Home / server / Questions / 1002137
In Process
Dora
Asked: 2020-02-07 22:01:35 +0800 CST

aws blockchain template received failure signal with uniqueid +failed to create ec2 instance for dev

  • 772

I am learning about How to Deploy Hyperledger Fabric on AWS with Blockchain Templates. from this tutorial https://medium.com/faun/how-to-deploy-hyperledger-fabric-on-aws-with-blockchain-templates-12ff1b219d98

I have tried to follow every single steps but realized there are something missing from his steps and I tried putting in the missing pieces but somehow still getting error while creating.

I tried to google around but doesn't seem to be able to find much much.

Wondering if there's anyone able to give me suggestions / advice.

I will try writing out steps of what I have done.

  1. I created a new by launching VPC wizard with VPC with a single public subnet I named this BlockChainVPC

  2. I created a new EC2 and chose the first AMI Amazon Linux 2 AMI (HVM), SSD Volume Type, I configured the network to use the VPC I created in previous step, then left the other instance details as default. As for security group, I created a new security group named Hyperledge with inbound rules of HTTP + HTTPS to be accessible anywhere. As for outbound, it's open to all traffic. As for PEM, I created new PEM named blockchainbook

  3. I created one elastic ip with the setting of us-west-2 for network border group. I created both ec2 + vpc in Oregon (us-west-2). Then I associated this elastic ip to the ec2 I created previously.

  4. I created another security group named blockchainbook with SSH + 8080 as inbound rules and all traffic for outbound. This security group is with the new VPC(blockchainVPC)

  5. I created a new policy under IAM named EC2BC, I added full access to Elastic Container Registry and Elastic Container Service and S3 with resources as all resources

  6. I created a new role named EC2Blockchain with aws service and common use case of EC2 I attached the policy I created above (EC2BC) into this role.

  7. I went back to the EC2 created in step 2, then attached the EC2Blockchain role to it.

  8. I went to this page from aws https://aws.amazon.com/blockchain/templates/getting-started/ and chose Launch in US West (Oregon) region (us-west-2) to launch hyperledger fabric which brings me to cloudformation with the a template url of hyperledger fabric. As for stack name I entered BlockchainStack. VPC Connection, I chose BlockChainVPC which I created in step 1. Subnet, I chose the subnet that was created with the BlockchainVPC. EC2 Key pair I chose the one I created with ec2 in step 2. Security group, I choose the blockchainbook I created in step 4. As for EC2 Instance Profile ARN, I chose the Role ARN from the role I created in step 6.

  9. Finally I started to create the stack and see that it's in progress because of the state CREATE_IN_PROGRESS, after a few minutes I see an error of Embedded stack arn:aws:cloudformation:us-west-2:234234234:stack/BlockchainStack-FabricEC2CommonStack-1OF23423423/234234234-234234234-234 was not successfully created: The following resource(s) failed to create: [EC2InstanceForDev].

After the error I tried recreating the stack again all settings are the sam except the EC2 Instance Profile ARN, this time I chose Instance Profile ARNs from the role I created in step 6. But error is still the same, no luck.

I also thought it might be the role permission I set or the security group I had wrong so I even tried to attach the admin policy into the role and all traffic to both inbound + outbound for the security group but still no luck.

Does anyone has suggession / advice for this?

Thanks in advance for any help.

amazon-ec2 amazon-cloudformation

1 Answers

  1. The Official AWS Blockchain Cloud Formation Template for Hyperledger Fabric is a nested template (our base template calls another template which does all the setup on an EC2 instance which itself creates).

    But the problem is it does everything on the EC2-Instance except installing docker-compose & it throws an error that docker-compose command not found at the end which causes the CloudFormation template to break(EC2InstanceForDev) and do a rollback. So instead of using CloudFormation Template, we can run the same script manually on the EC2-instance with a small change. The change is to install docker-compose beforehand. Rest setup remains the same i.e -- 1. Create a VPC, 2. Create Public Subnets, 3. Create EIP if you want to attach it later, 4. Create Key-Pair for SSH, 5. Create IAM Role & Policy, 6. Create Security Group with Inbound 8080(TCP) & 22(SSH), 7. launch an EC2 Instance with the created resources in step (1to6).

    AMI which is preferred is -

    1. ami-1853ac65 for us-east-1
    2. ami-25615740 for us-east-2
    3. ami-dff017b8 for us-west-2

    Docker Image Repository -

    1. 354658284331 for us-east-1
    2. 763976151875 for us-east-2
    3. 712425161857 for us-west-2

    SCRIPT TO RUN ON EC2 (Give chmod 777 and chmod +x for the script) - 

    #!/bin/bash -x
sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
sudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
docker-compose --version
res=$?
echo $res
mkdir /tmp/fabric-install/
cd /tmp/fabric-install/
wget https://aws-blockchain-templates-us-east-1.s3.us-east-1.amazonaws.com/hyperledger/fabric/templates/simplenetwork/latest/HyperLedger-BasicNetwork.tgz -O /home/ec2-user/HyperLedger-BasicNetwork.tgz
cd /home/ec2-user
tar xzvf HyperLedger-BasicNetwork.tgz
rm /home/ec2-user/HyperLedger-BasicNetwork.tgz
chown -R ec2-user:ec2-user HyperLedger-BasicNetwork
chmod +x /home/ec2-user/HyperLedger-BasicNetwork/artifacts/first-run-standalone.sh
/home/ec2-user/HyperLedger-BasicNetwork/artifacts/first-run-standalone.sh us-east-1 example.com org1 org2 org3 mychannel 354658284331.dkr.ecr.us-east-1.amazonaws.com/ 354658284331
res=$?
echo $res

    IAM policy which I attached to the role -

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ecr:GetAuthorizationToken",
                "ecr:BatchCheckLayerAvailability",
                "ecr:GetDownloadUrlForLayer",
                "ecr:GetRepositoryPolicy",
                "ecr:DescribeRepositories",
                "ecr:ListImages",
                "ecr:DescribeImages",
                "ecr:BatchGetImage"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": "*"
        }
]
}

    NOTE - Please replace the appropriate AWS ECR account number for your region and appropriate AWS region in the above script and script has (example.com org1 org2 org3 mychannel), Please change this too as per requirement. Its the same RootDomain, Org1SubDomain, Org2SubDomain, Org3SubDomain, ChannelName as we enter in the CF template).

    This whole process is tested in the us-east-1 region. The script can be straight deployed in the us-east-1 region. To access the Hyperledger web monitor interface (http://EC2-DNS OR EIP:8080)

    • 0