1

I downloaded and installed and started the fabcar example on a VM on Azure. By following the tutorial enrollAdmin, registerUser and invoke work when I execute it on the VM itself. However when I try to execute invoke on my local machine (copied the generated conenction profile and replaced localhost with the vm's domain) and try to connect to the network I get the error: 

2020-02-05T13:45:37.287Z - error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://peer1.org2.example.com:10051 timeout:3000
2020-02-05T13:45:37.291Z - warn: [DiscoveryEndorsementHandler]: _build_endorse_group_member >> G1:1 - endorsement failed - Error: Failed to connect before the deadline URL:grpcs://peer1.org2.example.com:10051 timeout:3000
2020-02-05T13:45:37.301Z - error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://peer0.org1.example.com:7051 timeout:3000
2020-02-05T13:45:37.305Z - warn: [DiscoveryEndorsementHandler]: _build_endorse_group_member >> G0:0 - endorsement failed - Error: Failed to connect before the deadline URL:grpcs://peer0.org1.example.com:7051 timeout:3000
2020-02-05T13:45:40.301Z - error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://peer0.org2.example.com:9051 timeout:3000
2020-02-05T13:45:40.304Z - warn: [DiscoveryEndorsementHandler]: _build_endorse_group_member >> G1:1 - endorsement failed - Error: Failed to connect before the deadline URL:grpcs://peer0.org2.example.com:9051 timeout:3000
2020-02-05T13:45:40.338Z - error: [Remote.js]: Error: Failed to connect before the deadline URL:grpcs://peer1.org1.example.com:8051 timeout:3000
2020-02-05T13:45:40.341Z - warn: [DiscoveryEndorsementHandler]: _build_endorse_group_member >> G0:0 - endorsement failed - Error: Failed to connect before the deadline URL:grpcs://peer1.org1.example.com:8051 timeout:3000
2020-02-05T13:45:40.368Z - error: [DiscoveryEndorsementHandler]: _endorse - endorsement failed::Error: Endorsement has failed

And the log on the peer0.org1 is:

2020-02-05 13:45:40.389 UTC [grpc] warningf -> DEBU 0f0 transport: http2Server.HandleStreams failed to read frame: read tcp 172.25.0.13:7051->88.217.234.75:62583: read: connection reset by peer
2020-02-05 13:45:40.390 UTC [grpc] infof -> DEBU 0f1 transport: loopyWriter.run returning. connection error: desc = "transport is closing"

I made sure that all the ports are open (configured in Azure) and disabled the ufw.

So what am I missing? Is there any tutorial on how to set up a production network which does not rely on the examples, because those always rely on the fact that everything happens locally or in the docker network?

[edit]

Connection profile:

    "name": "first-network-org1",
    "version": "1.0.0",
    "client": {
        "organization": "Org1",
        "connection": {
            "timeout": {
                "peer": {
                    "endorser": "3000"
                }
            }
        }
    },
    "organizations": {
        "Org1": {
            "mspid": "Org1MSP",
            "peers": [
                "peer0.org1.example.com",
                "peer1.org1.example.com"
            ],
            "certificateAuthorities": [
                "ca.org1.example.com"
            ]
        }
    },
    "peers": {
        "peer0.org1.example.com": {
            "url": "grpc://host.westeurope.cloudapp.azure.com:7051",
            "grpcOptions": {
                "hostnameOverride": "peer0.org1.example.com",
                "request-timeout": 120001
            }
        },
        "peer1.org1.example.com": {
            "url": "grpc://host.westeurope.cloudapp.azure.com:8051",
            "grpcOptions": {
                "hostnameOverride": "peer1.org1.example.com",
                "request-timeout": 120001
            }
        }
    },
    "certificateAuthorities": {
        "ca.org1.example.com": {
            "url": "http://host.westeurope.cloudapp.azure.com:7054",
            "caName": "ca-org1",
            "tlsCACerts": {
                "pem": "-----BEGIN CERTIFICATE-----\nMIICUDCCAfegAwIBAgIQK3F95KrKLaFAQc2FxbmA/DAKBggqhkjOPQQDAjBzMQsw\nCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNU2FuIEZy\nYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eu\nb3JnMS5leGFtcGxlLmNvbTAeFw0yMDAyMDcwOTM0MDBaFw0zMDAyMDQwOTM0MDBa\nMHMxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1T\nYW4gRnJhbmNpc2NvMRkwFwYDVQQKExBvcmcxLmV4YW1wbGUuY29tMRwwGgYDVQQD\nExNjYS5vcmcxLmV4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE\nj9KqxqKh7hIjDJJcV1qqBPj3KRXJjW6tAcIw/5gNwCcIqe2PyAQdPZsAJdOmFca5\nrtYcjrUgh9lAdLDKY0/qh6NtMGswDgYDVR0PAQH/BAQDAgGmMB0GA1UdJQQWMBQG\nCCsGAQUFBwMCBggrBgEFBQcDATAPBgNVHRMBAf8EBTADAQH/MCkGA1UdDgQiBCAA\nsJtyWNpuNWlzwdO6dPm4NcjY0vLK1+bNZ/1DmVA0+zAKBggqhkjOPQQDAgNHADBE\nAiAUm1qU7haU9mvHUL7XjyTrQGBgA4fXVuSFvAPAQUlX0QIgPQMvlC3DpW10Xwl0\nCZahvAgVnx4PjbPU4gxr9sRyDUE=\n-----END CERTIFICATE-----\n"
            },
            "httpOptions": {
                "verify": false
            }
        }
    }
}

The docker-compose-files are from the sample which you can find here

Connection profile for java client: 

---
name: first-network-org1
version: 1.0.0
client:
  organization: Org1
  connection:
    timeout:
      peer:
        endorser: '300'
organizations:
  Org1:
    mspid: Org1MSP
    peers:
    - peer0.org1.example.com
    - peer1.org1.example.com
    certificateAuthorities:
    - ca.org1.example.com
peers:
  peer0.org1.example.com:
    url: grpc://host.westeurope.cloudapp.azure.com:7051
    grpcOptions:
      hostnameOverride: peer0.org1.example.com
  peer1.org1.example.com:
    url: grpc://host.westeurope.cloudapp.azure.com:8051
    grpcOptions:
      hostnameOverride: peer1.org1.example.com
certificateAuthorities:
  ca.org1.example.com:
    url: http://host.westeurope.cloudapp.azure.com:7054
    caName: ca-org1
    tlsCACerts:
      pem: |
        -----BEGIN CERTIFICATE-----
        MIICUTCCAfigAwIBAgIRAOQg6uxnfvgg3yqAMZweQYAwCgYIKoZIzj0EAwIwczEL
        MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
        cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
        Lm9yZzEuZXhhbXBsZS5jb20wHhcNMjAwMjA3MDk1MjAwWhcNMzAwMjA0MDk1MjAw
        WjBzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
        U2FuIEZyYW5jaXNjbzEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UE
        AxMTY2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
        BCy2SE6qr2epo6P+aAH0j5ujopYEN2CzIemCZ+otF1DVuMQXS7eGCSzzuIXnYxS7
        tXD8LCUgWBoAmC1bw9EzvUqjbTBrMA4GA1UdDwEB/wQEAwIBpjAdBgNVHSUEFjAU
        BggrBgEFBQcDAgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zApBgNVHQ4EIgQg
        Dh/n8cBOMOCgmnwLHdmym+lVomH2IeCPb9mrBR7QM7IwCgYIKoZIzj0EAwIDRwAw
        RAIgWyr53EneGSvlRyiMR+OMeGY3S2Mli7i1kfUTdLMsVC8CIBJh06he30d6DrKS
        c/XSsRmtOxLIo+SCyebzBzVnqaYL
        -----END CERTIFICATE-----

    httpOptions:
      verify: false
kegesch
  • 61
  • 5
  • Can you post your connection profile for the SDK and docker.compose files? – Riki95 Feb 07 '20 at 08:36
  • @RicNtt I updated the question with the connection profile. – kegesch Feb 12 '20 at 12:03
  • if you ping for example the peer with curl or wget at host.westeurope.cloudapp.azure.com:7051, what is the output? are you getting a binary or the connection fails? – Riki95 Feb 12 '20 at 12:42
  • @RicNtt I get a binary. I changed the connection profile to connect without TLS (also configured that in the docker-compose files). Interesting thing is, actually it works if try it with the Java SDK / example (see connection profile YAML). – kegesch Feb 12 '20 at 13:32
  • you are probably using wrong certificates. Please try to remove PEM and use path instead, providing path of the certificate. Also, if you enable TLS you must provide tls certs for peers and orderers too – Riki95 Feb 12 '20 at 14:10
  • I thought that too, and that's why I wanted to try it **without** TLS, therefore, there is no need for certificates. – kegesch Feb 12 '20 at 15:52

0 Answers0