Authentication failed

[kangkang333]

1. In test-network of version 2.4, I add two peers, that is peer1.org1.example.com and peer1.org2.example.com
2. I modify the following files

• docker-compose-test-net.yaml

version: '3.7' services: peer0.org1.example.com: container_name: peer0.org1.example.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric environment:

Generic peer variables

  - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
  - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
volumes:
  - ./docker/peercfg:/etc/hyperledger/peercfg
  - ${DOCKER_SOCK}:/host/var/run/docker.sock

peer1.org1.example.com: container_name: peer1.org1.example.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric environment:

Generic peer variables

  - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
  - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
volumes:
  - ./docker/peercfg:/etc/hyperledger/peercfg
  - ${DOCKER_SOCK}:/host/var/run/docker.sock

peer0.org2.example.com: container_name: peer0.org2.example.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric environment:

Generic peer variables

  - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
  - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
volumes:
  - ./docker/peercfg:/etc/hyperledger/peercfg
  - ${DOCKER_SOCK}:/host/var/run/docker.sock

peer1.org2.example.com: container_name: peer1.org2.example.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric environment:

Generic peer variables

  - CORE_VM_ENDPOINT=unix:///host/var/run/docker.sock
  - CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=fabric_test
volumes:
  - ./docker/peercfg:/etc/hyperledger/peercfg
  - ${DOCKER_SOCK}:/host/var/run/docker.sock

cli: container_name: cli image: hyperledger/fabric-tools:latest volumes:

• ./docker/peercfg:/etc/hyperledger/peercfg

• compose-test-net.yaml

version: '3.7'

volumes: orderer.example.com: peer0.org1.example.com: peer1.org1.example.com: peer0.org2.example.com: peer1.org2.example.com:

networks: test: name: fabric_test

services:

orderer.example.com: container_name: orderer.example.com image: hyperledger/fabric-orderer:latest labels: service: hyperledger-fabric environment:

• FABRIC_LOGGING_SPEC=INFO
• ORDERER_GENERAL_LISTENADDRESS=0.0.0.0
• ORDERER_GENERAL_LISTENPORT=7050
• ORDERER_GENERAL_LOCALMSPID=OrdererMSP
• ORDERER_GENERAL_LOCALMSPDIR=/var/hyperledger/orderer/msp

  enabled TLS

• ORDERER_GENERAL_TLS_ENABLED=true
• ORDERER_GENERAL_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
• ORDERER_GENERAL_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
• ORDERER_GENERAL_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
• ORDERER_GENERAL_CLUSTER_CLIENTCERTIFICATE=/var/hyperledger/orderer/tls/server.crt
• ORDERER_GENERAL_CLUSTER_CLIENTPRIVATEKEY=/var/hyperledger/orderer/tls/server.key
• ORDERER_GENERAL_CLUSTER_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
• ORDERER_GENERAL_BOOTSTRAPMETHOD=none
• ORDERER_CHANNELPARTICIPATION_ENABLED=true
• ORDERER_ADMIN_TLS_ENABLED=true
• ORDERER_ADMIN_TLS_CERTIFICATE=/var/hyperledger/orderer/tls/server.crt
• ORDERER_ADMIN_TLS_PRIVATEKEY=/var/hyperledger/orderer/tls/server.key
• ORDERER_ADMIN_TLS_ROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
• ORDERER_ADMIN_TLS_CLIENTROOTCAS=[/var/hyperledger/orderer/tls/ca.crt]
• ORDERER_ADMIN_LISTENADDRESS=0.0.0.0:7053
• ORDERER_OPERATIONS_LISTENADDRESS=orderer.example.com:9443
• ORDERER_METRICS_PROVIDER=prometheus working_dir: /root command: orderer volumes:
  • ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp:/var/hyperledger/orderer/msp
  • ../organizations/ordererOrganizations/example.com/orderers/orderer.example.com/tls/:/var/hyperledger/orderer/tls
  • orderer.example.com:/var/hyperledger/production/orderer ports:
• 7050:7050
• 7053:7053
• 9443:9443 networks:

• test

  peer0.org1.example.com: container_name: peer0.org1.example.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric environment:

• FABRIC_CFG_PATH=/etc/hyperledger/peercfg
• FABRIC_LOGGING_SPEC=INFO

  - FABRIC_LOGGING_SPEC=DEBUG

• CORE_PEER_TLS_ENABLED=true
• CORE_PEER_PROFILE_ENABLED=false
• CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
• CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
• CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt

  Peer specific variables

• CORE_PEER_ID=peer0.org1.example.com
• CORE_PEER_ADDRESS=peer0.org1.example.com:7051
• CORE_PEER_LISTENADDRESS=0.0.0.0:7051
• CORE_PEER_CHAINCODEADDRESS=peer0.org1.example.com:7052
• CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:7052
• CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
• CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org1.example.com:7051
• CORE_PEER_LOCALMSPID=Org1MSP
• CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
• CORE_OPERATIONS_LISTENADDRESS=peer0.org1.example.com:9444
• CORE_METRICS_PROVIDER=prometheus
• CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org1"}
• CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes:
  • ../organizations/peerOrganizations/org1.example.com/peers/peer0.org1.example.com:/etc/hyperledger/fabric
  • peer0.org1.example.com:/var/hyperledger/production working_dir: /root command: peer node start ports:
• 7051:7051
• 9444:9444 networks:

• test

  peer1.org1.example.com: container_name: peer1.org1.example.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric environment:

• FABRIC_CFG_PATH=/etc/hyperledger/peercfg
• FABRIC_LOGGING_SPEC=INFO

  - FABRIC_LOGGING_SPEC=DEBUG

• CORE_PEER_TLS_ENABLED=true
• CORE_PEER_PROFILE_ENABLED=false
• CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
• CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
• CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt

  Peer specific variables

• CORE_PEER_ID=peer1.org1.example.com
• CORE_PEER_ADDRESS=peer1.org1.example.com:5051
• CORE_PEER_LISTENADDRESS=0.0.0.0:5051
• CORE_PEER_CHAINCODEADDRESS=peer1.org1.example.com:5052
• CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:5052
• CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org1.example.com:7051
• CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org1.example.com:5051
• CORE_PEER_LOCALMSPID=Org1MSP
• CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
• CORE_OPERATIONS_LISTENADDRESS=peer1.org1.example.com:9446
• CORE_METRICS_PROVIDER=prometheus
• CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer1org1"}
• CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes:
• ../organizations/peerOrganizations/org1.example.com/peers/peer1.org1.example.com:/etc/hyperledger/fabric
• peer1.org1.example.com:/var/hyperledger/production working_dir: /root command: peer node start ports:
• 5051:5051
• 9446:9446 networks:

• test

  peer0.org2.example.com: container_name: peer0.org2.example.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric environment:

• FABRIC_CFG_PATH=/etc/hyperledger/peercfg
• FABRIC_LOGGING_SPEC=INFO

  - FABRIC_LOGGING_SPEC=DEBUG

• CORE_PEER_TLS_ENABLED=true
• CORE_PEER_PROFILE_ENABLED=false
• CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
• CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
• CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt

  Peer specific variables

• CORE_PEER_ID=peer0.org2.example.com
• CORE_PEER_ADDRESS=peer0.org2.example.com:9051
• CORE_PEER_LISTENADDRESS=0.0.0.0:9051
• CORE_PEER_CHAINCODEADDRESS=peer0.org2.example.com:9052
• CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:9052
• CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer0.org2.example.com:9051
• CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051
• CORE_PEER_LOCALMSPID=Org2MSP
• CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
• CORE_OPERATIONS_LISTENADDRESS=peer0.org2.example.com:9445
• CORE_METRICS_PROVIDER=prometheus
• CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer0org2"}
• CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes:
  • ../organizations/peerOrganizations/org2.example.com/peers/peer0.org2.example.com:/etc/hyperledger/fabric
  • peer0.org2.example.com:/var/hyperledger/production working_dir: /root command: peer node start ports:
• 9051:9051
• 9445:9445 networks:

• test

  peer1.org2.example.com: container_name: peer1.org2.example.com image: hyperledger/fabric-peer:latest labels: service: hyperledger-fabric environment:

• FABRIC_CFG_PATH=/etc/hyperledger/peercfg
• FABRIC_LOGGING_SPEC=INFO

  - FABRIC_LOGGING_SPEC=DEBUG

• CORE_PEER_TLS_ENABLED=true
• CORE_PEER_PROFILE_ENABLED=false
• CORE_PEER_TLS_CERT_FILE=/etc/hyperledger/fabric/tls/server.crt
• CORE_PEER_TLS_KEY_FILE=/etc/hyperledger/fabric/tls/server.key
• CORE_PEER_TLS_ROOTCERT_FILE=/etc/hyperledger/fabric/tls/ca.crt

  Peer specific variables

• CORE_PEER_ID=peer1.org2.example.com
• CORE_PEER_ADDRESS=peer1.org2.example.com:6051
• CORE_PEER_LISTENADDRESS=0.0.0.0:6051
• CORE_PEER_CHAINCODEADDRESS=peer1.org2.example.com:6052
• CORE_PEER_CHAINCODELISTENADDRESS=0.0.0.0:6052
• CORE_PEER_GOSSIP_EXTERNALENDPOINT=peer1.org2.example.com:6051
• CORE_PEER_GOSSIP_BOOTSTRAP=peer0.org2.example.com:9051
• CORE_PEER_LOCALMSPID=Org2MSP
• CORE_PEER_MSPCONFIGPATH=/etc/hyperledger/fabric/msp
• CORE_OPERATIONS_LISTENADDRESS=peer1.org2.example.com:9447
• CORE_METRICS_PROVIDER=prometheus
• CHAINCODE_AS_A_SERVICE_BUILDER_CONFIG={"peername":"peer1org2"}
• CORE_CHAINCODE_EXECUTETIMEOUT=300s volumes:
• ../organizations/peerOrganizations/org2.example.com/peers/peer1.org2.example.com:/etc/hyperledger/fabric
• peer1.org2.example.com:/var/hyperledger/production working_dir: /root command: peer node start ports:
• 6051:6051
• 9447:9447 networks:

• test

  cli: container_name: cli image: hyperledger/fabric-tools:latest labels: service: hyperledger-fabric tty: true stdin_open: true environment:

• GOPATH=/opt/gopath
• FABRIC_LOGGING_SPEC=INFO
• FABRIC_CFG_PATH=/etc/hyperledger/peercfg

  - FABRIC_LOGGING_SPEC=DEBUG

  working_dir: /opt/gopath/src/github.com/hyperledger/fabric/peer command: /bin/bash volumes:

  • ../organizations:/opt/gopath/src/github.com/hyperledger/fabric/peer/organizations
  • ../scripts:/opt/gopath/src/github.com/hyperledger/fabric/peer/scripts/ depends_on:
• peer0.org1.example.com
• peer1.org1.example.com
• peer0.org2.example.com
• peer1.org2.example.com networks:
• test

• crypto-config-org1.yaml

PeerOrgs:

• Name: Org1 Domain: org1.example.com EnableNodeOUs: true Template: Count: 2 SANS:
  • localhost Users: Count: 1

• crypto-config-org2.yaml

PeerOrgs:

• Name: Org2 Domain: org2.example.com EnableNodeOUs: true Template: Count: 2 SANS:
  • localhost Users: Count: 1

3. execute the commands ./network.sh down ./network.sh up ./network.sh createChannel

4. peer1.org.example.com and peer1.org2.example.com have some problems: 2024-06-28 09:09:18.185 UTC 00ef ERRO [gossip.comm] GossipStream -> Authentication failed: failed classifying identity: Unable to extract msp.Identity from peer Identity: Peer Identity {"CN":"peer0.org2.example.com","Issuer-CN":"ca.org2.example.com","Issuer-L-ST-C":"[San Francisco]-[]-[US]","Issuer-OU":null,"L-ST-C":"[San Francisco]-[]-[US]","MSP":"Org2MSP","OU":["peer"]} cannot be validated. No MSP found able to do that.

2024-06-28 09:09:20.689 UTC 00f1 ERRO [peer.gossip.mcs] Verify -> Failed getting validated identity from peer identity [Peer Identity {"CN":"peer0.org2.example.com","Issuer-CN":"ca.org2.example.com","Issuer-L-ST-C":"[San Francisco]-[]-[US]","Issuer-OU":null,"L-ST-C":"[San Francisco]-[]-[US]","MSP":"Org2MSP","OU":["peer"]} cannot be validated. No MSP found able to do that.]

2024-06-28 09:09:20.690 UTC 00f2 WARN [gossip.gossip] handleMessage -> Failed validating identity message: Peer Identity {"CN":"peer0.org2.example.com","Issuer-CN":"ca.org2.example.com","Issuer-L-ST-C":"[San Francisco]-[]-[US]","Issuer-OU":null,"L-ST-C":"[San Francisco]-[]-[US]","MSP":"Org2MSP","OU":["peer"]} cannot be validated. No MSP found able to do that. Failed verifying message github.com/hyperledger/fabric/gossip/gossip.(certStore).validateIdentityMsg /go/src/github.com/hyperledger/fabric/gossip/gossip/certstore.go:105 github.com/hyperledger/fabric/gossip/gossip.(certStore).handleMessage /go/src/github.com/hyperledger/fabric/gossip/gossip/certstore.go:77 github.com/hyperledger/fabric/gossip/gossip.(Node).handleMessage /go/src/github.com/hyperledger/fabric/gossip/gossip/gossip_impl.go:399 github.com/hyperledger/fabric/gossip/gossip.(Node).acceptMessages /go/src/github.com/hyperledger/fabric/gossip/gossip/gossip_impl.go:326 runtime.goexit /usr/local/go/src/runtime/asm_amd64.s:1571 github.com/hyperledger/fabric/gossip/gossip.(certStore).handleMessage /go/src/github.com/hyperledger/fabric/gossip/gossip/certstore.go:78 github.com/hyperledger/fabric/gossip/gossip.(Node).handleMessage /go/src/github.com/hyperledger/fabric/gossip/gossip/gossip_impl.go:399 github.com/hyperledger/fabric/gossip/gossip.(*Node).acceptMessages /go/src/github.com/hyperledger/fabric/gossip/gossip/gossip_impl.go:326 runtime.goexit /usr/local/go/src/runtime/asm_amd64.s:1571

[denyeart]

The test-network scripts copy cert files and CA files to the correct places for the original 2 peers, if you simply add new peers in the docker compose file the certificates won't be correct for them. The error means that the CA that issued the certs for these peers is not a CA that is authorized in the channel configuration.

If you want a 4 peer network, take a look at https://github.com/hyperledger/fabric-samples/tree/main/test-network-nano-bash.