Help me please! I have hyperledger fabric network with configuration:
ca-tls
rca-org0
rca-org1
rca-org2
orderer1-org0 (solo)
peer1-org1
peer2-org1
peer1-org2
peer2-org2
I have this config.yaml file:
name: "Network"
version: "1.0"
channels:
mychannel:
orderers:
- orderer1-org0
peers:
peer1-org1:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
discover: true
peer2-org1:
endorsingPeer: false
chaincodeQuery: true
ledgerQuery: true
eventSource: true
discover: false
peer1-org2:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
discover: true
peer2-org2:
endorsingPeer: false
chaincodeQuery: true
ledgerQuery: true
eventSource: true
discover: false
organizations:
org0:
mspid: org0MSP
orderers:
- orderer1-org0
certificateAuthorities:
- rca-org0
adminPrivateKey:
path: path/to/org0/admin/msp/keystore/key.pem
signCert:
path: path/to/org0/admin/msp/signcerts/cert.pem
org1:
mspid: org1MSP
peers:
- peer1-org1
# - peer2-org1
certificateAuthorities:
- rca-org1
adminPrivateKey:
path: path/to/org1/admin/msp/keystore/key.pem
signedCert:
path: path/to/org1/admin/msp/signcerts/cert.pem
org2:
mspid: org2MSP
peers:
- peer1-org2
# - peer2-org2
certificateAuthorities:
- rca-org2
adminPrivateKey:
path: path/to/org2/admin/msp/keystore/key.pem
signedCert:
path: path/to/org2/admin/msp/signcerts/cert.pem
orderers:
orderer1-org0:
url: grpcs://orderer1-org0:7050
grpcOptions:
ssl-target-name-override: orderer1-org0
grpc-max-send-message-length: 4194304
tlsCACerts:
path: path/to/org0/msp/tlscacerts/tls-ca-cert.pem
peers:
peer1-org1:
url: grpcs://172.19.0.9:7051
grpcOptions:
ssl-target-name-override: peer1-org1
grpc.keepalive_time_ms: 600000
tlsCACerts:
path: path/to/org0/msp/tlscacerts/tls-ca-cert.pem
peer2-org1:
url: grpcs://172.19.0.9:7051
grpcOptions:
ssl-target-name-override: peer2-org1
grpc.keepalive_time_ms: 600000
tlsCACerts:
path: path/to/org0/msp/tlscacerts/tls-ca-cert.pem
peer1-org2:
url: grpcs://172.19.0.9:7051
grpcOptions:
ssl-target-name-override: peer1-org2
grpc.keepalive_time_ms: 600000
tlsCACerts:
path: path/to/org0/msp/tlscacerts/tls-ca-cert.pem
peer2-org2:
url: grpcs://172.19.0.9:7051
grpcOptions:
ssl-target-name-override: peer2-org2
grpc.keepalive_time_ms: 600000
tlsCACerts: path/to/org0/msp/tlscacerts/tls-ca-cert.pem
certificateAuthorities:
ca-tls:
url: https://0.0.0.0:7062
httpOptions:
verify: false
tlsCACerts:
path: path/to/org0/msp/tlscacerts/tls-ca-cert.pem
registrar:
- enrollId: tls-ca-admin
enrollSecret: tls-ca-adminpw
caName: ca-tls
rca-org0:
url: https://0.0.0.0:7063
httpOptions:
verify: false
tlsCACerts:
path: path/to/org0/msp/tlscacerts/tls-ca-cert.pem
registrar:
- enrollId: rca-org0-admin
enrollSecret: rca-org0-adminpw
caName: rca-org0
rca-org1:
url: https://0.0.0.0:7064
httpOptions:
verify: false
tlsCACerts:
path: path/to/org0/msp/tlscacerts/tls-ca-cert.pem
registrar:
- enrollId: rca-org1-admin
enrollSecret: rca-org1-adminpw
caName: rca-org1
rca-org2:
url: https://0.0.0.0:7065
httpOptions:
verify: false
tlsCACerts:
path: path/to/org0/msp/tlscacerts/tls-ca-cert.pem
registrar:
- enrollId: rca-org2-admin
enrollSecret: rca-org2-adminpw
caName: rca-org2
My API code below:
// create mychannel instance
let channel = new Channel('mychannel', client1);
// get certificates from couchdb wallet
let couchdbWallet = await Wallets.newCouchDBWallet("http://xxxxx:xxxxxxx#localhost:5984");
let user5 = await couchdbWallet.get('user5');
if (user5) {
let user5Cert = user5.credentials.certificate;
let user5Key = user5.credentials.privateKey;
let mspId = 'org1MSP';
await client1.initCredentialStores();
let cryptoSuite = client1.getCryptoSuite();
let keyObj = await cryptoSuite.importKey(user5Key);
let user5PubKey = keyObj._key.pubKeyHex;
let user5PrvKeyHex = keyObj._key.prvKeyHex;
let signer = new Signer(cryptoSuite, keyObj);
// create instance of signing identity
let signingIdentity = new SigningIdentity(
user5Cert,
user5PubKey,
'org1MSP',
cryptoSuite,
signer
);
// 1. generate unsigned transaction proposal
let transactionProposal = {
fcn: 'Mint',
args: ['1000'],
chaincodeId: 'token-erc-20',
channelId: 'mychannel'
}
let { proposal, txId } = await channel.generateUnsignedProposal(
transactionProposal,
mspId,
user5Cert,
true
);
console.log('*******proposal*****:\n', proposal);
console.log('*******Tx Id******\n', txId);
// now we have the 'unsigned proposal' for this tx
// 2. calculate the hash of the tx proposal bytes
let proposalBytes = proposal.toBuffer(); // the proposal comes from step 1
// 3. calculate the signature for this tx proposal
let signedProposal = signingIdentity.sign(proposalBytes);
console.log('********signedProposal********\n:', signedProposal);
// 4. send the signed tx proposal to peer(s)
let tlscaRootCert = readFileSync(tlscaRootCertPATH, { encoding: 'utf-8' });
console.log('tlscaRootCert: ', typeof tlscaRootCert);
let peer1org1 = client1.newPeer('grpcs://172.19.0.9:7051',
{
pem: tlscaRootCert,
}
);
let targets = new Array();
targets.push(peer1org1);
let sendSignedProposalReq = { signedProposal, targets };
let proposalResponses = await channel.sendSignedProposal(sendSignedProposalReq);
// check the proposal responces, if all good, commit the tx
// 5. similar to step 1, generate an unsigned tx
let commitReq = {
proposalResponses,
proposal,
};
let commitProposal = await channel.generateUnsignedTransaction(commitReq);
/// 6. similar to step 3, sign the unsigned tx with the user's private key
let commitProposalBytes = commitProposal.toBuffer();
let signedCommitProposal = signingIdentity.sign(commitProposalBytes);
// 7. commit the signed tx
let response = await channel.sendSignedTransaction({
signedTransaction: signedCommitProposal,
request: commitReq,
});
console.log('**********response from orderer after commit signed tx********\n', response);
// response.status should be 'SUCCESS' if the commit succeed
if (response.status === 'SUCCESS') {
// connect to event channel hub
let eventChannelHub = new ChannelEventHub(channel);
// 8. similar to step 1, generate an unsigned eventHub registration for the ChannelEventHub
let unsigneEvent = eventChannelHub.generateUnsignedRegistration({
certificate: user5Cert,
mspId
});
// 9. similar to step 3, sign the unsigned eventhub registration with the user's private key
let unsignEventBytes = unsigneEvent.toBuffer();
let signedEvent = signingIdentity.sign(unsignEventBytes);
// 10. register this ChannelEventHub at peer
let connectEventChannel = eventChannelHub.connect({ signedEvent });
console.log('***********connectEventChannel*********\n', connectEventChannel);
}
}
I try to submit transaction.
But every time I receive this error:
docker-compose.yaml logs
2022-09-21T11:36:52.296Z - error: [Channel.js]: Error: 14 UNAVAILABLE: failed to connect to all addresses
peer1-org1 container logs:
2022-09-21 11:25:08.606 UTC 0062 WARN [endorser] ProcessProposal -> Failed to preProcess proposal error="error validating proposal: access denied: channel [mychannel] creator org [org1MSP]"
2022-09-21 11:25:08.606 UTC 0063 INFO [comm.grpc.server] 1 -> unary call completed grpc.service=protos.Endorser grpc.method=ProcessProposal grpc.peer_address=172.19.0.1:59086 error="error validating proposal: access denied: channel [mychannel] creator org [org1MSP]" grpc.code=Unknown grpc.call_duration=15.47295ms
Also I receive this error now:
2022-09-21T13:01:10.858Z - error: [Channel.js]: sendTransaction - no valid endorsements found
How can I resolve this problem?
From peer logs, it seems like transaction submitter is not having access to the channel. Make sure the user identify is valid and the user's organization joined the channel. This error may come also if the MSP name given is wrong. MSP name is case sensitive.
Related
I keep getting this error when trying to enroll a peer to the fabric ca via the hlf operator:
Error: enroll failed: enroll failed: Failed to read response of request: POST >http://org1-ca.domain.com/enroll
{"hosts":null,"certificate_request":"-----BEGIN CERTIFICATE REQUEST----->\nMIHxMIGYAgEAMBExDzANBgNVBAMTBmVucm9sbDBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABBQob4jvqjE/>E6OZPuKQdPUNw+SMXCI6FtPI3j0rPqxGu9DrnCgasGG\nzop5KWFZrMFL/JrbKfm2+GPrRPrLyjWgJTAjBgkqhki>G9w0BCQ4xFjAUMBIGA1Ud\nEQQLMAmCB0JVSDAwOTcwCgYIKoZIzj0EAwIDSAAwRQIhALWFAahmDd+lmQdkqSgI>n7M5m+BeFz8fZBzrDVbcbrVzCAiAsThJfkxEdNwm1AQ45KUqT0hDfnHQCAUK0Fjp5\n6IaPPQ==\n-----END >CERTIFICATE REQUEST-----\n","profile":"","crl_override":"","label":"","NotBefore":"0001->01-01T00:00:00Z","NotAfter":"0001-01-01T00:00:00Z","ReturnPrecert":false,"CAName":""}: >unexpected EOF
I'm using the hlf operator by hyperledger fabric on an aks cluster with application gateway + nginx ingress for the routing / externalDNS for name resolution within an Azure dns zone.
Here is my fabric-ca.yaml:
apiVersion: hlf.kungfusoftware.es/v1alpha1
kind: FabricCA
metadata:
creationTimestamp: null
name: org1-ca
namespace: fabric
spec:
affinity: null
ca:
affiliations: null
bccsp:
default: SW
sw:
hash: SHA2
security: "256"
ca: null
cfg:
affiliations:
allowRemove: true
identities:
allowRemove: true
crl:
expiry: 24h
csr:
ca:
expiry: 131400h
pathLength: 0
cn: ca
hosts:
- localhost
- org1-ca.domain.io
names:
- C: US
L: ""
O: Hyperledger
OU: North Carolina
ST: ""
intermediate:
parentServer:
caName: ""
url: ""
name: ca
registry:
identities:
- affiliation: ""
attrs:
hf.AffiliationMgr: true
hf.GenCRL: true
hf.IntermediateCA: true
hf.Registrar.Attributes: '*'
hf.Registrar.DelegateRoles: '*'
hf.Registrar.Roles: '*'
hf.Revoker: true
name: enroll
pass: enrollpw
type: client
max_enrollments: -1
signing: null
subject:
C: ES
L: Alicante
O: Kung Fu Software
OU: Tech
ST: Alicante
cn: ca
tlsCa: null
clrSizeLimit: 512000
cors:
enabled: false
origins: []
db:
datasource: fabric-ca-server.db
type: sqlite3
debug: false
env: null
hosts:
- localhost
- org1-ca
- org1-ca.fabric
- org1-ca.domain.io
image: hyperledger/fabric-ca
imagePullSecrets: null
istio:
metrics:
provider: prometheus
statsd:
address: 127.0.0.1:8125
network: udp
prefix: server
writeInterval: 10s
resources:
limits:
cpu: 300m
memory: 256Mi
requests:
cpu: 10m
memory: 128Mi
rootCA:
subject:
C: California
L: ""
O: Hyperledger
OU: Fabric
ST: ""
cn: ca
service:
type: ClusterIP
serviceMonitor: null
storage:
accessMode: ReadWriteOnce
size: 1Gi
storageClass: default
tlsCA:
affiliations: null
bccsp:
default: SW
sw:
hash: SHA2
security: "256"
ca: null
cfg:
affiliations:
allowRemove: true
identities:
allowRemove: true
crl:
expiry: 24h
csr:
ca:
expiry: 131400h
pathLength: 0
cn: tlsca
hosts:
- localhost
- org1-ca.domain.io
names:
- C: US
L: ""
O: Hyperledger
OU: North Carolina
ST: ""
intermediate:
parentServer:
caName: ""
url: ""
name: tlsca
registry:
identities:
- affiliation: ""
attrs:
hf.AffiliationMgr: true
hf.GenCRL: true
hf.IntermediateCA: true
hf.Registrar.Attributes: '*'
hf.Registrar.DelegateRoles: '*'
hf.Registrar.Roles: '*'
hf.Revoker: true
name: enroll
pass: enrollpw
type: client
max_enrollments: -1
signing: null
subject:
C: ES
L: Alicante
O: Kung Fu Software
OU: Tech
ST: Alicante
cn: tlsca
tlsCa: null
tolerations: null
version: 1.4.9
here is the command I'm passing to the operator to enroll the peer identity and create the MSP
kubectl hlf ca register --name=org1-ca --user=peer --secret=peerpw --type=peer --enroll-id=enroll --enroll-secret=enrollpw --mspid=Org1MSP --namespace=fabric --ca-url=org1-ca.domain.io
Any help would be greatly appreciated!!
Please check if you are able to do telnet over ca host. Looks like you are using some different host. I don't see your host in the CA Custom Resource. Please verify the configuration once.
I was setting up hyperledger caliper to test a fabcar network and got ECONNREFUFUSED error multiple times. It said that it failed to enroll admin.
I setup the test network using ./startFabric.sh javascript in fabcar repo of fabric-samples.
Then I used docker-compose to start caliper( used docker-compose up in caliper-benchmarks ).
This is the docker-compose file that I used:
version: '2'
services:
caliper:
container_name: caliper
image: hyperledger/caliper:0.3.2
command: launch master --caliper-flow-only-test --caliper-fabric-gateway-usegateway --caliper-fabric-gateway-discovery
environment:
- CALIPER_BIND_SUT=fabric:2.1.0
- CALIPER_BENCHCONFIG=benchmarks/samples/fabric/fabcar/config1.yaml
- CALIPER_NETWORKCONFIG=networks/fabric/network-config.yaml
volumes:
- ~/caliper-benchmarks:/hyperledger/caliper/workspace
networks:
- net_test
networks:
net_test:
external: "true"
This was my network-config.yaml file:
name: Fabric
version: "1.0"
mutual-tls: false
caliper:
blockchain: fabric
#command:
#start: export FABRIC_VERSION=2.1.0;export FABRIC_CA_VERSION=1.4.4;docker-compose -f networks/fabric/naman/docker-compose/2org1peercouchdb_solo_raft/docker-compose-tls.yaml up -d;sleep 3s
#end: docker-compose -f networks/fabric/naman/docker-compose/2org1peercouchdb_solo_raft/docker-compose-tls.yaml down;(test -z \"$(docker ps -aq)\") || docker rm $(docker ps -aq);(test -z \"$(docker images dev* -q)\") || docker rmi $(docker images dev* -q);rm -rf /tmp/hfc-*
info:
Version: 2.1.0
Size: 2 Orgs with 1 Peer
Orderer: Raft
Distribution: Single Host
StateDB: CouchDB
clients:
admin.Org1:
client:
organization: Org1
connection:
timeout:
peer:
endorser: 300
orderer: 300
#credentialStore:
#path: /tmp/hfc-kvs/org1
#cryptoStore:
#path: /tmp/hfc-cvs/org1
#clientPrivateKey:
#path: networks/fabric/naman/peerOrganizations/org1.example.com/users/User1#org1.example.com/msp/keystore/40fa9f923f527b11be8c05bb1a2d166a5c2cc43ee2d425b53cdb82836479206d_sk
#clientSignedCert:
#path: networks/fabric/naman/peerOrganizations/org1.example.com/users/User1#org1.example.com/msp/signcerts/cert.pem
admin.Org2:
client:
organization: Org2
connection:
timeout:
peer:
endorser: 300
orderer: 300
#credentialStore:
#path: /tmp/hfc-kvs/org2
#cryptoStore:
#path: /tmp/hfc-cvs/org2
#clientPrivateKey:
#path: networks/fabric/naman/peerOrganizations/org2.example.com/users/User1#org2.example.com/msp/keystore/cdc22e2ec274bf9d5ec0700b420c5e7423a2be73112f3bdc6565d7d45f9ae643_sk
#clientSignedCert:
#path: networks/fabric/naman/peerOrganizations/org2.example.com/users/User1#org2.example.com/msp/signcerts/cert.pem
User1:
client:
organization: Org1
connection:
timeout:
peer:
endorser: 300
orderer: 300
User2:
client:
organization: Org2
connection:
timeout:
peer:
endorser: 300
orderer: 300
wallet: networks/wallet
channels:
mychannel:
configBinary: networks/mychannel.tx
created: true
#definition:
#capabilities: []
#consortium: 'SampleConsortium'
#msps: ['Org1MSP', 'Org2MSP']
#version: 0
orderers:
- orderer.example.com
peers:
peer0.org1.example.com:
eventSource: true
peer0.org2.example.com:
eventSource: true
#peer1.org1.example.com:
#eventSource: true
#peer1.org2.example.com:
#eventSource: true
chaincodes:
#- id: marbles
# version: v0
#language: node
#path: src/fabric/naman/samples/marbles/node
#metadataPath: src/fabric/naman/samples/marbles/node/metadata
- id: fabcar_1
version: "1.0"
language: node
path: src/fabric/samples/fabcar/javascript1
organizations:
Org1:
mspid: Org1MSP
peers:
- peer0.org1.example.com
certificateAuthorities:
- ca.org1.example.com
adminPrivateKey:
path: networks/fabric/naman/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/5f63f8056561fdd7e62566d62d3f3fddeff12836e3151ec160ef228df008e56b_sk
signedCert:
path: networks/fabric/naman/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/signcerts/cert.pem
Org2:
mspid: Org2MSP
peers:
- peer0.org2.example.com
#- peer1.org2.example.com
certificateAuthorities:
- ca.org2.example.com
adminPrivateKey:
path: networks/fabric/naman/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/keystore/fc78c38deead140e8164625a839c44966371fcb17608362c2c78a506670bd290_sk
signedCert:
path: networks/fabric/naman/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/signcerts/cert.pem
orderers:
orderer.example.com:
url: grpcs://localhost:7050
grpcOptions:
ssl-target-name-override: orderer.example.com
tlsCACerts:
path: networks/fabric/naman/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peers:
peer0.org1.example.com:
url: grpcs://localhost:7051
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICJjCCAc2gAwIBAgIUOKOEL9yThPFiI22Rj2ehP2/8BpEwCgYIKoZIzj0EAwIw
cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQH
EwZEdXJoYW0xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMjAwNjMwMDcxNjAwWhcNMzUwNjI3MDcxNjAw
WjBwMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExDzANBgNV
BAcTBkR1cmhhbTEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMT
Y2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHeO
KBmJfaW5TmEVYDJPFUuibx8O+ju3qhHIXFbCnfjz91WnoIUhQXxtfs2Ajyr2ywWk
N9T15plIKgGBe5YZB6+jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
AQH/AgEBMB0GA1UdDgQWBBQYlGorkJ3HFJu/uGPNy753+gbMmDAKBggqhkjOPQQD
AgNHADBEAiAe2nP1fUp4UtqMqVEyd9yzMPNbMBjVA3pFtsw5AThu6AIgPF30jUUm
Ey2vOMKY6mmfZalsJIcyp6ysxPfDaMnq09I=
-----END CERTIFICATE-----
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
hostnameOverride: peer0.org1.example.com
peer0.org2.example.com:
url: grpcs://localhost:9051
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICHzCCAcWgAwIBAgIUGyDeO2bl0XWI29+/h+MNiybkdaowCgYIKoZIzj0EAwIw
bDELMAkGA1UEBhMCVUsxEjAQBgNVBAgTCUhhbXBzaGlyZTEQMA4GA1UEBxMHSHVy
c2xleTEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTAeFw0yMDA2MzAwNzE2MDBaFw0zNTA2MjcwNzE2MDBaMGwx
CzAJBgNVBAYTAlVLMRIwEAYDVQQIEwlIYW1wc2hpcmUxEDAOBgNVBAcTB0h1cnNs
ZXkxGTAXBgNVBAoTEG9yZzIuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2NhLm9yZzIu
ZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlkzwJM7JneAQo
VVrvGGJSzhIryum1oXjNEx01rlc0IawgRzMZdeD10kPIFc0xnTyfCwIJCoVNnS/B
cCuU/WvFo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
BgNVHQ4EFgQUG68pu74VjkUe6MxLutjnBKC0VvowCgYIKoZIzj0EAwIDSAAwRQIh
AKH17YHSHWrGSbwHMNt7TtnQo/IpKyr2P10jHKIVgEoKAiBNic1oFFzyO/xV74ju
8Al0TaGFj222ThdzyT3JrZyGqw==
-----END CERTIFICATE-----
grpcOptions:
ssl-target-name-override: peer0.org2.example.com
hostnameOverride: peer0.org2.example.com
certificateAuthorities:
ca.org1.example.com:
url: https://localhost:7054
caName: ca-org1
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICJjCCAc2gAwIBAgIUOKOEL9yThPFiI22Rj2ehP2/8BpEwCgYIKoZIzj0EAwIw
cDELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMQ8wDQYDVQQH
EwZEdXJoYW0xGTAXBgNVBAoTEG9yZzEuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2Nh
Lm9yZzEuZXhhbXBsZS5jb20wHhcNMjAwNjMwMDcxNjAwWhcNMzUwNjI3MDcxNjAw
WjBwMQswCQYDVQQGEwJVUzEXMBUGA1UECBMOTm9ydGggQ2Fyb2xpbmExDzANBgNV
BAcTBkR1cmhhbTEZMBcGA1UEChMQb3JnMS5leGFtcGxlLmNvbTEcMBoGA1UEAxMT
Y2Eub3JnMS5leGFtcGxlLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHeO
KBmJfaW5TmEVYDJPFUuibx8O+ju3qhHIXFbCnfjz91WnoIUhQXxtfs2Ajyr2ywWk
N9T15plIKgGBe5YZB6+jRTBDMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAG
AQH/AgEBMB0GA1UdDgQWBBQYlGorkJ3HFJu/uGPNy753+gbMmDAKBggqhkjOPQQD
AgNHADBEAiAe2nP1fUp4UtqMqVEyd9yzMPNbMBjVA3pFtsw5AThu6AIgPF30jUUm
Ey2vOMKY6mmfZalsJIcyp6ysxPfDaMnq09I=
-----END CERTIFICATE-----
httpOptions:
verify: false
registrar:
- enrollId: admin
enrollSecret: adminpw
ca.org2.example.com:
url: https://localhost:8054
caName: ca-org2
tlsCACerts:
pem: |
-----BEGIN CERTIFICATE-----
MIICHzCCAcWgAwIBAgIUGyDeO2bl0XWI29+/h+MNiybkdaowCgYIKoZIzj0EAwIw
bDELMAkGA1UEBhMCVUsxEjAQBgNVBAgTCUhhbXBzaGlyZTEQMA4GA1UEBxMHSHVy
c2xleTEZMBcGA1UEChMQb3JnMi5leGFtcGxlLmNvbTEcMBoGA1UEAxMTY2Eub3Jn
Mi5leGFtcGxlLmNvbTAeFw0yMDA2MzAwNzE2MDBaFw0zNTA2MjcwNzE2MDBaMGwx
CzAJBgNVBAYTAlVLMRIwEAYDVQQIEwlIYW1wc2hpcmUxEDAOBgNVBAcTB0h1cnNs
ZXkxGTAXBgNVBAoTEG9yZzIuZXhhbXBsZS5jb20xHDAaBgNVBAMTE2NhLm9yZzIu
ZXhhbXBsZS5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlkzwJM7JneAQo
VVrvGGJSzhIryum1oXjNEx01rlc0IawgRzMZdeD10kPIFc0xnTyfCwIJCoVNnS/B
cCuU/WvFo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAd
BgNVHQ4EFgQUG68pu74VjkUe6MxLutjnBKC0VvowCgYIKoZIzj0EAwIDSAAwRQIh
AKH17YHSHWrGSbwHMNt7TtnQo/IpKyr2P10jHKIVgEoKAiBNic1oFFzyO/xV74ju
8Al0TaGFj222ThdzyT3JrZyGqw==
-----END CERTIFICATE-----
httpOptions:
verify: false
registrar:
- enrollId: admin
enrollSecret: adminpw
This is the benchmark-config file used:
---
test:
workers:
type: local
number: 1
rounds:
- label: Query all cars.
txDuration: 30
rateControl:
type: fixed-backlog
opts:
unfinished_per_client: 5
arguments:
assets: 10
startKey: '1'
endKey: '50'
callback: benchmarks/samples/fabric/fabcar/queryAllCars.js
- label: Query a car.
txDuration: 30
rateControl:
type: fixed-backlog
opts:
unfinished_per_client: 5
arguments:
assets: 10
callback: benchmarks/samples/fabric/fabcar/queryCar.js
- label: Create a car.
txDuration: 30
rateControl:
type: fixed-backlog
opts:
unfinished_per_client: 5
callback: benchmarks/samples/fabric/fabcar/createCar.js
monitor:
type:
- docker
docker:
name:
- all
interval: 1
This is the error I was getting:
aliper | 2020-06-26T14:15:31.749Z - error: [FabricCAClientService.js]: Failed to enroll admin, error:%o message=Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054], stack=Error: Calling enrollment endpoint failed with error [Error: connect ECONNREFUSED 127.0.0.1:7054]
caliper | at ClientRequest.request.on (/home/node/.npm-global/lib/node_modules/fabric-ca-client/lib/FabricCAClient.js:484:12)
caliper | at ClientRequest.emit (events.js:198:13)
caliper | at TLSSocket.socketErrorListener (_http_client.js:392:9)
caliper | at TLSSocket.emit (events.js:198:13)
caliper | at emitErrorNT (internal/streams/destroy.js:91:8)
caliper | at emitErrorAndCloseNT (internal/streams/destroy.js:59:3)
caliper | at process._tickCallback (internal/process/next_tick.js:63:19)
I was using fabric 2.1.0 and caliper 0.3.2. I specified net-test in docker-compose to make sure caliper container is in the same network as fabric.
Can someone please help?
I am using the hyperledger fabric network using the basic network from fabric sample. Basic network consist of one orderer and one peer. I have install the fab car chain code in network and join the channel.Please suggest me how to add Endorsement policy to chaincode, Below are command i used to initiate the chain code
1. peer chaincode install -n fabcar -p github.com/ -v 1.1
2. peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -c '{"Args":[]}' -n fabcar -v 1.1 -P "OR('Org1MSP.peer','Org1MSP.admin','Org1MSP.member')"
I am using the fabric sdk for query the fabcar it works well. But if i try to invoke chaincode its give me error stating
Failed to submit transaction: Error: No endorsement plan available for {"chaincodes":[{"name":"fabcar"}]}
config Tx
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererOrg
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/example.com/msp
- &Org1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: Org1MSP
# ID to load the MSP definition as
ID: Org1MSP
MSPDir: crypto-config/peerOrganizations/org1.example.com/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.org1.example.com
Port: 7051
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.example.com:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 99 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
Profiles:
OneOrgOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
OneOrgChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
crypto-config
OrdererOrgs:
# ---------------------------------------------------------------------------
# Orderer
# ---------------------------------------------------------------------------
- Name: Orderer
Domain: example.com
# ---------------------------------------------------------------------------
# "Specs" - See PeerOrgs below for complete description
# ---------------------------------------------------------------------------
Specs:
- Hostname: orderer
PeerOrgs:
# ---------------------------------------------------------------------------
# Org1
# ---------------------------------------------------------------------------
- Name: Org1
Domain: org1.example.com
Template:
Count: 1
Users:
Count: 1
Invoke function
async function Invoke(userwallet,usename,channelName,chaincodeName) {
try {
// Create a new file system based wallet for managing identities.
const walletPath = path.join(process.cwd(), 'wallet');
const wallet = new FileSystemWallet(walletPath);
console.log(`Wallet path: ${walletPath}`);
// Check to see if we've already enrolled the user.
const userExists = await wallet.exists(userwallet);
if (!userExists) {
console.log('An identity for the user "user1" does not exist in the wallet');
console.log('Run the registerUser.js application before retrying');
return;
}
// Create a new gateway for connecting to our peer node.
const gateway = new Gateway();
await gateway.connect(ccp, { wallet, identity: usename, discovery: { enabled: true, asLocalhost: true} });
// Get the network (channel) our contract is deployed to.
const network = await gateway.getNetwork(channelName);
// Get the contract from the network.
const contract = network.getContract(chaincodeName);
// Submit the specified transaction.
// createCar transaction - requires 5 argument, ex: ('createCar', 'CAR12', 'Honda', 'Accord', 'Black', 'Tom')
// changeCarOwner transaction - requires 2 args , ex: ('changeCarOwner', 'CAR10', 'Dave')
await contract.submitTransaction('createCar','CAR12', 'Honda', 'Accord', 'Black', 'Tom');
//await contract.submitTransaction('changeCarOwner', 'CAR10', 'Dave');
console.log('Transaction has been submitted');
// Disconnect from the gateway.
await gateway.disconnect();
} catch (error) {
console.error(`Failed to submit transaction: ${error}`);
process.exit(1);
}
}
module.exports.Invoke = Invoke
It is weird, Let's do some trial and error
Try to make changes in the below snippet. This removes the policy do not worry a default policy will be applicable
peer chaincode instantiate -o orderer.example.com:7050 -C mychannel -c '{"Args":[]}' -n fabcar -v 1.1
Background:
I have modified the first-network files (to a network with 2 Orgs and 1 peer in each of them) and installed my own chaincode on it. Additionally I have made a connection.yaml file to interact with the network.
Problem:
But when I try to get the network channel & establish the gateway from nodeSDK, I encounter this error:
error: [Network]: _initializeInternalChannel: Unable to initialize
channel. Attempted to contact 2 Peers. Last error was Error: 2
UNKNOWN: Stream removed
Failed to evaluate transaction: Error: Unable to initialize channel.
Attempted to contact 2 Peers. Last error was Error: 2 UNKNOWN: Stream
removed
Below you can find the code on my client side. The error probably arises when gateway.getNetwork('mychannel') is executed.
let connectionProfile = yaml.safeLoad(fs.readFileSync('./connection.yaml', 'utf8'));
// Create a new gateway for connecting to our peer node.
const gateway = new Gateway();
await gateway.connect(connectionProfile, { wallet, identity: 'user1', discovery: { enabled: false } });
// Get the network (channel) our contract is deployed to.
const network = await gateway.getNetwork('mychannel');
// Get the contract from the network.
const contract = network.getContract('bankpeerContract');
var result = await contract.evaluateTransaction('queryAllStamps');
This is my connection.yaml file:
---
name: mychannel.firstnetwork.connectionprofile
x-type: "hlfv1"
description: "BankPeerContract methods will be used through this profile"
version: "1.0"
channels:
mychannel:
orderers:
- orderer.example.com
peers:
peer0.org1.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
peer0.org2.example.com:
endorsingPeer: true
chaincodeQuery: true
ledgerQuery: true
eventSource: true
organizations:
Org1:
mspid: Org1MSP
peers:
- peer0.org1.example.com
certificateAuthorities:
- certificate-authority-org1
adminPrivateKey:
path: ../first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/keystore/63145b12cd86abb07b6b5797c5e9506faa8f799e81d3c71d11a6a60840e3b6ae_sk
signedCert:
path: ../first-network/crypto-config/peerOrganizations/org1.example.com/users/Admin#org1.example.com/msp/signcerts/Admin#org1.example.com-cert.pem
Org2:
mspid: Org2MSP
peers:
- peer0.org2.example.com
certificateAuthorities:
- certificate-authority-org2
adminPrivateKey:
path: ../first-network/crypto-config/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/keystore/4d9b19fdcce70620b45760f5d62c7c877200ab38553b7a8b85245b04ca0e8bdd_sk
signedCert:
path: ../first-network/crypto-config/peerOrganizations/org2.example.com/users/Admin#org2.example.com/msp/signcerts/Admin#org2.example.com-cert.pem
orderers:
orderer.example.com:
url: grpc://localhost:7050
grpcOptions:
ssl-target-name-override: orderer.example.com
tlsCACerts:
path: ../first-network/crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
peers:
peer0.org1.example.com:
url: grpc://localhost:7051
grpcOptions:
ssl-target-name-override: peer0.org1.example.com
request-timeout: 120001
tlsCACerts:
path: ../first-network/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/msp/tlscacerts/tlsca.org1.example.com-cert.pem
peer0.org2.example.com:
url: grpc://localhost:9051
grpcOptions:
ssl-target-name-override: peer0.org2.example.com
request-timeout: 120001
tlsCACerts:
path: ../first-network/crypto-config/peerOrganizations/org2.example.com/peers/peer0.org2.example.com/msp/tlscacerts/tlsca.org2.example.com-cert.pem
certificateAuthorities:
ca-org1:
url: http://localhost:7054
httpOptions:
verify: false
tlsCACerts:
path: ../first-network/crypto-config/peerOrganizations/org1.example.com/ca/ca.org1.example.com-cert.pem
registrar:
- enrollId: admin
enrollSecret: adminpw
caName: certificate-authority-org1
ca-org2:
url: http://localhost:8054
httpOptions:
verify: false
tlsCACerts:
path: ../first-network/crypto-config/peerOrganizations/org2.example.com/ca/ca.org2.example.com-cert.pem
registrar:
- enrollId: admin
enrollSecret: adminpw
caName: certificate-authority-org2
I have been unable to figure out whether there is some problem with connection.yaml file or there is something wrong within the network.
BYFN/EFYN enable TLS on all of the Fabric nodes (peers, orderers, certificate authorities) to secure communications. Your connection profile has "grpc://" and "http://" URLs - these should be changed to "grpcs://" and "https://". It looks like the TLS CA certificates are correct.
I want to connect to fabric using fabric-sdk-go,I query the chaincode,and it is correct,but when I invoke the chaincode,it is wrong.the logs blow:
```
$ go run main.go
100
Failed to invoke: CreateAndSendTransaction failed: SendTransaction failed: calling orderer 'orderer0.1530081632652.svc.cluster.local:32567' failed: Orderer Client Status Code: (2) CONNECTION_FAILED. Description: dialing connection timed out [orderer0.1530081632652.svc.cluster.local:32567]
```
I try change orderer0.1530081632652.svc.cluster.local to 9.115.76.16,but it is also the same problem.
blow is my congig.yaml about orderer:
```
orderers:
orderer0.1530081632652.svc.cluster.local:
url: orderer0.1530081632652.svc.cluster.local:32567
# these are standard properties defined by the gRPC library
# they will be passed in as-is to gRPC client constructor
grpcOptions:
ssl-target-name-override: orderer0.1530081632652.svc.cluster.local
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 20s
keep-alive-timeout: 400s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: /Users/zhangyulong/Documents/gopath/src/github.com/hyperledger/DevOps/crypto-config/ordererOrganizations/1530081632652.svc.cluster.local/tlsca/tlsca.1530081632652.svc.cluster.local-cert.pem
```
and
```
orderer:
- pattern: (\w*)orderer0.1530081632652.svc.cluster.local(\w*)
urlSubstitutionExp: orderer0.1530081632652.svc.cluster.local:32567
sslTargetOverrideUrlSubstitutionExp: orderer0.1530081632652.svc.cluster.local
mappedHost: orderer0.1530081632652.svc.cluster.local
```
my main.go about invoke is :
```
package main
import (
"fmt"
"github.com/hyperledger/fabric-sdk-go/pkg/client/channel"
"github.com/hyperledger/fabric-sdk-go/pkg/core/config"
"github.com/hyperledger/fabric-sdk-go/pkg/fabsdk"
)
const (
channelID = "devopschannel"
orgName = "org1"
orgAdmin = "Admin"
ordererOrgName = "Orderer"
ccID = "devopschannel-example_cc2"
)
func main() {
configPath := "./config1.yaml"
configOpt := config.FromFile(configPath)
sdk, err := fabsdk.New(configOpt)
if err != nil {
fmt.Println("Failed to create new SDK: %s", err)
}
defer sdk.Close()
org1ChannelClientContext := sdk.ChannelContext(channelID, fabsdk.WithUser("Admin"), fabsdk.WithOrg("Org1"))
channelClient, err := channel.New(org1ChannelClientContext)
if err != nil {
fmt.Printf("Failed to create new channel client: %s\n", err)
}
var args = [][]byte{[]byte("query"),
[]byte("a"),
}
res, err := channelClient.Query(channel.Request{
ChaincodeID: ccID,
Fcn: "invoke",
Args: args,
})
if err != nil {
fmt.Printf("Failed to query: %s\n", err)
}
fmt.Println(string(res.Payload))
// eventID := ".*"
// // // Register chaincode event (pass in channel which receives event details when the event is complete)
// reg, notifier, err := channelClient.RegisterChaincodeEvent(ccID, eventID)
// if err != nil {
// fmt.Printf("Failed to register cc event: %s", err)
// }
// defer channelClient.UnregisterChaincodeEvent(reg)
res, err = channelClient.Execute(channel.Request{
ChaincodeID: ccID,
Fcn: "invoke",
Args: [][]byte{
[]byte("move"),
[]byte("a"),
[]byte("b"),
[]byte("100"),
},
})
if err != nil {
fmt.Printf("Failed to invoke: %s\n", err)
}
fmt.Println(string(res.Payload))
// select {
// case ccEvent := <-notifier:
// log.Printf("Received CC event: %#v\n", ccEvent)
// case <-time.After(time.Second * 20):
// log.Printf("Did NOT receive CC event for eventId(%s)\n", eventID)
// }
}
```
Your need to put the IP of the orderer in the config.yaml (orderer0.1530081632652.svc.cluster.local is unknown):
orderers:
orderer0.1530081632652.svc.cluster.local:
url: 9.115.76.16:32567
# these are standard properties defined by the gRPC library
# they will be passed in as-is to gRPC client constructor
grpcOptions:
ssl-target-name-override: orderer0.1530081632652.svc.cluster.local
# These parameters should be set in coordination with the keepalive policy on the server,
# as incompatible settings can result in closing of connection.
# When duration of the 'keep-alive-time' is set to 0 or less the keep alive client parameters are disabled
keep-alive-time: 20s
keep-alive-timeout: 400s
keep-alive-permit: false
fail-fast: false
# allow-insecure will be taken into consideration if address has no protocol defined, if true then grpc or else grpcs
allow-insecure: false
tlsCACerts:
# Certificate location absolute path
path: /Users/zhangyulong/Documents/gopath/src/github.com/hyperledger/DevOps/crypto-config/ordererOrganizations/1530081632652.svc.cluster.local/tlsca/tlsca.1530081632652.svc.cluster.local-cert.pem
And override the hostname in the configuration too, like that:
orderer:
- pattern: (\w*)orderer0.1530081632652.svc.cluster.local(\w*)
urlSubstitutionExp: 9.115.76.16:32567
sslTargetOverrideUrlSubstitutionExp: orderer0.1530081632652.svc.cluster.local
mappedHost: orderer0.1530081632652.svc.cluster.local