Hyperledger fabric customising orderers for channel - hyperledger-fabric

I have existing hyperledger fabric setup with 2 organisations, 5 orderers and 1 channel, I want to create a new channel and want to make only 3 orderers (out of 5) as part of the new channel, for that I have mentioned the orderer details on channel profile section as follow:
NewChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer3.example.com
Port: 13050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 14050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
- Host: orderer5.example.com
Port: 15050
ClientTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
ServerTLSCert: ../organizations/ordererOrganizations/example.com/orderers/orderer5.example.com/tls/server.crt
Addresses:
- orderer3.example.com:13050
- orderer4.example.com:14050
- orderer5.example.com:15050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
I have created channel transaction file without any issue by using -channelCreateTxBaseProfile argument but while creating the channel I'm getting following error:
Error: got unexpected status: BAD_REQUEST -- error validating channel
creation transaction for new channel 'channel11', could not
successfully apply update to template configuration: error authorizing
update: error validating DeltaSet: policy for [Value]
/Channel/OrdererAddresses not satisfied: implicit policy evaluation
failed - 0 sub-policies were satisfied, but this policy requires 1 of
the 'Admins' sub-policies to be satisfied
I'm not able to identify the exact issue with policy, can any one advise about the issue and how to resolve it.

try to use orderer admin msp instead of peer admin msp
when you update channel config ,set env like these :
export CORE_PEER_LOCALMSPID="OrdererMSP"
export CORE_PEER_TLS_ROOTCERT_FILE=${PROJECT_PATH}/crypto-config/peerOrganizations/org1.example.com/peers/peer0.org1.example.com/tls/ca.crt
export CORE_PEER_MSPCONFIGPATH=${PROJECT_PATH}/crypto-config/ordererOrganizations/example.com/users/Admin#example.com/msp
export CORE_PEER_ADDRESS=peer0.org1.example.com:7051

Related

Setting a subset of orderers for RAFT application channel

I am trying to create an application channel using first-network from fabric-samples.
I am creating the deployment to run 4 ordering nodes running in RAFT cluster. The following is the profile section used for creating Orderer Genesis Block in the configtx.yaml file.
SampleMultiNodeEtcdRaft
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 8050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 9050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
- Host: orderer4.example.com
Port: 10050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer4.example.com/tls/server.crt
Addresses:
- orderer.example.com:7050
- orderer2.example.com:8050
- orderer3.example.com:9050
- orderer4.example.com:10050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
Now I want to create an application channel which will only have 3 ordering nodes (out of the given 4): orderer, orderer2, orderer3. So I set the profile section for application channel as follows (in the configtx.yaml file):
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: orderer.example.com
Port: 7050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer.example.com/tls/server.crt
- Host: orderer2.example.com
Port: 8050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer2.example.com/tls/server.crt
- Host: orderer3.example.com
Port: 9050
ClientTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
ServerTLSCert: crypto-config/ordererOrganizations/example.com/orderers/orderer3.example.com/tls/server.crt
Addresses:
- orderer.example.com:7050
- orderer2.example.com:8050
- orderer3.example.com:9050
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
I am using the default byfn.sh script to bring up the network.
But still when I try to fetch the application channel configuration block from the cli container using orderer4 envrionment, I am successfully able to do it and on decoding it to JSON file, I can see that all 4 orderers are part of the application channel's consenters section as well as every orderer's address is present in the orderer addresses section.
So, why is the application channel not starting with only first 3 orderers despite giving only those as the consenters?
The channel creation command must have -channelCreateTxBaseProfile argument in it and the value for the argument would be the orderer genesis profile name (here SampleMultiNodeEtcdRaft).
Also, the identity trying to execute the peer channel create command must satisfy the following ACL: /Channel/Orderer/ConsensusType (which is by default set to the following policy: /Channel/Application/Admins).

How to have a consortium with 1 organization in a network with two organizations?

I am setting up a server composed of two organizations (3 later), as shown in the following link : https://hyperledger-fabric.readthedocs.io/en/release-1.4/network/network.html
However, the consortium must not contain the two organizations (Org1 and Org2) but only organization 1 (Org1) as shown in this image: https://imgur.com/a/gcBcINq
In my configtx.yaml file, I set the SampleConsortium value as a follow:
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
# - *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
- *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities
So I define a consortium with a single organization: Org2.
However, when instantiating my channel with the line of code
peer channel create -o orderer.example.com:7050 -c $CHANNEL_NAME -f./channel-artifacts/channel.tx --tls --cafile /opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example. com-cert.pem
The screen displays an error telling me: Error: got unexpected status: BAD_REQUEST -- Attempted to include a member which is not in the consortium
Do you have an idea to generate my channel by having only one organization in my consortium?
Thank you very much in advance for your answers :)
PS : This is my first project with hyperledger fabric, so I am still "new" with this technology. However, it seems to me that there is no indication that a consortium should not have at least 2 organizations.
You have to comment Org2 from TwoOrgsChannel profile. then you will be able to create my channel once this is done you can add Org2 by updating the channel config for further details you can refer read the docs https://hyperledger-fabric.readthedocs.io/en/release-1.4/channel_update_tutorial.html
Thank you very much, your solution worked. However, I can only add the Org1 Organization in my channel. If I comment on the Org2 line, an error
Error: got unexpected status: BAD_REQUEST -- error validating channel creation transaction for new channel 'mychannel', could not succesfully apply update to template configuration: error authorizing update: error validating DeltaSet: policy for [Group] /Channel/Application not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied
While my configtx.yaml file looks like this:
Profiles:
TwoOrgsOrdererGenesis:
<<: *ChannelDefaults
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2
TwoOrgsChannel:
Consortium: SampleConsortium
<<: *ChannelDefaults
Application:
<<: *ApplicationDefaults
Organizations:
# - *Org1
- *Org2
Capabilities:
<<: *ApplicationCapabilities

how to add raft instead of kafka in hyperledger fabric?

How to add raft instead of kafka in hyperledger fabric altoros fabric-supply-chain project ?
here's my configtxtemplate-OneOrg-orderer.yaml file
---
################################################################################
#
# Profile
#
# - Different configuration profiles may be encoded here to be specified
# as parameters to the configtxgen tool
#
################################################################################
Profiles:
OrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *ORG1
common:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ORG1
CHANNEL_NAME:
Consortium: SampleConsortium
Application:
Organizations:
- *ORG1
################################################################################
#
# Section: Organizations
#
# - This section defines the different organizational identities which will
# be referenced later in the configuration.
#
################################################################################
Organizations:
# SampleOrg defines an MSP using the sampleconfig. It should never be used
# in production but may be used as a template for other definitions
- &OrdererOrg
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: OrdererMSP
# ID to load the MSP definition as
ID: OrdererMSP
# MSPDir is the filesystem path which contains the MSP configuration
MSPDir: crypto-config/ordererOrganizations/DOMAIN/msp
- &ORG1
# DefaultOrg defines the organization which is used in the sampleconfig
# of the fabric.git development environment
Name: ORG1MSP
# ID to load the MSP definition as
ID: ORG1MSP
MSPDir: crypto-config/peerOrganizations/ORG1.DOMAIN/msp
AnchorPeers:
# AnchorPeers defines the location of peers which can be used
# for cross org gossip communication. Note, this value is only
# encoded in the genesis block in the Application section context
- Host: peer0.ORG1.DOMAIN
Port: 7051
################################################################################
#
# SECTION: Orderer
#
# - This section defines the values to encode into a config transaction or
# genesis block for orderer related parameters
#
################################################################################
Orderer: &OrdererDefaults
# Orderer Type: The orderer implementation to start
# Available types are "solo" and "kafka"
OrdererType: solo
Addresses:
- orderer.DOMAIN:7050
# Batch Timeout: The amount of time to wait before creating a batch
BatchTimeout: 2s
# Batch Size: Controls the number of messages batched into a block
BatchSize:
# Max Message Count: The maximum number of messages to permit in a batch
MaxMessageCount: 10
# Absolute Max Bytes: The absolute maximum number of bytes allowed for
# the serialized messages in a batch.
AbsoluteMaxBytes: 98 MB
# Preferred Max Bytes: The preferred maximum number of bytes allowed for
# the serialized messages in a batch. A message larger than the preferred
# max bytes will result in a batch larger than preferred max bytes.
PreferredMaxBytes: 512 KB
Kafka:
# Brokers: A list of Kafka brokers to which the orderer connects
# NOTE: Use IP:port notation
Brokers:
- 127.0.0.1:9092
# Organizations is the list of orgs which are defined as participants on
# the orderer side of the network
Organizations:
################################################################################
#
# SECTION: Application
#
# - This section defines the values to encode into a config transaction or
# genesis block for application related parameters
#
################################################################################
Application: &ApplicationDefaults
# Organizations is the list of orgs which are defined as participants on
# the application side of the network
Organizations:
Can you please check where I'm going wrong and in which files i have to make changes.
I went through the docs of raft but i couldn't understand it well and there is no good source or tutorial that i could go through. If you know any good source or example then please help.
I see the hyperledger fabric community is not as strong as bitcoin or ethereum like blockchains. I am facing lot of trouble to build an application on it. I would request you to help me from where i can learn the best.
You can read in documentation for more details and explanations, while key concepts are:
In order to work with Raft you need to configure your ordering service to work with TLS.
Change orderer type to be
OrdererType: etcdraft
You need to setup your concenters set (Raft replicas) by adding into configuration following section:
Consenters:
- Host: raft0.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert0
ServerTLSCert: path/to/ServerTLSCert0
- Host: raft1.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert1
ServerTLSCert: path/to/ServerTLSCert1
- Host: raft2.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert2
ServerTLSCert: path/to/ServerTLSCert2
where you provide configuration to setup your cluster including TLS certificates for your concenters.
For example profile for Raft might look as following, SampleDevModeEtcdRaft profile:
SampleDevModeEtcdRaft:
<<: *ChannelDefaults
Capabilities:
<<: *ChannelCapabilities
Orderer:
<<: *OrdererDefaults
OrdererType: etcdraft
EtcdRaft:
Consenters:
- Host: raft0.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert0
ServerTLSCert: path/to/ServerTLSCert0
- Host: raft1.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert1
ServerTLSCert: path/to/ServerTLSCert1
- Host: raft2.example.com
Port: 7050
ClientTLSCert: path/to/ClientTLSCert2
ServerTLSCert: path/to/ServerTLSCert2
Organizations:
- *OrdererOrg
Capabilities:
<<: *OrdererCapabilities
Application:
<<: *ApplicationDefaults
Organizations:
- <<: *OrdererOrg
Consortiums:
SampleConsortium:
Organizations:
- *Org1
- *Org2

Hyperledger fabric's ChannelCreationPolicy

I am struggling so hard to write policy for creating channel (ChannelCreationPolicy) here is my configtx.yaml
---
Organizations:
- &OrdererOrg
Name: OrdererOrg
ID: OrdererMSP
MSPDir: ../crypto-config/ordererOrganizations/orderer-org/msp
- &ShopOrg
Name: ShopOrgMSP
ID: ShopOrgMSP
MSPDir: ../crypto-config/peerOrganizations/shop-org/msp
AnchorPeers:
- Host: shop-peer-0
Port: 7051
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer0:7050
BatchTimeout: 2s
BatchSize:
MaxMessageCount: 10
AbsoluteMaxBytes: 99 MB
PreferredMaxBytes: 512 KB
Organizations:
Application: &ApplicationDefaults
Organizations:
Profiles:
TwoOrgGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrg
Consortiums:
InsuranceConsortium:
# ChannelCreationPolicy:
# Admins:
# Type: Signature
# Rule: "OR('ShopOrgMSP.admin')"
Organizations:
- *ShopOrg
TwoOrgChannel:
Consortium: InsuranceConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *ShopOrg
I tried to put ChannelCreationPolicy block above in the commented area but it says : 'Profiles[TwoOrgGenesis].Consortiums[InsuranceConsortium]' has invalid keys: ChannelCreationPolicy
I can't find place for ChannelCreationPolicy inside that .yaml. So how can I write policy so that, for example, only ShopOrgMSP admins could create channel?
Looking at the source for configtxgen, it doesn't look like channel creation policies are supported by the tool. You would need to submit this change as a config update transaction.
Unfortunately, this is a highly non-trivial process, but at least there is an example (for adding an org to a channel) here.

Error on generating genesis.block and channel.tx in sequence using separate configtx.yaml files

Error from docker logs: Existing config does not contain element for [Groups] /Channel/Application
The configtx.yaml for generating genesis.block
Profiles:
OrgsOrdererGenesis:
Orderer:
<<: *OrdererDefaults
Organizations:
- *OrdererOrgs
Consortiums:
SampleConsortium:
Organizations:
Organizations:
- &OrdererOrgs
Name: orderer0
ID: orderer0
MSPDir: crypto-config/ordererOrganizations/test.com/msp
AdminPrincipal: Role.Admin
Orderer: &OrdererDefaults
OrdererType: solo
Addresses:
- orderer0:7050
BatchTimeout: 2s
MaxChannels: 0
Application: &ApplicationDefaults
Organizations:
The configtx.yaml for generating channel.tx
Profiles:
OrgsChannel:
Consortium: SampleConsortium
Application:
<<: *ApplicationDefaults
Organizations:
- *org
Organizations:
- &org
Name: org
ID: org
MSPDir: crypto-config/peerOrganizations/org.org.com/msp
AdminPrincipal: Role.Admin
AnchorPeers:
- Host: peer0
Port: 7051
Application: &ApplicationDefaults
Organizations:
Is this a valid scenario where we can generate genesis.block first [without specifying organization details] and then finally creating channel.tx by specifying org details?

Resources