I would like to install/download the HLF binaries, without the images and fabric-samples. How do I do that?
This is what I've tried so far:
I've followed the instruction on https://hyperledger-fabric.readthedocs.io/en/release-1.4/install.html, but that also installs the images (which is unwanted).
I've looked into the hlf repository, but the /bin/ directory is absent there and a name-search for 'contigtxgen' and others yielded no results other than it being used inside other scripts in the repo
googled for any mention of binary-only install of hlf, without positive results
Desired result would be a cli command with which I can suppress the installing of images, or something similar.
I am also in the process of setting up fabric without docker images.
This link has helped me a lot. Although it does not show how to set up orderer and node on host machine.
Following is my configuration and steps that I followed to run orderer and peer on host machine(make sure you have installed all the prerequisites for hyperledger fabric):-
First clone the fabric repository and run make.
git clone https://github.com/hyperledger/fabric.git
//cd into fabric folder and run
make release
The above will generate binaries in release folder for your host machine.
fabric
|
-- release
|
-- linux-amd64
|
-- bin
Copy this bin folder and into new folder mynetwork and create the following configuration files.
mynetwork
|
-- bin
-- crypto-config.yaml
-- configtx.yaml
-- order.yaml
-- core.yaml
Following are the configurations that I am using.
crypto-config.yaml
OrdererOrgs:
- Name: Orderer
Domain: example.com
Specs:
- Hostname: orderer
SANS:
- "localhost"
- "127.0.0.1"
PeerOrgs:
- Name: Org1
Domain: org1.example.com
EnableNodeOUs: true
Template:
Count: 1
SANS:
- "localhost"
- "127.0.0.1"
Users:
Count: 1
Next open terminal(lets call it terminal-1) and cd into mynetwork folder and run the cryptogen to generate the assets and keys.
./bin/cryptogen generate --config=./crypto-config.yaml
The above will create crypto-config folder in mynetwork containing all the network assets, in this case for ordererOrganization and peerOrganization.
mynetwork
|
-- crypto-config
|
-- ordererOrganizations
-- peerOrganizations
Next you need to create configtx.yaml
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: crypto-config/ordererOrganizations/example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Writers:
Type: Signature
Rule: "OR('OrdererMSP.member')"
Admins:
Type: Signature
Rule: "OR('OrdererMSP.admin')"
- &Org1
Name: Org1MSP
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
Policies:
Readers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.peer', 'Org1MSP.client')"
Writers:
Type: Signature
Rule: "OR('Org1MSP.admin', 'Org1MSP.client')"
Admins:
Type: Signature
Rule: "OR('Org1MSP.admin')"
AnchorPeers:
- Host: 127.0.0.1
Port: 7051
Capabilities:
Channel: &ChannelCapabilities
V1_3: true
Orderer: &OrdererCapabilities
V1_1: true
Application: &ApplicationCapabilities
V1_3: true
V1_2: false
V1_1: false
Application: &ApplicationDefaults
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ApplicationCapabilities
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
BlockValidation:
Type: ImplicitMeta
Rule: "ANY Writers"
Channel: &ChannelDefaults
Policies:
Readers:
Type: ImplicitMeta
Rule: "ANY Readers"
Writers:
Type: ImplicitMeta
Rule: "ANY Writers"
Admins:
Type: ImplicitMeta
Rule: "MAJORITY Admins"
Capabilities:
<<: *ChannelCapabilities
Profiles:
OneOrgOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
OneOrgChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
Capabilities:
<<: *ApplicationCapabilities
Then on terminal-1 run the following few commands in sequence
export FABRIC_CFG_PATH=$PWD
mkdir channel-artifacts
./bin/configtxgen -profile OneOrgOrdererGenesis -channelID myfn-sys-channel -outputBlock ./channel-artifacts/genesis.block
export CHANNEL_NAME=mychannel
./bin/configtxgen -profile OneOrgChannel -outputCreateChannelTx ./channel-artifacts/channel.tx -channelID $CHANNEL_NAME
./bin/configtxgen -profile OneOrgChannel -outputAnchorPeersUpdate ./channel-artifacts/Org1MSPanchors.tx -channelID $CHANNEL_NAME -asOrg Org1MSP
Next create orderer.yaml, and change the certificate paths according to your host and folder location.
General:
LedgerType: file
ListenAddress: 127.0.0.1
ListenPort: 7050
TLS:
Enabled: true
PrivateKey: /home/fabric-release/mynetwork/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
Certificate: /home/fabric-release/mynetwork/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
RootCAs:
- /home/fabric-release/mynetwork/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/ca.crt
ClientAuthRequired: false
Keepalive:
ServerMinInterval: 60s
ServerInterval: 7200s
ServerTimeout: 20s
GenesisMethod: file
GenesisProfile: OneOrgOrdererGenesis
GenesisFile: channel-artifacts/genesis.block
LocalMSPDIR: /home/fabric-release/mynetwork/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp
LocalMSPID: OrdererMSP
Authentication:
TimeWindow: 15m
FileLedger:
Location: /home/fabric-release/data/orderer
Prefix: hyperledger-fabric-ordererledger
Operations:
ListenAddress: 127.0.0.1:8443
TLS:
Enabled: true
Certificate: /home/fabric-release/mynetwork/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
PrivateKey: /home/fabric-release/mynetwork/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.key
ClientAuthRequired: false
ClientRootCAs:
- crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
Start the orderer on terminal-1
./bin/orderer
Next open another terminal(Terminal-2) and go to mynetwork folder. Create core.yaml(similarly you'll need to change the certificate and key path's).
peer:
id: peer1
networkId: myfn
listenAddress: 127.0.0.1:7051
address: 127.0.0.1:7051
addressAutoDetect: false
gomaxprocs: -1
keepalive:
minInterval: 60s
client:
interval: 60s
timeout: 20s
deliveryClient:
interval: 60s
timeout: 20s
gossip:
bootstrap: 127.0.0.1:7051
externalEndpoint: 127.0.0.1:7051
useLeaderElection: true
orgLeader: false
tls:
enabled: true
clientAuthRequired: false
cert:
file: crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.crt
key:
file: crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/server.key
rootcert:
file: crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
clientRootCAs:
file:
- crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
authentication:
timewindow: 15m
fileSystemPath: /home/fabric-release/data
mspConfigPath: /home/fabric-release/mynetwork/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
localMspId: Org1MSP
client:
connTimeout: 3s
deliveryclient:
reconnectTotalTimeThreshold: 3600s
connTimeout: 3s
profile:
enabled: false
listenAddress: 0.0.0.0:6060
handlers:
authFilters:
- name: DefaultAuth
- name: ExpirationCheck
decorators:
- name: DefaultDecorator
endorsers:
escc:
name: DefaultEndorsement
library:
validators:
vscc:
name: DefaultValidation
library:
discovery:
enabled: true
authCacheEnabled: true
authCacheMaxSize: 1000
authCachePurgeRetentionRatio: 0.75
orgMembersAllowedAccess: false
vm:
endpoint: unix:///var/run/docker.sock
docker:
tls:
enabled: false
ca:
file:
cert:
file:
key:
file:
attachStdout: false
hostConfig:
NetworkMode: host
Dns:
# - 192.168.0.1
LogConfig:
Type: json-file
Config:
max-size: "50m"
max-file: "5"
Memory: 2147483648
chaincode:
id:
path:
name:
builder: $(DOCKER_NS)/fabric-ccenv:latest
pull: true
java:
runtime: $(DOCKER_NS)/fabric-javaenv:$(ARCH)-1.4.1
#runtime: $(DOCKER_NS)/fabric-javaenv:$(ARCH)-$(PROJECT_VERSION)
startuptimeout: 300s
executetimeout: 30s
mode: net
keepalive: 0
system:
cscc: enable
lscc: enable
escc: enable
vscc: enable
qscc: enable
logging:
level: info
shim: warning
format: '%{color}%{time:2006-01-02 15:04:05.000 MST} [%{module}] %{shortfunc} -> %{level:.4s} %{id:03x}%{color:reset} %{message}'
ledger:
blockchain:
state:
stateDatabase: goleveldb
totalQueryLimit: 100000
couchDBConfig:
couchDBAddress: 127.0.0.1:5984
username:
password:
maxRetries: 3
maxRetriesOnStartup: 12
requestTimeout: 35s
internalQueryLimit: 1000
maxBatchUpdateSize: 1000
warmIndexesAfterNBlocks: 1
createGlobalChangesDB: false
history:
enableHistoryDatabase: true
Start the peer node on terminal-2
./bin/peer node start
Next open another terminal(Terminal-3) and go to mynetwork folder. Run the following commands in sequence.
export CORE_PEER_MSPCONFIGPATH=/home/fabric-release/mynetwork/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp
export CORE_PEER_ADDRESS=127.0.0.1:7051
export CORE_PEER_LOCALMSPID="Org1MSP"
export CORE_PEER_TLS_ROOTCERT_FILE=/home/fabric-release/mynetwork/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CHANNEL_NAME=mychannel
Create channel
/bin/peer channel create -o 127.0.0.1:7050 -c $CHANNEL_NAME -f ./channel-artifacts/channel.tx --tls --cafile /home/fabric-release/mynetwork/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
Join the channel
./bin/peer channel join -b mychannel.block
If you made it this far, your network is up and you can start installing chaincodes. I am still in the processes of experimenting chaincodes. However, I Hope this helps.
If you download this script (and set execute permission):
https://raw.githubusercontent.com/hyperledger/fabric/master/scripts/bootstrap.sh
Then run the script with -h you will see the options to suppress download of Binaries or Docker Images.
Related
I am trying to deploy elasticsearch and kibana to kubernetes using this chart and getting this error inside the kibana container, therefore ingress returns 503 error and container is never ready.
Error:
[2022-11-08T12:30:53.321+00:00][ERROR][elasticsearch-service] Unable to retrieve version information from Elasticsearch nodes. socket hang up - Local: 10.112.130.148:42748, Remote: 10.96.237.95:9200
Ip adress 10.96.237.95 is a valid elasticsearch service address, and port is right.
When i am doing curl to elasticsearch from inside the kibana container, it successfully returns a response.
Am i missing something in my configurations?
Chart version: 7.17.3
Values for elasticsearch chart:
clusterName: "elasticsearch"
nodeGroup: "master"
createCert: false
roles:
master: "true"
data: "true"
ingest: "true"
ml: "true"
transform: "true"
remote_cluster_client: "true"
protocol: https
replicas: 2
sysctlVmMaxMapCount: 262144
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 90
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
imageTag: "7.17.3"
extraEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: elasticsearch-creds
key: password
- name: ELASTIC_USERNAME
valueFrom:
secretKeyRef:
name: elasticsearch-creds
key: username
clusterHealthCheckParams: "wait_for_status=green&timeout=20s"
antiAffinity: "soft"
resources:
requests:
cpu: "100m"
memory: "1Gi"
limits:
cpu: "1000m"
memory: "1Gi"
esJavaOpts: "-Xms512m -Xmx512m"
volumeClaimTemplate:
accessModes: ["ReadWriteOnce"]
resources:
requests:
storage: 30Gi
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates
path: /usr/share/elasticsearch/config/certs
Values for kibana chart:
elasticSearchHosts: "https://elasticsearch-master:9200"
extraEnvs:
- name: ELASTICSEARCH_USERNAME
valueFrom:
secretKeyRef:
name: elasticsearch-creds
key: username
- name: ELASTICSEARCH_PASSWORD
valueFrom:
secretKeyRef:
name: elasticsearch-creds
key: password
- name: KIBANA_ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: encryption-key
key: encryption_key
kibanaConfig:
kibana.yml: |
server.ssl:
enabled: true
key: /usr/share/kibana/config/certs/elastic-certificate.pem
certificate: /usr/share/kibana/config/certs/elastic-certificate.pem
xpack.security.encryptionKey: ${KIBANA_ENCRYPTION_KEY}
elasticsearch.ssl:
certificateAuthorities: /usr/share/kibana/config/certs/elastic-certificate.pem
verificationMode: certificate
protocol: https
secretMounts:
- name: elastic-certificate-pem
secretName: elastic-certificate-pem
path: /usr/share/kibana/config/certs
imageTag: "7.17.3"
ingress:
enabled: true
ingressClassName: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-issuer
kubernetes.io/ingress.allow-http: 'false'
paths:
- path: /
pathType: Prefix
backend:
serviceName: kibana
servicePort: 5601
hosts:
- host: mydomain.com
paths:
- path: /
pathType: Prefix
backend:
serviceName: kibana
servicePort: 5601
tls:
- hosts:
- mydomain.com
secretName: mydomain.com
UPD: tried it with other image version (8.4.1), nothing has changed, i am getting the same error. By the way, logstash is successfully shipping logs to this elasticsearch instance, so i think problem is in kibana.
Figured it out. It was a complete pain in the ass. I hope these tips will help others:
xpack.security.http.ssl.enabled should be set to false. I can't find another way around it, but if you do i'd be glad to hear any advices. As i see it, you don't need security for http layer since kibana connects to elastic via transport layer (correct me if i am wrong). Therefore xpack.security.transport.ssl.enabled should be still set to true, but xpack.security.http.ssl.enabled should be set to false. (don't forget to change your protocol field for readinessProbe to http, and also change protocol for elasticsearch in kibana chart to http.
ELASTIC_USERNAME env variable is pointless in elasticsearch chart, only password is used, user is always elastic
ELASTICSEARCH_USERNAME in kibana chart should be actually set to kibana_systems user with according password for that user
You need to provide the self signed CA for Elasticsearch to Kibana in kibana.yml
elasticsearch.ssl.certificateAuthorities: "/path/cert.ca"
You can test by setting
elasticsearch.ssl.verificationMode: "none"
But that is not recommended for production.
I am trying to install Elasticsearch using Helm using a 3 nodes setup (2 master, 1 replica). But I am not able to make it work
This is my config file values.yml:
clusterName: "my-cluster"
nodeGroup: "master"
roles:
master: "true"
ingest: "true"
data: "true"
esJavaOpts: "-Xmx1024m -Xms1024m"
resources:
requests:
cpu: "100m"
memory: "1024M"
limits:
cpu: "1000m"
memory: "1500M"
volumeClaimTemplate:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10G
protocol: https
esConfig:
elasticsearch.yml: |
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12
xpack.security.authc.anonymous.username: anonymous_user
xpack.security.authc.anonymous.roles: my_anonymous_user
xpack.security.authc.anonymous.authz_exception: true
roles.yml: |
my_anonymous_user:
indices:
- names: [ 'my_index' ]
privileges: [ 'read' ]
my_text_file.txt: |
extraEnvs:
- name: ELASTIC_USERNAME
valueFrom:
secretKeyRef:
name: elastic-credentials
key: username
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: elastic-credentials
key: password
secretMounts:
- name: elastic-certificates
secretName: elastic-certificates
path: /usr/share/elasticsearch/config/certs
and I use the following Helm commands to install the chart:
helm repo add elastic https://helm.elastic.co
helm install -f values.yml elasticsearch --version 7.13 elastic/elasticsearch
How can I make it work with 3 nodes and how can I create valid production certificates for each of them?
I have a YAML Cloudformation script which launches a single EC2 instance and runs some UserData upon startup.
I am using ami-0727f3c2d4b0226d5, a standard Ubuntu 18:04 LTS server.
Everything works fine provided the UserData is simple, eg -
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -ex
echo "Hello World EC2!"
which gives me the following in the EC2 system log -
[[0;32m OK [0m] Started Apply the settings specified in cloud-config.
Starting Execute cloud user/final scripts...
[ 21.827930] cloud-init[1307]: + echo 'Hello World EC2!'
[ 21.832906] cloud-init[1307]: Hello World EC2!
but if I extend the UserData for some fairly normal- looking Ubuntu commands -
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -ex
apt-get update
apt-get install -y ruby
echo "Hello World EC2!"
then (having torn down the original machine and restarted a new instance from scratch) the UserData process seems to hang with the following messages in the system log -
[ 29.606055] cloud-init[1304]: + apt-get install -y ruby
[ 29.675005] cloud-init[1304]: Reading package lists...
[ 29.828430] cloud-init[1304]: Building dependency tree...
[ 29.836236] cloud-init[1304]: Reading state information...
[ ... ]
[ ... ]
[ ... ]
[ 34.233706] cloud-init[1304]: Checking for services that may need to be restarted...done.
[ 34.254767] cloud-init[1304]: Checking for services that may need to be restarted...done.
[ 34.262182] cloud-init[1304]: Checking init scripts...
ie Checking init scripts ... never returns. Any thoughts on how to debug this situation / find out what is going wrong ?
TIA
[full YAML CF included]
---
AWSTemplateFormatVersion: '2010-09-09'
Parameters:
AppName:
Type: String
InstanceType:
Type: String
Default: t2.micro
ImageId:
Type: String
Default: ami-0727f3c2d4b0226d5 # 18.04 LTS eu-west-1
KeyName:
Type: String
Outputs:
MyDNSName:
Value:
Fn::GetAtt:
- AppEC2Instance
- PublicDnsName
Description: "EC2 public DNS name"
MyIPAddress:
Value:
Fn::GetAtt:
- AppEC2Instance
- PublicIp
Description: "EC2 public IP address"
MyInstanceId:
Value:
Ref: AppEC2Instance
Description: "EC2 instance id"
Resources:
AppEC2Instance:
Properties:
IamInstanceProfile:
Ref: AppInstanceProfile
ImageId:
Ref: ImageId
InstanceType:
Ref: InstanceType
KeyName:
Ref: KeyName
SecurityGroupIds:
- Fn::GetAtt:
- AppSecurityGroup
- GroupId
SubnetId:
Ref: AppSubnet
Tags:
- Key: Name
Value:
Ref: AppName
UserData:
Fn::Base64:
!Sub |
#!/bin/bash -ex
apt-get update
apt-get install -y ruby
echo "Hello World EC2!"
Type: AWS::EC2::Instance
AppInstanceProfile:
Properties:
Path: /
Roles:
- Ref: AppInstanceRole
Type: AWS::IAM::InstanceProfile
AppInstanceRole:
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- ec2.amazonaws.com
Version: '2012-10-17'
Path: /
Policies:
- PolicyDocument:
Statement:
- Action:
- ec2:DescribeTags # allow codedeploy to find machine
Effect: Allow
Resource: '*'
- Action: s3:* # allow machine to access deployables
Effect: Allow
Resource: '*'
- Action: logs:*
Effect: Allow
Resource: '*'
Version: '2012-10-17'
PolicyName: # required
Fn::Join:
- '-'
- - Ref: AppName
- ec2
Type: AWS::IAM::Role
AppSecurityGroup:
Properties:
GroupDescription:
Ref: AppName
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
FromPort: '3000'
IpProtocol: tcp
ToPort: '3000'
VpcId:
Ref: AppVPC
Type: AWS::EC2::SecurityGroup
AppInternetGateway:
Type: AWS::EC2::InternetGateway
AppRoute:
DependsOn: AppInternetGateway
Properties:
DestinationCidrBlock: 0.0.0.0/0
GatewayId:
Ref: AppInternetGateway
RouteTableId:
Ref: AppRouteTable
Type: AWS::EC2::Route
AppRouteTable:
Properties:
VpcId:
Ref: AppVPC
Type: AWS::EC2::RouteTable
AppSubnet:
Properties:
CidrBlock: 172.31.0.0/20
MapPublicIpOnLaunch: true
VpcId:
Ref: AppVPC
Type: AWS::EC2::Subnet
AppSubnetRouteTableAssociation:
Properties:
RouteTableId:
Ref: AppRouteTable
SubnetId:
Ref: AppSubnet
Type: AWS::EC2::SubnetRouteTableAssociation
AppVPC:
Properties:
CidrBlock: 172.31.0.0/16
EnableDnsHostnames: true
EnableDnsSupport: true
InstanceTenancy: default
Type: AWS::EC2::VPC
AppVPCGatewayAttachment:
Properties:
InternetGatewayId:
Ref: AppInternetGateway
VpcId:
Ref: AppVPC
Type: AWS::EC2::VPCGatewayAttachment
AppCodeDeployApp:
Properties:
ApplicationName:
Ref: AppName
Type: AWS::CodeDeploy::Application
AppCodeDeployGroup:
Properties:
ApplicationName:
Ref: AppCodeDeployApp
DeploymentConfigName: CodeDeployDefault.AllAtOnce
DeploymentGroupName:
Ref: AppName
Ec2TagFilters: # lookup ec2 machine for deployment
- Key: Name
Type: KEY_AND_VALUE
Value:
Ref: AppName
ServiceRoleArn:
Fn::GetAtt:
- AppCodeDeployRole
- Arn
Type: AWS::CodeDeploy::DeploymentGroup
AppCodeDeployRole:
Properties:
AssumeRolePolicyDocument:
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service:
- codedeploy.amazonaws.com
Version: '2012-10-17'
ManagedPolicyArns:
- arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole
Path: /
Type: AWS::IAM::Role
this question has been already asked source as the question is 10 month old and as there are newer versions on fabric i'm reposting this question.
for the following YAML FILE
Organizations:
- &Smartforce
Name: SmartforceMSP
ID: SmartforceMSP
MSPDir: /home/falcon/dev-iq-smartforce/crypto-config/ordererOrganizations/smartforce.com/msp
- &BusinessPartner1
Name: FalconMSP
ID: FalconMSP
MSPDir: /home/falcon/dev-iq-smartforce/crypto-config/peerOrganizations/falcon.com/msp
AnchorPeers:
- Host: localhost
Port: 7051
- &BusinessPartner2
Name: FrostMSP
ID: FrostMSP
MSPDir: /home/falcon/dev-iq-smartforce/crypto-config/peerOrganizations/frost.com/msp
AnchorPeers:
- Host: localhost
Port: 8051
# Configuration for the Orderer
Orderer: &OrdererDefaults #SampleInsecureSolo
OrdererType: solo
Addresses:
- localhost:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 98 MB
PreferredMaxBytes: 512 KB
Application: &ApplicationDefaults
Organizations:
Channel: &ChannelDefaults
Profiles:
TwoPartnerGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *Smartforce
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *BusinessPartner1
- <<: *BusinessPartner2
Consortiums:
TwoPartnerConsortium:
Organizations:
- *BusinessPartner1
- *BusinessPartner2
TwoOrgChannel:
Consortium: TwoPartnerConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *BusinessPartner1
- <<: *BusinessPartner2
the result for following file :
input :
configtxgen -outputCreateChannelTx ./TwoOrgChannel.tx -profile
TwoPartnerGenesis -channelID channel01
output :
configtxgen -outputCreateChannelTx ./TwoOrgChannel.tx -profile TwoPartnerGenesis -channelID channel01
2018-12-20 12:30:29.818 IST [common/tools/configtxgen] main -> INFO 001 Loading configuration
2018-12-20 12:30:29.824 IST [common/tools/configtxgen] doOutputChannelCreateTx -> INFO 002 Generating new channel configtx
2018-12-20 12:30:29.824 IST [common/tools/configtxgen] main -> CRIT 003 Error on outputChannelCreateTx: config update generation failure: cannot define a new channel with no Consortium value
please anyone help me to identify the error.
thanks in advance.
Try this:
configtxgen -outputCreateChannelTx ./TwoOrgChannel.tx -profile TwoOrgChannel -channelID channel01
I think you selected the wrong profile to create the channel transaction
I have a Cloudformation template which when I validate it it appears it appears to be valid I get no errors using the linter tool in Atom and I have also use an online yaml validate tool which confirms it is correct but when I go to deploy the template in CFN it fails with error
Template validation error: Template format error: Unresolved resource dependencies [AgentserviceSNSTopic] in the Resources block of the template
I can't see any errors (am not sure how the formatting will be but the template is below )
AWSTemplateFormatVersion: '2010-09-09'
Description: AgentService Web infra
Outputs:
AgentServiceFQDN:
Value:
'Fn::GetAtt':
- AgentServiceELB
- DNSName
Parameters:
AZ:
Default: 'ap-southeast-2a, ap-southeast-2b'
Description: >-
Comma delimited list of AvailabilityZones where the instances will be
created
Type: CommaDelimitedList
InstanceProfile:
Default: >-
arn:aws:iam::112888586165:instance-profile/AdvanceCodeDeployInstanceProfile
Description: >-
Use the full ARN for SimpleCodeDeployInstanceProfile or
AdvancedCodeDeployInstanceProfile
Type: String
InstanceType:
ConstraintDescription: 'Must be a valid EC2 instance type, such as t2.medium'
Default: t2.medium
Description: Provide InstanceType to be used
Type: String
KeyName:
ConstraintDescription: The name of an existing EC2 KeyPair.
Default: LMBRtraining
Description: Name of an existing EC2 KeyPair to enable SSH access to the instances
Type: 'AWS::EC2::KeyPair::KeyName'
PublicSubnets:
Default: 'subnet-bb0a3ade,subnet-fedd8389'
Description: Comma delimited list of public subnets
Type: CommaDelimitedList
VPCID:
Default: vpc-a18eccc4
Description: VPC ID
Type: String
WindowsAMIID:
Default: ami-5a989d39
Description: Windows AMI ID with IIS
Type: String
myIP:
Default: 0.0.0.0/0
Description: 'Enter your IP address in CIDR notation, e.g. 100.150.200.225/32'
Type: String
Resources:
AgentServiceASG:
Properties:
AvailabilityZones:
Ref: AZ
DesiredCapacity: '2'
HealthCheckGracePeriod: '600'
HealthCheckType: ELB
LaunchConfigurationName:
Ref: AgentServiceLaunchConfig
LoadBalancerNames:
- Ref: AgentServiceELB
MaxSize: '2'
MinSize: '2'
NotificationConfiguration:
NotificationTypes:
- 'autoscaling:EC2_INSTANCE_LAUNCH'
- 'autoscaling:EC2_INSTANCE_LAUNCH_ERROR'
- 'autoscaling:EC2_INSTANCE_TERMINATE'
- 'autoscaling:EC2_INSTANCE_TERMINATE_ERROR'
TopicARN:
Ref: AgentServiceSNSTopic
Tags:
- Key: Name
PropagateAtLaunch: 'true'
Value: AgentServiceServer
VPCZoneIdentifier:
Ref: PublicSubnets
Type: 'AWS::AutoScaling::AutoScalingGroup'
AgentServiceAutoscaleDownPolicy:
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName:
Ref: AgentServiceASG
Cooldown: '300'
ScalingAdjustment: '-1'
Type: 'AWS::AutoScaling::ScalingPolicy'
AgentServiceAutoscaleUpPolicy:
Properties:
AdjustmentType: ChangeInCapacity
AutoScalingGroupName:
Ref: AgentServiceASG
Cooldown: '300'
ScalingAdjustment: '1'
Type: 'AWS::AutoScaling::ScalingPolicy'
AgentServiceCloudWatchCPUAlarmHigh:
Properties:
AlarmActions:
- Ref: AgentServiceAutoscaleUpPolicy
- Ref: AgentServiceSNSTopic
AlarmDescription: SNS Notification and scale up if CPU Util is Higher than 90% for 10 mins
ComparisonOperator: GreaterThanThreshold
Dimensions:
- Name: AutoScalingGroupName
Value:
Ref: AgentServiceASG
EvaluationPeriods: '2'
MetricName: CPUUtilization
Namespace: AWS/EC2
Period: '300'
Statistic: Average
Threshold: '90'
Type: 'AWS::CloudWatch::Alarm'
AgentServiceCloudWatchCPUAlarmLow:
Properties:
AlarmActions:
- Ref: AgentServiceAutoscaleDownPolicy
- Ref: AgentserviceSNSTopic
AlarmDescription: SNS Notification and scale down if CPU Util is less than 70% for 10 mins
ComparisonOperator: LessThanThreshold
Dimensions:
- Name: AutoScalingGroupName
Value:
Ref: AgentServiceASG
EvaluationPeriods: '2'
MetricName: CPUUtilization
Namespace: AWS/EC2
Period: '300'
Statistic: Average
Threshold: '70'
Type: 'AWS::CloudWatch::Alarm'
AgentServiceELB:
Properties:
ConnectionDrainingPolicy:
Enabled: 'true'
Timeout: '60'
CrossZone: true
HealthCheck:
HealthyThreshold: '3'
Interval: '15'
Target: 'HTTP:80/index.html'
Timeout: '5'
UnhealthyThreshold: '3'
Listeners:
- InstancePort: '80'
InstanceProtocol: HTTP
LoadBalancerPort: '80'
Protocol: HTTP
LoadBalancerName: AgentServiceELB
Scheme: internet-facing
SecurityGroups:
- Ref: AgentServiceSecurityGroup
Subnets:
Ref: PublicSubnets
Tags:
- Key: Network
Value: public
Type: 'AWS::ElasticLoadBalancing::LoadBalancer'
AgentServiceLaunchConfig:
Properties:
AssociatePublicIpAddress: 'true'
IamInstanceProfile:
Ref: InstanceProfile
ImageId:
Ref: WindowsAMIID
InstanceType:
Ref: InstanceType
KeyName:
Ref: KeyName
SecurityGroups:
- Ref: AgentServiceSecurityGroup
UserData:
'Fn::Base64':
'Fn::Join':
- ''
- - |
<script>
- |
echo hello world > c:\\inetpub\\wwwroot\\index.html
- |
hostname >> c:\\inetpub\\wwwroot\\index.html
- "if not exist \\"c:\\temp\\" mkdir c:\\temp\\n"
- >
powershell.exe -Command Read-S3Object -BucketName
aws-codedeploy-us-east-1/latest -Key codedeploy-agent.msi -File
c:\\temp\\codedeploy-agent.msi
- >
c:\\temp\\codedeploy-agent.msi /quiet /l
c:\\temp\\host-agent-install-log.txt
- |
powershell.exe -Command Get-Service -Name codedeployagent
- |
</script>
Type: 'AWS::AutoScaling::LaunchConfiguration'
AgentServiceSNSTopic:
Type: 'AWS::SNS::Topic'
AgentServiceSecurityGroup:
Properties:
GroupDescription: AgentServiceSecurityGroup
InstanceAccessHTTPS:
Properties:
CidrIp: 0.0.0.0/0
FromPort: '443'
GroupId: AgentServiceSecurityGroup
IpProtocol: tcp
ToPort: '443'
Type: 'AWS::EC2::SecurityGroupIngress'
InstanceAccessPSremote:
Properties:
CidrIp: 198.18.0.0/24
FromPort: '5985'
GroupId: AgentServiceSecurityGroup
IpProtocol: tcp
ToPort: '5985'
Type: 'AWS::EC2::SecurityGroupIngress'
InstanceAccessRDP:
Properties:
CidrIp: 0.0.0.0/0
FromPort: '3389'
GroupId: AgentServiceSecurityGroup
IpProtocol: tcp
ToPort: '3389'
Type: 'AWS::EC2::SecurityGroupIngress'
InstanceAccessSMB:
Properties:
CidrIp: 198.18.0.0/24
FromPort: '445'
GroupId: AgentServiceSecurityGroup
IpProtocol: tcp
ToPort: '445'
Type: 'AWS::EC2::SecurityGroupIngress'
VpcId:
Ref: VPCID
Type: 'AWS::EC2::SecurityGroup'
It would be interesting to know which online validator accepted your "valid YAML".
The Online YAML Parser and YAML Lint both complain when you use your YAML as input. After changing the line these YAML parsers indicate as problematic:
- "if not exist \\"c:\\temp\\" mkdir c:\\temp\\n"
which is a quoted scalar "if not exist \\"c:\\temp\\" followed by more mkdir ... into:
- "if not exist \"c:\\temp\" mkdir c:\\temp\n"
in which the quotes are escaped, or to the better readable:
- |
if not exist "c:\temp" mkdir c:\temp
The Code Beautify YAML Validator complain that your YAML has problems, but as usual cannot deal with the corrected YAML either, so don't use that.