Hyperledger Fabric v2 new chaincode lifecycle install problem with dind vm endpoint + tls

Question

having trouble with new v2 chaincode lifecycle, I am using docker vm dind endpoint https://127.0.0.1 with tls on, peer has all docker client crypto material set

CORE_VM_DOCKER_TLS_ENABLED=true
CORE_VM_DOCKER_TLS_CERT=/tmp/org1/peer1/docker/cert.pem
CORE_VM_DOCKER_HOSTCONFIG_NETWORKMODE=host
CORE_VM_DOCKER_TLS_KEY=/tmp/org1/peer1/docker/key.pem
CORE_VM_ENDPOINT=https://127.0.0.1:2376
CORE_VM_DOCKER_TLS_CA=/tmp/org1/peer1/docker/ca.pem

Trying to install chaincode package.

peer lifecycle chaincode install patient_consent-v0.0.1-package.tar.gz \
     --peerAddresses fabric-dev-peer1-org1:7051 --connTimeout 10s \
     --tlsRootCertFiles /tmp/org1/peer1/tls/msp/cacerts/fabric-dev-tlsca-org1-7052.pem \
     -o fabric-dev-orderer1-org1:7050 --tls --cafile /tmp/org1/peer1/tls/msp/cacerts/fabric-dev-tlsca-org1-7052.pem

This gives me

Error: chaincode install failed with 
status: 500 - failed to invoke backing implementation of 'InstallChaincode'
could not build chaincode
docker build failed
docker image inspection failed
Get https://127.0.0.1:2376/images/dev-peer1-org1-patient_consent-v0.0.1-9aedb4f5f58cb4bf18cf38f53751928caf9074c4bcb6859d8417fb37c09ab596-0acf342a6da8bfef85ec6b4d9dbe3ca4236ab9e52d903bb9fb014db836696d7b/json
remote error: 
tls: bad certificate

Answer 1

In the peer chaincode install command, you have put the wrong tlsRootCertFiles for the orderer. The --cafile is same as the peer. It is the orderer CA file .

--tlsRootCertFiles /tmp/org1/peer1/tls/msp/cacerts/fabric-dev-tlsca-org1-7052.pem \

 -o fabric-dev-orderer1-org1:7050 --tls --cafile /tmp/org1/peer1/tls/msp/cacerts/fabric-dev-tlsca-org1-7052.pem

Usually when you spin up the test-network (2.0/1),the orderer tls CA files is found at organizations/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
You can check in your setup and put the right path for orderer --cafile flag.