcveqxfjyjfrtaioe5e.n-j2ib55zmyree5fieloktt3ttim.managedblockchain.ap-northeast-1.amazonaws.com:30003 CONNECTING -> TRANSIENT_FAILURE
2023-03-27T19:33:29.830Z - error: [ServiceEndpoint]: Error: Failed to connect before the deadline on Endorser- name: peer0.org.SDL.aws.com, url:grpcs://nd-wup4jgvqsvhwharbvdpg6yvr3y.m-bz5qr6rhcveqxfjyjfrtaioe5e.n-j2ib55zmyree5fieloktt3ttim.managedblockchain.ap-northeast-1.amazonaws.com:30003, connected:false, connectAttempted:true
2023-03-27T19:33:29.831Z - error: [ServiceEndpoint]: waitForReady - Failed to connect to remote gRPC server peer0.org.SDL.aws.com url:grpcs://nd-wup4jgvqsvhwharbvdpg6yvr3y.m-bz5qr6rhcveqxfjyjfrtaioe5e.n-j2ib55zmyree5fieloktt3ttim.managedblockchain.ap-northeast-1.amazonaws.com:30003 timeout:3000
2023-03-27T19:33:29.832Z - info: [NetworkConfig]: buildPeer - Unable to connect to the endorser peer0.org.SDL.aws.com due to Error: Failed to connect before the deadline on Endorser- name: peer0.org.SDL.aws.com, url:grpcs://nd-wup4jgvqsvhwharbvdpg6yvr3y.m-bz5qr6rhcveqxfjyjfrtaioe5e.n-j2ib55zmyree5fieloktt3ttim.managedblockchain.ap-northeast-1.amazonaws.com:30003, connected:false, connectAttempted:true
at checkState (/home/ubuntu/AMBS/cli-typescript/node_modules/@grpc/grpc-js/build/src/client.js:77:26)
at Timeout._onTimeout (/home/ubuntu/AMBS/cli-typescript/node_modules/@grpc/grpc-js/build/src/channel.js:525:17)
at listOnTimeout (node:internal/timers:559:17)
at processTimers (node:internal/timers:502:7) {
connectFailed: true
}
D 2023-03-27T19:33:31.029Z | subchannel | (2) 10.0.138.232:30003 TRANSIENT_FAILURE -> CONNECTING
D 2023-03-27T19:33:31.030Z | pick_first | TRANSIENT_FAILURE -> CONNECTING
D 2023-03-27T19:33:31.030Z | resolving_load_balancer | dns:nd-wup4jgvqsvhwharbvdpg6yvr3y.m-bz5qr6rhcveqxfjyjfrtaioe5e.n-j2ib55zmyree5fieloktt3ttim.managedblockchain.ap-northeast-1.amazonaws.com:30003 TRANSIENT_FAILURE -> CONNECTING
D 2023-03-27T19:33:31.030Z | connectivity_state | (1) dns:nd-wup4jgvqsvhwharbvdpg6yvr3y.m-bz5qr6rhcveqxfjyjfrtaioe5e.n-j2ib55zmyree5fieloktt3ttim.managedblockchain.ap-northeast-1.amazonaws.com:30003 TRANSIENT_FAILURE -> CONNECTING
It seams that 10.0.138.232:30003 connection closed with error unable to verify the first certificate cause the error.
Maybe I use the wrong certificate files for peer and peer ca,
Please tell me what's wrong I made and Where are the correct certificate files location?
Thanks.
Can you try using the managedblockchain-tls-chain.pem in the tlsCAcerts for both the cert authority and the peer?