API Key

[PESystems]

How do you request an API key? Each time I try to launch the docker up command, it fails giving me a "requests.exceptions.ConnectionError: ('Connection aborted.', PermissionError(13, 'Permission denied'))" error.

[etschelp]

It's hard to deduct from the single line above what your local state is. But my very first guess would be that your user account does not have the permission to connect to the docker daemon. You can test this by running sudo docker compose up, if this fixes the issue your user needs to be in the docker group. Otherwise did you follow the steps described here? https://github.com/hyperledger-labs/business-partner-agent/tree/master/scripts Also more console output would be helpful, and whats in your .env file, as the example has no api key activated on the aca-py api.

[PESystems]

Thank you so much this cleared up my issue, I have run into another small problem trying to get the front end to connect to the BPA back-end. if you see in the linked photos I have been able to get the BPA running but the public URLs given by ngrok are returning the error you can also see in the screen shots.

Business Partner Agent Public URL: https://7fba0b0daf9a.ngrok.io
Public ACA-PY Endpoint: https://4bdaf44cf0a4.ngrok.io

I will leave the node running for a while and try to fix things as a read more about this issue. hoping someone can lead me to the answer. thanks again for your support.

Screen shots of BPA running + public URL error

https://imgur.com/HAbBGMX

https://imgur.com/ZwthMn7

https://imgur.com/8MwdOx7

[PESystems]

Also here is my .env code below. I will upload my code to github soon.

`# ------------------------------------------------------------

Business Partner Agent

------------------------------------------------------------

Specifies the label for this agent. This label is publicized (self-attested) to other agents as part of forming a connection

AGENT_NAME="Business Partner Agent"

localhost, ip address, dns name

BPA_HOST=localhost
BPA_PORT=8080
BPA_SCHEME=https

Security

BPA_SECURITY_ENABLED=true

Default username and password, set if running in production like environments

BPA_BOOTSTRAP_UN=admin
BPA_BOOTSTRAP_PW=changeme

Run in did:web mode with read only ledger. If set to true ACAPY_READ_ONLY_MODE has to be set as well.

BPA_WEB_MODE=true

Uni Resolver URL

BPA_RESOLVER_URL=https://resolver.stage.economyofthings.io

The ledger prefix that is configured with the Uni Resolver

BPA_DID_PREFIX=did:sov:iil:

Docker image to be used for the business partner

BPA_DOCKER_IMAGE=ghcr.io/hyperledger-labs/business-partner-agent:edge

Optional: bcgov ledger explorer (https://github.com/bcgov/von-network)

#BPA_LEDGER_BROWSER=
BPA_LEDGER_BROWSER=https://indy-test.bosch-digital.de

Optional: If set bpa renders a link to an external imprint page

BPA_IMPRINT_URL=

Optional: If set bpa renders a link to an external pricavy policy page

BPA_PRIVACY_POLICY_URL=

This will set the registry size when a credential definition is created with Support Revocation.

BPA_CREDDEF_REVOCATION_REGISTRY_SIZE=3000

------------------------------------------------------------

ACA-PY

------------------------------------------------------------

Run in read only mode, requires BPA_WEB_MODE to be true.

ACAPY_READ_ONLY_MODE=true

ACAPY_GENESIS_URL=https://indy-test.bosch-digital.de/genesis

Identity

Enter wallet seed here:

    ACAPY_SEED=GzaJ**********************utjVV

Build

Build ACA-Py instead of using a published image. Requires usage of docker-compose.custom-acapy.yml

Example here is using the current master

ACAPY_BUILD_CONTEXT=https://github.com/hyperledger/aries-cloudagent-python.git
ACAPY_BUILD_DOCKERFILE_PATH=docker/Dockerfile.run

Security

Protect all admin endpoints with the provided API key

Development setup (do not use in production!)

ACAPY_ADMIN_CONFIG=--admin-insecure-mode

Production setup (change the key to a generated secret one)

ACAPY_ADMIN_URL_API_KEY=1swb8Z4VfzMyuF3takZr7GzDOab_6pki39K1r6p78ceMzp7pE
#ACAPY_ADMIN_CONFIG=--admin-api-key ${ACAPY_ADMIN_URL_API_KEY}

Connectivity

ACAPY_HTTP_PORT=8030
ACAPY_ENDPOINT=http://localhost:8030
ACAPY_ADMIN_PORT=8031

Wallet Storage

ACAPY_WALLET_DATABASE=wallet_db
ACAPY_WALLET_ENCRYPTION_KEY=key

------------------------------------------------------------

Postgres Storage

------------------------------------------------------------

POSTGRESQL_HOST=postgres
POSTGRESQL_PORT=5432
POSTGRESQL_USER=walletuser
POSTGRESQL_PASSWORD=walletpassword`

[etschelp]

The first exception is probably because there is a back-tick in POSTGRESQL_PASSWORD which escapes what comes after so aca-py will not start because of missing/wrong properties. But I'm not 100% sure because the screenshot is missing the part where aca-py logs the property in question. The second issue is that you switched from web mode BPA_WEB_MODE=true to aries mode what is not supported. To do that you have to delete to postgres volume docker compose down -v. Then start with the new config BPA_WEB_MODE=false ACAPY_READ_ONLY_MODE= The last screenshot basically says there is nothing to connect to what is correct because aca-py and bpa did not start because of the issues above.

[PESystems]

Thank you for your help! I was able to get the front end working after your suggestions.

However I am trying to get this running again on a new machine and have been getting a

different issue, and I've been stumped trying to fix it.

using the command sudo ./start-with-tunnels.sh

I get the following.

but if i run docker-compose up the front end works fine, except i can only access it via local host.

I've been trying to be self sufficient but this one cant seem to figure out.

I can share my .env code again to show you the changes

[PESystems]

------------------------------------------------------------

Business Partner Agent

------------------------------------------------------------

Specifies the label for this agent. This label is publicized (self-attested) to other agents as part of forming a connection

AGENT_NAME="Business Partner Agent 1"
AGENT2_NAME="Business Partner Agent 2"

How the BPA is seen from the outside world, either: ip address or dns name

The hostname will also be registered as part of the profile endpoint on the ledger

BPA_HOST=localhost
BPA2_HOST=localhost

Internal BPA service port

BPA_PORT=8080
BPA2_PORT=8090
BPA_WEBHOOK_URL=http://bpa1:8080/log
BPA2_WEBHOOK_URL=http://bpa2:8090/log

BPA_DEBUG_PORT=1044
BPA2_DEBUG_PORT=1045

The scheme that is used to register the profile endpoint on the ledger

BPA_SCHEME=https
BPA_CONFIG_FILES=classpath:application.yml,classpath:schemas.yml

Security

BPA_SECURITY_ENABLED=true

Default username and password, set if running in production like environments

BPA_BOOTSTRAP_UN=admin
BPA_BOOTSTRAP_PW=changeme
BPA_WEBHOOK_KEY=changeme

Run in did:web mode with read only ledger. If set to true ACAPY_READ_ONLY_MODE has to be set as well.

Once the mode is set you can not change it again without removing the postgres volume

BPA_WEB_MODE=false

Docker image to be used for the business partner

BPA_DOCKER_IMAGE=ghcr.io/hyperledger-labs/business-partner-agent:edge

Optional: bcgov ledger explorer (https://github.com/bcgov/von-network)

BPA_LEDGER_BROWSER=

BPA_LEDGER_BROWSER=https://indy-test.bosch-digital.de

Optional: If set bpa renders a link to an external imprint page

BPA_IMPRINT_URL=

Optional: If set bpa renders a link to an external pricavy policy page

BPA_PRIVACY_POLICY_URL=

This will set the registry size when a credential definition is created with Support Revocation.

This requires a configured revocation registry to take effect

BPA_CREDDEF_REVOCATION_REGISTRY_SIZE=3000

------------------------------------------------------------

ACA-PY

------------------------------------------------------------

Run in read only mode, requires BPA_WEB_MODE to be true.

#ACAPY_READ_ONLY_MODE=--read-only-ledger

ACAPY_GENESIS_URL=https://indy-test.bosch-digital.de/genesis

To support revocation set the 2 URLs of an existing tails server

ACAPY_TAILS_BASE_URL=--tails-server-base-url https://tails-dev.vonx.io
ACAPY_TAILS_UPLOAD_URL=--tails-server-upload-url https://tails-dev.vonx.io

Identity

Enter wallet seed here:

        ACAPY_SEED=RgB5aoOuwXkDQf93YoSsjIYIvdcfW8pC
        ACAPY_SEED2=9xmBC1WIYzpK2c2TnsZpoKwYEY361ZPt

Build

Build ACA-Py instead of using a published image. Requires usage of docker-compose.custom-acapy.yml

Example here is using the current master

ACAPY_BUILD_CONTEXT=https://github.com/hyperledger/aries-cloudagent-python.git
ACAPY_BUILD_DOCKERFILE_PATH=docker/Dockerfile.run

Security

Protect all admin endpoints with the provided API key

Development setup (do not use in production!)

ACAPY_ADMIN_CONFIG=--admin-insecure-mode

Production setup (change the key to a generated secret one)

#ACAPY_ADMIN_URL_API_KEY=change-me
#ACAPY_ADMIN_CONFIG=--admin-api-key ${ACAPY_ADMIN_URL_API_KEY}

Connectivity

Exposed service ports

ACAPY_HTTP_PORT=8030
ACAPY_ADMIN_PORT=8031

Public endpoint URL that is registered on the ledger

ACAPY_ENDPOINT=http://localhost:8030

ACAPY2_HTTP_PORT=8040
ACAPY2_ADMIN_PORT=8041
ACAPY2_ENDPOINT=http://localhost:8040

Wallet Storage

ACAPY_WALLET_TYPE=postgres_storage
ACAPY_WALLET_DATABASE=wallet_db
ACAPY_WALLET_ENCRYPTION_KEY=key

------------------------------------------------------------

Postgres Storage

------------------------------------------------------------

POSTGRESQL_HOST=bpa-wallet-db1
POSTGRESQL1_PORT=5432

POSTGRESQL2_HOST=bpa-wallet-db2
POSTGRESQL2_PORT=5452

POSTGRESQL_USER=walletuser
POSTGRESQL_PASSWORD=walletpassword

------------------------------------------------------------

Keycloak OIDC Configuration for docker-compose.oidc-security.yaml

------------------------------------------------------------

BPA_KEYCLOAK_CLIENT_ID=
BPA_KEYCLOAK_CLIENT_SECRET=
BPA_KEYCLOAK_ISSUER=
BPA_KEYCLOAK_REDIRECT_URI=http://localhost:{BPA_PORT}/logout
BPA_KEYCLOAK_ENDSESSION_URL={BPA_KEYCLOAK_ISSUER}/protocol/openid-connect/logout

ID of Presentation Request to forward to https://github.com/bcgov/vc-authn-oidc Identify Provider

which is configured in this repo https://github.com/bcgov/a2a-trust-over-ip-configurations/tree/master/proof-configurations

BPA_KEYCLOAK_VCAUTHN_PRES_REQ_CONF_ID=

[PESystems]

Thank you I was able to fix the bug.

Another small question about ngrok. we wish to use the ngrok service for longer than the 2 hour limit.

I have created an account and installed my auth key into .ngrok2/ngrok.yml as well as the ngrok.yml in the scripts folder (I added the auth key line above what is already written there)

despite adding the auth key in these two .yml files the BPA still only runs for 2 hours. am I doing something wrong or should I try running more tests.

I was able to get this working on my original machine but I can't remember what I did to get the time extended.

thank you again for all your help.

[etschelp]

The script is using the configuration from scripts/ngrok.yml, so if this file starts with:

authtoken: <your-token>
tunnels:
    businesspartner:

you should be good to go. But possible issues could be:

• token is expired
• your router or any other active device in your network interferes with long running sessions

[PESystems]

Thank you that helped me pin point the bug.

I am well on my way to preparing demos and presentations for the company! thank you for all your help.

Another question, I am now trying to run a BPA build on AWS with the same method.

I am getting this new error. Any idea what it could mean?

And this is how the script looks when it starts up.

cont.

[ChazLeePierre]

Hi @etschelp, I am experiencing a similar issue & would appreciate your help

I followed the steps in the business-partner-agent/scripts/README.md & was able to start the agent with no issues & access the front-end. I followed the same steps on an AWS EC2 instance running Ubuntu, & using ngrok to access the front-end. I was also able to access that with no issues.

The next day, I checked the EC2 instance & noticed an error that the agent is unable to connect to bpa-agent1/172.18.0.3:8031

I then tried starting the agent locally, and got the same error:

Is it a firewall issue? Is there a port I need open to connect to the agent?

[etschelp]

It takes a while for aca-py to come up, so that you see this message in the logs is not an issue per se, only if all services hang after a minute or so. This can be for any number of reasons. The first likely might be docker related if you ctrl-c out of a compose file and not all containers are shut down properly. So always use docker compose down.

Also you can check if all containers are up which should look like this:

docker ps
CONTAINER ID   IMAGE                                                   COMMAND                  CREATED          STATUS          PORTS                              NAMES
c69a7785c927   ghcr.io/hyperledger-labs/business-partner-agent:local   "/bin/sh -c './setup…"   51 seconds ago   Up 49 seconds   0.0.0.0:8080->8080/tcp             scripts-bpa1-1
10a3dde9e401   bcgovimages/aries-cloudagent:py36-1.16-1_0.7.3          "/bin/bash -c 'sleep…"   51 seconds ago   Up 50 seconds   0.0.0.0:8030-8031->8030-8031/tcp   scripts-bpa-agent1-1
27c5f3f7b8ce   postgres:12-alpine

If you still can access the UI the log message this is not an issue, if not the root cause is further down in the logs.

[etschelp]

The interesting log output is "database wallet_db does not exist" this prevents one of the services to start up and hence the dependent service won't start up as well. My observation is that with the latest version updates docker does not always stop correctly and often leaves volumes in a inconsistent state. Also it looks like one of the services did not stop at all and is still running. So I would try this first:

1. Stop everything: docker-compose down
2. Check if really everything is down: docker ps
3. Stop any running process: docker stop <container id>
4. Wipe all volumes if you do not mind loosing data: docker-compose down -v

If this is not working try starting only the basic services: docker compose up bpa-agent1 bpa-wallet-db1 and post the log output. Also check if auto-provision: true in acapy-static-args.yml

[PESystems]

Thank you for looking into this, so I rand docker-compose down and the other 3 steps but it seems I still get the same wallet_db error.
I tried running from docker compose up bpa-agent1 bpa-wallet-db1 but it just pauses after the following output. maybe i should try to start fresh with a new instance on AWS. I will let you know how things progress. thanks for reviewing!

[etschelp]

This looks good to me. Have you tried starting the whole stack again with docker compose up after this?