TechQA.

Hyperledger validating peer fails to restart

495 views Asked by At

I have a Hyperledger setup consisting of one membership service and one validating peer.

I am able to run the membership service and validating peer using the following commands.

Membership Service:

docker run   --name c_membersrvc   --net mynet   --ip 172.17.0.50   --rm -it -e MEMBERSRVC_CA_ACA_ENABLED=true   hyperledger/fabric-membersrvc   membersrvc

Validating Peer:

docker run   --name c_vp0   --net mynet --ip 172.17.0.100 -p 172.17.0.1:7050:7050 -p 172.17.0.1:7053:7053   --rm -it   -v /var/run/docker.sock:/var/run/docker.sock -e CORE_VM_ENDPOINT=unix:///var/run/docker.sock   -e CORE_PEER_ID=vp0   -e CORE_PEER_ADDRESSAUTODETECT=true   -e CORE_PEER_VALIDATOR_CONSENSUS_PLUGIN=noop   -e CORE_LOGGING_LEVEL=ERROR   -e CORE_SECURITY_ENABLED=true   -e CORE_SECURITY_PRIVACY=true   -e CORE_PEER_PKI_ECA_PADDR=172.17.0.50:7054   -e CORE_PEER_PKI_TCA_PADDR=172.17.0.50:7054   -e CORE_PEER_PKI_TLSCA_PADDR=172.17.0.50:7054   -e CORE_SECURITY_ENROLLID=test_vp0   -e CORE_SECURITY_ENROLLSECRET=MwYpmSRjupbT   hyperledger/fabric-peer   peer node start

However, when I stop the validating peer and restart it using the same command as indicated above, I encounter the following error:

Error: rpc error: code = 2 desc = Identity or token does not match.

I am able to restart the validating peer successfully if I restart the membership service first. In an actual deployment, I don't think my approach of restarting the membership service every time a validating peer needs to restart is practical.

Is there another way to successfully restart a validating peer without the need to restart the membership service?

I saw a similar post on the error Identity or token does not match but this is due to a user/client logging-in through a validating peer. The proposed solution is to use the Node.js SDK to register/enroll clients. I am not sure if the same solution is applicable for the validating peer restart issue.

hyperledger
Original Q&A
1

There are 1 answers

2
Sergey Balashevich On

When VP is started for the first time it:

  1. Reads enrollID and enrollSecret from core.yaml
  2. Sends these credentials to the Membership service and receives Enrolment certificate as a response.
  3. Saves enrolment certificate in /var/hyperledger/prodution/... folder

When you try to restart VP, docker creates new container with empty /var/hyperledger/prodution/... folder. VP tries to generate new Enrloment certificate using the same credentials, but Membership service will decline this request with Identity or token does not match. error message. That happens because just one Enrolment certificate per account can be generated.

In case when membership service is restarted - it starts from scratch and has no information about previous enrolments, as a result next enrolment request will be accepted.

As an option, you can save certificate outside of container. Just map any folder from your host system to /var/hyperledger/prodution/... in container.

Related Questions in HYPERLEDGER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions