4

I'm trying to start my HLF network in K8s. When setting everything up on ordered startup I'm getting the following error:

Main -> PANI 005 Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set
panic: Failed validating bootstrap block: initializing channelconfig failed: could not create channel Consortiums sub-group config: setting up the MSP manager failed: administrators must be declared when no admin ou classification is set

I'm following a similar setup as the test-network from the samples: I have the Fabric-CA generating the certificates & using the NodeOUs:

NodeOUs:
    Enable: true
    ClientOUIdentifier:
      Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
      OrganizationalUnitIdentifier: client
    PeerOUIdentifier:
      Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
      OrganizationalUnitIdentifier: peer
    AdminOUIdentifier:
      Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
      OrganizationalUnitIdentifier: admin
    OrdererOUIdentifier:
      Certificate: cacerts/hlf-ca--amvoxdlt-7054.pem
      OrganizationalUnitIdentifier: orderer

This is the configtx.yaml that I'm using to generate the genesis.block

Orderer: &OrdererDefaults

  # Orderer Type: The orderer implementation to start
  OrdererType: etcdraft

  Addresses:
    - orderer0.amvox-dlt.io:7050

  # Batch Timeout: The amount of time to wait before creating a batch
  BatchTimeout: 3s

  # Batch Size: Controls the number of messages batched into a block
  BatchSize:

    # Max Message Count: The maximum number of messages to permit in a batch
    MaxMessageCount: 500

    # Absolute Max Bytes: The absolute maximum number of bytes allowed for
    # the serialized messages in a batch.
    AbsoluteMaxBytes: 99 MB

    # Preferred Max Bytes: The preferred maximum number of bytes allowed for
    # the serialized messages in a batch. A message larger than the preferred
    # max bytes will result in a batch larger than preferred max bytes.
    PreferredMaxBytes: 512 KB

  EtcdRaft:
    Consenters:
      - Host: orderer0.amvox-dlt.io
        Port: 7050
        ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
        ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt


  # Organizations is the list of orgs which are defined as participants on
  # the orderer side of the network
  Organizations:

  # Policies defines the set of policies at this level of the config tree
  # For Orderer policies, their canonical path is
  #   /Channel/Orderer/<PolicyName>
  Policies:
    Readers:
      Type: ImplicitMeta
      Rule: "ANY Readers"
    Writers:
      Type: ImplicitMeta
      Rule: "ANY Writers"
    Admins:
      Type: ImplicitMeta
      Rule: "MAJORITY Admins"
    # BlockValidation specifies what signatures must be included in the block
    # from the orderer for the peer to validate it.
    BlockValidation:
      Type: ImplicitMeta
      Rule: "ANY Writers"

  # Capabilities describes the orderer level capabilities, see the
  # dedicated Capabilities section elsewhere in this file for a full
  # description
  Capabilities:
    <<: *OrdererCapabilities

################################################################################
#
#   CHANNEL
#
#   This section defines the values to encode into a config transaction or
#   genesis block for channel related parameters.
#
################################################################################
Channel: &ChannelDefaults
  # Policies defines the set of policies at this level of the config tree
  # For Channel policies, their canonical path is
  #   /Channel/<PolicyName>
  Policies:
    # Who may invoke the 'Deliver' API
    Readers:
      Type: ImplicitMeta
      Rule: "ANY Readers"
    # Who may invoke the 'Broadcast' API
    Writers:
      Type: ImplicitMeta
      Rule: "ANY Writers"
    # By default, who may modify elements at this config level
    Admins:
      Type: ImplicitMeta
      Rule: "MAJORITY Admins"

  # Capabilities describes the channel level capabilities, see the
  # dedicated Capabilities section elsewhere in this file for a full
  # description
  Capabilities:
    <<: *ChannelCapabilities

################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

  amvox-channel:
    Consortium: AmvoxConsortium
    <<: *ChannelDefaults
    Application:
      <<: *ApplicationDefaults
      Organizations:
        - *Amvox
        - *Org2
        - *Org3
      Capabilities:
        <<: *ApplicationCapabilities

  OrdererGenesis:
    <<: *ChannelDefaults
    Orderer:
      <<: *OrdererDefaults
      OrdererType: etcdraft
      EtcdRaft:
        Consenters:
          - Host: orderer0.amvox-dlt.io
            Port: 7050
            ClientTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
            ServerTLSCert: /hlf_config/crypto-config/ordererOrganizations/amvox-dlt.io/orderers/orderer0.amvox-dlt.io/tls/server.crt
      Addresses:
        - orderer0.amvox-dlt.io:7050

      Organizations:
        - *AmvoxDLT
      Capabilities:
        <<: *OrdererCapabilities

    Application:
      <<: *ApplicationDefaults
      Organizations:
        - <<: *AmvoxDLT

    Consortiums:
      AmvoxConsortium:
        Organizations:
          - *Amvox
          - *Org2
          - *Org3

Anyone has any ideas why ordered can not get started?

Sniady
  • 1,633
  • 1
  • 12
  • 21
  • Could you check if `cacerts/hlf-ca--amvoxdlt-7054.pem` has no typos and matches well? – myeongkil kim Jan 07 '21 at 12:42
  • everything is there. No typo ;/ – Sniady Jan 08 '21 at 21:38
  • 1
    Did you generate genesis block with **config.yaml already placed** to msp directory? In my case placing config.yaml before generating genesis block is solved same problem. – alvisx Feb 09 '21 at 14:10
  • The config.yaml was there already. The problem was with correctly generating the certs and placing them in the correct folder structure. A hind, that I got was to monitor the genesis.block. ` configtxlator proto_decode --input=/channel-artifacts/genesis.block --type=common.Block ` – Sniady Feb 09 '21 at 22:22
  • The last thing that I found is that I had been enrolling two identities to the same folder (two admins, which was also causing the certs to get mismatched). – Sniady Feb 09 '21 at 22:23

1 Answers1

2

When you have node OU enabled, make sure that while providing MSP, it should have config.yaml where all node ou are mentioned The Sample config file is given below.

  NodeOUs:
  Enable: true
  ClientOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1-example-com.pem
    OrganizationalUnitIdentifier: client
  PeerOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1-example-com.pem
    OrganizationalUnitIdentifier: peer
  AdminOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1-example-com.pem
    OrganizationalUnitIdentifier: admin
  OrdererOUIdentifier:
    Certificate: cacerts/localhost-7054-ca-org1-example-com.pem
    OrganizationalUnitIdentifier: orderer
PAVAN
  • 771
  • 4
  • 14