To resolve this issue, recreate the encrypted key for the operator.
- SSH to the operator node.
- Identify the blockchain private key.
- Generate a public key from the private key:
Note: One location you might find the private key is /config/daml-ledger-api/concord-operator
cd /config/daml-ledger-api/concord-operator
openssl pkey -in <your-private-key.pem> -out public-key.pem -outform PEM -pubout
- Compare the public key generated against the one in the json file used for the deployment/scaling reconfigure.
If they match, on the operator node proceed with the following steps:
- Delete the operator:
docker rm -f operator
- Delete the old encrypted key:
cd /config/daml-ledger-api/concord-operator
mv operator_priv.pem /tmp
mv operator_priv.pem.enc /tmp
- Generate the new encrypted key:
- If you are running version 1.5 or earlier, run:
image=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "operator"); docker run -ti --network=blockchain-fabric --name=operator --entrypoint /operator/install_private_key.py --rm -v /config/daml-ledger-api/concord-operator:/operator/config-local -v /config/daml-ledger-api/concord-operator:/concord/config-public -v /config/daml-ledger-api/config-local/cert:/config/daml-ledger-api/config-local/cert -v /config/daml-ledger-api/config-public:/operator/config-public $image
- If you are running version 1.6 or later, run:
image=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "operator"); docker run -d --network=blockchain-fabric --name=operator -v /config/daml-ledger-api/concord-operator:/operator/config-local -v /config/daml-ledger-api/concord-operator:/concord/config-public -v /config/clientservice/cert:/config/clientservice/cert -v /config/daml-ledger-api/config-public:/operator/config-public $image
- When prompted to paste private operator key and press Ctrl+d.
Note: After this a new /config/daml-ledger-api/concord-operator/operator_priv.pem.enc file will be generated.
- Start the operator:
- If you are running version 1.5 or earlier, run:
image=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "operator");docker run -d --network=blockchain-fabric --name=operator -v /config/daml-ledger-api/concord-operator:/operator/config-local -v /config/daml-ledger-api/concord-operator:/concord/config-public -v /config/daml-ledger-api/config-local/cert:/config/daml-ledger-api/config-local/cert -v /config/daml-ledger-api/config-public:/operator/config-public $image
- If you are running version 1.6 or later, run:
image=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep "operator"); docker run -d --network=blockchain-fabric --name=operator -v /config/daml-ledger-api/concord-operator:/operator/config-local -v /config/daml-ledger-api/concord-operator:/concord/config-public -v /config/clientservice/cert:/config/clientservice/cert -v /config/daml-ledger-api/config-public:/operator/config-public $image
- Check operator file to verify the issue is resolved:
docker logs operator | less