Fabric v2.0 in kubernetes (minikube) - error Peer channel - error validating proposal: access denied: channel [] creator org [Org1MSP]

Question

I am trying to set up the Fabric v2.0 test-network (https://hyperledger-fabric.readthedocs.io/en/release-2.0/test_network.html) on kubernetes (locally on minikube). I have an error whith peer channel join.

I created kubernetes files based on the docker-compose-test-net.yaml of the test-network. I successfully deployed the following pods:

• an orderer (raft)
• 2 peers (peer0-org1-example-com and peer0-org2-example-com)
• a fabric-tools pod.

I successfully generated the crypto material with cryptogen and configtxgen and I successfully created the channel.

But when I try for the first peer to join the channel, I have the following error. Your help would be much appreciated!!

in the fabric-tools pod:

$ peer channel join -b $CHANNEL_NAME.block
2020-02-11 15:57:59.177 CET [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: proposal failed (err: rpc error: code = Unknown desc = error validating proposal: access denied: channel [] creator org [Org1MSP])

what I see in the peer0-org1-example-com pod logs:

instance for cert -----BEGIN CERTIFICATE-----
MIICKjCCAdCgAwIBAgIRAOoNq1h+5Q60dQxXKomXeQ0wCgYIKoZIzj0EAwIwczEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBG
cmFuY2lzY28xGTAXBgNVBAoTEG9yZzEtZXhhbXBsZS1jb20xHDAaBgNVBAMTE2Nh
Lm9yZzEtZXhhbXBsZS1jb20wHhcNMjAwMjExMTQ0OTAwWhcNMzAwMjA4MTQ0OTAw
WjBrMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN
U2FuIEZyYW5jaXNjbzEOMAwGA1UECxMFYWRtaW4xHzAdBgNVBAMMFkFkbWluQG9y
ZzEtZXhhbXBsZS1jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASW4Gce7yTD
oxA8CurdKrIRIG+o4To9MLfsys6AF67SWQfpa6H2GtKd9rglAseEFaAIPshb9M0J
tD1e8Q/m88ppo00wSzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADArBgNV
HSMEJDAigCBSssprjgYyOPgdSIea4BLt8+8o0ISgVKxaIPHm/L5LTDAKBggqhkjO
PQQDAgNIADBFAiEAodJpGaOCX1hBse/un1SuLr97Y3vXiHOn/ncy1uwgt6MCIA7N
I7QfotnWGi2Rr5bRom5bWTup//IJI2ObsKx6SOfA
-----END CERTIFICATE-----
[33m2020-02-11 15:57:59.180 CET [endorser] Validate -> WARN 294[0m access denied: channel the supplied identity is not valid: x509: certificate signed by unknown authority channel= txID=bf62e100
[34m2020-02-11 15:57:59.180 CET [comm.grpc.server] 1 -> INFO 295[0m unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.17.0.6:50230 error="error validating proposal: access denied: channel [] creator org [Org1MSP]" grpc.code=Unknown grpc.call_duration=916.68µs
[36m2020-02-11 15:57:59.182 CET [grpc] infof -> DEBU 296[0m transport: loopyWriter.run returning. connection error: desc = "transport is closing"
[36m2020-02-11 15:58:00.791 CET [gossip.discovery] periodicalReconnectToDead -> DEBU 297[0m

I understand that it seems to be an issue with the certificate, but I cannot understand where is the mistake.

Those are the env variables I set before creating and trying to join the channel. I have a feeling my problem must be coming from somewhere there?

export CORE_PEER_TLS_ENABLED=true
export DIR_CRYPTO_MATERIAL="/fabric/crypto-config"
export CHANNEL_NAME=mychannel

export ORDERER_CA=$DIR_CRYPTO_MATERIAL/ordererOrganizations/example-com/orderers/orderer-example-com/msp/tlscacerts/tlsca.example-com-cert.pem
export PEER0_ORG1_CA=$DIR_CRYPTO_MATERIAL/peerOrganizations/org1-example-com/peers/peer0-org1-example-com/tls/ca.crt
export PEER0_ORG2_CA=$DIR_CRYPTO_MATERIAL/peerOrganizations/org2-example-com/peers/peer0-org2-example-com/tls/ca.crt

export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_MSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=$PEER0_ORG1_CA
export CORE_PEER_TLS_CERT_FILE=$DIR_CRYPTO_MATERIAL/peerOrganizations/org1-example-com/peers/peer0-org1-example-com/tls/server.crt
export CORE_PEER_TLS_KEY_FILE=$DIR_CRYPTO_MATERIAL/peerOrganizations/org1-example-com/peers/peer0-org1-example-com/tls/server.key
export CORE_PEER_MSPCONFIGPATH=$DIR_CRYPTO_MATERIAL/peerOrganizations/org1-example-com/users/Admin@org1-example-com/msp
export CORE_PEER_ADDRESS=peer0-org1-example-com:7051

export FABRIC_CFG_PATH="/etc/hyperledger/fabric"

export CORE_PEER_ADDRESSAUTODETECT="true"

Thank you very much!

Answer 1

I fixed my issue!

I was missing CORE_PEER_MSPCONFIGPATH in the env in the yaml files for the deployment of peers.

Just adding this allowed me to successfully join the channel.

- name: CORE_PEER_MSPCONFIGPATH
  value: /fabric/crypto-config/peerOrganizations/org1-example-com/peers/peer0-org1-example-com/msp/

Answer 2

This is generally caused by bad environment peer configuration. for example using bad

export CORE_PEER_LOCALMSPID="Org1MSP" // instead of org1MSP

generally the peer log should give you a hint

access denied: channel expected MSP ID org1MSP, received Org1MSP channel= txID=de2e9354

Answer 3

I got the solution for people that do not have the environment variables as the error In my case it was the port mapping of the docker peer port and the host port. Make sure that all the ports are attached properly in the setGlobal() function in the scripts folder to whatever is mapped to the host on the docker compose file

I was able to fix my error this way